486 new vulnerabilities, including 17 High Threat and 23 Common & Dangerous were submitted in October 2025 to the Wordfence Bug Bounty Program.
Read The October 2025 Wordfence Bug Bounty Report:
Wordfence
Wordfence is the most popular WordPress security plugin, protecting over 5 million websites worldwide.
Visit wordfence.com
Wordfence Intelligence Weekly Vulnerability Report | November 10, 2025 to November 16, 2025
SQL Injection (SQLi) Explained In 60 Seconds:
Part of our new series: "WordPress Security in 60 Seconds" - what should we cover next?
106 new vulnerabilities disclosed in 100 Plugins and 1 Theme have been added to the Wordfence Intelligence Vulnerability Database
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 10, 2025 to November 16, 2025)
Attackers Actively Exploiting Critical Vulnerability in Post SMTP Plugin
Considering this vulnerability is under active attack, we urge users to ensure their sites are updated with the latest patched version of Post SMTP, (3.6.1), as soon as possible.
Did you know we have a free dashboard that shows the latest attack data across the network of 5+ million sites under our protection from the last 24 hours, 7 days, and 30 days?
It's called the Wordfence Intelligence Dashboard:
Bug Bounty Hunters: Have you joined the Wordfence Bug Bounty Program discord server yet? All skill levels are welcome to join.
A great place to meet other researchers, share tips, advice, and victories - plus you can connect directly with the Wordfence Threat Intelligence team and get guidance on how to be successful in our program.
Search "Wordfence Bug Bounty Discord" or check the comments.
110 New Vulnerabilities Added:
Wordfence Intelligence Weekly Vulnerability Report | November 3, 2025 to November 9, 2025
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 3, 2025 to November 9, 2025)
Last week, there were 110 vulnerabilities disclosed in 101 plugins and 0 themes, with 56 vulnerability researchers contributing to WordPress Security
The "VIP" Security Flaw:
"Become The Boogeyman" - A Cybersecurity Mindset You Should Adopt
XSS (Cross-Site Scripting) Explained For Non Techies
Part of our fun, but educational series: "The Hidden World of Cyber Threats" - search for it on your favorite platform.
Watch The Wordfence Intelligence Weekly Vulnerability Report | October 27, 2025 to November 2, 2025 Highlight Reel: 🎞️
✉️ Stay Up To Date With The Latest WordPress Security News and Updates:
Each Week, Wordfence publishes the latest WordPress plugin and theme vulnerability and threat intelligence data on the Wordfence Blog and via our mailing list.
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 27, 2025 to November 2, 2025)
Review the vulnerabilities in this report now to ensure your site is not affected.
The "Swiss Cheese" Model In Cybersecurity Explained:
Cross-Site Scripting (XSS) Explained: What It Is And How To Defend Against It
https://www.youtube.com/watch?v=laiywDwIJ5k
Episode 2 in our series: "The Hidden World of Cyber Threats"
https://www.youtube.com/playlist?list=PL1tmvSub1Gq4COjwWU90SORq8WbAHFZLJ
Link to the 2024 Report:
https://www.wordfence.com/blog/2025/04/2024-annual-wordpress-security-report-by-wordfence/
XSS (Cross-Site Scripting) Attacks: Still A Big Deal
From our Wordfence 2024 Annual WordPress Security Report:
"Cross-Site Scripting (XSS) vulnerabilities consistently account for the majority of vulnerabilities disclosed year over year, despite being around for ages"
100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in AI Engine Plugin
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst