In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond.
Last week, there were 252 vulnerabilities disclosed in 215 WordPress Plugins and 15 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 56 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 25,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-821 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 137 |
| Unpatched | 115 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 1 |
| Medium Severity | 179 |
| High Severity | 42 |
| Critical Severity | 30 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 79 |
| Cross-Site Request Forgery (CSRF) | 44 |
| Missing Authorization | 35 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 21 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 17 |
| Deserialization of Untrusted Data | 12 |
| Unrestricted Upload of File with Dangerous Type | 10 |
| Exposure of Sensitive Information to an Unauthorized Actor | 8 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 6 |
| Improper Privilege Management | 6 |
| Improper Control of Generation of Code (‘Code Injection’) | 4 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 4 |
| Authorization Bypass Through User-Controlled Key | 2 |
| Improper Validation of Integrity Check Value | 2 |
| External Control of File Name or Path | 1 |
| Incorrect Authorization | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 22 | |
| 18 | |
| 17 | |
| 17 | |
| 14 | |
| 13 | |
| 13 | |
| 11 | |
| 9 | |
| 8 | |
| 8 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| ActiveDEMAND | activedemand |
| Add to Header | add-to-header |
| Administrator Z | administrator-z |
| AdminQuickbar | adminquickbar |
| Advanced Dynamic Pricing for WooCommerce | advanced-dynamic-pricing-for-woocommerce |
| AI Text to Speech – TTS Plugin For WordPress | ai-text-to-speech |
| All push notification for WP | all-push-notification |
| Amazon Showcase WordPress Plugin | amazon-showcase-wordpress-widget |
| AnalyticsWP | analyticswp |
| Anthologize | anthologize |
| Arigato Autoresponder and Newsletter | bft-autoresponder |
| Asgaros Forum | asgaros-forum |
| Attendance Manager | attendance-manager |
| Author WIP Progress Bar | author-work-in-progress-bar |
| Avatar | avatar |
| Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages | embedding-barcodes-into-product-pages-and-orders |
| Basic Interactive World Map | basic-interactive-world-map |
| bbPress2 shortcode whitelist | bbpress2-shortcode-whitelist |
| BERTHA AI. Your AI co-pilot for WordPress and Chrome | bertha-ai-free |
| Bknewsticker | bknewsticker |
| BMA Lite – Appointment Booking and Scheduling Plugin | bma-lite-appointment-booking-and-scheduling |
| Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment | booking-and-rental-manager-for-woocommerce |
| Booster Plus for WooCommerce | booster-plus-for-woocommerce |
| Bring Fraktguiden for WooCommerce | bring-fraktguiden-for-woocommerce |
| Broken Links Remover | broken-links-remover |
| BruteGuard – Brute Force Login Protection | bruteguard |
| Bulk Page Stub Creator | bulk-page-stub-creator |
| Bulk Term Editor | bulk-term-editor |
| Checkout Files Upload for WooCommerce | checkout-files-upload-woocommerce |
| Checkout for PayPal | checkout-for-paypal |
| Church Admin | church-admin |
| CLEVER – HTML5 Radio Player With History – Shoutcast and Icecast – Elementor Widget Addon | elementor_widget_clever_radio_player |
| Cloak Front End Email | cloak-front-end-email |
| Conditional Payments for WooCommerce | conditional-payments-for-woocommerce |
| Conditional Shipping for WooCommerce | conditional-shipping-for-woocommerce |
| Contact Form 7 | contact-form-7 |
| Contact Form by Supsystic | contact-form-by-supsystic |
| Contact Form vCard Generator | contact-form-vcard-generator |
| Contact Form, Drag and Drop Form Builder Plugin – Live Forms | liveforms |
| Cost Calculator Builder | cost-calculator-builder |
| Coupon Affiliates – Affiliate Plugin for WooCommerce | woo-coupon-usage |
| Course Booking System | course-booking-system |
| CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout | support-x |
| CRUDLab Scroll to Top | crudlab-scroll-to-top |
| Custom CSS, JS & PHP | custom-css |
| Dashboard Notepads | dashboard-notepads |
| Dashi | dashi |
| Debug Log Manager | debug-log-manager |
| Directory Listings WordPress plugin – uListing | ulisting |
| Docket Cache – Object Cache Accelerator | docket-cache |
| Download Manager | download-manager |
| Dynamic Post | dynamic-post |
| Editor Wysiwyg Background Color | editor-wysiwyg-background-color |
| Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder | bdthemes-element-pack-lite |
| ElementsReady Addons for Elementor | element-ready-lite |
| Essential Addons for Elementor – Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
| Event Espresso – Custom Email Template Shortcode | email-shortcode |
| Event Manager, Events Calendar, Tickets, Registrations – Eventin | wp-event-solution |
| Ever Accounting – WordPress Accounting and Invoice Plugin | wp-ever-accounting |
| Fast eBay Listings | fast-ebay-listings |
| Feedify – Web Push Notifications | push-notification-by-feedify |
| Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | fluentform |
| FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration | fluent-boards |
| FluentCommunity – Ultra-Fast High-Performance Social Network, Community, LMS & Online Courses Plugin | fluent-community |
| Forminator Forms – Contact Form, Payment Form & Custom Form Builder | forminator |
| FS Poster – WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest] | fs-poster |
| GoodBarber | goodbarber |
| Gravity Forms CSS Themes with Fontawesome and Placeholders | gravity-forms-css-themes-with-fontawesome-and-placeholder-support |
| HelpGent – The Ultimate Form Builder & TypeForm Alternative on WordPress | Craft Conversational Multi Step Form with Video, Voice, Screen Recording, & Text Messaging | helpgent |
| Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress | hive-support |
| hockeydata LOS | hockeydata-los |
| Hostel | hostel |
| Hotel Booking | nd-booking |
| HTML5 Audio Player- Best WordPress Audio Player Plugin | html5-audio-player |
| I Draw | idraw |
| illow – Cookies Consent | lgpd-compliant-cookie-banner |
| Insert Headers And Footers | wp-headers-and-footers |
| Integration for WooCommerce and QuickBooks | wp-woocommerce-quickbooks |
| IP2Location Variables | ip2location-variables |
| JetBlocks for Elementor | jet-blocks |
| JetBlog for Elementor | jet-blog |
