Calling all Vulnerability Researchers and Bug Bounty Hunters!
Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big!
Participate in the SQLsplorer Challenge! Now through September 22, 2025, all SQL Injection vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier AND earn a 20% bonus on all SQL Injection vulnerability submissions.
Last week, there were 116 vulnerabilities disclosed in 102 WordPress Plugins and 13 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 50 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 28,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 74 |
| Unpatched | 42 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 86 |
| High Severity | 28 |
| Critical Severity | 2 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 42 |
| Cross-Site Request Forgery (CSRF) | 14 |
| Missing Authorization | 13 |
| Deserialization of Untrusted Data | 8 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 8 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 8 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 6 |
| Unrestricted Upload of File with Dangerous Type | 4 |
| Exposure of Sensitive Information to an Unauthorized Actor | 2 |
| Improper Privilege Management | 2 |
| Server-Side Request Forgery (SSRF) | 2 |
| Improper Authentication | 1 |
| Improper Authorization | 1 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Improper Handling of Insufficient Permissions or Privileges | 1 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 1 |
| Incorrect Authorization | 1 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 15 | |
| 8 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 140+ Widgets | Xpro Addons For Elementor – FREE | xpro-elementor-addons |
| Add Code To Head | add-code-to-head |
| AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available) | aftership-woocommerce-tracking |
| Ajax Search Lite – Live Search & Filter | ajax-search-lite |
| All Bootstrap Blocks | all-bootstrap-blocks |
| All-in-One WP Migration and Backup | all-in-one-wp-migration |
| Amministrazione Trasparente | amministrazione-trasparente |
| B Slider – Responsive Image Slider | b-slider |
| Beaver Builder – WordPress Page Builder | beaver-builder-lite-version |
| BetPress | betpress |
| bidorbuy Store Integrator | bidorbuystoreintegrator |
| Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection | stopbadbots |
| Bold Page Builder | bold-page-builder |
| Booking Calendar | booking |
| Booking System Trafft | booking-system-trafft |
| Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | woocommerce-jetpack |
| Captcha.eu | captcha-eu |
| Chartbeat | chartbeat |
| Chatbox Manager | wa-chatbox-manager |
| Customer Support Ticket System & Helpdesk Plugin for WordPress | wp-ticket |
| Dokan Pro | dokan-pro |
| Drag and Drop File Upload for Elementor Forms | drag-and-drop-file-upload-for-elementor-forms |
| Dynamic AJAX Product Filters for WooCommerce | dynamic-ajax-product-filters-for-woocommerce |
| ElementInvader Addons for Elementor | elementinvader-addons-for-elementor |
| Employee Directory – Staff Listing & Team Directory Plugin for WordPress | employee-directory |
| Employee Spotlight – Team Member Showcase & Meet the Team Plugin | employee-spotlight |
| Epeken All Kurir Plugin for Woocommerce Full Version | epeken-all-kurir |
| Event Booking Manager for WooCommerce – WpEvently | mage-eventpress |
| Event List | eventlist |
| Events Addon for Elementor | events-addon-for-elementor |
| Exertio Framework | exertio-framework |
| Feeds For TikTok – Show TikTok Videos in Grid or Feed Layout | b-tiktok-feed |
| File Manager, Code Editor, and Backup by Managefy | softdiscover-db-file-manager |
| Goal Tracker for Patreon | goal-tracker-for-patreon |
| Google XML News Sitemap plugin | gn-xml-sitemap |
| Gutenify – Visual Site Builder Blocks & Site Templates. | gutenify |
| Houzez CRM | houzez-crm |
| iATS Online Forms | iats-online-forms |
| Instant Breaking News | instant-breaking-news |
