Calling all Vulnerability Researchers and Bug Bounty Hunters!
The LFInder Challenge: Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier, AND earn a 30% bonus on all Local File Inclusion vulnerability submissions not already increased by another promotion.
Last week, there were 110 vulnerabilities disclosed in 101 WordPress Plugins and no WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 56 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 29,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 72 |
| Unpatched | 38 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 85 |
| High Severity | 17 |
| Critical Severity | 8 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Missing Authorization | 27 |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 26 |
| Cross-Site Request Forgery (CSRF) | 15 |
| Unrestricted Upload of File with Dangerous Type | 7 |
| Exposure of Sensitive Information to an Unauthorized Actor | 6 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 5 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 3 |
| Server-Side Request Forgery (SSRF) | 3 |
| Authorization Bypass Through User-Controlled Key | 2 |
| Deserialization of Untrusted Data | 2 |
| Improper Authorization | 2 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 2 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 2 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Incorrect Authorization | 1 |
| Incorrect Comparison | 1 |
| Insertion of Sensitive Information into Log File | 1 |
| Missing Authentication for Critical Function | 1 |
| Reliance on Untrusted Inputs in a Security Decision | 1 |
| Use of Hard-coded Cryptographic Key | 1 |
| Use of Hard-coded Password | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 11 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Academy LMS Pro | academy-pro |
| Academy LMS – WordPress LMS Plugin for Complete eLearning Solution | academy |
| Ad Inserter – Ad Manager & AdSense Ads | ad-inserter |
| Ai Auto Tool Content Writing Assistant All in One | ai-auto-tool |
| AI Engine | ai-engine |
| Alex Reservations: Smart Restaurant Booking | alex-reservations |
| All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier | aio-time-clock-lite |
| Asgaros Forum | asgaros-forum |
| Associados Amazon Plugin | brzon |
| aThemes Addons for Elementor | athemes-addons-for-elementor-lite |
| Better Find and Replace – AI-Powered Suggestions | real-time-auto-find-and-replace |
| Blog2Social: Social Media Auto Post & Scheduler | blog2social |
| Bootstrap Multi-language Responsive Portfolio | bootstrap-multi-language-responsive-portfolio |
| Carousel Block – Responsive Image and Content Carousel | b-carousel-block |
| CE21 Suite | ce21-suite |
| Centangle-Team | centangle-team |
| clubmember | clubmember |
| Connector Wizard (formerly LC Wizard) | ghl-wizard |
| Contact Form 7 AWeber Extension | integrate-contact-form-7-and-aweber |
| Content Locker for Elementor | content-locker-for-elementor |
| CoSchedule | coschedule-by-todaymade |
| Course Booking System | course-booking-system |
| Crypto Payment Gateway with Payeer for WooCommerce | crypto-payment-gateway-with-payeer-for-woocommerce |
| CYAN Backup | cyan-backup |
| Document Embedder – Embed PDFs, Word, Excel, and Other Files | document-emberdder |
| DominoKit | dominokit |
| Download Manager | download-manager |
| Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | easy-digital-downloads |
| Easy Email Subscription | email-subscription-with-secure-captcha |
| Easy Upload Files During Checkout | easy-upload-files-during-checkout |
| Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels | wpfunnels |
| Elegance Menu | elegance-menu |
| EM Beer Manager | em-beer-manager |
| EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
| Everest Forms Pro | everest-forms-pro |
| Extensions for Leaflet Map | extensions-leaflet-map |
| Features | features |
| File Manager for Google Drive – Integrate Google Drive | integrate-google-drive |
| Flexible Refund and Return Order for WooCommerce | flexible-refund-and-return-order-for-woocommerce |
| Footnotes Made Easy | footnotes-made-easy |
| Free Quotation | free-quotation |
| FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | wp-marketing-automations |
| Gallery Plugin for WordPress – Envira Photo Gallery | envira-gallery-lite |
| Graphina – Charts and Graphs For Elementor | graphina-elementor-charts-and-graphs |
| Gravity Forms | gravityforms |
| Greenshift – animation and page builder blocks | greenshift-animation-and-page-builder-blocks |
| Groups | groups |
| HTML Forms – Simple WordPress Forms Plugin | html-forms |
| Hubbub Lite – Fast, free social sharing and follow buttons | social-pug |
| IDonate – Blood Donation, Request And Donor Management System | idonate |
| Image Comparison Addon for Elementor | image-comparison-elementor-addon |
| Image Hover Effects for Elementor | image-hover-effects-elementor-addon |
| Import Export For WooCommerce | import-export-for-woocommerce |
| Insert Headers and Footers Code – HT Script | insert-headers-and-footers-script |
| KiotViet Sync | kiotvietsync |
| Label Plugins | label-plugins |
| LinkedIn Resume | linkedin-resume |
| LMB^Box Smileys | lmbbox-smileys |
| Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more | mail-mint |
| Mang Board WP | mangboard |
| MapMap | mapmap |
| Master Blocks – Ultimate Gutenberg Blocks for Marketers | ultimate-blocks-for-gutenberg |
| MeetingList | meeting-list |
| Nari Accountant | nari-accountant |
| Ohio Extra | ohio-extra |
| Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More | themeisle-companion |
| Ovatheme Events Manager | ova-events-manager |
| Page & Post Notes | page-post-notes |
| Pagerank tools | pagerank-tools |
| Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | paid-member-subscriptions |
| Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel | depicter |
| Posts Navigation Links for Sections and Headings – Free by WP Masters | posts-navigation-links-for-sections-and-headings-free-by-wp-masters |
| Premium Portfolio Features for Phlox theme | auxin-portfolio |
| Quick Featured Images | quick-featured-images |
| Reuse Builder | reuse-builder |
| Rey Core | Rey-Core |
| Saphali LiqPay for donate | saphali-liqpay-for-donate |
| SH Contextual Help | sh-contextual-help |
| ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) | woolentor-addons |
| Simple Downloads List | simple-downloads-list |
| Simple User Capabilities | simple-user-capabilities |
| Smart Auto Upload Images – Import External Images | smart-auto-upload-images |
| SMS for WordPress | sms4wp |
| Spectra Gutenberg Blocks – Website Builder for the Block Editor | ultimate-addons-for-gutenberg |
| Strong Testimonials | strong-testimonials |
| SUMO Affiliates Pro | affs |
| TablePress – Tables in WordPress made easy | tablepress |
| Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI | simple-tags |
| The Events Calendar | the-events-calendar |
| Top Bar Notification | top-bar-notification |
| ViaAds | viaads |
| Visit Counter | visit-counter |
| Visual Link Preview | visual-link-preview |
| WP Airbnb Review Slider | wp-airbnb-review-slider |
| WP Carticon | wp-carticon |
| WP Global Screen Options | wp-global-screen-options |
| WP Snow Effect | wp-snow-effect |
| WP2Social Auto Publish | facebook-auto-publish |
| WPCF7 Stop words | wpcf7-stop-words |
| WPeMatico RSS Feed Fetcher | wpematico |
| ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns | zoloblocks |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-11749
CVE-2025-11749
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
AI Engine
AI Engine
Researcher
CVE-ID
CVE-2025-11008
CVE-2025-11008
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
CE21 Suite
CE21 Suite
Researcher
CVE-ID
CVE-2025-11007
CVE-2025-11007
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
CE21 Suite
CE21 Suite
Researcher
CVE-ID
CVE-2025-12682
CVE-2025-12682
Patch Status
Patched
Patched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Easy Upload Files During Checkout
Easy Upload Files During Checkout
Researcher
CVE-ID
CVE-2025-12352
CVE-2025-12352
Patch Status
Patched
Patched
Published
Nov 6, 2025
Nov 6, 2025
Affected Software
Gravity Forms
Gravity Forms
Researcher
CVE-ID
CVE-2025-12674
CVE-2025-12674
Patch Status
Unpatched
