Wordfence Intelligence Weekly WordPress Vulnerability Report (January 20, 2025 to January 26, 2025)


📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.


Last week, there were 214 vulnerabilities disclosed in 184 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 78 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 22,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

  • WAF-RULE-804 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 186
Unpatched 28

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 4
Medium Severity 181
High Severity 23
Critical Severity 6

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 84
Missing Authorization 43
Cross-Site Request Forgery (CSRF) 31
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 15
Server-Side Request Forgery (SSRF) 7
Deserialization of Untrusted Data 6
Exposure of Sensitive Information to an Unauthorized Actor 5
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 5
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 4
Unrestricted Upload of File with Dangerous Type 3
Improper Control of Generation of Code (‘Code Injection’) 2
URL Redirection to Untrusted Site (‘Open Redirect’) 2
Authentication Bypass Using an Alternate Path or Channel 1
Doubled Character XSS Manipulations 1
Exposure of Sensitive Information Through Metadata 1
Generation of Error Message Containing Sensitive Information 1
Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) 1
Improper Privilege Management 1
Incorrect Privilege Assignment 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
20
17
14
8
8
6
6
6
5
5
4
4
4
4
4
3
3
3
3
3
3
3
3
2

luc
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

UKO
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
1003 Mortgage Application 1003-mortgage-application
12 Step Meeting List 12-step-meeting-list
ABC Notation abc-notation
Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded
aDirectory – WordPress Directory Listing Plugin adirectory
Admin and Site Enhancements (ASE) admin-site-enhancements
Admin and Site Enhancements (ASE) Pro admin-site-enhancements-pro
Advanced Notifications advanced-notifications
affiliate-toolkit – WP Affiliate Plugin with Amazon affiliate-toolkit-starter
AI Chatbot for WordPress – Hyve Lite hyve-lite
AI Power: Complete AI Pack gpt3-ai-content-generator
All Embed – Elementor Addons all-embed-addons-for-elementor
AnyRoad anyguide
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress bookingpress-appointment-booking
Ask Me Anything (Anonymously) ask-me-anything-anonymously
Auction Nudge – Your eBay on Your Site auction-nudge
Automate Hub Free by Sperse.IO automate-hub-free-by-sperse-io
Avada (Fusion) Builder fusion-builder
Bilingual Linker bilingual-linker
Blur Text blur-text
BMLT Meeting Map bmlt-meeting-map
Booking Calendar Contact Form booking-calendar-contact-form
Boom Fest boom-fest
Bridge Core bridge-core
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP videowhisper-live-streaming-integration
Broadstreet broadstreet
brodos.net Onlineshop Plugin brodos-net-onlineshop
Bubble Menu – Sticky Navigation with Floating Button Menu Solution bubble-menu
Bug Library bug-library
Build Private Store For Woocommerce build-private-store-for-woocommerce
Button Generator – easily Button Builder button-generation
Caching Compatible Cookie Opt-In and JavaScript caching-compatible-cookie-optin-and-javascript
Call Now Button – The Click to Call Button for WordPress call-now-button
Chained Quiz chained-quiz
Chalet-Montagne.com Tools chalet-montagne-com-tools
Cliptakes cliptakes
Comment Edit Core – Simple Comment Editing simple-comment-editing
Connections Business Directory connections
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks ht-contactform
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder bit-form
