Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.
Last week, there were 124 vulnerabilities disclosed in 92 WordPress Plugins and 12 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 51 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 24,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-812 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 86 |
| Unpatched | 38 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 83 |
| High Severity | 31 |
| Critical Severity | 10 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 34 |
| Missing Authorization | 23 |
| Cross-Site Request Forgery (CSRF) | 13 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 13 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 5 |
| Authentication Bypass Using an Alternate Path or Channel | 4 |
| Deserialization of Untrusted Data | 4 |
| Exposure of Sensitive Information to an Unauthorized Actor | 4 |
| Improper Privilege Management | 4 |
| Unrestricted Upload of File with Dangerous Type | 4 |
| Improper Control of Generation of Code (‘Code Injection’) | 3 |
| Server-Side Request Forgery (SSRF) | 3 |
| Improper Authentication | 2 |
| Improper Authorization | 2 |
| Improper Input Validation | 2 |
| Authorization Bypass Through User-Controlled Key | 1 |
| External Control of File Name or Path | 1 |
| Improper Access Control | 1 |
| SQL Injection: Hibernate | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 20 | |
| 10 | |
| 9 | |
| 7 | |
| 6 | |
| 6 | |
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 140+ Widgets | Xpro Addons For Elementor – FREE | xpro-elementor-addons |
| Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin | file-manager-advanced |
| Aiomatic – Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit | aiomatic-automatic-ai-content-writer |
| All-in-One Addons for Elementor – WidgetKit | widgetkit-for-elementor |
| Allow PHP Execute | allow-php-execute |
| Animation Addons for Elementor Pro | animation-addons-for-elementor-pro |
| Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | simply-schedule-appointments |
| bbPress | bbpress |
| Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors | publishpress-authors |
| Code Snippets CPT | code-snippets-cpt |
| Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More | content-control |
| Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics | cookiebot |
| CS Framework | cs-framework |
| CURCY – WooCommerce Multi Currency – Currency Switcher | woocommerce-multi-currency |
| DesignThemes Core Features | designthemes-core-features |
| Downloable by American Osteopathic Association | aoa-downloadable |
| Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates | essential-blocks |
| Eventer – WordPress Event & Booking Manager Plugin | eventer |
| EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
| Flexmls® IDX Plugin | flexmls-idx |
| FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel | foogallery |
| Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress | gallery-plugin |
| Gallery Styles | gallery-styles |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| Greek Multi Tool – Ultimate Greek Language Toolkit for WordPress | greek-multi-tool |
| Hero Maps Premium | hmapsprem |
| Hero Mega Menu – Responsive WordPress Menu Plugin | hmenu |
| Hero Slider – WordPress Slider Plugin | hslide |
| Homey Login Register | homey-login-register |
| HT Mega – Absolute Addons For Elementor | ht-mega-for-elementor |
| I Am Gloria | gloria-assistant-by-webtronic-labs |
| InWave Jobs | iwjob |
| IP Based Login | ip-based-login |
| Javo Core | javo-core |
| m1.DownloadList | m1downloadlist |
| Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations | master-addons |
| Master Slider – Responsive Touch Slider | master-slider |
| miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon | miniorange-login-openid |
| Moving Media Library | moving-media-library |
| Multiple Shipping And Billing Address For Woocommerce | different-shipping-and-billing-address-for-woocommerce |
| Notibar – Notification Bar for WordPress | notibar |
| Page Builder: Pagelayer – Drag and Drop website builder | pagelayer |
| Platform.ly for WooCommerce | platformly-for-woocommerce |
| Podlove Podcast Publisher | podlove-podcasting-plugin-for-wordpress |
| Point Maker | point-maker |
| Post Lockdown | post-lockdown |
| Post Meta Data Manager | post-meta-data-manager |
| Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more | post-smtp |
| Print Invoice & Delivery Notes for WooCommerce | woocommerce-delivery-notes |
| Product Input Fields for WooCommerce | product-input-fields-for-woocommerce |