Unpatched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
KiotViet Sync
KiotViet Sync
Researcher
CVE-ID
CVE-2025-12493
CVE-2025-12493
Patch Status
Patched
Patched
Published
Nov 3, 2025
Nov 3, 2025
CVE-ID
CVE-2025-12158
CVE-2025-12158
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Simple User Capabilities
Simple User Capabilities
Researcher
CVE-ID
CVE-2025-9334
CVE-2025-9334
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Better Find and Replace – AI-Powered Suggestions
Better Find and Replace – AI-Powered Suggestions
Researcher
CVE-ID
CVE-2025-11724
CVE-2025-11724
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
EM Beer Manager
EM Beer Manager
Researcher
CVE-ID
CVE-2025-4519
CVE-2025-4519
Patch Status
Patched
Patched
Published
Nov 6, 2025
Nov 6, 2025
Affected Software
IDonate – Blood Donation, Request And Donor Management System
IDonate – Blood Donation, Request And Donor Management System
Researcher
CVE-ID
CVE-2025-10896
CVE-2025-10896
Patch Status
Patched
Patched
Published
Nov 3, 2025
Nov 3, 2025
CVE-ID
CVE-2025-12161
CVE-2025-12161
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Smart Auto Upload Images – Import External Images
Smart Auto Upload Images – Import External Images
Researchers
CVE-ID
CVE-2025-12384
CVE-2025-12384
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Document Embedder – Embed PDFs, Word, Excel, and Other Files
Document Embedder – Embed PDFs, Word, Excel, and Other Files
Researcher
CVE-ID
CVE-2025-5483
CVE-2025-5483
Patch Status
Patched
Patched
Published
Nov 6, 2025
Nov 6, 2025
Affected Software
Connector Wizard (formerly LC Wizard)
Connector Wizard (formerly LC Wizard)
Researcher
CVE-ID
CVE-2025-12497
CVE-2025-12497
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Premium Portfolio Features for Phlox theme
Premium Portfolio Features for Phlox theme
Researcher
CVE-ID
CVE-2025-11452
CVE-2025-11452
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Asgaros Forum
Asgaros Forum
Researcher
CVE-ID
CVE-2025-11890
CVE-2025-11890
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Crypto Payment Gateway with Payeer for WooCommerce
Crypto Payment Gateway with Payeer for WooCommerce
Researcher
CVE-ID
CVE-2025-11704
CVE-2025-11704
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Elegance Menu
Elegance Menu
Researcher
CVE-ID
CVE-2025-12139
CVE-2025-12139
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
File Manager for Google Drive – Integrate Google Drive
File Manager for Google Drive – Integrate Google Drive
Researcher
CVE-ID
CVE-2025-12197
CVE-2025-12197
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
The Events Calendar
The Events Calendar
Researcher
CVE-ID
CVE-2025-12099
CVE-2025-12099
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Researcher
Alex Reservations: Smart Restaurant Booking <= 2.2.3 – Authenticated (Admin+) Arbitrary File Upload
7.2
CVE-ID
CVE-2025-12399
CVE-2025-12399
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Alex Reservations: Smart Restaurant Booking
Alex Reservations: Smart Restaurant Booking
Researcher
CVE-ID
CVE-2025-11733
CVE-2025-11733
Patch Status
Patched
Patched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Footnotes Made Easy
Footnotes Made Easy
Researcher
CVE-ID
CVE-2025-11967
CVE-2025-11967
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Researcher
CVE-ID
CVE-2025-11758
CVE-2025-11758
Patch Status
Patched
Patched
Published
Nov 3, 2025
Nov 3, 2025
Researcher
CVE-ID
CVE-2025-12092
CVE-2025-12092
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
CYAN Backup
CYAN Backup
Researcher
CVE-ID
CVE-2025-4522
CVE-2025-4522
Patch Status
Patched
Patched
Published
Nov 6, 2025
Nov 6, 2025
Affected Software
IDonate – Blood Donation, Request And Donor Management System
IDonate – Blood Donation, Request And Donor Management System
Researcher
CVE-ID
CVE-2025-7663
CVE-2025-7663
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Ovatheme Events Manager
Ovatheme Events Manager
Researcher
CVE-ID
CVE-2025-12000
CVE-2025-12000
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Researcher
Ad Inserter <= 2.8.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
6.4
CVE-ID
CVE-2025-11745
CVE-2025-11745