| Invisible Optin | invisible-optin |
| JS Archive List | jquery-archive-list-widget |
| Lazy Load for Videos | lazy-load-for-videos |
| Link View | link-view |
| List Subpages | list-sub-pages |
| LWSCache | lwscache |
| Nest Addons | nest-addons |
| Newsletter subscription optin module | newsletter-subscription-widget-for-sendblaster |
| NextGEN Gallery Search | nextgen-gallery-search-galleries |
| Ocean Extra | ocean-extra |
| OSM Map Widget for Elementor | osm-map-elementor |
| Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | otter-blocks |
| Page Manager for Elementor | page-manager-for-elementor |
| PDF for Elementor Forms + Drag And Drop Template Builder | pdf-for-elementor-forms |
| Podlove Podcast Publisher | podlove-podcasting-plugin-for-wordpress |
| Poll, Survey & Quiz Maker Plugin by Opinion Stage | social-polls-by-opinionstage |
| Post Type Converter | post-type-converter |
| PPWP – Password Protect WordPress | #1 Most-Reviewed Password Plugin | password-protect-page |
| Premium Age Verification / Restriction for WordPress | age-restriction |
| Printeers Print & Ship | invition-print-ship |
| Pro Bulk Watermark Plugin for WordPress | pro-watermark |
| Pronamic Google Maps | pronamic-google-maps |
| Related Posts Lite | related-posts-lite |
| Responsive Mobile-Friendly Tooltip | responsive-mobile-friendly-tooltip |
| Responsive YouTube Video Gallery Plugin for WordPress – YouTube Showcase | youtube-showcase |
| RingCentral Communications Plugin – FREE | rccp-free |
| Savyour Affiliate Partner | savyour-affiliate-partner |
| SEO For Images | seo-for-images |
| Simple Contact Form Plugin for WordPress – WP Easy Contact | wp-easy-contact |
| Simple Download Monitor | simple-download-monitor |
| Simple Page Access Restriction | simple-page-access-restriction |
| SiteSEO – SEO Simplified | siteseo |
| Slider Revolution | revslider |
| Small Package Quotes – USPS Edition | small-package-quotes-usps-edition |
| Solace Extra | solace-extra |
| Table Editor | wp-table-editor |
| TablePress – Tables in WordPress made easy | tablepress |
| Theme Blvd Widget Areas | theme-blvd-widget-areas |
| Theme Switcher Reloaded | theme-switcher-reloaded |
| Transcoder | transcoder |
| Tripadvisor Shortcode | tripadvisor-shortcode |
| UiCore Elements – Free Elementor widgets and templates | uicore-elements |
| Ultimate Tag Warrior Importer | utw-importer |
| Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin | uncanny-automator |
| Unlimited Elements For Elementor | unlimited-elements-for-elementor |
| UPC/EAN/GTIN Code Generator | upc-ean-barcode-generator |
| UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | userswp |
| Vibes | vibes |
| Video Share VOD – Turnkey Video Site Builder Script | video-share-vod |
| WooCommerce csv import export | extendons-eo-wooimport-export |
| WooCommerce Payment Gateway for Saferpay | woocommerce-payment-gateway-for-saferpay |
| WordPress Automatic Plugin | wp-automatic |
| WordPress HTML | custom-html-bodyhead |
| WP Bulk Delete | wp-bulk-delete |
| WP Thumbtack Review Slider | wp-thumbtack-review-slider |
| WP ULike Pro | wp-ulike-pro |
| WPAvatar | wpavatar |
| Xagio SEO – AI Powered SEO | xagio-seo |
| XM-Backup | xm-backup |
| XmasB Quotes | xmasb-quotes |
| Xpro Theme Builder For Elementor – FREE | xpro-theme-builder |
| Yahoo! WebPlayer | yahoo-media-player |
| Zephyr Project Manager | zephyr-project-manager |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| AI Hub – Startup & Technology WordPress Theme | aihub |
| ArcHub – Architecture and Interior Design WordPress Theme | archub |
| Cars4Rent | Auto Rental & Taxi WordPress Theme + RTL | cars4rent |
| Golo – City Travel Guide WordPress Theme | golo |
| Houzez | houzez |
| Hub – Responsive Multi-Purpose WordPress Theme | hub |
| Ireca – Car Rental Boat, Bike, Vehicle, Calendar WordPress Theme | ireca |
| Jannah – Newspaper Magazine News BuddyPress AMP | jannah |
| Magazine Saga | magazine-saga |
| Makeaholic – Beauty Cosmetics WordPress Theme | makeaholic |
