Wordfence Intelligence Weekly WordPress Vulnerability Report (June 22, 2026 to June 28, 2026)

Last week, there were 199 vulnerabilities disclosed in 169 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 111 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 35,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 148
Unpatched 51

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 1
Medium Severity 143
High Severity 49
Critical Severity 6

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 53
Missing Authorization 52
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 29
Cross-Site Request Forgery (CSRF) 15
Exposure of Sensitive Information to an Unauthorized Actor 9
Authorization Bypass Through User-Controlled Key 8
Deserialization of Untrusted Data 6
Server-Side Request Forgery (SSRF) 5
Unrestricted Upload of File with Dangerous Type 5
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 3
Improper Control of Generation of Code (‘Code Injection’) 3
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 3
Incorrect Privilege Assignment 3
Weak Password Recovery Mechanism for Forgotten Password 2
External Control of File Name or Path 1
Improper Privilege Management 1
Insufficient Verification of Data Authenticity 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
14
11
6
6
6
5
5
5
5
4
4
4
4
3
3
3
3
3
2
2
2
2
2
2
2
2
2

lb
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

L4m
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
24liveblog – live blog tool 24liveblog
Abandoned Cart Lite for WooCommerce woocommerce-abandoned-cart
AdRotate Banner Manager adrotate
Advance Nav Menu Manager advance-nav-menu-manager
Advance Product Search- Voice & Ajax Search for WooCommerce th-advance-product-search
Advanced Contact Form 7 – Compact DB advanced-contact-form-7-compact-db
Advanced Order Export For WooCommerce woo-order-export-lite
Affiliates Manager affiliates-manager
AI Share & Summarize ai-share-summarize
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin simply-schedule-appointments
ARforms arforms
Assistio assistio
Auros Core auros-core
Avalon23 Products Filter for WooCommerce avalon23-products-filter-for-woocommerce
BitFire Security – Firewall, Malware Scanner, Bot Blocker, Login Protection bitfire
Block for Mailchimp – Add Email Subscription Forms and Collect Leads block-for-mailchimp
Blocksy Companion Pro blocksy-companion-pro
Blog2Social: Social Media Auto Post & Scheduler blog2social
Blue Captcha blue-captcha
BNE Testimonials bne-testimonials
Book a Room Event Calendar book-a-room-event-calendar
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment booking-and-rental-manager-for-woocommerce
BookPro – Appointment Booking WordPress Plugin ovabookpro
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder
BuddyBoss Platform buddyboss-platform
Bulk SEO Image bulk-seo-image
Child Theme Wizard child-theme-wizard
Cincopa video and media plug-in video-playlist-and-gallery-plugin
ClearSale Total clearsale-total
CodePeople Post Map for Google Maps codepeople-post-map
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe contest-gallery
Cornerstone cornerstone
CorvusPay WooCommerce Payment Gateway corvuspay-woocommerce-integration
Customer Reviews for WooCommerce customer-reviews-woocommerce
Devs Accounting – Simple Accounting and Invoicing Solution devs-accounting
Dokan Pro dokan-pro
Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy dokan-lite
Donation Thermometer donation-thermometer
Eagle Booking eagle-booking
Elementor Website Builder – more than just a page builder elementor
Email JavaScript Cloak email-javascript-cloaker
Email Marketing for WooCommerce by Omnisend omnisend-connect
EntreDroppers entredropper
EventPrime – Events Calendar, Bookings and Tickets eventprime-event-calendar-management
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI everest-forms
Exclusive Addons for Elementor exclusive-addons-for-elementor
Featured Image featured-image
Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution fluent-booking
Forget About Shortcode Buttons forget-about-shortcode-buttons
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
FOX – Currency Switcher Professional for WooCommerce woocommerce-currency-switcher
Frisbii Pay reepay-checkout-gateway
Frontend File Manager Plugin nmedia-user-file-uploader
FunnelKit Payment Gateway for Stripe WooCommerce funnelkit-stripe-woo-payment-gateway
FunnelKit – Funnel Builder for WooCommerce Checkout funnel-builder
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress gallery-plugin
Generate Security.txt generate-security-txt
GetGenie – AI Content Writer with Keyword Research & SEO Tracking getgenie
Ghost Kit – Page Builder Blocks, Motion Effects & Extensions ghostkit
GIFT4U – Gift Cards All in One for Woo gift4u-gift-cards-all-in-one-for-woo
Gmail SMTP gmail-smtp
Goya Core goya-core
Gravity Bookings gf-bookings-premium
GravityView gravityview
Groundhogg — CRM, Newsletters, and Marketing Automation groundhogg
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns essential-blocks
Gutenverse Form – Contact Form Builder, Block Form & Booking Form gutenverse-form
Gutenverse – WordPress Blocks, Page Builder & Site Editor gutenverse
HD Quiz hd-quiz
Hester Core hester-core
HTML5 Video Player – Embed and Play Videos in Custom Player html5-video-player
Image Carousel image-carousel
Image Sizes on Demand image-sizes-on-demand
