Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.
Last week, there were 150 vulnerabilities disclosed in 133 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 57 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 22,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-805 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-806 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 85 |
| Unpatched | 65 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 118 |
| High Severity | 27 |
| Critical Severity | 5 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 64 |
| Missing Authorization | 28 |
| Cross-Site Request Forgery (CSRF) | 18 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 9 |
| Authorization Bypass Through User-Controlled Key | 5 |
| Improper Control of Generation of Code (‘Code Injection’) | 4 |
| Exposure of Sensitive Information to an Unauthorized Actor | 3 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 3 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 3 |
| Server-Side Request Forgery (SSRF) | 3 |
| Exposure of Private Personal Information to an Unauthorized Actor | 2 |
| External Control of File Name or Path | 2 |
| Improper Authorization | 2 |
| Deserialization of Untrusted Data | 1 |
| Improper Access Control | 1 |
| Improper Privilege Management | 1 |
| Unrestricted Upload of File with Dangerous Type | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 16 | |
| 14 | |
| 8 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Ai Image Alt Text Generator for WP | ai-image-alt-text-generator-for-wp |
| AI Infographic Maker | infographic-and-list-builder-ilist |
| Alex Reservations: Smart Restaurant Booking | alex-reservations |
| All Bootstrap Blocks | all-bootstrap-blocks |
| AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations | animategl |
| aThemes Addons for Elementor | athemes-addons-for-elementor-lite |
| Automatically Hierarchic Categories in Menu | automatically-hierarchic-categories-in-menu |
| Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss | bp-better-messages |
| Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg | borderless |
| CF7 Google Sheets Connector | cf7-google-sheets-connector |
| ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages | clickwhale |
| Clinked Client Portal | clinked-client-portal |
| Contact Form & SMTP Plugin for WordPress by PirateForms | pirate-forms |
| Contact Form and Calls To Action by vcita | lead-capturing-call-to-actions-by-vcita |
| Content Cloner | super-seo-content-cloner |
| CP Contact Form with PayPal | cp-contact-form-with-paypal |
| Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out | login-page-styler |
| Custom Related Posts | custom-related-posts |
| Designer – Elementor Addons | designer |
| DigiTimber cPanel Integration | digitimber-cpanel-integration |
| Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings | directorist |
| Divi Torque Lite | addons-for-divi |
| Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents | document |
| Drag and Drop Multiple File Upload for Contact Form 7 | drag-and-drop-multiple-file-upload-contact-form-7 |
| Dynamic URL SEO | dynamic-url-seo |
| ECPay Ecommerce for WooCommerce | ecpay-ecommerce-for-woocommerce |
| eHive Objects Image Grid | ehive-objects-image-grid |
| Elementor Website Builder Pro | elementor-pro |
| ElementsKit Pro | elementskit |
| ELEX WordPress HelpDesk & Customer Ticketing System | elex-helpdesk-customer-support-ticket-system |
| Embed Swagger UI | embed-swagger-ui |
| EthereumICO | ethereumico |
| Event Tickets and Registration | event-tickets |
| Eventer – WordPress Event & Booking Manager Plugin | eventer |
| Fare Calculator | fare-calculator |
| FlashCounter | flashcounter |
| Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later | flexible-wishlist |
| Food Menu – Restaurant Menu & Online Ordering for WooCommerce | tlp-food-menu |
| Forge – Front-End Page Builder | forge |
| Forminator Forms – Contact Form, Payment Form & Custom Form Builder | forminator |
| Frictionless | frictionless |