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Ad Inserter – Ad Manager & AdSense Ads
Ad Inserter – Ad Manager & AdSense Ads
Researcher
CVE-ID
CVE-2025-12837
CVE-2025-12837
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
aThemes Addons for Elementor
aThemes Addons for Elementor
Researcher
CVE-ID
CVE-2025-12388
CVE-2025-12388
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Carousel Block – Responsive Image and Content Carousel
Carousel Block – Responsive Image and Content Carousel
Researcher
CVE-ID
CVE-2025-12369
CVE-2025-12369
Patch Status
Patched
Patched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Extensions for Leaflet Map
Extensions for Leaflet Map
Researcher
CVE-ID
CVE-2025-11820
CVE-2025-11820
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Graphina – Charts and Graphs For Elementor
Graphina – Charts and Graphs For Elementor
Researcher
CVE-ID
CVE-2025-11841
CVE-2025-11841
Patch Status
Patched
Patched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Greenshift – animation and page builder blocks
Greenshift – animation and page builder blocks
Researcher
CVE-ID
CVE-2025-12112
CVE-2025-12112
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Insert Headers and Footers Code – HT Script
Insert Headers and Footers Code – HT Script
Researcher
CVE-ID
CVE-2025-64365
CVE-2025-64365
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Ohio Extra
Ohio Extra
Researcher
Orbit Fox Companion <= 3.0.2 – Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy
6.4
CVE-ID
CVE-2025-12045
CVE-2025-12045
Patch Status
Patched
Patched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
Researcher
CVE-ID
CVE-2025-11812
CVE-2025-11812
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Reuse Builder
Reuse Builder
Researcher
CVE-ID
CVE-2025-64220
CVE-2025-64220
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Rey Core
Rey Core
Researcher
CVE-ID
CVE-2025-12643
CVE-2025-12643
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Saphali LiqPay for donate
Saphali LiqPay for donate
Researcher
CVE-ID
CVE-2025-12583
CVE-2025-12583
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Simple Downloads List
Simple Downloads List
Researcher
CVE-ID
CVE-2025-11162
CVE-2025-11162
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Spectra Gutenberg Blocks – Website Builder for the Block Editor
Spectra Gutenberg Blocks – Website Builder for the Block Editor
Researcher
CVE-ID
CVE-2025-12324
CVE-2025-12324
Patch Status
Patched
Patched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
TablePress – Tables in WordPress made easy
TablePress – Tables in WordPress made easy
Researcher
CVE-ID
CVE-2025-11987
CVE-2025-11987
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Visual Link Preview
Visual Link Preview
Researcher
CVE-ID
CVE-2025-11917
CVE-2025-11917
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
WPeMatico RSS Feed Fetcher
WPeMatico RSS Feed Fetcher
Researcher
CVE-ID
CVE-2025-12403
CVE-2025-12403
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Associados Amazon Plugin
Associados Amazon Plugin
Researcher
CVE-ID
CVE-2025-12456
CVE-2025-12456
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Centangle-Team
Centangle-Team
Researcher
CVE-ID
CVE-2025-12471
CVE-2025-12471
Patch Status
Patched
Patched
Published
Nov 5, 2025
Nov 5, 2025
Affected Software
Hubbub Lite – Fast, free social sharing and follow buttons
Hubbub Lite – Fast, free social sharing and follow buttons
Researcher
CVE-ID
CVE-2025-12401
CVE-2025-12401
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Label Plugins
Label Plugins
Researcher
CVE-ID
CVE-2025-12402
CVE-2025-12402
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
LinkedIn Resume
LinkedIn Resume
Researcher
CVE-ID
CVE-2025-12400
CVE-2025-12400
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
LMB^Box Smileys
LMB^Box Smileys
Researcher
CVE-ID
CVE-2025-12193
CVE-2025-12193
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Mang Board WP
Mang Board WP
Researcher
CVE-ID
CVE-2025-12415
CVE-2025-12415
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
MapMap
MapMap
Researcher
CVE-ID
CVE-2025-12416
CVE-2025-12416
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Pagerank tools