| Neresa – Elementor WordPress Theme | neresa-wp |
| Nuss – Hotel Booking WordPress | nuss |
| Pin = Pinterest Style / Personal Masonry Blog / Front-end Submission | pin-wp |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-49387
CVE-2025-49387
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Drag and Drop File Upload for Elementor Forms
Drag and Drop File Upload for Elementor Forms
Researcher
CVE-ID
CVE-2025-7955
CVE-2025-7955
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
RingCentral Communications Plugin – FREE
RingCentral Communications Plugin – FREE
Researcher
CVE-ID
CVE-2025-6366
CVE-2025-6366
Patch Status
Patched
Patched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Event List
Event List
Researcher
CVE-ID
CVE-2025-53251
CVE-2025-53251
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Pin = Pinterest Style / Personal Masonry Blog / Front-end Submission
Pin = Pinterest Style / Personal Masonry Blog / Front-end Submission
Researcher
CVE-ID
CVE-2025-7812
CVE-2025-7812
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Video Share VOD – Turnkey Video Site Builder Script
Video Share VOD – Turnkey Video Site Builder Script
Researcher
CVE-ID
CVE-2024-13342
CVE-2024-13342
Patch Status
Patched
Patched
Published
Aug 28, 2025
Aug 28, 2025
Affected Software
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Unpatched
Unpatched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Cars4Rent | Auto Rental & Taxi WordPress Theme + RTL
Cars4Rent | Auto Rental & Taxi WordPress Theme + RTL
Researcher
CVE-ID
CVE-2025-53243
CVE-2025-53243
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Employee Directory – Staff Listing & Team Directory Plugin for WordPress
Employee Directory – Staff Listing & Team Directory Plugin for WordPress
Researcher
CVE-ID
CVE-2025-53583
CVE-2025-53583
Patch Status
Patched
Patched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Employee Spotlight – Team Member Showcase & Meet the Team Plugin
Employee Spotlight – Team Member Showcase & Meet the Team Plugin
Researcher
CVE-ID
CVE-2025-53326
CVE-2025-53326
Patch Status
Unpatched
Unpatched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Gutenify – Visual Site Builder Blocks & Site Templates.
Gutenify – Visual Site Builder Blocks & Site Templates.
Researcher
CVE-ID
CVE-2025-49405
CVE-2025-49405
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Houzez
Houzez
Researcher
CVE-ID
CVE-2025-54716
CVE-2025-54716
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Ireca – Car Rental Boat, Bike, Vehicle, Calendar WordPress Theme
Ireca – Car Rental Boat, Bike, Vehicle, Calendar WordPress Theme
Researcher
CVE-ID
CVE-2025-53334
CVE-2025-53334
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Jannah – Newspaper Magazine News BuddyPress AMP
Jannah – Newspaper Magazine News BuddyPress AMP
Researcher
CVE-ID
CVE-2025-53227
CVE-2025-53227
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Magazine Saga
Magazine Saga
Researcher
CVE-ID
CVE-2025-49383
CVE-2025-49383
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Neresa – Elementor WordPress Theme
Neresa – Elementor WordPress Theme
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Nuss – Hotel Booking WordPress
Nuss – Hotel Booking WordPress
Researcher
Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.11.0 – Unauthenticated Local File Inclusion
8.1
CVE-ID
CVE-2025-53328
CVE-2025-53328
Patch Status
Unpatched
Unpatched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Poll, Survey & Quiz Maker Plugin by Opinion Stage
Poll, Survey & Quiz Maker Plugin by Opinion Stage
Researcher
CVE-ID
CVE-2025-53588
CVE-2025-53588
Patch Status
Patched
Patched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
UPC/EAN/GTIN Code Generator
UPC/EAN/GTIN Code Generator
Researcher
CVE-ID
CVE-2025-54029
CVE-2025-54029
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
WooCommerce csv import export
WooCommerce csv import export
Researcher
CVE-ID
CVE-2025-53572
CVE-2025-53572