Contact Form Email contact-form-to-email
Countdown Timer – Widget Countdown widget-countdown
Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site counter-box
Create with Code create-with-code
Custom Product Tabs Lite for WooCommerce woocommerce-custom-product-tabs-lite
Divi Carousel Maker wow-carousel-for-divi-lite
Easy Real Estate easy-real-estate
Easy YouTube Gallery easy-youtube-gallery
ElementInvader Addons for Elementor elementinvader-addons-for-elementor
Email Subscription Popup email-subscribe
Essential Real Estate essential-real-estate
Estatebud – Properties & Listings estatebud-properties-listings
Etsy Importer etsy-importer
Event post event-post
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) google-analytics-dashboard-for-wp
Export All Posts, Products, Orders, Refunds & Users wp-ultimate-exporter
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) extensions-for-cf7
FAQ Builder AYS faq-builder-ays
FireCask Like & Share Button facebook-like-send-button
Flexmls® IDX Plugin flexmls-idx
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider fluent-smtp
Form Builder CP cp-easy-form-builder
FundPress – WordPress Donation Plugin fundpress
FV Thoughtful Comments thoughtful-comments
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress gamipress
GDPR CCPA Compliance & Cookie Consent Banner ninja-gdpr-compliance
GoHero Store Customizer for WooCommerce personalize-woocommerce-cart-page
Gutenberg Blocks and Page Layouts – Attire Blocks attire-blocks
Gutenberg Blocks with AI by Kadence WP – Page Builder Features kadence-blocks
HelloAsso helloasso
Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA icegram
Import WP – Export and Import CSV and XML files to WordPress jc-importer
Internal Links Manager seo-automated-link-building
IP2Location Country Blocker ip2location-country-blocker
JetElements jet-elements
JSM Show Post Metadata jsm-show-post-meta
KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin kb-support
Ketchup Shortcodes ketchup-shortcodes-pack
LearnDash LMS sfwd-lms
LearnPress – WordPress LMS Plugin learnpress
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm v-form
Linear linear
Link Library link-library
Listamester listamester
Magic the Gathering Card Tooltips magic-the-gathering-card-tooltips
Masy Gallery masy-gallery
MDTF – Meta Data and Taxonomies Filter wp-meta-data-filter-and-taxonomy-filter
Membership Plugin – Restrict Content restrict-content
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution dc-woocommerce-multi-vendor
Nested Pages wp-nested-pages
NOTICE BOARD BY TOWKIR notice-board-by-towkir
Orbisius Simple Notice orbisius-simple-notice
Page Builder Gutenberg Blocks – CoBlocks coblocks
Page Builder: Pagelayer – Drag and Drop website builder pagelayer
Patreon WordPress patreon-connect
Paytium: Mollie payment forms & donations paytium
PDF Invoices for WooCommerce + Drag and Drop Template Builder pdf-for-woocommerce
People Lists people-lists
Picture Gallery – Frontend Image Uploads, AJAX Photo List picture-gallery
Plethora Plugins Tabs + Accordions plethora-tabs-accordions
Popup Box: Create Popups Easily popup-box
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder popup-maker
Post Duplicator post-duplicator
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder ajax-filter-posts
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget post-grid-carousel-ultimate
Power Ups for Elementor power-ups-for-elementor
PPO Call To Actions ppo-call-to-actions
PPOM – Product Addons & Custom Fields for WooCommerce woocommerce-product-addon
Precious Metals Charts and Widgets for WordPress precious-metals-chart-and-widgets
Premium Packages – Sell Digital Products Securely wpdm-premium-packages
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) bdthemes-prime-slider-lite
