SQL Injection (SQLi), a vulnerability almost as old as database-driven web applications themselves (CWE-89), persists as a classic example of failing to neutralize user-supplied input before it’s used in a SQL query. So why does this well-understood vulnerability type continue to exist? In the WordPress space, the WordPress core development team has made a number … Read more
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! On June … Read more
📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On March 24th, 2025, we received a submission for an Arbitrary File Upload and an … Read more
The 2024 WordPress security landscape saw significant changes, with new Bug Bounty Programs such as Wordfence’s creating opportunities for numerous researchers to earn a sustainable income by examining WordPress software. Despite another record year for disclosed vulnerabilities in 2025, the rising number doesn’t necessarily translate to increased risk for the vast majority of site owners. … Read more
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. On … Read more