Patch Status
Patched
Patched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Simple Contact Form Plugin for WordPress – WP Easy Contact
Simple Contact Form Plugin for WordPress – WP Easy Contact
Researcher
CVE-ID
CVE-2025-53584
CVE-2025-53584
Patch Status
Patched
Patched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Customer Support Ticket System & Helpdesk Plugin for WordPress
Customer Support Ticket System & Helpdesk Plugin for WordPress
Researcher
CVE-ID
CVE-2025-54731
CVE-2025-54731
Patch Status
Patched
Patched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Responsive YouTube Video Gallery Plugin for WordPress – YouTube Showcase
Responsive YouTube Video Gallery Plugin for WordPress – YouTube Showcase
Researcher
CVE-ID
CVE-2025-54726
CVE-2025-54726
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
JS Archive List
JS Archive List
Researcher
CVE-ID
CVE-2025-54720
CVE-2025-54720
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Nest Addons
Nest Addons
Researcher
CVE-ID
CVE-2025-49403
CVE-2025-49403
Patch Status
Unpatched
Unpatched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Premium Age Verification / Restriction for WordPress
Premium Age Verification / Restriction for WordPress
Researcher
CVE-ID
CVE-2025-9172
CVE-2025-9172
Patch Status
Patched
Patched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Vibes
Vibes
Researcher
CVE-ID
CVE-2025-54742
CVE-2025-54742
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Event Booking Manager for WooCommerce – WpEvently
Event Booking Manager for WooCommerce – WpEvently
Researcher
Xagio SEO <= 7.1.0.5 – Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files
7.5
CVE-ID
CVE-2024-13807
CVE-2024-13807
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Xagio SEO – AI Powered SEO
Xagio SEO – AI Powered SEO
Researcher
CVE-ID
CVE-2025-48100
CVE-2025-48100
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
bidorbuy Store Integrator
bidorbuy Store Integrator
Researcher
Small Package Quotes – USPS Edition <= 1.3.9 – Authenticated (Administrator+) PHP Object Injection
6.6
CVE-ID
CVE-2025-58218
CVE-2025-58218
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Small Package Quotes – USPS Edition
Small Package Quotes – USPS Edition
Researcher
CVE-ID
CVE-2025-9376
CVE-2025-9376
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Researcher
CVE-ID
CVE-2025-49402
CVE-2025-49402
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Exertio Framework
Exertio Framework
Researcher
CVE-ID
CVE-2025-9441
CVE-2025-9441
Patch Status
Unpatched
Unpatched
Published
Aug 28, 2025
Aug 28, 2025
Affected Software
iATS Online Forms
iATS Online Forms
Researcher
CVE-ID
CVE-2025-8977
CVE-2025-8977
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Simple Download Monitor
Simple Download Monitor
Researcher
CVE-ID
CVE-2025-9217
CVE-2025-9217
Patch Status
Patched
Patched
Published
Aug 28, 2025
Aug 28, 2025
Affected Software
Slider Revolution
Slider Revolution
Researcher
CVE-ID
CVE-2025-58194
CVE-2025-58194
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Bold Page Builder
Bold Page Builder
Researcher
CVE-ID
CVE-2025-9346
CVE-2025-9346
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Booking Calendar
Booking Calendar
Researcher
CVE-ID
CVE-2025-58213
CVE-2025-58213
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Booking System Trafft
Booking System Trafft
Researcher
CVE-ID
CVE-2025-53250
CVE-2025-53250
Patch Status
Unpatched
Unpatched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Chartbeat
Chartbeat
Researcher
CVE-ID
CVE-2025-58211
CVE-2025-58211
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Chatbox Manager
Chatbox Manager
Researcher
CVE-ID
CVE-2025-6255
CVE-2025-6255
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Dynamic AJAX Product Filters for WooCommerce
Dynamic AJAX Product Filters for WooCommerce
Researcher
CVE-ID
CVE-2025-8073
CVE-2025-8073
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Dynamic AJAX Product Filters for WooCommerce
