Last week, there were 224 vulnerabilities disclosed in 205 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 74 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 31,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
-
-
- WAF-RULE-884 – Data redacted while we work with the vendor on a patch.
- Demo Importer Plus <= 2.0.8 – Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation
-
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 106 |
| Unpatched | 118 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 2 |
| Medium Severity | 188 |
| High Severity | 26 |
| Critical Severity | 8 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 69 |
| Missing Authorization | 63 |
| Cross-Site Request Forgery (CSRF) | 23 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 16 |
| Exposure of Sensitive Information to an Unauthorized Actor | 12 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 10 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 7 |
| Unrestricted Upload of File with Dangerous Type | 4 |
| Authorization Bypass Through User-Controlled Key | 3 |
| Improper Control of Generation of Code (‘Code Injection’) | 3 |
| Deserialization of Untrusted Data | 2 |
| Server-Side Request Forgery (SSRF) | 2 |
| Authentication Bypass by Alternate Name | 1 |
| Exposure of Private Personal Information to an Unauthorized Actor | 1 |
| External Control of File Name or Path | 1 |
| Files or Directories Accessible to External Parties | 1 |
| Improper Input Validation | 1 |
| Improper Privilege Management | 1 |
| Missing Authentication for Critical Function | 1 |
| Reliance on Cookies without Validation and Integrity Checking | 1 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
| Use of Insufficiently Random Values | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 17 | |
| 17 | |
| 14 | |
| 13 | |
| 10 | |
| 9 | |
| 9 | |
| 9 | |
| 8 | |
| 7 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 404 Solution | 404-solution |
| a3 Lazy Load | a3-lazy-load |
| Accept Stripe Payments Using Contact Form 7 | accept-stripe-payments-using-contact-form-7 |
| Accessibility by AudioEye | accessibility-by-audioeye |
| Accordion Slider PRO | accordion_slider_pro |
| Addon Elements for Elementor (formerly Elementor Addon Elements) | addon-elements-for-elementor-page-builder |
| Advanced Product Fields (Product Addons) for WooCommerce | advanced-product-fields-for-woocommerce |
| AI Feeds | ai-feeds |
| All-in-One Addons for Elementor – WidgetKit | widgetkit-for-elementor |
| Animated Pixel Marquee Creator | animated-pixel-marquee-creator |
| AnnunciFunebri Impresa | annuncifunebri-onoranza |
| App Landing Template Blocks for WPBakery (Visual Composer) Page Builder | app-template-blocks-for-wpbakery-page-builder |
| Ayo Shortcodes | ayo-shortcodes |
| Beaver Builder Page Builder – Drag and Drop Website Builder | beaver-builder-lite-version |
| Better Addons for Elementor | better-elementor-addons |
| Blaze Demo Importer | blaze-demo-importer |
| BMLT WordPress Plugin | bmlt-wordpress-satellite-plugin |
| Bold Timeline Lite | bold-timeline-lite |
| Brevo for WooCommerce | woocommerce-sendinblue-newsletter-subscription |
| Brizy – Page Builder | brizy |
| Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links | broken-link-checker-seo |
| BSK PDF Manager | bsk-pdf-manager |
| BuddyTask | buddytask |
| BUKAZU Search widget | bukazu-search-widget |
| Buttoner for Elementor | buttoner-elementor |
| Campay Woocommerce Payment Gateway | campay-api |
| Category Dropdown List | dropdown-category-list |
| Coder for Elementor | coder-elementor |
| Coding Blocks | coding-blocks |
| Colibri Page Builder | colibri-page-builder |
| Complag | omplag |
| Contact Form 7 with ChatWork | contact-form-7-with-chatwork |
| CountDown With Image or Video Background | countdown_with_background |
| Custom Field Template | custom-field-template |
| Custom Frames | custom-frames |
| Custom Post Type UI | custom-post-type-ui |
| Data Visualizer | data-visualizer |
| DebateMaster | debatemaster |
| Design Import/Export – Styles, Templates, Template Parts and Patterns | design-import-export |
| Devs CRM – Manage tasks, attendance and teams all together | devs-crm |
| Directory Pro | directory-pro |
| Divelogs Widget | divelogs-widget |
| Doubly – Cross Domain Copy Paste for WordPress | doubly |
| Easy Map Creator | easy-map-creator |
| Easy Notify Lite | easy-notify-lite |
| Easy Property Listings | easy-property-listings |
| Easy Theme Options | easy-theme-options |
| Elated Membership | eltdf-membership |
| Email Marketing Plugin – WP Email Capture | wp-email-capture |
| Email Subscribers & Newsletters – Powerful Email Marketing, Post Notification & Newsletter Plugin for WordPress & WooCommerce | email-subscribers |
| Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated | emplibot |
| Employee Spotlight – Team Member Showcase & Meet the Team Plugin | employee-spotlight |
| Enter Addons – Ultimate Template Builder for Elementor | enteraddons |
| Essential Real Estate | essential-real-estate |
| Eupago Gateway For Woocommerce | eupago-gateway-for-woocommerce |
| Events Manager – Calendar, Bookings, Tickets, and more! | events-manager |
| Export WP Pages to HTML & PDF – Simply Create a Static Website | export-wp-page-to-static-html |
| Extensive VC Addons for WPBakery page builder | extensive-vc-addon |
| Eyewear prescription form | eyewear-prescription-form |
| Fancy Product Designer | fancy-product-designer |
| Filter & Grids | ymc-smart-filter |
| Fix Media Library | wow-media-library-fix |
| Flow-Flow Social Feed Stream | flow-flow-social-streams |
| Foxtool All-in-One: Contact chat button, Custom login, Media optimize images | foxtool |
| Freshchat | freshchat |
| FunnelKit – Funnel Builder for WooCommerce Checkout | funnel-builder |
| FX Currency Converter | fx-currency-converter |
| Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery | simply-gallery-block |
| GenerateBlocks | generateblocks |
| Geo Controller | cf-geoplugin |
| GPXpress | gpxpress |
| Grider for Elementor | grider-elementor |
| Guest Support | guest-support |
