In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond.
Last week, there were 160 vulnerabilities disclosed in 108 WordPress Plugins and 44 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 27,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-838 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-839 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-840 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 68 |
| Unpatched | 92 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 90 |
| High Severity | 21 |
| Critical Severity | 49 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 52 |
| Deserialization of Untrusted Data | 24 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 23 |
| Missing Authorization | 17 |
| Cross-Site Request Forgery (CSRF) | 12 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 11 |
| Unrestricted Upload of File with Dangerous Type | 5 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 4 |
| External Control of File Name or Path | 3 |
| Incorrect Privilege Assignment | 3 |
| Improper Control of Generation of Code (‘Code Injection’) | 2 |
| Authorization Bypass Through User-Controlled Key | 1 |
| Improper Privilege Management | 1 |
| Unverified Password Change | 1 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 29 | |
| 20 | |
| 13 | |
| 8 | |
| 7 | |
| 7 | |
| 7 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 4stats | 4stats |
| Active Products Tables for WooCommerce. Use constructor to create tables | profit-products-tables-for-woocommerce |
| Additional Custom Emails & Recipients for WooCommerce | custom-emails-for-woocommerce |
| Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager | ap-plugin-scripteo |
| Advanced Database Cleaner PRO | advanced-database-cleaner-pro |
| Affiliate Sales in Google Analytics and other tools | wecantrack |
| Affiliates Manager Google reCAPTCHA Integration | affiliates-manager-google-recaptcha-integration |
| Animated Buttons | animated-buttons |
| AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress | automatorwp |
| AWcode Toolkit | awcode-toolkit |
| Back Button Widget | back-button-widget |
| Binary MLM Plan | binary-mlm-plan |
| Blog Designer PRO for WordPress | blog-designer-pro |
| Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment | booking-and-rental-manager-for-woocommerce |
| Bot for Telegram on WooCommerce | bot-for-telegram-on-woocommerce |
| Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP | videowhisper-live-streaming-integration |
| bunny.net – WordPress CDN Plugin | bunnycdn |
| Bus Ticket Booking with Seat Reservation for WooCommerce | scw-bus-seat-reservation |
| Change Add to Cart Button Text for WooCommerce | add-to-cart-button-labels-for-woocommerce |
| Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack. | recaptcha-for-all |
| Cost Calculator Builder | cost-calculator-builder |
| Cost of Goods: Product Cost & Profit Calculator for WooCommerce | cost-of-goods-for-woocommerce |
| Coupons & Add to Cart by URL Links for WooCommerce | url-coupons-for-woocommerce-by-algoritmika |
| CryptoCloud – Crypto Payment Gateway | cryptocloud-crypto-payment-gateway |
| DPEPress | dpepress |
| Dynamic Pricing & Discounts Lite for WooCommerce | woo-dynamic-pricing-discounts-lite |
| DZS Video Gallery | dzs-videogallery |
| EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory | ean-for-woocommerce |
| ElementInvader Addons for Elementor | elementinvader-addons-for-elementor |
| eMagicOne Store Manager for WooCommerce | store-manager-connector |
| Embed and Integrate Etsy Shop | embed-and-integrate-etsy-shop |
| Essential Real Estate | essential-real-estate |
| Exclusive Addons for Elementor | exclusive-addons-for-elementor |
| Falang multilanguage for WordPress | falang |
| Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
| Formulario de contacto SalesUp! | formularios-de-contacto-salesup |
| Free Shipping Bar: Amount Left for Free Shipping for WooCommerce | amount-left-free-shipping-woocommerce |
| GDPR CCPA Compliance & Cookie Consent Banner | ninja-gdpr-compliance |
| Glossary by WPPedia – Best Glossary plugin for WordPress | wppedia |
| Goodlayers Hostel | gdlr-hostel |
| Goodlayers Hotel | gdlr-hotel |
| Hospital Management System for WordPress | hospital-management |
| Hot Random Image | hot-random-image |
| Import Social Events | import-facebook-events |
| Infocob CRM Forms | infocob-crm-forms |
| Japanized for WooCommerce | woocommerce-for-japan |
| JobHunt Job Alerts | jobhunt-notifications |
| JP Students Result Management System Premium | jp-students-result-system-premium |
| KBx Pro Ultimate | knowledgebase-helpdesk-pro |
| Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator | legal-pages |
| Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin | majestic-support |
| MapSVG | mapsvg |
| Medicare | medicare |
| MetalpriceAPI | metalpriceapi |
| miniOrange Discord Integration | miniorange-discord-integration |
| miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon | miniorange-login-openid |
