As of June 10th, the security company Wordfence, which provides security software to protect WordPress websites, has been authorized by MITRE as a CNA, or CVE Numbering Authority. With this authorization, Wordfence can now assign Common Vulnerabilities and Exposures (CVE) IDs for vulnerabilities within WordPress, WordPress plugins and WordPress themes. WordPress powers a significant portion of the web, making it an extremely attractive target to threat actors.
“As the Wordfence Threat Intelligence team continues to produce groundbreaking WordPress security research, Wordfence can more efficiently assign CVE IDs prior to publicly disclosing any vulnerabilities that our team discovers. This means that a CVE ID will be immediately assigned with every vulnerability we discover rather than waiting for an assignment from an external CNA.”
As a company focused on securing WordPress, Wordfence not only provides security products but actively reviews the source of WordPress Core, plugins and themes for vulnerabilities as well. Their blog regularly details vulnerabilities and their assigned CVE ID after working with the authors until the vulnerability has been sufficiently remediated. Now a CNA, Wordfence hopes that researchers will reach out to them to have vulnerabilities quickly validated, assigned a CVE ID and remediated.
“As the original researcher, you receive the CVE ID and public credit for your discovery. You will also receive thanks from the users and community that you have protected through your responsible disclosure. Please reach out to us and we will be happy to assist.”