Calling all Vulnerability Researchers and Bug Bounty Hunters!
Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big!
Participate in the SQLsplorer Challenge! Now through September 22, 2025, all SQL Injection vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier AND earn a 20% bonus on all SQL Injection vulnerability submissions.
Last week, there were 133 vulnerabilities disclosed in 109 WordPress Plugins and 16 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 28,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 64 |
| Unpatched | 69 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 97 |
| High Severity | 26 |
| Critical Severity | 10 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 46 |
| Cross-Site Request Forgery (CSRF) | 26 |
| Missing Authorization | 16 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 9 |
| Deserialization of Untrusted Data | 7 |
| Authentication Bypass Using an Alternate Path or Channel | 4 |
| Exposure of Sensitive Information to an Unauthorized Actor | 4 |
| Incorrect Privilege Assignment | 4 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 3 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 3 |
| Server-Side Request Forgery (SSRF) | 3 |
| Improper Privilege Management | 2 |
| Authorization Bypass Through User-Controlled Key | 1 |
| External Control of File Name or Path | 1 |
| Improper Authorization | 1 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Insertion of Sensitive Information into Log File | 1 |
| Unrestricted Upload of File with Dangerous Type | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 29 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Admin Menu Groups | admin-menu-groups |
| ads.txt Guru Connect | adstxt-guru-connect |
| Advance Food Menu | advance-food-menu |
| ATT YouTube Widget | att-youtube |
| AutoWP – AI Content Writer & Rewriter | autowp-ai-content-writer-rewriter |
| Backup Bolt | backup-bolt |
| Better Post & Filter Widgets for Elementor | better-post-filter-widgets-for-elementor |
| Bible SuperSearch | biblesupersearch |
| Bravis User | bravis-user |
| bxSlider integration for WordPress | bxslider-integration |
| Case Theme User | case-theme-user |
| Century ToolKit | century-toolkit |
| Church Admin | church-admin |
| Clickbank WordPress Plugin (Niche Storefront) | clickbank-niche-storefronts |
| Cloudflare Image Resizing – Optimize & Accelerate Your Images | cf-image-resizing |
| Comments Capcha Box | comments-capcha-box |
| Contact Manager | contact-manager |
| Cookie Warning | cookie-warning |
| CubeWP – All-in-One Dynamic Content Framework | cubewp-framework |
| Custom Comment | customcomment |
| Custom Query Shortcode | custom-query-shortcode |
| e-Boekhouden.nl | e-boekhoudennl-connector |
| Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | easy-digital-downloads |
| Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors | accessibility-checker |
| Essential Doo Components for Visual Composer | animated-icon-banner-for-visual-composer |
| Eventin – AI Powered Event Manager, Events Calendar, Booking and Tickets Plugin | wp-event-solution |
| Flexible Map | wp-flexible-map |
| Fluent Support – Helpdesk & Customer Support Ticket System | fluent-support |
| FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | wp-marketing-automations |
| FunnelKit – Funnel Builder for WooCommerce Checkout | funnel-builder |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| Greenshift – animation and page builder blocks | greenshift-animation-and-page-builder-blocks |
| Hesabfa Accounting | hesabfa-accounting |
| iFrame Block | iframe-block |
| iframe Wrapper | iframe-wrapper |
| JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin | jobwp |
| JS Archive List | jquery-archive-list-widget |
| Kanpress | kanpress |
| Kento Splash Screen | kento-splash-screen |
| LifePress | lifepress |
| Link View | link-view |
| Listeo-Core – Directory Plugin by Purethemes | listeo-core |
| Markup Markdown | markup-markdown |
| MDTF – Meta Data and Taxonomies Filter | wp-meta-data-filter-and-taxonomy-filter |
| Media Library Assistant | media-library-assistant |
| Mesa Mesa Reservation Widget | mesa-mesa-reservation-widget |
| miraculouscore | miraculouscore |
