15,000 WordPress Sites Affected by Administrator Account Creation Vulnerability in WP Maps Pro WordPress Plugin

On March 24th, 2026, we received a submission for an Unauthenticated Administrator Account Creation vulnerability in WP Maps Pro, a WordPress plugin with more than 15,000 sales. This vulnerability makes it possible for unauthenticated attackers to create new administrator accounts on the affected sites, leading to complete site takeover. Props to David Brown who discovered … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 11, 2026 to May 17, 2026)

Last week, there were 78 vulnerabilities disclosed in 62 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more

200,000 WordPress Sites at Risk from Critical Authentication Bypass Vulnerability in Burst Statistics Plugin

On May 8, 2026, PRISM, Wordfence Threat Intelligence’s autonomous vulnerability research platform, discovered a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with more than 200,000 active installations. The vulnerability was introduced in the code on April 23, 2026, discovered just 15 days later, and patched 19 days later, highlighting the positive impact … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)

Last week, there were 75 vulnerabilities disclosed in 59 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 56 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more