| Full Circle | full-circle |
| Gosign – Posts Slider Block | gosign-posts-slider-block |
| Gwolle Guestbook | gwolle-gb |
| Hesabfa Accounting | hesabfa-accounting |
| Hide Shipping Method For WooCommerce | hide-shipping-method-for-woocommerce |
| HT Event – WordPress Event Manager Plugin for Elementor | ht-event |
| HTML5 chat | html5-chat |
| iControlWP | worpit-admin-dashboard-plugin |
| Import and export users and customers | import-users-from-csv-with-meta |
| Internal Link Builder | internal-link-builder |
| Issuu Panel | issuu-panel |
| Jupiter X Core | jupiterx-core |
| Kona Gallery Block | kona-instagram-feed-for-gutenberg |
| Link Fixer | permalink-finder |
| Live2DWebCanvas | live-2d |
| MagicForm | magicform |
| MailUp Auto Subscription | mailup-auto-subscribtion |
| Media Manager for UserPro | userpro-mediamanager |
| Meta Tag Manager | meta-tag-manager |
| Morkva UA Shipping | morkva-ua-shipping |
| MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar | mp3-music-player-by-sonaar |
| MultiLoca – WooCommerce Multi Locations Inventory Management | WooCommerce-Multi-Locations-Inventory-Management |
| MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution | dc-woocommerce-multi-vendor |
| Music Sheet Viewer | music-sheet-viewer |
| MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics | makewebbetter-hubspot-for-woocommerce |
| Ni Sales Commission For WooCommerce | ni-woo-sales-commission |
| Ninja Forms – The Contact Form Builder That Grows With You | ninja-forms |
| Nirweb support | nirweb-support |
| NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | notificationx |
| Order Export for WooCommerce | order-export-and-more-for-woocommerce |
| Oshine Modules | oshine-modules |
| OWL Carousel Slider | wp-touch-slider |
| Philantro – Donations and Donor Management | philantro |
| Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery | gt3-photo-video-gallery |
| Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons | contest-gallery |
| Post Carousel Slider | post-carousel-slider |
| Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | buddyforms |
| Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | post-grid-carousel-ultimate |
| RapidLoad – Optimize Web Vitals Automatically | unusedcss |
| Responsive Blocks – WordPress Gutenberg Blocks | responsive-block-editor-addons |
| Royal Core | royal-core |
| Safe Ai Malware Protection for WP | safe-ai-malware-protection-for-wp |
| Scroll Styler | scroll-styler |
| SeatReg | seatreg |
| Shared Files – Frontend File Upload Form & Secure File Sharing | shared-files |
| Shortcodes and extra features for Phlox theme | auxin-elements |
| Simple:Press Forum | simplepress |
| Single-user-chat | single-user-chat |
| Site Search 360 | site-search-360 |
| StageShow | stageshow |
| Starter Templates by FancyWP | starter-templates |
| Stockdio Historical Chart | stockdio-historical-chart |
| Stratum – Elementor Widgets | stratum |
| System Dashboard | system-dashboard |
| Table Editor | wp-table-editor |
| Tags to Keywords | tags-to-meta-keywords |
| Target Video Easy Publish | brid-video-easy-publish |
| Team Rosters | team-rosters |
| The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce | the-plus-addons-for-elementor-page-builder |
| ThemeREX Addons | trx_addons |
| Ticketmeo – Sell Tickets – Event Ticketing | ploxel |
| Track Logins | track-logins |
| Traveler Code | traveler-code |
| Traveler Layout Essential For Elementor | traveler-layout-essential-for-elementor |
| Tube Video Ads Lite | tube-video-ads-lite |
| Typer Core | typer-core |
| Unlimited Page Sidebars | unlimited-page-sidebars |
| VR-Frases (collect & share quotes) | vr-frases |
| W2S – Migrate WooCommerce to Shopify | w2s-migrate-woo-to-shopify |
| WE – Testimonial Slider | we-testimonial-slider |
| Wise Forms | wise-forms |
| Wonder FontAwesome | wonder-fontawesome |
| WooCommerce Customers Manager | woocommerce-customers-manager |
| WooCommerce Product Table Lite | wc-product-table-lite |
| WooCommerce Support Ticket System | woocommerce-support-ticket-system |
| WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) | smart-wishlist-for-more-convert |
| WordPress Contact Forms by Cimatti | contact-forms |
| WordPress Signature | wordpress-signature |
| WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress | wp-survey-and-poll |
| WP BASE Booking of Appointments, Services and Events | wp-base-booking-of-appointments-services-and-events |
| WP DataTable | wp-datatable |
| WP Dispensary | wp-dispensary |
| WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | cf7-dynamics-crm |
| WP Image Uploader | wp-image-uploader |
| WP Job Board | wpjobboard |
| WP Job Portal – A Complete Recruitment System for Company or Job Board website | wp-job-portal |
| WP Post List Table | wp-post-list-table |
| WP Sessions Time Monitoring Full Automatic | activitytime |
| WP Travel – Ultimate Travel Booking System, Tour Management Engine | wp-travel |
| WPRadio – WordPress Radio Streaming Plugin | wpradio |
| WS Form LITE – Drag & Drop Contact Form Builder for WordPress | ws-form |
| zStore Manager Basic | zstore-manager-basic |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Storely | storely |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-13742
CVE-2024-13742
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
iControlWP
iControlWP
Researcher
CVE-ID
CVE-2024-12822
CVE-2024-12822
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Media Manager for UserPro
Media Manager for UserPro
Researcher
CVE-ID
CVE-2025-24685
CVE-2025-24685
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Morkva UA Shipping
Morkva UA Shipping
Researcher
CVE-ID
CVE-2025-0493
CVE-2025-0493
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Researcher
ThemeREX Addons <= 2.32.3 – Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data
9.8
CVE-ID
CVE-2024-13448
CVE-2024-13448
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
ThemeREX Addons
ThemeREX Addons
Researcher
CVE-ID
CVE-2024-12171
CVE-2024-12171
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
ELEX WordPress HelpDesk & Customer Ticketing System
ELEX WordPress HelpDesk & Customer Ticketing System
Researcher
CVE-ID
CVE-2025-0366
CVE-2025-0366
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Jupiter X Core
Jupiter X Core
Researcher
CVE-ID
CVE-2024-12821
CVE-2024-12821
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Media Manager for UserPro
Media Manager for UserPro
Researcher
CVE-ID
CVE-2024-10591
CVE-2024-10591
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics
MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics
Researcher
Post Grid, Slider & Carousel Ultimate <= 1.6.10 – Authenticated (Contributor+) Local File Inclusion
8.8
CVE-ID
CVE-2025-24782
CVE-2025-24782
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
CVE-ID
CVE-2024-12129
CVE-2024-12129
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Royal Core
Royal Core
Researcher
CVE-ID
CVE-2024-13343
CVE-2024-13343
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
WooCommerce Customers Manager
WooCommerce Customers Manager
Researcher
CVE-ID
CVE-2024-13707
CVE-2024-13707
Patch Status
Unpatched
Unpatched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
WP Image Uploader
WP Image Uploader
Researcher
CVE-ID
CVE-2024-13720
CVE-2024-13720
Patch Status
Unpatched
Unpatched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
WP Image Uploader
WP Image Uploader
Researcher
CVE-ID
CVE-2024-13767
CVE-2024-13767
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Live2DWebCanvas
Live2DWebCanvas
Researcher
CVE-ID
CVE-2024-13646
CVE-2024-13646
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Single-user-chat
Single-user-chat
Researcher
CVE-ID
CVE-2024-11135
CVE-2024-11135
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Eventer – WordPress Event & Booking Manager Plugin
Eventer – WordPress Event & Booking Manager Plugin
Researcher
CVE-ID
CVE-2024-13671
CVE-2024-13671
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Music Sheet Viewer
Music Sheet Viewer
Researcher
CVE-ID
CVE-2024-12269
CVE-2024-12269
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Safe Ai Malware Protection for WP