Dynamic AJAX Product Filters for WooCommerce
Researcher
CVE-ID
CVE-2025-58205
CVE-2025-58205
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
ElementInvader Addons for Elementor
ElementInvader Addons for Elementor
Researcher
CVE-ID
CVE-2025-58212
CVE-2025-58212
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Epeken All Kurir Plugin for Woocommerce Full Version
Epeken All Kurir Plugin for Woocommerce Full Version
Researcher
CVE-ID
CVE-2025-8150
CVE-2025-8150
Patch Status
Patched
Patched
Published
Aug 28, 2025
Aug 28, 2025
Affected Software
Events Addon for Elementor
Events Addon for Elementor
Researcher
CVE-ID
CVE-2025-7732
CVE-2025-7732
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Lazy Load for Videos
Lazy Load for Videos
Researcher
CVE-ID
CVE-2025-48110
CVE-2025-48110
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Link View
Link View
Researcher
CVE-ID
CVE-2025-8290
CVE-2025-8290
Patch Status
Unpatched
Unpatched
Published
Aug 28, 2025
Aug 28, 2025
Affected Software
List Subpages
List Subpages
Researcher
CVE-ID
CVE-2025-9499
CVE-2025-9499
Patch Status
Patched
Patched
Published
Aug 29, 2025
Aug 29, 2025
Affected Software
Ocean Extra
Ocean Extra
Researcher
CVE-ID
CVE-2025-8619
CVE-2025-8619
Patch Status
Unpatched
Unpatched
Published
Aug 28, 2025
Aug 28, 2025
Affected Software
OSM Map Widget for Elementor
OSM Map Widget for Elementor
Researcher
CVE-ID
CVE-2025-58208
CVE-2025-58208
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
PDF for Elementor Forms + Drag And Drop Template Builder
PDF for Elementor Forms + Drag And Drop Template Builder
Researcher
CVE-ID
CVE-2025-48316
CVE-2025-48316
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Responsive Mobile-Friendly Tooltip
Responsive Mobile-Friendly Tooltip
Researcher
CVE-ID
CVE-2025-58197
CVE-2025-58197
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Simple Download Monitor
Simple Download Monitor
Researcher
CVE-ID
CVE-2025-9277
CVE-2025-9277
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
SiteSEO – SEO Simplified
SiteSEO – SEO Simplified
Researcher
CVE-ID
CVE-2025-58203
CVE-2025-58203
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Solace Extra
Solace Extra
Researcher
CVE-ID
CVE-2025-9500
CVE-2025-9500
Patch Status
Patched
Patched
Published
Aug 29, 2025
Aug 29, 2025
Affected Software
TablePress – Tables in WordPress made easy
TablePress – Tables in WordPress made easy
Researcher
CVE-ID
CVE-2025-58209
CVE-2025-58209
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Transcoder
Transcoder
Researcher
CVE-ID
CVE-2025-58196
CVE-2025-58196
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
UiCore Elements – Free Elementor widgets and templates
UiCore Elements – Free Elementor widgets and templates
Researcher
CVE-ID
CVE-2025-8603
CVE-2025-8603
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Unlimited Elements For Elementor
Unlimited Elements For Elementor
Researcher
CVE-ID
CVE-2025-9344
CVE-2025-9344
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
Researcher
CVE-ID
CVE-2025-48315
CVE-2025-48315
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
WordPress HTML
WordPress HTML
Researcher
CVE-ID
CVE-2025-48312
CVE-2025-48312
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
WPAvatar
WPAvatar
Researcher
CVE-ID
CVE-2025-58195
CVE-2025-58195
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
140+ Widgets | Xpro Addons For Elementor – FREE
140+ Widgets | Xpro Addons For Elementor – FREE
Researcher
CVE-ID
CVE-2025-8897
CVE-2025-8897
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Beaver Builder – WordPress Page Builder
Beaver Builder – WordPress Page Builder
Researcher
CVE-ID
CVE-2025-48309
CVE-2025-48309
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
BetPress
BetPress
Researcher
CVE-ID
CVE-2025-53579
CVE-2025-53579
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Captcha.eu
Captcha.eu
Researcher
CVE-ID
CVE-2025-54724
CVE-2025-54724
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Golo – City Travel Guide WordPress Theme
