Calling all Vulnerability Researchers and Bug Bounty Hunters!
Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big!
Last week, there were 137 vulnerabilities disclosed in 101 WordPress Plugins and 32 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 52 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 27,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- PayU CommercePro Plugin <= 3.8.5 – Authentication Bypass
- WAF-RULE-845 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-846 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-847 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-848 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-852 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 74 |
| Unpatched | 63 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 72 |
| High Severity | 30 |
| Critical Severity | 35 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 42 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 29 |
| Cross-Site Request Forgery (CSRF) | 12 |
| Missing Authorization | 11 |
| Unrestricted Upload of File with Dangerous Type | 11 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 10 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 6 |
| Deserialization of Untrusted Data | 5 |
| Improper Privilege Management | 4 |
| Absolute Path Traversal | 1 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| Exposure of Sensitive Information to an Unauthorized Actor | 1 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Incorrect Authorization | 1 |
| Server-Side Request Forgery (SSRF) | 1 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 19 | |
| 9 | |
| 9 | |
| 8 | |
| 7 | |
| 7 | |
| 6 | |
| 6 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Abandoned Cart Pro for WooCommerce | woocommerce-abandon-cart-pro |
| ACF Onyx Poll | acf-onyx-poll |
| Advanced Sermons | advanced-sermons |
| Advanced Settings 3 | advanced-settings |
| Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery | aeroscroll-gallery |
| AFS Analytics | addfreestats |
| AI Image Lab – Free AI Image Generator | ai-image-generator-lab |
| Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | simply-schedule-appointments |
| Arconix FAQ | arconix-faq |
| Arconix Shortcodes | arconix-shortcodes |
| Auto Attachments | auto-attachments |
| AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress | automatorwp |
| Axle Demo Importer | axle-demo-importer |
| Bunny’s Print CSS | bunnys-print-css |
| CLEVER – HTML5 Radio Player With History – Shoutcast and Icecast – WordPress Plugin | lbg-audio11-html5-shoutcast_history |
| Click to Chat – HoliThemes | click-to-chat-for-whatsapp |
| Color Palette | color-palette |
| Contact Us Page – Contact People | contact-us-page-contact-people |
| CubeWP Forms – All-in-One Form Builder | cubewp-forms |
| CubeWP – All-in-One Dynamic Content Framework | cubewp-framework |
| Digital Marketing and Agency Templates Addons for Elementor | digital-marketing-agency-templates-for-elementor |
| DIOT SCADA with MQTT | ecava-diot-scada |
| Easy Flashcards | easy-flashcards |
| Ebook Store | ebook-store |
| eForm – WordPress Form Builder | wp-fsqm-pro |
| Elementor Website Builder Pro | elementor-pro |
| Elite Video Player | elite-video-player |
| File Manager Pro – Filester | filester |
| FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | wp-marketing-automations |
| FW Food Menu – Responsive food menu with ordering & delivery solutions | fw-food-menu |
| FW Gallery – Photo, video, audio media presentation and management system with players and slideshow | fw-gallery |
| Game Review Block | game-review-block |
| If-So Dynamic Content Personalization | if-so |
| Image Resizer On The Fly | image-resizer-on-the-fly |
| IndieBlocks | indieblocks |
| IRM Newsroom | irm-newsroom |
| Kama Click Counter | kama-clic-counter |
| kk Youtube Video | kk-youtube-video |
| Link Shield | link-shield |
| Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin | majestic-support |
| Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal | wp-malware-removal |