| MultiVendorX – WooCommerce Multivendor Marketplace Solutions | dc-woocommerce-multi-vendor |
| Nasa Core | nasa-core |
| Network Posts Extended | network-posts-extended |
| Page Builder: Pagelayer – Drag and Drop website builder | pagelayer |
| Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | nextgen-gallery |
| Pix 4x sem juros – Pagaleve | wc-pagaleve |
| Pixel WordPress Form BuilderPlugin & Autoresponder | pixel-formbuilder |
| PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin | pretty-link |
| Product Code for WooCommerce | product-code-for-woocommerce |
| Product Notes Tab & Private Admin Notes for WooCommerce | product-notes-for-woocommerce |
| Projectopia – WordPress Project Management | projectopia-core |
| Raisely Donation Form | raisely-donation-form |
| ReDi Restaurant Reservation – Instant Availability & Confirmation | redi-restaurant-reservation |
| Rootspersona | rootspersona |
| RSVPMaker | rsvpmaker |
| School Management System for WordPress | school-management |
| Simple Business Directory Pro | simple-business-directory-pro |
| Simplelightbox | simplelightbox |
| Sitewide Discount for WooCommerce: Apply Discount to All Products | global-shop-discount-for-woocommerce |
| SKT Blocks – Gutenberg based Page Builder | skt-blocks |
| Slim SEO – Fast & Automated WordPress SEO Plugin | slim-seo |
| Smart Forms – when you need more than just a contact form | smart-forms |
| Solid Mail – SMTP email and logging made by SolidWP | wp-smtp |
| Splitit | splitit-installment-payments |
| Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | excel-like-price-change-for-woocommerce-and-wp-e-commerce-light |
| StyleAI | relentlosoftware |
| TablePress – Tables in WordPress made easy | tablepress |
| The Events Calendar | the-events-calendar |
| The Plus Addons for Elementor Page Builder | theplus_elementor_addon |
| Tour Master – Tour Booking, Travel, Hotel | tourmaster |
| Tournamatch | tournamatch |
| Ultimate Blocks – WordPress Blocks Plugin | ultimate-blocks |
| Url Rewrite Analyzer | url-rewrite-analyzer |
| User Meta – User Profile Builder and User management plugin | user-meta |
| User Profile Meta Manager | user-profile-meta |
| Visual Composer Website Builder | visualcomposer |
| WhatsCart – Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce | WhatsCart-for-WooCommerce |
| Wishlist for WooCommerce: Multi Wishlists Per Customer | wish-list-for-woocommerce |
| WooCommerce | woocommerce |
| WordPress Mega Menu Block | getwid-megamenu |
| WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | wp-event-manager |
| WP Image Mask | wp-image-mask |
| WP Job Portal – A Complete Recruitment System for Company or Job Board website | wp-job-portal |
| WP Mapa Politico España | wp-mapa-politico-spain |
| WP Post Modules for Elementor | wp-post-modules-el |
| WP Smart Import : Import any XML File to WordPress | wp-smart-import |
| WP YouTube Video Optimizer | wp-youtube-video-optimizer |
| WPAdverts – Classifieds Plugin | wpadverts |
| WPCHURCH – Church Management System for WordPress | church-management |
| Xpro Addons For Beaver Builder – Lite | xpro-addons-beaver-builder-elementor |
| Year Make Model Search for WooCommerce | ymm-search |
| ZoomSounds – WordPress Wave Audio Player with Playlist | dzs-zoomsounds |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Acerola – Ultra Minimalist Agency Theme | acerola |
| Ashley – Creative Portfolio WordPress Theme | ashley |
| Avantage – Business Consulting WordPress Theme | avantage |
| Backpack Traveler – Modern Travel Blog WordPress Theme | backpacktraveler |
| bloggie | bloggie |
| Builty – Construction WordPress Theme | builty |
| Butcher – Meat Shop WooCommerce WordPress Theme | butcher |
| Capie – Minimal Creative WooCommerce WordPress Theme | capie |
| Car Dealer Automotive WordPress Theme – Responsive | cardealer |
| couponxl | couponxl |
| Crafts & Arts – Handmade Artist WordPress | crafts-and-arts |
| Dash – Creative Business Theme | dash |
| Entrada | entrada |
| Enzio – Responsive Business WordPress Theme | enzio |
| Finance Consultant – Consulting WordPress Theme | finance |
| Fish House | A Stylish Seafood Restaurant / Cafe / Bar WordPress Theme | fish-house |
| Grand Tour | Travel Agency WordPress | grandtour |
| Healsoul – Medical Care, Home Healthcare Service WP Theme | healsoul |
| HotStar – MultiPurpose Business WordPress Theme | hotstar |
| Insurance WordPress Theme | insurance |
| itsulu | itsulu |
| Jarvis – Night Club, Concert, Festival WordPress Theme | jarvis |
| kaffen | kaffen |
| Kiamo – Responsive Business Service WordPress Theme | kiamo |
| Kids Planet – Children Kindergarten and Playgroup WordPress Theme | kidsplanet |
| Kinsley – Hotel Booking Theme | kinsley |
| La Boom – Food & Restaurant Bistro WordPress Theme | laboom |
| larson | larson |
| luique | luique |
| Madara – Responsive and modern WordPress theme for manga sites | madara |
| Motors – Car Dealer, Rental & Listing WordPress theme | motors |