Pagerank tools
Researcher
CVE-ID
CVE-2025-12410
CVE-2025-12410
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
SH Contextual Help
SH Contextual Help
Researcher
CVE-ID
CVE-2025-12580
CVE-2025-12580
Patch Status
Unpatched
Unpatched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
SMS for WordPress
SMS for WordPress
Researcher
CVE-ID
CVE-2025-12412
CVE-2025-12412
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Top Bar Notification
Top Bar Notification
Researcher
CVE-ID
CVE-2025-12452
CVE-2025-12452
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Visit Counter
Visit Counter
Researcher
CVE-ID
CVE-2025-12064
CVE-2025-12064
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
WP2Social Auto Publish
WP2Social Auto Publish
Researcher
CVE-ID
CVE-2025-8871
CVE-2025-8871
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Everest Forms Pro
Everest Forms Pro
Researcher
CVE-ID
CVE-2025-12413
CVE-2025-12413
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
WPCF7 Stop words
WPCF7 Stop words
Researcher
CVE-ID
CVE-2025-12098
CVE-2025-12098
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Academy LMS Pro
Academy LMS Pro
Researcher
CVE-ID
CVE-2025-12560
CVE-2025-12560
Patch Status
Patched
Patched
Published
Nov 5, 2025
Nov 5, 2025
Affected Software
Blog2Social: Social Media Auto Post & Scheduler
Blog2Social: Social Media Auto Post & Scheduler
Researcher
CVE-ID
CVE-2025-49913
CVE-2025-49913
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
CoSchedule
CoSchedule
Researcher
CVE-ID
CVE-2025-12042
CVE-2025-12042
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Course Booking System
Course Booking System
Researcher
CVE-ID
CVE-2025-12350
CVE-2025-12350
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
DominoKit
DominoKit
Researcher
CVE-ID
CVE-2025-12177
CVE-2025-12177
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Download Manager
Download Manager
Researcher
CVE-ID
CVE-2025-11271
CVE-2025-11271
Patch Status
Patched
Patched
Published
Nov 5, 2025
Nov 5, 2025
Affected Software
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Researcher
CVE-ID
CVE-2025-12621
CVE-2025-12621
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Flexible Refund and Return Order for WooCommerce
Flexible Refund and Return Order for WooCommerce
Researcher
CVE-ID
CVE-2025-12468
CVE-2025-12468
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
Researcher
CVE-ID
CVE-2025-12677
CVE-2025-12677
Patch Status
Unpatched
Unpatched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
KiotViet Sync
KiotViet Sync
Researcher
CVE-ID
CVE-2025-12676
CVE-2025-12676
Patch Status
Unpatched
Unpatched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
KiotViet Sync
KiotViet Sync
Researcher
CVE-ID
CVE-2025-11835
CVE-2025-11835
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Researcher
CVE-ID
CVE-2025-12157
CVE-2025-12157
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Simple User Capabilities
Simple User Capabilities
Researcher
CVE-ID
CVE-2025-64294
CVE-2025-64294
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
WP Snow Effect
WP Snow Effect
Researcher
CVE-ID
CVE-2025-12192
CVE-2025-12192
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
The Events Calendar
The Events Calendar
Researcher
CVE-ID
CVE-2025-12353
CVE-2025-12353
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Researcher
CVE-ID
CVE-2025-49903
CVE-2025-49903
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
CVE-ID
CVE-2025-10683
CVE-2025-10683
Patch Status
Patched
Patched
Published
Nov 5, 2025
Nov 5, 2025
Affected Software
Easy Email Subscription
Easy Email Subscription
Researcher
CVE-ID
CVE-2025-11980
CVE-2025-11980
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Quick Featured Images
Quick Featured Images
Researcher
CVE-ID
CVE-2025-11972
CVE-2025-11972
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
Researcher
CVE-ID
CVE-2025-12396
CVE-2025-12396
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
clubmember
clubmember
Researcher
CVE-ID
CVE-2025-12393
CVE-2025-12393
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Free Quotation
Free Quotation
Researcher
CVE-ID
CVE-2025-12125