| MapSVG | mapsvg |
| Meks Flexible Shortcodes | meks-flexible-shortcodes |
| Membership For WooCommerce | membership-for-woocommerce |
| myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program. | mycred |
| Nasa Core | nasa-core |
| One-Login | one-login |
| Ovatheme Events Manager | ova-events-manager |
| PostaPanduri | postapanduri |
| Premium Addons for Elementor | premium-addons-for-elementor |
| ProfileGrid – User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
| ReFormer – Multichannel Contact Form for Elementor | reformer-elementor |
| Responsive Blocks – WordPress Gutenberg Blocks | responsive-block-editor-addons |
| Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. | responsive-add-ons |
| REST API | Custom API Generator For Cross Platform And Import Export In WP | import-export-with-custom-rest-api |
| Restrict File Access | restrict-file-access |
| School Management System for WordPress | school-management |
| Simple Newsletter Plugin – Noptin | newsletter-optin-box |
| Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider | ml-slider |
| Slim SEO – Fast & Automated WordPress SEO Plugin | slim-seo |
| Smart Notification WordPress Plugin. Web & Mobile Push, FB Messenger, FB Notifications & Newsletter. | smio-push-notification |
| Smash Balloon Social Post Feed – Simple Social Feeds for WordPress | custom-facebook-feed |
| StreamWeasels Kick Integration | streamweasels-kick-integration |
| Telegram for WP | telegram-for-wp |
| The Events Calendar | the-events-calendar |
| TicketBAI Facturas para WooCommerce | wp-ticketbai |
| Track, Analyze & Optimize by WP Tao | wp-tao |
| Traffic Monitor | traffic-monitor |
| Ultimate Blocks – WordPress Blocks Plugin | ultimate-blocks |
| Ultimate Reviews | ultimate-reviews |
| UserPro – Community and User Profile WordPress Plugin | userpro |
| Widget Logic | widget-logic |
| WidgetKit Pro | widgetkit-pro |
| Woocommerce Partial Shipment | wc-partial-shipment |
| WordPress Automatic Plugin | wp-automatic |
| WordPress Single Sign-On (SSO) – Multisite All-Inclusive | miniorange-oauth-oidc-single-sign-on |
| WordPress Single Sign-On (SSO) – Multisite Enterprise | miniorange-oauth-oidc-single-sign-on |
| WordPress Single Sign-On (SSO) – Multisite Premium | miniorange-oauth-oidc-single-sign-on |
| WordPress Single Sign-On (SSO) – Single Site All-Inclusive | miniorange-oauth-oidc-single-sign-on |
| WordPress Single Sign-On (SSO) – Single Site Enterprise | miniorange-oauth-oidc-single-sign-on |
| WordPress Single Sign-On (SSO) – Single Site Premium | miniorange-oauth-oidc-single-sign-on |
| WordPress Single Sign-On (SSO) – Single Site Standard | miniorange-oauth-oidc-single-sign-on |
| Workreap | workreap |
| WP Employee Attendance System | wp-employee-attendance-system |
| WP Job Portal – A Complete Recruitment System for Company or Job Board website | wp-job-portal |
| WP Sliding Login/Dashboard Panel | wp-sliding-logindashboard-panel |
| WP Travel Engine – Tour Booking Plugin – Tour Operator Software | wp-travel-engine |
| WP URL Shortener | wp-url-shortener |
| WP Views Counter | wpecounter |
| WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress | wpvr |
| WP-DownloadManager | wp-downloadmanager |
| WP2HTML | wp2html |
| WPAdverts – Classifieds Plugin | wpadverts |
| WPCRM – CRM for Contact form CF7 & WooCommerce | wpcrm |
| WPGYM – WordPress Gym Management System | gym-management |
| Xagio SEO – AI Powered SEO | xagio-seo |
| XiSearch bar | xisearch-bar |
| YITH WooCommerce Wishlist | yith-woocommerce-wishlist |
| Yougler Blogger Profile Page | yougler-blogger-profile-page |
| Zen Sticky Social | zen-social-sticky |
| Zotpress | zotpress |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Aora – Home & Lifestyle Elementor WooCommerce Theme | aora |
| Besa – Elementor Marketplace WooCommerce Theme | besa |
| BodyCenter – Gym, Fitness WooCommerce WordPress Theme | bodycenter |
| CozyStay – Hotel Booking WordPress Theme | cozystay |
