General

100,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress Plugin

by

On October 3rd, 2025, we received a submission for an Arbitrary File Read vulnerability in Anti-Malware Security and Brute-Force Firewall, a WordPress plugin with more than 100,000 active installations. This vulnerability makes it possible for an authenticated attacker, with subscriber-level permissions or higher, to read arbitrary files on the server, which may contain sensitive information. … Read more

WordPress 6.9 Beta 2

by

WordPress 6.9 Beta 2 is now ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites.  Instead, you should evaluate Beta 2 on a test server and site. You can test WordPress 6.9 Beta 2 in … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 13, 2025 to October 19, 2025)

by

Calling all Vulnerability Researchers and Bug Bounty Hunters!   Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! The LFInder Challenge: Refine … Read more

Mass Exploit Campaign Targeting Arbitrary Plugin Installation Vulnerabilities

by

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀 Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! 📁 The LFInder … Read more