Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.
Last week, there were 408 vulnerabilities disclosed in 376 WordPress Plugins and 18 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 22,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- Adifier System <= 3.1.7 – Unauthenticated Arbitrary Password Reset
- WAF-RULE-794 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-795 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-796 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-798 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-799 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-800 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-801 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-802 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
Patch Status | Number of Vulnerabilities |
---|---|
Patched | 92 |
Unpatched | 316 |
Total Vulnerabilities by CVSS Severity Last Week
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 2 |
Medium Severity | 368 |
High Severity | 29 |
Critical Severity | 9 |
Total Vulnerabilities by CWE Type Last Week
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 200 |
Cross-Site Request Forgery (CSRF) | 116 |
Missing Authorization | 38 |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 19 |
Unrestricted Upload of File with Dangerous Type | 9 |
Exposure of Sensitive Information to an Unauthorized Actor | 6 |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 4 |
Incorrect Privilege Assignment | 4 |
Exposure of Private Personal Information to an Unauthorized Actor | 2 |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 2 |
Authorization Bypass Through User-Controlled Key | 1 |
Dependency on Vulnerable Third-Party Component | 1 |
Deserialization of Untrusted Data | 1 |
Improper Access Control | 1 |
Improper Authentication | 1 |
Improper Control of Generation of Code (‘Code Injection’) | 1 |
Improper Privilege Management | 1 |
Unverified Password Change | 1 |
Researchers That Contributed to WordPress Security Last Week
Researcher Name | Number of Vulnerabilities |
---|---|
183 | |
30 | |
28 | |
20 | |
13 | |
11 | |
7 | |
7 | |
6 | |
4 | |
4 | |
4 | |
4 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
Software Name | Software Slug |
---|---|
“Visit Site” Link enhanced – WordPress PlugIn | visit-site-link-enhanced |
301 SEO REDIRECTION | COUNTRY BASED REDIRECTION [ REDIRECTION PLUS ] | redirection-plus |
Ad Blocking Detector | ad-blocking-detector |
add custom google tag manager | add-custom-google-tag-manager |
Add RSS | add-rss |
Adifier System | adifier-system |
Admin and Customer Messages After Order for WooCommerce: OrderConvo | admin-and-client-message-after-order-for-woocommerce |
Admin Cleanup | admin-cleanup |
Admin Menu Organizer | admin-menu-organizer |
Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin | file-manager-advanced |
AI Responsive Gallery Album | ai-responsive-gallery-album |
Ajax Contact Form | fws-ajax-contact-form |
Ajax WP Query Search Filter | ajax-wp-query-search-filter |
AlT Report | alt-report |
Altima Lookbook Free for WooCommerce | altima-lookbook-free-for-woocommerce |
Amber | amberlink |
amr personalise | amr-personalise |
Annie | annie |
Anonymize Links | anonymize-links |
Apply with LinkedIn buttons | apply-with-linkedin-buttons |
ApplyOnline – Application Form Builder and Manager | apply-online |
Auphonic Importer | auphonic-importer |
Auto FTP | auto-ftp |
Awesome Responsive Photo Gallery – Image & Video Lightbox Gallery | awesome-responsive-photo-gallery |
Background animation blocks | background-animation-blocks |
Background Control | background-control |
Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) | barcode-scanner-lite-pos-to-manage-products-inventory-and-orders |
Better Protected Pages | better-protected-pages |
Bible Embed | bible-embed |
Bit.ly linker | bitly-linker |
BizLibrary | bizlibrary |
Blog Summary | blog-summary |
Blogger Image Import | blogger-image-import |
Board Election | board-election |
Bold pagos en linea | bold-pagos-en-linea |
bonjour-bar | bonjour-bar |
Book a Place | book-a-place |
Bookalet | bookalet |
Brizy Pro | brizy-pro |
Build Private Store For Woocommerce | build-private-store-for-woocommerce |
Button Block – Get fully customizable & multi-functional buttons | button-block |