| HAPPY – Helpdesk Support Ticket System | happy-helpdesk-support-ticket-system |
| Head Meta Data | head-meta-data |
| Header Footer Script Adder – Insert Code in Header, Body & Footer | header-and-footer-script-adder |
| Hide Email Address | bg-hide-email-address |
| Hippoo Mobile App for WooCommerce | hippoo |
| Homey Core | homey-core |
| HT Slider For Elementor | ht-slider-for-elementor |
| Huger for Elementor | huger-elementor |
| Image Gallery – Photo Grid & Video Gallery | modula-best-grid-gallery |
| Image Slider by Ays- Responsive Slider and Carousel | ays-slider |
| IMAQ CORE | imaq-core |
| Import external attachments | import-external-attachments |
| Infility Global | infility-global |
| InstaWP Connect – 1-click WP Staging & Migration | instawp-connect |
| Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | cf7-salesforce |
| JAY Login & Register | jay-login-register |
| JetWidgets For Elementor | jetwidgets-for-elementor |
| Jobmonster Elementor Addon | jobmonster-addon |
| Just TinyMCE Custom Styles | just-tinymce-styles |
| King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor | king-addons |
| Kirim.Email WooCommerce Integration | kirimemail-woocommerce-integration |
| Laser | laser |
| LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart | lazytasks-project-task-management |
| Leaky Paywall | leaky-paywall |
| Lightweight Accordion | lightweight-accordion |
| Like DisLike Voting | like-dislike-voting |
| List category posts | list-category-posts |
| Livemesh SiteOrigin Widgets | livemesh-siteorigin-widgets |
| LJUsers | ljusers |
| Login Lockdown & Protection | login-lockdown |
| Login Security, FireWall, Malware removal by CleanTalk | security-malware-firewall |
| Lottier for WPBakery | lottier-wpbakery |
| LS Google Map Router | ls-gmap-route |
| LT Unleashed | lt-unleashed |
| Lucky Draw Contests | lucky-draw |
| Magical Posts Display – Elementor Advanced Posts widgets | magical-posts-display |
| MailerLite – Signup forms (official) | official-mailerlite-sign-up-forms |
| Mailgun Subscriptions | mailgun-subscriptions |
| Marquee Addons for Elementor – Advanced Elements & Modern Motion Widgets | marquee-addons-for-elementor |
| Masker for Elementor | masker-elementor |
| Media File Rename, Unused File Cleaner & CSV Export Import – Add Alt for Image SEO – Media Library Tools | media-library-tools |
| MediaCommander – Bring Folders to Media, Posts, and Pages | mediacommander |
| Modalier for Elementor | modalier-elementor |
| Multi Uploader for Gravity Forms | gf-multi-uploader |
| myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program. | mycred |
| Nelio Popups | nelio-popups |
| NewStatPress | newstatpress |
| Page View Count | page-views-count |
| Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | wp-user-avatar |
| Paypal Payment Shortcode | paypal-payments-shortcode |
| PDF for Contact Form 7 + Drag and Drop Template Builder | pdf-for-contact-form-7 |
| Player Leaderboard | player-leaderboard |
| Pochipp | pochipp |
| Popover Windows | popover-windows |
| Popup Builder – Create highly converting, mobile friendly marketing popups. | popup-builder |
| Postem Ipsum | postem-ipsum |
| Premmerce Brands for WooCommerce | premmerce-woocommerce-brands |
| Premmerce Wishlist for WooCommerce | premmerce-woocommerce-wishlist |
| Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus | filter-plus |
| Purchase and Expense Manager | purchase-and-expense-manager |
| Quick Testimonials | quick-testimonials |
| Rabbit Hole | rabbit-hole |
| Redux Framework | redux-framework |
| ReFormer – Multichannel Contact Form for Elementor | reformer-elementor |
| Resource Library for Logged In Users | doubledome-resource-link-library |
| Restrict Elementor Widgets, Columns and Sections | restrict-elementor-widgets |
| Reviews Sorted | reviews-sorted |
| Reviews Widget for Google, Yelp & Recommendations | fb-reviews-widget |
| RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | feedzy-rss-feeds |
| RTL Tester | rtl-tester |
| rtMedia for WordPress, BuddyPress and bbPress | buddypress-media |
| Secure Copy Content Protection and Content Locking | secure-copy-content-protection |
| Shopping Cart & eCommerce Store | wp-easycart |
| Shortcode Ajax | shortcode-ajax |
| Simple AL Slider | simple-al-slider |
| Simple Bike Rental | simple-bike-rental |
| Simple CSV Table | simple-csv-table |
| Simple Download Counter | simple-download-counter |
| Simple Nivo Slider | simple-nivo-slider |
| Simple post listing | simple-post-listing |
| Simple Theme Changer | simple-theme-changer |
| SimplyConvert | simplyconvert |
| Social Media Auto Publish | social-media-auto-publish |
| Social Photo Fetcher | facebook-photo-fetcher |
| Solutions Ad Manager | solutions-ad-manager |
| Spoter for Elementor | spoter-elementor |
| Store Locator WordPress | agile-store-locator |
| Tableberg – Simple Gutenberg Table Block | tableberg |
| TI WooCommerce Wishlist | ti-woocommerce-wishlist |
| Trinity Audio – Text to Speech AI audio player to convert content into audio | trinity-audio |
| Truefy Embed | truefy-embed |
| TWW Protein Calculator | twwc-protein |
| Ultimate WordPress Auction Plugin | ultimate-auction |
| Ultra Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
| Upcoming for Calendly | upcoming-for-calendly |
| URL Media Uploader | url-media-uploader |
| URL Shortener Plugin For WordPress | exact-links |
| Userback | userback |
| Video Merchant | video-merchant |
| VigLink SpotLight By ShortCode | viglink-spotlight-by-shortcode |
| VikRentItems Flexible Rental Management System | vikrentitems |
| Vimeo SimpleGallery | vimeo-simplegallery |
| Visitor Logic Lite | logic-pro |
| WatchTowerHQ | watchtowerhq |
| Widgets for Google Reviews | wp-reviews-plugin-for-google |
| WP AI CoPilot – AI content writer plugin, ChatGPT WordPress, GPT-3/4 , Ai assistance | ai-co-pilot-for-wp |
| WP CarDealer | wp-cardealer |
| WP Coupons and Deals – Click to Copy Coupons | wp-coupons-and-deals |
| WP Directory Kit | wpdirectorykit |
| WP Dropzone | wp-dropzone |
| WP Fastest Cache Premium | wp-fastest-cache-premium |