| JetElements | jet-elements |
| JetMenu for Elementor | jet-menu |
| JetPopup | jet-popup |
| JetReviews for Elementor | jet-reviews |
| JetTabs for Elementor | jet-tabs |
| JetTricks for Elementor | jet-tricks |
| JetWooBuilder for Elementor | jet-woo-builder |
| JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin | jobwp |
| JS Job Manager | js-jobs |
| Kadence WooCommerce Email Designer | kadence-woocommerce-email-designer |
| Kata Plus – Addons for Elementor – Widgets, Extensions and Templates | kata-plus |
| KiotViet Sync | kiotvietsync |
| LA-Studio Element Kit for Elementor | lastudio-element-kit |
| Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages | landing-page-cat |
| Listdom – Business Directory and Classified Ads Listings WordPress Plugin | listdom |
| Local Magic | local-magic |
| Login Manager – Design Login Page, View Login Activity, Limit Login Attempts | customized-login |
| Logo Carousel Gutenberg Block | awesome-logo-carousel-block |
| Logo Carousel Slider | logo-carousel-slider |
| Macro Calculator with Admin Email Optin & Data | macro-admin-email-data-optin-calculator |
| MapSVG – Vector maps, Image maps, Google Maps | mapsvg-lite-interactive-vector-maps |
| Master Slider – Responsive Touch Slider | master-slider |
| Material Dashboard | material-dashboard |
| Mediavine Control Panel | mediavine-control-panel |
| MelaPress Login Security | melapress-login-security |
| Memberpress | memberpress |
| Membership For WooCommerce | membership-for-woocommerce |
| mLanguage | mlanguage |
| modal-survey | modal-survey |
| Most And Least Read Posts Widget | most-and-least-read-posts-widget |
| Movylo Marketing Automation | movylo-widget |
| My auctions allegro | my-auctions-allegro-free-edition |
| My Marginalia | my-marginalia |
| Name Directory | name-directory |
| Office Locator | office-locator |
| OTP-less one tap Sign in | otpless |
| Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more | password-protected |
| Payment Form for PayPal Pro | payment-form-for-paypal-pro |
| PDF 2 Post | pdf2post |
| Piotnet Addons For Elementor | piotnet-addons-for-elementor |
| ProfileGrid – User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
| Projectopia – WordPress Project Management | projectopia-core |
| Property Hive | propertyhive |
| Quentn WP | quentn-wp |
| Question Answer | question-answer |
| Rating by BestWebSoft | rating-bws |
| Real Estate Manager – Property Listing and Agent Management | real-estate-manager |
| Rescue Shortcodes | rescue-shortcodes |
| Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates | responsive-addons-for-elementor |
| Responsive Blocks – WordPress Gutenberg Blocks | responsive-block-editor-addons |
| Review Wave – Google Places Reviews | review-wave-google-places-reviews |
| Revision Diet | revision-diet |
| Right Click Disable OR Ban | right-click-disable-or-ban |
| Royal Elementor Addons and Templates | royal-elementor-addons |
| RSS Manager | rss-manager |
| Run Contests, Raffles, and Giveaways with ContestsWP | contest-code-checker |
| SB Chart block | sb-chart-block |
| Scriptless Social Sharing | scriptless-social-sharing |
| Sell access, Automate, and add Engaging Exclusive Discord Access: Introducing the MemberPress Discord Addon — Elevate Your Community! | expresstechsoftwares-memberpress-discord-add-on |
| ShopApper: Mobile App for WooCommerce | mobile-app-for-woocommerce |
| Sign-up Sheets | sign-up-sheets |
| Simple Maps | interactive-maps |
| Simple Sitemap – Create a Responsive HTML Sitemap | simple-sitemap |
| Site Search 360 | site-search-360 |
| Smart Agreements | smart-agreements |
| Social Media Links | social-media-links |
| Social Sharing Plugin – Sassy Social Share | sassy-social-share |
| spam-stopper | spam-stopper |
| Starfish Review Generation & Marketing for WordPress | starfish-reviews |
| StoreContrl Woocommerce | storecontrl-wp-connection |
| Style Manager – Auto-magical system to style your entire WordPress site | style-manager |
| Subscribe to Unlock Lite – Opt In Content Locker Plugin for WordPress | subscribe-to-unlock-lite |
| Super Store Finder | superstorefinder-wp |
| Széchenyi 2020 Logo | szechenyi-2020-logo |
| T&P Gallery Slider | tp-gallery-slider |
| TableOn – WordPress Posts Table Filterable | posts-table-filterable |
| Target Video Easy Publish | brid-video-easy-publish |
| Taskbuilder – WordPress Project & Task Management plugin | taskbuilder |
| Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder | wps-team |
| Testimonial Slider And Showcase Pro | testimonial-slider-showcase-pro |
| Theme Changer | theme-changer |
| Themesflat Addons For Elementor | themesflat-addons-for-elementor |
| Themify Shortcodes | themify-shortcodes |
| Total processing card payments for WooCommerce | totalprocessing-card-payments |
| Tour Master – Tour Booking, Travel, Hotel | tourmaster |
| Tourfic Toolkit | travelfic-toolkit |
| translit it! | translit-it |
| TS Poll – Survey, Versus Poll, Image Poll, Video Poll | poll-wp |
| TuriTop Booking System | turitop-booking-system |
| Uix Shortcodes | uix-shortcodes |
| Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | ultimate-member |
| Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder | ultimate-store-kit |
| Unlimited Timeline | unlimited-timeline |
| UrbanGo Membership | urbango-membership |
| User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | profile-builder |
| User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin | user-registration-pro |
| Verge3D Publishing and E-Commerce | verge3d |
| Verowa Connect | verowa-connect |
| visucom-smart-sections | visucom-smart-sections |
| Vitepos – Point of sale (POS) plugin for WooCommerce | vitepos-lite |
| Web Directory Free | web-directory-free |
| WooCommerce – Social Login | woo-social-login |
| WooCommerce Builder & Gutenberg WooCommerce Blocks – WowStore | product-blocks |
| WooCommerce Products without featured images | woocommerce-products-without-featured-images |
| WooMS | wooms |
| WordPress Button Plugin MaxButtons | maxbuttons |
| WordPress Internal Link Optimiser | internal-link-finder |
| WordPress REST API Authentication | wp-rest-api-authentication |
| WordPress Video Robot – The Ultimate Video Importer | wp-video-robot |
| WordPress WP-Advanced-Search | wp-advanced-search |
| WP Data Access – App, Table, Form, Chart & Map Builder plugin | wp-data-access |
| WP Donate | wp-donate |
| WP Editor | wp-editor |
| WP Flipclock | wp-flipclock |
| WP Logger | wp-data-logger |
| WP Post to PDF Enhanced | wp-post-to-pdf-enhanced |
