Last month in December 2025, the Wordfence Bug Bounty Program received 759 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat Intelligence team, with validated vulnerabilities responsibly disclosed to vendors, often through the … Read more
Square recently made Bitcoin payments available to eligible US stores. Benefit from near-instant settlement, lower fees, and no chargebacks.
On January 12th, 2026, we received a submission for a Backdoor vulnerability in the LA-Studio Element Kit for Elementor, a WordPress plugin with more than 20,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to create malicious administrator users. Props to Athiwat Tiprasaharn (Jitlada), Itthidej Aramsri (Boeing777) and Waris Damkham who discovered … Read more
WordCamp Asia is back in 2026, this time in Mumbai, India, and it’s building on a year that showed just how ambitious and connected the WordPress community has become. Now is the time to get involved. Get your ticket, explore sponsorship opportunities, and help spread the word. Get Your Event Pass Become a Sponsor About … Read more
On December 10th, 2025, we received a submission for a Privilege Escalation vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by updating the user role on a user action form where a role can … Read more