| WP Flashy Marketing Automation | wp-flashy-marketing-automation |
| WP Flot | wp-flot |
| WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | wp-job-portal |
| WP Recipe Maker | wp-recipe-maker |
| WP to LinkedIn Auto Publish | linkedin-auto-publish |
| WP User Manager – User Profile Builder & Membership | wp-user-manager |
| WP Views Counter | wpecounter |
| WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress | wp-webhooks |
| WP-CRM System – Manage Clients and Projects | wp-crm-system |
| WP3D Model Import Viewer | wp3d-model-import-block |
| wpForo Forum | wpforo |
| WPGancio | wpgancio |
| Wpik WordPress Basic Ajax Form | wpik-wordpress-basic-ajax-form |
| WPLG Default Mail From | wplg-default-mail-from |
| WPMasterToolKit (WPMTK) – All in one plugin | wpmastertoolkit |
| WPNakama – Team and multi-Client Collaboration, Editorial and Project Management | wpnakama |
| xPromoter | top_bar_promoter |
| YITH WooCommerce Quick View | yith-woocommerce-quick-view |
| Zenost Shortcodes | zenost-shortcodes |
| افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce | payamito-sms-woocommerce |
| 评论小秘书 | comments-secretary |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Digiqole – News Magazine WordPress Theme | digiqole |
| EduMall – Professional LMS Education Center WordPress Theme | edumall |
| Exhibz | Event Conference WordPress Theme (AI Powered) | exhibz |
| Kingcabs | kingcabs |
| Mavix Education | mavix-education |
| MinimogWP – The High Converting eCommerce WordPress Theme | minimog |
| Noo JobMonster | noo-jobmonster |
| PenNews – Multi-Purpose AMP WordPress Theme | pennews |
| Turitor – Education WordPress Theme | turitor |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-13613
CVE-2025-13613
Patch Status
Patched
Patched
Published
Dec 9, 2025
Dec 9, 2025
Affected Software
Elated Membership
Elated Membership
Researcher
CVE-ID
CVE-2025-11693
CVE-2025-11693
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Export WP Pages to HTML & PDF – Simply Create a Static Website
Export WP Pages to HTML & PDF – Simply Create a Static Website
Researcher
CVE-ID
CVE-2025-14440
CVE-2025-14440
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
JAY Login & Register
JAY Login & Register
Researcher
CVE-ID
CVE-2025-12963
CVE-2025-12963
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Researcher
CVE-ID
CVE-2025-14344
CVE-2025-14344
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Multi Uploader for Gravity Forms
Multi Uploader for Gravity Forms
Researcher
CVE-ID
CVE-2025-10738
CVE-2025-10738
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
URL Shortener Plugin For WordPress
URL Shortener Plugin For WordPress
Researcher
CVE-ID
CVE-2025-66074
CVE-2025-66074
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
CVE-ID
CVE-2025-13764
CVE-2025-13764
Patch Status
Patched
Patched
Published
Dec 10, 2025
Dec 10, 2025
Affected Software
WP CarDealer
WP CarDealer
Researcher
CVE-ID
CVE-2025-14476
CVE-2025-14476
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Doubly – Cross Domain Copy Paste for WordPress
Doubly – Cross Domain Copy Paste for WordPress
Researcher
CVE-ID
CVE-2025-12968
CVE-2025-12968
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Infility Global
Infility Global
Researcher
CVE-ID
CVE-2025-12824
CVE-2025-12824
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Player Leaderboard
Player Leaderboard
Researcher
CVE-ID
CVE-2025-14397
CVE-2025-14397
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Postem Ipsum
Postem Ipsum
Researcher
CVE-ID
CVE-2025-14390
CVE-2025-14390
Patch Status
Unpatched
Unpatched
Published
Dec 9, 2025
Dec 9, 2025
Affected Software
Video Merchant
Video Merchant
Researcher
CVE-ID
CVE-2025-13094
CVE-2025-13094
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
WP3D Model Import Viewer
WP3D Model Import Viewer
Researcher
CVE-ID
CVE-2025-13334
CVE-2025-13334
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Blaze Demo Importer
Blaze Demo Importer
Researcher
CVE-ID
CVE-2025-14475
CVE-2025-14475
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Extensive VC Addons for WPBakery page builder
Extensive VC Addons for WPBakery page builder
Researcher
CVE-ID
CVE-2025-14044
CVE-2025-14044
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Visitor Logic Lite
Visitor Logic Lite
Researcher
CVE-ID
CVE-2025-67527
CVE-2025-67527
Patch Status
Patched
Patched
Published
Dec 13, 2025
Dec 13, 2025
Affected Software
Digiqole – News Magazine WordPress Theme
Digiqole – News Magazine WordPress Theme
Researcher
CVE-ID
CVE-2025-68061
CVE-2025-68061
Patch Status
Unpatched
Unpatched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
EduMall – Professional LMS Education Center WordPress Theme
EduMall – Professional LMS Education Center WordPress Theme
Researcher
CVE-ID
CVE-2025-67523
CVE-2025-67523
Patch Status
Patched
Patched
Published
Dec 13, 2025
Dec 13, 2025
Affected Software
Exhibz | Event Conference WordPress Theme (AI Powered)
Exhibz | Event Conference WordPress Theme (AI Powered)
Researcher
CVE-ID
CVE-2025-14169
CVE-2025-14169
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
FunnelKit – Funnel Builder for WooCommerce Checkout
FunnelKit – Funnel Builder for WooCommerce Checkout
Researcher
CVE-ID
CVE-2025-13339
CVE-2025-13339
Patch Status
Patched
Patched
Published
Dec 9, 2025
Dec 9, 2025
Affected Software
Hippoo Mobile App for WooCommerce
Hippoo Mobile App for WooCommerce
Researcher
CVE-ID
CVE-2025-67522
CVE-2025-67522
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Noo JobMonster
Noo JobMonster
Researcher
CVE-ID
CVE-2025-67524
CVE-2025-67524
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Jobmonster Elementor Addon
Jobmonster Elementor Addon
Researcher
LT Unleashed <= 1.1.1 – Authenticated (Contributor+) Local File Inclusion via ‘template’ Parameter
7.5
CVE-ID
CVE-2025-13886
CVE-2025-13886
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
LT Unleashed
LT Unleashed
Researcher
CVE-ID
CVE-2025-68062
CVE-2025-68062
Patch Status
Unpatched
Unpatched
Published
Dec 13, 2025
Dec 13, 2025
Affected Software
MinimogWP – The High Converting eCommerce WordPress Theme