| OBER – CV Resume WordPress Theme | ober |
| Ogami – Organic Store WordPress Theme | ogami |
| Oxpitan – Nonprofit Charity WordPress Theme | oxpitan |
| Pet World – Dog Care & Pet Shop WordPress Theme | petsworld |
| Photography | photography |
| ruizarch | ruizarch |
| samantha | samantha |
| The Business – Powerful One Page Biz Theme | nrgbusiness |
| Umberto – Mushroom Farm & Organic Products Store WordPress Theme | umberto |
| Vizeon – Business Consulting WordPress Themes | vizeon |
| Wilmër – Construction WordPress Theme | wilmer |
| winnex | winnex |
| Yozi – Multipurpose Electronics WooCommerce WordPress Theme | yozi |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-31927
CVE-2025-31927
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Acerola – Ultra Minimalist Agency Theme
Acerola – Ultra Minimalist Agency Theme
Researcher
CVE-ID
CVE-2025-46444
CVE-2025-46444
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager
Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager
Researcher
CVE-ID
CVE-2025-39495
CVE-2025-39495
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Avantage – Business Consulting WordPress Theme
Avantage – Business Consulting WordPress Theme
Researcher
CVE-ID
CVE-2025-39490
CVE-2025-39490
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Backpack Traveler – Modern Travel Blog WordPress Theme
Backpack Traveler – Modern Travel Blog WordPress Theme
Researcher
CVE-ID
CVE-2025-47696
CVE-2025-47696
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Blog Designer PRO for WordPress
Blog Designer PRO for WordPress
Researcher
CVE-ID
CVE-2025-32286
CVE-2025-32286
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Butcher – Meat Shop WooCommerce WordPress Theme
Butcher – Meat Shop WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-31060
CVE-2025-31060
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Capie – Minimal Creative WooCommerce WordPress Theme
Capie – Minimal Creative WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-39480
CVE-2025-39480
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Car Dealer Automotive WordPress Theme – Responsive
Car Dealer Automotive WordPress Theme – Responsive
Researcher
CVE-ID
CVE-2025-31049
CVE-2025-31049
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
Dash – Creative Business Theme
Dash – Creative Business Theme
Researcher
CVE-ID
CVE-2025-47552
CVE-2025-47552
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
DZS Video Gallery
DZS Video Gallery
Researcher
CVE-ID
CVE-2025-5058
CVE-2025-5058
Patch Status
Unpatched
Unpatched
Published
May 23, 2025
May 23, 2025
Affected Software
eMagicOne Store Manager for WooCommerce
eMagicOne Store Manager for WooCommerce
Researcher
CVE-ID
CVE-2025-31912
CVE-2025-31912
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Enzio – Responsive Business WordPress Theme
Enzio – Responsive Business WordPress Theme
Researcher
CVE-ID
CVE-2025-48126
CVE-2025-48126
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Essential Real Estate
Essential Real Estate
Researcher
CVE-ID
CVE-2025-31631
CVE-2025-31631
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Fish House | A Stylish Seafood Restaurant / Cafe / Bar WordPress Theme
Fish House | A Stylish Seafood Restaurant / Cafe / Bar WordPress Theme
Researcher
CVE-ID
CVE-2025-39500
CVE-2025-39500
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Goodlayers Hostel
Goodlayers Hostel
Researcher
CVE-ID
CVE-2025-39503
CVE-2025-39503
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Goodlayers Hotel
Goodlayers Hotel
Researcher
CVE-ID
CVE-2025-39485
CVE-2025-39485
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Grand Tour | Travel Agency WordPress
Grand Tour | Travel Agency WordPress
Researcher
CVE-ID
CVE-2025-32309
CVE-2025-32309
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Healsoul – Medical Care, Home Healthcare Service WP Theme
Healsoul – Medical Care, Home Healthcare Service WP Theme
Researcher
CVE-ID
CVE-2025-31069
CVE-2025-31069
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
HotStar – MultiPurpose Business WordPress Theme
HotStar – MultiPurpose Business WordPress Theme
Researcher
Jarvis – Night Club, Concert, Festival WordPress <= 1.8.11 – Unauthenticated PHP Object Injection
9.8
CVE-ID
CVE-2025-32292
CVE-2025-32292
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
Jarvis – Night Club, Concert, Festival WordPress Theme
Jarvis – Night Club, Concert, Festival WordPress Theme
Researcher
CVE-ID
CVE-2025-31916
CVE-2025-31916
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
JP Students Result Management System Premium
JP Students Result Management System Premium
Researcher
Kiamo – Responsive Business Service WordPress Theme <= 1.3.3 – Unauthenticated Local File Inclusion
9.8
CVE-ID
CVE-2025-31633
CVE-2025-31633
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Kiamo – Responsive Business Service WordPress Theme
Kiamo – Responsive Business Service WordPress Theme
Researcher
CVE-ID
CVE-2025-48289