Golo – City Travel Guide WordPress Theme
Researcher
Google XML News Sitemap plugin <= 0.02 – Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-ID
CVE-2025-48304
CVE-2025-48304
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Google XML News Sitemap plugin
Google XML News Sitemap plugin
Researcher
CVE-ID
CVE-2025-49407
CVE-2025-49407
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Houzez
Houzez
Researcher
CVE-ID
CVE-2025-48311
CVE-2025-48311
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Invisible Optin
Invisible Optin
Researcher
CVE-ID
CVE-2025-48308
CVE-2025-48308
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Newsletter subscription optin module
Newsletter subscription optin module
Researcher
CVE-ID
CVE-2025-53224
CVE-2025-53224
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
NextGEN Gallery Search
NextGEN Gallery Search
Researcher
CVE-ID
CVE-2025-58204
CVE-2025-58204
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Podlove Podcast Publisher
Podlove Podcast Publisher
Researcher
CVE-ID
CVE-2025-48306
CVE-2025-48306
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Savyour Affiliate Partner
Savyour Affiliate Partner
Researcher
CVE-ID
CVE-2025-53289
CVE-2025-53289
Patch Status
Unpatched
Unpatched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Theme Blvd Widget Areas
Theme Blvd Widget Areas
Researcher
CVE-ID
CVE-2025-53223
CVE-2025-53223
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Theme Switcher Reloaded
Theme Switcher Reloaded
Researcher
CVE-ID
CVE-2024-9648
CVE-2024-9648
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
WP ULike Pro
WP ULike Pro
Researcher
CVE-ID
CVE-2025-53220
CVE-2025-53220
Patch Status
Unpatched
Unpatched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
XmasB Quotes
XmasB Quotes
Researcher
CVE-ID
CVE-2025-53215
CVE-2025-53215
Patch Status
Unpatched
Unpatched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Yahoo! WebPlayer
Yahoo! WebPlayer
Researcher
CVE-ID
CVE-2025-5083
CVE-2025-5083
Patch Status
Patched
Patched
Published
Aug 30, 2025
Aug 30, 2025
Affected Software
Amministrazione Trasparente
Amministrazione Trasparente
Researcher
CVE-ID
CVE-2025-9352
CVE-2025-9352
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Pronamic Google Maps
Pronamic Google Maps
Researcher
CVE-ID
CVE-2025-58201
CVE-2025-58201
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Researcher
CVE-ID
CVE-2025-7956
CVE-2025-7956
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Ajax Search Lite – Live Search & Filter
Ajax Search Lite – Live Search & Filter
Researcher
CVE-ID
CVE-2025-54733
CVE-2025-54733
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
All Bootstrap Blocks
All Bootstrap Blocks
Researcher
CVE-ID
CVE-2025-54734
CVE-2025-54734
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
B Slider – Responsive Image Slider
B Slider – Responsive Image Slider
Researcher
CVE-ID
CVE-2025-58210
CVE-2025-58210
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Makeaholic – Beauty Cosmetics WordPress Theme
Makeaholic – Beauty Cosmetics WordPress Theme
Researcher
CVE-ID
CVE-2025-55715
CVE-2025-55715
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Researcher
CVE-ID
CVE-2025-48081
CVE-2025-48081
Patch Status
Unpatched
Unpatched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Printeers Print & Ship
Printeers Print & Ship
Researcher
CVE-ID
CVE-2025-48317
CVE-2025-48317
Patch Status
Unpatched
Unpatched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
WooCommerce Payment Gateway for Saferpay
WooCommerce Payment Gateway for Saferpay
Researcher
CVE-ID
CVE-2025-9345
CVE-2025-9345
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
File Manager, Code Editor, and Backup by Managefy
File Manager, Code Editor, and Backup by Managefy
Researcher
CVE-ID
CVE-2025-6247
CVE-2025-6247
Patch Status
Patched
Patched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
WordPress Automatic Plugin
WordPress Automatic Plugin
Researcher
CVE-ID
CVE-2025-48314
