+1 for open source! These vulns got identified within ~10 days of them being introduced into the ecosystem - all thanks to having easy + full access to the source code.😊 And shoutout to the ProfilePress team that acted impressively quick to get a patch out. Update ASAP!

On July 14, WooCommerce released a patch for a SQL Injection vulnerability that allowed unauthenticated attackers to access arbitrary data in a store’s database. Moments ago, the Wordfence Threat Intelligence team posted a deeper look at the vulnerability. hubs.li/H0SnP_v0

*Just Published* 2021 Mid-Year WordPress Security Report: A Collaboration Between Wordfence and WPScan blog.wpscan.com/2021-mid-year-… It was a pleasure to work with Wordfence on this report!

Had the pleasure of working directly with Ryan Dewhurst at WPScan - WordPress Security to create this report! TL;DR attacks on WordPress are (expectedly) on the rise, while (fortunately) the security posture of the ecosystem is as well!

Critical Authentication Bypass Vulnerability Patched in Booster for WooCommerce wordfence.com/blog/2021/08/c…

Eeeeeek!!! Exciting new offerings from Wordfence - now we can take care of your WordPress site's security for you! 😁

Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution hubs.li/Q013KBZC0

Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin hubs.li/Q013VnXF0

Effective immediately, Wordfence has deployed real-time threat intelligence (normally a paid only feature) to over 8,000 sites running the Free version of Wordfence on the .UA top-level domain. This will auto-update - no site change or work needed. Also: wordfence.com/blog/2022/03/u…

Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin hubs.li/Q017FB4t0

PSA: Critical Vulnerability Patched in Ninja Forms WordPress Plugin hubs.li/Q01dQt2D0

Hanging with ⁦Ram⁩ and ⁦Chloe Chamberland⁩ at our #blackhat booth in Las Vegas. #blackhat2022

Very excited about this!

We are hiring a Senior Web Application Vulnerability Researcher at Wordfence! Love everything about finding, exploiting, and learning more about vulns in WordPress software? Please apply now! I'd love to work with you. 😁defiant.com/employment/sen…

Highlighting data points from the Mid-Year Vulnerability Report: Out of the 1,171 unauthenticated vulnerabilities added to the database, 837, or 71%, of those were XSS and CSRF which require user interaction to exploit. Read the entire report now. 👇 wordfence.com/blog/2023/08/d…

Exciting news! We've launched a webhook integration for vulnerabilities with Wordfence Intelligence for FREE. Stay updated with real-time notifications of the latest WordPress vulnerabilities! #WordfenceIntelligence #WordPressSecurity wordfence.com/blog/2023/08/i…

Exciting things are happening at Wordfence! We just launched Free WordPress Vulnerability Scanning utilizing the Wordfence Intelligence VulnDB as a feature of the new Wordfence CLI tool, and have a lot of other exciting new things on the horizon. 👀 wordfence.com/blog/2023/10/w…

📣Calling all security researchers! Wordfence will now reward you with $ for vulnerabilities found in WordPress plugins & themes! Learn more here, and register your researcher profile today so you're ready when you have that next vulnerability to submit! wordfence.com/blog/2023/11/w…

😱

The Wordfence team is excited to announce the official launch of the Wordfence Vulnerability Management Portal! Over 130 WordPress software vendors, covering over 640 unique pieces of WordPress software have already been onboarded. wordfence.com/blog/2025/07/r…