Calling all Vulnerability Researchers and Bug Bounty Hunters!
Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big!
Last week, there were 140 vulnerabilities disclosed in 120 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 48 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 28,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-859 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 106 |
| Unpatched | 34 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 112 |
| High Severity | 15 |
| Critical Severity | 13 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 55 |
| Missing Authorization | 24 |
| Cross-Site Request Forgery (CSRF) | 17 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 11 |
| Exposure of Sensitive Information to an Unauthorized Actor | 9 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 6 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 5 |
| Deserialization of Untrusted Data | 4 |
| Unrestricted Upload of File with Dangerous Type | 3 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| Authorization Bypass Through User-Controlled Key | 1 |
| External Control of File Name or Path | 1 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Improper Privilege Management | 1 |
| Server-Side Request Forgery (SSRF) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 21 | |
| 12 | |
| 8 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| aapanel WP Toolkit | aapanel-wp-toolkit |
| Affiliate Reviews | affiliate-reviews |
| Alike – WordPress Custom Post Comparison | alike |
| Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) | azon-addon-js-composer |
| Animator – Scroll Triggered Animations | scroll-triggered-animations |
| AntiSpam for Contact Form 7 | cf7-antispam |
| Apollo – Sticky Full Width HTML5 Audio Player | lbg-audio5-html5-shoutcast-sticky |
| Appointment Booking & Scheduling Plugin — Webba Booking Calendar | webba-booking-lite |
| Attachment Manager | attachment-manager |
| Avada (Fusion) Builder | fusion-builder |
| Avishi WP PayPal Payment Button | avishi-wp-paypal-payment-button |
| B1.lt | b1-accounting |
| Bears Backup | bears-backup |
| Block Editor Gallery Slider | block-editor-gallery-slider |
| Bold Page Builder | bold-page-builder |
| Brandfolder – Digital Asset Management Simplified. | brandfolder |
| Chatbox Manager | wa-chatbox-manager |
| Cloud SAML SSO – Single Sign On Login | cloud-sso-single-sign-on |
| CM Pop-Up – Create engaging popups to capture attention and boost interaction | cm-pop-up-banners |
| Companion Auto Update | companion-auto-update |
| Copymatic – AI Content Writer & Generator | copymatic |
| Cost Calculator | ql-cost-calculator |
| Counter live visitors for WooCommerce | counter-visitor-for-woocommerce |
| Coupon Affiliates – Affiliate Plugin for WooCommerce | woo-coupon-usage |
| Crowdfunding for WooCommerce | crowdfunding-for-woocommerce |
| Custom API for WP | custom-api-for-wp |
| DB Backup | db-backup |
| Easy Elementor Addons | easy-elementor-addons |
| ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) | elex-bulk-edit-products-prices-attributes-for-woocommerce-basic |
| EPay.bg Payments | epaybg-payments |
| FG Drupal to WordPress | fg-drupal-to-wp |
| FluentSnippets – The High-Performance file based Custom Code Snippets Plugin | easy-code-manager |
| FoodMenu – WP Creative Restaurant Menu Showcase WooCommerce | dzs-restaurantmenu |
| Formality | formality |
| Forminator Forms – Contact Form, Payment Form & Custom Form Builder | forminator |
| Ghost Kit – Page Builder Blocks, Motion Effects & Extensions | ghostkit |
| GSheetConnector for WC | wc-gsheetconnector |
| Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor | gutentor |
| HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. | ht-contactform |
| HTML5 Radio Player – WPBakery Page Builder Addon | lbg_radio_player_addon_visual_composer |
