Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.
Last week, there were 121 vulnerabilities disclosed in 100 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 52 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 33,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
-
-
- WAF-RULE-893 – Data redacted while we work with the vendor on a patch.
-
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 75 |
| Unpatched | 46 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 86 |
| High Severity | 31 |
| Critical Severity | 4 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 43 |
| Missing Authorization | 29 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 11 |
| Authorization Bypass Through User-Controlled Key | 5 |
| Cross-Site Request Forgery (CSRF) | 5 |
| Exposure of Sensitive Information to an Unauthorized Actor | 5 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 5 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 5 |
| Unrestricted Upload of File with Dangerous Type | 3 |
| Deserialization of Untrusted Data | 2 |
| Improper Privilege Management | 2 |
| Server-Side Request Forgery (SSRF) | 2 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 1 |
| Incorrect Privilege Assignment | 1 |
| Initialization of a Resource with an Insecure Default | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 11 | |
| 11 | |
| 10 | |
| 9 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Addonify Floating Cart For WooCommerce | addonify-floating-cart |
| Addonify – Compare Products For WooCommerce | addonify-compare-products |
| Addonify – WooCommerce Wishlist | addonify-wishlist |
| Advanced Country Blocker | advanced-country-blocker |
| All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink | image-viewer |
| All push notification for WP | all-push-notification |
| Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating | authorsy |
| AWCA – The Great Analytics Insights for Your eStore | advance-wc-analytics |
| Bold Page Builder | bold-page-builder |
| Chapa Payment Gateway Plugin for WooCommerce | chapa-payment-gateway-for-woocommerce |
| Checkout Gateway for IRIS | checkout-gateway-iris |
| Code Explorer | code-explorer |
| Code Snippets | code-snippets |
| Connector Wizard (formerly LC Wizard) | ghl-wizard |
| Contact Manager | contact-manager |
| Court Reservation – Manage Your Court Bookings Online | court-reservation |
| Docus – YouTube Video Playlist | docus |
| Dynamic Widget Content | dynamic-widget-content |
| Eleblog – Elementor Blog And Magazine Addons | ele-blog |
| ElementInvader Addons for Elementor | elementinvader-addons-for-elementor |
| ELEX WordPress HelpDesk & Customer Ticketing System | elex-helpdesk-customer-support-ticket-system |
| Employee Directory – Staff Directory and Listing | employee-staff-directory |
| Essential Widgets | essential-widgets |
| Events Listing Widget | events-listing-widget |
| Export Media URLs | export-media-urls |
| Extended Random Number Generator | extended-random-number-generator |
| Fluent Forms Pro Add On Pack | fluentformpro |
| Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
| Fortis for WooCommerce | fortis-for-woocommerce |
| GA4WP – Analytics Dashboard for the Website | ga-for-wp |
| GMap Targeting – Simple Targeting Inside Google Maps | gmap-targeting |
| Greenshift – animation and page builder blocks | greenshift-animation-and-page-builder-blocks |
| GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) | gsheetconnector-wpforms |
| Happy Addons for Elementor | happy-elementor-addons |
| iContact for Gravity Forms | gravity-forms-icontact |
| Infility Global | infility-global |
| JAY Login & Register | jay-login-register |
| LatePoint – Calendar Booking Plugin for Appointments and Events | latepoint |
| Library Viewer | library-viewer |
| LottieFiles | lottiefiles |
| Magic Import Document Extractor | magic-import-document-extractor |
| Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more | mail-mint |
| Menu Icons by ThemeIsle | menu-icons |
| Modula Image Gallery – Photo Grid & Video Gallery | modula-best-grid-gallery |
