Wordfence
Wordfence is the most popular WordPress security plugin. Wordfence currently protects over 5 million WordPress websites worldwide and has more than 200 million downloads & over 4,200 5-star ratings on WordPress.org
Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress as well as 2 factor authentication for advanced login security
The Wordfence plugin is powered by data from the Wordfence Intelligence platform, the most extensive database of WordPress plugin, theme, and core vulnerabilities - as well as independent security research funded via the Wordfence Bug Bounty Program.
Rounded out by a suite of additional features, Wordfence is the most comprehensive security option available for Wordpress sites.
Find out more at www.wordfence.com
Wordfence
What does Wordfence Free protect you from?
In this video, we break down exactly what the free version of Wordfence provides at the WordPress application layer, and why WordPress-aware security matters more than generic firewalls alone.
Wordfence Free is not a basic scanner or a passive plugin. It actively blocks the vast majority of known WordPress attacks by understanding how WordPress actually works, including core files, plugin routes, and login flows.
This video explains what Wordfence Free does out of the box and why it serves as a critical security layer for WordPress sites of all sizes.
#wordfence
1 day ago | [YT] | 1
View 0 replies
Wordfence
New Episode of "WordPress Security In 60 Seconds" just dropped! - This one's all about XML-RPC.
Learn something new in 60 seconds with Wordfence security researcher Alex Thomas: How attackers can exploit this legacy feature in WordPress, and how to make sure you're protected.
2 days ago | [YT] | 2
View 0 replies
Wordfence
Wordfence Bug Bounty Program Monthly Report – November 2025
www.wordfence.com/blog/2025/12/wordfence-bug-bount…
Last month in November 2025, the Wordfence Bug Bounty Program received 746 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem.
These submissions are reviewed, triaged, and processed by the Wordfence Threat Intelligence team, with validated vulnerabilities responsibly disclosed to vendors, often through the Wordfence Vulnerability Management Portal, and protected through the Wordfence Firewall where appropriate.
Our mission with the Wordfence Bug Bounty Program is to engage the broader security community in identifying and responsibly disclosing vulnerabilities in WordPress plugins and themes, so we can get them patched before attackers discover them.
This collaborative effort enables Wordfence to accelerate patch adoption, provide early protection to millions of websites, and ensure that high-quality vulnerability intelligence reaches the WordPress ecosystem as efficiently as possible.
It also ensures that we are able to remediate vulnerabilities before attackers are able to discover them and start exploiting them.
That is why we reward researchers for valid submissions, and why we remain committed to processing every report with transparency, accuracy, and urgency.
#wordpress #wordpresssecurity
5 days ago | [YT] | 7
View 0 replies
Wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 24 to November 30, 2025)
www.wordfence.com/blog/2025/12/wordfence-intellige…
Last week, there were 74 vulnerabilities disclosed in 67 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41 Vulnerability Researchers that contributed to WordPress Security last week.
Review those vulnerabilities in this report now to ensure your site is not affected.
#wordpress #wordpresssecurity #wordpresssecuritynewsdecember2025
2 weeks ago | [YT] | 1
View 0 replies
Wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 24 to November 30, 2025)
www.wordfence.com/blog/2025/12/wordfence-intellige…
Last week, there were 74 vulnerabilities disclosed in 67 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41 Vulnerability Researchers that contributed to WordPress Security last week.
Review those vulnerabilities in this report now to ensure your site is not affected.
#wordpress #wordpresssecurity #wordpresssecuritynewsdecember2025
2 weeks ago | [YT] | 7
View 0 replies
Wordfence
Attackers Actively Exploiting Critical Vulnerability in Sneeit Framework Plugin
www.wordfence.com/blog/2025/12/attackers-actively-…
On June 10th, 2025, we received a submission for a Remote Code Execution vulnerability in Sneeit Framework, a WordPress plugin with an estimated 1,700 active installations. The plugin is bundled in multiple premium themes.
