10,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Eventin WordPress Plugin

📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond.   On April 6th, 2025, we received a submission for an Arbitrary File Read vulnerability in … Read more

Recently Disclosed SureTriggers Critical Privilege Escalation Vulnerability Under Active Exploitation

On May 2nd, 2025 the Wordfence Threat Intelligence team added a new critical vulnerability to the Wordfence Intelligence vulnerability database in the OttoKit: All-in-One Automation Platform (Formerly SureTriggers) plugin publicly disclosed by a third-party CNA on April 30th, 2025. This vulnerability makes it possible for unauthenticated attackers to gain administrative level access to vulnerable sites, … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 21, 2025 to April 27, 2025)

In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond.   Last week, there were 230 vulnerabilities disclosed in 197 WordPress Plugins and 14 WordPress Themes that … Read more

Wordfence: The World’s Leading Quality WordPress Vulnerability Intelligence Provider

On April 8th, 2024, we released our 2024 Annual WordPress Security Report, highlighting key trends and insights across the evolving landscape of WordPress security. Today, we want to shine a spotlight on Wordfence’s contributions through our Bug Bounty Program, and reaffirm our commitment to high-quality vulnerability research, respectful and responsible disclosure, and free, high-impact vulnerability … Read more