Wordfence Intelligence Weekly WordPress Vulnerability Report (May 19, 2025 to May 25, 2025)


📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond.  


Last week, there were 160 vulnerabilities disclosed in 108 WordPress Plugins and 44 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 27,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

  • WAF-RULE-838 – Data redacted while we work with the vendor on a patch.
  • WAF-RULE-839 – Data redacted while we work with the vendor on a patch.
  • WAF-RULE-840 – Data redacted while we work with the vendor on a patch.

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 68
Unpatched 92

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 90
High Severity 21
Critical Severity 49

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 52
Deserialization of Untrusted Data 24
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 23
Missing Authorization 17
Cross-Site Request Forgery (CSRF) 12
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 11
Unrestricted Upload of File with Dangerous Type 5
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 4
External Control of File Name or Path 3
Incorrect Privilege Assignment 3
Improper Control of Generation of Code (‘Code Injection’) 2
Authorization Bypass Through User-Controlled Key 1
Improper Privilege Management 1
Unverified Password Change 1
URL Redirection to Untrusted Site (‘Open Redirect’) 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
29
20
13
8
7
7
7
6
4
4
4
3
3
3
3
3
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
4stats 4stats
Active Products Tables for WooCommerce. Use constructor to create tables  profit-products-tables-for-woocommerce
Additional Custom Emails & Recipients for WooCommerce custom-emails-for-woocommerce
Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager ap-plugin-scripteo
Advanced Database Cleaner PRO advanced-database-cleaner-pro
Affiliate Sales in Google Analytics and other tools wecantrack
Affiliates Manager Google reCAPTCHA Integration affiliates-manager-google-recaptcha-integration
Animated Buttons animated-buttons
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress automatorwp
AWcode Toolkit awcode-toolkit
Back Button Widget back-button-widget
Binary MLM Plan binary-mlm-plan
Blog Designer PRO for WordPress blog-designer-pro
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment booking-and-rental-manager-for-woocommerce
Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP videowhisper-live-streaming-integration
bunny.net – WordPress CDN Plugin bunnycdn
Bus Ticket Booking with Seat Reservation for WooCommerce scw-bus-seat-reservation
Change Add to Cart Button Text for WooCommerce add-to-cart-button-labels-for-woocommerce
Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack. recaptcha-for-all
Cost Calculator Builder cost-calculator-builder
Cost of Goods: Product Cost & Profit Calculator for WooCommerce cost-of-goods-for-woocommerce
Coupons & Add to Cart by URL Links for WooCommerce url-coupons-for-woocommerce-by-algoritmika
CryptoCloud – Crypto Payment Gateway cryptocloud-crypto-payment-gateway
DPEPress dpepress
Dynamic Pricing & Discounts Lite for WooCommerce woo-dynamic-pricing-discounts-lite
DZS Video Gallery dzs-videogallery
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory ean-for-woocommerce
ElementInvader Addons for Elementor elementinvader-addons-for-elementor
eMagicOne Store Manager for WooCommerce store-manager-connector
Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop
Essential Real Estate essential-real-estate
Exclusive Addons for Elementor exclusive-addons-for-elementor
Falang multilanguage for WordPress falang
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder form-maker
Formulario de contacto SalesUp! formularios-de-contacto-salesup
Free Shipping Bar: Amount Left for Free Shipping for WooCommerce amount-left-free-shipping-woocommerce
GDPR CCPA Compliance & Cookie Consent Banner ninja-gdpr-compliance
Glossary by WPPedia – Best Glossary plugin for WordPress wppedia
Goodlayers Hostel gdlr-hostel
Goodlayers Hotel gdlr-hotel
Hospital Management System for WordPress hospital-management
Hot Random Image hot-random-image
Import Social Events import-facebook-events
Infocob CRM Forms infocob-crm-forms
Japanized for WooCommerce woocommerce-for-japan
JobHunt Job Alerts jobhunt-notifications
JP Students Result Management System Premium jp-students-result-system-premium
KBx Pro Ultimate knowledgebase-helpdesk-pro
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator legal-pages
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin majestic-support
MapSVG mapsvg
Medicare medicare
MetalpriceAPI metalpriceapi
miniOrange Discord Integration miniorange-discord-integration
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon miniorange-login-openid
MultiVendorX – WooCommerce Multivendor Marketplace Solutions dc-woocommerce-multi-vendor
Nasa Core nasa-core
Network Posts Extended network-posts-extended
Page Builder: Pagelayer – Drag and Drop website builder pagelayer
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery nextgen-gallery
Pix 4x sem juros – Pagaleve wc-pagaleve
Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin pretty-link
Product Code for WooCommerce product-code-for-woocommerce
Product Notes Tab & Private Admin Notes for WooCommerce product-notes-for-woocommerce
Projectopia – WordPress Project Management projectopia-core
Raisely Donation Form raisely-donation-form
ReDi Restaurant Reservation – Instant Availability & Confirmation redi-restaurant-reservation
Rootspersona rootspersona
RSVPMaker rsvpmaker
School Management System for WordPress school-management
Simple Business Directory Pro simple-business-directory-pro
Simplelightbox simplelightbox
Sitewide Discount for WooCommerce: Apply Discount to All Products global-shop-discount-for-woocommerce
SKT Blocks – Gutenberg based Page Builder skt-blocks
Slim SEO – Fast & Automated WordPress SEO Plugin slim-seo
Smart Forms – when you need more than just a contact form smart-forms
Solid Mail – SMTP email and logging made by SolidWP wp-smtp
Splitit splitit-installment-payments
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
StyleAI relentlosoftware
TablePress – Tables in WordPress made easy tablepress
The Events Calendar the-events-calendar
The Plus Addons for Elementor Page Builder theplus_elementor_addon
Tour Master – Tour Booking, Travel, Hotel tourmaster
Tournamatch tournamatch
Ultimate Blocks – WordPress Blocks Plugin ultimate-blocks
Url Rewrite Analyzer url-rewrite-analyzer
User Meta – User Profile Builder and User management plugin user-meta
User Profile Meta Manager user-profile-meta
Visual Composer Website Builder visualcomposer
WhatsCart – Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce WhatsCart-for-WooCommerce
Wishlist for WooCommerce: Multi Wishlists Per Customer wish-list-for-woocommerce
WooCommerce woocommerce
WordPress Mega Menu Block getwid-megamenu
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce wp-event-manager
WP Image Mask wp-image-mask
WP Job Portal – A Complete Recruitment System for Company or Job Board website wp-job-portal
WP Mapa Politico España wp-mapa-politico-spain
WP Post Modules for Elementor wp-post-modules-el
WP Smart Import : Import any XML File to WordPress wp-smart-import
WP YouTube Video Optimizer wp-youtube-video-optimizer
WPAdverts – Classifieds Plugin wpadverts
WPCHURCH – Church Management System for WordPress church-management
Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor
Year Make Model Search for WooCommerce ymm-search
ZoomSounds – WordPress Wave Audio Player with Playlist dzs-zoomsounds