| MP-Ukagaka | mp-ukagaka |
| myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program. | mycred |
| MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more | woorewards |
| NEX-Forms – Ultimate Forms Plugin for WordPress | nex-forms-express-wp-form-builder |
| NPS computy | nps-computy |
| OAuth Single Sign On – SSO (OAuth Client) | miniorange-login-with-eve-online-google-facebook |
| Okay Toolkit | okay-toolkit |
| OMIGO | omigo |
| Optimize More! – Images | optimize-more-images |
| Orange Comfort+ accessibility toolbar for WordPress | orange-confort-plus |
| OS DataHub Maps | os-datahub-maps |
| Peter’s Date Countdown | peters-date-countdown |
| Plugin BlueX for WooCommerce | bluex-for-woocommerce |
| Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | popup-builder-block |
| Portfolio Builder – Elementor Portfolio Addon | swp-portfolio |
| Premmerce | premmerce |
| Print Invoice & Delivery Notes for WooCommerce | woocommerce-delivery-notes |
| Product Filter for WooCommerce | prdctfltr |
| ProfileGrid – User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
| Reflector | reflector-plugins |
| Robin Image Optimizer – Unlimited Image Optimization & WebP Converter | robin-image-optimizer |
| Run Contests, Raffles, and Giveaways with ContestsWP | contest-code-checker |
| SEO Flow by LupsOnline | lupsonline-link-netwerk |
| ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | shortpixel-image-optimiser |
| SIBS woocommerce payment gateway | sibs-woocommerce |
| Sigmize: A/B Testing, Session Recordings, Heatmaps & Revenue Tracking for WooCommerce, SureCart & EDD | sigmize |
| Simple Bible Verse via Shortcode | simple-bible-verse-via-shortcode |
| Smart Appointment & Booking | smart-appointment-booking |
| Spectra Gutenberg Blocks – Website Builder for the Block Editor | ultimate-addons-for-gutenberg |
| SportsPress – Sports Club & League Manager | sportspress |
| Subitem AL Slider | subitem-al-slider |
| Subscribe2 – Form, Email Subscribers & Newsletters | subscribe2 |
| Sync Master Sheet – Product Sync with Google Sheet for WooCommerce | product-sync-master-sheet |
| The Bucketlister | the-bucketlister |
| The Events Calendar Shortcode & Block | the-events-calendar-shortcode |
| ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin | thirstyaffiliates |
| Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) | timeline-block-block |
| TITLE ANIMATOR | title-animator |
| TopperPack – Complete Elementor Addons, Theme & CPT Builder | topper-pack |
| Tune Library | tune-library |
| Tutor LMS – eLearning and online course solution | tutor |
| Unlimited Elements For Elementor | unlimited-elements-for-elementor |
| Video Onclick | video-onclick |
| WaveSurfer-WP | wavesurfer-wp |
| WebPurify Profanity Filter | webpurifytextreplace |
| Wikiloops Track Player | wikiloops-track-player |
| Wonka Slide | wonka-slide |
| Woo File Dropzone | woo-file-dropzone |
| WordPress User Extra Fields | wp-user-extra-fields |
| WP Content Permission | wp-content-permission |
| WP Duplicate – WordPress Migration Plugin | local-sync |
| WP FOFT Loader | wp-foft-loader |
| WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | wp-job-portal |
| WP ULike – Like & Dislike Buttons for Engagement and Feedback | wp-ulike |
| Xendit Payment | woo-xendit-virtual-accounts |
| Yoast SEO – Advanced SEO with real-time guidance and built-in AI | wordpress-seo |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Besa – Elementor Marketplace WooCommerce Theme | besa |
| CozyStay – Hotel Booking WordPress Theme | cozystay |
| Golo – City Travel Guide WordPress Theme | golo |
| Grand Conference | Event WordPress | grandconference |
| Hara – Beauty and Cosmetics Shop WooCommerce Theme | hara |
| PhotoMe | Photography Portfolio WordPress | photome |
| SevenHills – Hiking Summer Camp Children PSD Template | sevenhills |
| unicamp | unicamp |
| Urna – All-in-one WooCommerce WordPress Theme | urna |
| VidoRev – Video WordPress Theme | vidorev |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-15027
CVE-2025-15027