MinimogWP – The High Converting eCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-67531
CVE-2025-67531
Patch Status
Patched
Patched
Published
Dec 13, 2025
Dec 13, 2025
Affected Software
Turitor – Education WordPress Theme
Turitor – Education WordPress Theme
Researcher
CVE-ID
CVE-2025-13089
CVE-2025-13089
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
WP Directory Kit
WP Directory Kit
Researcher
CVE-ID
CVE-2025-13126
CVE-2025-13126
Patch Status
Patched
Patched
Published
Dec 13, 2025
Dec 13, 2025
Affected Software
wpForo Forum
wpForo Forum
Researcher
CVE-ID
CVE-2025-14068
CVE-2025-14068
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
CVE-ID
CVE-2025-13077
CVE-2025-13077
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce
افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce
Researcher
Fancy Product Designer <= 6.4.8 – Unauthenticated Stored Cross-Site Scripting via SVG File Upload
7.2
CVE-ID
CVE-2025-12570
CVE-2025-12570
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Fancy Product Designer
Fancy Product Designer
Researchers
CVE-ID
CVE-2025-13604
CVE-2025-13604
Patch Status
Patched
Patched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Login Security, FireWall, Malware removal by CleanTalk
Login Security, FireWall, Malware removal by CleanTalk
Researcher
CVE-ID
CVE-2025-12705
CVE-2025-12705
Patch Status
Patched
Patched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Reviews Widget for Google, Yelp & Recommendations
Reviews Widget for Google, Yelp & Recommendations
Researcher
CVE-ID
CVE-2025-13320
CVE-2025-13320
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
WP User Manager – User Profile Builder & Membership
WP User Manager – User Profile Builder & Membership
Researcher
CVE-ID
CVE-2025-67518
CVE-2025-67518
Patch Status
Patched
Patched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
Accordion Slider PRO
Accordion Slider PRO
Researcher
CVE-ID
CVE-2025-0969
CVE-2025-0969
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Brizy – Page Builder
Brizy – Page Builder
Researcher
CVE-ID
CVE-2025-67962
CVE-2025-67962
Patch Status
Patched
Patched
Published
Dec 9, 2025
Dec 9, 2025
Researcher
CVE-ID
CVE-2025-14064
CVE-2025-14064
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
BuddyTask
BuddyTask
Researcher
CVE-ID
CVE-2025-68054
CVE-2025-68054
Patch Status
Unpatched
Unpatched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
CountDown With Image or Video Background
CountDown With Image or Video Background
Researcher
CVE-ID
CVE-2025-13891
CVE-2025-13891
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Image Gallery – Photo Grid & Video Gallery
Image Gallery – Photo Grid & Video Gallery
Researcher
List Category Posts <= 0.91.0 – Authenticated (Contributor+) SQL Injection via Plugin’s Shortcode
6.5
CVE-ID
CVE-2025-10163
CVE-2025-10163
Patch Status
Patched
Patched
Published
Dec 10, 2025
Dec 10, 2025
Affected Software
List category posts
List category posts
Researcher
CVE-ID
CVE-2025-67520
CVE-2025-67520
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Media File Rename, Unused File Cleaner & CSV Export Import – Add Alt for Image SEO – Media Library Tools
Media File Rename, Unused File Cleaner & CSV Export Import – Add Alt for Image SEO – Media Library Tools
Researcher
CVE-ID
CVE-2025-14508
CVE-2025-14508
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
MediaCommander – Bring Folders to Media, Posts, and Pages
MediaCommander – Bring Folders to Media, Posts, and Pages
Researcher
CVE-ID
CVE-2025-14446
CVE-2025-14446
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Easy Notify Lite
Easy Notify Lite
Researcher
Simple CSV Table <= 1.0.1 – Directory Traversal to Authenticated (Contributor+) Arbitrary File Read
6.5
CVE-ID
CVE-2025-12960
CVE-2025-12960
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Simple CSV Table
Simple CSV Table
Researcher
CVE-ID
CVE-2025-67516
CVE-2025-67516
Patch Status
Patched
Patched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
Store Locator WordPress
Store Locator WordPress
Researcher
CVE-ID
CVE-2025-14293
CVE-2025-14293
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Researcher
CVE-ID
CVE-2025-68053
CVE-2025-68053
Patch Status
Unpatched
Unpatched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
xPromoter
xPromoter
Researcher
CVE-ID
CVE-2025-9873
CVE-2025-9873
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
a3 Lazy Load
a3 Lazy Load
Researcher
Addon Elements for Elementor <= 1.14.3 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2025-12537
CVE-2025-12537
Patch Status
Patched
Patched
Published
Dec 13, 2025
Dec 13, 2025
Affected Software
Addon Elements for Elementor (formerly Elementor Addon Elements)
Addon Elements for Elementor (formerly Elementor Addon Elements)
Researcher
CVE-ID
CVE-2025-14030
CVE-2025-14030
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
AI Feeds
AI Feeds
Researcher
CVE-ID
CVE-2025-8779
CVE-2025-8779
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
All-in-One Addons for Elementor – WidgetKit
All-in-One Addons for Elementor – WidgetKit
Researcher
CVE-ID
CVE-2025-14119
CVE-2025-14119
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
App Landing Template Blocks for WPBakery (Visual Composer) Page Builder
App Landing Template Blocks for WPBakery (Visual Composer) Page Builder
Researcher
CVE-ID
CVE-2025-14143
CVE-2025-14143
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Ayo Shortcodes
Ayo Shortcodes
Researcher
CVE-ID
CVE-2025-12830
CVE-2025-12830
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Better Addons for Elementor
Better Addons for Elementor
Researcher
CVE-ID
CVE-2025-14032
CVE-2025-14032
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Bold Timeline Lite
Bold Timeline Lite
Researcher
CVE-ID
CVE-2025-13840
CVE-2025-13840
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
BUKAZU Search widget
BUKAZU Search widget
Researcher
CVE-ID
CVE-2025-11376
CVE-2025-11376
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Colibri Page Builder
Colibri Page Builder
Researcher
CVE-ID
CVE-2025-13705
CVE-2025-13705
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Custom Frames
