Wordfence Intelligence Weekly WordPress Vulnerability Report (September 22, 2025 to September 28, 2025)

by

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢

🚀  Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big!

📁 The LFInder Challenge: Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier, AND earn a 30% bonus on all Local File Inclusion vulnerability submissions not already increased by another promotion.

Last week, there were 441 vulnerabilities disclosed in 393 WordPress Plugins and 16 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 71 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 29,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

  • WAF-RULE-864 – Data redacted while we work with the vendor on a patch.

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 117
Unpatched 324

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 2
Medium Severity 410
High Severity 25
Critical Severity 4

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 195
Missing Authorization 88
Cross-Site Request Forgery (CSRF) 79
Exposure of Sensitive Information to an Unauthorized Actor 21
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 11
Server-Side Request Forgery (SSRF) 11
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 8
Deserialization of Untrusted Data 7
Improper Control of Generation of Code (‘Code Injection’) 6
Unrestricted Upload of File with Dangerous Type 4
Authorization Bypass Through User-Controlled Key 2
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 2
URL Redirection to Untrusted Site (‘Open Redirect’) 2
Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) 1
Improper Neutralization of Special Elements Used in a Template Engine 1
Insertion of Sensitive Information into Log File 1
Uncontrolled Resource Consumption 1
Use of Insufficiently Random Values 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
107
54
25
21
19
18
13
13
12
10
9
9
9
8
7
7
6
5
4
4
4
3
3
3
3
3
3
3
3
3
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery interactive-3d-flipbook-powered-physics-engine
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution academy
Accordion – AI FAQ, Accordion, Tabs, Image Accordion, Product FAQ, FAQ Builder, FAQ Grid accordions
Additional Fees For WooCommerce Checkout (Free) woo-additional-fees-on-checkout-wordpress
Ads by Quads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded
Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos advance-portfolio-grid
Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling
Advanced Settings 3 advanced-settings
Advanced Views – Display Posts, Custom Fields, and More acf-views
AffiliateWP – External Referral Links affiliatewp-external-referral-links
AgreeMe Checkboxes For WooCommerce agreeme-checkboxes-for-woocommerce
Ajax Load More – Infinite Scroll ajax-load-more
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic all-in-one-seo-pack
AllInOne – Banner Rotator all-in-one-bannerRotator
AnyClip Luminous Studio anyclip-media
Append extensions on Pages append-extensions-on-pages
Append Link on Copy append-link-on-copy
AR for WordPress ar-for-wordpress
aThemes Addons for Elementor athemes-addons-for-elementor-lite
Auction Feed auction-feed
AuthorSure authorsure
Awesome Support – WordPress HelpDesk & Support Plugin awesome-support
Backuply – Backup, Restore, Migrate and Clone backuply
Banhammer – Monitor Site Traffic, Block Bad Users and Bots banhammer
bbp topic count bbp-topic-count
Beaf – Photo Comparison Block image-compare-block
Behance Portfolio Manager portfolio-manager-powered-by-behance
Better Find and Replace – AI-Powered Suggestions real-time-auto-find-and-replace
Bg Church Memos bg-church-memos
Bitly’s WordPress Plugin wp-bitly
Blog Designer blog-designer
BM Content Builder bm-builder
BMI Adult & Kid Calculator bmi-adultkid-calculator
Bot Block – Stop Spam Referrals in Google Analytics bot-block-stop-spam-google-analytics-referrals
BP Disable Activation Reloaded bp-disable-activation-reloaded
Buckets buckets
BuddyPress Notification Widget buddypress-notifications-widget
Card Elements for WPBakery card-elements-for-wpbakery
CardCom Payment Gateway woo-cardcom-payment-gateway
Carousel Ultimate carousel
Casengo Live Chat Support the-casengo-chat-widget
CashBill.pl – Płatności WooCommerce cashbill-payment-method
Category Dropdown by GCS Design wp-category-dropdown
Category Featured Images category-featured-images
Category Featured Images Extended category-featured-images-extended
Cecabank WooCommerce Plugin cecabank-woocommerce
CF7 Submissions – Securely Store Contact Form 7 Data and Attachments, Reply to the Sender and more cf7-submissions
cForms – Light speed fast Form Builder cforms-plugin
Clariti clariti
Classic Widgets with Block-based Widgets classic-widgets-with-block-based-widgets
Click & Tweet click-tweet
CM Business Directory – Optimise and showcase local business cm-business-directory
CoDesigner – All in One Elementor WooCommerce Builder woolementor
Colibri Page Builder colibri-page-builder
Comments – wpDiscuz wpdiscuz
Compact Archives compact-archives
Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices
Connector Wizard (formerly LC Wizard) ghl-wizard
Content Mask content-mask
Convert WordPress to app | AppMySite appmysite
CopySafe Web Protection wp-copysafe-web
CoSchedule coschedule-by-todaymade
Coupon Affiliates – Affiliate Plugin for WooCommerce woo-coupon-usage
Cozy Blocks – All-in-One Page Builder Blocks for Gutenberg and Full Site Editing (FSE) cozy-addons
CP Multi View Event Calendar cp-multi-view-calendar
CubeWP – All-in-One Dynamic Content Framework cubewp-framework
Current Age Plugin current-age
Custom Block Builder – Lazy Blocks lazy-blocks
Custom iFrame for Elementor – Embed Pdf, Maps, Videos, & Websites Easily custom-iframe
Custom Login URL custom-login-url
Custom Post Type Images custom-post-types-image
Customer Support Ticket System & Helpdesk Plugin for WordPress wp-ticket
Dashboard Notepad dashboard-notepad
Delisho – Recipe Widgets and Blocks dr-widgets-blocks
Deliver via Shipos for WooCommerce wc-shipos-delivery
DELUCKS SEO delucks-seo
Designil PDPA Thailand pdpa-thailand
DethemeKit for Elementor dethemekit-for-elementor
Developer developer
Di Themes Demo Site Importer di-themes-demo-site-importer
Dialogity Free Live Chat dialogity-website-chat
Directory Pro directory-pro
Ditty – Responsive News Tickers, Sliders, and Lists ditty-news-ticker
DOAJ Export doaj-export
Doliconnect doliconnect
Double the Donation – A workplace giving tool to help your fundraising efforts double-the-donation
Download After Email – Subscribe & Download Form Plugin download-after-email
Download Manager download-manager
Draft – Tailwind CSS for WordPress. website-builder
E-namad & Shamed Logo Manager e-namad-shamed-logo-manager
Easy Elementor Addons easy-elementor-addons
Easy Hotel Booking – Powerful Hotel Booking Plugin easy-hotel
Easy Pricing Table WP easy-pricing-table-wp
Easy Quotes easy-quotes
Editor Custom Color Palette editor-custom-color-palette
Email Marketing, Email Automation, Newsletter & Cart Abandonment for WordPress and WooCommerce – Mail Mint mail-mint
EmailKit – Email Customizer for WooCommerce & WP emailkit
Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files embed-any-document
Emergency Password Reset emergency-password-reset
Employee Spotlight – Team Member Showcase & Meet the Team Plugin employee-spotlight
Envíos Coordinadora Woocommerce (Oficial) – WordPress plugin coordinadora
Epeken All Kurir Plugin for Woocommerce Full Version epeken-all-kurir
Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce
Event Rocket event-rocket
Events Manager – OpenStreetMaps stonehenge-em-osm
eZee Online Hotel Booking Engine online-booking-engine
FAQ / Accordion / Docs / KB – Helpie WordPress FAQ Accordion plugin helpie-faq
Fastly fastly
Featured Image from URL (FIFU) featured-image-from-url
Flexible FAQ flexible-faq
Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices
Flytedesk Digital flytedesk-digital
Force Update Translations force-update-translations
Form Generator for WordPress form-generator-powered-by-jotform
Front End Users front-end-only-users
Frontend File Manager Plugin nmedia-user-file-uploader
Fusion Page Builder : Extension – Gallery fusion-extension-gallery
Gallery Custom Links gallery-custom-links
Gallery Lightbox gallery-lightbox-slider
GD bbPress Tools gd-bbpress-tools
Genealogical Tree – WordPress Family Tree genealogical-tree
Genesis Club Lite genesis-club-lite
Geolocation IP Detection geoip-detect
GetResponse Forms by Optin Cat getresponse
Getwid – Gutenberg Blocks getwid
Gianism gianism
Google+ Comments google-plus-comments
Goracash goracash
Grand Conference Theme Custom Post Type grandconference-custom-post
Gravitate Automated Tester gravitate-automated-tester
Grid grid
GSheets Connector sheetlink
GST for WooCommerce gst-for-woocommerce
Gutenify – Visual Site Builder Blocks & Site Templates. gutenify
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor gutenkit-blocks-addon
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor gutentor
Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce
Heureka heureka
Hide WP Toolbar hide-wp-toolbar
HidePost hidepost
HieCOR Payment Gateway Plugin hcv4-payment-gateway
Highlight and Share – Social Text and Image Sharing highlight-and-share
HivePress Claim Listings hivepress-claim-listings
HORIZONTAL SLIDER horizontal-slider
HotelRunner Booking Widget hotelrunner
Houzez Theme – Functionality houzez-theme-functionality
HT Feed ht-instagram
HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery
HTACCESS IP Blocker htaccess-ip-blocker
Hubbub Lite – Fast, Reliable Social Sharing Buttons social-pug
Ibtana – WordPress Website Builder ibtana-visual-editor
Image Editor by Pixo image-editor-by-pixo
Image Hover Effects – Elementor Addon image-hover-effects-addon-for-elementor
immonex Kickstart Team immonex-kickstart-team
Import Markdown – Versatile Markdown Importer import-markdown
Instapage Plugin instapage
Interact: Embed A Quiz On Your Site interact-quiz-embed
IP Based Login ip-based-login
Javo Core javo-core
Job Board Manager job-board-manager
JS Job Manager js-jobs
JSM file_get_contents() Shortcode wp-file-get-contents
Jupiter X Core jupiterx-core
Kama Click Counter kama-clic-counter
kontur Admin Style kontur-admin-style
LambertGroup – AllInOne – Banner with Playlist all-in-one-bannerWithPlaylist
LambertGroup – AllInOne – Banner with Thumbnails all-in-one-thumbnailsBanner
LambertGroup – AllInOne – Content Slider all-in-one-contentSlider
Last Updated Shortcode last-updated-shortcode
Lenix scss compiler lenix-scss-compiler
Library Bookshelves library-bookshelves
LinkedInclude linkedinclude
List Child Pages Shortcode list-child-pages-shortcode