We urge users to ensure their sites are updated with the latest patched version of Sneeit Framework, version 8.4 at the time of this writing, as soon as possible, as this vulnerability is under active exploitation.
This vulnerability can be leveraged to execute code remotely. The vendor released the patched version on August 5th, 2025, and we publicly disclosed this vulnerability in the Wordfence Intelligence Vulnerability Database on November 24th, 2025.
Our records indicate that attackers started exploiting the issue the same day on November 24th, 2025. The Wordfence Firewall has already blocked over 131,000 exploit attempts targeting this vulnerability.
Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on June 23, 2025. Sites using the free version of Wordfence received the same protection after the standard 30-day delay on July 23, 2025.
Additionally, a malware signature for up_sf.php was released to our Wordfence Premium, Wordfence Care, and Wordfence Response users on December 1st, 2025. Sites using the free version of Wordfence will receive the signature after a 30 day delay on December 31st, 2025.
#wordpress #wordpresssecurity #wordpresssecuritynews
2 weeks ago | [YT] | 4
View 0 replies
Wordfence
100,000 WordPress Sites Affected by Remote Code Execution in Advanced Custom Fields: Extended Plugin
2 weeks ago (edited) | [YT] | 1
View 0 replies
Wordfence
100,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Advanced Custom Fields: Extended WordPress Plugin
We urge users to update their sites with the latest patched version of Advanced Custom Fields: Extended, version 0.9.2 at the time of this publication, as soon as possible.
www.wordfence.com/blog/2025/12/100000-wordpress-si…
On November 18th, 2025, we received a submission for an unauthenticated Remote Code Execution vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000 active installations. This vulnerability can be leveraged to execute code remotely.
Props to dudekmar who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $4,290.00 for this discovery.
Our mission is to secure WordPress through defense in depth, which is why we are investing in quality vulnerability research and collaborating with researchers of this caliber through our Bug Bounty Program.
We are committed to making the WordPress ecosystem more secure through the detection and prevention of vulnerabilities, which is a critical element to our multi-layered approach to security.
Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on November 20, 2025.
Sites using the free version of Wordfence will receive the same protection 30 days later on December 20, 2025.
We provided full disclosure details to the ACF Extended team instantly through our Wordfence Vulnerability Management Portal on November 20, 2025.
The vendor released the patch the next day, on November 21, 2025. We would like to commend the ACF Extended team for their prompt response and timely patch.
#wordpress #wordpresssecurity #wordpresssecuritynews #cybersecurity #cybersecuritynews #wordfence #bugbounty
2 weeks ago | [YT] | 6
View 0 replies
Wordfence
Attackers Actively Exploiting Critical Vulnerability in King Addons for Elementor Plugin
www.wordfence.com/blog/2025/12/attackers-actively-…
Considering this vulnerability is under active attack, we urge users to ensure their sites are updated with the latest patched version of King Addons for Elementor, version 51.1.35 at the time of this writing, as soon as possible.
On July 24th, 2025, we received a submission for a Privilege Escalation vulnerability in King Addons for Elementor, a WordPress plugin with more than 10,000 active installations.
This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by specifying the administrator user role during registration.
The vendor released the patched version on September 25th, 2025, and we originally disclosed this vulnerability in the Wordfence Intelligence vulnerability database on October 30th, 2025. Our records indicate that attackers started exploiting the issue the next day, on October 31st, 2025.
The Wordfence Firewall has already blocked over 48,400 exploit attempts targeting this vulnerability.
Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on August 4, 2025.
Sites using the free version of Wordfence received the same protection after the standard 30-day delay on September 3, 2025.
#wordpress #wordpresssecurity #wordpresssecuritynews
2 weeks ago | [YT] | 6
View 0 replies
Wordfence
Wordfence Intelligence Weekly Vulnerability Report | November 17, 2025 to November 23, 2025
3 weeks ago | [YT] | 1
View 0 replies
Load more