| NEX-Forms – Ultimate Forms Plugin for WordPress | nex-forms-express-wp-form-builder |
| Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates | the-plus-addons-for-block-editor |
| Ni WooCommerce Customer Product Report | ni-woocommerce-customer-product-report |
| Notice Bar | notice-bar |
| Ogulo – 360° Tour | ogulo-360-tour |
| Ovatheme Events | ova-events |
| Page Transition | page-transition |
| Popup for CF7 with Sweet Alert | cf7-sweet-alert-popup |
| Portfolio Manager Pro – WordPress Responsive Portfolio & Gallery | otw-portfolio-manager |
| PressApps Knowledge Base Contextual Sidebar Addon | pressapps-knowledge-base |
| ProveSource Social Proof | provesource |
| rajce | rajce |
| Raptive Ads | adthrive-ads |
| Recurring PayPal Donations | recurring-donation |
| Redirection for Contact Form 7 | wpcf7-redirect |
| Restore Permanently delete Post or Page Data | restore-permanently-delete-post-or-page-data |
| Risk Free Cash On Delivery (COD) – WooCommerce | risk-free-cash-on-delivery-cod-woocommerce |
| SensorPress | sensorpress-uptime-monitoring |
| Sertifier Certificate & Badge Maker for WordPress – Tutor LMS | sertifier-certificates-open-badges |
| Sessions | sessions |
| ShortcodeHub – MultiPurpose Shortcode Builder | shortcodehub |
| Sign-up Sheets | sign-up-sheets |
| Silencesoft RSS Reader | external-rss-reader |
| Simple Business Directory Pro | simple-business-directory-pro |
| Simple Statistics for Feeds | simple-feed-stats |
| Simpler Checkout | simpler-checkout |
| Site Offline Or Coming Soon Or Maintenance Mode | site-offline |
| SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) | slingblocks |
| Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates | sastra-essential-addons-for-elementor |
| Statify Widget | statify-widget |
| Super Store Finder | superstorefinder-wp |
| Support Ticket | support-ticket |
| TC Testimonials | tc-testimonial |
| Templately – Elementor & Gutenberg Template Library: 5500+ Free & Pro Ready Templates And Cloud! | templately |
| Terms of Service & Privacy Policy Generator | terms-of-service-and-privacy-policy |
| ThemeMakers Visual Content Composer | tmm_content_composer |
| Themify Audio Dock | themify-audio-dock |
| Themify Builder | themify-builder |
| Themify Icons | themify-icons |
| tli.tl auto Twitter poster | tlitl-auto-twitter-poster |
| Ultimate twitter profile widget | ultimate-twitter-profile-widget |
| Varnish/Nginx Proxy Caching | vcaching |
| Video Gallery – Vimeo and YouTube Gallery | smart-grid-gallery |
| WC Plus | wc-plus |
| WP Admin Theme | wp-admin-theme |
| WP Colorbox | wp-colorbox |
| WP Crontrol | wp-crontrol |
| WP Fast Total Search – The Power of Indexed Search | fulltext-search |
| WP Filter & Combine RSS Feeds | wp-filter-combine-rss-feeds |
| WP Funnel Manager | wp-funnel-manager |
| WP Mailgun SMTP | wp-mailgun-smtp |
| WP Visitor Statistics (Real Time Traffic) | wp-stats-manager |
| WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress | wp-webhooks |
| WPC Smart Compare for WooCommerce | woo-smart-compare |
| WPC Smart Quick View for WooCommerce | woo-smart-quick-view |
| WPMU Ldap Authentication | wpmuldap |
| WPPizza – A Restaurant Plugin | wppizza |
| Wptobe-memberships | wptobe-memberships |
| WS Theme Addons | ws-theme-addons |
| Яндекс.ПДС Пингер / Yandex Site search pinger | yandex-pinger |
| 多说社会化评论框 | duoshuo |
| 百度分享按钮 | baidushare-wp |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| BlogMarks | blogmarks |
| ColorMag | colormag |
| Eximious Magazine | eximious-magazine |
| Glamer | glamer |
| Houzez | houzez |
| Inspiro | inspiro |
| JobZilla – Job Board WordPress Theme | jobzilla |
| Kalium 3 | Creative WordPress & WooCommerce Theme | kalium |
| kipso | kipso |
| Kitring – A Beauty & Hair Salon WordPress Theme | kitring |
| Magazine Elite | magazine-elite |
| Noo JobMonster | noo-jobmonster |
| organic-beauty | organic-beauty |
| Real Spaces – WordPress Properties Directory Theme | real-spaces |
| Sala – Startup & SaaS WordPress Theme | sala |
| Spacious | spacious |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-5821
CVE-2025-5821
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Case Theme User
Case Theme User
