Erik Kraijenoord - Blogging about WordPress and share snippets

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 23, 2026 to March 29, 2026)

3 April 2026 by Erik Kraijenoord

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026, earn three stacked bonuses on all valid submissions from our ‘High Threat Vulnerabilities’ list: 2x all high threat vulnerability bounties (excluding 5,000,000+ installs) +30% bonus for high threat vulnerabilities in software with 30,000+ active installs (excluding … Read more

200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin

3 April 2026 by Erik Kraijenoord

On March 1st, 2026, we received a submission for an Arbitrary File Deletion vulnerability in Perfmatters, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. Props to hoshino … Read more

From AI to Open Source at WordCamp Asia 2026

2 April 2026 by Erik Kraijenoord

April 9-11, 2026 | Jio World Convention Centre, Mumbai, India WordCamp Asia 2026 brings the WordPress community to Mumbai, India, from April 9 to 11, with a schedule shaped around artificial intelligence, enterprise WordPress, developer workflows, product strategy, and open source collaboration. For attendees planning their time, the program offers a useful view of the … Read more

200,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in MW WP Form WordPress Plugin

2 April 2026 by Erik Kraijenoord

On March 16th, 2026, we received a submission for an Arbitrary File Move vulnerability in MW WP Form, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to move arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. This … Read more

Wordfence Bug Bounty Program Monthly Report – February 2026

1 April 2026 by Erik Kraijenoord

Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat Intelligence team, with validated vulnerabilities responsibly disclosed to vendors, often through the … Read more

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.