Safe Ai Malware Protection for WP
Researcher
CVE-ID
CVE-2025-22699
CVE-2025-22699
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Traveler Code
Traveler Code
Researcher
WooCommerce Wishlist <= 1.8.7 – Unauthenticated Wishlist Disclosure via download_pdf_file Function
7.5
CVE-ID
CVE-2024-13694
CVE-2024-13694
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Researcher
CVE-ID
CVE-2024-13453
CVE-2024-13453
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
Contact Form & SMTP Plugin for WordPress by PirateForms
Contact Form & SMTP Plugin for WordPress by PirateForms
Researcher
CVE-ID
CVE-2024-13472
CVE-2024-13472
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
WooCommerce Product Table Lite
WooCommerce Product Table Lite
Researcher
CVE-ID
CVE-2024-11600
CVE-2024-11600
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
CVE-ID
CVE-2024-13696
CVE-2024-13696
Patch Status
Patched
Patched
Published
Jan 28, 2025
Jan 28, 2025
Researcher
CVE-ID
CVE-2025-0809
CVE-2025-0809
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Link Fixer
Link Fixer
Researcher
CVE-ID
CVE-2024-44055
CVE-2024-44055
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Oshine Modules
Oshine Modules
Researcher
CVE-ID
CVE-2024-13504
CVE-2024-13504
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Shared Files – Frontend File Upload Form & Secure File Sharing
Shared Files – Frontend File Upload Form & Secure File Sharing
Researcher
CVE-ID
CVE-2025-22701
CVE-2025-22701
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Traveler Layout Essential For Elementor
Traveler Layout Essential For Elementor
Researcher
CVE-ID
CVE-2024-13603
CVE-2024-13603
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Wise Forms
Wise Forms
CVE-ID
CVE-2025-22684
CVE-2025-22684
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
WP BASE Booking of Appointments, Services and Events
WP BASE Booking of Appointments, Services and Events
Researcher
CVE-ID
CVE-2024-13509
CVE-2024-13509
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
WS Form LITE – Drag & Drop Contact Form Builder for WordPress
WS Form LITE – Drag & Drop Contact Form Builder for WordPress
Researcher
CVE-ID
CVE-2024-12415
CVE-2024-12415
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
AI Infographic Maker
AI Infographic Maker
Researcher
CVE-ID
CVE-2025-22693
CVE-2025-22693
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
CVE-ID
CVE-2024-13758
CVE-2024-13758
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
CP Contact Form with PayPal
CP Contact Form with PayPal
Researcher
CVE-ID
CVE-2025-0365
CVE-2025-0365
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Jupiter X Core
Jupiter X Core
Researcher
CVE-ID
CVE-2024-13341
CVE-2024-13341
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
MultiLoca – WooCommerce Multi Locations Inventory Management
MultiLoca – WooCommerce Multi Locations Inventory Management
Researcher
CVE-ID
CVE-2025-22700
CVE-2025-22700
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Traveler Code
Traveler Code
Researcher
CVE-ID
CVE-2024-12861
CVE-2024-12861
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
W2S – Migrate WooCommerce to Shopify
W2S – Migrate WooCommerce to Shopify
Researcher
CVE-ID
CVE-2024-13596
CVE-2024-13596
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress
WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress
Researcher
CVE-ID
CVE-2025-22691
CVE-2025-22691
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
WP Travel – Ultimate Travel Booking System, Tour Management Engine
WP Travel – Ultimate Travel Booking System, Tour Management Engine
Researcher
CVE-ID
CVE-2024-13380
CVE-2024-13380
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
Alex Reservations: Smart Restaurant Booking
Alex Reservations: Smart Restaurant Booking
Researcher
CVE-ID
CVE-2024-13549
CVE-2024-13549
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
All Bootstrap Blocks
All Bootstrap Blocks
Researcher
aThemes Addons for Elementor <= 1.0.12 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-13547
