Wordfence Intelligence Weekly WordPress Vulnerability Report (April 21, 2025 to April 27, 2025)


📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond.  


Last week, there were 230 vulnerabilities disclosed in 197 WordPress Plugins and 14 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 53 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 26,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 82
Unpatched 148

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 170
High Severity 35
Critical Severity 25

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 91
Cross-Site Request Forgery (CSRF) 42
Missing Authorization 20
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 17
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 15
Deserialization of Untrusted Data 10
Improper Control of Generation of Code (‘Code Injection’) 6
Server-Side Request Forgery (SSRF) 5
Unrestricted Upload of File with Dangerous Type 5
Improper Privilege Management 4
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 3
Unverified Password Change 3
Exposure of Sensitive Information to an Unauthorized Actor 2
External Control of Assumed-Immutable Web Parameter 2
Authorization Bypass Through User-Controlled Key 1
Improper Authentication 1
Incorrect Authorization 1
Incorrect Privilege Assignment 1
Insertion of Sensitive Information Into Sent Data 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
49
16
15
12
10
10
7
7
7
6
6
5
5
4
4
4
4
4
3
3
3
3
3
3
2
2
2
2
2
2
2
2
1
1
1
1

Gab
1
1
1
1
1
1
1
1
1
1
1
1

p4
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
1 Decembrie 1918 1-decembrie-1918
360 View 360-view
Able Player, accessible HTML5 media player ableplayer
Absolute Links absolute-links
ACF: Google Font Selector acf-google-font-selector-field
Add custom page template add-custom-page-template
Add Google +1 (Plus one) social share Button add-google-plus-one-social-share-button
Advanced Accordion Gutenberg Block advanced-accordion-block
Advanced lazy load advanced-lazy-load
Advanced Linked Variations for Woocommerce linked-variation
Aeropage Sync for Airtable aeropage-sync-for-airtable
affiliate-toolkit – WP Affiliate Plugin with Amazon affiliate-toolkit-starter
Ajax Comment Form CST ajax-comment-form-cst
All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier aio-time-clock-lite
Alt Text AI – Automatically generate image alt text for SEO and accessibility alttext-ai
AnalyticsWP analyticswp
Animate animate
Anps Theme plugin anps_theme_plugin
Anything Popup anything-popup
Appointment Booking Calendar appointment-booking-calendar
Appsero Helper appsero-helper
Author Box After Posts author-box-after-posts
Author Box Plugin With Different Description author-box-with-different-description
Availability Calendar availability
Awesome Wp Image Gallery awesome-wp-image-gallery
BBCode Deluxe bbcode-deluxe
BeerXML Shortcode beerxml-shortcode
Best Posts Summary best-posts-summary
Best Quiz Plugin for WordPress: WP Quiz wp-quiz
Blog Manager WP blog-manager-wp
BM Content Builder bm-builder
Breeze Display wt-display-breeze
Buddypress Force Password Change buddy-press-force-password-change
Bulk Assign Linked Products For WooCommerce wc-bulk-assign-linked-products
Business Contact Widget business-contact-widget
Call Now PHT Blog call-now-coccoc-pht-blog
Capturly capturly-optimize-your-website
Car Park Booking System for WordPress car-park-booking-system-for-wordpress
Carousel-of-post-images carousel-of-post-images
CheckBot checkbot
Checkout Field Visibility for WooCommerce checkout-field-visibility-for-woocommerce
CM Ad Changer – A simple tool to control and optimize your site’s banners cm-ad-changer
CM Answers – Easy-to-use forum to grow your WP community cm-answers
Configurator Theme Core amz-configurator-core
Confirm User Registration confirm-user-registration
Contact Form 7 Calendar cf7-calendar
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder bit-form
Control Listings – Classifieds Ads Directory Portal Manager control-listings
cookieBAR cookiebar
COVID-19 (Coronavirus) Update Your Customers covid-19-alert
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress abcsubmit
Crossword Compiler Puzzles crossword-compiler-puzzles
Custom Admin-Bar Favorites admin-bookmarks
Custom Functions Plugin custom-functions
Custom Login and Registration ms-registration
Custom Related Posts custom-related-posts
Database Toolset database-toolset
Document Management System dms
Drop Caps drop-caps
Dropdown Content dropdown-content
Easy Child Theme Creator easy-child-theme-creator
eForm – WordPress Form Builder wp-fsqm-pro
Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder bdthemes-element-pack-lite
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic
Enhanced Paypal Shortcodes enhanced-paypal-shortcodes
Event post event-post
External Markdown external-markdown
Fable Extra fable-extra
FAT Services Booking fat-services-booking
Flickr Shortcode Importer flickr-shortcode-importer
Floating Social Bar floating-social-bar
Flynax Bridge flynax-bridge
Foodbakery Sticky Cart foodbakery-sticky-cart
Frontend Dashboard frontend-dashboard
Frontend Login and Registration Blocks frontend-login-and-registration-blocks
FuseDesk fusedesk
GNA Search Shortcode gna-search-shortcode
Google News google-news
Grand Conference | Event WordPress grandconference
Greenshift – animation and page builder blocks greenshift-animation-and-page-builder-blocks
GTDB Guitar Tuners guitar-tuner
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor gutenkit-blocks-addon
Hacklog Remote Attachment hacklog-remote-attachment
Hospital Management System for WordPress hospital-management
HTML Forms – Simple WordPress Forms Plugin html-forms
iCafe Library icafe-library
Image Hover Effects For WPBakery Page Builder image-hover-effects-for-visual-composer
Image Optimizer, Resizer and CDN – Sirv sirv
Image Style Hover – Displays content when you hover on image image-content-show-hover
Inline Text Popup inline-text-popup
Integração entre Eduzz e Woocommerce integracao-entre-eduzz-e-wc-powers
JobSearch WP Job Board wp-jobsearch
Jupiter X Core jupiterx-core
Landing pages and Domain aliases for WordPress landing-pages-and-domain-aliases
Libro de Reclamaciones libro-de-reclamaciones
License For Envato license-envato
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm v-form
Link Library link-library
List Last Changes list-last-changes
Loan Calculator repayment-calculator
Lottie Player- Great Lottie Player Solution embed-lottie-player
LSD Custom taxonomy and category meta custom-taxonomy-category-and-term-fields
Mad Mimi for WordPress mad-mimi
Mailing Group Listserv wp-mailing-group
Mang Board WP mangboard
Mayosis Core mayosis-core
Media Library Downloader media-library-downloader
Memberpress memberpress
Message Filter for Contact Form 7 cf7-message-filter
Milat jQuery Automatic Popup milat-jquery-automatic-popup
Mini twitter feed mini-twitter-feed
Mixcloud Embed mixcloud-embed
Modern Polls modern-polls
MPL-Publisher — Ebook & Audiobook Creator mpl-publisher
Multi-Column Taxonomy List multi-column-taxonomy-list
My Custom Widgets mycustomwidget
My Tickets – Accessible Event Ticketing my-tickets
Navegg Analytics navegg
Nepali Post Date nepali-post-date
occupancyplan occupancyplan
Ocean Extra ocean-extra
PayPal Express Checkout paypal-express-checkout
Peadig’s Google +1 Button google-1
Peekaboo peekaboo
Plugin Central plugin-central
Popup Builder easy-notify-lite
Post in page for Elementor post-in-page-for-elementor
Posts for Page posts-for-page
PowerPress Podcasting plugin by Blubrry powerpress
Prevent Direct Access – Protect WordPress Files prevent-direct-access
Print Science Designer print-science-designer
Product Lister for eBay product-lister-ebay
RAphicon raphicon
Recover abandoned cart for WooCommerce recover-wc-abandoned-cart
Related Posts via Taxonomies related-posts-via-taxonomies
Revy revy
RRSSB rrssb
SCSS-Library scss-library
Send From send-from
Seriously Simple Podcasting seriously-simple-podcasting
Service Finder Bookings sf-booking
SEUR Oficial seur
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) woolentor-addons
Simple calendar for Elementor simple-calendar-for-elementor
Simple Download Counter simple-download-counter
Simple Google Photos Grid simple-google-photos-grid
SKT Blocks – Gutenberg based Page Builder skt-blocks
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) sky-elementor-addons
Smart Hashtags [#hashtagger] hashtagger
Social Counter social-counter
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
SUMO Reward Points for WooCommerce rewardsystem
Tax Switch for WooCommerce tax-switch-for-woocommerce
Tayori Form Plugin tayori
Textmetrics webtexttool
The Pack Elementor addon the-pack-addon
Theme Switcha – Easily Switch Themes for Development and Testing theme-switcha
Time Based Greeting time-based-greeting
Twitter Card Generator twitter-card-generator
UiCore Elements – Free Elementor widgets and templates uicore-elements
Unsafe Mimetypes unsafe-mimetypes
Upsell Funnel Builder for WooCommerce upsell-order-bump-offer-for-woocommerce
User Registration & Membership – Custom Registration Form, Login Form, and User Profile user-registration
Vasaio QR Code vasaio-qr-code
Verification SMS with TargetSMS verification-sms-targetsms
VikRestaurants Table Reservations and Take-Away vikrestaurants
Visual Composer Website Builder visualcomposer
Watu Quiz watu
Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) xc-woo-google-cloud-print
WordPress Easy Guide wp-easy-guide
WordPress Events Calendar Registration & Tickets wpeventplus
WordPress Simple Shopping Cart wordpress-simple-paypal-shopping-cart
WordPress Tabs gt-tabs
WordPress Tooltip wp-tooltip
WoWHead Tooltips wowhead-tooltips
WP AVCL Automation Helper (formerly WPFlyLeads) woozap
WP Cookie Consent wp-cookie-consent
Wp Custom CMS Block wp-custom-cms-block
WP Custom Post Popup custom-post-popup
WP Customize Login Page wp-customize-login-page
WP Filter Post Category wp-filter-post-categories
WP Foodbakery wp-foodbakery
WP HRM LITE wp-hrm-lite-human-resource-management-system
WP Import Export Lite wp-import-export-lite
WP Vegas vegas-fullscreen-background-slider
wp-cyr-cho | Конвертира кирилски символи в латиниски wp-cyr-cho
WP-reCAPTCHA-bp wp-recaptcha-bp
WPMasterToolKit (WPMTK) – All in one plugin wpmastertoolkit
WPVN – Username Changer wpvn-username-changer
WpZon – Amazon Affiliate Plugin wpzon
WS Force Login Page ws-force-login-page
WS Form LITE – Drag & Drop Contact Form Builder for WordPress ws-form
Xelion Webchat xelion-webchat
Xpert Tab xpert-tab
Xpro Elementor Addons – Pro xpro-elementor-addons-pro
Zalo Official Live Chat zalo-official-live-chat
Zoho Creator Forms zohocreator

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Altair altair
Arrival arrival
bellevuex bellevuex
CiyaShop – Multipurpose WooCommerce Theme ciyashop
CWW Portfolio cww-portfolio
EduMall – Professional LMS Education Center WordPress Theme edumall
Grace Mag grace-mag
Grand Restaurant WordPress grandrestaurant
JNews – WordPress Newspaper Magazine Blog AMP Theme jnews
Opstore opstore
Reales WP – Real Estate WordPress Theme reales-wp-real-estate-wordpress-theme
Vikinger vikinger
wProject wproject
Xews Lite xews-lite

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32928
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Altair
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32921
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Arrival
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39379
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Capturly
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39391
Patch Status
Unpatched
Published
Apr 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39349
Patch Status
Unpatched
Published
Apr 21, 2025
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39359
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
CWW Portfolio
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-46468
Patch Status
Patched
Published
Apr 25, 2025
Affected Software
Fable Extra
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-3604
Patch Status
Unpatched
Published
Apr 23, 2025
Affected Software
Flynax Bridge
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-3603
Patch Status
Unpatched
Published
Apr 23, 2025
Affected Software
Flynax Bridge
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39356
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Foodbakery Sticky Cart