| CraftXtore – Handmade, Ceramics and Pottery Shop WooCommerce Theme | bw-craftxtore |
| Diza – Pharmacy Store Elementor WooCommerce Theme | diza |
| edmin | edmin |
| Evon – Bag Store WooCommerce WordPress Theme | snsevon |
| Fana – Fashion Shop WordPress Theme | fana |
| Fitrush – Fitness and Health Supplements WordPress Theme | bw-fitrush |
| Flozen – WooCommerce AJAX WordPress RTL Theme | flozen-theme |
| GiftXtore – Luxury Jewelry & Gift Store Elementor WooCommerce WordPress Theme | bw-giftxtore |
| GrandPrix – Motorcycle WordPress Theme | grandprix |
| Hara – Beauty and Cosmetics Shop WooCommerce Theme | hara |
| Inset – Digital Agency & IT Services WordPress Theme | inset |
| Lasa – Creative Minimal WooCommerce WordPress Theme | lasa |
| Maia – Jewelry Shop WordPress Theme | maia |
| MediClinic – Medical Healthcare WordPress Theme | mediclinic |
| Nika – Medical Elementor WooCommerce Theme | nika |
| Nitan – Fashion WooCommerce WordPress Theme | snsnitan |
| Petito – Animals and Pets Store WooCommerce Theme | bw-petito |
| Photography | photography |
| RH – Real Estate WordPress Theme | realhomes |
| Ruza – Beauty Cosmetics Shop WordPress Theme | ruza |
| Sapa – Product Landing Page WooCommerce Theme | sapa |
| Simen – MultiPurpose WooCommerce WordPress Theme | snssimen |
| SNS Anton – Furniture WooCommerce WordPress Theme | snsanton |
| Spare – Ultimate MultiPurpose LESS Theme | spare |
| TinySalt – Personal Food Blog WordPress Theme | tinysalt |
| Valen – Sport, Fashion WooCommerce WordPress Theme | valen |
| Zagg – Electronics & Accessories WooCommerce WordPress Theme | bw-zagg |
| Zota – Elementor Multi-Purpose WooCommerce Theme | zota |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-49260
CVE-2025-49260
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Aora – Home & Lifestyle Elementor WooCommerce Theme
Aora – Home & Lifestyle Elementor WooCommerce Theme
Researcher
CVE-ID
CVE-2025-49252
CVE-2025-49252
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Besa – Elementor Marketplace WooCommerce Theme
Besa – Elementor Marketplace WooCommerce Theme
Researcher
BodyCenter – Gym, Fitness WooCommerce WordPress Theme <= 2.4 – Unauthenticated Local File Inclusion
9.8
CVE-ID
CVE-2023-25999
CVE-2023-25999
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
BodyCenter – Gym, Fitness WooCommerce WordPress Theme
BodyCenter – Gym, Fitness WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-49508
CVE-2025-49508
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
CozyStay – Hotel Booking WordPress Theme
CozyStay – Hotel Booking WordPress Theme
Researcher
CVE-ID
CVE-2025-49507
CVE-2025-49507
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
CozyStay – Hotel Booking WordPress Theme
CozyStay – Hotel Booking WordPress Theme
Researcher
CVE-ID
CVE-2025-24770
CVE-2025-24770
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
CraftXtore – Handmade, Ceramics and Pottery Shop WooCommerce Theme
CraftXtore – Handmade, Ceramics and Pottery Shop WooCommerce Theme
Researcher
CVE-ID
CVE-2025-49261
CVE-2025-49261
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Diza – Pharmacy Store Elementor WooCommerce Theme
Diza – Pharmacy Store Elementor WooCommerce Theme
Researcher
CVE-ID
CVE-2025-28991
CVE-2025-28991
Patch Status
Unpatched
Unpatched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Evon – Bag Store WooCommerce WordPress Theme
Evon – Bag Store WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-49251
CVE-2025-49251
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Fana – Fashion Shop WordPress Theme
Fana – Fashion Shop WordPress Theme
Researcher
CVE-ID
CVE-2023-26005
CVE-2023-26005
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Fitrush – Fitness and Health Supplements WordPress Theme
Fitrush – Fitness and Health Supplements WordPress Theme
Researcher
CVE-ID
CVE-2025-49071
CVE-2025-49071
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Flozen – WooCommerce AJAX WordPress RTL Theme
Flozen – WooCommerce AJAX WordPress RTL Theme
Researcher
CVE-ID
CVE-2025-49447
CVE-2025-49447