CVE-2025-12125
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
HTML Forms – Simple WordPress Forms Plugin
HTML Forms – Simple WordPress Forms Plugin
Researcher
CVE-ID
CVE-2025-12184
CVE-2025-12184
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
MeetingList
MeetingList
Researcher
CVE-ID
CVE-2025-11753
CVE-2025-11753
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Bootstrap Multi-language Responsive Portfolio
Bootstrap Multi-language Responsive Portfolio
Researcher
CVE-ID
CVE-2025-12371
CVE-2025-12371
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Nari Accountant
Nari Accountant
Researcher
CVE-ID
CVE-2025-12065
CVE-2025-12065
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
WP Carticon
WP Carticon
Researcher
CVE-ID
CVE-2025-12156
CVE-2025-12156
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Ai Auto Tool Content Writing Assistant All in One
Ai Auto Tool Content Writing Assistant All in One
Researcher
CVE-ID
CVE-2025-12360
CVE-2025-12360
Patch Status
Patched
Patched
Published
Nov 5, 2025
Nov 5, 2025
Affected Software
Better Find and Replace – AI-Powered Suggestions
Better Find and Replace – AI-Powered Suggestions
Researcher
CVE-ID
CVE-2025-12563
CVE-2025-12563
Patch Status
Patched
Patched
Published
Nov 5, 2025
Nov 5, 2025
Affected Software
Blog2Social: Social Media Auto Post & Scheduler
Blog2Social: Social Media Auto Post & Scheduler
Researcher
CVE-ID
CVE-2025-12167
CVE-2025-12167
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Contact Form 7 AWeber Extension
Contact Form 7 AWeber Extension
Researcher
CVE-ID
CVE-2025-10691
CVE-2025-10691
Patch Status
Patched
Patched
Published
Nov 5, 2025
Nov 5, 2025
Affected Software
Easy Email Subscription
Easy Email Subscription
Researcher
CVE-ID
CVE-2025-12498
CVE-2025-12498
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
EventPrime – Events Calendar, Bookings and Tickets
EventPrime – Events Calendar, Bookings and Tickets
Researcher
CVE-ID
CVE-2025-12582
CVE-2025-12582
Patch Status
Unpatched
Unpatched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
Features
Features
Researcher
CVE-ID
CVE-2025-12469
CVE-2025-12469
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
Researcher
CVE-ID
CVE-2025-11448
CVE-2025-11448
Patch Status
Patched
Patched
Published
Nov 7, 2025
Nov 7, 2025
Affected Software
Gallery Plugin for WordPress – Envira Photo Gallery
Gallery Plugin for WordPress – Envira Photo Gallery
Researcher
CVE-ID
CVE-2025-12389
CVE-2025-12389
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Import Export For WooCommerce
Import Export For WooCommerce
Researcher
CVE-ID
CVE-2025-12675
CVE-2025-12675
Patch Status
Unpatched
Unpatched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
KiotViet Sync
KiotViet Sync
Researcher
CVE-ID
CVE-2025-12527
CVE-2025-12527
Patch Status
Patched
Patched
Published
Nov 6, 2025
Nov 6, 2025
Affected Software
Page & Post Notes
Page & Post Notes
Researcher
CVE-ID
CVE-2025-11373
CVE-2025-11373
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
CVE-ID
CVE-2025-12188
CVE-2025-12188
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
Posts Navigation Links for Sections and Headings – Free by WP Masters
Posts Navigation Links for Sections and Headings – Free by WP Masters
Researcher
CVE-ID
CVE-2025-11268
CVE-2025-11268
Patch Status
Patched
Patched
Published
Nov 5, 2025
Nov 5, 2025
Affected Software
Strong Testimonials
Strong Testimonials
Researcher
CVE-ID
CVE-2025-64228
CVE-2025-64228
Patch Status
Patched
Patched
Published
Nov 4, 2025
Nov 4, 2025
Affected Software
SUMO Affiliates Pro
SUMO Affiliates Pro
Researcher
CVE-ID
CVE-2025-12070
CVE-2025-12070
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
ViaAds
ViaAds
Researcher
CVE-ID
CVE-2025-12069
CVE-2025-12069
Patch Status
Unpatched
Unpatched
Published
Nov 3, 2025
Nov 3, 2025
Affected Software
WP Global Screen Options
WP Global Screen Options
Researcher
CVE-ID
CVE-2025-12520
CVE-2025-12520
Patch Status
Patched
Patched
Published
Nov 6, 2025
Nov 6, 2025
Affected Software
WP Airbnb Review Slider
WP Airbnb Review Slider
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (November 3, 2025 to November 9, 2025) appeared first on Wordfence.