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39360
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Grace Mag
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39354
Patch Status
Unpatched
Published
Apr 21, 2025
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39348
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Grand Restaurant WordPress
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32926
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Grand Restaurant WordPress
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39380
Patch Status
Unpatched
Published
Apr 22, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39399
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
License For Envato
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39387
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Opstore
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39384
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Product Lister for eBay
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2470
Patch Status
Patched
Published
Apr 24, 2025
Affected Software
Service Finder Bookings
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-46474
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
SEUR Oficial
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32925
Patch Status
Unpatched
Published
Apr 21, 2025
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32927
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
WP Foodbakery
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39383
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Xews Lite
Researcher
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2025-3065
Patch Status
Unpatched
Published
Apr 23, 2025
Affected Software
Database Toolset
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3914
Patch Status
Patched
Published
Apr 25, 2025
Affected Software
Aeropage Sync for Airtable
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-1279
Patch Status
Patched
Published
Apr 24, 2025
Affected Software
BM Content Builder
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3101
Patch Status
Unpatched
Published
Apr 23, 2025
Affected Software
Configurator Theme Core
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-46490
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Crossword Compiler Puzzles
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3607
Patch Status
Unpatched
Published
Apr 23, 2025
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3616
Patch Status
Patched
Published
Apr 21, 2025
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3906
Patch Status
Unpatched
Published
Apr 25, 2025
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3761
Patch Status
Patched
Published
Apr 23, 2025
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-46230
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Popup Builder
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2238
Patch Status
Patched
Published
Apr 24, 2025
Affected Software
Vikinger
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-39366
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
wProject
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3058
Patch Status
Patched
Published
Apr 23, 2025
Affected Software
Xelion Webchat
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-13808
Patch Status
Patched
Published
Apr 25, 2025
Affected Software
Xpro Elementor Addons – Pro
Researcher
CVSS Rating
High (8.3)
CVE-ID
CVE-2025-3776
Patch Status
Unpatched
Published
Apr 23, 2025
Researcher
CVSS Rating
High (8.2)
CVE-ID
CVE-2025-39352
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Grand Restaurant WordPress
Researcher
CVSS Rating
High (8.2)
CVE-ID
CVE-2025-3529
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
WordPress Simple Shopping Cart
Researcher
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-2101
Patch Status
Patched
Published
Apr 25, 2025
CVSS Rating
High (8.1)
CVE-ID
CVE-2024-11917
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
JobSearch WP Job Board
Researcher
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-2105
Patch Status
Patched
Published
Apr 25, 2025
Affected Software
Jupiter X Core
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-46439
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Plugin Central
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-39389
Patch Status
Patched
Published
Apr 21, 2025
Affected Software
AnalyticsWP
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-46460
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
WordPress Easy Guide
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-46539
Patch Status
Patched
Published
Apr 25, 2025
Affected Software
Fable Extra
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-46248
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-46248
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-39386
Patch Status
Unpatched
Published
Apr 22, 2025
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-1565
Patch Status
Patched
Published
Apr 24, 2025
Affected Software
Mayosis Core
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-3530
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
WordPress Simple Shopping Cart
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-46455
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
WP HRM LITE
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-3491
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Add custom page template
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-1294
Patch Status
Patched
Published
Apr 24, 2025
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-46481
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Flickr Shortcode Importer
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-3300
Patch Status
Patched
Published
Apr 23, 2025
CVSS Rating
Medium (6.6)
CVE-ID
CVE-2025-46473
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Social Counter
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-13812
Patch Status
Patched
Published
Apr 25, 2025
Affected Software
Anps Theme plugin
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-46241
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Appointment Booking Calendar
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-39377