Researcher
CVE-ID
CVE-2025-8723
CVE-2025-8723
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
Cloudflare Image Resizing – Optimize & Accelerate Your Images
Cloudflare Image Resizing – Optimize & Accelerate Your Images
Researcher
CVE-ID
CVE-2025-54738
CVE-2025-54738
Patch Status
Patched
Patched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Noo JobMonster
Noo JobMonster
Researcher
CVE-ID
CVE-2025-49388
CVE-2025-49388
Patch Status
Patched
Patched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
miraculouscore
miraculouscore
Researcher
CVE-ID
CVE-2025-49410
CVE-2025-49410
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Portfolio Manager Pro – WordPress Responsive Portfolio & Gallery
Portfolio Manager Pro – WordPress Responsive Portfolio & Gallery
Researcher
CVE-ID
CVE-2025-6758
CVE-2025-6758
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
Real Spaces – WordPress Properties Directory Theme
Real Spaces – WordPress Properties Directory Theme
Researcher
CVE-ID
CVE-2025-53580
CVE-2025-53580
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Simple Business Directory Pro
Simple Business Directory Pro
Researcher
CVE-ID
CVE-2025-7642
CVE-2025-7642
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Simpler Checkout
Simpler Checkout
Researcher
CVE-ID
CVE-2025-49422
CVE-2025-49422
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Support Ticket
Support Ticket
Researcher
CVE-ID
CVE-2025-8895
CVE-2025-8895
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
CVE-ID
CVE-2025-54735
CVE-2025-54735
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
CubeWP – All-in-One Dynamic Content Framework
CubeWP – All-in-One Dynamic Content Framework
Researcher
CVE-ID
CVE-2025-7654
CVE-2025-7654
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
CVE-ID
CVE-2025-8218
CVE-2025-8218
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
Real Spaces – WordPress Properties Directory Theme
Real Spaces – WordPress Properties Directory Theme
Researcher
CVE-ID
CVE-2025-8141
CVE-2025-8141
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Redirection for Contact Form 7
Redirection for Contact Form 7
Researcher
CVE-ID
CVE-2025-8145
CVE-2025-8145
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Redirection for Contact Form 7
Redirection for Contact Form 7
Researcher
CVE-ID
CVE-2025-53247
CVE-2025-53247
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
BlogMarks
BlogMarks
Researcher
CVE-ID
CVE-2025-5060
CVE-2025-5060
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Bravis User
Bravis User
Researcher
CVE-ID
CVE-2025-54750
CVE-2025-54750
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
FunnelKit – Funnel Builder for WooCommerce Checkout
FunnelKit – Funnel Builder for WooCommerce Checkout
Researcher
CVE-ID
CVE-2025-53216
CVE-2025-53216
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Glamer
Glamer
Researcher
CVE-ID
CVE-2025-8592
CVE-2025-8592
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Inspiro
Inspiro
Researcher
CVE-ID
CVE-2025-53578
CVE-2025-53578
Patch Status
Patched
Patched
Published
Aug 23, 2025
Aug 23, 2025
Affected Software
kipso
kipso
Researcher
CVE-ID
CVE-2025-49426
CVE-2025-49426
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Kitring – A Beauty & Hair Salon WordPress Theme
Kitring – A Beauty & Hair Salon WordPress Theme
Researcher
CVE-ID
CVE-2025-53248
CVE-2025-53248
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Eximious Magazine
Eximious Magazine
Researcher
CVE-ID
CVE-2025-53244
CVE-2025-53244
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Magazine Elite
Magazine Elite
Researcher
CVE-ID
CVE-2025-49890
CVE-2025-49890
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
organic-beauty
organic-beauty
Researcher
CVE-ID
CVE-2025-53576
CVE-2025-53576
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Ovatheme Events
Ovatheme Events
Researcher
CVE-ID
CVE-2025-49409
CVE-2025-49409
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Portfolio Manager Pro – WordPress Responsive Portfolio & Gallery
Portfolio Manager Pro – WordPress Responsive Portfolio & Gallery
Researcher
PressApps Knowledge Base Contextual Sidebar Addon <= 4.2.1 – Unauthenticated PHP Object Injection
8.1
CVE-ID
CVE-2025-49400
CVE-2025-49400