CVE-2025-48289
Patch Status
Patched
Patched
Published
May 21, 2025
May 21, 2025
Affected Software
Kids Planet – Children Kindergarten and Playgroup WordPress Theme
Kids Planet – Children Kindergarten and Playgroup WordPress Theme
Researcher
CVE-ID
CVE-2025-31632
CVE-2025-31632
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
La Boom – Food & Restaurant Bistro WordPress Theme
La Boom – Food & Restaurant Bistro WordPress Theme
Researcher
CVE-ID
CVE-2025-4524
CVE-2025-4524
Patch Status
Patched
Patched
Published
May 20, 2025
May 20, 2025
Affected Software
Madara – Responsive and modern WordPress theme for manga sites
Madara – Responsive and modern WordPress theme for manga sites
Researcher
CVE-ID
CVE-2025-47672
CVE-2025-47672
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
miniOrange Discord Integration
miniOrange Discord Integration
Researcher
CVE-ID
CVE-2025-4322
CVE-2025-4322
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Motors – Car Dealer, Rental & Listing WordPress theme
Motors – Car Dealer, Rental & Listing WordPress theme
Researcher
CVE-ID
CVE-2025-48290
CVE-2025-48290
Patch Status
Patched
Patched
Published
May 20, 2025
May 20, 2025
CVE-ID
CVE-2025-39506
CVE-2025-39506
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Nasa Core
Nasa Core
Researcher
CVE-ID
CVE-2025-31913
CVE-2025-31913
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Ogami – Organic Store WordPress Theme
Ogami – Organic Store WordPress Theme
Researcher
CVE-ID
CVE-2025-32294
CVE-2025-32294
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Oxpitan – Nonprofit Charity WordPress Theme
Oxpitan – Nonprofit Charity WordPress Theme
Researcher
CVE-ID
CVE-2025-48287
CVE-2025-48287
Patch Status
Patched
Patched
Published
May 21, 2025
May 21, 2025
Affected Software
Pix 4x sem juros – Pagaleve
Pix 4x sem juros – Pagaleve
Researcher
CVE-ID
CVE-2025-31918
CVE-2025-31918
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Simple Business Directory Pro
Simple Business Directory Pro
Researcher
CVE-ID
CVE-2025-48129
CVE-2025-48129
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light
Researcher
CVE-ID
CVE-2025-48123
CVE-2025-48123
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light
Researcher
CVE-ID
CVE-2025-31430
CVE-2025-31430
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
The Business – Powerful One Page Biz Theme
The Business – Powerful One Page Biz Theme
Researcher
CVE-ID
CVE-2025-48292
CVE-2025-48292
Patch Status
Patched
Patched
Published
May 21, 2025
May 21, 2025
Affected Software
Tour Master – Tour Booking, Travel, Hotel
Tour Master – Tour Booking, Travel, Hotel
Researcher
CVE-ID
CVE-2025-31423
CVE-2025-31423
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Umberto – Mushroom Farm & Organic Products Store WordPress Theme
Umberto – Mushroom Farm & Organic Products Store WordPress Theme
Researcher
CVE-ID
CVE-2025-31064
CVE-2025-31064
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Vizeon – Business Consulting WordPress Themes
Vizeon – Business Consulting WordPress Themes
Researcher
CVE-ID
CVE-2025-39494
CVE-2025-39494
Patch Status
Patched
Patched
Published
May 21, 2025
May 21, 2025
Affected Software
Wilmër – Construction WordPress Theme
Wilmër – Construction WordPress Theme
Researcher
CVE-ID
CVE-2025-32302
CVE-2025-32302
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
winnex
winnex
Researcher
CVE-ID
CVE-2025-47670
CVE-2025-47670
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon
Researcher
CVE-ID
CVE-2025-48125
CVE-2025-48125
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Researcher
CVE-ID
CVE-2025-47453
CVE-2025-47453
Patch Status
Patched
Patched
Published
May 21, 2025
May 21, 2025
Affected Software
WP Smart Import : Import any XML File to WordPress
WP Smart Import : Import any XML File to WordPress
Researcher
CVE-ID
CVE-2025-32289
CVE-2025-32289
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Yozi – Multipurpose Electronics WooCommerce WordPress Theme
Yozi – Multipurpose Electronics WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-47568
CVE-2025-47568
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
ZoomSounds – WordPress Wave Audio Player with Playlist
ZoomSounds – WordPress Wave Audio Player with Playlist
Researcher
CVE-ID
CVE-2025-4603
CVE-2025-4603
Patch Status
Unpatched
Unpatched
Published
May 23, 2025
May 23, 2025
Affected Software
eMagicOne Store Manager for WooCommerce
eMagicOne Store Manager for WooCommerce
Researcher
CVE-ID
CVE-2025-31924
CVE-2025-31924
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Crafts & Arts – Handmade Artist WordPress
Crafts & Arts – Handmade Artist WordPress
Researcher
CVE-ID
CVE-2025-47553
CVE-2025-47553
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
DZS Video Gallery
DZS Video Gallery
Researcher
CVE-ID
CVE-2025-32293
CVE-2025-32293
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Finance Consultant – Consulting WordPress Theme
Finance Consultant – Consulting WordPress Theme
Researcher