ListingPro Plugin listingpro-plugin
ListingPro Reviews listingpro-reviews
Login-Logout login-logout
Logo Showcase – Responsive Logo Carousel, Grid, List & Ticker for WordPress logo-showcase
LWS Affiliation lws-affiliation
Magento 2 WordPress Integration m2wp
Mail Baby SMTP mail-baby-smtp
Mail Subscribe List mail-subscribe-list
Make Column Clickable for Elementor make-column-clickable-elementor
MakeStories (for Google Web Stories) makestories-helper
Map Categories to Pages map-categories-to-pages
Maps for WP maps-for-wp
Mapster WP Maps mapster-wp-maps
Markdown Shortcode markdown-shortcode
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution marketking-multivendor-marketplace-for-woocommerce
Master Slider – Responsive Touch Slider master-slider
MasterStudy LMS WordPress Plugin – for Online Courses and Education masterstudy-lms-learning-management-system
Mavis HTTPS to HTTP Redirection mavis-https-to-http-redirect
MaxiBlocks: 2300+ Patterns, 280+ Pages, 14.3K Icons & 100 Styles maxi-blocks
Media Library Assistant media-library-assistant
Mega Elements – Addons for Elementor mega-elements-addons-for-elementor
Memberful – Membership Plugin memberful-wp
Mobi2Go mobi2go
MultiLoca – WooCommerce Multi Locations Inventory Management WooCommerce-Multi-Locations-Inventory-Management
MWW Disclaimer Buttons mww-disclaimer-buttons
Netgsm netgsm
NewsmanApp newsmanapp
Nextend Social Login and Register nextend-facebook-connect
NGG Smart Image Search ngg-smart-image-search
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
NIX Anti-Spam Light nix-anti-spam-light
No External Links mihdan-no-external-links
Nota Fiscal Eletrônica WooCommerce nota-fiscal-eletronica-woocommerce
Notely notely
OAuth Single Sign On – SSO (OAuth Client) miniorange-login-with-eve-online-google-facebook
Open User Map open-user-map
Oshine Core oshine-core
Page Manager for Elementor page-manager-for-elementor
Page-list page-list
Participants Database participants-database
Passster – Password Protect Pages and Content content-protector
payOS payos
Payrexx Payment Gateway for WooCommerce woo-payrexx-gateway
PE Easy Slider pe-easy-slider
Penci Filter Everything penci-filter-everything
Penci Podcast penci-podcast
Penci Portfolio penci-portfolio
Penci Recipe penci-recipe
Penci Shortcodes & Performance penci-shortcodes
Perfect Brands for WooCommerce perfect-woocommerce-brands
PGS Core pgs-core
Photo Gallery by Ays – Responsive Image Gallery gallery-photo-gallery
PilotPress pilotpress
Pinterest Pinboard Widget pinterest-pinboard-widget
Piotnet Forms piotnetforms
PlayerJS playerjs
Plugin Ongkos Kirim JNE Tiki Sicepat Wahana J&T POS for Woocommerce ongkoskirim-id
Plugin Security Scanner plugin-security-scanner
Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress
Podlove Subscribe button podlove-subscribe-button
Poll Maker – Versus Polls, Anonymous Polls, Image Polls poll-maker
PopAd popad
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder popup-maker
Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress portfolio
Portfolio for Elementor & Image Gallery | PowerFolio portfolio-elementor
Post Carousel Slider for Elementor post-carousel-slider-for-elementor
Post Featured Video post-featured-video
pressapps-accordion-faq pressapps-accordion-faq
Printcart Web to Print Product Designer for WooCommerce printcart-integration
Printeers Print & Ship invition-print-ship
Product Addons and Product Options With Custom Fields – WowAddons product-addons
Product Catalog Simple post-type-x
Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) uni-woo-custom-product-options-premium
Product Time Countdown for WooCommerce product-countdown-for-woocommerce
Professional Contact Form professional-contact-form
Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager wedevs-project-manager
Proof Factor – Social Proof Notifications proof-factor-social-proof-notifications
Publitio publitio
Qubely – Advanced Gutenberg Blocks qubely
Quick View for WooCommerce woo-quickview
Quiz Maker Business quiz-maker
Real Estate Manager – Property Listing and Agent Management real-estate-manager
Recaptcha – wp recaptcha-wp
Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend wp-user-frontend
Request a Quote Form Plugin – Price Quote Request Management Made Easy request-a-quote
Revive.so – Bulk Rewrite and Republish Blog Posts revive-so
RIS Version Switcher – Downgrade or Upgrade WP Versions Easily ris-version-switcher
Safety Exit safety-exit
Sales Count Manager for WooCommerce wc-sales-count-manager
SALESmanago & Leadoo salesmanago
SAPO Feed sapo-feed
Save as PDF Plugin by PDFCrowd save-as-pdf-by-pdfcrowd
Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization metasync
Sendle Shipping Plugin official-sendle-shipping-method
SEO Backlink Monitor seo-backlink-monitor
SEO Search Permalink seo-search-permalink
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution shopengine
Shortcode shortcode
Show Pages List show-pages-list
ShrinkTheWeb (STW) Website Previews Plugin shrinktheweb-website-preview-plugin
Sign-up Sheets sign-up-sheets
Silencesoft RSS Reader external-rss-reader
Simple Colorbox simple-colorbox
Simple JWT Login – Allows you to use JWT on REST endpoints. simple-jwt-login
Simple Meta Tags simple-meta-tags
Simple Restaurant Menu simple-restaurant-menu
Sitekit sitekit
SiteNarrator Text-to-Speech Widget sitespeaker-widget
Skimlinks Affiliate Marketing Tool skimlinks
SKT Blocks – Gutenberg based Page Builder skt-blocks
Skyword XMLRPC publishing skyword-plugin
Slightly troublesome permalink slightly-troublesome-permalink
Smart Blocks smart-blocks
Smart Related Products – AI-Inspired Recommendations for WooCommerce ai-related-products
SnapWidget Social Photo Feed Widget snapwidget-wp-instagram-widget
SQL Chart Builder sql-chart-builder
Stackable – Page Builder Gutenberg Blocks stackable-ultimate-gutenberg-blocks
Sticky Header Effects for Elementor sticky-header-effects-for-elementor
Stock Message stock-message
StylePress for Elementor full-site-builder-for-elementor
Subresource Integrity (SRI) Manager wp-sri
Subscribe to Download subscribe-to-download
Subscribe To Unlock subscribe-to-unlock
Super Blank super-blank
SV Proven Expert sv-provenexpert
Sweet Energy Efficiency sweet-energy-efficiency
Sync Feedly sync-feedly
System Dashboard system-dashboard
Tapfiliate tapfiliate
Team Manager – Team Member Showcase with grid, slider, table Elementor widget & shortcode wp-team-manager
Team Members team-members
Team – Team Members Showcase Plugin tlp-team
Termageddon: Cookie Consent & Privacy Compliance termageddon-usercentrics
Testimonial Slider – Free Testimonials Slider Plugin testimonial-add
Text To Speech TTS Accessibility text-to-audio
tf-woo-product-grid tf-woo-product-grid
The Tribal Plugin the-tech-tribe
Theater for WordPress theatre
Theme My Login theme-my-login
Themify Builder themify-builder
TI WooCommerce Wishlist ti-woocommerce-wishlist
TOCHAT.BE tochat-be
Translate Multilingual sites – TranslatePress translatepress-multilingual
Translate WordPress with ConveyThis conveythis-translate
Travel Map travelmap-blog
Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms trust-reviews
Trustpilot Reviews trustpilot-reviews
TweetThis Shortcode tweetthis-shortcode
TZ Plus Gallery tz-plus-gallery
UK Address Postcode Validation uk-address-postcode-validation
Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder ultimate-store-kit
Ultimate Watermark – Advanced Image Watermarking ultimate-watermark
Ultimate WP Mail ultimate-wp-mail
Uncanny Toolkit for LearnDash uncanny-learndash-toolkit
Upcoming Events Lists upcoming-events-lists
Upsell Funnel Builder for WooCommerce – New Marketing Funnel Builder and Sales Funnel Builder tailored for your store. upsell-order-bump-offer-for-woocommerce
User Notes user-notes
Vehica Core vehica-core
Verowa Connect verowa-connect
Video Blogster Lite video-blogster-lite
VikRestaurants Table Reservations and Take-Away vikrestaurants
VM Menu Reorder plugin vm-menu-reorder
VoucherPress voucherpress
VPSUForm – No-Code Custom Form Builder – Contact Forms, Conversion Form & More v-form
W3SCloud Contact Form 7 to Zoho CRM w3s-cf7-zoho
Website Chat Button: Kommo integration website-chat-button-kommo-integration
WEDOS Global (CDN Cache & Security) wgpwpp
Werk aan de Muur werk-aan-de-muur
WeShare Buttons e-mailit
Widget Options – Extended extended-widget-options
Widgets for Tiktok Feed widgets-for-tiktok-video-feed
WooEvents – Calendar and Event Booking woo-events
WooMS wooms
WordPress Adverts Plugin – Adverts Click Tracker adverts-click-tracker
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds another-wordpress-classifieds-plugin
WordPress Mega menu Plugin – Groovy Menu (Free) groovy-menu-free
WordPress Widgets Shortcode wp-widgets-shortcode
Workscout Core workscout-core
WP Advanced PDF wp-advanced-pdf
WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations
WP Compiler wp-compiler
WP Compress – Instant Performance & Speed Optimization wp-compress-image-optimizer
WP Content Protection wp-content-protection
WP Delete User Accounts wp-delete-user-accounts
WP Directory Kit wpdirectorykit
WP Events Manager wp-events-manager
WP Frontend Admin – Display WP Admin Pages in the Frontend display-admin-page-on-frontend
WP Gravity Forms HubSpot gf-hubspot
WP Gravity Forms Keap/Infusionsoft gf-infusionsoft
WP Mailto Links – Protect Email Addresses wp-mailto-links
WP Media Categories wp-media-categories
WP Proposals wp-proposals
WP Social Widget wp-social-widget
WP Statistics – Simple, privacy-friendly Google Analytics alternative wp-statistics
WP Subscription Forms PRO wp-subscription-forms-pro
WP Subtitle wp-subtitle
WP System Information wp-system-info
Wp tabber widget wp-tabber-widget
WP Tesseract wp-tesseract
WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor wte-elementor-widgets
WP Virtual Assistant VirtualAssistant
WP-DownloadManager wp-downloadmanager
WP-Members Membership Plugin wp-members
wp-mpdf wp-mpdf
WPB Quick View Popup for WooCommerce woocommerce-lightbox
WPCasa wpcasa
WPComplete wpcomplete
WPeMatico RSS Feed Fetcher wpematico
WPFront User Role Editor wpfront-user-role-editor
WPKoi Templates for Elementor wpkoi-templates-for-elementor
WPMK PDF Generator wpmk-pdf-generator
xili-language xili-language
xili-tidy-tags xili-tidy-tags
YayCurrency – WooCommerce Multi-Currency Switcher yaycurrency
Yext Plugin yext
YouTube Showcase – Responsive YouTube Video Gallery Plugin for WordPress youtube-showcase
Zephyr Project Manager zephyr-project-manager
Zoho Billing – Embed Payment Form zoho-subscriptions
Zoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automation zoho-flow
ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns zoloblocks