| IDonatePro – Blood Donation, Request And Donor Management WordPress Plugin | idonate-pro |
| Image Wall | image-wall |
| Import CDN-Remote Images | import-cdn-remote-images |
| Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | integration-for-contact-form-7-and-google-sheets |
| Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | integration-for-contact-form-7-and-pipedrive |
| JetBlocks for Elementor | jet-blocks |
| JetElements | jet-elements |
| JetEngine | jet-engine |
| JetFormBuilder — Dynamic Blocks Form Builder | jetformbuilder |
| JetMenu | jet-menu |
| JetPopup | jet-popup |
| JetSearch | jet-search |
| JetSmartFilters | jet-smart-filters |
| JetTabs | jet-tabs |
| JetTricks | jet-tricks |
| JetWooBuilder | jet-woo-builder |
| Knowledge Base | knowledgebase |
| lbg-audio4-html5-shoutcast | lbg-audio4-html5-shoutcast |
| LightBox Block – Gutenberg block for creating fully functional lightbox | lightbox-block |
| Listly: Listicles For WordPress | listly |
| Live Stream Badger | live-stream-badger |
| LoginPress Pro | loginpress-pro |
| Madara – Core | madara-core |
| Malcure Malware Scanner — #1 Toolset for Malware Removal | wp-malware-removal |
| Map My Locations | map-my-locations |
| Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations | master-addons |
| MasterStudy LMS Pro | masterstudy-lms-learning-management-system-pro |
| Maya Business Plugin | paymaya-checkout-for-woocommerce |
| Media Library Assistant | media-library-assistant |
| Mediabay – WordPress Media Library Folders | mediabay |
| MORKVA Vchasno Kasa Integration | mrkv-vchasno-kasa |
| Multimedia Playlist Slider Addon for WPBakery Page Builder | lbg_vp_youtube_vimeo_addon_visual_composer |
| News Kit Elementor Addons | news-kit-elementor-addons |
| Newsletters | newsletters-lite |
| Partnerský systém Martinus | martinus-partnersky-system |
| Pinterest Automatic | wp-pinterest-automatic |
| Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship | biteship |
| ProfileGrid – User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
| Real Estate Property 2025 Create Your Own Fields and Search Bar | real-estate-right-now |
| Residential Address Detection | residential-address-detection |
| Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates | responsive-addons-for-elementor |
| Restaurant Menu and Food Ordering | mp-restaurant-menu |
| Restrict File Access | restrict-file-access |
| Revolution Video Player With Bottom Playlist WordPress Plugin – YouTube/Vimeo/Self-Hosted Support | revolution_video_player |
| Ruven Themes: Shortcodes | ruven-themes-shortcodes |
| School Management System for WordPress | school-management |
| SHOUT – HTML5 Radio Player With Ads – ShoutCast and IceCast Support | lbg-audio8-html5-radio-ads |
| Simple Link Directory Pro | qc-simple-link-directory |
| SMTP for Amazon SES – YaySMTP | smtp-amazon-ses |
| SMTP for SendGrid – YaySMTP | smtp-sendgrid |
| SMTP for Sendinblue – YaySMTP | smtp-sendinblue |
| SMTP2GO for WordPress – Email Made Easy | smtp2go |
| Stop and Block bots plugin Anti bots | antibots |
| Strong Testimonials | strong-testimonials |
| Temporarily Hidden Content | temporarily-hidden-content |
| Terms descriptions | terms-descriptions |
| Testimonial Post type | testimonial-post-type |
| The Plus Addons for Elementor Page Builder Pro | theplus_elementor_addon |
| Theme Builder For Elementor | theme-builder-for-elementor |
| ThemeREX Addons | trx_addons |
| Ultimate WP Mail | ultimate-wp-mail |
| Universal Video Player – Addon for WPBakery Page Builder | lbg-universal-video-player-addon-visual-composer |
| Universal Video Player – Addon for WPBakery Page Builder | lbg_universal_video_player_addon_visual_composer |
| URL Shortener Plugin For WordPress | exact-links |