Patch Status
Patched
Patched
Published
Feb 7, 2026
Feb 7, 2026
Affected Software
JAY Login & Register
JAY Login & Register
Researcher
CVE-ID
CVE-2025-68043
CVE-2025-68043
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
LottieFiles
LottieFiles
Researcher
CVE-ID
CVE-2025-69376
CVE-2025-69376
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
WordPress User Extra Fields
WordPress User Extra Fields
Researcher
CVE-ID
CVE-2026-1499
CVE-2026-1499
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
WP Duplicate – WordPress Migration Plugin
WP Duplicate – WordPress Migration Plugin
Researcher
CVE-ID
CVE-2025-15100
CVE-2025-15100
Patch Status
Patched
Patched
Published
Feb 7, 2026
Feb 7, 2026
Affected Software
JAY Login & Register
JAY Login & Register
Researcher
CVE-ID
CVE-2026-1730
CVE-2026-1730
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
OS DataHub Maps
OS DataHub Maps
Researcher
CVE-ID
CVE-2025-15368
CVE-2025-15368
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
SportsPress – Sports Club & League Manager
SportsPress – Sports Club & League Manager
Researcher
CVE-ID
CVE-2026-1756
CVE-2026-1756
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
WP FOFT Loader
WP FOFT Loader
Researcher
CVE-ID
CVE-2025-67979
CVE-2025-67979
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync)
GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync)
Researcher
CVE-ID
CVE-2025-13192
CVE-2025-13192
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Researcher
CVE-ID
CVE-2025-67981
CVE-2025-67981
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Besa – Elementor Marketplace WooCommerce Theme
Besa – Elementor Marketplace WooCommerce Theme
Researcher
CVE-ID
CVE-2025-68853
CVE-2025-68853
Patch Status
Unpatched
Unpatched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Contact Manager
Contact Manager
Researcher
CVE-ID
CVE-2025-67988
CVE-2025-67988
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
CozyStay – Hotel Booking WordPress Theme
CozyStay – Hotel Booking WordPress Theme
Researcher
CVE-ID
CVE-2025-69374
CVE-2025-69374
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Eleblog – Elementor Blog And Magazine Addons
Eleblog – Elementor Blog And Magazine Addons
Researcher
CVE-ID
CVE-2025-67980
CVE-2025-67980
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Hara – Beauty and Cosmetics Shop WooCommerce Theme
Hara – Beauty and Cosmetics Shop WooCommerce Theme
Researcher
CVE-ID
CVE-2025-69375
CVE-2025-69375
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Portfolio Builder – Elementor Portfolio Addon
Portfolio Builder – Elementor Portfolio Addon
Researcher
CVE-ID
CVE-2025-69372
CVE-2025-69372
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
SevenHills – Hiking Summer Camp Children PSD Template
SevenHills – Hiking Summer Camp Children PSD Template
Researcher
CVE-ID
CVE-2025-68841
CVE-2025-68841
Patch Status
Unpatched
Unpatched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
TopperPack – Complete Elementor Addons, Theme & CPT Builder
TopperPack – Complete Elementor Addons, Theme & CPT Builder
Researcher
CVE-ID
CVE-2026-1375
CVE-2026-1375
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
Tutor LMS – eLearning and online course solution
Tutor LMS – eLearning and online course solution
CVE-ID
CVE-2025-67982
CVE-2025-67982
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Urna – All-in-one WooCommerce WordPress Theme
Urna – All-in-one WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-69377
CVE-2025-69377
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
WordPress User Extra Fields
WordPress User Extra Fields
Researcher
CVE-ID
CVE-2025-69373
CVE-2025-69373
Patch Status
Unpatched
Unpatched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
VidoRev – Video WordPress Theme
VidoRev – Video WordPress Theme
Researcher
CVE-ID
CVE-2026-23975
CVE-2026-23975
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Golo – City Travel Guide WordPress Theme
Golo – City Travel Guide WordPress Theme
Researcher
CVE-ID
CVE-2025-15268
CVE-2025-15268
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Infility Global