| Razorpay Subscription Button Elementor Plugin | razorpay-subscription-button-elementor |
| Recently Purchased Products For Woo | recently-purchased-products-for-woo |
| Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins | related-post |
| Responsive Lightbox & Gallery | responsive-lightbox |
| School Management System for WordPress | school-management |
| SearchIQ – The Search Solution | searchiq |
| SEO Plugin by Squirrly SEO | squirrly-seo |
| Shortcode Cleaner Lite | shortcode-cleaner-lite |
| Simple Notification | simple-notification |
| SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) | slingblocks |
| SMTP by BestWebSoft | bws-smtp |
| Solace Extra | solace-extra |
| Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. | wpgsi |
| Staff Directory Plugin: Company Directory | staff-directory-pro |
| Structured Content (JSON-LD) #wpsc | structured-content |
| SupportCandy – Helpdesk & Customer Support Ticket System | supportcandy |
| teachPress | teachpress |
| The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce | the-plus-addons-for-elementor-page-builder |
| UiPress lite | Effortless custom dashboards, admin themes and pages | uipress-lite |
| Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | ultimate-member |
| Ultimate Video Player WordPress & WooCommerce Plugin | fwduvp |
| Ultimate WordPress Auction Plugin | ultimate-auction |
| VikRentCar Car Rental Management System | vikrentcar |
| VK Blocks | vk-blocks |
| Wallet System for WooCommerce | wallet-system-for-woocommerce |
| Wishlist | wishlist |
| Wishlist for WooCommerce: Multi Wishlists Per Customer | wish-list-for-woocommerce |
| WooCommerce Recover Abandoned Cart | rac |
| WooMail – WooCommerce Email Customizer | email-customizer-for-woocommerce-with-drag-drop-builder |
| WordPress abandoned cart recovery and email marketing for WooCommerce by Recapture | recapture-for-woocommerce |
| WordPress Awesome Import & Export Plugin – Import & Export WordPress Data | wp-awesome-import-export |
| WP Featherlight – A Simple jQuery Lightbox | wp-featherlight |
| WP Online Contract | onlinecontract |
| WP Real Estate Manager | wp-realestate-manager |
| WP Shortcodes Plugin — Shortcodes Ultimate | shortcodes-ultimate |
| Wp Svg Upload | wp-svg-upload |
| WP-Recall – Registration, Profile, Commerce & More | wp-recall |
| WPCOM Member | wpcom-member |
| WPGet API – Connect to any external REST API | wpgetapi |
| Years Since – Timeless Texts | years-since |
| Zigaform – Form Builder Lite | zigaform-form-builder-lite |
| ZoomSounds – WordPress Wave Audio Player with Playlist | dzs-zoomsounds |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Design Comuni Italia | design-comuni-wordpress-theme |
| Flex Mag – Responsive WordPress News Theme | flex-mag |
| Golo – City Travel Guide WordPress Theme | golo |
| Homey | homey |
| JNews – WordPress Newspaper Magazine Blog AMP Theme | jnews |
| Lafka – Multi Store Burger – Pizza & Food Delivery WooCommerce Theme | lafka |
| Listingo | listingo |
| Newscrunch | newscrunch |
| Sparkling | sparkling |
| VEDA – MultiPurpose WordPress Theme | veda |
| VW Storefront | vw-storefront |
| Zass – WooCommerce Theme for Handmade Artists and Artisans | zass |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 – Unauthenticated PHP Object Injection
9.8
CVE-ID
CVE-2025-0912
CVE-2025-0912
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
GiveWP – Donation Plugin and Fundraising Platform
GiveWP – Donation Plugin and Fundraising Platform
Researcher
CVE-ID
CVE-2024-12876
CVE-2024-12876
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Golo – City Travel Guide WordPress Theme
Golo – City Travel Guide WordPress Theme
Researcher
CVE-ID
CVE-2024-11951
CVE-2024-11951
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Homey Login Register
Homey Login Register
Researcher
CVE-ID
CVE-2025-1315
CVE-2025-1315
Patch Status
Unpatched
Unpatched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
InWave Jobs
InWave Jobs
Researcher
CVE-ID
CVE-2025-1307
CVE-2025-1307
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Newscrunch
Newscrunch
Researcher
CVE-ID
CVE-2024-13787
CVE-2024-13787
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
VEDA – MultiPurpose WordPress Theme
VEDA – MultiPurpose WordPress Theme
Researcher
CVE-ID
CVE-2025-1515
CVE-2025-1515
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
WP Real Estate Manager
WP Real Estate Manager
Researcher
CVE-ID
CVE-2025-1475
CVE-2025-1475
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
WPCOM Member
WPCOM Member
Researcher
CVE-ID
CVE-2024-13882
CVE-2024-13882
