security

Wordfence offers a free Bug Bounty Program for WordPress plugins/themes, rewarding up to $31,200 per vulnerability. Last week, 392 vulnerabilities in 345 plugins and 15 themes were reported. Wordfence aims to provide security insights to the WordPress community, offering free tools for vulnerability detection. They deployed new firewall rules and disclosed vulnerability statistics: 213 patched, 179 unpatched; with severities ranging from low to critical. Additionally, many researchers contributed to identifying vulnerabilities, with a call for more to join the effort.

https://www.wordfence.com/blog/2025/04/wordfence-intelligence-weekly-wordpress-vulnerability-report-march-24-2025-to-march-30-2025/

TLDR: Wordfence's Bug Bounty Program rewards researchers for reporting vulnerabilities. A recent submission uncovered two critical issues in the WP Ultimate CSV Importer plugin (versions ≤ 7.19) that allow authenticated users to upload malicious files and delete key site files, risking site takeover. The vulnerabilities have been patched in version 7.19.1. Users should update immediately. Wordfence protects all users against these threats.

https://www.wordfence.com/blog/2025/03/20000-wordpress-sites-affected-by-arbitrary-file-upload-and-deletion-vulnerabilities-in-wp-ultimate-csv-importer-wordpress-plugin/

Wordfence offers a free Bug Bounty Program for WordPress plugins and themes, rewarding researchers up to $31,200 for reported vulnerabilities. Last week, 111 vulnerabilities were reported across 94 plugins and 5 themes, with 33 contributors to WordPress security. The Wordfence Intelligence platform provides free access to vulnerability data for users to enhance WordPress security. A total of 111 vulnerabilities were disclosed last week, with 37 patched and 74 unpatched. The vulnerabilities included varying severities, with 13 critical, 18 high, 78 medium, and 2 low. Organizations can use the Wordfence CLI Vulnerability Scanner and API for ongoing security assessments. Signing up for the mailing list grants users access to weekly reports on vulnerabilities.

https://www.wordfence.com/blog/2025/03/wordfence-intelligence-weekly-wordpress-vulnerability-report-march-17-2025-to-march-23-2025/

TLDR: Wordfence has a free Bug Bounty Program for WordPress vulnerabilities offering up to $31,200 per submission. Last week, 147 vulnerabilities across 125 plugins and 7 themes were reported. Wordfence provides free access to their vulnerability database and scanning tools to enhance WordPress security. Premium users received advanced firewall protections for new vulnerabilities immediately. Overall, 49 vulnerabilities were patched while 98 remain unpatched. The report highlights contributions from researchers and lists various plugins with reported vulnerabilities.

https://www.wordfence.com/blog/2025/03/wordfence-intelligence-weekly-wordpress-vulnerability-report-march-10-2025-to-march-16-2025/

TLDR: Wordfence's Bug Bounty Program offers up to $31,200 for reporting vulnerabilities in WordPress plugins/themes. Last week saw 126 vulnerabilities disclosed across 94 plugins and 12 themes. Users can access free vulnerability reports, API, and CLI tools to enhance site security. There are 88 patched and 38 unpatched vulnerabilities. Medium (85), High (31), and Critical (10) severity levels reported. Researchers contributing to security can earn recognition and rewards for disclosed vulnerabilities.

https://www.wordfence.com/blog/2025/03/wordfence-intelligence-weekly-wordpress-vulnerability-report-march-3-2025-to-march-9-2025/

Genuine Wordfence is only available from Wordfence.com or the WordPress Plugin Repository. Counterfeit versions exist, often claiming to offer Premium features but only provide a modified free version without true benefits. Nulled versions pose security risks, lack updates, offer no support, and violate copyright. Use Genuine Wordfence for security, stability, and support for your WordPress site.

https://www.wordfence.com/blog/2025/03/genuine-wordfence/

WordPress Security Research Series continues with an overview of the importance of understanding WordPress’s unique security architecture, relevant for vulnerability researchers. The article emphasizes recognizing security mechanisms, testing implementations, and identifying areas vulnerable due to improper use of WordPress security functions. Key topics include the importance of static and dynamic analysis, the role of sources, sinks, and data flow in identifying vulnerabilities, and the necessity for proper input handling and validation practices. A security ethos encourages developers to avoid trusting data and utilize the WordPress Security API effectively for validation and sanitization. Understanding these aspects is critical for researchers hoping to contribute to enhancing WordPress security through the Bug Bounty Program.

https://www.wordfence.com/blog/2025/03/wordpress-security-research-series-wordpress-security-architecture/

Wordfence Bug Bounty: Earn up to $31,200 per vulnerability for WordPress plugins/themes. 175 vulnerabilities reported last week; use Wordfence Intelligence for security insights. They offer free vulnerability scanning tools and weekly reports. Last week, 84 patched vs. 91 unpatched vulnerabilities. Major vulnerabilities found include Cross-site Scripting and CSRF. Check their database for 24,000 vulnerabilities free.

https://www.wordfence.com/blog/2025/03/wordfence-intelligence-weekly-wordpress-vulnerability-report-february-24-2025-to-march-2-2025/

Wordfence's Threat Intelligence team experienced growth in 2023, launching a Bug Bounty Program that validated over 4,400 vulnerabilities and awarded $450,000 in bounties. The program emphasizes high-risk vulnerability identification and includes new incentives for researchers, such as the Monthly Bug Detector Streak Bonus and the Superhero Challenge with rewards up to $31,200. Adjustments to submission limits, bounty awards, and scope expansion aim to prioritize impactful research while supporting new researchers. Moving forward, Wordfence seeks to enhance WordPress security through meaningful contributions and continued community support.

https://www.wordfence.com/blog/2025/03/wordfence-bug-bounty-program-2025-updates/

TLDR: Wordfence offers a Bug Bounty Program for WordPress vulnerabilities, paying up to $31,200 per discovery. Last week, 172 vulnerabilities were reported in 157 plugins and 4 themes. Wordfence provides free access to vulnerability data via their intelligence interface and tools. 97 vulnerabilities were patched while 75 remained unpatched. Researchers contributed significantly, with the top contributors listed. Enhanced firewall rules were deployed for specific vulnerabilities, immediately available to Premium users. Users can sign up for weekly vulnerability reports.

https://www.wordfence.com/blog/2025/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-february-17-2025-to-february-23-2025/