| WP Posts Carousel | wp-posts-carousel |
| WP Simple Booking Calendar | wp-simple-booking-calendar |
| WP Social Bookmarking | wp-social-bookmarking |
| WP STAGING Pro WordPress Backup Plugin | wp-staging-pro |
| WP Sticky Side Buttons | wp-sticky-side-buttons |
| WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log | wptools |
| WP Twitter Button | wp-twitter-button |
| wp-google-map-gold | wp-google-map-gold |
| WP_DEBUG Toggle | enable-wp-debug-toggle |
| WPAdverts – Classifieds Plugin | wpadverts |
| WPAMS – Apartment Management System for wordpress | apartment-management |
| WPCafe: Food Menu, Ordering, Reservation, and Delivery Solution – All in One Place! | wp-cafe |
| WPCasa | wpcasa |
| WPCOM Member | wpcom-member |
| wpLike2Get | wplike2get |
| wpt-whatsapp | wpt-whatsapp |
| Xelion Webchat | xelion-webchat |
| ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 | 1-jquery-photo-gallery-slideshow-flash |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| AI Hub – Startup & Technology WordPress Theme | aihub |
| Betheme | betheme |
| Celestial Aura | celestial-aura |
| Dessau – Contemporary Theme for Architects and Interior Designers | dessau |
| Dør – Modern Architecture and Interior Design Theme | dor |
| Eduma | eduma |
| Eximius | eximius |
| Foton – Software and App Landing Page Theme | foton |
| Grand Restaurant WordPress | grandrestaurant |
| Grip | grip |
| IvyPrep – Education & School WordPress Theme | ivy-school |
| Real Estate 7 WordPress | realestate-7 |
| Sirat | sirat |
| Tastyc – Cafe Restaurant Theme | tastyc |
| Wanderland – Travel Blog | wanderland |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-1093
CVE-2025-1093
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
AI Hub – Startup & Technology WordPress Theme
AI Hub – Startup & Technology WordPress Theme
Researcher
CVE-ID
CVE-2025-39463
CVE-2025-39463
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Dessau – Contemporary Theme for Architects and Interior Designers
Dessau – Contemporary Theme for Architects and Interior Designers
Researcher
CVE-ID
CVE-2025-39461
CVE-2025-39461
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Docket Cache – Object Cache Accelerator
Docket Cache – Object Cache Accelerator
Researcher
CVE-ID
CVE-2025-39466
CVE-2025-39466
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Dør – Modern Architecture and Interior Design Theme
Dør – Modern Architecture and Interior Design Theme
Researcher
CVE-ID
CVE-2025-39551
CVE-2025-39551
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
CVE-ID
CVE-2025-39550
CVE-2025-39550
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
CVE-ID
CVE-2025-39458
CVE-2025-39458
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Foton – Software and App Landing Page Theme
Foton – Software and App Landing Page Theme
Researcher
CVE-ID
CVE-2025-26735
CVE-2025-26735
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Grip
Grip
Researcher
CVE-ID
CVE-2025-32658
CVE-2025-32658
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
CVE-ID
CVE-2025-26889
CVE-2025-26889
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
hockeydata LOS
hockeydata LOS
Researcher
CVE-ID
CVE-2025-39526
CVE-2025-39526
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Hotel Booking
Hotel Booking
Researcher
CVE-ID
CVE-2025-39470
CVE-2025-39470
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
IvyPrep – Education & School WordPress Theme
IvyPrep – Education & School WordPress Theme
Researcher
CVE-ID
CVE-2025-32660
CVE-2025-32660
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
JS Job Manager
JS Job Manager
Researcher
CVE-ID
CVE-2025-32572
CVE-2025-32572
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates
Researcher
CVE-ID
CVE-2025-32486
CVE-2025-32486
Patch Status
Patched
Patched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Material Dashboard
Material Dashboard
Researcher
CVE-ID
CVE-2025-39468
CVE-2025-39468
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
modal-survey
modal-survey
Researcher
CVE-ID
CVE-2025-32648
CVE-2025-32648
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Projectopia – WordPress Project Management
Projectopia – WordPress Project Management
Researcher
CVE-ID
CVE-2025-39596
CVE-2025-39596
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Quentn WP
Quentn WP
Researcher
CVE-ID
CVE-2025-39459
CVE-2025-39459
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Real Estate 7 WordPress
Real Estate 7 WordPress
Researcher
CVE-ID
CVE-2025-32596
CVE-2025-32596
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Real Estate Manager – Property Listing and Agent Management
Real Estate Manager – Property Listing and Agent Management
Researcher
CVE-ID
CVE-2025-39462
CVE-2025-39462
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Smart Agreements
Smart Agreements
Researcher
CVE-ID
CVE-2025-39410
CVE-2025-39410
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
visucom-smart-sections
visucom-smart-sections
Researcher
CVE-ID
CVE-2025-39429
CVE-2025-39429
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Széchenyi 2020 Logo
Széchenyi 2020 Logo
Researcher
CVE-ID
CVE-2025-27010
CVE-2025-27010
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Tastyc – Cafe Restaurant Theme
Tastyc – Cafe Restaurant Theme
Researcher
CVE-ID
CVE-2025-39588
CVE-2025-39588
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
Researcher
CVE-ID
CVE-2025-3278
CVE-2025-3278
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
UrbanGo Membership
UrbanGo Membership
Researcher
CVE-ID
CVE-2025-39467
CVE-2025-39467
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Wanderland – Travel Blog
Wanderland – Travel Blog
Researcher
CVE-ID
CVE-2025-39411
CVE-2025-39411
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
wpt-whatsapp
wpt-whatsapp
Researcher
CVE-ID
CVE-2025-39406
CVE-2025-39406
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WPAMS – Apartment Management System for wordpress
WPAMS – Apartment Management System for wordpress
Researcher
CVE-ID
CVE-2025-39401
CVE-2025-39401
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WPAMS – Apartment Management System for wordpress
WPAMS – Apartment Management System for wordpress
Researcher
CVE-ID
CVE-2025-26892
CVE-2025-26892
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Celestial Aura
Celestial Aura
Researcher
CVE-ID
CVE-2025-39601
CVE-2025-39601
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Custom CSS, JS & PHP
Custom CSS, JS & PHP
Researcher
CVE-ID
CVE-2025-3404
CVE-2025-3404