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
FW Food Menu – Responsive food menu with ordering & delivery solutions
FW Food Menu – Responsive food menu with ordering & delivery solutions
Researcher
CVE-ID
CVE-2025-28888
CVE-2025-28888
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Researcher
CVE-ID
CVE-2025-49296
CVE-2025-49296
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
GrandPrix – Motorcycle WordPress Theme
GrandPrix – Motorcycle WordPress Theme
Researcher
CVE-ID
CVE-2025-49259
CVE-2025-49259
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Hara – Beauty and Cosmetics Shop WooCommerce Theme
Hara – Beauty and Cosmetics Shop WooCommerce Theme
Researcher
CVE-ID
CVE-2025-26592
CVE-2025-26592
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Inset – Digital Agency & IT Services WordPress Theme
Inset – Digital Agency & IT Services WordPress Theme
Researcher
CVE-ID
CVE-2025-49253
CVE-2025-49253
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Lasa – Creative Minimal WooCommerce WordPress Theme
Lasa – Creative Minimal WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-49258
CVE-2025-49258
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Maia – Jewelry Shop WordPress Theme
Maia – Jewelry Shop WordPress Theme
Researcher
CVE-ID
CVE-2025-49254
CVE-2025-49254
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Nika – Medical Elementor WooCommerce Theme
Nika – Medical Elementor WooCommerce Theme
Researcher
CVE-ID
CVE-2025-24768
CVE-2025-24768
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Nitan – Fashion WooCommerce WordPress Theme
Nitan – Fashion WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-32510
CVE-2025-32510
Patch Status
Unpatched
Unpatched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Ovatheme Events Manager
Ovatheme Events Manager
Researcher
CVE-ID
CVE-2025-27362
CVE-2025-27362
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Petito – Animals and Pets Store WooCommerce Theme
Petito – Animals and Pets Store WooCommerce Theme
Researcher
CVE-ID
CVE-2025-49444
CVE-2025-49444
Patch Status
Unpatched
Unpatched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
ReFormer – Multichannel Contact Form for Elementor
ReFormer – Multichannel Contact Form for Elementor
Researcher
CVE-ID
CVE-2025-5288
CVE-2025-5288
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Researcher
CVE-ID
CVE-2025-49255
CVE-2025-49255
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Ruza – Beauty Cosmetics Shop WordPress Theme
Ruza – Beauty Cosmetics Shop WordPress Theme
Researcher
CVE-ID
CVE-2025-49256
CVE-2025-49256
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Sapa – Product Landing Page WooCommerce Theme
Sapa – Product Landing Page WooCommerce Theme
Researcher
CVE-ID
CVE-2025-29002
CVE-2025-29002
Patch Status
Unpatched
Unpatched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Simen – MultiPurpose WooCommerce WordPress Theme
Simen – MultiPurpose WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-28992
CVE-2025-28992
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
SNS Anton – Furniture WooCommerce WordPress Theme
SNS Anton – Furniture WooCommerce WordPress Theme
Researcher
Valen – Sport, Fashion WooCommerce WordPress Theme <= 2.4 – Unauthenticated Local File Inclusion
9.8
CVE-ID
CVE-2025-28945
CVE-2025-28945
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Valen – Sport, Fashion WooCommerce WordPress Theme
Valen – Sport, Fashion WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-49257
CVE-2025-49257
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Zota – Elementor Multi-Purpose WooCommerce Theme
Zota – Elementor Multi-Purpose WooCommerce Theme
Researcher
CVE-ID
CVE-2025-49415
CVE-2025-49415
Patch Status
Unpatched
Unpatched
Published
Jun 10, 2025
Jun 10, 2025
Affected Software
FW Gallery – Photo, video, audio media presentation and management system with players and slideshow
FW Gallery – Photo, video, audio media presentation and management system with players and slideshow
Researcher
CVE-ID
CVE-2025-6065
CVE-2025-6065