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
PressApps Knowledge Base Contextual Sidebar Addon
PressApps Knowledge Base Contextual Sidebar Addon
Researcher
CVE-ID
CVE-2025-54709
CVE-2025-54709
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Sala – Startup & SaaS WordPress Theme
Sala – Startup & SaaS WordPress Theme
Researcher
CVE-ID
CVE-2025-53299
CVE-2025-53299
Patch Status
Unpatched
Unpatched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
ThemeMakers Visual Content Composer
ThemeMakers Visual Content Composer
Researcher
CVE-ID
CVE-2025-52761
CVE-2025-52761
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
WP Funnel Manager
WP Funnel Manager
Researcher
CVE-ID
CVE-2025-9048
CVE-2025-9048
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Wptobe-memberships
Wptobe-memberships
Researcher
CVE-ID
CVE-2025-7670
CVE-2025-7670
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
JS Archive List
JS Archive List
Researcher
CVE-ID
CVE-2025-54707
CVE-2025-54707
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
MDTF – Meta Data and Taxonomies Filter
MDTF – Meta Data and Taxonomies Filter
Researcher
CVE-ID
CVE-2025-8289
CVE-2025-8289
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Redirection for Contact Form 7
Redirection for Contact Form 7
Researcher
CVE-ID
CVE-2025-7813
CVE-2025-7813
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Researcher
Custom Query Shortcode <= 0.4.0 – Authenticated (Contributor+) Path Traversal via lens Parameter
6.5
CVE-ID
CVE-2025-8562
CVE-2025-8562
Patch Status
Patched
Patched
Published
Aug 24, 2025
Aug 24, 2025
Affected Software
Custom Query Shortcode
Custom Query Shortcode
Researcher
CVE-ID
CVE-2025-49404
CVE-2025-49404
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Listeo-Core – Directory Plugin by Purethemes
Listeo-Core – Directory Plugin by Purethemes
Researcher
CVE-ID
CVE-2025-48354
CVE-2025-48354
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Better Post & Filter Widgets for Elementor
Better Post & Filter Widgets for Elementor
Researcher
CVE-ID
CVE-2025-8064
CVE-2025-8064
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Bible SuperSearch
Bible SuperSearch
Researcher
CVE-ID
CVE-2025-48347
CVE-2025-48347
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
bxSlider integration for WordPress
bxSlider integration for WordPress
Researcher
CVE-ID
CVE-2025-49397
CVE-2025-49397
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
WP Colorbox
WP Colorbox
Researcher
CVE-ID
CVE-2025-49424
CVE-2025-49424
Patch Status
Unpatched
Unpatched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
Essential Doo Components for Visual Composer
Essential Doo Components for Visual Composer
Researcher
CVE-ID
CVE-2025-8622
CVE-2025-8622
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
Flexible Map
Flexible Map
Researcher
CVE-ID
CVE-2025-49411
CVE-2025-49411
Patch Status
Unpatched
Unpatched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
iFrame Block
iFrame Block
Researcher
CVE-ID
CVE-2025-49422
CVE-2025-49422
Patch Status
Unpatched
Unpatched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
iframe Wrapper
iframe Wrapper
Researcher
CVE-ID
CVE-2025-57887
CVE-2025-57887
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Noo JobMonster
Noo JobMonster
Researcher
CVE-ID
CVE-2025-49420
CVE-2025-49420
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Markup Markdown
Markup Markdown
Researcher
CVE-ID
CVE-2025-8567
CVE-2025-8567
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates
Researcher
CVE-ID
CVE-2025-49389
CVE-2025-49389
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Notice Bar
Notice Bar
Researcher
CVE-ID
CVE-2025-9131
CVE-2025-9131
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Ogulo – 360° Tour
Ogulo – 360° Tour
Researcher
CVE-ID
CVE-2025-48364
CVE-2025-48364
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
rajce
rajce
Researcher
CVE-ID
CVE-2025-7957
CVE-2025-7957
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
ShortcodeHub – MultiPurpose Shortcode Builder
ShortcodeHub – MultiPurpose Shortcode Builder
Researcher
CVE-ID
CVE-2025-8607
CVE-2025-8607
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
Researcher
CVE-ID
CVE-2025-8208