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Acerola – Ultra Minimalist Agency Theme acerola
Ashley – Creative Portfolio WordPress Theme ashley
Avantage – Business Consulting WordPress Theme avantage
Backpack Traveler – Modern Travel Blog WordPress Theme backpacktraveler
bloggie bloggie
Builty – Construction WordPress Theme builty
Butcher – Meat Shop WooCommerce WordPress Theme butcher
Capie – Minimal Creative WooCommerce WordPress Theme capie
Car Dealer Automotive WordPress Theme – Responsive cardealer
couponxl couponxl
Crafts & Arts – Handmade Artist WordPress crafts-and-arts
Dash – Creative Business Theme dash
Entrada entrada
Enzio – Responsive Business WordPress Theme enzio
Finance Consultant – Consulting WordPress Theme finance
Fish House | A Stylish Seafood Restaurant / Cafe / Bar WordPress Theme fish-house
Grand Tour | Travel Agency WordPress grandtour
Healsoul – Medical Care, Home Healthcare Service WP Theme healsoul
HotStar – MultiPurpose Business WordPress Theme hotstar
Insurance WordPress Theme insurance
itsulu itsulu
Jarvis – Night Club, Concert, Festival WordPress Theme jarvis
kaffen kaffen
Kiamo – Responsive Business Service WordPress Theme kiamo
Kids Planet – Children Kindergarten and Playgroup WordPress Theme kidsplanet
Kinsley – Hotel Booking Theme kinsley
La Boom – Food & Restaurant Bistro WordPress Theme laboom
larson larson
luique luique
Madara – Responsive and modern WordPress theme for manga sites madara
Motors – Car Dealer, Rental & Listing WordPress theme motors
OBER – CV Resume WordPress Theme ober
Ogami – Organic Store WordPress Theme ogami
Oxpitan – Nonprofit Charity WordPress Theme oxpitan
Pet World – Dog Care & Pet Shop WordPress Theme petsworld
Photography photography
ruizarch ruizarch
samantha samantha
The Business – Powerful One Page Biz Theme nrgbusiness
Umberto – Mushroom Farm & Organic Products Store WordPress Theme umberto
Vizeon – Business Consulting WordPress Themes vizeon
Wilmër – Construction WordPress Theme wilmer
winnex winnex
Yozi – Multipurpose Electronics WooCommerce WordPress Theme yozi