Custom Frames
Researcher
CVE-ID
CVE-2025-13961
CVE-2025-13961
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Data Visualizer
Data Visualizer
Researcher
CVE-ID
CVE-2025-13962
CVE-2025-13962
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Divelogs Widget
Divelogs Widget
Researcher
CVE-ID
CVE-2025-13846
CVE-2025-13846
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Easy Map Creator
Easy Map Creator
Researcher
CVE-ID
CVE-2025-8687
CVE-2025-8687
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Enter Addons – Ultimate Template Builder for Elementor
Enter Addons – Ultimate Template Builder for Elementor
Researcher
CVE-ID
CVE-2025-13866
CVE-2025-13866
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Flow-Flow Social Feed Stream
Flow-Flow Social Feed Stream
Researcher
CVE-ID
CVE-2025-13963
CVE-2025-13963
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
FX Currency Converter
FX Currency Converter
Researcher
GPXpress <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
6.4
CVE-ID
CVE-2025-13960
CVE-2025-13960
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
GPXpress
GPXpress
Researcher
CVE-ID
CVE-2025-66081
CVE-2025-66081
Patch Status
Patched
Patched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
Head Meta Data
Head Meta Data
Researcher
CVE-ID
CVE-2025-12109
CVE-2025-12109
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Header Footer Script Adder – Insert Code in Header, Body & Footer
Header Footer Script Adder – Insert Code in Header, Body & Footer
Researcher
CVE-ID
CVE-2025-13884
CVE-2025-13884
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Hide Email Address
Hide Email Address
Researcher
CVE-ID
CVE-2025-14278
CVE-2025-14278
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
HT Slider For Elementor
HT Slider For Elementor
Researcher
CVE-ID
CVE-2025-8195
CVE-2025-8195
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
JetWidgets For Elementor
JetWidgets For Elementor
Researcher
CVE-ID
CVE-2025-7960
CVE-2025-7960
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor
King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor
Researcher
CVE-ID
CVE-2025-7058
CVE-2025-7058
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Kingcabs
Kingcabs
Researcher
CVE-ID
CVE-2025-13740
CVE-2025-13740
Patch Status
Patched
Patched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
Lightweight Accordion
Lightweight Accordion
Researcher
CVE-ID
CVE-2025-8780
CVE-2025-8780
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Livemesh SiteOrigin Widgets
Livemesh SiteOrigin Widgets
Researcher
CVE-ID
CVE-2025-13839
CVE-2025-13839
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
LJUsers
LJUsers
Researcher
CVE-ID
CVE-2025-13850
CVE-2025-13850
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
LS Google Map Router
LS Google Map Router
Researcher
CVE-ID
CVE-2025-12965
CVE-2025-12965
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Magical Posts Display – Elementor Advanced Posts widgets
Magical Posts Display – Elementor Advanced Posts widgets
Researcher
CVE-ID
CVE-2025-11876
CVE-2025-11876
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Mailgun Subscriptions
Mailgun Subscriptions
Researcher
CVE-ID
CVE-2025-8199
CVE-2025-8199
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Marquee Addons for Elementor – Advanced Elements & Modern Motion Widgets
Marquee Addons for Elementor – Advanced Elements & Modern Motion Widgets
Researcher
CVE-ID
CVE-2025-66111
CVE-2025-66111
Patch Status
Patched
Patched
Published
Dec 10, 2025
Dec 10, 2025
Affected Software
Nelio Popups
Nelio Popups
Researcher
CVE-ID
CVE-2025-13747
CVE-2025-13747
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
NewStatPress
NewStatPress
Researcher
CVE-ID
CVE-2025-13966
CVE-2025-13966
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Paypal Payment Shortcode
Paypal Payment Shortcode
Researcher
CVE-ID
CVE-2025-9856
CVE-2025-9856
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Researcher
CVE-ID
CVE-2025-9488
CVE-2025-9488
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Redux Framework
Redux Framework
Researcher
CVE-ID
CVE-2025-13969
CVE-2025-13969
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Reviews Sorted
Reviews Sorted
Researcher
CVE-ID
CVE-2025-13889
CVE-2025-13889
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Simple Nivo Slider
Simple Nivo Slider
Researcher
Simple post listing <= 0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-ID
CVE-2025-12650
CVE-2025-12650
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Simple post listing
Simple post listing
Researcher
CVE-ID
CVE-2025-13843
CVE-2025-13843
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
VigLink SpotLight By ShortCode
VigLink SpotLight By ShortCode
Researcher
CVE-ID
CVE-2025-9436
CVE-2025-9436
Patch Status
Patched
Patched
Published
Dec 10, 2025
Dec 10, 2025
Affected Software
Widgets for Google Reviews
Widgets for Google Reviews
Researcher
CVE-ID
CVE-2025-13989
CVE-2025-13989
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
WP Dropzone
WP Dropzone
Researcher
WP Flot <= 0.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
6.4
CVE-ID
CVE-2025-13906
CVE-2025-13906
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
WP Flot
WP Flot
Researcher
WPGancio <= 1.12 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
6.4
CVE-ID
CVE-2025-13904
CVE-2025-13904
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
WPGancio
WPGancio
Researcher
Wpik WordPress Basic Ajax Form <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2025-14393
CVE-2025-14393
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Wpik WordPress Basic Ajax Form
Wpik WordPress Basic Ajax Form
Researcher
CVE-ID
CVE-2025-8617
CVE-2025-8617
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
YITH WooCommerce Quick View
YITH WooCommerce Quick View
Researcher
CVE-ID
CVE-2025-13885
CVE-2025-13885
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Zenost Shortcodes
Zenost Shortcodes
Researcher
CVE-ID
CVE-2025-12834
CVE-2025-12834
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Accept Stripe Payments Using Contact Form 7