CVE-2025-8208
Patch Status
Patched
Patched
Published
Aug 23, 2025
Aug 23, 2025
Researcher
CVE-ID
CVE-2025-48322
CVE-2025-48322
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Statify Widget
Statify Widget
Researcher
CVE-ID
CVE-2025-49410
CVE-2025-49410
Patch Status
Unpatched
Unpatched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
TC Testimonials
TC Testimonials
Researcher
CVE-ID
CVE-2025-49395
CVE-2025-49395
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Themify Icons
Themify Icons
Researcher
CVE-ID
CVE-2025-48349
CVE-2025-48349
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Video Gallery – Vimeo and YouTube Gallery
Video Gallery – Vimeo and YouTube Gallery
Researcher
CVE-ID
CVE-2025-49400
CVE-2025-49400
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
WP Visitor Statistics (Real Time Traffic)
WP Visitor Statistics (Real Time Traffic)
Researcher
CVE-ID
CVE-2025-7496
CVE-2025-7496
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
WPC Smart Compare for WooCommerce
WPC Smart Compare for WooCommerce
Researcher
CVE-ID
CVE-2025-8618
CVE-2025-8618
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
WPC Smart Quick View for WooCommerce
WPC Smart Quick View for WooCommerce
Researcher
CVE-ID
CVE-2025-8062
CVE-2025-8062
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
WS Theme Addons
WS Theme Addons
Researcher
CVE-ID
CVE-2025-48359
CVE-2025-48359
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
ATT YouTube Widget
ATT YouTube Widget
Researcher
CVE-ID
CVE-2025-48353
CVE-2025-48353
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Clickbank WordPress Plugin (Niche Storefront)
Clickbank WordPress Plugin (Niche Storefront)
Researcher
CVE-ID
CVE-2025-53226
CVE-2025-53226
Patch Status
Unpatched
Unpatched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Comments Capcha Box
Comments Capcha Box
Researcher
CVE-ID
CVE-2025-53225
CVE-2025-53225
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
e-Boekhouden.nl
e-Boekhouden.nl
Researcher
CVE-ID
CVE-2025-53319
CVE-2025-53319
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Raptive Ads
Raptive Ads
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Super Store Finder
Super Store Finder
Researcher
CVE-ID
CVE-2025-48343
CVE-2025-48343
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
WPMU Ldap Authentication
WPMU Ldap Authentication
Researcher
CVE-ID
CVE-2025-48320
CVE-2025-48320
Patch Status
Unpatched
Unpatched
Published
Aug 23, 2025
Aug 23, 2025
Affected Software
百度分享按钮
百度分享按钮
Researcher
WP Crontrol – 1.17.0 – 1.19.1 – Authenticated (Administrator+) Blind Server-Side Request Forgery
5.9
CVE-ID
CVE-2025-8678
CVE-2025-8678
Patch Status
Patched
Patched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
WP Crontrol
WP Crontrol
Researcher
CVE-ID
CVE-2025-49035
CVE-2025-49035
Patch Status
Unpatched
Unpatched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Admin Menu Groups
Admin Menu Groups
Researcher
CVE-ID
CVE-2025-8102
CVE-2025-8102
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Researcher
CVE-ID
CVE-2025-57896
CVE-2025-57896
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Church Admin
Church Admin
Researcher
CVE-ID
CVE-2025-48361
CVE-2025-48361
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Hesabfa Accounting
Hesabfa Accounting
Researcher
CVE-ID
CVE-2025-49406
CVE-2025-49406
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Houzez
Houzez
Researcher
CVE-ID
CVE-2025-57888
CVE-2025-57888
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Noo JobMonster
Noo JobMonster
Researcher
CVE-ID
CVE-2025-53348
CVE-2025-53348
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Kalium 3 | Creative WordPress & WooCommerce Theme
Kalium 3 | Creative WordPress & WooCommerce Theme
Researcher
CVE-ID
CVE-2025-48355
CVE-2025-48355
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
ProveSource Social Proof
ProveSource Social Proof
Researcher
CVE-ID
CVE-2025-48327
CVE-2025-48327
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
WP Mailgun SMTP
WP Mailgun SMTP
Researcher
CVE-ID
CVE-2025-48323
CVE-2025-48323
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Advance Food Menu
Advance Food Menu
Researcher
Contact Manager <= 8.6.5 – Authenticated (Administrator+) Stored Cross-Site Scripting via ‘title’