CVE-2024-13547
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
aThemes Addons for Elementor
aThemes Addons for Elementor
Researcher
CVE-ID
CVE-2024-13466
CVE-2024-13466
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Automatically Hierarchic Categories in Menu
Automatically Hierarchic Categories in Menu
Researcher
CVE-ID
CVE-2024-13612
CVE-2024-13612
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
Researcher
CVE-ID
CVE-2025-0804
CVE-2025-0804
Patch Status
Patched
Patched
Published
Jan 28, 2025
Jan 28, 2025
Affected Software
ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
Researcher
CVE-ID
CVE-2024-12524
CVE-2024-12524
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
Clinked Client Portal
Clinked Client Portal
Researcher
CVE-ID
CVE-2024-11886
CVE-2024-11886
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Contact Form and Calls To Action by vcita
Contact Form and Calls To Action by vcita
Researcher
CVE-ID
CVE-2025-23987
CVE-2025-23987
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Designer – Elementor Addons
Designer – Elementor Addons
Researcher
CVE-ID
CVE-2025-0353
CVE-2025-0353
Patch Status
Patched
Patched
Published
Jan 28, 2025
Jan 28, 2025
Affected Software
Divi Torque Lite
Divi Torque Lite
Researcher
CVE-ID
CVE-2024-13662
CVE-2024-13662
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
eHive Objects Image Grid
eHive Objects Image Grid
Researcher
CVE-ID
CVE-2025-0321
CVE-2025-0321
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
ElementsKit Pro
ElementsKit Pro
Researcher
CVE-ID
CVE-2024-13700
CVE-2024-13700
Patch Status
Unpatched
Unpatched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
Embed Swagger UI
Embed Swagger UI
Researcher
CVE-ID
CVE-2024-12921
CVE-2024-12921
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
EthereumICO
EthereumICO
Researcher
CVE-ID
CVE-2024-13396
CVE-2024-13396
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Frictionless
Frictionless
Researcher
CVE-ID
CVE-2024-12037
CVE-2024-12037
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Gosign – Posts Slider Block <= 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-13399
CVE-2024-13399
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Gosign – Posts Slider Block
Gosign – Posts Slider Block
Researcher
CVE-ID
CVE-2024-12451
CVE-2024-12451
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
HTML5 chat
HTML5 chat
Researcher
CVE-ID
CVE-2024-13400
CVE-2024-13400
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Kona Gallery Block
Kona Gallery Block
Researcher
CVE-ID
CVE-2024-13157
CVE-2024-13157
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
Researcher
CVE-ID
CVE-2024-13670
CVE-2024-13670
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Music Sheet Viewer
Music Sheet Viewer
Researcher
CVE-ID
CVE-2024-13470
CVE-2024-13470
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
Ninja Forms – The Contact Form Builder That Grows With You
Ninja Forms – The Contact Form Builder That Grows With You
Researcher
CVE-ID
CVE-2025-22683
CVE-2025-22683
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
CVE-ID
CVE-2024-13527
CVE-2024-13527
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Philantro – Donations and Donor Management
Philantro – Donations and Donor Management
Researcher
CVE-ID
CVE-2024-13732
CVE-2024-13732
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
Responsive Blocks – WordPress Gutenberg Blocks
Responsive Blocks – WordPress Gutenberg Blocks
Researcher
CVE-ID
CVE-2025-22697
CVE-2025-22697
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Responsive Blocks – WordPress Gutenberg Blocks
Responsive Blocks – WordPress Gutenberg Blocks
Researcher
CVE-ID
CVE-2024-11780
CVE-2024-11780
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Site Search 360
Site Search 360
Researcher
CVE-ID
CVE-2024-13349
CVE-2024-13349
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Stockdio Historical Chart
Stockdio Historical Chart
Researcher
CVE-ID
CVE-2024-10847
CVE-2024-10847
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Storely