Cache Sniper for Nginx | snipe-nginx-cache |
Captchelfie – Captcha by Selfie | captchelfie-captcha-by-selfie |
Car Demon | car-demon |
Category Custom Fields | categorycustomfields |
Category D3 Tree | category-d3-tree |
CC Circle Progress Bar | cc-circle-progress-bar |
Chamber Dashboard Business Directory | chamber-dashboard-business-directory |
Charity-thermometer | charitydonation-thermometer |
Chatter | chatter |
Checkout for PayPal | checkout-for-paypal |
Chess Tempo Viewer | chesstempoviewer |
CJ Custom Content | cj-custom-content |
CNZZ&51LA for WordPress | cnzz51la-for-wordpress |
CodeBard Help Desk | codebard-help-desk |
CoDesigner – All in One Elementor WooCommerce Builder | woolementor |
Comment-Emailer | comment-emailer |
Compare Ninja: Create Professional Comparison Tables and Easily Add Them to Your Website | compare-ninja-comparison-tables |
Contact Form 7 Anti Spambot | contact-form-7-anti-spambot |
Contact Form 7 Redirect & Thank You Page | cf7-redirect-thank-you-page |
Contact Form 7 Round Robin Lead Distribution | contact-form-7-round-robin-lead-distribution |
Contact Form 7 – CCAvenue Add-on | cf7-cc-avenue-add-on |
Content Security Policy Pro | content-security-policy-pro |
Cookie Consent & Autoblock for GDPR/CCPA | cookie-consent-autoblock |
Copy Move Posts | copy-move-posts |
Copyright Safeguard Footer Notice | copyright-safeguard-footer-notice |
Course Booking System | course-booking-system |
Custom CSS Addons | css-addons |
Custom List Table Example | custom-list-table-example |
Custom Post | custom-post-type-gui |
Custom Post Type Lockdown WordPress | custom-post-type-lockdown |
Custom Widget Classes | custom-widget-classes |
Customizable Captcha and Contact us | customizable-captcha-and-contact-us-form |
Daily Proverb | daily-proverb |
DD Roles | dd-roles |
Debt Calculator | debt-calculator |
Debug Tool | debug-tool |
DF Draggable | df-draggable |
dForms | dforms |
Easy Code Snippets | easy-code-snippets |
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | easy-digital-downloads |
Easy EU Cookie law | easy-eu-cookie-law |
Easy FAQs | easy-faqs |
Easy Portfolio | easy-portfolio |
Easy Shortcode Buttons | easy-shortcode-buttons |
Easy Tweet Embed | easy-tweet-embed |
Easy Tynt | easy-tynt |
ECT Add to Cart Button | ect-add-to-cart-button |
EditionGuard for WooCommerce – eBook Sales with DRM | editionguard-for-woocommerce-ebook-sales-with-drm |
ElementInvader Addons for Elementor | elementinvader-addons-for-elementor |
Elementor Addon Elements | addon-elements-for-elementor-page-builder |
Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements | ai-addons-for-elementor |
Email Capture & Lead Generation | email-capture-lead-generation |
Email on Publish | email-on-publish |
EmailShroud | emailshroud |
Enhanced YouTube Shortcode | enhanced-youtube-shortcode |
Error Notification | error-notification |
Event Countdown Timer Plugin by TechMix | event-countdown-timer |
Event Monster – Event Management, Tickets Booking, Upcoming Event | event-monster |
Event Registration Calendar By vcita | event-registration-calendar-by-vcita |
Eventer – WordPress Event & Booking Manager Plugin | eventer |
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media | evergreen-content-poster |
Explara Membership | explara-membership |
Extra Options – Favicons | extra-options-favicons |
EZPlayer | ezplayer |
FAT Event Lite | fat-event-lite |
Feedburner Optin Form | feedburner-optin-form |
Find Your Reps | find-your-reps |
Flexible PDF Coupons – Gift Cards & Vouchers for WooCommerce | flexible-coupons |
Floatbox Plus | floatbox-plus |
Flying Twitter Birds | flying-twitter-birds |
FontAwesome.io ShortCodes | fontawesomeio-shortcodes |
Foundation Columns | foundation-columns |
FP RSS Category Excluder | fp-rss-category-excluder |
Free MailClient FMC | mailclient |
Gallery and Lightbox | gallery-and-lightbox |
Gallery: Hybrid – Advanced Visual Gallery | hybrid-gallery |
GDPR Personal Data Reports | gdpr-personal-data-reports |
GDReseller | gdreseller |
Genki Announcement | genki-announcement |
Geotagged Media | geotagged-media |
Giveaways and Contests by PromoSimple | giveaways-contests-by-promosimple |
Glofox Shortcodes | glofox-shortcodes |
GMap Shortcode | gmap-shortcode |
