Welcome to Part 3 of the WordPress Security Research Beginner Series! If you haven’t yet, take a minute to check out the series introduction to get a sense of what this series is all about. You’ll also want to catch up on Part 1, where we dig into WordPress request architecture and hooks, and Part … Read more
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On April 6th, 2025, we received a submission for an Arbitrary File Read vulnerability in … Read more
On May 2nd, 2025 the Wordfence Threat Intelligence team added a new critical vulnerability to the Wordfence Intelligence vulnerability database in the OttoKit: All-in-One Automation Platform (Formerly SureTriggers) plugin publicly disclosed by a third-party CNA on April 30th, 2025. This vulnerability makes it possible for unauthenticated attackers to gain administrative level access to vulnerable sites, … Read more
In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 230 vulnerabilities disclosed in 197 WordPress Plugins and 14 WordPress Themes that … Read more
On April 8th, 2024, we released our 2024 Annual WordPress Security Report, highlighting key trends and insights across the evolving landscape of WordPress security. Today, we want to shine a spotlight on Wordfence’s contributions through our Bug Bounty Program, and reaffirm our commitment to high-quality vulnerability research, respectful and responsible disclosure, and free, high-impact vulnerability … Read more