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
Download Manager
Download Manager
Researchers
CVE-ID
CVE-2025-39584
CVE-2025-39584
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Event Manager, Events Calendar, Tickets, Registrations – Eventin
Event Manager, Events Calendar, Tickets, Registrations – Eventin
Researcher
CVE-ID
CVE-2025-26872
CVE-2025-26872
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Eximius
Eximius
Researcher
CVE-ID
CVE-2025-39396
CVE-2025-39396
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
JetReviews for Elementor
JetReviews for Elementor
Researcher
CVE-ID
CVE-2025-32682
CVE-2025-32682
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
MapSVG – Vector maps, Image maps, Google Maps
MapSVG – Vector maps, Image maps, Google Maps
Researcher
CVE-ID
CVE-2025-32583
CVE-2025-32583
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
PDF 2 Post
PDF 2 Post
Researcher
CVE-ID
CVE-2025-32647
CVE-2025-32647
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Question Answer
Question Answer
Researcher
CVE-ID
CVE-2025-39527
CVE-2025-39527
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Rating by BestWebSoft
Rating by BestWebSoft
Researcher
CVE-ID
CVE-2025-39533
CVE-2025-39533
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Starfish Review Generation & Marketing for WordPress
Starfish Review Generation & Marketing for WordPress
Researcher
CVE-ID
CVE-2025-39592
CVE-2025-39592
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Subscribe to Unlock Lite – Opt In Content Locker Plugin for WordPress
Subscribe to Unlock Lite – Opt In Content Locker Plugin for WordPress
Researcher
CVE-ID
CVE-2025-32686
CVE-2025-32686
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder
Researcher
CVE-ID
CVE-2025-32657
CVE-2025-32657
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Testimonial Slider And Showcase Pro
Testimonial Slider And Showcase Pro
Researcher
CVE-ID
CVE-2025-32571
CVE-2025-32571
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
TuriTop Booking System
TuriTop Booking System
Researcher
CVE-ID
CVE-2025-32662
CVE-2025-32662
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Directory Listings WordPress plugin – uListing
Directory Listings WordPress plugin – uListing
Researcher
CVE-ID
CVE-2025-39402
CVE-2025-39402
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WPAMS – Apartment Management System for wordpress
WPAMS – Apartment Management System for wordpress
Researcher
CVE-ID
CVE-2025-39405
CVE-2025-39405
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WPAMS – Apartment Management System for wordpress
WPAMS – Apartment Management System for wordpress
Researcher
CVE-ID
CVE-2025-39452
CVE-2025-39452
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WPCafe: Food Menu, Ordering, Reservation, and Delivery Solution – All in One Place!
WPCafe: Food Menu, Ordering, Reservation, and Delivery Solution – All in One Place!
Researcher
CVE-ID
CVE-2025-39570
CVE-2025-39570
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WPCOM Member
WPCOM Member
Researcher
CVE-ID
CVE-2025-39542
CVE-2025-39542
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Xelion Webchat
Xelion Webchat
Researcher
CVE-ID
CVE-2025-3520
CVE-2025-3520
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Avatar
Avatar
Researcher
CVE-ID
CVE-2025-3103
CVE-2025-3103
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
CLEVER – HTML5 Radio Player With History – Shoutcast and Icecast – Elementor Widget Addon
CLEVER – HTML5 Radio Player With History – Shoutcast and Icecast – Elementor Widget Addon
Researcher
CVE-ID
CVE-2025-39587
CVE-2025-39587
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Cost Calculator Builder
Cost Calculator Builder
Researcher
CVE-ID
CVE-2025-2010
CVE-2025-2010
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin
JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin
Researcher
CVE-ID
CVE-2025-32626
CVE-2025-32626
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
JS Job Manager
JS Job Manager
Researcher
CVE-ID
CVE-2025-32636
CVE-2025-32636
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Local Magic
Local Magic
Researcher
CVE-ID
CVE-2025-39471
CVE-2025-39471
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
modal-survey
modal-survey
Researcher
CVE-ID
CVE-2025-32665
CVE-2025-32665
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Office Locator
Office Locator
Researcher
CVE-ID
CVE-2025-39595
CVE-2025-39595
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Quentn WP
Quentn WP
Researcher
CVE-ID
CVE-2025-39568
CVE-2025-39568
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
StoreContrl Woocommerce
StoreContrl Woocommerce
Researcher
CVE-ID
CVE-2025-39445
CVE-2025-39445
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Super Store Finder
Super Store Finder
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
CVE-ID
CVE-2025-2111
CVE-2025-2111
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
Insert Headers And Footers
Insert Headers And Footers
Researcher
CVE-ID
CVE-2025-39395
CVE-2025-39395
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WPAMS – Apartment Management System for wordpress
WPAMS – Apartment Management System for wordpress
Researcher
CVE-ID
CVE-2025-3809
CVE-2025-3809
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
Debug Log Manager
Debug Log Manager
Researcher
CVE-ID
CVE-2025-39557
CVE-2025-39557
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Kadence WooCommerce Email Designer
Kadence WooCommerce Email Designer
Researcher
CVE-ID
CVE-2025-39565
CVE-2025-39565
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
MelaPress Login Security
MelaPress Login Security
Researcher
CVE-ID
CVE-2025-32527
CVE-2025-32527
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
T&P Gallery Slider
T&P Gallery Slider
Researcher
CVE-ID
CVE-2025-39538
CVE-2025-39538
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WordPress WP-Advanced-Search
WordPress WP-Advanced-Search
Researcher
CVE-ID
CVE-2025-23958
CVE-2025-23958
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Editor Wysiwyg Background Color
Editor Wysiwyg Background Color
Researcher
CVE-ID
CVE-2025-32573
CVE-2025-32573
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
KiotViet Sync
KiotViet Sync
Researcher
CVE-ID
CVE-2025-39586
CVE-2025-39586
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
ProfileGrid – User Profiles, Groups and Communities
ProfileGrid – User Profiles, Groups and Communities
Researcher
CVE-ID
CVE-2025-26996
CVE-2025-26996