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
constructo constructo
CouponXxL couponxxl
DentiCare – Medical & Dentist WordPress Theme denticare
DriCub – Driving School WordPress Theme dricub-driving-school
fingo fingo
FoodBook foodbook
frames frames
imevent imevent
Nokri – Job Board WordPress Theme nokri
Snow Monkey snow-monkey
Soledad soledad
TheGem thegem
TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme thegem-elementor
Woostify woostify
WPLMS Learning Management System for WordPress, WordPress LMS wplms
XStore xstore

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

MultiLoca – WooCommerce Multi Locations Inventory Management <= 4.2.8 – Missing Authorization to Unauthenticated Arbitrary Options Update via ‘wcmlim_settings_ajax_handler’

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-9054
Patch Status
Patched
Published
Sep 23, 2025
Affected Software
MultiLoca – WooCommerce Multi Locations Inventory Management
Researcher
More Details >

Podlove Podcast Publisher <= 4.2.6 – Unauthenticated Arbitrary File Upload

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-10147
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Podlove Podcast Publisher
Researcher
More Details >

Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.54 – Unauthenticated Arbitrary File Upload via ‘uni_cpo_upload_file’

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-10412
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium)
Researcher
More Details >

WPCasa <= 1.4.1 – Unauthenticated Code Injection

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-9321
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
WPCasa
Researcher
More Details >

Advanced Settings <= 3.1.1 – Authenticated (Author+) Arbitrary File Upload

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-58996
Patch Status
Patched
Published
Sep 24, 2025
Affected Software
Advanced Settings 3
Researcher
More Details >

Advanced Views – Display Posts, Custom Fields, and More <= 3.7.19 – Authenticated (Author+) Remote Code Execution via SSTI

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-10380
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Advanced Views – Display Posts, Custom Fields, and More
Researcher
More Details >

BM Content Builder < 3.16.3.3 – Authenticated (Contributor+) Arbitrary File Deletion

8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-59002
Patch Status
Patched
Published
Sep 23, 2025
Affected Software
BM Content Builder
Researcher
More Details >

DentiCare < 1.4.3 – Unauthenticated PHP Object Injection

8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-54723
Patch Status
Patched
Published
Sep 23, 2025
Affected Software
DentiCare – Medical & Dentist WordPress Theme
Researcher
More Details >

Houzez Theme – Functionality <= 4.1.2 – Authenticated (Subscriber+) Arbitrary File Download

8.1
CVSS Rating
High (8.1)
CVE-ID
Unknown
Patch Status
Patched
Published
Sep 23, 2025
Affected Software
Houzez Theme – Functionality
Researcher
More Details >

Sign-up Sheets <= 2.3.2 – Unauthenticated PHP Object Injection

8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-49393
Patch Status
Patched
Published
Sep 23, 2025
Affected Software
Sign-up Sheets
Researcher
More Details >

TF Woo Product Grid Addon For Elementor <= 1.0.1 – Unauthenticated PHP Object Injection

8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-59007
Patch Status
Unpatched
Published
Sep 23, 2025
Affected Software
tf-woo-product-grid
Researcher
More Details >

TranslatePress <= 2.10.2 – Unauthenticated PHP Object Injection

8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-58592
Patch Status
Patched
Published
Sep 24, 2025
Affected Software
Translate Multilingual sites – TranslatePress
Researcher
More Details >

Accordion FAQ <= 2.2.1 – Authenticated (Contributor+) Local File Inclusion

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-58024
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
pressapps-accordion-faq
Researcher
More Details >

Awesome Support <= 6.3.5 – Authenticated (Support Manager+) PHP Object Injection

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-58662
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Awesome Support – WordPress HelpDesk & Support Plugin
Researcher
More Details >

Easy Elementor Addons <= 2.2.8 – Authenticated (Contributor+) Local File Inclusion

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-58973
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Easy Elementor Addons
Researcher
More Details >

Easy Pricing Table WP <= 1.1.3 – Authenticated (Contributor+) Local File Inclusion

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-53450
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Easy Pricing Table WP
Researcher
More Details >

HieCOR Payment Gateway Plugin <= 1.5.11 – Unauthenticated SQL Injection

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-52773
Patch Status
Unpatched
Published
Sep 23, 2025
Affected Software
HieCOR Payment Gateway Plugin
Researcher
More Details >

immonex Kickstart Team <= 1.6.9 – Authenticated (Contributor+) Local File Inclusion

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-57925
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
immonex Kickstart Team
Researcher
More Details >

Soledad <= 8.6.8 – Authenticated (Contributor+) Local File Inclusion

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-59588
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Soledad
Researcher
More Details >

Subscribe to Download <= 2.0.9 – Authenticated (Contributor+) Local File Inclusion

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-60150
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Subscribe to Download
Researcher
More Details >

Subscribe To Unlock <= 1.1.5 – Authenticated (Contributor+) Local File Inclusion

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-60153
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Subscribe To Unlock
Researcher
More Details >

Testimonial Slider <= 3.5.8.6 – Authenticated (Contributor+) Local File Inclusion

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-60126
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Testimonial Slider – Free Testimonials Slider Plugin
Researcher
More Details >

DriCub <= 2.9 – Unauthenticated Server-Side Request Forgery

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-58005
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
DriCub – Driving School WordPress Theme
Researcher
More Details >

Gutenify <= 1.5.7 – Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-53324
Patch Status
Unpatched
Published
Sep 23, 2025
Affected Software
Gutenify – Visual Site Builder Blocks & Site Templates.
Researcher
More Details >

Silencesoft RSS Reader <= 0.6 – Unauthenticated Server-Side Request Forgery

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-60181
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Silencesoft RSS Reader
Researcher
More Details >

WP Statistics <= 14.5.4 – Unauthenticated Stored Cross-Site Scripting via User-Agent Header

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-9816
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
WP Statistics – Simple, privacy-friendly Google Analytics alternative
Researcher
More Details >

WP-DownloadManager <= 1.68.11 – Authenticated (Admin+) Arbitrary File Upload

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-10747
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
WP-DownloadManager
Researcher
More Details >

YayCurrency <= 3.2 – Authenticated (Administrator+) Remote Code Execution

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-60114
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
YayCurrency – WooCommerce Multi-Currency Switcher
Researcher
More Details >

ZoloBlocks <= 2.3.11 – Unauthenticated Sever-Side Request Forgery

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-60161
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns
Researcher
More Details >

GSheets Connector <= 1.1.1 – Authenticated (Administrator+) PHP Object Injection

6.6
CVSS Rating
Medium (6.6)
CVE-ID
CVE-2025-53465
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
GSheets Connector
Researcher
More Details >

Language Translate Widget for WordPress – ConveyThis <= 266 – Authenticated (Administrator+) PHP Object Injection

6.6
CVSS Rating
Medium (6.6)
CVE-ID
CVE-2025-57919
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Translate WordPress with ConveyThis
Researcher
More Details >

AllInOne – Banner Rotator <= 3.8 – Authenticated (Contributor+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-60110
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
AllInOne – Banner Rotator
Researcher
More Details >

AppMySite <= 3.14.0 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58679
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Convert WordPress to app | AppMySite
Researcher
More Details >

AWP Classifieds <= 4.3.5 – Unauthenticated Arbitrary Shortcode Execution

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-57928
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds
Researcher
More Details >

Backuply – Backup, Restore, Migrate and Clone <= 1.4.8 – Authenticated (Admin+) Arbitrary File Deletion

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-10307
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Backuply – Backup, Restore, Migrate and Clone
Researcher
More Details >

CardCom Payment Gateway <= 3.5.0.4 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-57976
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
CardCom Payment Gateway
Researcher
More Details >

