Wordfence

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026, earn three stacked bonuses on all valid submissions from our ‘High Threat Vulnerabilities’ list: 2x all high threat vulnerability bounties (excluding 5,000,000+ installs) +30% bonus for high threat vulnerabilities in software with 30,000+ active installs (excluding … Read more

On March 1st, 2026, we received a submission for an Arbitrary File Deletion vulnerability in Perfmatters, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. Props to hoshino … Read more

On March 16th, 2026, we received a submission for an Arbitrary File Move vulnerability in MW WP Form, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to move arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. This … Read more

Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat Intelligence team, with validated vulnerabilities responsibly disclosed to vendors, often through the … Read more

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026, earn three stacked bonuses on all valid submissions from our ‘High Threat Vulnerabilities’ list: 2x all high threat vulnerability bounties (excluding 5,000,000+ installs) +30% bonus for high threat vulnerabilities in software with 30,000+ active installs (excluding … Read more