Wordfence Security – Firewall, Malware Scan, and Login Security WordPress Plugin Security Vulnerabilities | WPScan

13

December 20, 2025

5000000

Published

2022-09-07

Title

Wordfence < 7.6.1 - Admin+ Stored Cross-Site Scripting

Fixed in

Fixed in 7.6.1

CVSS

2.6 (low)

Published

2018-10-02

Title

Wordfence < 7.1.14 - Username Enumeration Prevention Bypass

Fixed in

Fixed in 7.1.14

CVSS

5.3 (medium)

Published

2014-12-08

Title

Wordfence <= 5.1.4 - Cross-Site Scripting (XSS)

Fixed in

Fixed in 5.1.5

CVSS

6.1 (medium)

Published

2014-12-01

Title

Wordfence 5.2.2 - XSS in Referer Header

Fixed in

Fixed in 5.2.3

CVSS

n/a

Published

2014-10-07

Title

Wordfence <= 5.2.4 - Multiple Vulnerabilities (XSS & Bypasses)

Fixed in

Fixed in 5.2.5

CVSS

n/a

Published

2014-09-27

Title

Wordfence 5.2.3 - Multiple Vulnerabilities

Fixed in

Fixed in 5.2.4

CVSS

n/a

Published

2014-09-22

Title

Wordfence 5.2.3 - Banned IP Functionality Bypass

Fixed in

Fixed in 5.2.4

CVSS

n/a

Published

2014-09-22

Title

Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS

Fixed in

Fixed in 5.2.5

CVSS

n/a

Published

2014-09-22

Title

Wordfence 5.2.4 - Unspecified Issue

Fixed in

Fixed in 5.2.5

CVSS

n/a

Published

2014-08-01

Title

Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS

Fixed in

Fixed in 3.8.3

CVSS

n/a

Published

2014-08-01

Title

Wordfence 3.3.5 - XSS & IAA

Fixed in

Fixed in 3.3.7

CVSS

n/a

Published

2014-08-01

Title

Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS

Fixed in

Fixed in 3.8.7

CVSS

n/a

Published

2014-08-01

Title

Wordfence 3.8.1 - Password Creation Restriction Bypass

Fixed in

Fixed in 3.8.3

CVSS

n/a