Cecabank WooCommerce Plugin <= 0.3.4 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58685
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Cecabank WooCommerce Plugin
Researcher
More Details >

Classic Widgets with Block-based Widgets <= 1.0.1 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58029
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Classic Widgets with Block-based Widgets
Researcher
More Details >

Cozy Blocks <= 2.1.29 – Unauthenticated Arbitrary Shortcode Execution

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-59573
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Cozy Blocks – All-in-One Page Builder Blocks for Gutenberg and Full Site Editing (FSE)
Researcher
More Details >

DriCub <= 2.9 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58004
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
DriCub – Driving School WordPress Theme
Researcher
More Details >

Easy Quotes <= 1.2.4 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58681
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Easy Quotes
Researcher
More Details >

imEvent <= 3.4.0 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58243
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
imevent
Researcher
More Details >

Javo Core <= 3.0.0.266 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58003
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Javo Core
Researcher
More Details >

LambertGroup – AllInOne – Banner with Playlist <= 3.8 – Authenticated (Contributor+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-60107
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
LambertGroup – AllInOne – Banner with Playlist
Researcher
More Details >

LambertGroup – AllInOne – Banner with Thumbnails <= 3.8 – Authenticated (Contributor+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-60108
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
LambertGroup – AllInOne – Banner with Thumbnails
Researcher
More Details >

LambertGroup – AllInOne – Content Slider <= 3.8 – Authenticated (Contributor+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-60109
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
LambertGroup – AllInOne – Content Slider
Researcher
More Details >

Memberful <= 1.75.0 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58000
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Memberful – Membership Plugin
Researcher
More Details >

Perfect Brands for WooCommerce <= 3.6.2 – Authenticated (Contributor+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58686
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Perfect Brands for WooCommerce
Researcher
More Details >

PGS Core <= 5.9.0 – Authenticated (Contributor+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-60118
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
PGS Core
Researcher
More Details >

Printcart Web to Print Product Designer for WooCommerce <= 2.4.3 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-57917
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Printcart Web to Print Product Designer for WooCommerce
Researcher
More Details >

SALESmanago <= 3.8.1 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-57971
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
SALESmanago & Leadoo
Researcher
More Details >

Skimlinks Affiliate Marketing Tool <= 1.3 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-57944
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Skimlinks Affiliate Marketing Tool
Researcher
More Details >

Team Manager <= 2.3.16 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58222
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Team Manager – Team Member Showcase with grid, slider, table Elementor widget & shortcode
Researcher
More Details >

TI WooCommerce Wishlist <= 2.10.0 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-58247
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
TI WooCommerce Wishlist
Researcher
More Details >

WooMS <= 9.12 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-57957
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WooMS
Researcher
More Details >

WowAddons <= 1.0.17 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-57958
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Product Addons and Product Options With Custom Fields – WowAddons
Researcher
More Details >

WP Events Manager <= 2.2.1 – Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-57987
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Events Manager
Researcher
More Details >

Wp tabber widget <= 4.0 – Authenticated (Contributor+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-53468
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Wp tabber widget
Researcher
More Details >

XStore <= 9.5.3 – Unauthenticated Arbitrary Shortcode Execution

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-60100
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
XStore
Researcher
More Details >

Adverts <= 1.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57911
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WordPress Adverts Plugin – Adverts Click Tracker
Researcher
More Details >

AnyClip Luminous Studio <= 1.3.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57910
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
AnyClip Luminous Studio
Researcher
More Details >

aThemes Addons for Elementor <= 1.1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60112
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
aThemes Addons for Elementor
Researcher
More Details >

bbp topic count <= 3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60163
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
bbp topic count
Researcher
More Details >

Behance Portfolio Manager <= 1.7.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57913
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Behance Portfolio Manager
Researcher
More Details >

Bg Church Memos <= 1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58242
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Bg Church Memos
Researcher
More Details >

Bitly <= 2.7.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58231
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Bitly’s WordPress Plugin
Researcher
More Details >

Buckets <= 0.3.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57996
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Buckets
Researcher
More Details >

BuddyPress Notification Widget <= 1.3.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58263
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
BuddyPress Notification Widget
Researcher
More Details >

Card Elements for WPBakery <= 1.0.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58220
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Card Elements for WPBakery
Researcher
More Details >

Carousel Ultimate <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58652
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Carousel Ultimate
Researcher
More Details >

Category Featured Images <= 1.1.8 – Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58655
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Category Featured Images
Researcher
More Details >

Category Featured Images Extended <= 1.52 – Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57920
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Category Featured Images Extended
Researcher
More Details >

CM Business Directory <= 1.5.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-10178
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
CM Business Directory – Optimise and showcase local business
Researcher
More Details >

Compact Archives <= 4.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58001
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Compact Archives
Researcher
More Details >

Content Mask <= 1.8.5.2 – Authenticated (Contributor+) Server-Side Request Forgery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58011
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Content Mask
Researcher
More Details >

CubeWP <= 1.1.26 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59569
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
CubeWP – All-in-One Dynamic Content Framework
Researcher
More Details >

Custom iFrame for Elementor <= 1.0.13 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59553
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Custom iFrame for Elementor – Embed Pdf, Maps, Videos, & Websites Easily
Researcher
More Details >

DELUCKS SEO <= 2.7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-53570
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
DELUCKS SEO
Researcher
More Details >

Designil PDPA Thailand <= 2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58028
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Designil PDPA Thailand
Researcher
More Details >

Directory Pro <= 2.5.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57948
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Directory Pro
Researcher
More Details >

Ditty <= 3.1.58 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60105
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Ditty – Responsive News Tickers, Sliders, and Lists
Researcher
More Details >

Easy Hotel Booking <= 1.6.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57938
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Easy Hotel Booking – Powerful Hotel Booking Plugin
Researcher
More Details >

Embed Any Document <= 2.7.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60099
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files
Researcher
More Details >

Events Manager – OpenStreetMaps <= 4.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58265
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Events Manager – OpenStreetMaps
Researcher
More Details >

Front End Users <= 3.2.33 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58235
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Front End Users
Researcher
More Details >

Fusion Page Builder : Extension – Gallery <= 1.7.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58965
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Fusion Page Builder : Extension – Gallery
Researcher
More Details >

Gallery Custom Links <= 2.2.5 – Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60104
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
Gallery Custom Links
Researcher
More Details >

Gallery Lightbox <= 1.0.0.41 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57966
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Gallery Lightbox
Researcher
More Details >

GD bbPress Tools <= 3.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58002
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
GD bbPress Tools
Researcher
More Details >

Genealogical Tree <= 2.2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58023
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Genealogical Tree – WordPress Family Tree
Researcher
More Details >

Genesis Club Lite <= 1.17 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58691
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Genesis Club Lite
Researcher
More Details >

Geolocation IP Detection <= 5.5.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57993
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Geolocation IP Detection
Researcher
More Details >

GetResponse Forms <= 2.6.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59549
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
GetResponse Forms by Optin Cat
Researcher
More Details >

Gianism <= 5.2.2 – Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58266
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Gianism
Researcher
More Details >

GutenKit <= 2.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57900
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor
Researcher
More Details >

Highlight and Share – Social Text and Image Sharing <= 5.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58260
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Highlight and Share – Social Text and Image Sharing
Researcher
More Details >

HT Feed <= 1.3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60147
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
HT Feed
Researcher
More Details >

HT Mega – Absolute Addons for WPBakery Page Builder <= 1.0.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-53463
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
HT Mega – Absolute Addons for WPBakery Page Builder
Researcher
More Details >

Image Editor by Pixo <= 2.3.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58232
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Image Editor by Pixo
Researcher
More Details >

Import Markdown <= 1.14 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57901
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Import Markdown – Versatile Markdown Importer
Researcher
More Details >

Job Board Manager <= 2.1.61 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60162
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Job Board Manager
Researcher
More Details >

JS Job Manager <= 2.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58234
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
JS Job Manager
Researcher
More Details >

JSM file_get_contents() Shortcode <= 2.7.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58653
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
JSM file_get_contents() Shortcode
Researcher
More Details >

JupiterX Core <= 4.10.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58264
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Jupiter X Core
Researcher
More Details >

Kama Click Counter <= 4.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58682
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Kama Click Counter
Researcher
More Details >

Last Updated Shortcode <= 1.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58683
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Last Updated Shortcode
Researcher
More Details >

LC Wizard <= 1.4.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58237
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Connector Wizard (formerly LC Wizard)
Researcher
More Details >

Library Bookshelves <= 5.11 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57964
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Library Bookshelves
Researcher
More Details >

List Child Pages Shortcode <= 1.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58021
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
List Child Pages Shortcode
Researcher
More Details >

Logo Showcase <= 3.0.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58684
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Logo Showcase – Responsive Logo Carousel, Grid, List & Ticker for WordPress
Researcher
More Details >

Mail Subscribe List <= 2.1.10 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58018
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Mail Subscribe List
Researcher
More Details >

Make Column Clickable Elementor <= 1.6.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59592
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Make Column Clickable for Elementor
Researcher
More Details >

MakeStories (for Google Web Stories) <= 3.0.4 – Authenticated (Author+) Server-Side Request Forgery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57984
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
MakeStories (for Google Web Stories)
Researcher
More Details >

Mapster WP Maps <= 1.20.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-9044
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Mapster WP Maps
Researcher
More Details >

Markdown Shortcode <= 0.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-10180
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Markdown Shortcode
Researcher
More Details >

MarketKing <= 2.0.92 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58702
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution
Researcher
More Details >

Master Slider <= 3.11.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58025
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Master Slider – Responsive Touch Slider
Researcher
More Details >

Media Library Assistant <= 3.28 – Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59590
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Media Library Assistant
Researcher
More Details >

Mega Elements – Addons for Elementor <= 1.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-8200
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Mega Elements – Addons for Elementor
Researcher
More Details >