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Aiomatic – Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit
Aiomatic – Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit
Researcher
CVE-ID
CVE-2025-1639
CVE-2025-1639
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Animation Addons for Elementor Pro
Animation Addons for Elementor Pro
Researcher
CVE-ID
CVE-2024-12035
CVE-2024-12035
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
CS Framework
CS Framework
Researcher
CVE-ID
CVE-2025-0959
CVE-2025-0959
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Eventer – WordPress Event & Booking Manager Plugin
Eventer – WordPress Event & Booking Manager Plugin
Researcher
CVE-ID
CVE-2025-1306
CVE-2025-1306
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Newscrunch
Newscrunch
Researcher
CVE-ID
CVE-2024-9658
CVE-2024-9658
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
School Management System for WordPress
School Management System for WordPress
Researcher
CVE-ID
CVE-2025-1309
CVE-2025-1309
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
UiPress lite | Effortless custom dashboards, admin themes and pages
UiPress lite | Effortless custom dashboards, admin themes and pages
Researcher
CVE-ID
CVE-2024-11640
CVE-2024-11640
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
VikRentCar Car Rental Management System
VikRentCar Car Rental Management System
Researcher
CVE-ID
CVE-2024-13232
CVE-2024-13232
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Researcher
CVE-ID
CVE-2024-13655
CVE-2024-13655
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Flex Mag – Responsive WordPress News Theme
Flex Mag – Responsive WordPress News Theme
Researcher
CVE-ID
CVE-2025-0749
CVE-2025-0749
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Homey
Homey
Researcher
CVE-ID
CVE-2024-11087
CVE-2024-11087
Patch Status
Unpatched
Unpatched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon
Researcher
CVE-ID
CVE-2024-13359
CVE-2024-13359
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Product Input Fields for WooCommerce
Product Input Fields for WooCommerce
Researcher
CVE-ID
CVE-2025-0956
CVE-2025-0956
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
WooCommerce Recover Abandoned Cart
WooCommerce Recover Abandoned Cart
Researcher
CVE-ID
CVE-2024-13777
CVE-2024-13777
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
ZoomSounds – WordPress Wave Audio Player with Playlist
ZoomSounds – WordPress Wave Audio Player with Playlist
Researcher
CVE-ID
CVE-2024-12036
CVE-2024-12036
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
CS Framework
CS Framework
Researcher
CVE-ID
CVE-2024-13320
CVE-2024-13320
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
CURCY – WooCommerce Multi Currency – Currency Switcher
CURCY – WooCommerce Multi Currency – Currency Switcher
Researcher
CVE-ID
CVE-2024-13471
CVE-2024-13471
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
DesignThemes Core Features
DesignThemes Core Features
Researcher
Downloable by American Osteopathic Association <= 0.1.0 – Unauthenticated Arbitrary File Download
7.5
CVE-ID
CVE-2024-13617
CVE-2024-13617
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Downloable by American Osteopathic Association
Downloable by American Osteopathic Association
Researcher
CVE-ID
CVE-2025-26875
CVE-2025-26875
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Multiple Shipping And Billing Address For Woocommerce
Multiple Shipping And Billing Address For Woocommerce
Researcher
CVE-ID
CVE-2025-1702
CVE-2025-1702
Patch Status
Patched
Patched
Published
Mar 4, 2025
Mar 4, 2025
CVE-ID
CVE-2024-10804
CVE-2024-10804
Patch Status
Unpatched
Unpatched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Ultimate Video Player WordPress & WooCommerce Plugin
Ultimate Video Player WordPress & WooCommerce Plugin
Researcher
WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 – Unauthenticated SQL Injection
7.5
CVE-ID
CVE-2025-1323
CVE-2025-1323
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
WP-Recall – Registration, Profile, Commerce & More
WP-Recall – Registration, Profile, Commerce & More
Researcher
CVE-ID
CVE-2024-13890
CVE-2024-13890
Patch Status
Unpatched
Unpatched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Allow PHP Execute
Allow PHP Execute
Researcher
CVE-ID
CVE-2025-1798
CVE-2025-1798
Patch Status
Patched
Patched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Design Comuni Italia
Design Comuni Italia
Researcher
CVE-ID
CVE-2024-13618
CVE-2024-13618
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Downloable by American Osteopathic Association
Downloable by American Osteopathic Association
Researcher
CVE-ID
CVE-2024-13906