| Useful Tab Block – Responsive & AMP-Compatible | useful-tab-block-responsive-amp-compatible |
| Vertical scroll image slideshow gallery | vertical-scroll-image-slideshow-gallery |
| Videopack | video-embed-thumbnail-generator |
| Wallet System for WooCommerce | wallet-system-for-woocommerce |
| Welcart e-Commerce | usc-e-shop |
| Widget for Google Reviews | business-reviews-wp |
| WooCommerce Refund And Exchange with RMA – Warranty Management, Refund Policy, Manage User Wallet | woocommerce-refund-and-exchange |
| WooCommerce Shop Page Builder | dzs-wootable |
| WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) | delicious-recipes |
| WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | wp-event-manager |
| WP Post Hide | wp-post-hide |
| WP Shortcodes Plugin — Shortcodes Ultimate | shortcodes-ultimate |
| WPAdverts – Classifieds Plugin | wpadverts |
| YayExtra – WooCommerce Extra Product Options | yayextra |
| Youtube Vimeo Video Player and Slider WP Plugin | video_player_youtube_vimeo |
| Zuppler Online Ordering | zuppler-online-ordering |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Alone – Charity Multipurpose Non-profit WordPress Theme | alone |
| GymBase Theme Classes | gymbase_classes |
| Hestia | hestia |
| Houzez | houzez |
| Visual Art | Gallery WordPress Theme | visual-arts |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-5394
CVE-2025-5394
Patch Status
Patched
Patched
Published
Jul 14, 2025
Jul 14, 2025
Affected Software
Alone – Charity Multipurpose Non-profit WordPress Theme
Alone – Charity Multipurpose Non-profit WordPress Theme
Researcher
CVE-ID
CVE-2025-5396
CVE-2025-5396
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Bears Backup
Bears Backup
Researcher
CVE-ID
CVE-2025-48157
CVE-2025-48157
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Formality
Formality
Researcher
CVE-ID
CVE-2025-7340
CVE-2025-7340
Patch Status
Patched
Patched
Published
Jul 14, 2025
Jul 14, 2025
Affected Software
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Researcher
CVE-ID
CVE-2025-7697
CVE-2025-7697
Patch Status
Patched
Patched
Published
Jul 18, 2025
Jul 18, 2025
Researcher
CVE-ID
CVE-2025-7696
CVE-2025-7696
Patch Status
Patched
Patched
Published
Jul 18, 2025
Jul 18, 2025
Researcher
CVE-ID
CVE-2025-7444
CVE-2025-7444
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
LoginPress Pro
LoginPress Pro
Researcher
CVE-ID
CVE-2025-6222
CVE-2025-6222
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
CVE-ID
CVE-2025-5393
CVE-2025-5393
Patch Status
Patched
Patched
Published
Jul 14, 2025
Jul 14, 2025
Affected Software
Alone – Charity Multipurpose Non-profit WordPress Theme
Alone – Charity Multipurpose Non-profit WordPress Theme
Researcher
CVE-ID
CVE-2025-7643
CVE-2025-7643
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Attachment Manager
Attachment Manager
Researcher
CVE-ID
CVE-2025-7360
CVE-2025-7360
Patch Status
Patched
Patched
Published
Jul 14, 2025
Jul 14, 2025
Affected Software
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Researcher
CVE-ID
CVE-2025-7341
CVE-2025-7341
Patch Status
Patched
Patched
Published
Jul 14, 2025
Jul 14, 2025
Affected Software
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Researcher
CVE-ID
CVE-2025-7712
CVE-2025-7712
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Madara – Core
Madara – Core
Researcher
CVE-ID
CVE-2025-6813
CVE-2025-6813
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
aapanel WP Toolkit
aapanel WP Toolkit
Researcher
CVE-ID
CVE-2025-6718
CVE-2025-6718
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
B1.lt
B1.lt
Researcher
CVE-ID
CVE-2025-3740
CVE-2025-3740
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
School Management System for WordPress
School Management System for WordPress
Researcher
CVE-ID
CVE-2025-7359
CVE-2025-7359
Patch Status
Unpatched
Unpatched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