Multiple Plugins by eMarket Design <= Various Versions – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58915
Patch Status
Patched
Published
Sep 23, 2025
Affected Software
Customer Support Ticket System & Helpdesk Plugin for WordPress
Employee Spotlight – Team Member Showcase & Meet the Team Plugin
Request a Quote Form Plugin – Price Quote Request Management Made Easy
YouTube Showcase – Responsive YouTube Video Gallery Plugin for WordPress
Researcher
More Details >

Nextend Facebook Connect <= 3.1.19 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58031
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Nextend Social Login and Register
Researcher
More Details >

NGG Smart Image Search <= 3.4.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58027
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
NGG Smart Image Search
Researcher
More Details >

Open User Map <= 1.4.14 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57953
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Open User Map
Researcher
More Details >

Page-list <= 5.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58030
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Page-list
Researcher
More Details >

Participants Database <= 2.7.6.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58008
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Participants Database
Researcher
More Details >

Passster <= 4.2.18 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57926
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Passster – Password Protect Pages and Content
Researcher
More Details >

Penci Filter Everything < 1.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59583
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Penci Filter Everything
Researcher
More Details >

Penci Podcast <= 1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59584
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Penci Podcast
Researcher
More Details >

Penci Portfolio <= 3.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59586
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Penci Portfolio
Researcher
More Details >

Penci Recipe <= 4.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59585
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Penci Recipe
Researcher
More Details >

Penci Shortcodes & Performance < 6.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59587
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Penci Shortcodes & Performance
Researcher
More Details >

Photo Gallery by Ays <= 6.3.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57947
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Photo Gallery by Ays – Responsive Image Gallery
Researcher
More Details >

PilotPress <= 2.0.36 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58238
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
PilotPress
Researcher
More Details >

Pinterest Pinboard Widget <= 1.0.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58248
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Pinterest Pinboard Widget
Researcher
More Details >

PlayerJS <= 2.24 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58651
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
PlayerJS
Researcher
More Details >

Podlove Subscribe button <= 1.3.11 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58227
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Podlove Subscribe button
Researcher
More Details >

Poll Maker <= 6.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57954
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Poll Maker – Versus Polls, Anonymous Polls, Image Polls
Researcher
More Details >

Popup Maker <= 1.20.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-9490
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Researcher
More Details >

Portfolio <= 2.58 – Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58245
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress
Researcher
More Details >

PowerFolio <= 3.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57932
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Portfolio for Elementor & Image Gallery | PowerFolio
Researcher
More Details >

Product Catalog Simple <= 1.8.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58992
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Product Catalog Simple
Researcher
More Details >

Publitio <= 2.2.1 – Authenticated (Contributor+) Server-Side Request Forgery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58962
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Publitio
Researcher
More Details >

Quick View for WooCommerce <= 2.2.16 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58228
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Quick View for WooCommerce
Researcher
More Details >

Real Estate Manager <= 7.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58253
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Real Estate Manager – Property Listing and Agent Management
Researcher
More Details >

Save as PDF <= 4.5.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59552
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Save as PDF Plugin by PDFCrowd
Researcher
More Details >

Search Atlas SEO <= 2.5.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58019
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization
Researcher
More Details >

Shortcode <= 0.8.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58022
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Shortcode
Researcher
More Details >

Simple Colorbox <= 1.6.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60124
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Simple Colorbox
Researcher
More Details >

Simple JWT Login <= 3.6.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58648
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Simple JWT Login – Allows you to use JWT on REST endpoints.
Researcher
More Details >

Simple Meta Tags <= 1.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60142
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Simple Meta Tags
Researcher
More Details >

Sitekit <= 2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58229
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Sitekit
Researcher
More Details >

SKT Blocks <= 2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60138
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
SKT Blocks – Gutenberg based Page Builder
Researcher
More Details >

Skyword API Plugin <= 2.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58703
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Skyword XMLRPC publishing
Researcher
More Details >

SnapWidget Social Photo Feed Widget <= 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58241
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
SnapWidget Social Photo Feed Widget
Researcher
More Details >

Soledad <= 8.6.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59589
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Soledad
Researcher
More Details >

SQL Chart Builder <= 2.3.7.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58233
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
SQL Chart Builder
Researcher
More Details >

StylePress for Elementor <= 1.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58254
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
StylePress for Elementor
Researcher
More Details >

Tapfiliate <= 3.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58689
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Tapfiliate
Researcher
More Details >

Team Members <= 5.3.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-8440
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
Team Members
Researcher
More Details >

Termageddon: Cookie Consent & Privacy Compliance <= 1.8.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58026
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Termageddon: Cookie Consent & Privacy Compliance
Researcher
More Details >

Theater for WordPress <= 0.18.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58020
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Theater for WordPress
Researcher
More Details >

Themify Builder <= 7.6.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-9353
Patch Status
Patched
Published
Sep 23, 2025
Affected Software
Themify Builder
Researcher
More Details >

TweetThis Shortcode <= 1.8.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-10136
Patch Status
Unpatched
Published
Sep 25, 2025
Affected Software
TweetThis Shortcode
Researcher
More Details >

Ultimate Store Kit Elementor Addons <= 2.8.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58017
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
Researcher
More Details >

Ultimate WP Mail <= 1.3.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-53454
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Ultimate WP Mail
Researcher
More Details >

Uncanny Toolkit for LearnDash <= 3.7.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57988
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Uncanny Toolkit for LearnDash
Researcher
More Details >

Upsell Order Bump Offer for WooCommerce <= 3.0.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59565
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Upsell Funnel Builder for WooCommerce – New Marketing Funnel Builder and Sales Funnel Builder tailored for your store.
Researcher
More Details >

Verowa Connect <= 3.2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58257
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Verowa Connect
Researcher
More Details >

VoucherPress <= 1.5.7 – Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58223
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
VoucherPress
Researcher
More Details >

Widget Options – Extended <= 5.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-8902
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Widget Options – Extended
Researcher
More Details >

Widgets for Tiktok Feed <= 1.7.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-8906
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Widgets for Tiktok Feed
Researcher
More Details >

WordPress <= 6.8.2 – Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58674
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
WordPress
Researcher
More Details >

WordPress Widgets Shortcode <= 1.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57989
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WordPress Widgets Shortcode
Researcher
More Details >

WP Category Dropdown <= 1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58239
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Category Dropdown by GCS Design
Researcher
More Details >

WP Delete User Accounts <= 1.2.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58704
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Delete User Accounts
Researcher
More Details >

WP Frontend Admin <= 1.22.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57898
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Frontend Admin – Display WP Admin Pages in the Frontend
Researcher
More Details >

WP Proposals <= 2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57965
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Proposals
Researcher
More Details >

WP Social Widget <= 2.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57981
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Social Widget
Researcher
More Details >

WP Subtitle <= 3.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57986
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Subtitle
Researcher
More Details >

WP Ticket Customer Service Software & Support Ticket System <= 6.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60157
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
Customer Support Ticket System & Helpdesk Plugin for WordPress
Researcher
More Details >

WP Travel Engine <= 1.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-59574
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor
Researcher
More Details >

WP-Members <= 3.5.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57973
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
WP-Members Membership Plugin
Researcher
More Details >

wp-mpdf <= 3.9.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60040
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
wp-mpdf
Researcher
More Details >

WPB Quick View for WooCommerce <= 2.1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57967
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WPB Quick View Popup for WooCommerce
Researcher
More Details >

WPComplete <= 2.9.5.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58974
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
WPComplete
Researcher
More Details >

WPFront User Role Editor <= 4.2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-60102
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WPFront User Role Editor
Researcher
More Details >

WPKoi Templates for Elementor <= 3.4.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57999
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
WPKoi Templates for Elementor
Researcher
More Details >

xili-language <= 2.21.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58654
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
xili-language
Researcher
More Details >

xili-tidy-tags <= 1.12.06 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58240
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
xili-tidy-tags
Researcher
More Details >

Zoho Billing <= 4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-57963
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Zoho Billing – Embed Payment Form
Researcher
More Details >

ZoloBlocks <= 2.3.10 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-58230
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns
Researcher
More Details >

Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 – Cross-Site Request Forgery

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-9899
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms
Researcher
More Details >

Beaf <= 1.6.2 – Authenticated (Admin+) Server-Side Request Forgery

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-53461
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Beaf – Photo Comparison Block
Researcher
More Details >

Epeken All Kurir <= 2.0.2 – Authenticated (Shop manager+) Stored Cross-Site Scripting

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-57906
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Epeken All Kurir Plugin for Woocommerce Full Version
Researcher
More Details >

PopAd <= 1.0.4 – Authenticated (Admin+) Server-Side Request Forgery

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-60175
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
PopAd
Researcher
More Details >

Product Time Countdown for WooCommerce <= 1.6.4 – Authenticated (Shop manager+) Stored Cross-Site Scripting

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-57908
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Product Time Countdown for WooCommerce
Researcher
More Details >

SEO Backlink Monitor <= 1.6.0 – Authenticated (Administrator+) Server-Side Request Forgery

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-53457
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
SEO Backlink Monitor
Researcher
More Details >

Skimlinks Affiliate Marketing Tool <= 1.3 – Authenticated (Administrator+) Server-Side Request Forgery

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-57943
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Skimlinks Affiliate Marketing Tool
Researcher
More Details >

All In One SEO Pack <= 4.8.7 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58650
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
Researcher
More Details >

Blog Designer <= 3.1.8 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57990
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Blog Designer
Researcher
More Details >

CF7 Submissions <= 0.26 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58016
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
CF7 Submissions – Securely Store Contact Form 7 Data and Attachments, Reply to the Sender and more
Researcher
More Details >

Clariti <= 1.2.1 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57991
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Clariti
Researcher
More Details >

CoDesigner <= 4.26 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57961
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
CoDesigner – All in One Elementor WooCommerce Builder
Researcher
More Details >

