Last week, there were 159 vulnerabilities disclosed in 140 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 96 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 35,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 134 |
| Unpatched | 25 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 1 |
| Medium Severity | 96 |
| High Severity | 53 |
| Critical Severity | 9 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 43 |
| Missing Authorization | 28 |
| Deserialization of Untrusted Data | 17 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 16 |
| Cross-Site Request Forgery (CSRF) | 9 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 9 |
| Exposure of Sensitive Information to an Unauthorized Actor | 7 |
| Authorization Bypass Through User-Controlled Key | 6 |
| Improper Control of Generation of Code (‘Code Injection’) | 5 |
| Incorrect Privilege Assignment | 4 |
| Improper Privilege Management | 2 |
| Insufficient Verification of Data Authenticity | 2 |
| Unrestricted Upload of File with Dangerous Type | 2 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| Embedded Malicious Code | 1 |
| External Control of File Name or Path | 1 |
| Improper Authentication | 1 |
| Improper Authorization | 1 |
| Improper Input Validation | 1 |
| Improper Output Neutralization for Logs | 1 |
| Incorrect Authorization | 1 |
| Server-Side Request Forgery (SSRF) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 8 | |
| 8 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 10WebAdManager | ad-manager-wd |
| Active Products Tables for WooCommerce. Use constructor to create tables | profit-products-tables-for-woocommerce |
| Ad Inserter – Ad Manager & AdSense Ads | ad-inserter |
| Admin Columns | codepress-admin-columns |
| Advanced Google reCAPTCHA | advanced-google-recaptcha |
| AI Chatbot & Workflow Automation by AIWU | ai-copilot-content-generator |
| Alba Board | alba-board |
| All-In-One Security (AIOS) – Security and Firewall | all-in-one-wp-security-and-firewall |
| ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember |
| Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) | auto-image-attributes-from-filename-with-bulk-updater |
| AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress | automatorwp |
| Backup, Restore and Migrate your sites with XCloner | xcloner-backup-and-restore |
| BirdSeed | birdseed |
| Booking for Appointments and Events Calendar – Amelia | ameliabooking |
| Booking Package | booking-package |
| Booknetic | booknetic |
| cformsII | cforms2 |
| Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | charitable |
| Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons | chatway-live-chat |
| Click to Chat – HoliThemes | click-to-chat-for-whatsapp |
| Content Visibility for Divi Builder | content-visibility-for-divi-builder |
| Cornerstone | cornerstone |
| Debug Log Manager – Conveniently Monitor and Inspect Errors | debug-log-manager |
| DeMomentSomTres Shortcodes | demomentsomtres-shortcodes |
| Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy | dokan-lite |
| Drag and Drop Multiple File Upload for Contact Form 7 | drag-and-drop-multiple-file-upload-contact-form-7 |
| Easy Cart | easy-cart |
| Easy Invoice – Invoice Generator, PDF Quotes & Payments | easy-invoice |
| Elementor Website Builder – more than just a page builder | elementor |
| ELEX WordPress HelpDesk & Customer Ticketing System | elex-helpdesk-customer-support-ticket-system |
| Email Address Encoder | email-address-encoder |
| email-encoder-premium | email-encoder-premium |
| EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more | embedpress |
| EmergencyWP – Dead Man’s switch & legacy deliverance | emergencywp |
| Employee, Leave and Recruitment Management System – Crew HRM | hr-management |
| Essential Addons for Elementor – Popular Elementor Templates & Widgets | essential-addons-for-elementor-lite |
| Event Monster – Event Manager, Ticket Booking & Registration | event-monster |
| Express Payment For Stripe | wp-stripe-express |
| FPW Category Thumbnails | fpw-category-thumbnails |
| Frontend User Notes | frontend-user-notes |
| FunnelKit – Funnel Builder for WooCommerce Checkout | funnel-builder |
| FV Flowplayer Video Player | fv-wordpress-flowplayer |
| GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | gamipress |
| Geo Mashup | geo-mashup |
| Google Plus One Bottom | google-plus-one-bottom |
| GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites | gptranslate |
| Gravity Forms | gravityforms |
| Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | essential-blocks |
| Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms | happyforms |
| Hippoo Mobile App for WooCommerce | hippoo |
| hiWeb Migration Simple | hiweb-migration-simple |
| HollerBox — Fast & Effective Popups & Lead-Generation | holler-box |
| Hybrid Composer | hybrid-composer |
| Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms | cf7-active-campaign |
| Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms | cf7-constant-contact |
| Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More | crm-integration-freshworks-any-form |
| Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms | cf7-hubspot |
| Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | cf7-infusionsoft |
| Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms | cf7-mailchimp |
| Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | cf7-salesforce |
| JetSearch | jet-search |
| JetSmartFilters | jet-smart-filters |
| JobSearch WP Job Board | wp-jobsearch |
| JS Help Desk – AI-Powered Support & Ticketing System | js-support-ticket |
| JTL-Connector for WooCommerce | woo-jtl-connector |
| King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder | king-addons |
| Kirki – Freeform Page Builder, Website Builder & Customizer | kirki |
| Klamra Paycal for Aspaclaria | klamra-paycal-for-aspaclaria |
| Laiser Tag | laiser-tag |
| LatePoint – Calendar Booking Plugin for Appointments and Events | latepoint |
| LearnPress – Backup & Migration Tool | learnpress-import-export |
| LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | learnpress |
| MapPress Maps for WordPress | mappress-google-maps-for-wordpress |
| Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits | master-addons |
| MasterStudy LMS Pro | masterstudy-lms-learning-management-system-pro |
| MDJM Event Management | mobile-dj-manager |
| Media folder Addon | wp-media-folder-addon |
| Montonio for WooCommerce | montonio-for-woocommerce |
| MW WP Form | mw-wp-form |
| OptinCraft – Drag & Drop Optins & Popup Builder for WordPress | optincraft |
| OttoKit: All-in-One Automation Platform | suretriggers |
| Page-list | page-list |
| Passeum Ticketing | passeum-ticketing |
| Photo Gallery by 10Web – Mobile-Friendly Image Gallery | photo-gallery |
| Product Filter Widget for Elementor | product-filter-widget-for-elementor |
| Product Slider Pro for WooCommerce | woo-product-slider-pro |
| Progress Planner | progress-planner |
| Quick Playground | quick-playground |
| Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | quiz-master-next |
| Rank Math SEO – AI SEO Tools to Dominate SEO Rankings | seo-by-rank-math |
| RD Station | integracao-rd-station |
| Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | really-simple-ssl |
| Recipe Card Blocks Lite | recipe-card-blocks-by-wpzoom |
| RegistrationMagic – User Registration Forms Plugin | custom-registration-form-builder-with-submission-manager |
| Remove meta boxes per user role | remove-meta-boxes-per-user-role |
| Remove NoFollow Commenter URL | remove-nofollow-commenter-link |
| rognone | rognone |
| RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | feedzy-rss-feeds |
| SEO Plugin by Squirrly SEO | squirrly-seo |
| Shared Files – Frontend File Upload Form & Secure File Sharing | shared-files |
| Simple Custom Login Page | simple-custom-login-page |
| Simple SEO Slideshow | simple-seo-slideshow |
| Simple Shopping Cart | wordpress-simple-paypal-shopping-cart |
| Slider Revolution | revslider |
| SlimStat Analytics | wp-slimstat |
| Smart Slider 3 | smart-slider-3 |
| SP Project & Document Manager | sp-client-document-manager |
| Stop Spammers Classic | stop-spammer-registrations-plugin |
| Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions | wp-full-stripe-free |
| Support Board | supportboard |
| Tectite Forms | tectite-forms |
| Thrive Apprentice | thrive-apprentice |
| Tiled Gallery Carousel Without JetPack | tiled-gallery-carousel-without-jetpack |
| Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution | tour-booking-manager |
| TrueBooker – Appointment Booking and Scheduler System | truebooker-appointment-booking |
| Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups. | upsell-order-bump-offer-for-woocommerce |
