security

TLDR: Wordfence runs a Bug Bounty Program for WordPress vulnerabilities, offering rewards up to $31,200. A critical SVG Upload vulnerability was reported for the Jupiter X Core plugin (versions ≤4.8.7), allowing authenticated users to execute remote code. The issue was disclosed on January 6, 2025, and patched by January 29, 2025, with Wordfence users receiving protection earlier. Users are urged to update to version 4.8.8 to maintain site security.

https://www.wordfence.com/blog/2025/02/creative-svg-file-upload-to-local-file-inclusion-vulnerability-affecting-90000-sites-patched-in-jupiter-x-core-wordpress-plugin/

Summary: Wordfence offers a free Bug Bounty Program for WordPress vulnerabilities, rewarding up to $31,200 per submission. Last week, 141 vulnerabilities in 132 plugins and 3 themes were disclosed. Users can access vulnerability data and use tools like the Wordfence CLI Scanner at no cost. A total of 47 vulnerabilities were patched while 94 remain unpatched. Critical vulnerabilities totaled 3. Contributors to the week included 45 researchers, with top contributors listed. A list of plugins with reported vulnerabilities is available.

https://www.wordfence.com/blog/2025/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-february-3-2025-to-february-9-2025/

On Dec 7, 2024, an Arbitrary File Upload vulnerability was found in CleanTalk's Security & Malware scan plugin, affecting over 30,000 WordPress installations. It allowed attackers to upload arbitrary files and execute remote code. Lucio Sá reported it through Wordfence's Bug Bounty Program and received $1,716. CleanTalk responded quickly, releasing a patch on Jan 27, 2025. Users are urged to update to version 2.150. Wordfence provided firewall protection on Jan 14, 2025, with free users receiving it by Feb 13, 2025. The vulnerability exposes sites to severe risk, necessitating swift action to secure affected installations.

https://www.wordfence.com/blog/2025/02/30000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-security-malware-scan-by-cleantalk-wordpress-plugin/

Wordfence runs a Bug Bounty Program for WordPress vulnerabilities with rewards up to $31,200. Last week, 150 vulnerabilities were disclosed in 133 plugins and 1 theme. Wordfence provides free vulnerability information and tools for scanning and monitoring vulnerabilities. A total of 85 vulnerabilities were patched, while 65 remain unpatched, including 5 critical vulnerabilities. The top vulnerability types include cross-site scripting and missing authorization. Various researchers contributed to vulnerability discoveries, with SOPROBRO leading in submissions.

https://www.wordfence.com/blog/2025/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-january-27-2025-to-february-2-2025/

Wordfence offers a free Bug Bounty Program for WordPress plugins/themes, rewarding up to $31,200 per vulnerability. Last week, 212 vulnerabilities were disclosed involving 182 plugins and 9 themes, contributed by 77 researchers. The Wordfence Intelligence databases and tools are accessible at no cost for improved internet security. Recent firewall rules were implemented to enhance protection, with 186 vulnerabilities patched and 26 remaining unpatched. High-severity vulnerabilities included 23 high and 6 critical. A report lists contributor researchers and their vulnerabilities discovered.

https://www.wordfence.com/blog/2025/01/wordfence-intelligence-weekly-wordpress-vulnerability-report-january-20-2025-to-january-26-2025/

Wordfence launches the Refer-A-Researcher Program, allowing current bug bounty researchers to earn commissions by referring new researchers. Participants can earn up to 20% on the first five validated reports from their referrals, with no earning cap. To join, users must meet eligibility criteria, including being an active researcher for over a month and submitting at least 10 valid vulnerabilities. This initiative aims to enhance the WordPress Bug Bounty Program. For more details, participants should check their email or researcher dashboard for eligibility notifications.

https://www.wordfence.com/blog/2025/01/bug-bounty-referral-program/