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce a4-barcode-generator
Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate
Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart
Product Table by WBW woo-product-tables
Quiz Maker Agency quiz-maker
Quiz Maker Business quiz-maker
Quiz Maker Developer quiz-maker
Radius Blocks – WordPress Gutenberg Blocks radius-blocks
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) really-simple-ssl
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates responsive-addons-for-elementor
Restrict Anonymous Access restrict-anonymous-access
ReviewsTap reviewstap
Roi Calculator roi-calculator
RomethemeKit For Elementor rometheme-for-elementor
RSVP and Event Management rsvp
RSVPMaker rsvpmaker
Sensly Online Presence sensly-online-presence
SEO Blogger to WordPress Migration using 301 Redirection seo-blogger-to-wordpress-301-redirector
SERPed.net serped-net
ShMapper by Teplitsa shmapper-by-teplitsa
Show/Hide Shortcode showhide-shortcode
Side Menu Lite – add sticky fixed buttons side-menu-lite
Simple Download Monitor simple-download-monitor
Simple Downloads List simple-downloads-list
Simple Gallery with Filter simple-gallery-with-filter
Social Proof Popups & Real-Time Notifications – Herd Effects mwp-herd-effect
Social Share, Social Login and Social Comments Plugin – Super Socializer super-socializer
Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates sastra-essential-addons-for-elementor
Stackable – Page Builder Gutenberg Blocks stackable-ultimate-gutenberg-blocks
Starter Templates — Elementor, WordPress & Beaver Builder Templates astra-sites
Sticky Buttons – floating buttons builder sticky-buttons
String locator string-locator
Subscription DNA® subscriptiondna
Super block slider – Responsive image & content slider super-block-slider
Survey Maker survey-maker
Tainacan tainacan
Tamara Checkout tamara-checkout
Target Video Easy Publish brid-video-easy-publish
Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce
The Events Calendar the-events-calendar
ThemeREX Addons trx_addons
Themify Builder themify-builder
Thim Elementor Kit thim-elementor-kit
Tourfic – Ultimate Hotel Booking, Travel Booking & Car Rental WordPress Plugin | WooCommerce Booking tourfic
Ultimate Coming Soon & Maintenance ultimate-coming-soon
Variation Swatches for WooCommerce th-variation-swatches
VikBooking Hotel Booking Engine & PMS vikbooking
Visual Website Collaboration, Feedback & Project Management – Atarim atarim-visual-collaboration
WC Affiliate – A Complete WooCommerce Affiliate Plugin wc-affiliate
Wishlist for WooCommerce wt-woocommerce-wishlist
WooCommerce Cloak Affiliate Links woocommerce-cloak-affiliate-links
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels print-invoices-packing-slip-labels-for-woocommerce
WooCommerce Product Table Lite wc-product-table-lite
WooCommerce Quick View woo-quick-view
WordPress SEO Friendly Accordion FAQ with AI assisted content generation notice-faq
WP Contact Form7 Email Spam Blocker wp-contact-form7-email-spam-blocker
WP Duplicate – WordPress Migration Plugin local-sync
WP Go Maps (formerly WP Google Maps) wp-google-maps
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO wp-google-street-view
WP Hotel Booking wp-hotel-booking
WP Panoramio wp-panoramio
WP Visitor Statistics (Real Time Traffic) wp-stats-manager
WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress wpvr
WP-BibTeX wp-bibtex
wp-greet wp-greet
WP-Polls wp-polls
WPBookit wpbookit
WPBot Pro WordPress Chatbot wpbot-pro
Xagio SEO – AI Powered Optimization xagio-seo
XML for Google Merchant Center xml-for-google-merchant-center
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress youzify
Zarinpal Paid Download zarinpal-paid-downloads

