Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin

On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject malicious web scripts. Props to stealthcopter who discovered and responsibly reported this vulnerability through … Read more

Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On March 1st, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 4, 2024 to March 10, 2024)

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 72 vulnerabilities disclosed in 55 WordPress Plugins and 2 WordPress Themes that have been added … Read more

$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 26th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege … Read more

Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence – More to Come!

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! In just a few short months since our launch in November of last year, the Wordfence Bug Bounty … Read more