CVE-2024-13906
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Researcher
CVE-ID
CVE-2024-13835
CVE-2024-13835
Patch Status
Unpatched
Unpatched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Post Meta Data Manager
Post Meta Data Manager
Researcher
CVE-ID
CVE-2024-13908
CVE-2024-13908
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
SMTP by BestWebSoft
SMTP by BestWebSoft
Researcher
CVE-ID
CVE-2024-13781
CVE-2024-13781
Patch Status
Unpatched
Unpatched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Hero Maps Premium
Hero Maps Premium
Researcher
CVE-ID
CVE-2024-13778
CVE-2024-13778
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Hero Mega Menu – Responsive WordPress Menu Plugin
Hero Mega Menu – Responsive WordPress Menu Plugin
Researcher
CVE-ID
CVE-2024-13780
CVE-2024-13780
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Hero Mega Menu – Responsive WordPress Menu Plugin
Hero Mega Menu – Responsive WordPress Menu Plugin
Researcher
CVE-ID
CVE-2024-13809
CVE-2024-13809
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Hero Slider – WordPress Slider Plugin
Hero Slider – WordPress Slider Plugin
Researcher
CVE-ID
CVE-2024-13897
CVE-2024-13897
Patch Status
Patched
Patched
Published
Mar 5, 2025
Mar 5, 2025
Affected Software
Moving Media Library
Moving Media Library
Researcher
CVE-ID
CVE-2024-12609
CVE-2024-12609
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
School Management System for WordPress
School Management System for WordPress
Researcher
CVE-ID
CVE-2024-12607
CVE-2024-12607
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
School Management System for WordPress
School Management System for WordPress
Researcher
CVE-ID
CVE-2025-1768
CVE-2025-1768
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
SEO Plugin by Squirrly SEO
SEO Plugin by Squirrly SEO
Researcher
CVE-ID
CVE-2025-1481
CVE-2025-1481
Patch Status
Unpatched
Unpatched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Shortcode Cleaner Lite
Shortcode Cleaner Lite
Researcher
CVE-ID
CVE-2025-1321
CVE-2025-1321
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
teachPress
teachPress
Researcher
CVE-ID
CVE-2025-0954
CVE-2025-0954
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
WP Online Contract
WP Online Contract
Researcher
CVE-ID
CVE-2024-13649
CVE-2024-13649
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
140+ Widgets | Xpro Addons For Elementor – FREE
140+ Widgets | Xpro Addons For Elementor – FREE
Researcher
CVE-ID
CVE-2024-13805
CVE-2024-13805
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin
Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin
Researcher
CVE-ID
CVE-2025-1664
CVE-2025-1664
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Researcher
CVE-ID
CVE-2025-0863
CVE-2025-0863
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Flexmls® IDX Plugin
Flexmls® IDX Plugin
Researcher
CVE-ID
CVE-2024-12119
CVE-2024-12119
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
Researcher
CVE-ID
CVE-2025-1783
CVE-2025-1783
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Gallery Styles
Gallery Styles
Researcher
CVE-ID
CVE-2025-1261
CVE-2025-1261
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
HT Mega – Absolute Addons For Elementor
HT Mega – Absolute Addons For Elementor
Researcher
CVE-ID
CVE-2025-26895
CVE-2025-26895
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
m1.DownloadList
m1.DownloadList
Researcher
Master Addons <= 2.0.7.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
6.4
CVE-ID
CVE-2025-0433
CVE-2025-0433
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Researcher
CVE-ID
CVE-2024-9618
CVE-2024-9618
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Researcher
CVE-ID
CVE-2024-13757
CVE-2024-13757
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Master Slider – Responsive Touch Slider
Master Slider – Responsive Touch Slider
Researcher
CVE-ID
CVE-2024-11731
CVE-2024-11731
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Master Slider – Responsive Touch Slider
Master Slider – Responsive Touch Slider
Researcher
CVE-ID
CVE-2024-5667
CVE-2024-5667
Patch Status
Patched
Patched
Published
Mar 4, 2025
Mar 4, 2025
Researcher
CVE-ID
CVE-2024-12815
CVE-2024-12815
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Point Maker
Point Maker
Researcher
CVE-ID
CVE-2025-1008
CVE-2025-1008
Patch Status
Patched
Patched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Recently Purchased Products For Woo
Recently Purchased Products For Woo
Researcher
SearchIQ – The Search Solution <= 4.7 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-13350
CVE-2024-13350
Patch Status
Patched