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
AdForest adforest
Avada | Website Builder For WordPress & WooCommerce Avada
Betheme betheme
Bootstrap Ultimate bootstrap-ultimate
Houzez houzez
jobify jobify
RealHomes realhomes
uDesign | Multipurpose WordPress Theme udesign
Zox News zox-news

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-12857
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
AdForest
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-13545
Patch Status
Unpatched
Published
Jan 23, 2025
Affected Software
Bootstrap Ultimate
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-32555
Patch Status
Unpatched
Published
Jan 20, 2025
Affected Software
Easy Real Estate
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-32444
Patch Status
Unpatched
Published
Jan 20, 2025
Affected Software
RealHomes
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-0357
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
WPBookit
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-13091
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
WPBot Pro WordPress Chatbot
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10936
Patch Status
Patched
Published
Jan 20, 2025
Affected Software
String locator
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-0682
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
ThemeREX Addons
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-11936
Patch Status
Patched
Published
Jan 25, 2025
Affected Software
Zox News
Researcher
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-24601
Patch Status
Patched
Published
Jan 20, 2025
CVSS Rating
High (7.5)
CVE-ID
Unknown
Patch Status
Patched
Published
Jan 20, 2025
Researcher(s): Unknown
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-13593
Patch Status
Unpatched
Published
Jan 22, 2025
Affected Software
BMLT Meeting Map
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-13234
Patch Status
Patched
Published
Jan 22, 2025
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-10628
Patch Status
Patched
Published
Jan 25, 2025
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-0429
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
AI Power: Complete AI Pack
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-0428
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
AI Power: Complete AI Pack
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-24570
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-12600
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-13550
Patch Status
Unpatched
Published
Jan 24, 2025
Affected Software
ABC Notation
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-24728
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Bug Library
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-12885
Patch Status
Unpatched
Published
Jan 24, 2025
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-24672
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-13680
Patch Status
Patched
Published
Jan 23, 2025
Affected Software
Form Builder CP
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-24669
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
SERPed.net
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-13594
Patch Status
Patched
Published
Jan 23, 2025
Affected Software
Simple Downloads List
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-13236
Patch Status
Patched
Published
Jan 22, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13551
Patch Status
Unpatched
Published
Jan 24, 2025
Affected Software
ABC Notation
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24595
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-12512
Patch Status
Unpatched
Published
Jan 24, 2025
Affected Software
Ask Me Anything (Anonymously)
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-12477
Patch Status
Patched
Published
Jan 22, 2025
Affected Software
Avada (Fusion) Builder
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-0450
Patch Status
Patched
Published
Jan 20, 2025
Affected Software
Betheme
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13441
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Bilingual Linker
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24627
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Blur Text
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-12494
Patch Status
Unpatched
Published
Jan 23, 2025
Affected Software
BMLT Meeting Map
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24732
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-11825
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Broadstreet
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-12529
Patch Status
Unpatched
Published
Jan 24, 2025
Affected Software
brodos.net Onlineshop Plugin
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24547
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13389
Patch Status
Patched
Published
Jan 22, 2025
Affected Software
Cliptakes
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24638
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Create with Code
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-0350
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Divi Carousel Maker
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24721
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Easy YouTube Gallery
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24578
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24729
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-12817
Patch Status
Unpatched
Published
Jan 24, 2025
Affected Software
Etsy Importer
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24585
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Event post
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-11226
Patch Status
Patched
Published
Jan 20, 2025
Affected Software
FireCask Like & Share Button
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10552
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Flexmls® IDX Plugin
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24575
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
HelloAsso
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24726
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-0371
Patch Status
Patched
Published
Jan 20, 2025
Affected Software
JetElements
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24673
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Ketchup Shortcodes
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13590
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
Ketchup Shortcodes
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13599
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13659
Patch Status
Patched
Published
Jan 23, 2025
Affected Software
Listamester
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24704
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13586
Patch Status
Unpatched
Published
Jan 24, 2025
Affected Software
Masy Gallery
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13340
Patch Status
Patched
Published
Jan 22, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-12816
Patch Status
Unpatched
Published
Jan 24, 2025
Affected Software
NOTICE BOARD BY TOWKIR
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24573
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24709
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13721
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13548
Patch Status
Unpatched
Published
Jan 24, 2025
Affected Software
Power Ups for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24610
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Restrict Anonymous Access
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24687
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Show/Hide Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13583
Patch Status
Patched
Published
Jan 23, 2025
Affected Software
Simple Gallery with Filter
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-12117
Patch Status
Patched
Published
Jan 21, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-23997
Patch Status
Patched
Published
Jan 20, 2025
Affected Software
Tamara Checkout
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-12118
Patch Status
Patched
Published
Jan 22, 2025
Affected Software
The Events Calendar
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24706
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24719
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24730
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-24702
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-13361
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
AI Power: Complete AI Pack
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-12586
Patch Status
Unpatched
Published
Jan 23, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-23994
Patch Status
Unpatched
Published
Jan 20, 2025
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-24741
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-13404
Patch Status
Patched
Published
Jan 20, 2025
Affected Software
Link Library
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-24001
Patch Status
Unpatched
Published
Jan 20, 2025
Affected Software
PPO Call To Actions
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-24561
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
ReviewsTap
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-24756
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Roi Calculator
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-13422
Patch Status
Unpatched
Published