| User Registration Stripe | user-registration-stripe |
| VikBooking Hotel Booking Engine & PMS | vikbooking |
| Visual Link Preview | visual-link-preview |
| WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels | print-invoices-packing-slip-labels-for-woocommerce |
| Welcart e-Commerce | usc-e-shop |
| Word Replacer | word-replacer |
| Wp EMember | wp-eMember |
| WP Go Maps – Google Maps, OpenStreetMap, Leaflet Map | wp-google-maps |
| WP Google Review Slider | wp-google-places-review-slider |
| WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | cf7-insightly |
| WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | wp-job-portal |
| WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters | wp-google-map-plugin |
| WP Nano AD | wp-nano-ad |
| WP Statistics – Simple, privacy-friendly Google Analytics alternative | wp-statistics |
| WP Time Slots Booking Form | wp-time-slots-booking-form |
| WP Travel Engine – Tour Booking Plugin – Tour Operator Software | wp-travel-engine |
| WP User Manager – User Profile Builder & Membership | wp-user-manager |
| WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | cf7-zendesk |
| WPC Product Bundles for WooCommerce | woo-product-bundle |
| WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | wpforms-lite |
| wpForo Forum | wpforo |
| WPFunnels Pro | wpfunnels-pro |
| WPvivid — Backup, Migration & Staging | wpvivid-backuprestore |
| ZeM STL | zem-stl-viewer |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| enfold | enfold |
| Moderno – Fashion & Clothing, Furniture | moderno |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software
AI Chatbot & Workflow Automation by AIWU [ai-copilot-content-generator]
Researcher
Affected Software
Researcher
Affected Software
Easy Invoice – Invoice Generator, PDF Quotes & Payments [easy-invoice]
Researcher
Affected Software
Hippoo Mobile App for WooCommerce [hippoo]
Researcher
Affected Software
Researcher
Affected Software
Product Slider Pro for WooCommerce [woo-product-slider-pro]
Researcher
Affected Software
Support Board [supportboard]
Researcher
Affected Software
Gravity Forms [gravityforms]
Researcher
Affected Software
Media folder Addon [wp-media-folder-addon]
Researcher
Affected Software
Admin Columns [codepress-admin-columns]
Researcher
Affected Software
Booking for Appointments and Events Calendar – Amelia [ameliabooking]
Researcher
Content Visibility for Divi Builder <= 4.02 – Authenticated (Contributor+) Remote Code Execution
8.8
Affected Software
Content Visibility for Divi Builder [content-visibility-for-divi-builder]
Researcher
Content Visibility for Divi Builder <= 4.02 – Authenticated (Contributor+) Remote Code Execution
8.8
Affected Software
Content Visibility for Divi Builder [content-visibility-for-divi-builder]
Researcher
Affected Software
Cornerstone [cornerstone]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
RD Station [integracao-rd-station]
Researcher
WP Captcha PRO <= 5.38 – Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link
8.8
Affected Software
Advanced Google reCAPTCHA [advanced-google-recaptcha]
Researcher
WP Captcha PRO <= 5.38 – Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
8.8
Affected Software
Advanced Google reCAPTCHA [advanced-google-recaptcha]
Researcher
Affected Software
Researcher
Affected Software
Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms [cf7-active-campaign]
Researcher
Affected Software
Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms [cf7-constant-contact]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Moderno – Fashion & Clothing, Furniture [moderno]
Researcher
Affected Software
OttoKit: All-in-One Automation Platform [suretriggers]
Researcher
Affected Software
SlimStat Analytics [wp-slimstat]
Researcher
Affected Software
Thrive Apprentice [thrive-apprentice]
Researcher
Affected Software
Researcher
Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software [wp-travel-engine]
Researcher
Affected Software
WP User Manager – User Profile Builder & Membership [wp-user-manager]
Researcher
Affected Software
Researcher
Affected Software
wpForo Forum [wpforo]
Researcher
Affected Software
Active Products Tables for WooCommerce. Use constructor to create tables [profit-products-tables-for-woocommerce]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
JetSmartFilters [jet-smart-filters]
Researcher
Affected Software
JS Help Desk – AI-Powered Support & Ticketing System [js-support-ticket]