Patched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
SearchIQ – The Search Solution
SearchIQ – The Search Solution
Researcher
CVE-ID
CVE-2024-13866
CVE-2024-13866
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Simple Notification
Simple Notification
Researcher
CVE-ID
CVE-2024-13675
CVE-2024-13675
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
Researcher
CVE-ID
CVE-2025-0512
CVE-2025-0512
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Structured Content (JSON-LD) #wpsc
Structured Content (JSON-LD) #wpsc
Researcher
CVE-ID
CVE-2025-1287
CVE-2025-1287
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Researcher
CVE-ID
CVE-2025-0370
CVE-2025-0370
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
WP Shortcodes Plugin — Shortcodes Ultimate
WP Shortcodes Plugin — Shortcodes Ultimate
Researcher
CVE-ID
CVE-2025-1324
CVE-2025-1324
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
WP-Recall – Registration, Profile, Commerce & More
WP-Recall – Registration, Profile, Commerce & More
Researcher
CVE-ID
CVE-2024-12460
CVE-2024-12460
Patch Status
Unpatched
Unpatched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Years Since – Timeless Texts
Years Since – Timeless Texts
Researcher
CVE-ID
CVE-2025-1435
CVE-2025-1435
Patch Status
Patched
Patched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
bbPress
bbPress
Researcher
CVE-ID
CVE-2025-1325
CVE-2025-1325
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
WP-Recall – Registration, Profile, Commerce & More
WP-Recall – Registration, Profile, Commerce & More
Researcher
CVE-ID
CVE-2024-13431
CVE-2024-13431
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Researcher
CVE-ID
CVE-2024-13839
CVE-2024-13839
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Staff Directory Plugin: Company Directory
Staff Directory Plugin: Company Directory
Researcher
CVE-ID
CVE-2024-13779
CVE-2024-13779
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Hero Mega Menu – Responsive WordPress Menu Plugin
Hero Mega Menu – Responsive WordPress Menu Plugin
Researcher
CVE-ID
CVE-2024-13827
CVE-2024-13827
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Razorpay Subscription Button Elementor Plugin
Razorpay Subscription Button Elementor Plugin
Researcher
CVE-ID
CVE-2024-12634
CVE-2024-12634
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins
Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins
Researcher
CVE-ID
CVE-2024-13774
CVE-2024-13774
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Wishlist for WooCommerce: Multi Wishlists Per Customer
Wishlist for WooCommerce: Multi Wishlists Per Customer
Researcher
CVE-ID
CVE-2025-26989
CVE-2025-26989
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Zigaform – Form Builder Lite
Zigaform – Form Builder Lite
Researcher
CVE-ID
CVE-2024-13640
CVE-2024-13640
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Print Invoice & Delivery Notes for WooCommerce
Print Invoice & Delivery Notes for WooCommerce
Researcher
CVE-ID
CVE-2025-1672
CVE-2025-1672
Patch Status
Patched
Patched
Published
Mar 5, 2025
Mar 5, 2025
Affected Software
Notibar – Notification Bar for WordPress
Notibar – Notification Bar for WordPress
Researcher
CVE-ID
CVE-2024-13857
CVE-2024-13857
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
WPGet API – Connect to any external REST API
WPGet API – Connect to any external REST API
Researcher
CVE-ID
CVE-2024-13816
CVE-2024-13816
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Aiomatic – Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit
Aiomatic – Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit
Researcher
CVE-ID
CVE-2025-0958
CVE-2025-0958
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Ultimate WordPress Auction Plugin
Ultimate WordPress Auction Plugin
Researcher
CVE-ID
CVE-2024-11847
CVE-2024-11847
Patch Status
Unpatched
Unpatched
Published
Mar 5, 2025
Mar 5, 2025
Affected Software
Wp Svg Upload
Wp Svg Upload
Researcher
CVE-ID
CVE-2024-11153
CVE-2024-11153
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
CVE-ID
CVE-2024-8682
CVE-2024-8682
Patch Status
Patched
Patched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
JNews – WordPress Newspaper Magazine Blog AMP Theme
JNews – WordPress Newspaper Magazine Blog AMP Theme
Researcher
CVE-ID
CVE-2024-13904
CVE-2024-13904
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Platform.ly for WooCommerce
Platform.ly for WooCommerce
Researcher
CVE-ID
CVE-2024-12610
CVE-2024-12610
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
School Management System for WordPress
School Management System for WordPress
Researcher
CVE-ID
CVE-2024-12611
CVE-2024-12611
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