Jan 22, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-24555
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Subscription DNA®
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-12076
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Target Video Easy Publish
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-13319
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
Themify Builder
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-12334
Patch Status
Patched
Published
Jan 25, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-13467
Patch Status
Unpatched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-23662
Patch Status
Unpatched
Published
Jan 22, 2025
Affected Software
WP Panoramio
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-12005
Patch Status
Patched
Published
Jan 20, 2025
Affected Software
WP-BibTeX
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-13444
Patch Status
Patched
Published
Jan 20, 2025
Affected Software
wp-greet
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-13406
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
XML for Google Merchant Center
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-13543
Patch Status
Unpatched
Published
Jan 21, 2025
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-24701
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Chained Quiz
Researcher
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-24703
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-13505
Patch Status
Patched
Published
Jan 25, 2025
Affected Software
Survey Maker
Researcher
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-11913
Patch Status
Patched
Published
Jan 23, 2025
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-13360
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
AI Power: Complete AI Pack
Researcher
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-24740
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-10705
Patch Status
Patched
Published
Jan 25, 2025
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-13426
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
WP-Polls
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-13536
Patch Status
Unpatched
Published
Jan 20, 2025
Affected Software
1003 Mortgage Application
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-24582
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
12 Step Meeting List
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-24748
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-13449
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Boom Fest
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-24633
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-24662
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
LearnDash LMS
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-24588
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Patreon WordPress
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-24552
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-24600
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
RSVPMaker
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-24757
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-24596
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-24705
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
WooCommerce Quick View
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-24587
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Email Subscription Popup
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-24659
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-24683
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
RSVP and Event Management
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-24663
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Simple Download Monitor
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-24611
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24666
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24658
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24723
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Booking Calendar Contact Form
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24727
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Contact Form Email
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24731
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24722
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
FAQ Builder AYS
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24579
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Nested Pages
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24634
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Orbisius Simple Notice
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24668
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-13493
Patch Status
Unpatched
Published
Jan 24, 2025
Affected Software
Sensly Online Presence
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24674
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
ShMapper by Teplitsa
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-24657
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Wishlist for WooCommerce
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24580
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
12 Step Meeting List
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24653
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24693
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Advanced Notifications
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-23996
Patch Status
Unpatched
Published
Jan 20, 2025
Affected Software
AnyRoad
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24696
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-13683
Patch Status
Unpatched
Published
Jan 23, 2025
Affected Software
Automate Hub Free by Sperse.IO
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24744
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Bridge Core
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24714
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24713
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24738
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24751
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24715
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24618
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24698
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Essential Real Estate
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24750
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24739
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24591
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-12826
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24753
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24716
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24754
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Houzez
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24679
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Internal Links Manager
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24589
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
JSM Show Post Metadata
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-13709
Patch Status
Unpatched
Published
Jan 24, 2025
Affected Software
Linear
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24691
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
People Lists
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24711
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24736
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Post Duplicator
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-23991
Patch Status
Unpatched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24712
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24623
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10324
Patch Status
Patched
Published
Jan 23, 2025
Affected Software
RomethemeKit For Elementor
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24743
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24724
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24568
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24720
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24682
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24725
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
Thim Elementor Kit
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24546
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-13511
Patch Status
Patched
Published
Jan 22, 2025
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24604
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24647
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24652
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-24742
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-13447
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
WP Hotel Booking
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-12879
Patch Status
Patched
Published
Jan 21, 2025
Affected Software
WPBot Pro WordPress Chatbot
Researcher
CVSS Rating
Low (3.8)
CVE-ID
CVE-2025-24695
Patch Status
Patched
Published
Jan 24, 2025
CVSS Rating
Low (3.1)
CVE-ID
CVE-2025-24649
Patch Status
Patched
Published
Jan 24, 2025
Researcher
CVSS Rating
Low (3.1)
CVE-ID
CVE-2025-24613
Patch Status
Patched
Published
Jan 24, 2025
Affected Software
FV Thoughtful Comments

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (January 20, 2025 to January 26, 2025) appeared first on Wordfence.

Leave a Comment