Infility Global
Researcher
CVE-ID
CVE-2025-15285
CVE-2025-15285
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
SEO Flow by LupsOnline
SEO Flow by LupsOnline
CVE-ID
CVE-2026-25027
CVE-2026-25027
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
unicamp
unicamp
Researcher
CVE-ID
CVE-2026-1294
CVE-2026-1294
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
CVE-ID
CVE-2026-1065
CVE-2026-1065
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Researcher
CVE-ID
CVE-2025-67990
CVE-2025-67990
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
GMap Targeting – Simple Targeting Inside Google Maps
GMap Targeting – Simple Targeting Inside Google Maps
Researcher
CVE-ID
CVE-2026-0617
CVE-2026-0617
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
LatePoint – Calendar Booking Plugin for Appointments and Events
LatePoint – Calendar Booking Plugin for Appointments and Events
Researcher
CVE-ID
CVE-2025-69324
CVE-2025-69324
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
NEX-Forms – Ultimate Forms Plugin for WordPress
NEX-Forms – Ultimate Forms Plugin for WordPress
Researcher
CVE-ID
CVE-2025-67984
CVE-2025-67984
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
NPS computy
NPS computy
Researcher
CVE-ID
CVE-2026-24949
CVE-2026-24949
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
PhotoMe | Photography Portfolio WordPress
PhotoMe | Photography Portfolio WordPress
Researcher
CVE-ID
CVE-2025-69378
CVE-2025-69378
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Product Filter for WooCommerce
Product Filter for WooCommerce
Researcher
CVE-ID
CVE-2026-1058
CVE-2026-1058
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Researcher
CVE-ID
CVE-2025-15260
CVE-2025-15260
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
CVE-ID
CVE-2025-15477
CVE-2025-15477
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
The Bucketlister
The Bucketlister
Researcher
CVE-ID
CVE-2026-0572
CVE-2026-0572
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
WebPurify Profanity Filter
WebPurify Profanity Filter
Researcher
CVE-ID
CVE-2025-12803
CVE-2025-12803
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Bold Page Builder
Bold Page Builder
Researcher
Bold Page Builder <= 5.4.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-ID
CVE-2025-12159
CVE-2025-12159
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Bold Page Builder
Bold Page Builder
Researcher
CVE-ID
CVE-2025-13463
CVE-2025-13463
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Bold Page Builder
Bold Page Builder
Researcher
CVE-ID
CVE-2025-15267
CVE-2025-15267
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Bold Page Builder
Bold Page Builder
Researcher
Docus <= 1.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
6.4
CVE-ID
CVE-2026-1888
CVE-2026-1888
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Docus – YouTube Video Playlist
Docus – YouTube Video Playlist
Researcher
CVE-ID
CVE-2026-1268
CVE-2026-1268
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Dynamic Widget Content
Dynamic Widget Content
Researcher
CVE-ID
CVE-2026-1279
CVE-2026-1279
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Employee Directory – Staff Directory and Listing
Employee Directory – Staff Directory and Listing
Researcher
CVE-ID
CVE-2026-0867
CVE-2026-0867
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Essential Widgets
Essential Widgets
Researcher
CVE-ID
CVE-2026-1252
CVE-2026-1252
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Events Listing Widget
Events Listing Widget
CVE-ID
CVE-2026-1210
CVE-2026-1210
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
Happy Addons for Elementor
Happy Addons for Elementor
Researcher
CVE-ID
CVE-2026-1755
CVE-2026-1755
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Menu Icons by ThemeIsle
Menu Icons by ThemeIsle
Researcher
CVE-ID
CVE-2026-23976
CVE-2026-23976
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Modula Image Gallery – Photo Grid & Video Gallery
Modula Image Gallery – Photo Grid & Video Gallery
Researcher
CVE-ID
CVE-2026-1808
CVE-2026-1808
