Wordfence Intelligence Weekly WordPress Vulnerability Report (September 29, 2025 to October 5, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters!   Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! The LFInder Challenge: Refine … Read more

Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀 Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! 📁 The LFInder … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 22, 2025 to September 28, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters!   Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! The LFInder Challenge: Refine … Read more

How to Find Local File Inclusion (LFI) Vulnerabilities in WordPress Plugins and Themes

Local File Inclusion (LFI) occurs when user-controlled input is used to build a path to a file that is then included by the application. In WordPress (and PHP web applications in general), this means values from $_GET, $_POST, $_REQUEST, or other user-controlled sources end up in the include(), require(), include_once(), or require_once() functions. While this … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 15, 2025 to September 21, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters!   Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! Last week, there were … Read more