Researcher
Affected Software
SP Project & Document Manager [sp-client-document-manager]
Researcher
Affected Software
WP User Manager – User Profile Builder & Membership [wp-user-manager]
Researcher
Affected Software
All-In-One Security (AIOS) – Security and Firewall [all-in-one-wp-security-and-firewall]
Researcher
Affected Software
Researcher
Affected Software
Booking Package [booking-package]
Researcher
Affected Software
cformsII [cforms2]
Researcher
Affected Software
Drag and Drop Multiple File Upload for Contact Form 7 [drag-and-drop-multiple-file-upload-contact-form-7]
Researcher
Affected Software
Email Address Encoder [email-address-encoder]
email-encoder-premium [email-encoder-premium]
Researcher
Affected Software
FunnelKit – Funnel Builder for WooCommerce Checkout [funnel-builder]
Researcher
Affected Software
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns [essential-blocks]
Researcher
Affected Software
Researcher
Affected Software
Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More [crm-integration-freshworks-any-form]
Researcher
Affected Software
MDJM Event Management [mobile-dj-manager]
Researcher
Affected Software
MW WP Form [mw-wp-form]
Researcher
Affected Software
Product Filter Widget for Elementor [product-filter-widget-for-elementor]
Researcher
Affected Software
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker [quiz-master-next]
Researcher
Affected Software
Stop Spammers Classic [stop-spammer-registrations-plugin]
Researcher
Affected Software
VikBooking Hotel Booking Engine & PMS [vikbooking]
Researcher
Affected Software
WP Google Review Slider [wp-google-places-review-slider]
Researcher
Affected Software
Researcher
Affected Software
WPFunnels Pro [wpfunnels-pro]
Researcher
Affected Software
LearnPress – Backup & Migration Tool [learnpress-import-export]
Researcher
ARMember Premium <= 7.3.1 – Authenticated (Subscriber+) SQL Injection via ‘sSortDir_0’ Parameter
6.5
Affected Software
Researcher
Affected Software
ELEX WordPress HelpDesk & Customer Ticketing System [elex-helpdesk-customer-support-ticket-system]
Researcher
Affected Software
Researcher
Affected Software
Geo Mashup [geo-mashup]
Researcher
Affected Software
MasterStudy LMS Pro [masterstudy-lms-learning-management-system-pro]
Researcher
Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery [photo-gallery]
Researcher
Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery [photo-gallery]
Researcher
Affected Software
WP Time Slots Booking Form [wp-time-slots-booking-form]
Researcher
Affected Software
Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) [auto-image-attributes-from-filename-with-bulk-updater]
Researcher
Affected Software
Click to Chat – HoliThemes [click-to-chat-for-whatsapp]
Researcher
Affected Software
DeMomentSomTres Shortcodes [demomentsomtres-shortcodes]
Researcher
Easy Cart <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
6.4
Affected Software
Researcher
Affected Software
Express Payment For Stripe [wp-stripe-express]
Researcher
Affected Software
FPW Category Thumbnails [fpw-category-thumbnails]
Researcher
FV Flowplayer Video Player < 7.5.51.7212 – Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
Affected Software
FV Flowplayer Video Player [fv-wordpress-flowplayer]
Researcher
Affected Software
Researcher
Affected Software
Affected Software
Recipe Card Blocks Lite [recipe-card-blocks-by-wpzoom]
Affected Software
Simple SEO Slideshow [simple-seo-slideshow]
Researcher
Affected Software
Researcher
ZeM STL <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
6.4
Affected Software
ZeM STL [zem-stl-viewer]
Researcher
Affected Software
Ad Inserter – Ad Manager & AdSense Ads [ad-inserter]
Researcher
Affected Software
enfold [enfold]
Researcher
Affected Software
hiWeb Migration Simple [hiweb-migration-simple]
Researcher
Affected Software
Researcher
Affected Software
WP Nano AD [wp-nano-ad]
Researcher
Affected Software
Tiled Gallery Carousel Without JetPack [tiled-gallery-carousel-without-jetpack]
Researcher
Affected Software
Debug Log Manager – Conveniently Monitor and Inspect Errors [debug-log-manager]
Researcher
Affected Software
Researcher
Affected Software
Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite]
Researcher
Affected Software
Event Monster – Event Manager, Ticket Booking & Registration [event-monster]
Researcher
Affected Software
JobSearch WP Job Board [wp-jobsearch]
Researcher
