On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations. This vulnerability makes it possible for authenticated users such as subscribers and customers to upload arbitrary files to a vulnerable site and achieve remote … Read more

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege … Read more

WordPress 6.5.2 was released yesterday, on April 9, 2024. It included a single security patch, along with a handful of bug fixes. The security patch was for a Stored Cross-Site Scripting vulnerability that could be exploited by both unauthenticated users, when a comment block is present on a page, and by authenticated users who have … Read more

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 183 vulnerabilities disclosed in 147 WordPress Plugins and 2 WordPress Themes that have been added … Read more

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated … Read more