Swift Insights
Over 8,000 Exploit Attempts Already Blocked For Recently Patched Unauthenticated Arbitrary File Upload Vulnerability in 简数采集器 (Keydatas) WordPress Plugin
On June 18th, 2024, during the 0-day Threat Hunt Promo of our Bug Bounty Program, we received a submission for an Unauthenticated Arbitrary File Upload vulnerability in 简数采集器 (Keydatas), a WordPress plugin with more than 5,000 active installations. This vulnerability...
Empowering WordPress Bug Bounty Hunters: Meet the New Wordfence Bug Bounty Program Researcher Dashboard
Today, we are very excited to announce the launch of our brand-new researcher dashboard for the Wordfence Bug Bounty Program! One frequent request we received from our researchers was to have a way to manage and track all their vulnerability submissions in a single...
The Aftermath of the WordPress.org Supply Chain Attack: New Malware and Techniques Emerge
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin. After adding the malicious code to our Threat Intelligence Database and examining it, we discovered additional affected...
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 15, 2024 to July 21, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to...
10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 8, 2024 to July 14, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to...
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 1, 2024 to July 7, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to...
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 24, 2024 to June 30, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to...
WordPress Security Research: A Beginner’s Series
Learn How To Find WordPress Vulnerabilities Step-by-Step Welcome to the inaugural post of our WordPress Security Research Beginner’s Series! With the success of the Wordfence Bug Bounty Program, we wanted to provide emerging vulnerability researchers, and experienced...
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
On June 24th, 2024, we became aware of a supply chain attack targeting multiple WordPress plugins hosted on WordPress.org. An attacker was able to successfully compromise five WordPress.org accounts, where the developers were utilizing credentials previously found in...