Infility Global infility-global
Interactive Content – H5P h5p
Invoice Generator invoice-creator
Ivory Search – WordPress Search Plugin add-search-to-menu
JetEngine jet-engine
JetSmartFilters jet-smart-filters
JS Help Desk – AI-Powered Support & Ticketing System js-support-ticket
Kargo Takip kargo-takip
Kirki – Freeform Page Builder, Website Builder & Customizer kirki
Library Management System library-management-system
Live Copy Paste for Elementor – Cross Domain Copy Paste & Page Duplicator live-copy-paste
Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid magazine-blocks
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites mainwp-child
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin majestic-support
Masteriyo LMS – LMS Course Builder, Quizzes & Certificates learning-management-system
MasterStudy LMS WordPress Plugin – for Online Courses and Education masterstudy-lms-learning-management-system
MaxButtons – Create buttons maxbuttons
MIR blocks and shortcodes mir-blocks-and-shortcodes
MotorDesk motordesk
Motors – Car Dealership & Classified Listings Plugin motors-car-dealership-classified-listings
MP Customize Login Page mp-customize-login-page
Nelio Content – Editorial Calendar & Social Media Auto-Posting nelio-content
Newsletters newsletters-lite
NEX-Forms – Ultimate Forms Plugin for WordPress nex-forms-express-wp-form-builder
OMGF Pro host-google-fonts-pro
Osiris Signature Banner osiris-signature-banner
Page Builder by SiteOrigin siteorigin-panels
Paid Memberships Pro – Add Member From Admin pmpro-add-member-admin
Panorama – 360 degree Virtual Tour, Panoramic Image viewer and More panorama
Payment Gateway Based Fees and Discounts for WooCommerce checkout-fees-for-woocommerce
Paytium: Mollie payment forms & donations paytium
Perfmatters perfmatters
Pie Register – User Registration, Profiles & Content Restriction pie-register
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups ays-popup-box
Post Duplicator post-duplicator
Post Snippets – Custom WordPress Code Snippets Customizer post-snippets
PPOM – Product Addons & Custom Fields for WooCommerce woocommerce-product-addon
PPWP – Password Protect Pages password-protect-page
Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes
Product Specifications for Woocommerce product-specifications
ProfileGrid – User Profiles, Groups and Communities profilegrid-user-profiles-groups-and-communities
Quform – WordPress Form Builder quform
Quick Interest Slider quick-interest-slider
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker quiz-master-next
Quotes llama quotes-llama
Recipe Cards For Your Food Blog from Zip Recipes zip-recipes
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login custom-registration-form-builder-with-submission-manager
RentMy Real-Time Rental Management Plugin rentmy-online-rental-shop
Responsive Lightbox & Gallery responsive-lightbox
Restaurant Menu and Food Ordering mp-restaurant-menu
Reviews and Rating – Docplanner reviews-and-rating-docplanner
SearchPlus searchplus
Secufor_OAuth wpoauth
SeedProd Pro seedprod-coming-soon-pro-5
SEOPress PRO wp-seopress-pro
Shoppable Images (Lookbook) for WooCommerce mabel-shoppable-images-lite
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization shortpixel-adaptive-images
SignUp & SignIn signup-signin
Simple Basic Contact Form simple-basic-contact-form
Site Kit by Google – Analytics, Search Console, AdSense, Speed google-site-kit
Site Reviews site-reviews
SiteGround Email Marketing siteground-email-marketing
Slim SEO – A Fast & Automated SEO Plugin For WordPress slim-seo
StatCounter – Free Real Time Visitor Stats official-statcounter-plugin-for-wordpress
Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions wp-full-stripe-free
Subscriptions for WooCommerce subscriptions-for-woocommerce
Surbma | Infusionsoft Shortcode surbma-infusionsoft-shortcode
SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments surecart
TablePress – Tables in WordPress made easy tablepress
TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool | 1-Click Import/Export & No-Code Builder templatespare
Toolset Forms cred-frontend-editor
Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin tourfic
Transbank Webpay transbank-webpay-plus-rest
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member
Uncanny Automator Pro uncanny-automator-pro
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin uncanny-automator
URL Preview link-preview
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder user-registration
utm.codes utm-dot-codes
WCBoost – Products Compare wcboost-products-compare
Welcome Software Publishing newscred-publishing
weMail – Email Marketing, Newsletter Builder & Email Automations for WooCommerce wemail
WhatsOrder – Instant Checkout for WooCommerce whatsorder-instant-checkout-for-woocommerce
WordPress Automatic Plugin wp-automatic
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets wp-all-import
WP Forms Connector wp-forms-connector
WP Job Portal – AI-Powered Recruitment System for Company or Job Board website wp-job-portal
WP Latest Posts wp-latest-posts
WP Meta SEO wp-meta-seo
WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars wp-post-author
WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System wp-cafe
WPComplete wpcomplete
wpForo Forum wpforo
Xpro Addons — 140+ Widgets for Elementor xpro-elementor-addons
워드프레스 결제 심플페이 – 우커머스 결제 플러그인 pgall-for-woocommerce