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Orange Comfort+ accessibility toolbar for WordPress
Orange Comfort+ accessibility toolbar for WordPress
Researcher
CVE-ID
CVE-2026-0555
CVE-2026-0555
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Premmerce
Premmerce
Researcher
CVE-ID
CVE-2026-1319
CVE-2026-1319
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Robin Image Optimizer – Unlimited Image Optimization & WebP Converter
Robin Image Optimizer – Unlimited Image Optimization & WebP Converter
Researcher
CVE-ID
CVE-2026-1570
CVE-2026-1570
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Simple Bible Verse via Shortcode
Simple Bible Verse via Shortcode
Researcher
CVE-ID
CVE-2026-0742
CVE-2026-0742
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Smart Appointment & Booking
Smart Appointment & Booking
CVE-ID
CVE-2026-24988
CVE-2026-24988
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
The Events Calendar Shortcode & Block
The Events Calendar Shortcode & Block
Researcher
CVE-ID
CVE-2026-1401
CVE-2026-1401
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Tune Library
Tune Library
Researcher
CVE-ID
CVE-2026-1608
CVE-2026-1608
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Video Onclick
Video Onclick
Researcher
CVE-ID
CVE-2026-1909
CVE-2026-1909
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
WaveSurfer-WP
WaveSurfer-WP
Researcher
CVE-ID
CVE-2026-1611
CVE-2026-1611
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Wikiloops Track Player
Wikiloops Track Player
Researcher
CVE-ID
CVE-2026-1613
CVE-2026-1613
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Wonka Slide
Wonka Slide
Researcher
CVE-ID
CVE-2026-1293
CVE-2026-1293
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Yoast SEO – Advanced SEO with real-time guidance and built-in AI
Yoast SEO – Advanced SEO with real-time guidance and built-in AI
Researcher
CVE-ID
CVE-2025-68852
CVE-2025-68852
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Court Reservation – Manage Your Court Bookings Online
Court Reservation – Manage Your Court Bookings Online
Researcher
CVE-ID
CVE-2025-68037
CVE-2025-68037
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Export Media URLs
Export Media URLs
Researcher
CVE-ID
CVE-2026-24943
CVE-2026-24943
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Grand Conference | Event WordPress
Grand Conference | Event WordPress
Researcher
CVE-ID
CVE-2025-68863
CVE-2025-68863
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
iContact for Gravity Forms
iContact for Gravity Forms
Researcher
CVE-ID
CVE-2025-15396
CVE-2025-15396
Patch Status
Patched
Patched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Library Viewer
Library Viewer
Researcher
CVE-ID
CVE-2026-1643
CVE-2026-1643
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
MP-Ukagaka
MP-Ukagaka
Researcher
CVE-ID
CVE-2025-68851
CVE-2025-68851
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Okay Toolkit
Okay Toolkit
Researcher
CVE-ID
CVE-2026-1654
CVE-2026-1654
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Peter’s Date Countdown
Peter’s Date Countdown
Researcher
CVE-ID
CVE-2026-24948
CVE-2026-24948
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Reflector
Reflector
Researcher
CVE-ID
CVE-2026-1634
CVE-2026-1634
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Subitem AL Slider
Subitem AL Slider
Researcher
CVE-ID
CVE-2026-0632
CVE-2026-0632
Patch Status
Patched
Patched
Published
Feb 8, 2026
Feb 8, 2026
Affected Software
Fluent Forms Pro Add On Pack
Fluent Forms Pro Add On Pack
Researcher
CVE-ID
CVE-2026-1447
CVE-2026-1447
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Researcher
CVE-ID
CVE-2025-14274
CVE-2025-14274
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
Unlimited Elements For Elementor
Unlimited Elements For Elementor
Researcher
CVE-ID
CVE-2025-68023
CVE-2025-68023
Patch Status
Unpatched
Unpatched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Addonify – Compare Products For WooCommerce
Addonify – Compare Products For WooCommerce
Researcher
CVE-ID
CVE-2025-68024
CVE-2025-68024
