Wordfence Intelligence Weekly WordPress Vulnerability Report (January 27, 2025 to February 2, 2025)

Wordfence runs a Bug Bounty Program for WordPress vulnerabilities with rewards up to $31,200. Last week, 150 vulnerabilities were disclosed in 133 plugins and 1 theme. Wordfence provides free vulnerability information and tools for scanning and monitoring vulnerabilities. A total of 85 vulnerabilities were patched, while 65 remain unpatched, including 5 critical vulnerabilities. The top vulnerability types include cross-site scripting and missing authorization. Various researchers contributed to vulnerability discoveries, with SOPROBRO leading in submissions.

https://www.wordfence.com/blog/2025/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-january-27-2025-to-february-2-2025/