Patch Status
Unpatched
Published
Apr 21, 2025
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-39355
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
FAT Services Booking
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-39357
Patch Status
Unpatched
Published
Apr 21, 2025
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-46463
Patch Status
Patched
Published
Apr 25, 2025
Affected Software
Mailing Group Listserv
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-3472
Patch Status
Patched
Published
Apr 21, 2025
Affected Software
Ocean Extra
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-32924
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Revy
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46509
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
360 View
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46475
Patch Status
Patched
Published
Apr 24, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2543
Patch Status
Patched
Published
Apr 23, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46443
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Animate
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46263
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Author Box After Posts
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46476
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Awesome Wp Image Gallery
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46479
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
BBCode Deluxe
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46511
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
BeerXML Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-3749
Patch Status
Patched
Published
Apr 24, 2025
Affected Software
Breeze Display
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46536
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Carousel-of-post-images
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46227
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Custom Related Posts
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46478
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Dropdown Content
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46543
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Enhanced Paypal Shortcodes
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46228
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Event post
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46445
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
External Markdown
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46447
Patch Status
Patched
Published
Apr 24, 2025
Affected Software
Fable Extra
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-3832
Patch Status
Patched
Published
Apr 23, 2025
Affected Software
FuseDesk
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46540
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
GNA Search Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46438
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
GTDB Guitar Tuners
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46253
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46236
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46484
Patch Status
Unpatched
Published
Apr 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46534
Patch Status
Unpatched
Published
Apr 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46538
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Inline Text Popup
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46237
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Link Library
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46238
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
List Last Changes
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2579
Patch Status
Patched
Published
Apr 23, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46262
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Mad Mimi for WordPress
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46496
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Mini twitter feed
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46501
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Mixcloud Embed
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46226
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46491
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Multi-Column Taxonomy List
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46480
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Nepali Post Date
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-3458
Patch Status
Patched
Published
Apr 21, 2025
Affected Software
Ocean Extra
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-3457
Patch Status
Patched
Published
Apr 21, 2025
Affected Software
Ocean Extra
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46483
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Peadig’s Google +1 Button
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46505
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Peekaboo
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46225
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Post in page for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-39369
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Posts for Page
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46467
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
RAphicon
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46461
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
RRSSB
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46240
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Simple Download Counter
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46503
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Simple Google Photos Grid
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46233
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46235
Patch Status
Patched
Published
Apr 22, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-3814
Patch Status
Patched
Published
Apr 21, 2025
Affected Software
Tax Switch for WooCommerce