Patch Status
Unpatched
Unpatched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Addonify – WooCommerce Wishlist
Addonify – WooCommerce Wishlist
Researcher
CVE-ID
CVE-2025-68025
CVE-2025-68025
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Addonify Floating Cart For WooCommerce
Addonify Floating Cart For WooCommerce
Researcher
CVE-ID
CVE-2026-1675
CVE-2026-1675
Patch Status
Patched
Patched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
Advanced Country Blocker
Advanced Country Blocker
Researcher
CVE-ID
CVE-2026-24950
CVE-2026-24950
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating
Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating
Researcher
CVE-ID
CVE-2025-15482
CVE-2025-15482
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Chapa Payment Gateway Plugin for WooCommerce
Chapa Payment Gateway Plugin for WooCommerce
Researcher
CVE-ID
CVE-2025-68542
CVE-2025-68542
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Checkout Gateway for IRIS
Checkout Gateway for IRIS
Researcher
CVE-ID
CVE-2025-14079
CVE-2025-14079
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
ELEX WordPress HelpDesk & Customer Ticketing System
ELEX WordPress HelpDesk & Customer Ticketing System
Researcher
CVE-ID
CVE-2026-0679
CVE-2026-0679
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Fortis for WooCommerce
Fortis for WooCommerce
Researcher
CVE-ID
CVE-2025-68028
CVE-2025-68028
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
GA4WP – Analytics Dashboard for the Website
GA4WP – Analytics Dashboard for the Website
Researcher
CVE-ID
CVE-2026-23974
CVE-2026-23974
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Golo – City Travel Guide WordPress Theme
Golo – City Travel Guide WordPress Theme
Researcher
CVE-ID
CVE-2025-68026
CVE-2025-68026
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Connector Wizard (formerly LC Wizard)
Connector Wizard (formerly LC Wizard)
Researcher
CVE-ID
CVE-2025-15507
CVE-2025-15507
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Magic Import Document Extractor
Magic Import Document Extractor
Researcher
CVE-ID
CVE-2025-15508
CVE-2025-15508
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Magic Import Document Extractor
Magic Import Document Extractor
Researcher
CVE-ID
CVE-2025-10753
CVE-2025-10753
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
OAuth Single Sign On – SSO (OAuth Client)
OAuth Single Sign On – SSO (OAuth Client)
Researcher
CVE-ID
CVE-2025-67624
CVE-2025-67624
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Optimize More! – Images
Optimize More! – Images
Researcher
CVE-ID
CVE-2025-68022
CVE-2025-68022
Patch Status
Unpatched
Unpatched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Plugin BlueX for WooCommerce
Plugin BlueX for WooCommerce
Researcher
CVE-ID
CVE-2026-24946
CVE-2026-24946
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Print Invoice & Delivery Notes for WooCommerce
Print Invoice & Delivery Notes for WooCommerce
Researcher
CVE-ID
CVE-2026-1271
CVE-2026-1271
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
ProfileGrid – User Profiles, Groups and Communities
ProfileGrid – User Profiles, Groups and Communities
Researcher
Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.7 – Unauthenticated Information Exposure
5.3
CVE-ID
CVE-2026-25023
CVE-2026-25023
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
Run Contests, Raffles, and Giveaways with ContestsWP
Run Contests, Raffles, and Giveaways with ContestsWP
Researcher
CVE-ID
CVE-2026-0950
CVE-2026-0950
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
Spectra Gutenberg Blocks – Website Builder for the Block Editor
Spectra Gutenberg Blocks – Website Builder for the Block Editor
Researcher
CVE-ID
CVE-2026-24944
CVE-2026-24944
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Subscribe2 – Form, Email Subscribers & Newsletters
Subscribe2 – Form, Email Subscribers & Newsletters
Researcher
CVE-ID
CVE-2025-68834
CVE-2025-68834
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
Sync Master Sheet – Product Sync with Google Sheet for WooCommerce