Accept Stripe Payments Using Contact Form 7
Researcher
CVE-ID
CVE-2025-14132
CVE-2025-14132
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Category Dropdown List
Category Dropdown List
Researcher
CVE-ID
CVE-2025-14125
CVE-2025-14125
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Complag
Complag
Researcher
CVE-ID
CVE-2025-14129
CVE-2025-14129
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Like DisLike Voting
Like DisLike Voting
Researcher
CVE-ID
CVE-2025-14137
CVE-2025-14137
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Simple AL Slider
Simple AL Slider
Researcher
CVE-ID
CVE-2025-12076
CVE-2025-12076
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Social Media Auto Publish
Social Media Auto Publish
Researcher
CVE-ID
CVE-2025-14049
CVE-2025-14049
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
VikRentItems Flexible Rental Management System
VikRentItems Flexible Rental Management System
Researcher
CVE-ID
CVE-2025-12077
CVE-2025-12077
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
WP to LinkedIn Auto Publish
WP to LinkedIn Auto Publish
Researcher
CVE-ID
CVE-2025-14138
CVE-2025-14138
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
WPLG Default Mail From
WPLG Default Mail From
Researcher
CVE-ID
CVE-2025-13988
CVE-2025-13988
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
评论小秘书
评论小秘书
Researcher
CVE-ID
CVE-2025-10289
CVE-2025-10289
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Filter & Grids
Filter & Grids
Researcher
CVE-ID
CVE-2025-11467
CVE-2025-11467
Patch Status
Patched
Patched
Published
Dec 10, 2025
Dec 10, 2025
Affected Software
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Researcher
CVE-ID
CVE-2025-4970
CVE-2025-4970
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
BSK PDF Manager
BSK PDF Manager
Researcher
CVE-ID
CVE-2025-13993
CVE-2025-13993
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
MailerLite – Signup forms (official)
MailerLite – Signup forms (official)
Researcher
CVE-ID
CVE-2025-13642
CVE-2025-13642
Patch Status
Patched
Patched
Published
Dec 8, 2025
Dec 8, 2025
CVE-ID
CVE-2025-14539
CVE-2025-14539
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Shortcode Ajax
Shortcode Ajax
Researcher
CVE-ID
CVE-2025-14447
CVE-2025-14447
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
AnnunciFunebri Impresa
AnnunciFunebri Impresa
Researcher
CVE-ID
CVE-2025-12883
CVE-2025-12883
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Campay Woocommerce Payment Gateway
Campay Woocommerce Payment Gateway
Researcher
CVE-ID
CVE-2025-13093
CVE-2025-13093
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Devs CRM – Manage tasks, attendance and teams all together
Devs CRM – Manage tasks, attendance and teams all together
Researcher
CVE-ID
CVE-2025-13092
CVE-2025-13092
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Devs CRM – Manage tasks, attendance and teams all together
Devs CRM – Manage tasks, attendance and teams all together
Researcher
CVE-ID
CVE-2025-14367
CVE-2025-14367
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Easy Theme Options
Easy Theme Options
Researcher
CVE-ID
CVE-2025-62997
CVE-2025-62997
Patch Status
Unpatched
Unpatched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Shopping Cart & eCommerce Store
Shopping Cart & eCommerce Store
Researcher
CVE-ID
CVE-2025-12348
CVE-2025-12348
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
CVE-ID
CVE-2025-13403
CVE-2025-13403
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Employee Spotlight – Team Member Showcase & Meet the Team Plugin
Employee Spotlight – Team Member Showcase & Meet the Team Plugin
Researcher
CVE-ID
CVE-2025-66127
CVE-2025-66127
Patch Status
Unpatched
Unpatched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
Essential Real Estate
Essential Real Estate
Researcher
CVE-ID
CVE-2025-62870
CVE-2025-62870
Patch Status
Unpatched
Unpatched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Eupago Gateway For Woocommerce
Eupago Gateway For Woocommerce
Researcher
CVE-ID
CVE-2025-12408
CVE-2025-12408
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Events Manager – Calendar, Bookings, Tickets, and more!
Events Manager – Calendar, Bookings, Tickets, and more!
Researcher
CVE-ID
CVE-2025-14365
CVE-2025-14365
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Eyewear prescription form
Eyewear prescription form
CVE-ID
CVE-2025-14366
CVE-2025-14366
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Eyewear prescription form
Eyewear prescription form
CVE-ID
CVE-2025-66126
CVE-2025-66126
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Fix Media Library
Fix Media Library
Researcher
CVE-ID
CVE-2025-62109
CVE-2025-62109
Patch Status
Unpatched
Unpatched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Geo Controller
Geo Controller
Researcher
CVE-ID
CVE-2025-13660
CVE-2025-13660
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Guest Support
Guest Support
Researcher
CVE-ID
CVE-2025-14581
CVE-2025-14581
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
HAPPY – Helpdesk Support Ticket System
HAPPY – Helpdesk Support Ticket System
Researcher
CVE-ID
CVE-2025-12655
CVE-2025-12655
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Hippoo Mobile App for WooCommerce
Hippoo Mobile App for WooCommerce
Researcher
CVE-ID
CVE-2025-67965
CVE-2025-67965
Patch Status
Patched
Patched
Published
Dec 10, 2025
Dec 10, 2025
Affected Software
Homey Core
Homey Core
Researcher
CVE-ID
CVE-2025-66068
CVE-2025-66068
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
InstaWP Connect – 1-click WP Staging & Migration
InstaWP Connect – 1-click WP Staging & Migration
Researcher
CVE-ID
CVE-2025-66124
CVE-2025-66124
Patch Status
Unpatched
Unpatched
Published
Dec 10, 2025
Dec 10, 2025
Affected Software
Leaky Paywall
Leaky Paywall
Researcher
CVE-ID
CVE-2025-11707
CVE-2025-11707
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Login Lockdown & Protection
Login Lockdown & Protection
Researcher
CVE-ID
CVE-2025-12362
CVE-2025-12362
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program.
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program.