School Management System for WordPress
School Management System for WordPress
Researcher
CVE-ID
CVE-2024-13844
CVE-2024-13844
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
CVE-ID
CVE-2025-26886
CVE-2025-26886
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors
Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors
Researcher
CVE-ID
CVE-2024-12800
CVE-2024-12800
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
IP Based Login
IP Based Login
Researcher
CVE-ID
CVE-2024-10321
CVE-2024-10321
Patch Status
Unpatched
Unpatched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
All-in-One Addons for Elementor – WidgetKit
All-in-One Addons for Elementor – WidgetKit
Researcher
CVE-ID
CVE-2024-13895
CVE-2024-13895
Patch Status
Unpatched
Unpatched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Code Snippets CPT
Code Snippets CPT
Researcher
CVE-ID
CVE-2025-1666
CVE-2025-1666
Patch Status
Patched
Patched
Published
Mar 5, 2025
Mar 5, 2025
Affected Software
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics
Researcher
CVE-ID
CVE-2024-13526
CVE-2024-13526
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
EventPrime – Events Calendar, Bookings and Tickets
EventPrime – Events Calendar, Bookings and Tickets
Researcher
CVE-ID
CVE-2024-12114
CVE-2024-12114
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
Researcher
CVE-ID
CVE-2025-0748
CVE-2025-0748
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
Homey
Homey
Researcher
CVE-ID
CVE-2025-0990
CVE-2025-0990
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
I Am Gloria
I Am Gloria
Researcher
CVE-ID
CVE-2024-13118
CVE-2024-13118
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
IP Based Login
IP Based Login
Researcher
CVE-ID
CVE-2024-13811
CVE-2024-13811
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Lafka – Multi Store Burger – Pizza & Food Delivery WooCommerce Theme
Lafka – Multi Store Burger – Pizza & Food Delivery WooCommerce Theme
Researcher
CVE-ID
CVE-2025-1926
CVE-2025-1926
Patch Status
Patched
Patched
Published
Mar 9, 2025
Mar 9, 2025
Affected Software
Page Builder: Pagelayer – Drag and Drop website builder
Page Builder: Pagelayer – Drag and Drop website builder
Researcher
Podlove Podcast Publisher <= 4.2.2 – Cross-Site Request Forgery via ajax_transcript_delete Function
4.3
CVE-ID
CVE-2025-1383
CVE-2025-1383
Patch Status
Patched
Patched
Published
Mar 5, 2025
Mar 5, 2025
Affected Software
Podlove Podcast Publisher
Podlove Podcast Publisher
Researcher
CVE-ID
CVE-2025-1504
CVE-2025-1504
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
Post Lockdown
Post Lockdown
Researcher
CVE-ID
CVE-2025-26899
CVE-2025-26899
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
WordPress abandoned cart recovery and email marketing for WooCommerce by Recapture
WordPress abandoned cart recovery and email marketing for WooCommerce by Recapture
Researcher
CVE-ID
CVE-2025-24654
CVE-2025-24654
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
SEO Plugin by Squirrly SEO
SEO Plugin by Squirrly SEO
Researcher
CVE-ID
CVE-2025-1463
CVE-2025-1463
Patch Status
Patched
Patched
Published
Mar 4, 2025
Mar 4, 2025
CVE-ID
CVE-2024-13552
CVE-2024-13552
Patch Status
Patched
Patched
Published
Mar 6, 2025
Mar 6, 2025
Affected Software
SupportCandy – Helpdesk & Customer Support Ticket System
SupportCandy – Helpdesk & Customer Support Ticket System
Researcher
CVE-ID
CVE-2024-13686
CVE-2024-13686
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
VW Storefront
VW Storefront
Researcher
CVE-ID
CVE-2024-13682
CVE-2024-13682
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Wallet System for WooCommerce
Wallet System for WooCommerce
Researcher
CVE-ID
CVE-2024-13724
CVE-2024-13724
Patch Status
Patched
Patched
Published
Mar 3, 2025
Mar 3, 2025
Affected Software
Wallet System for WooCommerce
Wallet System for WooCommerce
Researcher
CVE-ID
CVE-2024-13747
CVE-2024-13747
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
WooMail – WooCommerce Email Customizer
WooMail – WooCommerce Email Customizer
Researcher
CVE-ID
CVE-2025-1322
CVE-2025-1322
Patch Status
Patched
Patched
Published
Mar 7, 2025
Mar 7, 2025
Affected Software
WP-Recall – Registration, Profile, Commerce & More
WP-Recall – Registration, Profile, Commerce & More
Researcher
CVE-ID
CVE-2024-13810
CVE-2024-13810
Patch Status
Unpatched
Unpatched
Published
Mar 4, 2025
Mar 4, 2025
Affected Software
Zass – WooCommerce Theme for Handmade Artists and Artisans
Zass – WooCommerce Theme for Handmade Artists and Artisans
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (March 3, 2025 to March 9, 2025) appeared first on Wordfence.