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46472
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
The Pack Elementor addon
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46239
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46532
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WordPress Tooltip
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46254
Patch Status
Patched
Published
Apr 22, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46449
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WoWHead Tooltips
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46531
Patch Status
Unpatched
Published
Apr 24, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46471
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WP Custom Post Popup
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2839
Patch Status
Patched
Published
Apr 21, 2025
Affected Software
WP Import Export Lite
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46482
Patch Status
Unpatched
Published
Apr 25, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-43841
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
WP Vegas
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46542
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Xpert Tab
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-46453
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Zoho Creator Forms
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-3870
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
1 Decembrie 1918
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-39382
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
ACF: Google Font Selector
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-3866
Patch Status
Unpatched
Published
Apr 24, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46508
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Advanced lazy load
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-3867
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Ajax Comment Form CST
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-39397
Patch Status
Unpatched
Published
Apr 21, 2025
Affected Software
Anything Popup
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-39374
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Best Posts Summary
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-43840
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
CheckBot
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46510
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Contact Form 7 Calendar
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46234
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-3868
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Custom Admin-Bar Favorites
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46512
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Custom Functions Plugin
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46448
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Document Management System
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46495
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Drop Caps
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46452
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Google News
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-39393
Patch Status
Unpatched
Published
Apr 22, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46446
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Libro de Reclamaciones
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46442
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Loan Calculator
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46502
Patch Status
Unpatched
Published
Apr 24, 2025
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46514
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Milat jQuery Automatic Popup
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46526
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
My Custom Widgets
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46450
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
occupancyplan
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46520
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Related Posts via Taxonomies
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46437
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Tayori Form Plugin
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46435
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Time Based Greeting
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46516
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Twitter Card Generator
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-39400
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46504
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Vasaio QR Code
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-39372
Patch Status
Unpatched
Published
Apr 22, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46457
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Wp Custom CMS Block
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46524
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WP Filter Post Category
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-39365
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
wProject
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-46506
Patch Status
Unpatched
Published
Apr 24, 2025
Researcher
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-46459
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Confirm User Registration
Researcher
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-46469
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Send From
Researcher
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-46477
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WP Customize Login Page
Researcher
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-3861
Patch Status
Patched
Published
Apr 24, 2025
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-46465
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Print Science Designer
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-46244
Patch Status
Patched
Published
Apr 22, 2025