Researcher
CVE-ID
CVE-2025-14074
CVE-2025-14074
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
PDF for Contact Form 7 + Drag and Drop Template Builder
PDF for Contact Form 7 + Drag and Drop Template Builder
Researcher
CVE-ID
CVE-2025-67572
CVE-2025-67572
Patch Status
Patched
Patched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
PenNews – Multi-Purpose AMP WordPress Theme
PenNews – Multi-Purpose AMP WordPress Theme
Researcher
CVE-ID
CVE-2025-13440
CVE-2025-13440
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Premmerce Wishlist for WooCommerce
Premmerce Wishlist for WooCommerce
Researcher
CVE-ID
CVE-2025-13314
CVE-2025-13314
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Researcher
CVE-ID
CVE-2025-14442
CVE-2025-14442
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Secure Copy Content Protection and Content Locking
Secure Copy Content Protection and Content Locking
Researcher
CVE-ID
CVE-2025-66128
CVE-2025-66128
Patch Status
Unpatched
Unpatched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
Brevo for WooCommerce
Brevo for WooCommerce
Researcher
CVE-ID
CVE-2025-14065
CVE-2025-14065
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Simple Bike Rental
Simple Bike Rental
Researcher
CVE-ID
CVE-2025-9207
CVE-2025-9207
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
TI WooCommerce Wishlist
TI WooCommerce Wishlist
Researcher
CVE-ID
CVE-2025-66125
CVE-2025-66125
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Ultimate WordPress Auction Plugin
Ultimate WordPress Auction Plugin
Researcher
CVE-ID
CVE-2025-66130
CVE-2025-66130
Patch Status
Unpatched
Unpatched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
WP Views Counter
WP Views Counter
Researcher
CVE-ID
CVE-2025-14170
CVE-2025-14170
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Vimeo SimpleGallery
Vimeo SimpleGallery
Researcher
CVE-ID
CVE-2025-62740
CVE-2025-62740
Patch Status
Unpatched
Unpatched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
WP-CRM System – Manage Clients and Projects
WP-CRM System – Manage Clients and Projects
Researcher
CVE-ID
CVE-2025-14166
CVE-2025-14166
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
CVE-ID
CVE-2025-14477
CVE-2025-14477
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
404 Solution
404 Solution
Researcher
CVE-ID
CVE-2025-14050
CVE-2025-14050
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Design Import/Export – Styles, Templates, Template Parts and Patterns
Design Import/Export – Styles, Templates, Template Parts and Patterns
Researcher
CVE-ID
CVE-2025-13677
CVE-2025-13677
Patch Status
Patched
Patched
Published
Dec 9, 2025
Dec 9, 2025
Affected Software
Simple Download Counter
Simple Download Counter
Researcher
CVE-ID
CVE-2025-13972
CVE-2025-13972
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
WatchTowerHQ
WatchTowerHQ
Researcher
CVE-ID
CVE-2025-14451
CVE-2025-14451
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Solutions Ad Manager
Solutions Ad Manager
Researcher
CVE-ID
CVE-2025-13975
CVE-2025-13975
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Contact Form 7 with ChatWork
Contact Form 7 with ChatWork
Researcher
CVE-ID
CVE-2025-14056
CVE-2025-14056
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Custom Post Type UI
Custom Post Type UI
Researcher
CVE-ID
CVE-2025-14035
CVE-2025-14035
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
DebateMaster
DebateMaster
Researcher
CVE-ID
CVE-2025-11970
CVE-2025-11970
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
CVE-ID
CVE-2025-14378
CVE-2025-14378
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Quick Testimonials
Quick Testimonials
Researcher
CVE-ID
CVE-2025-14048
CVE-2025-14048
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
SimplyConvert
SimplyConvert
Researcher
CVE-ID
CVE-2025-13971
CVE-2025-13971
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
TWW Protein Calculator
TWW Protein Calculator
Researcher
CVE-ID
CVE-2025-14467
CVE-2025-14467
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Researcher
CVE-ID
CVE-2025-64246
CVE-2025-64246
Patch Status
Patched
Patched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
Accessibility by AudioEye
Accessibility by AudioEye
Researcher
CVE-ID
CVE-2025-13924
CVE-2025-13924
Patch Status
Patched
Patched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Advanced Product Fields (Product Addons) for WooCommerce
Advanced Product Fields (Product Addons) for WooCommerce
Researcher
CVE-ID
CVE-2025-62998
CVE-2025-62998
Patch Status
Unpatched
Unpatched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
WP AI CoPilot – AI content writer plugin, ChatGPT WordPress, GPT-3/4 , Ai assistance
WP AI CoPilot – AI content writer plugin, ChatGPT WordPress, GPT-3/4 , Ai assistance
Researcher
CVE-ID
CVE-2025-14062
CVE-2025-14062
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Animated Pixel Marquee Creator
Animated Pixel Marquee Creator
Researcher
CVE-ID
CVE-2025-12558
CVE-2025-12558
Patch Status
Patched
Patched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Beaver Builder Page Builder – Drag and Drop Website Builder
Beaver Builder Page Builder – Drag and Drop Website Builder
Researcher
CVE-ID
CVE-2025-14162
CVE-2025-14162
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
BMLT WordPress Plugin
BMLT WordPress Plugin
Researcher
CVE-ID
CVE-2025-68085
CVE-2025-68085
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Buttoner for Elementor
Buttoner for Elementor
Researcher
CVE-ID
CVE-2025-66147
CVE-2025-66147
Patch Status
Unpatched
Unpatched
Published
Dec 10, 2025
Dec 10, 2025
Affected Software
Coder for Elementor
Coder for Elementor
Researcher
CVE-ID
CVE-2025-14158
CVE-2025-14158
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Coding Blocks
Coding Blocks
Researcher
CVE-ID
CVE-2025-64241
CVE-2025-64241
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
WP Coupons and Deals – Click to Copy Coupons
WP Coupons and Deals – Click to Copy Coupons
Researcher
CVE-ID
CVE-2025-63058
CVE-2025-63058
Patch Status
Unpatched
Unpatched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Custom Field Template
Custom Field Template
Researcher
CVE-ID
CVE-2025-64243
CVE-2025-64243
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Directory Pro
Directory Pro
Researcher
CVE-ID
CVE-2025-64242
CVE-2025-64242
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Easy Property Listings
Easy Property Listings
Researcher
CVE-ID
CVE-2025-67578
CVE-2025-67578
Patch Status
Patched
Patched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Email Marketing Plugin – WP Email Capture
Email Marketing Plugin – WP Email Capture
Researcher
CVE-ID
CVE-2025-68071
CVE-2025-68071
Patch Status
Unpatched
Unpatched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
Essential Real Estate
Essential Real Estate
Researcher
CVE-ID
CVE-2025-12407
CVE-2025-12407
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Events Manager – Calendar, Bookings, Tickets, and more!
Events Manager – Calendar, Bookings, Tickets, and more!