Counter live visitors for WooCommerce
Counter live visitors for WooCommerce
Researcher
CVE-ID
CVE-2025-49264
CVE-2025-49264
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Cloud SAML SSO – Single Sign On Login
Cloud SAML SSO – Single Sign On Login
Researcher
CVE-ID
CVE-2025-53567
CVE-2025-53567
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Ghost Kit – Page Builder Blocks, Motion Effects & Extensions
Ghost Kit – Page Builder Blocks, Motion Effects & Extensions
Researcher
CVE-ID
CVE-2025-30635
CVE-2025-30635
Patch Status
Unpatched
Unpatched
Published
Jul 16, 2025
Jul 16, 2025
Researcher
CVE-ID
CVE-2025-6043
CVE-2025-6043
Patch Status
Patched
Patched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
Malcure Malware Scanner — #1 Toolset for Malware Removal
Malcure Malware Scanner — #1 Toolset for Malware Removal
Researcher
CVE-ID
CVE-2025-7667
CVE-2025-7667
Patch Status
Unpatched
Unpatched
Published
Jul 14, 2025
Jul 14, 2025
Affected Software
Restrict File Access
Restrict File Access
Researcher
CVE-ID
CVE-2025-53565
CVE-2025-53565
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Widget for Google Reviews
Widget for Google Reviews
Researcher
CVE-ID
CVE-2025-54048
CVE-2025-54048
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Custom API for WP
Custom API for WP
Researcher
CVE-ID
CVE-2025-7438
CVE-2025-7438
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
MasterStudy LMS Pro
MasterStudy LMS Pro
Researcher
CVE-ID
CVE-2025-6993
CVE-2025-6993
Patch Status
Patched
Patched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
Ultimate WP Mail
Ultimate WP Mail
Researcher
CVE-ID
CVE-2025-31422
CVE-2025-31422
Patch Status
Unpatched
Unpatched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
Visual Art | Gallery WordPress Theme
Visual Art | Gallery WordPress Theme
Researcher
CVE-ID
CVE-2025-2800
CVE-2025-2800
Patch Status
Patched
Patched
Published
Jul 15, 2025
Jul 15, 2025
Researcher
CVE-ID
CVE-2025-54015
CVE-2025-54015
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Researcher
CVE-ID
CVE-2025-53990
CVE-2025-53990
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetFormBuilder — Dynamic Blocks Form Builder
JetFormBuilder — Dynamic Blocks Form Builder
Researcher
CVE-ID
CVE-2025-6717
CVE-2025-6717
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
B1.lt
B1.lt
Researcher
CVE-ID
CVE-2025-47645
CVE-2025-47645
Patch Status
Patched
Patched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)
ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)
Researcher
CVE-ID
CVE-2025-54026
CVE-2025-54026
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
GymBase Theme Classes
GymBase Theme Classes
Researcher
CVE-ID
CVE-2025-28949
CVE-2025-28949
Patch Status
Unpatched
Unpatched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
Mediabay – WordPress Media Library Folders
Mediabay – WordPress Media Library Folders
Researcher
CVE-ID
CVE-2025-39510
CVE-2025-39510
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Pinterest Automatic
Pinterest Automatic
Researcher
CVE-ID
CVE-2025-5845
CVE-2025-5845
Patch Status
Unpatched
Unpatched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
Affiliate Reviews
Affiliate Reviews
Researcher
CVE-ID
CVE-2025-6747
CVE-2025-6747
Patch Status
Patched
Patched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
Avada (Fusion) Builder
Avada (Fusion) Builder
Researcher
CVE-ID
CVE-2025-54006
CVE-2025-54006
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Bold Page Builder
Bold Page Builder
Researcher
Brandfolder <= 5.0.19 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
6.4
CVE-ID
CVE-2025-5843
CVE-2025-5843
Patch Status
Unpatched
Unpatched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
Brandfolder – Digital Asset Management Simplified.
Brandfolder – Digital Asset Management Simplified.