DethemeKit For Elementor <= 2.1.10 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57995
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
DethemeKit for Elementor
Researcher
More Details >

Gutentor <= 3.5.2 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58680
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
Researcher
More Details >

Helpdesk Support Ticket System for WooCommerce <= 2.0.2 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57972
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Helpdesk Support Ticket System for WooCommerce
Researcher
More Details >

Hide WP Toolbar <= 2.7 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57969
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Hide WP Toolbar
Researcher
More Details >

Image Hover Effects – Elementor Addon <= 1.4.4 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57939
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Image Hover Effects – Elementor Addon
Researcher
More Details >

ListingPro Reviews <= 1.6 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58667
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
ListingPro Reviews
Researcher
More Details >

Ongkoskirim.id <= 1.0.6 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57949
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Plugin Ongkos Kirim JNE Tiki Sicepat Wahana J&T POS for Woocommerce
Researcher
More Details >

Oshine Core <= 1.5.5 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58660
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Oshine Core
Researcher
More Details >

PilotPress <= 2.0.36 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58221
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
PilotPress
Researcher
More Details >

Post Carousel Slider for Elementor <= 1.7.0 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57955
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Post Carousel Slider for Elementor
Researcher
More Details >

Qubely <= 1.8.14 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58663
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Qubely – Advanced Gutenberg Blocks
Researcher
More Details >

Snow Monkey <= 29.1.5 – Unauthenticated Blind Server-Side Request Forgery

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-10137
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Snow Monkey
Researcher
More Details >

Sticky Header Effects for Elementor <= 2.1.2 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58251
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Sticky Header Effects for Elementor
Researcher
More Details >

Subresource Integrity (SRI) Manager <= 0.4.0 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57936
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Subresource Integrity (SRI) Manager
Researcher
More Details >

Team <= 5.0.6 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57975
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Team – Team Members Showcase Plugin
Researcher
More Details >

Text To Speech TTS Accessibility <= 1.9.24 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58664
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Text To Speech TTS Accessibility
Researcher
More Details >

Trustpilot Reviews <= 2.5.925 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57997
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Trustpilot Reviews
Researcher
More Details >

Ultimate Watermark <= 1.1 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-57985
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Ultimate Watermark – Advanced Image Watermarking
Researcher
More Details >

Website Chat Button: Kommo integration <= 1.3.1 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58666
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Website Chat Button: Kommo integration
Researcher
More Details >

WP User Frontend <= 4.1.12 – Authenticated (Subscriber+) Arbitrary Shortcode Execution

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58673
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend
Researcher
More Details >

WP User Frontend <= 4.1.12 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58672
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend
Researcher
More Details >

WPLMS <= 4.970 – Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-58668
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WPLMS Learning Management System for WordPress, WordPress LMS
Researcher
More Details >

3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.16 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-58226
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery
Researcher
More Details >

Ajax Load More <= 7.6.0.2 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-59582
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Ajax Load More – Infinite Scroll
Researcher
More Details >

Banhammer – Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 – Unauthenticated Protection Mechanism Bypass

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-10745
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Banhammer – Monitor Site Traffic, Block Bad Users and Bots
Researcher
More Details >

CoSchedule <= 3.3.10 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60119
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
CoSchedule
Researcher
More Details >

Custom Login URL <= 1.0.2 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-58969
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Custom Login URL
Researcher
More Details >

Download After Email 2.1.5 – 2.1.6 – Unauthorized Repeated Form Submissions

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-54743
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Download After Email – Subscribe & Download Form Plugin
Researcher
More Details >

Download Manager <= 3.3.24 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60092
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Download Manager
Researcher
More Details >

Envíos Coordinadora Woocommerce <= 1.1.31 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-57922
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Envíos Coordinadora Woocommerce (Oficial) – WordPress plugin
Researcher
More Details >

Estonian Shipping Methods for WooCommerce <= 1.7.2 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-58656
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Estonian Shipping Methods for WooCommerce
Researcher
More Details >

Featured Image from URL (FIFU) <= 5.2.7 – Missing Authorization to Password Protected Post Disclosure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-9984
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Featured Image from URL (FIFU)
Researcher
More Details >

Featured Image from URL (FIFU) <= 5.2.7 – Unauthenticated Information Exposure via Log File

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-9985
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Featured Image from URL (FIFU)
Researcher
More Details >

FoodBook <= 4.7.1 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60125
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
FoodBook
Researcher
More Details >

Frontend File Manager <= 23.2 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-57921
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Frontend File Manager Plugin
Researcher
More Details >

Helpie FAQ <= 1.39 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-58659
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
FAQ / Accordion / Docs / KB – Helpie WordPress FAQ Accordion plugin
Researcher
More Details >

Heureka <= 1.1.0 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-57907
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Heureka
Researcher
More Details >

Nota Fiscal Eletrônica WooCommerce <= 3.4.0.6 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60159
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Nota Fiscal Eletrônica WooCommerce
Researcher
More Details >

Quiz Maker <= 6.7.0.62 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-58015
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Quiz Maker Business
Researcher
More Details >

The Tribal <= 1.3.3 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60140
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
The Tribal Plugin
Researcher
More Details >

Theme My Login <= 7.1.12 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60098
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
Theme My Login
Researcher
More Details >

UK Address Postcode Validation <= 3.9.2 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-57923
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
UK Address Postcode Validation
Researcher
More Details >

WEDOS Global <= 1.2.2 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60130
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WEDOS Global (CDN Cache & Security)
Researcher
More Details >

WooEvents <= 4.1.7 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60121
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WooEvents – Calendar and Event Booking
Researcher
More Details >

WP Compress <= 6.50.54 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-57899
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
WP Compress – Instant Performance & Speed Optimization
Researcher
More Details >

WP Directory Kit <= 1.3.8 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60120
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WP Directory Kit
Researcher
More Details >

WP Project Manager <= 2.6.25 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-58269
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager
Researcher
More Details >

WP Virtual Assistant <= 3.0 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60155
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WP Virtual Assistant
Researcher
More Details >

Yext <= 1.1.3 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-60129
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Yext Plugin
Researcher
More Details >

Featured Image from URL (FIFU) <= 5.2.7 – Authenticated (Admin+) SQL Injection

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-10037
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Featured Image from URL (FIFU)
Researcher
More Details >

Featured Image from URL (FIFU) <= 5.2.7 – Authenticated (Admin+) SQL Injection

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-10036
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Featured Image from URL (FIFU)
Researcher
More Details >

Mail Mint <= 1.18.6 – Authenticated (Administrator+) SQL Injection

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-59570
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Email Marketing, Email Automation, Newsletter & Cart Abandonment for WordPress and WooCommerce – Mail Mint
Researcher
More Details >

Ads by WPQuads <= 2.0.94 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-53459
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Ads by Quads – Adsense Ads, Banner Ads, Popup Ads
Researcher
More Details >

Advance Portfolio Grid <= 1.07.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57982
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos
Researcher
More Details >

AffiliateWP – External Referral Links <= 1.2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-53460
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
AffiliateWP – External Referral Links
Researcher
More Details >

AnyClip Luminous Studio <= 1.3.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58271
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
AnyClip Luminous Studio
Researcher
More Details >

Append extensions on Pages <= 1.1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57940
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Append extensions on Pages
Researcher
More Details >

Append Link on Copy <= 0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57941
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Append Link on Copy
Researcher
More Details >

AuthorSure <= 2.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57979
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
AuthorSure
Researcher
More Details >

Better Find and Replace <= 1.7.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-53466
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Better Find and Replace – AI-Powered Suggestions
Researcher
More Details >

BMI Adult & Kid Calculator <= 1.2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-53469
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
BMI Adult & Kid Calculator
Researcher
More Details >

Bot Block – Stop Spam Referrals in Google Analytics <= 2.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57935
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Bot Block – Stop Spam Referrals in Google Analytics
Researcher
More Details >

CashBill.pl – Płatności WooCommerce <= 3.2.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-53455
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
CashBill.pl – Płatności WooCommerce
Researcher
More Details >

Click & Tweet <= 0.8.9 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60179
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Click & Tweet
Researcher
More Details >

Colibri Page Builder < 1.0.334 – Authenticated (Shop manager+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-59593
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Colibri Page Builder
Researcher
More Details >

Dialogity Free Live Chat <= 1.0.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57912
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Dialogity Free Live Chat
Researcher
More Details >

DOAJ Export <= 1.0.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58256
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
DOAJ Export
Researcher
More Details >

Double the Donation <= 2.0.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57929
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Double the Donation – A workplace giving tool to help your fundraising efforts
Researcher
More Details >

Draft <= 3.0.9 – Authenticated (Editor+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58033
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Draft – Tailwind CSS for WordPress.
Researcher
More Details >

E-namad & Shamed Logo Manager <= 2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57998
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
E-namad & Shamed Logo Manager
Researcher
More Details >

eZee Online Hotel Booking Engine <= 1.0.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58661
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
eZee Online Hotel Booking Engine
Researcher
More Details >

Form Generator for WordPress <= 1.52 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58665
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Form Generator for WordPress
Researcher
More Details >

Google+ Comments <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60186
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Google+ Comments
Researcher
More Details >

Goracash <= 1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-53458
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Goracash
Researcher
More Details >

Gravitate Automated Tester <= 1.4.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58645
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Gravitate Automated Tester
Researcher
More Details >

IP Based Login <= 2.4.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58960
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
IP Based Login
Researcher
More Details >

kontur Admin Style <= 1.0.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60185
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
kontur Admin Style
Researcher
More Details >

Lenix scss compiler <= 1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60144
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Lenix scss compiler
Researcher
More Details >

Login-Logout <= 3.8 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-53467
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Login-Logout
Researcher
More Details >

Magento 2 WordPress Integration <= 1.4.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58669
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Magento 2 WordPress Integration
Researcher
More Details >