Storely
Researcher
CVE-ID
CVE-2024-13642
CVE-2024-13642
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
Stratum – Elementor Widgets
Stratum – Elementor Widgets
Researcher
CVE-ID
CVE-2024-13661
CVE-2024-13661
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Table Editor
Table Editor
Researcher
CVE-ID
CVE-2024-13561
CVE-2024-13561
Patch Status
Patched
Patched
Published
Jan 28, 2025
Jan 28, 2025
Affected Software
Target Video Easy Publish
Target Video Easy Publish
Researcher
CVE-ID
CVE-2024-11829
CVE-2024-11829
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Researcher
CVE-ID
CVE-2025-0507
CVE-2025-0507
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Ticketmeo – Sell Tickets – Event Ticketing
Ticketmeo – Sell Tickets – Event Ticketing
Researcher
CVE-ID
CVE-2024-13460
CVE-2024-13460
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
WE – Testimonial Slider
WE – Testimonial Slider
Researcher
WP DataTable <= 0.2.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
6.4
CVE-ID
CVE-2024-13566
CVE-2024-13566
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
WP DataTable
WP DataTable
Researcher
CVE-ID
CVE-2024-12444
CVE-2024-12444
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
WP Dispensary
WP Dispensary
Researcher
CVE-ID
CVE-2024-13664
CVE-2024-13664
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
WP Post List Table
WP Post List Table
Researcher
CVE-ID
CVE-2024-13397
CVE-2024-13397
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
WPRadio – WordPress Radio Streaming Plugin
WPRadio – WordPress Radio Streaming Plugin
Researcher
CVE-ID
CVE-2024-12177
CVE-2024-12177
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Ai Image Alt Text Generator for WP
Ai Image Alt Text Generator for WP
Researcher
DigiTimber cPanel Integration <= 1.4.6 – Cross-Site Request Forgery to Stored Cross-site Scripting
6.1
CVE-ID
CVE-2025-22690
CVE-2025-22690
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
DigiTimber cPanel Integration
DigiTimber cPanel Integration
Researcher
CVE-ID
CVE-2025-23982
CVE-2025-23982
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Fare Calculator
Fare Calculator
Researcher
CVE-ID
CVE-2025-23978
CVE-2025-23978
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
FlashCounter
FlashCounter
Researcher
CVE-ID
CVE-2025-22703
CVE-2025-22703
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Forge – Front-End Page Builder
Forge – Front-End Page Builder
Researcher
CVE-ID
CVE-2025-0470
CVE-2025-0470
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Researcher
CVE-ID
CVE-2025-23980
CVE-2025-23980
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Full Circle
Full Circle
Researcher
CVE-ID
CVE-2025-24710
CVE-2025-24710
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Gwolle Guestbook
Gwolle Guestbook
Researcher
CVE-ID
CVE-2025-22682
CVE-2025-22682
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Hesabfa Accounting
Hesabfa Accounting
Researcher
CVE-ID
CVE-2025-23989
CVE-2025-23989
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Internal Link Builder
Internal Link Builder
Researcher
CVE-ID
CVE-2025-23976
CVE-2025-23976
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Issuu Panel
Issuu Panel
Researcher
CVE-ID
CVE-2024-13521
CVE-2024-13521
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
MailUp Auto Subscription
MailUp Auto Subscription
Researcher
CVE-ID
CVE-2025-24707
CVE-2025-24707
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
Researcher
CVE-ID
CVE-2025-23977
CVE-2025-23977
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Post Carousel Slider
Post Carousel Slider
Researcher
CVE-ID
CVE-2025-23990
CVE-2025-23990
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Scroll Styler
Scroll Styler
Researcher
CVE-ID
CVE-2024-12409
CVE-2024-12409
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
Simple:Press Forum
Simple:Press Forum
Researcher
CVE-ID
CVE-2024-13705
CVE-2024-13705
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
StageShow
StageShow
Researcher
CVE-ID
CVE-2024-12299
CVE-2024-12299
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