GMAPS for WPBakery Page Builder Free | gmaps-for-visual-composer-free |
go Social | go-social |
Goldstar | goldstar |
Google Org Chart | google-org-chart |
GravatarLocalCache | gravatarlocalcache |
Gravity Forms | gravityforms |
Greek Namedays Widget From Eortologio.Net | greek-namedays-widget |
GSheetConnector for Forminator Forms | gsheetconnector-forminator |
Guten Free Options | guten-free-options |
Hack me if you can | hack-me-if-you-can |
HireHive Job Plugin | zartis-job-plugin |
Homey Login Register | homey-login-register |
Horizontal Line Shortcode | horizontal-line-shortcode |
Hotspots Analytics | hotspots |
Htaccess File Editor – Easily Edit, Backup, Restore .htaccess file | htaccess-file-editor |
HTML5 Video Player – mp4 Video Player Plugin and Block | html5-video-player |
HTTP to HTTPS link changer by Eyga.net | https-links-in-content |
Image Gallery Box by CRUDLab | image-gallery-box-by-crudlab |
Image Source Control Lite – Show Image Credits and Captions | image-source-control-isc |
Image Switcher | image-switcher |
imaGenius | imagenius |
Import Users to MailChimp | import-users-to-mailchimp |
Incredible Font Awesome | incredible-font-awesome |
Instant Appointment | instant-appointment |
iSpring Embedder | embed-ispring |
JB Horizontal Scroller News Ticker | jb-horizontal-scroller-news-ticker |
Jet Skinner for BuddyPress | jet-skinner-for-buddypress |
JetEngine | jet-engine |
JSM Screenshot Machine Shortcode | screenshot-machine-shortcode |
Kapost | kapost-byline |
Kopa Nictitate Toolkit | kopa-nictitate-toolkit |
Kubio AI Page Builder | kubio |
Legull | legull |
Len Slider | len-slider |
LH Email | lh-email |
LH Login Page | lh-login-page |
Lijit Search | wp-lijit-wijit |
Links/Problem Reporter | report-broken-links |
LocalGrid | localgrid |
Loginplus | loginplus |
LSD Google Maps Embedder | lsd-google-maps-embedder |
LTL Freight Quotes – Worldwide Express Edition | ltl-freight-quotes-worldwide-express-edition |
MACME | macme |
Magic Google Maps | magic-google-maps |
MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder | mailchimp-subscribe-sm |
Mark Posts | mark-posts |
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution | marketking-multivendor-marketplace-for-woocommerce |
Marmoset Viewer | marmoset-viewer |
Marquee Style RSS News Ticker | marquee-style-rss-news-ticker |
Mass Custom Fields Manager | mass-custom-fields-manager |
Mass Messaging in BuddyPress | mass-messaging-in-buddypress |
MD Custom content after or before of post | md-custom-content |
MDC YouTube Downloader | mdc-youtube-downloader |
MeinTurnierplan.de Widget Viewer | meinturnierplande-widget-viewer |
MemeOne | memeone |
Menus Plus+ | menus-plus |
MercadoLibre Integration | mercadolibre-integration |
Metaphor Widgets | mtphr-widgets |
MFPlugin | mfplugin |
MHR-Custom-Anti-Copy | mhr-custom-anti-copy |
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet | paid-membership |
Mindmeister Shortcode | mindmeister-shortcode |
More Link Modifier | more-link-modifier |
Motors – Car Dealer, Classifieds & Listing | motors-car-dealership-classified-listings |
Moving Users | moving-users |
Multi Step Form | multi-step-form |
Multi Uploader for Gravity Forms | gf-multi-uploader |
Multilang Contact Form | multilang-contact-form |
My auctions allegro | my-auctions-allegro-free-edition |
My Tickets – Accessible Event Ticketing | my-tickets |
my-related-posts | my-related-posts |
MyAnime Widget | myanime-widget |
mybb Last Topics | mybb-last-topics |
MyBookProgress by Stormhill Media | mybookprogress |
Nativery Plugin | nativery |
Navigation Du Lapin Blanc | navigation-du-lapin-blanc |
Neon Product Designer | neon-product-designer-for-woocommerce |
Nite Shortcodes | nite-shortcodes |
NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN | nitropack |
NV Slider | nv-slider |
Online Payments – Get Paid with PayPal, Square & Stripe | paypal-payment-button-by-vcita |
OrangeBox | orangebox |
Page Builder by SiteOrigin | siteorigin-panels |
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | paid-member-subscriptions |
Partners | partners |
Password Protect Plugin for WordPress | password-protect-plugin-for-wordpress |
Passwords Manager | passwords-manager |
Pastebin | pastebin-embed |
Payment Button for PayPal | wp-paypal |