Researcher
CVE-ID
CVE-2025-5767
CVE-2025-5767
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Crowdfunding for WooCommerce
Crowdfunding for WooCommerce
Researcher
CVE-ID
CVE-2025-48295
CVE-2025-48295
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Easy Elementor Addons
Easy Elementor Addons
Researcher
CVE-ID
CVE-2025-7653
CVE-2025-7653
Patch Status
Unpatched
Unpatched
Published
Jul 18, 2025
Jul 18, 2025
Affected Software
EPay.bg Payments
EPay.bg Payments
Researcher
CVE-ID
CVE-2025-4685
CVE-2025-4685
Patch Status
Patched
Patched
Published
Jul 20, 2025
Jul 20, 2025
Affected Software
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
Researcher
CVE-ID
CVE-2025-48156
CVE-2025-48156
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Image Wall
Image Wall
Researcher
CVE-ID
CVE-2025-53989
CVE-2025-53989
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetBlocks for Elementor
JetBlocks for Elementor
Researcher
CVE-ID
CVE-2025-53982
CVE-2025-53982
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetElements
JetElements
Researcher
CVE-ID
CVE-2025-53994
CVE-2025-53994
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetPopup
JetPopup
Researcher
CVE-ID
CVE-2025-53995
CVE-2025-53995
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetPopup
JetPopup
Researcher
CVE-ID
CVE-2025-53996
CVE-2025-53996
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetSearch
JetSearch
Researcher
CVE-ID
CVE-2025-54009
CVE-2025-54009
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetSmartFilters
JetSmartFilters
Researcher
CVE-ID
CVE-2025-53984
CVE-2025-53984
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetTabs
JetTabs
Researcher
CVE-ID
CVE-2025-53991
CVE-2025-53991
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetTricks
JetTricks
Researcher
CVE-ID
CVE-2025-54051
CVE-2025-54051
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
LightBox Block – Gutenberg block for creating fully functional lightbox
LightBox Block – Gutenberg block for creating fully functional lightbox
Researcher
CVE-ID
CVE-2025-7655
CVE-2025-7655
Patch Status
Unpatched
Unpatched
Published
Jul 18, 2025
Jul 18, 2025
Affected Software
Live Stream Badger
Live Stream Badger
Researcher
CVE-ID
CVE-2025-7660
CVE-2025-7660
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Map My Locations
Map My Locations
Researcher
CVE-ID
CVE-2025-5284
CVE-2025-5284
Patch Status
Patched
Patched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Researcher
CVE-ID
CVE-2025-7035
CVE-2025-7035
Patch Status
Patched
Patched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
Media Library Assistant
Media Library Assistant
Researcher
CVE-ID
CVE-2025-7661
CVE-2025-7661
Patch Status
Unpatched
Unpatched
Published
Jul 18, 2025
Jul 18, 2025
Affected Software
Partnerský systém Martinus
Partnerský systém Martinus
Researcher
Responsive Addons for Elementor <= 1.7.3 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2025-54050
CVE-2025-54050
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
Researcher
CVE-ID
CVE-2025-7648
CVE-2025-7648
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Ruven Themes: Shortcodes
Ruven Themes: Shortcodes
Researcher
CVE-ID
CVE-2025-7367
CVE-2025-7367
Patch Status
Patched
Patched
Published
Jul 14, 2025
Jul 14, 2025
Affected Software
Strong Testimonials
Strong Testimonials
Researcher
CVE-ID
CVE-2025-7658
CVE-2025-7658
Patch Status
Unpatched
Unpatched
Published
Jul 18, 2025
Jul 18, 2025
Affected Software
Temporarily Hidden Content
Temporarily Hidden Content
Researcher
CVE-ID
CVE-2025-5800
CVE-2025-5800
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Testimonial Post type
Testimonial Post type
Researcher
CVE-ID
CVE-2025-6997
CVE-2025-6997
Patch Status
Patched
Patched
Published
Jul 18, 2025
Jul 18, 2025
Affected Software
ThemeREX Addons
ThemeREX Addons
Researcher
CVE-ID
CVE-2025-5754
CVE-2025-5754
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Useful Tab Block – Responsive & AMP-Compatible
Useful Tab Block – Responsive & AMP-Compatible
Researcher
CVE-ID
CVE-2025-5752
CVE-2025-5752
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Vertical scroll image slideshow gallery
Vertical scroll image slideshow gallery
Researcher
CVE-ID
CVE-2025-54023
CVE-2025-54023