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Sign-up Sheets
Sign-up Sheets
Researcher
CVE-ID
CVE-2025-39569
CVE-2025-39569
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Taskbuilder – WordPress Project & Task Management plugin
Taskbuilder – WordPress Project & Task Management plugin
Researcher
CVE-ID
CVE-2025-39544
CVE-2025-39544
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
CVE-ID
CVE-2025-39403
CVE-2025-39403
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WPAMS – Apartment Management System for wordpress
WPAMS – Apartment Management System for wordpress
Researcher
CVE-ID
CVE-2025-39514
CVE-2025-39514
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Asgaros Forum
Asgaros Forum
Researcher
CVE-ID
CVE-2025-39515
CVE-2025-39515
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Attendance Manager
Attendance Manager
Researcher
CVE-ID
CVE-2025-39516
CVE-2025-39516
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Author WIP Progress Bar
Author WIP Progress Bar
Researcher
CVE-ID
CVE-2025-3077
CVE-2025-3077
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Betheme
Betheme
Researcher
CVE-ID
CVE-2025-39520
CVE-2025-39520
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Checkout Files Upload for WooCommerce
Checkout Files Upload for WooCommerce
Researcher
CVE-ID
CVE-2025-39572
CVE-2025-39572
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Checkout for PayPal
Checkout for PayPal
Researcher
CVE-ID
CVE-2025-39555
CVE-2025-39555
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Church Admin
Church Admin
Researcher
CVE-ID
CVE-2025-1457
CVE-2025-1457
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Essential Addons for Elementor <= 6.1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2025-39590
CVE-2025-39590
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
CVE-ID
CVE-2025-3615
CVE-2025-3615
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Researcher
CVE-ID
CVE-2025-3487
CVE-2025-3487
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Researcher
CVE-ID
CVE-2025-39524
CVE-2025-39524
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
HTML5 Audio Player- Best WordPress Audio Player Plugin
HTML5 Audio Player- Best WordPress Audio Player Plugin
Researcher
CVE-ID
CVE-2025-39448
CVE-2025-39448
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
JetElements
JetElements
Researcher
CVE-ID
CVE-2025-39450
CVE-2025-39450
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
JetTabs for Elementor
JetTabs for Elementor
Researcher
CVE-ID
CVE-2025-3106
CVE-2025-3106
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
LA-Studio Element Kit for Elementor
LA-Studio Element Kit for Elementor
Researcher
CVE-ID
CVE-2025-2083
CVE-2025-2083
Patch Status
Patched
Patched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Logo Carousel Gutenberg Block
Logo Carousel Gutenberg Block
Researcher
CVE-ID
CVE-2025-39525
CVE-2025-39525
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Logo Carousel Slider
Logo Carousel Slider
Researcher
CVE-ID
CVE-2025-39579
CVE-2025-39579
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Membership For WooCommerce
Membership For WooCommerce
Researcher
CVE-ID
CVE-2025-39549
CVE-2025-39549
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Most And Least Read Posts Widget
Most And Least Read Posts Widget
Researcher
Piotnet Addons For Elementor <= 2.4.34 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-13650
CVE-2024-13650
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Piotnet Addons For Elementor
Piotnet Addons For Elementor
Researcher
CVE-ID
CVE-2025-39577
CVE-2025-39577
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Property Hive
Property Hive
Researcher
CVE-ID
CVE-2025-39528
CVE-2025-39528
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Rescue Shortcodes
Rescue Shortcodes
Researcher
CVE-ID
CVE-2025-2225
CVE-2025-2225
Patch Status
Patched
Patched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
Researcher
CVE-ID
CVE-2025-39578
CVE-2025-39578
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Responsive Blocks – WordPress Gutenberg Blocks
Responsive Blocks – WordPress Gutenberg Blocks
Researcher
CVE-ID
CVE-2025-39543
CVE-2025-39543
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Royal Elementor Addons and Templates
Royal Elementor Addons and Templates
Researcher
CVE-ID
CVE-2025-3661
CVE-2025-3661
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
SB Chart block
SB Chart block
Researcher
CVE-ID
CVE-2025-39529
CVE-2025-39529
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Scriptless Social Sharing
Scriptless Social Sharing
Researcher
Themesflat Addons For Elementor <= 2.2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2025-3275
CVE-2025-3275
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
Themesflat Addons For Elementor
Themesflat Addons For Elementor
Researcher
CVE-ID
CVE-2025-39581
CVE-2025-39581
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Themify Shortcodes
Themify Shortcodes
Researcher
CVE-ID
CVE-2025-39585
CVE-2025-39585
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Tourfic Toolkit
Tourfic Toolkit
Researcher
CVE-ID
CVE-2025-39574
CVE-2025-39574
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Uix Shortcodes
Uix Shortcodes
Researcher
CVE-ID
CVE-2025-2314
CVE-2025-2314
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
Researcher
CVE-ID
CVE-2025-39582
CVE-2025-39582
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WP Data Access – App, Table, Form, Chart & Map Builder plugin
WP Data Access – App, Table, Form, Chart & Map Builder plugin
Researcher
CVE-ID
CVE-2025-39540
CVE-2025-39540
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WP Flipclock
WP Flipclock
Researcher
CVE-ID
CVE-2025-39573
CVE-2025-39573
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WP Posts Carousel
WP Posts Carousel
Researcher
CVE-ID
CVE-2025-39576
CVE-2025-39576
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WPAdverts – Classifieds Plugin
WPAdverts – Classifieds Plugin
Researcher
CVE-ID
CVE-2025-39575
CVE-2025-39575
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WPCasa
WPCasa
Researcher
CVE-ID
CVE-2025-39423
CVE-2025-39423
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Add to Header
Add to Header
Researcher
CVE-ID
CVE-2025-39464
CVE-2025-39464
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
AdminQuickbar
AdminQuickbar
Researcher
CVE-ID
CVE-2025-32546
CVE-2025-32546
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
All push notification for WP
All push notification for WP
Researcher