Hospital Management System <= 47.0(20-11-2023) – Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-ID
CVE-2025-47663
CVE-2025-47663
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Hospital Management System for WordPress
Hospital Management System for WordPress
Researcher
Hospital Management System <= 47.0(20-11-2023) – Authenticated (Subscriber+) Privilege Escalation
8.8
CVE-ID
CVE-2025-47631
CVE-2025-47631
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Hospital Management System for WordPress
Hospital Management System for WordPress
Researcher
CVE-ID
CVE-2025-31634
CVE-2025-31634
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Insurance WordPress Theme
Insurance WordPress Theme
Researcher
CVE-ID
CVE-2025-48140
CVE-2025-48140
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
MetalpriceAPI
MetalpriceAPI
Researcher
CVE-ID
CVE-2025-32284
CVE-2025-32284
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Pet World – Dog Care & Pet Shop WordPress Theme
Pet World – Dog Care & Pet Shop WordPress Theme
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Photography
Photography
Researcher
CVE-ID
CVE-2025-4336
CVE-2025-4336
Patch Status
Unpatched
Unpatched
Published
May 23, 2025
May 23, 2025
Affected Software
eMagicOne Store Manager for WooCommerce
eMagicOne Store Manager for WooCommerce
Researcher
CVE-ID
CVE-2025-31053
CVE-2025-31053
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
KBx Pro Ultimate
KBx Pro Ultimate
Researcher
CVE-ID
CVE-2025-47671
CVE-2025-47671
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
Binary MLM Plan
Binary MLM Plan
Researcher
CVE-ID
CVE-2025-31397
CVE-2025-31397
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Bus Ticket Booking with Seat Reservation for WooCommerce
Bus Ticket Booking with Seat Reservation for WooCommerce
Researcher
CVE-ID
CVE-2025-39501
CVE-2025-39501
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Goodlayers Hostel
Goodlayers Hostel
Researcher
CVE-ID
CVE-2025-39504
CVE-2025-39504
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Goodlayers Hotel
Goodlayers Hotel
Researcher
CVE-ID
CVE-2025-48283
CVE-2025-48283
Patch Status
Patched
Patched
Published
May 22, 2025
May 22, 2025
Affected Software
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin
Researcher
CVE-ID
CVE-2025-31914
CVE-2025-31914
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Pixel WordPress Form BuilderPlugin & Autoresponder
Pixel WordPress Form BuilderPlugin & Autoresponder
Researcher
CVE-ID
CVE-2025-31056
CVE-2025-31056
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
CVE-ID
CVE-2025-4803
CVE-2025-4803
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Glossary by WPPedia – Best Glossary plugin for WordPress
Glossary by WPPedia – Best Glossary plugin for WordPress
Researcher
CVE-ID
CVE-2025-1123
CVE-2025-1123
Patch Status
Patched
Patched
Published
May 22, 2025
May 22, 2025
Affected Software
Solid Mail – SMTP email and logging made by SolidWP
Solid Mail – SMTP email and logging made by SolidWP
Researcher
CVE-ID
CVE-2025-48278
CVE-2025-48278
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
RSVPMaker
RSVPMaker
Researcher
CVE-ID
CVE-2025-47575
CVE-2025-47575
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
School Management System for WordPress
School Management System for WordPress
Researcher
CVE-ID
CVE-2025-48266
CVE-2025-48266
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Active Products Tables for WooCommerce. Use constructor to create tables
Active Products Tables for WooCommerce. Use constructor to create tables
Researcher
CVE-ID
CVE-2025-48251
CVE-2025-48251
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Additional Custom Emails & Recipients for WooCommerce
Additional Custom Emails & Recipients for WooCommerce
Researcher
CVE-ID
CVE-2025-4221
CVE-2025-4221
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Animated Buttons
Animated Buttons
Researcher
CVE-ID
CVE-2025-48252
CVE-2025-48252
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Back Button Widget
Back Button Widget
Researcher
CVE-ID
CVE-2025-48236
CVE-2025-48236
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
bunny.net – WordPress CDN Plugin
bunny.net – WordPress CDN Plugin
Researcher
CVE-ID
CVE-2025-48254
CVE-2025-48254
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Change Add to Cart Button Text for WooCommerce
Change Add to Cart Button Text for WooCommerce
Researcher
Cost of Goods for WooCommerce <= 3.7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2025-48240
CVE-2025-48240
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Cost of Goods: Product Cost & Profit Calculator for WooCommerce
Cost of Goods: Product Cost & Profit Calculator for WooCommerce
Researcher
CVE-ID
CVE-2025-48250
CVE-2025-48250
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Coupons & Add to Cart by URL Links for WooCommerce
Coupons & Add to Cart by URL Links for WooCommerce
Researcher
CVE-ID
CVE-2025-48249
CVE-2025-48249
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory
Researcher
CVE-ID
CVE-2025-48288