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Researcher
CVE-ID
CVE-2025-7354
CVE-2025-7354
Patch Status
Patched
Patched
Published
Jul 20, 2025
Jul 20, 2025
Affected Software
WP Shortcodes Plugin — Shortcodes Ultimate
WP Shortcodes Plugin — Shortcodes Ultimate
Researcher
CVE-ID
CVE-2025-54024
CVE-2025-54024
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
WPAdverts – Classifieds Plugin
WPAdverts – Classifieds Plugin
Researcher
CVE-ID
CVE-2025-28975
CVE-2025-28975
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Alike – WordPress Custom Post Comparison
Alike – WordPress Custom Post Comparison
Researcher
CVE-ID
CVE-2025-30631
CVE-2025-30631
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Researcher
CVE-ID
CVE-2025-48168
CVE-2025-48168
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Apollo – Sticky Full Width HTML5 Audio Player
Apollo – Sticky Full Width HTML5 Audio Player
Researcher
Avishi WP PayPal Payment Button <= 2.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-ID
CVE-2025-7669
CVE-2025-7669
Patch Status
Unpatched
Unpatched
Published
Jul 18, 2025
Jul 18, 2025
Affected Software
Avishi WP PayPal Payment Button
Avishi WP PayPal Payment Button
Researcher
CVE-ID
CVE-2025-29014
CVE-2025-29014
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
FoodMenu – WP Creative Restaurant Menu Showcase WooCommerce
FoodMenu – WP Creative Restaurant Menu Showcase WooCommerce
Researcher
CVE-ID
CVE-2025-53564
CVE-2025-53564
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
HTML5 Radio Player – WPBakery Page Builder Addon
HTML5 Radio Player – WPBakery Page Builder Addon
Researcher
Multimedia Playlist Slider Addon for WPBakery Page Builder <= 2.1 – Reflected Cross-Site Scripting
6.1
CVE-ID
CVE-2025-30626
CVE-2025-30626
Patch Status
Unpatched
Unpatched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Multimedia Playlist Slider Addon for WPBakery Page Builder
Multimedia Playlist Slider Addon for WPBakery Page Builder
Researcher
CVE-ID
CVE-2025-6977
CVE-2025-6977
Patch Status
Patched
Patched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
ProfileGrid – User Profiles, Groups and Communities
ProfileGrid – User Profiles, Groups and Communities
Researcher
CVE-ID
CVE-2025-53205
CVE-2025-53205
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
lbg-audio4-html5-shoutcast
lbg-audio4-html5-shoutcast
Researcher
CVE-ID
CVE-2025-53212
CVE-2025-53212
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
CVE-ID
CVE-2025-7369
CVE-2025-7369
Patch Status
Patched
Patched
Published
Jul 20, 2025
Jul 20, 2025
Affected Software
WP Shortcodes Plugin — Shortcodes Ultimate
WP Shortcodes Plugin — Shortcodes Ultimate
Researcher
CVE-ID
CVE-2025-48163
CVE-2025-48163
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
SHOUT – HTML5 Radio Player With Ads – ShoutCast and IceCast Support
SHOUT – HTML5 Radio Player With Ads – ShoutCast and IceCast Support
Researcher
CVE-ID
CVE-2025-48297
CVE-2025-48297
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Simple Link Directory Pro
Simple Link Directory Pro
Researcher
Universal Video Player – Addon for WPBakery Page Builder <= 3.2.1 – Reflected Cross-Site Scripting
6.1
CVE-ID
CVE-2025-48170
CVE-2025-48170
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Universal Video Player – Addon for WPBakery Page Builder
Universal Video Player – Addon for WPBakery Page Builder
Researcher
Universal Video Player – Addon for WPBakery Page Builder <= 3.2.1 – Reflected Cross-Site Scripting
6.1
CVE-ID
CVE-2025-53562
CVE-2025-53562
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Universal Video Player – Addon for WPBakery Page Builder
Universal Video Player – Addon for WPBakery Page Builder
Researcher
CVE-ID
CVE-2025-28999
CVE-2025-28999
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
WooCommerce Shop Page Builder
WooCommerce Shop Page Builder
Researcher
CVE-ID
CVE-2025-53563
CVE-2025-53563
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Youtube Vimeo Video Player and Slider WP Plugin
Youtube Vimeo Video Player and Slider WP Plugin
Researcher
CVE-ID
CVE-2025-6053
CVE-2025-6053
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Zuppler Online Ordering
Zuppler Online Ordering
Researcher
CVE-ID