Map Categories to Pages <= 1.3.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60146
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Map Categories to Pages
Researcher
More Details >

Maps for WP <= 1.2.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57952
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Maps for WP
Researcher
More Details >

Mobi2Go <= 1.0.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58646
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Mobi2Go
Researcher
More Details >

MWW Disclaimer Buttons <= 3.41 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60154
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
MWW Disclaimer Buttons
Researcher
More Details >

Nota Fiscal Eletrônica WooCommerce <= 3.4.0.6 – Authenticated (Shop manager+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60158
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Nota Fiscal Eletrônica WooCommerce
Researcher
More Details >

Notely <= 1.8.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60149
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Notely
Researcher
More Details >

PE Easy Slider <= 1.1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60133
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
PE Easy Slider
Researcher
More Details >

Plugin Security Scanner <= 2.0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57950
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Plugin Security Scanner
Researcher
More Details >

Proof Factor – Social Proof Notifications <= 1.0.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58658
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Proof Factor – Social Proof Notifications
Researcher
More Details >

Recaptcha – wp <= 0.2.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60177
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Recaptcha – wp
Researcher
More Details >

Safety Exit <= 1.8.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57980
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Safety Exit
Researcher
More Details >

Sales Count Manager for WooCommerce <= 2.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57904
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Sales Count Manager for WooCommerce
Researcher
More Details >

SAPO Feed <= 2.4.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-53462
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
SAPO Feed
Researcher
More Details >

SEO Search Permalink <= 1.0.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60184
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
SEO Search Permalink
Researcher
More Details >

Silencesoft RSS Reader <= 0.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60183
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Silencesoft RSS Reader
Researcher
More Details >

Simple Restaurant Menu <= 1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-58647
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Simple Restaurant Menu
Researcher
More Details >

SiteNarrator Text-to-Speech Widget <= 1.9 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57951
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
SiteNarrator Text-to-Speech Widget
Researcher
More Details >

Slightly troublesome permalink <= 1.2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57959
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Slightly troublesome permalink
Researcher
More Details >

Smart Related Products <= 2.0.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60160
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Smart Related Products – AI-Inspired Recommendations for WooCommerce
Researcher
More Details >

The Tribal <= 1.3.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60141
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
The Tribal Plugin
Researcher
More Details >

TZ PlusGallery <= 1.5.5 – Authenticated (Editor+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57974
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
TZ Plus Gallery
Researcher
More Details >

User Notes <= 1.0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60136
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
User Notes
Researcher
More Details >

VikRestaurants Table Reservations and Take-Away <= 1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57962
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
VikRestaurants Table Reservations and Take-Away
Researcher
More Details >

VikRestaurants Table Reservations and Take-Away <= 1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57968
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
VikRestaurants Table Reservations and Take-Away
Researcher
More Details >

Werk aan de Muur <= 1.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60131
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Werk aan de Muur
Researcher
More Details >

WeShare Buttons <= 13.0.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60135
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WeShare Buttons
Researcher
More Details >

WooCommerce Additional Fees On Checkout (Free) <= 1.5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57903
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Additional Fees For WooCommerce Checkout (Free)
Researcher
More Details >

WooMS <= 9.12 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57956
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WooMS
Researcher
More Details >

Woostify <= 2.4.2 – Authenticated (Shop manager+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60101
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Woostify
Researcher
More Details >

WP Advanced PDF <= 1.1.7 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-57945
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Advanced PDF
Researcher
More Details >

WP Mailto Links <= 3.1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-53464
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Mailto Links – Protect Email Addresses
Researcher
More Details >

WP Tesseract <= 1.0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-60176
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WP Tesseract
Researcher
More Details >

Zephyr Project Manager <= 3.3.202 – Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-10490
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
Zephyr Project Manager
Researcher
More Details >

Academy LMS <= 3.3.4 – Authenticated (Academy Instructor+) Insecure Direct Object Reference

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59562
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Researcher
More Details >

Accordion <= 2.3.15 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58678
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Accordion – AI FAQ, Accordion, Tabs, Image Accordion, Product FAQ, FAQ Builder, FAQ Grid
Researcher
More Details >

Advanced Appointment Booking & Scheduling <= 1.9 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57978
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Advanced Appointment Booking & Scheduling
Researcher
More Details >

AgreeMe Checkboxes For WooCommerce <= 1.1.3 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57905
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
AgreeMe Checkboxes For WooCommerce
Researcher
More Details >

All In One SEO Pack <= 4.8.7 – Authenticated (Contributor+) Sensitive Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58649
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
Researcher
More Details >

AR For WordPress <= 7.98 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60156
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
AR for WordPress
Researcher
More Details >

Auction Feed <= 1.1.3 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58671
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Auction Feed
Researcher
More Details >

BP Disable Activation Reloaded <= 1.2.1 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57983
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
BP Disable Activation Reloaded
Researcher
More Details >

Casengo Live Chat Support <= 2.1.4 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58688
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Casengo Live Chat Support
Researcher
More Details >

cForms – Light speed fast Form Builder <= 3.0.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-9898
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
cForms – Light speed fast Form Builder
Researcher
More Details >

Conditional Cart Messages for WooCommerce – YourPlugins.com <= 1.2.10 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60171
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Conditional Cart Messages for WooCommerce – YourPlugins.com
Researcher
More Details >

Constructo <= 4.3.9 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58244
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
constructo
Researcher
More Details >

Content Mask <= 1.8.5.2 – Authenticated (Author+) Insecure Direct Object Reference

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58012
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Content Mask
Researcher
More Details >

CopySafe Web Protection <= 4.3 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60127
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
CopySafe Web Protection
Researcher
More Details >

Coupon Affiliates <= 6.8.0 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59567
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Coupon Affiliates – Affiliate Plugin for WooCommerce
Researcher
More Details >

CouponXxL <= 4.5.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58013
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
CouponXxL
Researcher
More Details >

Current Age Plugin <= 1.6 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58687
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Current Age Plugin
Researcher
More Details >

Custom Post Type Images <= 0.5 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58255
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Custom Post Type Images
Researcher
More Details >

Dashboard Notepad <= 1.42 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57927
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Dashboard Notepad
Researcher
More Details >

Delisho <= 1.1.3 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60128
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Delisho – Recipe Widgets and Blocks
Researcher
More Details >

Deliver via Shipos for WooCommerce <= 3.0.2 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57914
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Deliver via Shipos for WooCommerce
Researcher
More Details >

Developer <= 1.2.6 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57924
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Developer
Researcher
More Details >

Di Themes Demo Site Importer <= 1.2 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58914
Patch Status
Unpatched
Published
Sep 24, 2025
Affected Software
Di Themes Demo Site Importer
Researcher
More Details >

Doliconnect <= 9.5.7 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58690
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Doliconnect
Researcher
More Details >

Double the Donation <= 2.0.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57930
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Double the Donation – A workplace giving tool to help your fundraising efforts
Researcher
More Details >

Download Manager <= 3.3.24 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60093
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Download Manager
Researcher
More Details >

Editor Custom Color Palette <= 3.4.8 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57909
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Editor Custom Color Palette
Researcher
More Details >

EmailKit <= 1.6.0 – Missing Authorization to Authenticated (Author+) Arbitrary Content Deletion

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60106
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
EmailKit – Email Customizer for WooCommerce & WP
Researcher
More Details >

Emergency Password Reset <= 9.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57942
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Emergency Password Reset
Researcher
More Details >

Event Rocket <= 3.3 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-53452
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Event Rocket
Researcher
More Details >

Fastly <= 1.2.28 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58199
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Fastly
Researcher
More Details >

Findgo <= 1.3.55 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58250
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
fingo
Researcher
More Details >

Flexible FAQ <= 0.2 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58200
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Flexible FAQ
Researcher
More Details >

Flexible PDF Invoices for WooCommerce & WordPress <= 6.0.13 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57977
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Flexible PDF Invoices for WooCommerce & WordPress
Researcher
More Details >

Flytedesk Digital <= 20181101 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60172
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Flytedesk Digital
Researcher
More Details >

Force Update Translations <= 0.5 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58236
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Force Update Translations
Researcher
More Details >

Frames <= 1.5.7 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60165
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
frames
Researcher
More Details >

Getwid <= 2.1.2 – Authenticated (Contributor+) Sensitive Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58252
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Getwid – Gutenberg Blocks
Researcher
More Details >

Grand Conference Theme Custom Post Type <= 2.6.3 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60116
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Grand Conference Theme Custom Post Type
Researcher
More Details >

Grid <= 2.3.1 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58657
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Grid
Researcher
More Details >

Groovy Menu <= 1.4.3 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60113
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WordPress Mega menu Plugin – Groovy Menu (Free)
Researcher
More Details >

GST for WooCommerce <= 2.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60173
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
GST for WooCommerce
Researcher
More Details >

HidePost <= 2.3.8 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-9896
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
HidePost
Researcher
More Details >

HivePress Claim Listings <= 1.1.3 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60122
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
HivePress Claim Listings
Researcher
More Details >

HivePress Claim Listings <= 1.1.3 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60123
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
HivePress Claim Listings
Researcher
More Details >

HORIZONTAL SLIDER <= 2.4 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58676
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
HORIZONTAL SLIDER
Researcher
More Details >

HotelRunner Booking Widget <= 1.6 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60168
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
HotelRunner Booking Widget
Researcher
More Details >

Houzez Theme – Functionality <= 4.1.2 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
Unknown
Patch Status
Patched
Published
Sep 23, 2025
Affected Software
Houzez Theme – Functionality
Researcher
More Details >

HTACCESS IP Blocker <= 1.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60170
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
HTACCESS IP Blocker
Researcher
More Details >

Hubbub Lite <= 1.35.1 – Authenticated (Subscriber+) Sensitive Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58007
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Hubbub Lite – Fast, Reliable Social Sharing Buttons
Researcher
More Details >