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
Image Resizer On The Fly
Image Resizer On The Fly
Researcher
Abandoned Cart Pro for WooCommerce <= 9.16.0 – Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-ID
CVE-2025-4387
CVE-2025-4387
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Abandoned Cart Pro for WooCommerce
Abandoned Cart Pro for WooCommerce
Researcher
CVE-ID
CVE-2025-4954
CVE-2025-4954
Patch Status
Unpatched
Unpatched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Axle Demo Importer
Axle Demo Importer
Researcher
CVE-ID
CVE-2025-4315
CVE-2025-4315
Patch Status
Patched
Patched
Published
Jun 10, 2025
Jun 10, 2025
Affected Software
CubeWP – All-in-One Dynamic Content Framework
CubeWP – All-in-One Dynamic Content Framework
Researcher
CVE-ID
CVE-2025-47559
CVE-2025-47559
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
MapSVG
MapSVG
Researcher
CVE-ID
CVE-2025-47561
CVE-2025-47561
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
MapSVG
MapSVG
Researcher
CVE-ID
CVE-2025-4601
CVE-2025-4601
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
RH – Real Estate WordPress Theme
RH – Real Estate WordPress Theme
Researcher
CVE-ID
CVE-2025-47572
CVE-2025-47572
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
School Management System for WordPress
School Management System for WordPress
Researcher
CVE-ID
CVE-2025-31047
CVE-2025-31047
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
edmin
edmin
Researcher
CVE-ID
CVE-2025-32222
CVE-2025-32222
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Widget Logic
Widget Logic
Researcher
CVE-ID
CVE-2025-5395
CVE-2025-5395
Patch Status
Patched
Patched
Published
Jun 10, 2025
Jun 10, 2025
Affected Software
WordPress Automatic Plugin
WordPress Automatic Plugin
Researcher
CVE-ID
CVE-2025-47452
CVE-2025-47452
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress
WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress
Researcher
CVE-ID
CVE-2025-32549
CVE-2025-32549
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
WPGYM – WordPress Gym Management System
WPGYM – WordPress Gym Management System
Researcher
CVE-ID
CVE-2025-47579
CVE-2025-47579
Patch Status
Unpatched
Unpatched
Published
Jun 10, 2025
Jun 10, 2025
Affected Software
Photography
Photography
Researcher
CVE-ID
CVE-2025-31919
CVE-2025-31919
Patch Status
Unpatched
Unpatched
Published
Jun 10, 2025
Jun 10, 2025
Affected Software
Spare – Ultimate MultiPurpose LESS Theme
Spare – Ultimate MultiPurpose LESS Theme
Researcher
CVE-ID
CVE-2025-49454
CVE-2025-49454
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
TinySalt – Personal Food Blog WordPress Theme
TinySalt – Personal Food Blog WordPress Theme
Researcher
CVE-ID
CVE-2025-49455
CVE-2025-49455
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
TinySalt – Personal Food Blog WordPress Theme
TinySalt – Personal Food Blog WordPress Theme
Researcher
CVE-ID
CVE-2025-4200
CVE-2025-4200
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
Zagg – Electronics & Accessories WooCommerce WordPress Theme
Zagg – Electronics & Accessories WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-31635
CVE-2025-31635
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
CLEVER – HTML5 Radio Player With History – Shoutcast and Icecast – WordPress Plugin
CLEVER – HTML5 Radio Player With History – Shoutcast and Icecast – WordPress Plugin
Researcher
CVE-ID
CVE-2025-49452
CVE-2025-49452
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
PostaPanduri
PostaPanduri
Researcher
CVE-ID
CVE-2025-47573
CVE-2025-47573
Patch Status
Unpatched
Unpatched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
School Management System for WordPress
School Management System for WordPress
Researcher
CVE-ID
CVE-2025-39479
CVE-2025-39479
Patch Status
Unpatched
Unpatched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Smart Notification WordPress Plugin. Web & Mobile Push, FB Messenger, FB Notifications & Newsletter.
Smart Notification WordPress Plugin. Web & Mobile Push, FB Messenger, FB Notifications & Newsletter.