CVE-2025-48288
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
ElementInvader Addons for Elementor
ElementInvader Addons for Elementor
Researcher
CVE-ID
CVE-2025-48253
CVE-2025-48253
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Free Shipping Bar: Amount Left for Free Shipping for WooCommerce
Free Shipping Bar: Amount Left for Free Shipping for WooCommerce
Researcher
CVE-ID
CVE-2025-48256
CVE-2025-48256
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Import Social Events
Import Social Events
Researcher
CVE-ID
CVE-2024-9544
CVE-2024-9544
Patch Status
Unpatched
Unpatched
Published
May 21, 2025
May 21, 2025
Affected Software
MapSVG
MapSVG
Researcher
CVE-ID
CVE-2025-48258
CVE-2025-48258
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
WordPress Mega Menu Block
WordPress Mega Menu Block
Researcher
CVE-ID
CVE-2024-5878
CVE-2024-5878
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Researcher
CVE-ID
CVE-2025-48263
CVE-2025-48263
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
MultiVendorX – WooCommerce Multivendor Marketplace Solutions
MultiVendorX – WooCommerce Multivendor Marketplace Solutions
Researcher
CVE-ID
CVE-2025-3750
CVE-2025-3750
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Network Posts Extended
Network Posts Extended
Researcher
CVE-ID
CVE-2024-13427
CVE-2024-13427
Patch Status
Patched
Patched
Published
May 23, 2025
May 23, 2025
Affected Software
Page Builder: Pagelayer – Drag and Drop website builder
Page Builder: Pagelayer – Drag and Drop website builder
Researcher
CVE-ID
CVE-2025-48239
CVE-2025-48239
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Product Notes Tab & Private Admin Notes for WooCommerce
Product Notes Tab & Private Admin Notes for WooCommerce
Researcher
CVE-ID
CVE-2025-3781
CVE-2025-3781
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Raisely Donation Form
Raisely Donation Form
Researcher
CVE-ID
CVE-2025-48248
CVE-2025-48248
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Sitewide Discount for WooCommerce: Apply Discount to All Products
Sitewide Discount for WooCommerce: Apply Discount to All Products
Researcher
CVE-ID
CVE-2025-48270
CVE-2025-48270
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
SKT Blocks – Gutenberg based Page Builder
SKT Blocks – Gutenberg based Page Builder
Researcher
CVE-ID
CVE-2025-4611
CVE-2025-4611
Patch Status
Patched
Patched
Published
May 20, 2025
May 20, 2025
Affected Software
Slim SEO – Fast & Automated WordPress SEO Plugin
Slim SEO – Fast & Automated WordPress SEO Plugin
Researcher
CVE-ID
CVE-2025-5096
CVE-2025-5096
Patch Status
Patched
Patched
Published
May 22, 2025
May 22, 2025
Affected Software
TablePress – Tables in WordPress made easy
TablePress – Tables in WordPress made easy
Researcher
CVE-ID
CVE-2025-4594
CVE-2025-4594
Patch Status
Patched
Patched
Published
May 22, 2025
May 22, 2025
Affected Software
Tournamatch
Tournamatch
Researcher
CVE-ID
CVE-2025-48234
CVE-2025-48234
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Ultimate Blocks – WordPress Blocks Plugin
Ultimate Blocks – WordPress Blocks Plugin
Researcher
CVE-ID
CVE-2025-48276
CVE-2025-48276
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Visual Composer Website Builder
Visual Composer Website Builder
Researcher
CVE-ID
CVE-2025-48237
CVE-2025-48237
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Wishlist for WooCommerce: Multi Wishlists Per Customer
Wishlist for WooCommerce: Multi Wishlists Per Customer
Researcher
CVE-ID
CVE-2025-48235
CVE-2025-48235
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
WP Image Mask
WP Image Mask
Researcher
CVE-ID
CVE-2025-4217
CVE-2025-4217
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
WP YouTube Video Optimizer
WP YouTube Video Optimizer
Researcher
CVE-ID
CVE-2025-48269
CVE-2025-48269
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
WPAdverts – Classifieds Plugin
WPAdverts – Classifieds Plugin
Researcher
CVE-ID
CVE-2025-48232
CVE-2025-48232
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Xpro Addons For Beaver Builder – Lite
Xpro Addons For Beaver Builder – Lite
Researcher
CVE-ID
CVE-2024-12561
CVE-2024-12561
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Affiliate Sales in Google Analytics and other tools
Affiliate Sales in Google Analytics and other tools
Researcher
CVE-ID
CVE-2025-48238
CVE-2025-48238
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
AWcode Toolkit
AWcode Toolkit
Researcher
CVE-ID
CVE-2025-31054
CVE-2025-31054
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
bloggie
bloggie
Researcher
CVE-ID
CVE-2025-32285
CVE-2025-32285
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
Butcher – Meat Shop WooCommerce WordPress Theme
Butcher – Meat Shop WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-32300
CVE-2025-32300
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
DZS Video Gallery
DZS Video Gallery
Researcher
CVE-ID
CVE-2025-48143
CVE-2025-48143
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Formulario de contacto SalesUp!
