Wordfence Intelligence Weekly WordPress Vulnerability Report (September 8, 2025 to September 14, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters!   Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big!  Participate in the SQLsplorer … Read more

Attackers Actively Exploiting Critical Vulnerability in Case Theme User Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! 💉 Participate in … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 1, 2025 to September 7, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters!   Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big!  Participate in the SQLsplorer … Read more

The Price of ‘Free’: How Nulled Plugins Are Used to Weaken Your Defense

The Wordfence Threat Intelligence Team has discovered a new malware campaign that highlights the hidden risks associated with “nulled plugins”, or premium plugins that have been tampered with by third parties. This campaign is particularly concerning because it doesn’t just infect websites: it enables attackers to bypass existing security defenses while achieving persistent access, effectively … Read more