Researcher
CVE-ID
CVE-2025-24767
CVE-2025-24767
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
TicketBAI Facturas para WooCommerce
TicketBAI Facturas para WooCommerce
Researcher
CVE-ID
CVE-2025-48274
CVE-2025-48274
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Researcher
CVE-ID
CVE-2025-5282
CVE-2025-5282
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software
Researcher
CVE-ID
CVE-2025-24773
CVE-2025-24773
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
WPCRM – CRM for Contact form CF7 & WooCommerce
WPCRM – CRM for Contact form CF7 & WooCommerce
Researcher
CVE-ID
CVE-2025-5487
CVE-2025-5487
Patch Status
Patched
Patched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
Researcher
CVE-ID
CVE-2025-3234
CVE-2025-3234
Patch Status
Patched
Patched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
File Manager Pro – Filester
File Manager Pro – Filester
Researcher
CVE-ID
CVE-2025-4799
CVE-2025-4799
Patch Status
Patched
Patched
Published
Jun 10, 2025
Jun 10, 2025
Affected Software
WP-DownloadManager
WP-DownloadManager
Researcher
CVE-ID
CVE-2025-3302
CVE-2025-3302
Patch Status
Patched
Patched
Published
Jun 10, 2025
Jun 10, 2025
Affected Software
Xagio SEO – AI Powered SEO
Xagio SEO – AI Powered SEO
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal
Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal
Researcher
CVE-ID
CVE-2025-6070
CVE-2025-6070
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
Restrict File Access
Restrict File Access
Researcher
CVE-ID
CVE-2025-48118
CVE-2025-48118
Patch Status
Unpatched
Unpatched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Woocommerce Partial Shipment
Woocommerce Partial Shipment
Researcher
CVE-ID
CVE-2025-5841
CVE-2025-5841
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
ACF Onyx Poll
ACF Onyx Poll
Researcher
CVE-ID
CVE-2025-49863
CVE-2025-49863
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Advanced Sermons
Advanced Sermons
Researcher
CVE-ID
CVE-2025-49858
CVE-2025-49858
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Arconix Shortcodes
Arconix Shortcodes
Researcher
CVE-ID
CVE-2025-5336
CVE-2025-5336
Patch Status
Patched
Patched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
Click to Chat – HoliThemes
Click to Chat – HoliThemes
Researcher
Color Palette <= 4.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via hex Parameter
6.4
CVE-ID
CVE-2025-5233
CVE-2025-5233
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Color Palette
Color Palette
Researcher
CVE-ID
CVE-2025-5123
CVE-2025-5123
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Contact Us Page – Contact People
Contact Us Page – Contact People
Researcher
CVE-ID
CVE-2025-49882
CVE-2025-49882
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
CubeWP – All-in-One Dynamic Content Framework
CubeWP – All-in-One Dynamic Content Framework
Researcher
CVE-ID
CVE-2025-4216
CVE-2025-4216
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
DIOT SCADA with MQTT
DIOT SCADA with MQTT
Researcher
CVE-ID
CVE-2025-3076
CVE-2025-3076
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Elementor Website Builder Pro
Elementor Website Builder Pro
Researcher
CVE-ID
CVE-2025-5923
CVE-2025-5923
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Game Review Block
Game Review Block
Researcher
CVE-ID
CVE-2025-49875
CVE-2025-49875
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
If-So Dynamic Content Personalization
If-So Dynamic Content Personalization
Researcher
IndieBlocks <= 0.13.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter
6.4
CVE-ID
CVE-2025-5950
CVE-2025-5950
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
IndieBlocks
IndieBlocks
Researcher
CVE-ID
CVE-2025-4586
CVE-2025-4586
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
IRM Newsroom
IRM Newsroom
Researcher
CVE-ID
CVE-2025-4584
CVE-2025-4584
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
IRM Newsroom
IRM Newsroom
Researcher
CVE-ID
CVE-2025-4585
CVE-2025-4585
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
IRM Newsroom
IRM Newsroom
Researcher
CVE-ID
CVE-2025-49861
CVE-2025-49861
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Kama Click Counter
Kama Click Counter
Researcher
CVE-ID
CVE-2025-6061
CVE-2025-6061
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
kk Youtube Video
kk Youtube Video
Researcher
CVE-ID