System Dashboard
System Dashboard
Researcher
CVE-ID
CVE-2025-22685
CVE-2025-22685
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Tags to Keywords
Tags to Keywords
Researcher
CVE-ID
CVE-2024-12320
CVE-2024-12320
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Team Rosters
Team Rosters
Researcher
CVE-ID
CVE-2024-13625
CVE-2024-13625
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Tube Video Ads Lite
Tube Video Ads Lite
Researcher
CVE-ID
CVE-2025-22688
CVE-2025-22688
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Unlimited Page Sidebars
Unlimited Page Sidebars
Researcher
CVE-ID
CVE-2024-13626
CVE-2024-13626
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
VR-Frases (collect & share quotes)
VR-Frases (collect & share quotes)
Researcher
CVE-ID
CVE-2025-0860
CVE-2025-0860
Patch Status
Unpatched
Unpatched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
VR-Frases (collect & share quotes)
VR-Frases (collect & share quotes)
Researcher
CVE-ID
CVE-2024-13512
CVE-2024-13512
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Wonder FontAwesome
Wonder FontAwesome
Researcher
CVE-ID
CVE-2025-22704
CVE-2025-22704
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
WordPress Signature
WordPress Signature
Researcher
CVE-ID
CVE-2025-24708
CVE-2025-24708
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Researcher
CVE-ID
CVE-2024-13706
CVE-2024-13706
Patch Status
Unpatched
Unpatched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
WP Image Uploader
WP Image Uploader
Researcher
CVE-ID
CVE-2025-24718
CVE-2025-24718
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
WP Sessions Time Monitoring Full Automatic
WP Sessions Time Monitoring Full Automatic
Researcher
CVE-ID
CVE-2024-13627
CVE-2024-13627
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
OWL Carousel Slider
OWL Carousel Slider
Researcher
CVE-ID
CVE-2025-24781
CVE-2025-24781
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
WP Job Board
WP Job Board
Researcher
CVE-ID
CVE-2024-13623
CVE-2024-13623
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Order Export for WooCommerce
Order Export for WooCommerce
Researcher
CVE-ID
CVE-2024-10867
CVE-2024-10867
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Researcher
CVE-ID
CVE-2024-12825
CVE-2024-12825
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Custom Related Posts
Custom Related Posts
Researcher
CVE-ID
CVE-2024-13775
CVE-2024-13775
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
WooCommerce Support Ticket System
WooCommerce Support Ticket System
Researcher
CVE-ID
CVE-2024-12620
CVE-2024-12620
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Researcher
CVE-ID
CVE-2025-22686
CVE-2025-22686
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
CF7 Google Sheets Connector
CF7 Google Sheets Connector
Researcher
CVE-ID
CVE-2025-22681
CVE-2025-22681
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Content Cloner
Content Cloner
Researcher
CVE-ID
CVE-2024-12041
CVE-2024-12041
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Researcher
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 – Limited Arbitrary File Deletion
5.3
CVE-ID
CVE-2024-12267
CVE-2024-12267
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Drag and Drop Multiple File Upload for Contact Form 7
Drag and Drop Multiple File Upload for Contact Form 7
Researcher
CVE-ID
CVE-2024-13457
CVE-2024-13457
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
Event Tickets and Registration
Event Tickets and Registration
Researcher
Import and export users and customers <= 1.27.12 – Unauthenticated Sensitive Information Disclosure
5.3
CVE-ID
CVE-2025-24689
CVE-2025-24689
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Import and export users and customers
Import and export users and customers
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Starter Templates by FancyWP
Starter Templates by FancyWP
Researcher
CVE-ID
CVE-2024-12184
CVE-2024-12184
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
WordPress Contact Forms by Cimatti
WordPress Contact Forms by Cimatti