CVE-2025-4369
CVE-2025-4369
Patch Status
Patched
Patched
Published
Jul 14, 2025
Jul 14, 2025
Affected Software
Companion Auto Update
Companion Auto Update
Researcher
CVE-ID
CVE-2025-48294
CVE-2025-48294
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
FG Drupal to WordPress
FG Drupal to WordPress
Researcher
CVE-ID
CVE-2025-54013
CVE-2025-54013
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Welcart e-Commerce
Welcart e-Commerce
Researcher
CVE-ID
CVE-2025-53986
CVE-2025-53986
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Hestia
Hestia
Researcher
CVE-ID
CVE-2025-53988
CVE-2025-53988
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetBlocks for Elementor
JetBlocks for Elementor
Researcher
CVE-ID
CVE-2025-54008
CVE-2025-54008
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetSmartFilters
JetSmartFilters
Researcher
CVE-ID
CVE-2025-53992
CVE-2025-53992
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetTricks
JetTricks
Researcher
CVE-ID
CVE-2025-5811
CVE-2025-5811
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Listly: Listicles For WordPress
Listly: Listicles For WordPress
Researcher
CVE-ID
CVE-2025-53208
CVE-2025-53208
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Maya Business Plugin
Maya Business Plugin
Researcher
CVE-ID
CVE-2025-48155
CVE-2025-48155
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Residential Address Detection
Residential Address Detection
Researcher
CVE-ID
CVE-2025-48166
CVE-2025-48166
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Stop and Block bots plugin Anti bots
Stop and Block bots plugin Anti bots
Researcher
CVE-ID
CVE-2025-28965
CVE-2025-28965
Patch Status
Unpatched
Unpatched
Published
Jul 15, 2025
Jul 15, 2025
Affected Software
URL Shortener Plugin For WordPress
URL Shortener Plugin For WordPress
Researcher
CVE-ID
CVE-2025-6721
CVE-2025-6721
Patch Status
Patched
Patched
Published
Jul 18, 2025
Jul 18, 2025
Affected Software
MORKVA Vchasno Kasa Integration
MORKVA Vchasno Kasa Integration
Researcher
CVE-ID
CVE-2025-6720
CVE-2025-6720
Patch Status
Patched
Patched
Published
Jul 18, 2025
Jul 18, 2025
Affected Software
MORKVA Vchasno Kasa Integration
MORKVA Vchasno Kasa Integration
Researcher
CVE-ID
CVE-2025-54040
CVE-2025-54040
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Appointment Booking & Scheduling Plugin — Webba Booking Calendar
Appointment Booking & Scheduling Plugin — Webba Booking Calendar
Researcher
CVE-ID
CVE-2025-7638
CVE-2025-7638
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Researcher
CVE-ID
CVE-2025-54043
CVE-2025-54043
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
SMTP for Amazon SES – YaySMTP
SMTP for Amazon SES – YaySMTP
Researcher
CVE-ID
CVE-2025-48301
CVE-2025-48301
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
SMTP for SendGrid – YaySMTP
SMTP for SendGrid – YaySMTP
Researcher
CVE-ID
CVE-2025-48299
CVE-2025-48299
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
YayExtra – WooCommerce Extra Product Options
YayExtra – WooCommerce Extra Product Options
Researcher
CVE-ID
CVE-2025-48161
CVE-2025-48161
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
SMTP for Sendinblue – YaySMTP
SMTP for Sendinblue – YaySMTP
Researcher
Knowledge Base <= 2.3.1 – Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug
4.4
CVE-ID
CVE-2025-7431
CVE-2025-7431
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Knowledge Base
Knowledge Base
Researcher
CVE-ID
CVE-2025-6719
CVE-2025-6719
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Terms descriptions
Terms descriptions
Researcher
CVE-ID
CVE-2025-54039
CVE-2025-54039
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Animator – Scroll Triggered Animations
Animator – Scroll Triggered Animations
Researcher
CVE-ID
CVE-2025-54020
CVE-2025-54020
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
AntiSpam for Contact Form 7
AntiSpam for Contact Form 7
Researcher
CVE-ID
CVE-2025-6726
CVE-2025-6726
Patch Status
Patched
Patched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Block Editor Gallery Slider
Block Editor Gallery Slider
Researcher
CVE-ID
CVE-2025-48167
CVE-2025-48167
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Chatbox Manager
Chatbox Manager
Researcher
CVE-ID