CVE-2025-49855
CVE-2025-49855
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Meks Flexible Shortcodes
Meks Flexible Shortcodes
Researcher
CVE-ID
CVE-2025-4774
CVE-2025-4774
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Premium Addons for Elementor
Premium Addons for Elementor
Researcher
CVE-ID
CVE-2025-49877
CVE-2025-49877
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
ProfileGrid – User Profiles, Groups and Communities
ProfileGrid – User Profiles, Groups and Communities
Researcher
CVE-ID
CVE-2025-49881
CVE-2025-49881
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Responsive Blocks – WordPress Gutenberg Blocks
Responsive Blocks – WordPress Gutenberg Blocks
Researcher
CVE-ID
CVE-2025-4667
CVE-2025-4667
Patch Status
Patched
Patched
Published
Jun 13, 2025
Jun 13, 2025
Researcher
CVE-ID
CVE-2025-5337
CVE-2025-5337
Patch Status
Patched
Patched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
Researcher
CVE-ID
CVE-2025-4577
CVE-2025-4577
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress
Researcher
CVE-ID
CVE-2025-5589
CVE-2025-5589
Patch Status
Patched
Patched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
StreamWeasels Kick Integration
StreamWeasels Kick Integration
Researcher
The Events Calendar <= 6.13.2 – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2025-5144
CVE-2025-5144
Patch Status
Patched
Patched
Published
Jun 10, 2025
Jun 10, 2025
Affected Software
The Events Calendar
The Events Calendar
Researcher
CVE-ID
CVE-2025-2918
CVE-2025-2918
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Ultimate Blocks – WordPress Blocks Plugin
Ultimate Blocks – WordPress Blocks Plugin
Researcher
CVE-ID
CVE-2025-49859
CVE-2025-49859
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
WP Views Counter
WP Views Counter
Researcher
CVE-ID
CVE-2025-49878
CVE-2025-49878
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
WPAdverts – Classifieds Plugin
WPAdverts – Classifieds Plugin
Researcher
CVE-ID
CVE-2025-5238
CVE-2025-5238
Patch Status
Patched
Patched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
YITH WooCommerce Wishlist
YITH WooCommerce Wishlist
Researcher
CVE-ID
CVE-2025-4666
CVE-2025-4666
Patch Status
Unpatched
Unpatched
Published
Jun 10, 2025
Jun 10, 2025
Affected Software
Zotpress
Zotpress
Researcher
CVE-ID
CVE-2025-49868
CVE-2025-49868
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
Researcher
CVE-ID
CVE-2025-6040
CVE-2025-6040
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
Easy Flashcards
Easy Flashcards
Researcher
CVE-ID
CVE-2025-48333
CVE-2025-48333
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
eForm – WordPress Form Builder
eForm – WordPress Form Builder
Researcher
CVE-ID
CVE-2025-30988
CVE-2025-30988
Patch Status
Unpatched
Unpatched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Elite Video Player
Elite Video Player
Researcher
CVE-ID
CVE-2025-5926
CVE-2025-5926
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Link Shield
Link Shield
Researcher
CVE-ID
CVE-2025-48145
CVE-2025-48145
Patch Status
Unpatched
Unpatched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Track, Analyze & Optimize by WP Tao
Track, Analyze & Optimize by WP Tao
Researcher
CVE-ID
CVE-2025-49266
CVE-2025-49266
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
Ultimate Reviews
Ultimate Reviews
Researcher
CVE-ID
CVE-2025-46494
CVE-2025-46494
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
WidgetKit Pro
WidgetKit Pro
Researcher
CVE-ID
CVE-2025-6064
CVE-2025-6064
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
WP URL Shortener
WP URL Shortener
Researcher
CVE-ID
CVE-2025-6063
CVE-2025-6063
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
XiSearch bar
XiSearch bar
Researcher
CVE-ID
CVE-2025-6055
CVE-2025-6055
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
Zen Sticky Social
Zen Sticky Social
Researcher
CVE-ID
CVE-2025-4187
CVE-2025-4187
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
UserPro – Community and User Profile WordPress Plugin
UserPro – Community and User Profile WordPress Plugin
Researcher
CVE-ID
CVE-2025-6012
CVE-2025-6012
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Auto Attachments
Auto Attachments
Researcher
CVE-ID
CVE-2025-49451
CVE-2025-49451
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Researcher
CVE-ID
CVE-2025-49864
CVE-2025-49864