PayPal Marketing Solutions | paypal-promotions-and-insights |
PDF for WPForms + Drag and Drop Template Builder | pdf-for-wpforms |
PDF.js Shortcode | pdfjs-shortcode |
Picture Gallery – Frontend Image Uploads, AJAX Photo List | picture-gallery |
Piotnet Addons For Elementor | piotnet-addons-for-elementor |
Podlove Podcast Publisher | podlove-podcasting-plugin-for-wordpress |
pootle button | pootle-button |
Post & Page Notes | post-page-notes |
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | post-and-page-builder |
Post Carousel & Slider | post-types-carousel-slider |
Post Grid and Gutenberg Blocks – ComboBlocks | post-grid |
Post-to-Post Links | easy-post-to-post-links |
Posts Footer Manager | intelly-posts-footer-manager |
Powie’s pLinks PagePeeker | plinks |
Preloader Quotes | preloader-quotes |
Product Carousel For WooCommerce – WoorouSell | woorousell |
Progress Tracker | progress-tracker |
Proofreading | proofreading |
QR Code Generator | qrcode-wprhe |
Quick Count | quick-count |
quote-posttype-plugin | quote-post-type-plugin |
QuoteMedia Tools | quotemedia-tools |
Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings | rate-star-review |
Real Seguro Viagem | seguro-viagem |
Realty Workstation | realty-workstation |
Related Post Shortcode | related-post-shortcode |
Rename Author Slug | rename-author-slug |
ResAds | resads |
Responsive jQuery Slider | responsive-jquery-slider |
Rio Photo Gallery | rio-photo-gallery |
Rollover Tab | rollover-tab |
root Cookie | root-cookie |
Royal Elementor Addons and Templates | royal-elementor-addons |
RSS Icon Widget | rss-icon-widget |
RSS News Scroller | rss-news-scroller |
RSV GMaps | rsv-google-maps |
S-DEV SEO | s-dev-seo |
Salvador – AI Image Generator | salvador-ai-image-generator |
Sandbox | sandbox |
Scroll Top Advanced – Scroll to ID or Class | scroll-top-advanced |
Secure CAPTCHA | secure-captcha |
Send to Twitter | send-to-twitter |
SendGrid for WordPress | wp-sendgrid-mailer |
SEOReseller Partner Plugin | sr-partner |
SetMore Theme – Custom Post Types | service-provider-profile-cpt |
Shabbos and Yom Tov | shabbos-and-yom-tov |
ShipWorks Connector for Woocommerce | shipworks-e-commerce-bridge |
Shockingly Big IE6 Warning | shockingly-big-ie6-warning |
Shortcode in Comment | shortcode-in-comment |
Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com | shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com |
Sidebar-Content from Shortcode | sidebar-content-from-shortcode |
Simple Custom post type custom field | simple-content-construction-kit |
Simple Project Manager | simple-project-managment |
Simple Vertical Timeline | simple-vertical-timeline |
Simple:Press Forum | simplepress |
Slider for Writers | slider-for-writers |
Slides & Presentations | slide |
Small Package Quotes – Unishippers Edition | small-package-quotes-unishippers-edition |
Small Package Quotes – Worldwide Express Edition | small-package-quotes-wwe-edition |
Smallerik File Browser | smallerik-file-browser |
Social Analytics | social-analytics |
Social Media Engine | social-media-engine |
Social proof testimonials and reviews by Repuso | social-testimonials-and-reviews-widget |
SOCIAL.NINJA | seo-meta |
Solidres – Hotel booking plugin for WordPress | solidres |
Spiderpowa Embed PDF | spiderpowa-embed-pdf |
Stars SMTP Mailer | stars-smtp-mailer |
Stop Comment Spam | stop-comment-spam |
Stripe and PayPal Payment Forms for WordPress – PayForm | payform |
Strx Magic Floating Sidebar Maker | strx-magic-floating-sidebar-maker |
Style Admin | style-admin |
Sur.ly | surly |
Taskbuilder – WordPress Project & Task Management plugin | taskbuilder |
Team 118GROUP Agent | team-118group-agent |
The Ultimate WordPress Toolkit – WP Extended | wpextended |
Theme My Ontraport Smartform | theme-my-ontraport-smartform |
Top Flash Embed | top-flash-embed |
Translation.Pro | translation-pro |
turboSMTP | turbosmtp |
Twitter Bootstrap Collapse aka Accordian Shortcode | twitter-bootstrap-collapse-aka-accordian-shortcode |
Twitter Post | twitterpost |
Twitter Shortcode | twitter-shortcode |
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | ultimate-member |
Unique UX | unique-ux |
Universal Analytics Injector | universal-analytics-injector |
UpDownUpDown | updownupdown-postcomment-voting |