Sync Master Sheet – Product Sync with Google Sheet for WooCommerce
Researcher
CVE-ID
CVE-2026-1371
CVE-2026-1371
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
Tutor LMS – eLearning and online course solution
Tutor LMS – eLearning and online course solution
Researcher
CVE-ID
CVE-2026-24941
CVE-2026-24941
Patch Status
Patched
Patched
Published
Feb 3, 2026
Feb 3, 2026
Researcher
CVE-ID
CVE-2026-0909
CVE-2026-0909
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
Affected Software
WP ULike – Like & Dislike Buttons for Engagement and Feedback
WP ULike – Like & Dislike Buttons for Engagement and Feedback
Researcher
CVE-ID
CVE-2025-14461
CVE-2025-14461
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Xendit Payment
Xendit Payment
Researcher
CVE-ID
CVE-2026-0816
CVE-2026-0816
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
All push notification for WP
All push notification for WP
Researcher
Code Explorer <= 1.4.6 – Authenticated (Administrator+) Arbitrary File Read via ‘file’ Parameter
4.9
CVE-ID
CVE-2025-15487
CVE-2025-15487
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Code Explorer
Code Explorer
Researcher
CVE-ID
CVE-2026-1246
CVE-2026-1246
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
Researcher
CVE-ID
CVE-2026-1370
CVE-2026-1370
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
SIBS woocommerce payment gateway
SIBS woocommerce payment gateway
Researcher
CVE-ID
CVE-2026-0681
CVE-2026-0681
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
Extended Random Number Generator
Extended Random Number Generator
Researcher
CVE-ID
CVE-2026-0743
CVE-2026-0743
Patch Status
Unpatched
Unpatched
Published
Feb 3, 2026
Feb 3, 2026
Affected Software
WP Content Permission
WP Content Permission
Researcher
CVE-ID
CVE-2025-68032
CVE-2025-68032
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
AWCA – The Great Analytics Insights for Your eStore
AWCA – The Great Analytics Insights for Your eStore
Researcher
CVE-ID
CVE-2026-1785
CVE-2026-1785
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Code Snippets
Code Snippets
Researcher
CVE-ID
CVE-2026-25028
CVE-2026-25028
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
ElementInvader Addons for Elementor
ElementInvader Addons for Elementor
Researcher
CVE-ID
CVE-2026-1927
CVE-2026-1927
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Greenshift – animation and page builder blocks
Greenshift – animation and page builder blocks
Researcher
CVE-ID
CVE-2026-24951
CVE-2026-24951
Patch Status
Patched
Patched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program.
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program.
Researcher
CVE-ID
CVE-2025-13416
CVE-2025-13416
Patch Status
Patched
Patched
Published
Feb 4, 2026
Feb 4, 2026
Affected Software
ProfileGrid – User Profiles, Groups and Communities
ProfileGrid – User Profiles, Groups and Communities
Researcher
CVE-ID
CVE-2026-24962
CVE-2026-24962
Patch Status
Patched
Patched
Published
Feb 7, 2026
Feb 7, 2026
Affected Software
Sigmize: A/B Testing, Session Recordings, Heatmaps & Revenue Tracking for WooCommerce, SureCart & EDD
Sigmize: A/B Testing, Session Recordings, Heatmaps & Revenue Tracking for WooCommerce, SureCart & EDD
Researcher
CVE-ID
CVE-2025-15476
CVE-2025-15476
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
The Bucketlister
The Bucketlister
Researcher
CVE-ID
CVE-2026-25024
CVE-2026-25024
Patch Status
Patched
Patched
Published
Feb 2, 2026
Feb 2, 2026
CVE-ID
CVE-2026-1228
CVE-2026-1228
Patch Status
Patched
Patched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)
Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)
Researcher
CVE-ID
CVE-2026-1082
CVE-2026-1082
Patch Status
Unpatched
Unpatched
Published
Feb 6, 2026
Feb 6, 2026
Affected Software
TITLE ANIMATOR
TITLE ANIMATOR
Researcher
CVE-ID
CVE-2025-68862
CVE-2025-68862
Patch Status
Unpatched
Unpatched
Published
Feb 5, 2026
Feb 5, 2026
Affected Software
Woo File Dropzone
Woo File Dropzone
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (February 2, 2026 to February 8, 2026) appeared first on Wordfence.
