Last week, there were 74 vulnerabilities disclosed in 67 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41 Vulnerability Researchers that contributed to WordPress Security last week. Review those… Continue Reading →
On June 10th, 2025, we received a submission for a Remote Code Execution vulnerability in Sneeit Framework, a WordPress plugin with an estimated 1,700 active installations. The plugin is bundled in multiple premium themes. This vulnerability can be leveraged to… Continue Reading →
In this report, 106 vulnerabilities have been publicly disclosed. Security patches for 65 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool… Continue Reading →
On November 18th, 2025, we received a submission for an unauthenticated Remote Code Execution vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000 active installations. This vulnerability can be leveraged to execute code remotely. Props to… Continue Reading →
On July 24th, 2025, we received a submission for a Privilege Escalation vulnerability in King Addons for Elementor, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative… Continue Reading →
Last week, there were 140 vulnerabilities disclosed in 129 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 58 Vulnerability Researchers that contributed to WordPress Security last week. Review those… Continue Reading →
In this report, 164 vulnerabilities have been publicly disclosed. Security patches for 89 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool… Continue Reading →
Last month in October 2025, the Wordfence Bug Bounty Program received 486 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by… Continue Reading →
Most WordPress site owners believe they are protected. They install a trusted security plugin like Solid Security, keep it updated, and assume that is enough. But recent research from WeWatchYourWebsite.com paints a different picture. In September 2025, the company analyzed… Continue Reading →
On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view… Continue Reading →
In this report, 149 vulnerabilities have been publicly disclosed. Security patches for 67 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool… Continue Reading →
In this report, 199 vulnerabilities have been publicly disclosed. Security patches for 104 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool… Continue Reading →
In this report, 108 vulnerabilities have been publicly disclosed. Security patches for 77 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool… Continue Reading →
100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in AI Engine WordPress Plugin
On October 4th, 2025, we received a submission for a Sensitive Information Exposure vulnerability in AI Engine, a WordPress plugin with more than 100,000 active installations. This vulnerability can be exploited by unauthenticated attackers to extract the bearer token and… Continue Reading →
On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view… Continue Reading →
On September 25th, 2025, we received a submission for a Privilege Escalation vulnerability in WP Freeio, a WordPress plugin bundled in the Freeio premium theme with more than 1,700 sales. This vulnerability makes it possible for an unauthenticated attacker to… Continue Reading →
The Wordfence Threat Intelligence Team recently discovered a sophisticated malware campaign targeting WordPress e-commerce sites, specifically those using the WooCommerce plugin. This malware exhibits advanced features including custom encryption methods, fake images used to conceal malicious payloads, a robust persistence… Continue Reading →
In this report, 118 vulnerabilities have been publicly disclosed. Security patches for 66 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool… Continue Reading →
On October 3rd, 2025, we received a submission for an Arbitrary File Read vulnerability in Anti-Malware Security and Brute-Force Firewall, a WordPress plugin with more than 100,000 active installations. This vulnerability makes it possible for an authenticated attacker, with subscriber-level… Continue Reading →
In this report, 139 vulnerabilities have been publicly disclosed. Security patches for 87 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool… Continue Reading →
Last month in September 2025, the Wordfence Bug Bounty Program received 374 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by… Continue Reading →
In this report, 64 vulnerabilities have been publicly disclosed. Security patches for 46 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool… Continue Reading →
In this report, 99 vulnerabilities have been publicly disclosed. Security patches for 32 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool… Continue Reading →
In this report, 476 vulnerabilities have been publicly disclosed. Security patches for 136 vulnerabilities in WordPress Core, plugins, and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version… Continue Reading →
In this report, 354 vulnerabilities have been publicly disclosed. Security patches for 89 of these plugins and themes are now available, so please run those updates as soon as possible. If you’re a Solid Security Pro user, the version management… Continue Reading →
Last month in August 2025, the Wordfence Bug Bounty Program received 438 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by… Continue Reading →
In this report, 199 vulnerabilities have been publicly disclosed. Security patches for 50 of these plugins and themes are now available, so please run those updates as soon as possible. If you’re a Solid Security Pro user, the version management… Continue Reading →
In this report, 297 vulnerabilities have been publicly disclosed. Security patches for 93 of these plugins and themes are now available, so please run those updates as soon as possible. If you’re a Solid Security Pro user, the version management… Continue Reading →
In this report, 114 vulnerabilities have been publicly disclosed. Security patches for 75 of these plugins and themes are now available, so please run those updates as soon as possible. If you’re a Solid Security Pro user, the version management… Continue Reading →
In this report, 169 vulnerabilities have been publicly disclosed. Security patches for 71 of these plugins and themes are now available, so please run those updates as soon as possible. If you’re a Solid Security Pro user, the version management… Continue Reading →