Formulario de contacto SalesUp!
Researcher
CVE-ID
CVE-2025-39502
CVE-2025-39502
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Goodlayers Hostel
Goodlayers Hostel
Researcher
CVE-ID
CVE-2025-39505
CVE-2025-39505
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
Goodlayers Hotel
Goodlayers Hotel
Researcher
CVE-ID
CVE-2025-48286
CVE-2025-48286
Patch Status
Patched
Patched
Published
May 22, 2025
May 22, 2025
Affected Software
ReDi Restaurant Reservation – Instant Availability & Confirmation
ReDi Restaurant Reservation – Instant Availability & Confirmation
Researcher
CVE-ID
CVE-2025-47613
CVE-2025-47613
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
School Management System for WordPress
School Management System for WordPress
Researcher
CVE-ID
CVE-2025-47611
CVE-2025-47611
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
User Meta – User Profile Builder and User management plugin
User Meta – User Profile Builder and User management plugin
Researcher
CVE-ID
CVE-2025-5062
CVE-2025-5062
Patch Status
Patched
Patched
Published
May 21, 2025
May 21, 2025
Affected Software
WooCommerce
WooCommerce
Researcher
CVE-ID
CVE-2025-31636
CVE-2025-31636
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
WP Post Modules for Elementor
WP Post Modules for Elementor
Researcher
CVE-ID
CVE-2025-31642
CVE-2025-31642
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
WPCHURCH – Church Management System for WordPress
WPCHURCH – Church Management System for WordPress
Researcher
CVE-ID
CVE-2025-4602
CVE-2025-4602
Patch Status
Unpatched
Unpatched
Published
May 23, 2025
May 23, 2025
Affected Software
eMagicOne Store Manager for WooCommerce
eMagicOne Store Manager for WooCommerce
Researcher
CVE-ID
CVE-2025-4105
CVE-2025-4105
Patch Status
Patched
Patched
Published
May 20, 2025
May 20, 2025
Affected Software
Splitit
Splitit
Researcher
CVE-ID
CVE-2025-47585
CVE-2025-47585
Patch Status
Patched
Patched
Published
May 22, 2025
May 22, 2025
Affected Software
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Researcher
CVE-ID
CVE-2025-48147
CVE-2025-48147
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
CryptoCloud – Crypto Payment Gateway
CryptoCloud – Crypto Payment Gateway
Researcher
CVE-ID
CVE-2025-48346
CVE-2025-48346
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
Embed and Integrate Etsy Shop
Embed and Integrate Etsy Shop
Researcher
CVE-ID
CVE-2025-39536
CVE-2025-39536
Patch Status
Unpatched
Unpatched
Published
May 23, 2025
May 23, 2025
Affected Software
JobHunt Job Alerts
JobHunt Job Alerts
Researcher
CVE-ID
CVE-2025-48282
CVE-2025-48282
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin
Researcher
CVE-ID
CVE-2025-47558
CVE-2025-47558
Patch Status
Unpatched
Unpatched
Published
May 22, 2025
May 22, 2025
Affected Software
MapSVG
MapSVG
Researcher
CVE-ID
CVE-2025-48272
CVE-2025-48272
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Researcher
CVE-ID
CVE-2025-48280
CVE-2025-48280
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
Researcher
CVE-ID
CVE-2025-4405
CVE-2025-4405
Patch Status
Patched
Patched
Published
May 21, 2025
May 21, 2025
Affected Software
Hot Random Image
Hot Random Image
Researcher
CVE-ID
CVE-2025-47513
CVE-2025-47513
Patch Status
Patched
Patched
Published
May 22, 2025
May 22, 2025
Affected Software
Infocob CRM Forms
Infocob CRM Forms
Researcher
CVE-ID
CVE-2025-48342
CVE-2025-48342
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
Dynamic Pricing & Discounts Lite for WooCommerce
Dynamic Pricing & Discounts Lite for WooCommerce
Researcher
CVE-ID
CVE-2025-4223
CVE-2025-4223
Patch Status
Patched
Patched
Published
May 23, 2025
May 23, 2025
Affected Software
Page Builder: Pagelayer – Drag and Drop website builder
Page Builder: Pagelayer – Drag and Drop website builder
Researcher
CVE-ID
CVE-2025-48277
CVE-2025-48277
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Cost Calculator Builder
Cost Calculator Builder
Researcher
Exclusive Addons Elementor <= 2.7.9 – Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2025-48244