UpdraftPlus: WP Backup & Migration Plugin | updraftplus |
user files | user-files |
User Management | user-management |
User Sync ActiveCampaign | registered-user-sync-activecampaign |
Utilities for MTG | utilities-for-mtg |
Verge3D Publishing and E-Commerce | verge3d |
Video Share VOD – Turnkey Video Site Builder Script | video-share-vod |
ViewMedica 9 | viewmedica |
VikAppointments Services Booking Calendar | vikappointments |
VOD Infomaniak | vod-infomaniak |
W3 Total Cache | w3-total-cache |
W3SPEEDSTER | w3speedster-wp |
WCS QR Code Generator | wcs-qr-code-generator |
Weaver Themes Shortcode Compatibility | weaver-themes-shortcode-compatibility |
Web Push | web-push |
Web Testimonials | web-testimonials |
Webcamconsult | webcamconsult |
WH Cache & Security | wh-cache-and-security |
Widget Options – The #1 WordPress Widget & Block Control Plugin | widget-options |
Winning Portfolio | winning-portfolio |
WM Options Import Export | wm-options-import-export |
Woo Tuner | woo-tuner |
WooCommerce Advanced Bulk Edit Products, Orders, Coupons, Any WordPress Post Type – Smart Manager | smart-manager-for-wp-e-commerce |
WooCommerce Order Search | woocommerce-order-searching |
Word Freshener | word-freshener |
WordPress Call me Now | call-me-now |
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg | groundhogg |
WordPress Custom Sidebar | wordpress-custom-sidebar |
WordPress Data Guard [Website Security] | wordpress-data-guards |
WordPress File Search | wpfilesearch |
WordPress Gallery Plugin | wordpress-gallery-plugin |
WordPress Google Map Professional (Map In Your Language) | google-map-professional |
WordPress Graphs & Charts – Easy Interactive HTML5 Charts Plugin | graph-lite |
WordPress HelpDesk & Support Ticket System Plugin – Octrace Support | octrace-support |
WordPress Logging Service | wordpress-logging-service |
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly | tour-booking-manager |
WP Abstracts | wp-abstracts-manuscripts-manager |
WP Background Tile | wp-background-tile |
WP Booking Calendar | booking |
WP Bulletin Board | wp-bulletin-board |
WP Cookies Alert | wp-cookies-alert |
WP Custom Google Search | wp-custom-google-search |
WP Headmaster | wp-headmaster |
WP Hotel Booking | wp-hotel-booking |
WP Inventory Manager | wp-inventory-manager |
WP krpano | wp-krpano |
WP Load Gallery | wp-load-gallery |
WP Lyrics | wplyrics |
WP Meetup | wp-meetup |
WP News Sliders | wp-news-sliders |
WP Options Editor | wp-options-editor |
WP Order By | wp-order-by |
WP Photo Sphere | wp-photo-sphere |
WP Post Corrector | wp-post-corrector |
WP PT-Viewer | wp-ptviewer |
WP Responsive Tabs | wp-responsive-tabs |
WP Service Payment Form With Authorize.net | wp-service-payment-form-with-authorizenet |
WP Smart TV | wp-smart-tv |
WP ULike – All-in-One Engagement Toolkit | wp-ulike |
WP User Profile Avatar | wp-user-profile-avatar |
WP ViewSTL | wp-viewstl |
WP VTiger Synchronization | msstiger |
WP-Announcements | wp-announcements |
WP-BlackCheck | wp-blackcheck |
wp-pano | wp-pano |
WP-Player | wp-player |
WP-Revive Adserver | wp-revive-adserver |
Wp-Scribd-List | wp-scribd-list |
wp_amaps | wp-amaps |
WPDB to Sql | wpdb-to-sql |
WpF Ultimate Carousel | wpf-ultimate-carousel |
WPSyncSheets Lite For Elementor – Elementor Pro Form Google Spreadsheet Addon | wpsyncsheets-elementor |
WR Price List Manager For Woocommerce | wr-price-list-for-woocommerce |
XLSXviewer | xlsx-viewer |
Xola | xola-bookings-for-tours-activities |
Yet Another Countdown Plugin | yacp |
Zarinpal Paid Download | zarinpal-paid-downloads |
WordPress Themes with Reported Vulnerabilities Last Week
Software Name | Software Slug |
---|---|
Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme | buzzclub |
CarZine | carzine |
DWT – Directory & Listing WordPress Theme | dwt-listing |
Envo Multipurpose | envo-multipurpose |
flashy | flashy |
Ghostwriter | ghostwriter |
Homey | homey |
Js O3 Lite | js-o3-lite |
moseter | moseter |
Multifox | multifox |
my white | my-white |
Offset Writing | offset-writing |
Polka Dots | polka-dots |
Tantyyellow | tantyyellow |
The Ultralight | the-ultralight |
TIJAJI | tijaji |
Tiki Time | tiki-time |
Tuaug4 | tuaug4 |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025) appeared first on Wordfence.