4.4
CVE-ID
CVE-2025-8783
CVE-2025-8783
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
Contact Manager
Contact Manager
Researcher
CVE-ID
CVE-2025-49428
CVE-2025-49428
Patch Status
Unpatched
Unpatched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
Cookie Warning
Cookie Warning
Researcher
CVE-ID
CVE-2025-48365
CVE-2025-48365
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Custom Comment
Custom Comment
Researcher
CVE-ID
CVE-2025-49039
CVE-2025-49039
Patch Status
Unpatched
Unpatched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Link View
Link View
Researcher
Mesa Mesa Reservation Widget <= 1.0.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2025-48319
CVE-2025-48319
Patch Status
Unpatched
Unpatched
Published
Aug 23, 2025
Aug 23, 2025
Affected Software
Mesa Mesa Reservation Widget
Mesa Mesa Reservation Widget
Researcher
CVE-ID
CVE-2025-49412
CVE-2025-49412
Patch Status
Unpatched
Unpatched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Page Transition
Page Transition
Researcher
CVE-ID
CVE-2025-57891
CVE-2025-57891
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Recurring PayPal Donations
Recurring PayPal Donations
Researcher
CVE-ID
CVE-2025-48358
CVE-2025-48358
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Risk Free Cash On Delivery (COD) – WooCommerce
Risk Free Cash On Delivery (COD) – WooCommerce
Researcher
CVE-ID
CVE-2025-49409
CVE-2025-49409
Patch Status
Unpatched
Unpatched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
SensorPress
SensorPress
Researcher
CVE-ID
CVE-2025-57890
CVE-2025-57890
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Sessions
Sessions
Researcher
CVE-ID
CVE-2025-49413
CVE-2025-49413
Patch Status
Unpatched
Unpatched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Terms of Service & Privacy Policy Generator
Terms of Service & Privacy Policy Generator
Researcher
CVE-ID
CVE-2025-49392
CVE-2025-49392
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Themify Audio Dock
Themify Audio Dock
Researcher
CVE-ID
CVE-2025-48324
CVE-2025-48324
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
tli.tl auto Twitter poster
tli.tl auto Twitter poster
Researcher
Varnish/Nginx Proxy Caching <= 1.8.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2025-48360
CVE-2025-48360
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Varnish/Nginx Proxy Caching
Varnish/Nginx Proxy Caching
Researcher
CVE-ID
CVE-2025-48352
CVE-2025-48352
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Яндекс.ПДС Пингер / Yandex Site search pinger
Яндекс.ПДС Пингер / Yandex Site search pinger
Researcher
CVE-ID
CVE-2025-57886
CVE-2025-57886
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
CVE-ID
CVE-2025-49381
CVE-2025-49381
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
ads.txt Guru Connect
ads.txt Guru Connect
Researcher
CVE-ID
CVE-2025-48350
CVE-2025-48350
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
AutoWP – AI Content Writer & Rewriter
AutoWP – AI Content Writer & Rewriter
Researcher
CVE-ID
CVE-2025-49040
CVE-2025-49040
Patch Status
Unpatched
Unpatched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
Backup Bolt
Backup Bolt
Researcher
CVE-ID
CVE-2025-48357
CVE-2025-48357
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Century ToolKit
Century ToolKit
Researcher
CVE-ID
CVE-2025-9202
CVE-2025-9202
Patch Status
Patched
Patched
Published
Aug 19, 2025
Aug 19, 2025
Affected Software
ColorMag
ColorMag
Researcher
CVE-ID
CVE-2025-49426
CVE-2025-49426
Patch Status
Unpatched
Unpatched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
Cookie Warning
Cookie Warning
Researcher
CVE-ID
CVE-2025-57885
CVE-2025-57885
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Fluent Support – Helpdesk & Customer Support Ticket System
Fluent Support – Helpdesk & Customer Support Ticket System
Researcher
CVE-ID
CVE-2025-7221
CVE-2025-7221
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
GiveWP – Donation Plugin and Fundraising Platform
GiveWP – Donation Plugin and Fundraising Platform
Researcher
CVE-ID
CVE-2025-57884
CVE-2025-57884
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Greenshift – animation and page builder blocks