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31927
Patch Status
Unpatched
Published
May 22, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-46444
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39495
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39490
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-47696
Patch Status
Unpatched
Published
May 21, 2025
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32286
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31060
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39480
Patch Status
Unpatched
Published
May 22, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39489
Patch Status
Unpatched
Published
May 19, 2025
Affected Software
couponxl
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31049
Patch Status
Unpatched
Published
May 19, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-47552
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
DZS Video Gallery
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-5058
Patch Status
Unpatched
Published
May 23, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31912
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-48126
Patch Status
Unpatched
Published
May 21, 2025
Affected Software
Essential Real Estate
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31631
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39500
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
Goodlayers Hostel
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39503
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
Goodlayers Hotel
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39485
Patch Status
Unpatched
Published
May 20, 2025
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32309
Patch Status
Unpatched
Published
May 22, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31069
Patch Status
Unpatched
Published
May 19, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32292
Patch Status
Unpatched
Published
May 19, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31916
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31633
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-48289
Patch Status
Patched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31632
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39499
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
Medicare
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-47672
Patch Status
Unpatched
Published
May 22, 2025
Affected Software
miniOrange Discord Integration
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-4322
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39506
Patch Status
Unpatched
Published
May 21, 2025
Affected Software
Nasa Core
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31913
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32294
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-48287
Patch Status
Patched
Published
May 21, 2025
Affected Software
Pix 4x sem juros – Pagaleve
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31918
Patch Status
Unpatched
Published
May 22, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31430
Patch Status
Unpatched
Published
May 19, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-48292
Patch Status
Patched
Published
May 21, 2025
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31423
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31064
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-39494
Patch Status
Patched
Published
May 21, 2025
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32302
Patch Status
Unpatched
Published
May 21, 2025
Affected Software
winnex
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-47670
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-48125
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-47453
Patch Status
Patched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32289
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-47568
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2025-4603
Patch Status
Unpatched
Published
May 23, 2025
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31924
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-47553
Patch Status
Unpatched
Published
May 21, 2025
Affected Software
DZS Video Gallery
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32293
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-47663
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-47631
Patch Status
Unpatched
Published
May 22, 2025
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31634
Patch Status
Unpatched
Published
May 21, 2025
Affected Software
Insurance WordPress Theme
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-48140
Patch Status
Unpatched
Published
May 22, 2025
Affected Software
MetalpriceAPI
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32284
Patch Status
Unpatched
Published
May 21, 2025
CVSS Rating
High (8.8)
CVE-ID
Unknown
Patch Status
Unpatched
Published
May 22, 2025
Affected Software
Photography
Researcher
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-4336
Patch Status
Unpatched
Published
May 23, 2025
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-31053
Patch Status
Unpatched
Published
May 21, 2025
Affected Software
KBx Pro Ultimate
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-47671
Patch Status
Unpatched
Published
May 21, 2025
Affected Software
Binary MLM Plan
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31397
Patch Status
Unpatched
Published
May 22, 2025
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-39484
Patch Status
Unpatched
Published
May 22, 2025
Affected Software
Entrada
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-39501
Patch Status
Unpatched
Published
May 22, 2025
Affected Software
Goodlayers Hostel
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-39504
Patch Status
Unpatched
Published
May 22, 2025
Affected Software
Goodlayers Hotel
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-48283
Patch Status
Patched
Published
May 22, 2025
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31914
Patch Status
Unpatched
Published
May 22, 2025
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-4803
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-48278
Patch Status
Patched
Published
May 19, 2025
Affected Software
RSVPMaker
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-47575
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-4221
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
Animated Buttons
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48252
Patch Status
Patched
Published
May 19, 2025
Affected Software
Back Button Widget
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48236
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48254
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48240
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-4219
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
DPEPress
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48249
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48288
Patch Status
Patched
Published
May 19, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48256
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9544
Patch Status
Unpatched
Published
May 21, 2025
Affected Software
MapSVG
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48258
Patch Status
Patched
Published
May 19, 2025
Affected Software
WordPress Mega Menu Block
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48263