CVE-2025-48314
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Add Code To Head
Add Code To Head
Researcher
CVE-ID
CVE-2025-8490
CVE-2025-8490
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
All-in-One WP Migration and Backup
All-in-One WP Migration and Backup
Researcher
CVE-ID
CVE-2025-48305
CVE-2025-48305
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Goal Tracker for Patreon
Goal Tracker for Patreon
Researcher
CVE-ID
CVE-2025-48313
CVE-2025-48313
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Tripadvisor Shortcode
Tripadvisor Shortcode
Researcher
CVE-ID
CVE-2025-58216
CVE-2025-58216
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
WP Thumbtack Review Slider
WP Thumbtack Review Slider
Researcher
CVE-ID
CVE-2025-49402
CVE-2025-49402
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Houzez CRM
Houzez CRM
Researcher
CVE-ID
CVE-2025-58217
CVE-2025-58217
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Instant Breaking News
Instant Breaking News
Researcher
CVE-ID
CVE-2025-0951
CVE-2025-0951
Patch Status
Unpatched
Unpatched
Published
Aug 27, 2025
Aug 27, 2025
CVE-ID
CVE-2025-8147
CVE-2025-8147
Patch Status
Patched
Patched
Published
Aug 28, 2025
Aug 28, 2025
Affected Software
LWSCache
LWSCache
Researcher
CVE-ID
CVE-2025-53230
CVE-2025-53230
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Page Manager for Elementor
Page Manager for Elementor
Researcher
CVE-ID
CVE-2025-48303
CVE-2025-48303
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Post Type Converter
Post Type Converter
Researcher
PPWP – Password Protect Pages <= 1.9.10 – Authenticated (Subscriber+) Content Exposure via REST API
4.3
CVE-ID
CVE-2025-5998
CVE-2025-5998
Patch Status
Patched
Patched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
PPWP – Password Protect WordPress | #1 Most-Reviewed Password Plugin
PPWP – Password Protect WordPress | #1 Most-Reviewed Password Plugin
Researcher
CVE-ID
CVE-2025-4956
CVE-2025-4956
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Pro Bulk Watermark Plugin for WordPress
Pro Bulk Watermark Plugin for WordPress
Researcher
CVE-ID
CVE-2025-9618
CVE-2025-9618
Patch Status
Unpatched
Unpatched
Published
Aug 29, 2025
Aug 29, 2025
Affected Software
Related Posts Lite
Related Posts Lite
Researcher
CVE-ID
CVE-2025-48307
CVE-2025-48307
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
SEO For Images
SEO For Images
Researcher
CVE-ID
CVE-2025-58202
CVE-2025-58202
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Simple Page Access Restriction
Simple Page Access Restriction
Researcher
CVE-ID
CVE-2025-48310
CVE-2025-48310
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
Table Editor
Table Editor
Researcher
CVE-ID
CVE-2025-54710
CVE-2025-54710
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Feeds For TikTok – Show TikTok Videos in Grid or Feed Layout
Feeds For TikTok – Show TikTok Videos in Grid or Feed Layout
Researcher
CVE-ID
CVE-2025-9374
CVE-2025-9374
Patch Status
Unpatched
Unpatched
Published
Aug 28, 2025
Aug 28, 2025
Affected Software
Ultimate Tag Warrior Importer
Ultimate Tag Warrior Importer
Researcher
CVE-ID
CVE-2025-58193
CVE-2025-58193
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Researcher
CVE-ID
CVE-2025-58192
CVE-2025-58192
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
WP Bulk Delete
WP Bulk Delete
Researcher
CVE-ID
CVE-2025-48109
CVE-2025-48109
Patch Status
Unpatched
Unpatched
Published
Aug 25, 2025
Aug 25, 2025
Affected Software
XM-Backup
XM-Backup
Researcher
CVE-ID
CVE-2025-58198
CVE-2025-58198
Patch Status
Patched
Patched
Published
Aug 27, 2025
Aug 27, 2025
Affected Software
Xpro Theme Builder For Elementor – FREE
Xpro Theme Builder For Elementor – FREE
Researcher
CVE-ID
CVE-2025-54714
CVE-2025-54714
Patch Status
Patched
Patched
Published
Aug 26, 2025
Aug 26, 2025
Affected Software
Zephyr Project Manager
Zephyr Project Manager
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (August 25, 2025 to August 31, 2025) appeared first on Wordfence.