Greenshift – animation and page builder blocks
Researcher
CVE-ID
CVE-2025-48362
CVE-2025-48362
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Hesabfa Accounting
Hesabfa Accounting
Researcher
CVE-ID
CVE-2025-57895
CVE-2025-57895
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin
JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin
Researcher
CVE-ID
CVE-2025-49382
CVE-2025-49382
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
JobZilla – Job Board WordPress Theme
JobZilla – Job Board WordPress Theme
Researcher
CVE-ID
CVE-2025-8357
CVE-2025-8357
Patch Status
Patched
Patched
Published
Aug 18, 2025
Aug 18, 2025
Affected Software
Media Library Assistant
Media Library Assistant
Researcher
CVE-ID
CVE-2025-49399
CVE-2025-49399
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
NEX-Forms – Ultimate Forms Plugin for WordPress
NEX-Forms – Ultimate Forms Plugin for WordPress
Researcher
CVE-ID
CVE-2025-7827
CVE-2025-7827
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Ni WooCommerce Customer Product Report
Ni WooCommerce Customer Product Report
Researcher
CVE-ID
CVE-2025-48363
CVE-2025-48363
Patch Status
Unpatched
Unpatched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Popup for CF7 with Sweet Alert
Popup for CF7 with Sweet Alert
Researcher
CVE-ID
CVE-2025-7839
CVE-2025-7839
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Restore Permanently delete Post or Page Data
Restore Permanently delete Post or Page Data
Researcher
CVE-ID
CVE-2025-7841
CVE-2025-7841
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Sertifier Certificate & Badge Maker for WordPress – Tutor LMS
Sertifier Certificate & Badge Maker for WordPress – Tutor LMS
Researcher
CVE-ID
CVE-2025-49391
CVE-2025-49391
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Sign-up Sheets
Sign-up Sheets
Researcher
CVE-ID
CVE-2025-7842
CVE-2025-7842
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Silencesoft RSS Reader
Silencesoft RSS Reader
Researcher
CVE-ID
CVE-2025-57892
CVE-2025-57892
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
Simple Statistics for Feeds
Simple Statistics for Feeds
Researcher
CVE-ID
CVE-2025-48348
CVE-2025-48348
Patch Status
Unpatched
Unpatched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Site Offline Or Coming Soon Or Maintenance Mode
Site Offline Or Coming Soon Or Maintenance Mode
Researcher
CVE-ID
CVE-2025-9331
CVE-2025-9331
Patch Status
Patched
Patched
Published
Aug 21, 2025
Aug 21, 2025
Affected Software
Spacious
Spacious
Researcher
CVE-ID
CVE-2025-49408
CVE-2025-49408
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Templately – Elementor & Gutenberg Template Library: 5500+ Free & Pro Ready Templates And Cloud!
Templately – Elementor & Gutenberg Template Library: 5500+ Free & Pro Ready Templates And Cloud!
Researcher
CVE-ID
CVE-2025-49396
CVE-2025-49396
Patch Status
Patched
Patched
Published
Aug 20, 2025
Aug 20, 2025
Affected Software
Themify Builder
Themify Builder
Researcher
Ultimate twitter profile widget <= 1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting
4.3
CVE-ID
CVE-2025-48321
CVE-2025-48321
Patch Status
Unpatched
Unpatched
Published
Aug 23, 2025
Aug 23, 2025
Affected Software
Ultimate twitter profile widget
Ultimate twitter profile widget
Researcher
CVE-ID
CVE-2025-48325
CVE-2025-48325
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
WP Admin Theme
WP Admin Theme
Researcher
CVE-ID
CVE-2025-57893
CVE-2025-57893
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
WP Fast Total Search – The Power of Indexed Search
WP Fast Total Search – The Power of Indexed Search
Researcher
CVE-ID
CVE-2025-7828
CVE-2025-7828
Patch Status
Unpatched
Unpatched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
WP Filter & Combine RSS Feeds
WP Filter & Combine RSS Feeds
Researcher
CVE-ID
CVE-2025-57894
CVE-2025-57894
Patch Status
Patched
Patched
Published
Aug 22, 2025
Aug 22, 2025
Affected Software
WPPizza – A Restaurant Plugin
WPPizza – A Restaurant Plugin
Researcher
CVE-ID
CVE-2025-48318
CVE-2025-48318
Patch Status
Unpatched
Unpatched
Published
Aug 23, 2025
Aug 23, 2025
Affected Software
多说社会化评论框
多说社会化评论框
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (August 18, 2025 to August 24, 2025) appeared first on Wordfence.