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-3750
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
Network Posts Extended
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-3781
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
Raisely Donation Form
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48270
Patch Status
Patched
Published
May 19, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-4611
Patch Status
Patched
Published
May 20, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-5096
Patch Status
Patched
Published
May 22, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-4594
Patch Status
Patched
Published
May 22, 2025
Affected Software
Tournamatch
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48234
Patch Status
Patched
Published
May 19, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48276
Patch Status
Patched
Published
May 19, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48237
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48235
Patch Status
Patched
Published
May 19, 2025
Affected Software
WP Image Mask
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-4217
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
WP YouTube Video Optimizer
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48269
Patch Status
Patched
Published
May 19, 2025
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-48232
Patch Status
Patched
Published
May 19, 2025
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-3869
Patch Status
Unpatched
Published
May 23, 2025
Affected Software
4stats
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-12561
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-48238
Patch Status
Patched
Published
May 19, 2025
Affected Software
AWcode Toolkit
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31054
Patch Status
Unpatched
Published
May 19, 2025
Affected Software
bloggie
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32285
Patch Status
Unpatched
Published
May 22, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32300
Patch Status
Unpatched
Published
May 22, 2025
Affected Software
DZS Video Gallery
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-48143
Patch Status
Unpatched
Published
May 20, 2025
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-39502
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
Goodlayers Hostel
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-39505
Patch Status
Unpatched
Published
May 20, 2025
Affected Software
Goodlayers Hotel
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-48286
Patch Status
Patched
Published
May 22, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-47613
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-47611
Patch Status
Unpatched
Published
May 22, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-5062
Patch Status
Patched
Published
May 21, 2025
Affected Software
WooCommerce
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31636
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31642
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
Medium (5.9)
CVE-ID
CVE-2025-4602
Patch Status
Unpatched
Published
May 23, 2025
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-4105
Patch Status
Patched
Published
May 20, 2025
Affected Software
Splitit
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-47585
Patch Status
Patched
Published
May 22, 2025
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-48147
Patch Status
Unpatched
Published
May 22, 2025
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-48346
Patch Status
Unpatched
Published
May 19, 2025
Affected Software
Embed and Integrate Etsy Shop
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-39536
Patch Status
Unpatched
Published
May 23, 2025
Affected Software
JobHunt Job Alerts
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-48282
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-47558
Patch Status
Unpatched
Published
May 22, 2025
Affected Software
MapSVG
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-48139
Patch Status
Unpatched
Published
May 22, 2025
Affected Software
StyleAI
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-48272
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-48280
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-4405
Patch Status
Patched
Published
May 21, 2025
Affected Software
Hot Random Image
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-47513
Patch Status
Patched
Published
May 22, 2025
Affected Software
Infocob CRM Forms
Researcher
CVSS Rating
Medium (4.7)
CVE-ID
CVE-2025-48342
Patch Status
Unpatched
Published
May 19, 2025
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-48277
Patch Status
Patched
Published
May 19, 2025
Affected Software
Cost Calculator Builder
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-48244
Patch Status
Patched
Published
May 19, 2025
Affected Software
Exclusive Addons for Elementor
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-48341
Patch Status
Unpatched
Published
May 19, 2025
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-5055
Patch Status
Unpatched
Published
May 23, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46256
Patch Status
Patched
Published
May 22, 2025
Affected Software
Advanced Database Cleaner PRO
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48233
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48268
Patch Status
Patched
Published
May 19, 2025
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48285
Patch Status
Patched
Published
May 19, 2025
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48260
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-4419
Patch Status
Patched
Published
May 21, 2025
Affected Software
Hot Random Image
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48284
Patch Status
Patched
Published
May 19, 2025
Affected Software
Japanized for WooCommerce
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48242
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48264
Patch Status
Patched
Published
May 19, 2025
Affected Software
Product Code for WooCommerce
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48257
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48243
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48344
Patch Status
Unpatched
Published
May 19, 2025
Affected Software
Rootspersona
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-39368
Patch Status
Unpatched
Published
May 19, 2025
Affected Software
Rootspersona
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48247
Patch Status
Patched
Published
May 19, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48246
Patch Status
Patched
Published
May 19, 2025
Affected Software
The Events Calendar
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-46259
Patch Status
Unpatched
Published
May 20, 2025
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48262
Patch Status
Patched
Published
May 19, 2025
Affected Software
Url Rewrite Analyzer
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48340
Patch Status
Unpatched
Published
May 19, 2025
Affected Software
User Profile Meta Manager
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48259
Patch Status
Patched
Published
May 19, 2025
Affected Software
WP Mapa Politico España
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-48265
Patch Status
Patched
Published
May 19, 2025

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (May 19, 2025 to May 25, 2025) appeared first on Wordfence.

Leave a Comment