General

100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Advanced Custom Fields: Extended WordPress Plugin

by

On December 10th, 2025, we received a submission for a Privilege Escalation vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by updating the user role on a user action form where a role can … Read more

A New Home for WordPress Education Programs

by

Over the past few weeks, a new space has taken shape on WordPress.org for students who want to learn, build, and contribute. WordPress Education programs bring together initiatives that help students enter the WordPress ecosystem through clear, accessible entry points that lead to real-world practice. With hands-on initiatives and supportive communities, participants can grow new … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 5, 2026 to January 11, 2026)

by

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. Last week, … Read more

WordPress Playground Brings Speed, Stability, and Momentum

by

WordPress Playground had a busy year in 2025, with updates that make it more capable for day-to-day development, plugin previews, and learning environments. The project’s latest year-in-review highlights progress across performance, compatibility, database support, and tooling, expanding what can be done in a WordPress environment that runs in the browser and through the command line. … Read more