Researcher
CVE-ID
CVE-2025-62873
CVE-2025-62873
Patch Status
Unpatched
Unpatched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
WP Flashy Marketing Automation
WP Flashy Marketing Automation
Researcher
CVE-ID
CVE-2025-13408
CVE-2025-13408
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Researcher
CVE-ID
CVE-2025-64240
CVE-2025-64240
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Freshchat
Freshchat
Researcher
CVE-ID
CVE-2025-14288
CVE-2025-14288
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
CVE-ID
CVE-2025-12512
CVE-2025-12512
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
GenerateBlocks
GenerateBlocks
Researcher
CVE-ID
CVE-2025-66161
CVE-2025-66161
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Grider for Elementor
Grider for Elementor
Researcher
CVE-ID
CVE-2025-68088
CVE-2025-68088
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Huger for Elementor
Huger for Elementor
Researcher
CVE-ID
CVE-2025-14454
CVE-2025-14454
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Image Slider by Ays- Responsive Slider and Carousel
Image Slider by Ays- Responsive Slider and Carousel
Researcher
CVE-ID
CVE-2025-13363
CVE-2025-13363
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
IMAQ CORE
IMAQ CORE
Researcher
CVE-ID
CVE-2025-64245
CVE-2025-64245
Patch Status
Unpatched
Unpatched
Published
Dec 14, 2025
Dec 14, 2025
Affected Software
Import external attachments
Import external attachments
Researcher
CVE-ID
CVE-2025-67468
CVE-2025-67468
Patch Status
Patched
Patched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
Researcher
CVE-ID
CVE-2025-62871
CVE-2025-62871
Patch Status
Unpatched
Unpatched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Just TinyMCE Custom Styles
Just TinyMCE Custom Styles
Researcher
CVE-ID
CVE-2025-14165
CVE-2025-14165
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Kirim.Email WooCommerce Integration
Kirim.Email WooCommerce Integration
Researcher
CVE-ID
CVE-2025-66164
CVE-2025-66164
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Laser
Laser
Researcher
CVE-ID
CVE-2025-66165
CVE-2025-66165
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Lottier for WPBakery
Lottier for WPBakery
Researcher
CVE-ID
CVE-2025-14462
CVE-2025-14462
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Lucky Draw Contests
Lucky Draw Contests
Researcher
CVE-ID
CVE-2025-66163
CVE-2025-66163
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Masker for Elementor
Masker for Elementor
Researcher
CVE-ID
CVE-2025-11164
CVE-2025-11164
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Mavix Education
Mavix Education
Researcher
CVE-ID
CVE-2025-68087
CVE-2025-68087
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Modalier for Elementor
Modalier for Elementor
Researcher
CVE-ID
CVE-2025-63034
CVE-2025-63034
Patch Status
Unpatched
Unpatched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Page View Count
Page View Count
Researcher
CVE-ID
CVE-2025-14394
CVE-2025-14394
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Popover Windows
Popover Windows
Researcher
CVE-ID
CVE-2025-14395
CVE-2025-14395
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Popover Windows
Popover Windows
Researcher
CVE-ID
CVE-2025-12783
CVE-2025-12783
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Premmerce Brands for WooCommerce
Premmerce Brands for WooCommerce
Researchers
CVE-ID
CVE-2025-13987
CVE-2025-13987
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Purchase and Expense Manager
Purchase and Expense Manager
Researcher
CVE-ID
CVE-2025-13366
CVE-2025-13366
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Rabbit Hole
Rabbit Hole
Researcher
CVE-ID
CVE-2025-68086
CVE-2025-68086
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
ReFormer – Multichannel Contact Form for Elementor
ReFormer – Multichannel Contact Form for Elementor
Researcher
CVE-ID
CVE-2025-14354
CVE-2025-14354
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Resource Library for Logged In Users
Resource Library for Logged In Users
Researcher
CVE-ID
CVE-2025-64244
CVE-2025-64244
Patch Status
Unpatched
Unpatched
Published
Dec 13, 2025
Dec 13, 2025
Affected Software
Restrict Elementor Widgets, Columns and Sections
Restrict Elementor Widgets, Columns and Sections
Researcher
CVE-ID
CVE-2025-64239
CVE-2025-64239
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
RTL Tester
RTL Tester
Researcher
CVE-ID
CVE-2025-14159
CVE-2025-14159
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Secure Copy Content Protection and Content Locking
Secure Copy Content Protection and Content Locking
Researcher
CVE-ID
CVE-2025-14391
CVE-2025-14391
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Simple Theme Changer
Simple Theme Changer
Researcher
CVE-ID
CVE-2025-14392
CVE-2025-14392
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Simple Theme Changer
Simple Theme Changer
Researcher
CVE-ID
CVE-2025-62872
CVE-2025-62872
Patch Status
Unpatched
Unpatched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Social Photo Fetcher
Social Photo Fetcher
Researcher
CVE-ID
CVE-2025-66162
CVE-2025-66162
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Spoter for Elementor
Spoter for Elementor
Researcher
CVE-ID
CVE-2025-66096
CVE-2025-66096
Patch Status
Patched
Patched
Published
Dec 8, 2025
Dec 8, 2025
Affected Software
Tableberg – Simple Gutenberg Table Block
Tableberg – Simple Gutenberg Table Block
Researcher
CVE-ID
CVE-2025-67466
CVE-2025-67466
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Researcher
Truefy Embed <= 1.1.0 – Cross-Site Request Forgery to ‘truefy_embed_options_update’ Settings Update
4.3
CVE-ID
CVE-2025-14161
CVE-2025-14161
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Truefy Embed
Truefy Embed
Researcher
CVE-ID
CVE-2025-68084
CVE-2025-68084
Patch Status
Unpatched
Unpatched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
Ultimate WordPress Auction Plugin
Ultimate WordPress Auction Plugin
Researcher
CVE-ID
CVE-2025-14356
CVE-2025-14356
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Ultra Addons for Contact Form 7
Ultra Addons for Contact Form 7
Researcher
CVE-ID
CVE-2025-14160
CVE-2025-14160
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
Upcoming for Calendly
Upcoming for Calendly
Researcher
URL Media Uploader <= 1.0.1 – Missing Authorization to Authenticated (Contributor+) Safe File Upload
4.3
CVE-ID
CVE-2025-14045
CVE-2025-14045
Patch Status
Unpatched
Unpatched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
URL Media Uploader
URL Media Uploader
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
WP Recipe Maker
WP Recipe Maker
Researcher
CVE-ID
CVE-2025-9218
CVE-2025-9218
Patch Status
Patched
Patched
Published
Dec 12, 2025
Dec 12, 2025
Affected Software
rtMedia for WordPress, BuddyPress and bbPress
rtMedia for WordPress, BuddyPress and bbPress
Researcher
CVE-ID
CVE-2025-10583
CVE-2025-10583
Patch Status
Patched
Patched
Published
Dec 11, 2025
Dec 11, 2025
Affected Software
WP Fastest Cache Premium
WP Fastest Cache Premium
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (December 8, 2025 to December 14, 2025) appeared first on Wordfence.