Ibtana <= 1.2.5.3 – Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59581
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Ibtana – WordPress Website Builder
Researcher
More Details >

Instapage Plugin <= 3.5.12 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60115
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Instapage Plugin
Researcher
More Details >

Interact: Embed A Quiz On Your Site <= 3.1 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58675
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Interact: Embed A Quiz On Your Site
Researcher
More Details >

Javo Core <= 3.0.0.266 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60111
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Javo Core
Researcher
More Details >

Lazy Blocks <= 4.1.0 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58258
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Custom Block Builder – Lazy Blocks
Researcher
More Details >

Lenix scss compiler <= 1.2 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60145
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Lenix scss compiler
Researcher
More Details >

LinkedInclude <= 3.0.4 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57918
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
LinkedInclude
Researcher
More Details >

ListingPro <= 2.9.8 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60103
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
ListingPro Plugin
Researcher
More Details >

LWS Affiliation <= 2.3.6 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57934
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
LWS Affiliation
Researcher
More Details >

Mail Baby SMTP <= 2.8 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57992
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Mail Baby SMTP
Researcher
More Details >

MasterStudy LMS <= 3.6.20 – Authenticated (Subscriber+) Race Condition to Multiple Reviews

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59577
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Researcher
More Details >

MasterStudy LMS <= 3.6.20 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59576
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Researcher
More Details >

Mavis HTTPS to HTTP Redirection <= 1.4.3 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58261
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Mavis HTTPS to HTTP Redirection
Researcher
More Details >

MaxiBlocks <= 2.1.3 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58968
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
MaxiBlocks: 2300+ Patterns, 280+ Pages, 14.3K Icons & 100 Styles
Researcher
More Details >

Netgsm <= 2.9.58 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60143
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Netgsm
Researcher
More Details >

NewsmanApp <= 2.7.7 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60164
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
NewsmanApp
Researcher
More Details >

Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 – Cross-Site Request Forgery to Limited File Deletion

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-10498
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
Ninja Forms – The Contact Form Builder That Grows With You
Researcher
More Details >

Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 – Cross-Site Request Forgery to Plugin Settings Update

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-10499
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
Ninja Forms – The Contact Form Builder That Grows With You
Researcher
More Details >

NIX Anti-Spam Light <= 0.0.4 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58270
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
NIX Anti-Spam Light
Researcher
More Details >

No External Links <= 5.1.6.2 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-53451
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
No External Links
Researcher
More Details >

Nokri <= 1.6.4 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58259
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Nokri – Job Board WordPress Theme
Researcher
More Details >

OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-10752
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
OAuth Single Sign On – SSO (OAuth Client)
Researcher
More Details >

Page Manager for Elementor <= 2.0.5 – Authenticated (Subscriber+) Sensitive Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60167
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Page Manager for Elementor
Researcher
More Details >

payOS <= 1.0.61 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57946
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
payOS
Researcher
More Details >

Payrexx Payment Gateway for WooCommerce <= 3.1.5 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59559
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Payrexx Payment Gateway for WooCommerce
Researcher
More Details >

Piotnet Forms <= 1.0.30 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57933
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Piotnet Forms
Researcher
More Details >

Post Featured Video <= 1.7 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60137
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Post Featured Video
Researcher
More Details >

Printeers Print & Ship <= 1.17.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58224
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Printeers Print & Ship
Researcher
More Details >

Professional Contact Form <= 1.0.0 – Cross-Site Request Forgery to Test Email Sending

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-9944
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Professional Contact Form
Researcher
More Details >

Qubely <= 1.8.14 – Authenticated (Contributor+) Sensitive Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58249
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Qubely – Advanced Gutenberg Blocks
Researcher
More Details >

Quiz Maker <= 6.7.0.62 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58014
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Quiz Maker Business
Researcher
More Details >

Revive.so <= 2.0.6 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59551
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Revive.so – Bulk Rewrite and Republish Blog Posts
Researcher
More Details >

RIS Version Switcher – Downgrade or Upgrade WP Versions Easily <= 1.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57902
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
RIS Version Switcher – Downgrade or Upgrade WP Versions Easily
Researcher
More Details >

SALESmanago <= 3.8.1 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57970
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
SALESmanago & Leadoo
Researcher
More Details >

Sendle Shipping <= 6.02 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60139
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Sendle Shipping Plugin
Researcher
More Details >

SEO Backlink Monitor <= 1.6.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-53456
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
SEO Backlink Monitor
Researcher
More Details >

Show Pages List <= 1.2.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58219
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Show Pages List
Researcher
More Details >

ShrinkTheWeb (STW) Website Previews <= 2.8.5 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58677
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
ShrinkTheWeb (STW) Website Previews Plugin
Researcher
More Details >

Smart Blocks <= 2.4 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59561
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Smart Blocks
Researcher
More Details >

Stackable <= 3.18.1 – Authenticated (Contributor+) Sensitive Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60095
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
Stackable – Page Builder Gutenberg Blocks
Researcher
More Details >

Stackable <= 3.18.1 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60094
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
Stackable – Page Builder Gutenberg Blocks
Researcher
More Details >

Stock Message <= 1.1.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58267
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Stock Message
Researcher
More Details >

Subscribe to Download <= 2.0.9 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60148
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Subscribe to Download
Researcher
More Details >

Subscribe To Unlock <= 1.1.5 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60152
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Subscribe To Unlock
Researcher
More Details >

Super Blank <= 1.2.0 – Authenticated (Subscriber+) Arbitrary Content Deletion

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-54741
Patch Status
Patched
Published
Sep 23, 2025
Affected Software
Super Blank
Researcher
More Details >

SV Proven Expert <= 2.0.06 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58010
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
SV Proven Expert
Researcher
More Details >

Sweet Energy Efficiency <= 1.0.6 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58262
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Sweet Energy Efficiency
Researcher
More Details >

Sync Feedly <= 1.0.1 – Cross-Site Request Forgery to Sync Trigger

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-9894
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Sync Feedly
Researcher
More Details >

System Dashboard <= 2.8.20 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-10377
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
System Dashboard
Researcher
More Details >

TheGem (Elementor) <= 5.10.5 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60096
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme
Researcher
More Details >

TheGem <= 5.10.5 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60097
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
TheGem
Researcher
More Details >

TOCHAT.BE <= 1.3.4 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57915
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
TOCHAT.BE
Researcher
More Details >

Travel Map <= 1.0.3 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57960
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Travel Map
Researcher
More Details >

Upcoming Events Lists <= 1.4.0 – Authenticated (Subscriber+) Insecure Direct Object Reference

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57994
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
Upcoming Events Lists
Researcher
More Details >

Vehica Core <= 1.0.100 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60117
Patch Status
Patched
Published
Sep 26, 2025
Affected Software
Vehica Core
Researcher
More Details >

Video Blogster Lite <= 1.2 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60132
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
Video Blogster Lite
Researcher
More Details >

VM Menu Reorder plugin <= 1.0.0 – Cross-Site Request Forgery to Settings Update

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-9893
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
VM Menu Reorder plugin
Researcher
More Details >

VPSUForm <= 3.2.20 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58957
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
VPSUForm – No-Code Custom Form Builder – Contact Forms, Conversion Form & More
Researcher
More Details >

W3SCloud Contact Form 7 to Zoho CRM <= 3.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60169
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
W3SCloud Contact Form 7 to Zoho CRM
Researcher
More Details >

WordPress <= 6.8.2 – Authenticated (Contributor+) Sensitive Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58246
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
WordPress
Researcher
More Details >

WorkScout-Core < 1.7.06 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59572
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Workscout Core
Researcher
More Details >

WP Attractive Donations System < 1.29 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58956
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
WP Attractive Donations System
Researcher
More Details >

WP Compiler <= 1.0.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58032
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Compiler
Researcher
More Details >

WP Content Protection <= 1.3 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58670
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Content Protection
Researcher
More Details >

WP Gravity Forms HubSpot <= 1.2.5 – Open Redirect

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60151
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WP Gravity Forms HubSpot
Researcher
More Details >

WP Gravity Forms Keap/Infusionsoft <= 1.2.4 – Open Redirect

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58006
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP Gravity Forms Keap/Infusionsoft
Researcher
More Details >

WP Media Categories <= 2.1.0 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60134
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WP Media Categories
Researcher
More Details >

WP Subscription Forms PRO <= 2.0.5 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-60166
Patch Status
Unpatched
Published
Sep 26, 2025
Affected Software
WP Subscription Forms PRO
Researcher
More Details >

WP System Information <= 1.5 – Authenticated (Subscriber+) Sensitive Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57916
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WP System Information
Researcher
More Details >

wpDiscuz <= 7.6.33 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59591
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Comments – wpDiscuz
Researcher
More Details >

WPeMatico RSS Feed Fetcher <= 2.8.10 – Authenticated (Subscriber+) Sensitive Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-57937
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
WPeMatico RSS Feed Fetcher
Researcher
More Details >

WPMK PDF Generator <= 1.0.1 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-58268
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
WPMK PDF Generator
Researcher
More Details >

Zoho Flow <= 2.14.1 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-59568
Patch Status
Patched
Published
Sep 22, 2025
Affected Software
Zoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automation
Researcher
More Details >

CP Multi View Event Calendar <= 1.4.32 – Missing Authorization

3.8
CVSS Rating
Low (3.8)
CVE-ID
CVE-2025-58009
Patch Status
Unpatched
Published
Sep 22, 2025
Affected Software
CP Multi View Event Calendar
Researcher
More Details >

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 – Insufficient Authorization to Authenticated (Editor+) Settings Update

2.7
CVSS Rating
Low (2.7)
CVE-ID
CVE-2025-10173
Patch Status
Patched
Published
Sep 25, 2025
Affected Software
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution
Researcher
More Details >

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 22, 2025 to September 28, 2025) appeared first on Wordfence.

Leave a Comment