Security

Security

Wordfence Intelligence Weekly WordPress Vulnerability Report Reveals 75 New Flaws (May 4–10, 2026)

Wordfence Intelligence reports 75 new WordPress vulnerabilities disclosed in plugins and themes during May 4–10, 2026, with critical flaws prompting immediate firewall updates.

May 15, 2026 · 5 min read

Security

200,000 WordPress Sites at Risk from Critical Authentication Bypass Vulnerability in Burst Statistics Plugin

Wordfence researchers uncovered a critical authentication bypass in the Burst Statistics plugin impacting over 200,000 WordPress sites. Immediate updates to version 3.4.2 are essential to prevent administrator impersonation.

May 14, 2026 · 5 min read

Security

1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin

The Avada Builder WordPress plugin with 1 million active sites has critical Arbitrary File Read and SQL Injection vulnerabilities. Immediate patching is essential.

May 13, 2026 · 6 min read

Security

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)

The latest Wordfence Intelligence report reveals 87 WordPress vulnerabilities disclosed last week, with critical patches and new firewall rules deployed to protect sites.

May 8, 2026 · 5 min read

Security

Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution 7 WordPress Plugin

An authenticated arbitrary file upload vulnerability affecting Slider Revolution 7.0.0 to 7.0.10 has been patched in version 7.0.11. This flaw allowed subscriber-level users to achieve remote code execution.

May 7, 2026 · 5 min read

Security

Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin

A critical Arbitrary File Upload vulnerability in Breeze Cache plugin is actively exploited, risking remote code execution on 400,000 WordPress sites. Immediate update to version 2.4.5 is vital.

May 6, 2026 · 5 min read

Security

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 20, 2026 to April 26, 2026)

Wordfence Intelligence reports 157 new WordPress vulnerabilities last week, with 42 unpatched including 6 critical. New firewall rules deployed to protect premium users in real time.

May 1, 2026 · 5 min read

Security

Wordfence Intelligence Weekly WordPress Vulnerability Report: 139 Flaws Disclosed (April 13–19, 2026)

Wordfence reports 139 new WordPress vulnerabilities last week across plugins and themes, with 109 patched and 30 unpatched. Cross-site scripting and authorization flaws dominate.

Apr 27, 2026 · 5 min read

Security

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)

154 vulnerabilities were disclosed last week across 118 plugins and 23 themes. Wordfence tools help users monitor and patch risks effectively.

Apr 17, 2026 · 5 min read

Security

Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin

A critical vulnerability in Ninja Forms – File Upload plugin is actively exploited, affecting 50,000 WordPress sites. Update to version 3.3.27 immediately.

Apr 17, 2026 · 5 min read