Last month in November 2025, the Wordfence Bug Bounty Program received 746 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem.
These submissions are reviewed, triaged, and processed by the Wordfence Threat Intelligence team, with validated vulnerabilities responsibly disclosed to vendors, often through the Wordfence Vulnerability Management Portal, and protected through the Wordfence Firewall where appropriate.
Our mission with the Wordfence Bug Bounty Program is to engage the broader security community in identifying and responsibly disclosing vulnerabilities in WordPress plugins and themes, so we can get them patched before attackers discover them.
This collaborative effort enables Wordfence to accelerate patch adoption, provide early protection to millions of websites, and ensure that high-quality vulnerability intelligence reaches the WordPress ecosystem as efficiently as possible.
It also ensures that we are able to remediate vulnerabilities before attackers are able to discover them and start exploiting them.
That is why we reward researchers for valid submissions, and why we remain committed to processing every report with transparency, accuracy, and urgency.
Wordfence
Wordfence Bug Bounty Program Monthly Report – November 2025
www.wordfence.com/blog/2025/12/wordfence-bug-bount…
Last month in November 2025, the Wordfence Bug Bounty Program received 746 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem.
These submissions are reviewed, triaged, and processed by the Wordfence Threat Intelligence team, with validated vulnerabilities responsibly disclosed to vendors, often through the Wordfence Vulnerability Management Portal, and protected through the Wordfence Firewall where appropriate.
Our mission with the Wordfence Bug Bounty Program is to engage the broader security community in identifying and responsibly disclosing vulnerabilities in WordPress plugins and themes, so we can get them patched before attackers discover them.
This collaborative effort enables Wordfence to accelerate patch adoption, provide early protection to millions of websites, and ensure that high-quality vulnerability intelligence reaches the WordPress ecosystem as efficiently as possible.
It also ensures that we are able to remediate vulnerabilities before attackers are able to discover them and start exploiting them.
That is why we reward researchers for valid submissions, and why we remain committed to processing every report with transparency, accuracy, and urgency.
#wordpress #wordpresssecurity
5 days ago | [YT] | 7