Amazon Showcase WordPress Plugin <= 2.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-ID
CVE-2025-39431
CVE-2025-39431
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Amazon Showcase WordPress Plugin
Amazon Showcase WordPress Plugin
Researcher
CVE-ID
CVE-2025-39594
CVE-2025-39594
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Arigato Autoresponder and Newsletter
Arigato Autoresponder and Newsletter
Researcher
CVE-ID
CVE-2025-39446
CVE-2025-39446
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Booster Plus for WooCommerce
Booster Plus for WooCommerce
Researcher
CVE-ID
CVE-2025-39440
CVE-2025-39440
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Broken Links Remover
Broken Links Remover
Researcher
CVE-ID
CVE-2025-39408
CVE-2025-39408
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
BruteGuard – Brute Force Login Protection
BruteGuard – Brute Force Login Protection
Researcher
CVE-ID
CVE-2025-39519
CVE-2025-39519
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Bulk Page Stub Creator
Bulk Page Stub Creator
Researcher
CVE-ID
CVE-2024-13452
CVE-2024-13452
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Contact Form by Supsystic
Contact Form by Supsystic
Researcher
CVE-ID
CVE-2025-39521
CVE-2025-39521
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Contact Form vCard Generator
Contact Form vCard Generator
Researcher
CVE-ID
CVE-2025-3598
CVE-2025-3598
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Coupon Affiliates – Affiliate Plugin for WooCommerce
Coupon Affiliates – Affiliate Plugin for WooCommerce
Researcher
CVE-ID
CVE-2025-32508
CVE-2025-32508
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Course Booking System
Course Booking System
Researcher
CVE-ID
CVE-2025-39558
CVE-2025-39558
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Researcher
CVE-ID
CVE-2025-22774
CVE-2025-22774
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
CRUDLab Scroll to Top
CRUDLab Scroll to Top
Researcher
CVE-ID
CVE-2025-39441
CVE-2025-39441
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Dashboard Notepads
Dashboard Notepads
Researcher
CVE-ID
CVE-2025-32507
CVE-2025-32507
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Event Espresso – Custom Email Template Shortcode
Event Espresso – Custom Email Template Shortcode
Researcher
CVE-ID
CVE-2025-39597
CVE-2025-39597
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Fast eBay Listings
Fast eBay Listings
Researcher
CVE-ID
CVE-2025-32540
CVE-2025-32540
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Feedify – Web Push Notifications
Feedify – Web Push Notifications
Researcher
CVE-ID
CVE-2025-39523
CVE-2025-39523
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
GoodBarber
GoodBarber
Researcher
CVE-ID
CVE-2025-32666
CVE-2025-32666
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Researcher
CVE-ID
CVE-2025-39547
CVE-2025-39547
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WordPress Internal Link Optimiser
WordPress Internal Link Optimiser
Researcher
CVE-ID
CVE-2025-39381
CVE-2025-39381
Patch Status
Unpatched
Unpatched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
KiotViet Sync
KiotViet Sync
Researcher
CVE-ID
CVE-2025-26992
CVE-2025-26992
Patch Status
Patched
Patched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages
Researcher
CVE-ID
CVE-2025-39599
CVE-2025-39599
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Researcher
CVE-ID
CVE-2025-39407
CVE-2025-39407
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Memberpress
Memberpress
Researcher
CVE-ID
CVE-2025-32605
CVE-2025-32605
Patch Status
Patched
Patched
Published
Apr 14, 2025
Apr 14, 2025
CVE-ID
CVE-2025-39469
CVE-2025-39469
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
modal-survey
modal-survey
Researcher
CVE-ID
CVE-2025-32608
CVE-2025-32608
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Movylo Marketing Automation
Movylo Marketing Automation
Researcher
CVE-ID
CVE-2025-39435
CVE-2025-39435
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
My Marginalia
My Marginalia
Researcher
CVE-ID
CVE-2025-32513
CVE-2025-32513
Patch Status
Patched
Patched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Total processing card payments for WooCommerce
Total processing card payments for WooCommerce
Researcher
CVE-ID
CVE-2025-32622
CVE-2025-32622
Patch Status
Patched
Patched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
OTP-less one tap Sign in
OTP-less one tap Sign in
Researcher
CVE-ID
CVE-2025-39419
CVE-2025-39419
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Revision Diet
Revision Diet
Researcher
Right Click Disable OR Ban <= 1.1.17 – Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-ID
CVE-2025-39548
CVE-2025-39548
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Right Click Disable OR Ban
Right Click Disable OR Ban
Researcher
CVE-ID
CVE-2025-39418
CVE-2025-39418
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
RSS Manager
RSS Manager
Researcher
CVE-ID
CVE-2025-32634
CVE-2025-32634
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Run Contests, Raffles, and Giveaways with ContestsWP
Run Contests, Raffles, and Giveaways with ContestsWP
Researcher
CVE-ID
CVE-2025-39404
CVE-2025-39404
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Social Sharing Plugin – Sassy Social Share
Social Sharing Plugin – Sassy Social Share
Researcher
CVE-ID
CVE-2025-32638
CVE-2025-32638
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
ShopApper: Mobile App for WooCommerce
ShopApper: Mobile App for WooCommerce
Researcher
CVE-ID
CVE-2025-39530
CVE-2025-39530
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Site Search 360
Site Search 360
Researcher
CVE-ID
CVE-2025-39415
CVE-2025-39415
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Social Media Links
Social Media Links
Researcher
CVE-ID
CVE-2025-39414
CVE-2025-39414
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
spam-stopper
spam-stopper
Researcher
TableOn – WordPress Posts Table Filterable <= 1.0.3 – Unauthenticated Stored Cross-Site Scripting
6.1
CVE-ID
CVE-2025-32592
CVE-2025-32592
Patch Status
Patched
Patched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
TableOn – WordPress Posts Table Filterable
TableOn – WordPress Posts Table Filterable
Researcher
CVE-ID
CVE-2025-32923
CVE-2025-32923
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Tour Master – Tour Booking, Travel, Hotel
Tour Master – Tour Booking, Travel, Hotel
Researcher
CVE-ID
CVE-2025-39416
CVE-2025-39416
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
translit it!
translit it!