CVE-2025-48244
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Exclusive Addons for Elementor
Exclusive Addons for Elementor
Researcher
CVE-ID
CVE-2025-48341
CVE-2025-48341
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Researcher
CVE-ID
CVE-2025-5055
CVE-2025-5055
Patch Status
Unpatched
Unpatched
Published
May 23, 2025
May 23, 2025
Affected Software
Smart Forms – when you need more than just a contact form
Smart Forms – when you need more than just a contact form
Researcher
CVE-ID
CVE-2025-46256
CVE-2025-46256
Patch Status
Patched
Patched
Published
May 22, 2025
May 22, 2025
Affected Software
Advanced Database Cleaner PRO
Advanced Database Cleaner PRO
Researcher
CVE-ID
CVE-2025-48233
CVE-2025-48233
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Affiliates Manager Google reCAPTCHA Integration
Affiliates Manager Google reCAPTCHA Integration
Researcher
CVE-ID
CVE-2025-48268
CVE-2025-48268
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Bot for Telegram on WooCommerce
Bot for Telegram on WooCommerce
Researcher
CVE-ID
CVE-2025-48255
CVE-2025-48255
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP
Researcher
CVE-ID
CVE-2025-48285
CVE-2025-48285
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Falang multilanguage for WordPress
Falang multilanguage for WordPress
Researcher
CVE-ID
CVE-2025-48260
CVE-2025-48260
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
GDPR CCPA Compliance & Cookie Consent Banner
GDPR CCPA Compliance & Cookie Consent Banner
Researcher
CVE-ID
CVE-2025-4419
CVE-2025-4419
Patch Status
Patched
Patched
Published
May 21, 2025
May 21, 2025
Affected Software
Hot Random Image
Hot Random Image
Researcher
CVE-ID
CVE-2025-48284
CVE-2025-48284
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Japanized for WooCommerce
Japanized for WooCommerce
Researcher
CVE-ID
CVE-2025-48242
CVE-2025-48242
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
Researcher
CVE-ID
CVE-2025-48264
CVE-2025-48264
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Product Code for WooCommerce
Product Code for WooCommerce
Researcher
CVE-ID
CVE-2025-48257
CVE-2025-48257
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Projectopia – WordPress Project Management
Projectopia – WordPress Project Management
Researcher
CVE-ID
CVE-2025-48243
CVE-2025-48243
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack.
Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack.
Researcher
CVE-ID
CVE-2025-48344
CVE-2025-48344
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
Rootspersona
Rootspersona
Researcher
CVE-ID
CVE-2025-39368
CVE-2025-39368
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
Rootspersona
Rootspersona
Researcher
CVE-ID
CVE-2025-48247
CVE-2025-48247
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin
Researcher
CVE-ID
CVE-2025-48246
CVE-2025-48246
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
The Events Calendar
The Events Calendar
Researcher
CVE-ID
CVE-2025-46259
CVE-2025-46259
Patch Status
Unpatched
Unpatched
Published
May 20, 2025
May 20, 2025
Affected Software
The Plus Addons for Elementor Page Builder
The Plus Addons for Elementor Page Builder
Researcher
CVE-ID
CVE-2025-48262
CVE-2025-48262
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Url Rewrite Analyzer
Url Rewrite Analyzer
Researcher
CVE-ID
CVE-2025-48340
CVE-2025-48340
Patch Status
Unpatched
Unpatched
Published
May 19, 2025
May 19, 2025
Affected Software
User Profile Meta Manager
User Profile Meta Manager
Researcher
CVE-ID
CVE-2025-48259
CVE-2025-48259
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
WP Mapa Politico España
WP Mapa Politico España
Researcher
CVE-ID
CVE-2025-48265
CVE-2025-48265
Patch Status
Patched
Patched
Published
May 19, 2025
May 19, 2025
Affected Software
Year Make Model Search for WooCommerce
Year Make Model Search for WooCommerce
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (May 19, 2025 to May 25, 2025) appeared first on Wordfence.