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-46247
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Appointment Booking Calendar
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-46489
Patch Status
Unpatched
Published
Apr 24, 2025
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-39373
Patch Status
Unpatched
Published
Apr 22, 2025
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-11299
Patch Status
Patched
Published
Apr 21, 2025
Affected Software
Memberpress
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-3923
Patch Status
Patched
Published
Apr 24, 2025
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-3743
Patch Status
Patched
Published
Apr 24, 2025
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-46485
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WP Customize Login Page
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-39350
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
wProject
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-43833
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Absolute Links
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-39370
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
iCafe Library
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-46252
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-46242
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Watu Quiz
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-46517
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Blog Manager WP
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-46529
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Business Contact Widget
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-43834
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
cookieBAR
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-46451
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Floating Social Bar
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-46533
Patch Status
Unpatched
Published
Apr 24, 2025
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-3435
Patch Status
Patched
Published
Apr 23, 2025
Affected Software
Mang Board WP
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-46261
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-46229
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Textmetrics
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-46250
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-46525
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WP Cookie Consent
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-46541
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WP-reCAPTCHA-bp
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-46521
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WS Force Login Page
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-3915
Patch Status
Patched
Published
Apr 25, 2025
Affected Software
Aeropage Sync for Airtable
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46231
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46513
Patch Status
Unpatched
Published
Apr 24, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-39371
Patch Status
Unpatched
Published
Apr 25, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46528
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Availability Calendar
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46492
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Call Now PHT Blog
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-39376
Patch Status
Unpatched
Published
Apr 22, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46245
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46246
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46535
Patch Status
Unpatched
Published
Apr 25, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46232
Patch Status
Patched
Published
Apr 22, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-39375
Patch Status
Unpatched
Published
Apr 25, 2025
Affected Software
Easy Child Theme Creator
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46530
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Hacklog Remote Attachment
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-39398
Patch Status
Unpatched
Published
Apr 22, 2025
Affected Software
bellevuex
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46519
Patch Status
Patched
Published
Apr 24, 2025
Affected Software
Media Library Downloader
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46466
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Modern Polls
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46497
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Navegg Analytics
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46499
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
PayPal Express Checkout
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46243
Patch Status
Patched
Published
Apr 22, 2025
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46436
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
SCSS-Library
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46249
Patch Status
Patched
Published
Apr 22, 2025
Affected Software
Simple calendar for Elementor
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46470
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Smart Hashtags [#hashtagger]
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46522
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WordPress Tabs
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46507
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Unsafe Mimetypes
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-43835
Patch Status
Unpatched
Published
Apr 25, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46462
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
WPVN – Username Changer
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46498
Patch Status
Unpatched
Published
Apr 24, 2025
Affected Software
Zalo Official Live Chat
Researcher
CVSS Rating
Medium (4.2)
CVE-ID
CVE-2025-3793
Patch Status
Unpatched
Published
Apr 23, 2025
Researcher

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 21, 2025 to April 27, 2025) appeared first on Wordfence.

Leave a Comment