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
ListingPro – WordPress Directory & Listing Theme listingpro
NanoMag – Responsive WordPress Magazine Theme nanomag
Neve PRO neve-pro-addon
Real Estate 7 WordPress realestate-7
RH – Real Estate WordPress Theme realhomes
Spexo spexo
splash splash
Travel Booking travel-booking
Woodmart woodmart

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
9.8 (Critical)
Patch Status
Patched
Published
Jun 23, 2026
Affected Software
Dokan Pro [dokan-pro]
Researcher
CVSS Rating
9.8 (Critical)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Invoice Generator [invoice-creator]
Researcher
CVSS Rating
9.8 (Critical)
Patch Status
Unpatched
Published
Jun 26, 2026
Affected Software
Invoice Generator [invoice-creator]
Researcher
CVSS Rating
9.8 (Critical)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
OMGF Pro [host-google-fonts-pro]
CVSS Rating
9.8 (Critical)
Patch Status
Patched
Published
Jun 23, 2026
Affected Software
Researcher
CVSS Rating
8.8 (High)
Patch Status
Patched
Published
Jun 24, 2026
Affected Software
Frisbii Pay [reepay-checkout-gateway]
Researcher
CVSS Rating
8.8 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Researcher
CVSS Rating
8.1 (High)
Patch Status
Unpatched
Published
Jun 27, 2026
Affected Software
Frontend File Manager Plugin [nmedia-user-file-uploader]
Researcher
CVSS Rating
8.1 (High)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Researcher
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Researcher
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 23, 2026
Affected Software
BuddyBoss Platform [buddyboss-platform]
Researcher
CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
ClearSale Total [clearsale-total]
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 24, 2026
Affected Software
Dokan Pro [dokan-pro]
Researcher
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
EventPrime – Events Calendar, Bookings and Tickets [eventprime-event-calendar-management]
Researcher
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Goya Core [goya-core]
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
JetEngine [jet-engine]
Researcher
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
JetSmartFilters [jet-smart-filters]
Researcher
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 23, 2026
Affected Software
Library Management System [library-management-system]
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Post Duplicator [post-duplicator]
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Quotes llama [quotes-llama]
Researcher
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Researcher
CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Uncanny Automator Pro [uncanny-automator-pro]
Researcher
CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
WP Forms Connector [wp-forms-connector]
Researcher
CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
WP Forms Connector [wp-forms-connector]
Researcher
CVSS Rating
7.2 (High)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
ARforms [arforms]
Researcher
CVSS Rating
7.2 (High)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Cincopa video and media plug-in [video-playlist-and-gallery-plugin]
Researcher
CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 24, 2026
Affected Software
Customer Reviews for WooCommerce [customer-reviews-woocommerce]
Researcher
CVSS Rating
7.2 (High)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Email JavaScript Cloak [email-javascript-cloaker]
Researcher
CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Researcher
CVSS Rating
7.2 (High)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Kargo Takip [kargo-takip]
Researcher
CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 26, 2026
CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 24, 2026
Affected Software
Responsive Lightbox & Gallery [responsive-lightbox]
Researcher
CVSS Rating
7.2 (High)
Patch Status
Unpatched
Published
Jun 25, 2026
Affected Software
Simple Basic Contact Form [simple-basic-contact-form]
CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 22, 2026
Affected Software
Transbank Webpay [transbank-webpay-plus-rest]
CVSS Rating
7.2 (High)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
URL Preview [link-preview]
Researcher
CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Woodmart [woodmart]
Researcher
CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Researcher
CVSS Rating
7.2 (High)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
WP Meta SEO [wp-meta-seo]
Researcher
CVSS Rating
6.5 (Medium)
Patch Status
Unpatched
Published
Jun 26, 2026
Affected Software
Auros Core [auros-core]
Researcher
CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jun 24, 2026
Affected Software
Dokan Pro [dokan-pro]
Researcher
CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Frisbii Pay [reepay-checkout-gateway]
Researcher
CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jun 24, 2026
Affected Software
Gravity Bookings [gf-bookings-premium]
CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Researcher
CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Infility Global [infility-global]
Researcher
CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Researcher
CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
wpForo Forum [wpforo]
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 24, 2026
Affected Software
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
AI Share & Summarize [ai-share-summarize]
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Avalon23 Products Filter for WooCommerce [avalon23-products-filter-for-woocommerce]
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jun 26, 2026
Affected Software
BNE Testimonials [bne-testimonials]
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Exclusive Addons for Elementor [exclusive-addons-for-elementor]
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Featured Image [featured-image]
CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jun 25, 2026
Affected Software
Frontend File Manager Plugin [nmedia-user-file-uploader]
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Hester Core [hester-core]
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jun 26, 2026
Affected Software
Image Carousel [image-carousel]
CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
MIR blocks and shortcodes [mir-blocks-and-shortcodes]
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Neve PRO [neve-pro-addon]
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Page Builder by SiteOrigin [siteorigin-panels]
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 22, 2026
Affected Software
ProfileGrid – User Profiles, Groups and Communities [profilegrid-user-profiles-groups-and-communities]
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
SeedProd Pro [seedprod-coming-soon-pro-5]
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
StatCounter – Free Real Time Visitor Stats [official-statcounter-plugin-for-wordpress]
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Surbma | Infusionsoft Shortcode [surbma-infusionsoft-shortcode]
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 23, 2026
Affected Software
utm.codes [utm-dot-codes]
Researcher
CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
WP Latest Posts [wp-latest-posts]
CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
WP Meta SEO [wp-meta-seo]
Researcher
CVSS Rating
6.1 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
EntreDroppers [entredropper]
CVSS Rating
6.1 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Image Sizes on Demand [image-sizes-on-demand]
CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Researcher
CVSS Rating
6.1 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Osiris Signature Banner [osiris-signature-banner]
CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Perfmatters [perfmatters]
Researcher
CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jun 24, 2026
Affected Software
Quick Interest Slider [quick-interest-slider]
Researcher
CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Advanced Contact Form 7 – Compact DB [advanced-contact-form-7-compact-db]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Blocksy Companion Pro [blocksy-companion-pro]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Bopo – WooCommerce Product Bundle Builder [bopo-woo-product-bundle-builder]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 23, 2026
Affected Software
CorvusPay WooCommerce Payment Gateway [corvuspay-woocommerce-integration]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jun 26, 2026
Affected Software
Donation Thermometer [donation-thermometer]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jun 25, 2026
Affected Software
Frontend File Manager Plugin [nmedia-user-file-uploader]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
GIFT4U – Gift Cards All in One for Woo [gift4u-gift-cards-all-in-one-for-woo]
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
GravityView [gravityview]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
NEX-Forms – Ultimate Forms Plugin for WordPress [nex-forms-express-wp-form-builder]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
SiteGround Email Marketing [siteground-email-marketing]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Subscriptions for WooCommerce [subscriptions-for-woocommerce]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Toolset Forms [cred-frontend-editor]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
WCBoost – Products Compare [wcboost-products-compare]
Researcher
CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
WhatsOrder – Instant Checkout for WooCommerce [whatsorder-instant-checkout-for-woocommerce]
CVSS Rating
4.9 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Infility Global [infility-global]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Abandoned Cart Lite for WooCommerce [woocommerce-abandoned-cart]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Affiliates Manager [affiliates-manager]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Blue Captcha [blue-captcha]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Book a Room Event Calendar [book-a-room-event-calendar]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
Bulk SEO Image [bulk-seo-image]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Child Theme Wizard [child-theme-wizard]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Cornerstone [cornerstone]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Cornerstone [cornerstone]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 26, 2026
Affected Software
Eagle Booking [eagle-booking]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Researcher(s): Unknown
CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 26, 2026
Affected Software
Forget About Shortcode Buttons [forget-about-shortcode-buttons]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
FunnelKit Payment Gateway for Stripe WooCommerce [funnelkit-stripe-woo-payment-gateway]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Gmail SMTP [gmail-smtp]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
HD Quiz [hd-quiz]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
MotorDesk [motordesk]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 22, 2026
Affected Software
Motors – Car Dealership & Classified Listings Plugin [motors-car-dealership-classified-listings]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 23, 2026
Affected Software
MP Customize Login Page [mp-customize-login-page]
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Newsletters [newsletters-lite]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
PPWP – Password Protect Pages [password-protect-page]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 26, 2026
Affected Software
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
SEOPress PRO [wp-seopress-pro]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Shoppable Images (Lookbook) for WooCommerce [mabel-shoppable-images-lite]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Site Reviews [site-reviews]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
Spexo [spexo]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 25, 2026
Affected Software
Travel Booking [travel-booking]
Researcher
CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 26, 2026
Affected Software
WPComplete [wpcomplete]

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 22, 2026 to June 28, 2026) appeared first on Wordfence.

Leave a Comment