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
AFS Analytics
AFS Analytics
Researcher
CVE-ID
CVE-2025-5938
CVE-2025-5938
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Digital Marketing and Agency Templates Addons for Elementor
Digital Marketing and Agency Templates Addons for Elementor
Researcher
CVE-ID
CVE-2025-49860
CVE-2025-49860
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin
Researcher
CVE-ID
CVE-2025-49265
CVE-2025-49265
Patch Status
Patched
Patched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Membership For WooCommerce
Membership For WooCommerce
Researcher
CVE-ID
CVE-2025-49872
CVE-2025-49872
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
Researcher
CVE-ID
CVE-2025-5815
CVE-2025-5815
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Traffic Monitor
Traffic Monitor
Researcher
CVE-ID
CVE-2025-6003
CVE-2025-6003
Patch Status
Patched
Patched
Published
Jun 11, 2025
Jun 11, 2025
Affected Software
WordPress Single Sign-On (SSO) – Single Site Standard
WordPress Single Sign-On (SSO) – Single Site Premium
WordPress Single Sign-On (SSO) – Multisite Premium
WordPress Single Sign-On (SSO) – Single Site Enterprise
WordPress Single Sign-On (SSO) – Multisite Enterprise
WordPress Single Sign-On (SSO) – Single Site All-Inclusive
WordPress Single Sign-On (SSO) – Multisite All-Inclusive
WordPress Single Sign-On (SSO) – Single Site Standard
WordPress Single Sign-On (SSO) – Single Site Premium
WordPress Single Sign-On (SSO) – Multisite Premium
WordPress Single Sign-On (SSO) – Single Site Enterprise
WordPress Single Sign-On (SSO) – Multisite Enterprise
WordPress Single Sign-On (SSO) – Single Site All-Inclusive
WordPress Single Sign-On (SSO) – Multisite All-Inclusive
Researcher
CVE-ID
CVE-2025-49854
CVE-2025-49854
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Slim SEO – Fast & Automated WordPress SEO Plugin
Slim SEO – Fast & Automated WordPress SEO Plugin
Researcher
CVE-ID
CVE-2025-28972
CVE-2025-28972
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
WP Employee Attendance System
WP Employee Attendance System
Researcher
CVE-ID
CVE-2025-4798
CVE-2025-4798
Patch Status
Patched
Patched
Published
Jun 10, 2025
Jun 10, 2025
Affected Software
WP-DownloadManager
WP-DownloadManager
Researcher
CVE-ID
CVE-2025-49862
CVE-2025-49862
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Ebook Store
Ebook Store
Researcher
CVE-ID
CVE-2025-49871
CVE-2025-49871
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Simple Newsletter Plugin – Noptin
Simple Newsletter Plugin – Noptin
Researcher
CVE-ID
CVE-2025-5939
CVE-2025-5939
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Telegram for WP
Telegram for WP
Researcher
CVE-ID
CVE-2025-49865
CVE-2025-49865
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Advanced Settings 3
Advanced Settings 3
Researcher
CVE-ID
CVE-2025-4592
CVE-2025-4592
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
AI Image Lab – Free AI Image Generator
AI Image Lab – Free AI Image Generator
Researcher
CVE-ID
CVE-2025-49874
CVE-2025-49874
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Arconix FAQ
Arconix FAQ
Researcher
CVE-ID
CVE-2025-5925
CVE-2025-5925
Patch Status
Unpatched
Unpatched
Published
Jun 9, 2025
Jun 9, 2025
Affected Software
Bunny’s Print CSS
Bunny’s Print CSS
Researcher
CVE-ID
CVE-2025-49880
CVE-2025-49880
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
CubeWP Forms – All-in-One Form Builder
CubeWP Forms – All-in-One Form Builder
Researcher
CVE-ID
CVE-2025-49857
CVE-2025-49857
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
Researcher
CVE-ID
CVE-2025-49856
CVE-2025-49856
Patch Status
Patched
Patched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.
Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.
Researcher
CVE-ID
CVE-2025-5928
CVE-2025-5928
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
WP Sliding Login/Dashboard Panel
WP Sliding Login/Dashboard Panel
Researcher
CVE-ID
CVE-2025-5930
CVE-2025-5930
Patch Status
Unpatched
Unpatched
Published
Jun 12, 2025
Jun 12, 2025
Affected Software
WP2HTML
WP2HTML
Researcher
CVE-ID
CVE-2025-6062
CVE-2025-6062
Patch Status
Unpatched
Unpatched
Published
Jun 13, 2025
Jun 13, 2025
Affected Software
Yougler Blogger Profile Page
Yougler Blogger Profile Page
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 9, 2025 to June 15, 2025) appeared first on Wordfence.