Affected Software
JS Help Desk – AI-Powered Support & Ticketing System [js-support-ticket]
Researcher
Affected Software
Researcher
Affected Software
MapPress Maps for WordPress [mappress-google-maps-for-wordpress]
Researcher
Affected Software
Montonio for WooCommerce [montonio-for-woocommerce]
Researcher
Affected Software
Researcher
Affected Software
RegistrationMagic – User Registration Forms Plugin [custom-registration-form-builder-with-submission-manager]
Researcher
Affected Software
Researcher
Affected Software
Simple Shopping Cart [wordpress-simple-paypal-shopping-cart]
Researcher
Affected Software
Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution [tour-booking-manager]
Researcher
Affected Software
TrueBooker – Appointment Booking and Scheduler System [truebooker-appointment-booking]
Researcher
Affected Software
Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups. [upsell-order-bump-offer-for-woocommerce]
Researcher
Affected Software
User Registration Stripe [user-registration-stripe]
Researcher
Affected Software
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels [print-invoices-packing-slip-labels-for-woocommerce]
Researcher
Affected Software
Welcart e-Commerce [usc-e-shop]
Researcher
Affected Software
Wp EMember [wp-eMember]
Researcher
WP Go Maps < 10.0.10 – Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback
5.3
Affected Software
WP Go Maps – Google Maps, OpenStreetMap, Leaflet Map [wp-google-maps]
Researcher
WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.7.10 – Missing Authorization
5.3
Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software [wp-travel-engine]
Researcher
Affected Software
WPC Product Bundles for WooCommerce [woo-product-bundle]
Researcher
Affected Software
Researcher
Affected Software
wpForo Forum [wpforo]
Researcher
Affected Software
LearnPress – Backup & Migration Tool [learnpress-import-export]
Researcher
Affected Software
Researcher
Affected Software
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker [quiz-master-next]
Researcher
Affected Software
Smart Slider 3 [smart-slider-3]
Researcher
Affected Software
Drag and Drop Multiple File Upload for Contact Form 7 [drag-and-drop-multiple-file-upload-contact-form-7]
Researcher
Affected Software
Passeum Ticketing [passeum-ticketing]
Researcher
Affected Software
Progress Planner [progress-planner]
Researcher
Affected Software
Quick Playground [quick-playground]
Researcher
Affected Software
Simple Custom Login Page [simple-custom-login-page]
Researcher
Affected Software
Word Replacer [word-replacer]
Researcher
Affected Software
WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters [wp-google-map-plugin]
Researcher
Affected Software
Alba Board [alba-board]
Researcher
Affected Software
Backup, Restore and Migrate your sites with XCloner [xcloner-backup-and-restore]
Researcher
Affected Software
BirdSeed [birdseed]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
EmergencyWP – Dead Man’s switch & legacy deliverance [emergencywp]
Researcher
Affected Software
Employee, Leave and Recruitment Management System – Crew HRM [hr-management]
Researcher
Affected Software
Frontend User Notes [frontend-user-notes]
Researcher
Affected Software
Google Plus One Bottom [google-plus-one-bottom]
Researcher
Affected Software
JTL-Connector for WooCommerce [woo-jtl-connector]
Researcher
Affected Software
Klamra Paycal for Aspaclaria [klamra-paycal-for-aspaclaria]
Researcher
Affected Software
Laiser Tag [laiser-tag]
Researcher
Affected Software
Researcher
Affected Software
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings [seo-by-rank-math]
Researcher
Affected Software
Researcher
Affected Software
Remove meta boxes per user role [remove-meta-boxes-per-user-role]
Researcher
Affected Software
Remove NoFollow Commenter URL [remove-nofollow-commenter-link]
Researcher
Affected Software
Researcher
Affected Software
SEO Plugin by Squirrly SEO [squirrly-seo]
Researcher
Affected Software
Slider Revolution [revslider]
Researcher
Affected Software
Slider Revolution [revslider]
Researcher
Affected Software
Researcher
Affected Software
Tectite Forms [tectite-forms]
Researcher
Affected Software
Visual Link Preview [visual-link-preview]
Researcher
Affected Software
WPvivid — Backup, Migration & Staging [wpvivid-backuprestore]
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 1, 2026 to June 7, 2026) appeared first on Wordfence.