Researcher
CVE-ID
CVE-2025-32609
CVE-2025-32609
Patch Status
Patched
Patched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
Verowa Connect
Verowa Connect
Researcher
CVE-ID
CVE-2025-39567
CVE-2025-39567
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Web Directory Free
Web Directory Free
Researcher
CVE-ID
CVE-2025-32602
CVE-2025-32602
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
WooMS
WooMS
Researcher
CVE-ID
CVE-2025-39409
CVE-2025-39409
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WordPress Video Robot – The Ultimate Video Importer
WordPress Video Robot – The Ultimate Video Importer
Researcher
CVE-ID
CVE-2025-32561
CVE-2025-32561
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
WP_DEBUG Toggle
WP_DEBUG Toggle
Researcher
CVE-ID
CVE-2025-39392
CVE-2025-39392
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WPAMS – Apartment Management System for wordpress
WPAMS – Apartment Management System for wordpress
Researcher
CVE-ID
CVE-2025-26954
CVE-2025-26954
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5
ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5
Researcher
CVE-ID
CVE-2025-39428
CVE-2025-39428
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Gravity Forms CSS Themes with Fontawesome and Placeholders
Gravity Forms CSS Themes with Fontawesome and Placeholders
Researcher
Download Manager <= 3.3.12 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
5.4
CVE-ID
CVE-2025-3056
CVE-2025-3056
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Download Manager
Download Manager
Researcher
CVE-ID
CVE-2025-32688
CVE-2025-32688
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Target Video Easy Publish
Target Video Easy Publish
Researcher
CVE-ID
CVE-2025-39513
CVE-2025-39513
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
ActiveDEMAND
ActiveDEMAND
Researcher
CVE-ID
CVE-2025-39554
CVE-2025-39554
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
AI Text to Speech – TTS Plugin For WordPress
AI Text to Speech – TTS Plugin For WordPress
Researcher
CVE-ID
CVE-2025-39388
CVE-2025-39388
Patch Status
Unpatched
Unpatched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
AnalyticsWP
AnalyticsWP
Researcher
CVE-ID
CVE-2025-39394
CVE-2025-39394
Patch Status
Unpatched
Unpatched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
AnalyticsWP
AnalyticsWP
Researcher
CVE-ID
CVE-2025-39457
CVE-2025-39457
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Researcher
CVE-ID
CVE-2025-39390
CVE-2025-39390
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Researcher
CVE-ID
CVE-2025-39553
CVE-2025-39553
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Church Admin
Church Admin
Researcher
CVE-ID
CVE-2025-26968
CVE-2025-26968
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Cloak Front End Email
Cloak Front End Email
Researcher
CVE-ID
CVE-2025-3247
CVE-2025-3247
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Contact Form 7
Contact Form 7
Researcher
CVE-ID
CVE-2025-39580
CVE-2025-39580
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Dashi
Dashi
Researcher
CVE-ID
CVE-2025-39460
CVE-2025-39460
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Eduma
Eduma
Researcher
CVE-ID
CVE-2025-3479
CVE-2025-3479
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Researcher
CVE-ID
CVE-2025-39353
CVE-2025-39353
Patch Status
Unpatched
Unpatched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
Grand Restaurant WordPress
Grand Restaurant WordPress
Researcher
CVE-ID
CVE-2025-32635
CVE-2025-32635
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Researcher
CVE-ID
CVE-2025-39451
CVE-2025-39451
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
JetBlocks for Elementor
JetBlocks for Elementor
Researcher
CVE-ID
CVE-2025-26958
CVE-2025-26958
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
JetBlog for Elementor
JetBlog for Elementor
Researcher
CVE-ID
CVE-2025-39447
CVE-2025-39447
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
JetElements
JetElements
Researcher
CVE-ID
CVE-2025-26953
CVE-2025-26953
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
JetMenu for Elementor
JetMenu for Elementor
Researcher
CVE-ID
CVE-2025-26944
CVE-2025-26944
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
JetPopup
JetPopup
Researcher
CVE-ID
CVE-2025-26942
CVE-2025-26942
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
JetTricks for Elementor
JetTricks for Elementor
Researcher
CVE-ID
CVE-2025-39449
CVE-2025-39449
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
JetWooBuilder for Elementor
JetWooBuilder for Elementor
Researcher
CVE-ID
CVE-2025-26730
CVE-2025-26730
Patch Status
Unpatched
Unpatched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Macro Calculator with Admin Email Optin & Data
Macro Calculator with Admin Email Optin & Data
Researcher
CVE-ID
CVE-2025-39556
CVE-2025-39556
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Mediavine Control Panel
Mediavine Control Panel
Researcher
CVE-ID
CVE-2025-3453
CVE-2025-3453
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
CVE-ID
CVE-2025-27008
CVE-2025-27008
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Unlimited Timeline
Unlimited Timeline
Researcher
CVE-ID
CVE-2025-3104
CVE-2025-3104
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
WP STAGING Pro WordPress Backup Plugin
WP STAGING Pro WordPress Backup Plugin
Researcher
CVE-ID
CVE-2025-39439
CVE-2025-39439
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
wpLike2Get
wpLike2Get
Researcher
CVE-ID
CVE-2025-39518
CVE-2025-39518
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
BMA Lite – Appointment Booking and Scheduling Plugin
BMA Lite – Appointment Booking and Scheduling Plugin
Researcher
CVE-ID
CVE-2025-39566
CVE-2025-39566
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Hostel
Hostel
Researcher
CVE-ID
CVE-2025-3470
CVE-2025-3470
Patch Status
Patched
Patched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
TS Poll – Survey, Versus Poll, Image Poll, Video Poll
TS Poll – Survey, Versus Poll, Image Poll, Video Poll
Researcher
CVE-ID
CVE-2025-2613
CVE-2025-2613
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Researcher
CVE-ID
CVE-2025-39444
CVE-2025-39444
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WordPress Button Plugin MaxButtons
WordPress Button Plugin MaxButtons
Researcher
Payment Form for PayPal Pro <= 1.1.72 – Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2025-39562
CVE-2025-39562
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Payment Form for PayPal Pro
Payment Form for PayPal Pro
Researcher
CVE-ID
CVE-2025-39427
CVE-2025-39427
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WP Post to PDF Enhanced
WP Post to PDF Enhanced
Researcher
Advanced Dynamic Pricing for WooCommerce <= 4.9.3 – Cross-Site Request Forgery to Settings Update
4.3
CVE-ID
CVE-2025-39453
CVE-2025-39453
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Advanced Dynamic Pricing for WooCommerce
Advanced Dynamic Pricing for WooCommerce
Researcher
CVE-ID
CVE-2025-39465
CVE-2025-39465
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
wp-google-map-gold
wp-google-map-gold
Researcher
CVE-ID
CVE-2025-39437
CVE-2025-39437
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Anthologize
Anthologize
Researcher
CVE-ID
CVE-2025-39434
CVE-2025-39434
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Avatar
Avatar
Researcher