CVE-2025-54018
CVE-2025-54018
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Researcher
Copymatic – AI Content Writer & Generator <= 2.1 – Cross-Site Request Forgery to Settings Update
4.3
CVE-ID
CVE-2025-6781
CVE-2025-6781
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Copymatic – AI Content Writer & Generator
Copymatic – AI Content Writer & Generator
Researcher
CVE-ID
CVE-2025-54047
CVE-2025-54047
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Cost Calculator
Cost Calculator
Researcher
CVE-ID
CVE-2025-54022
CVE-2025-54022
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Coupon Affiliates – Affiliate Plugin for WooCommerce
Coupon Affiliates – Affiliate Plugin for WooCommerce
Researcher
CVE-ID
CVE-2025-50031
CVE-2025-50031
Patch Status
Unpatched
Unpatched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
DB Backup
DB Backup
Researcher
CVE-ID
CVE-2025-54010
CVE-2025-54010
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Researcher
CVE-ID
CVE-2025-53997
CVE-2025-53997
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Houzez
Houzez
Researcher
CVE-ID
CVE-2025-48153
CVE-2025-48153
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Import CDN-Remote Images
Import CDN-Remote Images
Researcher
CVE-ID
CVE-2025-53983
CVE-2025-53983
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetElements
JetElements
Researcher
CVE-ID
CVE-2025-53196
CVE-2025-53196
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetEngine
JetEngine
Researcher
CVE-ID
CVE-2025-53987
CVE-2025-53987
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetMenu
JetMenu
Researcher
CVE-ID
CVE-2025-53993
CVE-2025-53993
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetPopup
JetPopup
Researcher
CVE-ID
CVE-2025-53985
CVE-2025-53985
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetTabs
JetTabs
Researcher
CVE-ID
CVE-2025-53998
CVE-2025-53998
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
JetWooBuilder
JetWooBuilder
Researcher
CVE-ID
CVE-2025-54037
CVE-2025-54037
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
News Kit Elementor Addons
News Kit Elementor Addons
Researcher
CVE-ID
CVE-2025-54035
CVE-2025-54035
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Newsletters
Newsletters
Researcher
CVE-ID
CVE-2025-5816
CVE-2025-5816
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2025
Jul 17, 2025
Affected Software
Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship
Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship
Researcher
CVE-ID
CVE-2025-48150
CVE-2025-48150
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Real Estate Property 2025 Create Your Own Fields and Search Bar
Real Estate Property 2025 Create Your Own Fields and Search Bar
Researcher
CVE-ID
CVE-2025-54038
CVE-2025-54038
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Restaurant Menu and Food Ordering
Restaurant Menu and Food Ordering
Researcher
CVE-ID
CVE-2025-54011
CVE-2025-54011
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
SMTP2GO for WordPress – Email Made Easy
SMTP2GO for WordPress – Email Made Easy
Researcher
CVE-ID
CVE-2025-46434
CVE-2025-46434
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
The Plus Addons for Elementor Page Builder Pro
The Plus Addons for Elementor Page Builder Pro
Researcher
CVE-ID
CVE-2025-54033
CVE-2025-54033
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Theme Builder For Elementor
Theme Builder For Elementor
Researcher
CVE-ID
CVE-2025-54041
CVE-2025-54041
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Wallet System for WooCommerce
Wallet System for WooCommerce
Researcher
CVE-ID
CVE-2025-54036
CVE-2025-54036
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
Appointment Booking & Scheduling Plugin — Webba Booking Calendar
Appointment Booking & Scheduling Plugin — Webba Booking Calendar
Researcher
CVE-ID
CVE-2025-54030
CVE-2025-54030
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
GSheetConnector for WC
GSheetConnector for WC
Researcher
CVE-ID
CVE-2025-54042
CVE-2025-54042
Patch Status
Patched
Patched
Published
Jul 16, 2025
Jul 16, 2025
Affected Software
WP Post Hide
WP Post Hide
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (July 14, 2025 to July 20, 2025) appeared first on Wordfence.