Researcher
CVE-ID
CVE-2024-13372
CVE-2024-13372
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Researcher
WP Job Portal <= 2.2.6 – Insecure Direct Object Reference to Unauthenticated Company Logo Deletion
5.3
CVE-ID
CVE-2024-13428
CVE-2024-13428
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Researcher
CVE-ID
CVE-2024-13371
CVE-2024-13371
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Researcher
CVE-ID
CVE-2024-13608
CVE-2024-13608
Patch Status
Unpatched
Unpatched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Track Logins
Track Logins
Researcher
CVE-ID
CVE-2025-0861
CVE-2025-0861
Patch Status
Unpatched
Unpatched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
VR-Frases (collect & share quotes)
VR-Frases (collect & share quotes)
Researcher
CVE-ID
CVE-2024-11583
CVE-2024-11583
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Researcher
CVE-ID
CVE-2024-13717
CVE-2024-13717
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Contact Form and Calls To Action by vcita
Contact Form and Calls To Action by vcita
Researcher
CVE-ID
CVE-2024-13530
CVE-2024-13530
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
CVE-ID
CVE-2025-22696
CVE-2025-22696
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents
Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents
Researcher
CVE-ID
CVE-2025-23985
CVE-2025-23985
Patch Status
Patched
Patched
Published
Jan 27, 2025
Jan 27, 2025
Affected Software
Dynamic URL SEO
Dynamic URL SEO
Researcher
CVE-ID
CVE-2024-13652
CVE-2024-13652
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
ECPay Ecommerce for WooCommerce
ECPay Ecommerce for WooCommerce
Researcher
CVE-ID
CVE-2024-8494
CVE-2024-8494
Patch Status
Patched
Patched
Published
Jan 29, 2025
Jan 29, 2025
Affected Software
Elementor Website Builder Pro
Elementor Website Builder Pro
Researcher
CVE-ID
CVE-2024-13415
CVE-2024-13415
Patch Status
Patched
Patched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Food Menu – Restaurant Menu & Online Ordering for WooCommerce
Food Menu – Restaurant Menu & Online Ordering for WooCommerce
Researcher
CVE-ID
CVE-2025-22694
CVE-2025-22694
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Hide Shipping Method For WooCommerce
Hide Shipping Method For WooCommerce
Researcher
CVE-ID
CVE-2024-13216
CVE-2024-13216
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
HT Event – WordPress Event Manager Plugin for Elementor
HT Event – WordPress Event Manager Plugin for Elementor
Researcher
CVE-ID
CVE-2025-22260
CVE-2025-22260
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Meta Tag Manager
Meta Tag Manager
Researcher
CVE-ID
CVE-2024-13424
CVE-2024-13424
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Ni Sales Commission For WooCommerce
Ni Sales Commission For WooCommerce
Researcher
CVE-ID
CVE-2025-22695
CVE-2025-22695
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Nirweb support
Nirweb support
Researcher
CVE-ID
CVE-2024-13651
CVE-2024-13651
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
RapidLoad – Optimize Web Vitals Automatically
RapidLoad – Optimize Web Vitals Automatically
Researcher
CVE-ID
CVE-2024-50500
CVE-2024-50500
Patch Status
Unpatched
Unpatched
Published
Jan 31, 2025
Jan 31, 2025
Affected Software
Shortcodes and extra features for Phlox theme
Shortcodes and extra features for Phlox theme
Researcher
CVE-ID
CVE-2024-12102
CVE-2024-12102
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
Typer Core
Typer Core
Researcher
CVE-ID
CVE-2024-13425
CVE-2024-13425
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Researcher
CVE-ID
CVE-2024-13429
CVE-2024-13429
Patch Status
Patched
Patched
Published
Jan 31, 2025
Jan 31, 2025
Researcher
zStore Manager Basic <= 3.311 – Missing Authorization to Authenticated (Subscriber+) Cache Clearing
4.3
CVE-ID
CVE-2024-13715
CVE-2024-13715
Patch Status
Unpatched
Unpatched
Published
Jan 30, 2025
Jan 30, 2025
Affected Software
zStore Manager Basic
zStore Manager Basic
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (January 27, 2025 to February 2, 2025) appeared first on Wordfence.