Barcode Generator for WooCommerce <= 2.0.4 – Authenticated (Subscriber+) Arbitrary Content Deletion
4.3
CVE-ID
CVE-2025-32929
CVE-2025-32929
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages
Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages
Researcher
CVE-ID
CVE-2025-39517
CVE-2025-39517
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Basic Interactive World Map
Basic Interactive World Map
Researcher
bbPress2 shortcode whitelist <= 2.2.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting
4.3
CVE-ID
CVE-2025-39432
CVE-2025-39432
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
bbPress2 shortcode whitelist
bbPress2 shortcode whitelist
Researcher
CVE-ID
CVE-2025-39583
CVE-2025-39583
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
BERTHA AI. Your AI co-pilot for WordPress and Chrome
BERTHA AI. Your AI co-pilot for WordPress and Chrome
Researcher
CVE-ID
CVE-2025-39433
CVE-2025-39433
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Bknewsticker
Bknewsticker
Researcher
CVE-ID
CVE-2025-39559
CVE-2025-39559
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Bring Fraktguiden for WooCommerce
Bring Fraktguiden for WooCommerce
Researcher
CVE-ID
CVE-2025-39512
CVE-2025-39512
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Bulk Term Editor
Bulk Term Editor
Researcher
CVE-ID
CVE-2025-39563
CVE-2025-39563
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Conditional Payments for WooCommerce
Conditional Payments for WooCommerce
Researcher
CVE-ID
CVE-2025-39564
CVE-2025-39564
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Conditional Shipping for WooCommerce
Conditional Shipping for WooCommerce
Researcher
CVE-ID
CVE-2025-39522
CVE-2025-39522
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Dynamic Post
Dynamic Post
Researcher
CVE-ID
CVE-2025-39546
CVE-2025-39546
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
ElementsReady Addons for Elementor
ElementsReady Addons for Elementor
Researcher
CVE-ID
CVE-2025-39589
CVE-2025-39589
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
CVE-ID
CVE-2025-39593
CVE-2025-39593
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Ever Accounting – WordPress Accounting and Invoice Plugin
Ever Accounting – WordPress Accounting and Invoice Plugin
Researcher
CVE-ID
CVE-2025-30960
CVE-2025-30960
Patch Status
Patched
Patched
Published
Apr 15, 2025
Apr 15, 2025
Affected Software
FS Poster – WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest]
FS Poster – WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest]
Researcher
CVE-ID
CVE-2025-39351
CVE-2025-39351
Patch Status
Unpatched
Unpatched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
Grand Restaurant WordPress
Grand Restaurant WordPress
Researcher
CVE-ID
CVE-2025-39426
CVE-2025-39426
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
illow – Cookies Consent
illow – Cookies Consent
Researcher
CVE-ID
CVE-2025-39600
CVE-2025-39600
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Integration for WooCommerce and QuickBooks
Integration for WooCommerce and QuickBooks
Researcher
CVE-ID
CVE-2025-39455
CVE-2025-39455
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
IP2Location Variables
IP2Location Variables
Researcher
CVE-ID
CVE-2025-39560
CVE-2025-39560
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Contact Form, Drag and Drop Form Builder Plugin – Live Forms
Contact Form, Drag and Drop Form Builder Plugin – Live Forms
Researcher
CVE-ID
CVE-2025-39412
CVE-2025-39412
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Master Slider – Responsive Touch Slider
Master Slider – Responsive Touch Slider
Researcher
CVE-ID
CVE-2025-27009
CVE-2025-27009
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
My auctions allegro
My auctions allegro
Researcher
CVE-ID
CVE-2025-39454
CVE-2025-39454
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Name Directory
Name Directory
Researcher
CVE-ID
CVE-2025-39442
CVE-2025-39442
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Review Wave – Google Places Reviews
Review Wave – Google Places Reviews
Researcher
CVE-ID
CVE-2025-39424
CVE-2025-39424
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Simple Maps
Simple Maps
Researcher
CVE-ID
CVE-2025-39413
CVE-2025-39413
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Simple Sitemap – Create a Responsive HTML Sitemap
Simple Sitemap – Create a Responsive HTML Sitemap
Researcher
CVE-ID
CVE-2025-39385
CVE-2025-39385
Patch Status
Unpatched
Unpatched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
Sirat
Sirat
Researcher
CVE-ID
CVE-2025-39425
CVE-2025-39425
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Style Manager – Auto-magical system to style your entire WordPress site
Style Manager – Auto-magical system to style your entire WordPress site
Researcher
CVE-ID
CVE-2025-39438
CVE-2025-39438
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Theme Changer
Theme Changer
Researcher
CVE-ID
CVE-2025-3284
CVE-2025-3284
Patch Status
Patched
Patched
Published
Apr 18, 2025
Apr 18, 2025
Affected Software
User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin
User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin
Researcher
CVE-ID
CVE-2025-39443
CVE-2025-39443
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Verge3D Publishing and E-Commerce
Verge3D Publishing and E-Commerce
Researcher
CVE-ID
CVE-2025-39535
CVE-2025-39535
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
Vitepos – Point of sale (POS) plugin for WooCommerce
Vitepos – Point of sale (POS) plugin for WooCommerce
Researcher
CVE-ID
CVE-2025-32545
CVE-2025-32545
Patch Status
Unpatched
Unpatched
Published
Apr 14, 2025
Apr 14, 2025
Affected Software
WooCommerce Products without featured images
WooCommerce Products without featured images
Researcher
CVE-ID
CVE-2025-39472
CVE-2025-39472
Patch Status
Unpatched
Unpatched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WooCommerce – Social Login
WooCommerce – Social Login
Researcher
CVE-ID
CVE-2025-39545
CVE-2025-39545
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WordPress REST API Authentication
WordPress REST API Authentication
Researcher
CVE-ID
CVE-2025-39571
CVE-2025-39571
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WooCommerce Builder & Gutenberg WooCommerce Blocks – WowStore
WooCommerce Builder & Gutenberg WooCommerce Blocks – WowStore
Researcher
CVE-ID
CVE-2025-39456
CVE-2025-39456
Patch Status
Patched
Patched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WP Logger
WP Logger
Researcher
CVE-ID
CVE-2025-39541
CVE-2025-39541
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
WP Simple Booking Calendar
WP Simple Booking Calendar
Researcher
CVE-ID
CVE-2025-39422
CVE-2025-39422
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WP Social Bookmarking
WP Social Bookmarking
Researcher
CVE-ID
CVE-2025-39421
CVE-2025-39421
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WP Sticky Side Buttons
WP Sticky Side Buttons
Researcher
CVE-ID
CVE-2025-39420
CVE-2025-39420
Patch Status
Unpatched
Unpatched
Published
Apr 17, 2025
Apr 17, 2025
Affected Software
WP Twitter Button
WP Twitter Button
Researcher
CVE-ID
CVE-2025-39598
CVE-2025-39598
Patch Status
Patched
Patched
Published
Apr 16, 2025
Apr 16, 2025
Affected Software
Administrator Z
Administrator Z
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 14, 2025 to April 20, 2025) appeared first on Wordfence.
