Calling all Vulnerability Researchers and Bug Bounty Hunters!
Operation: Maximum Impact Challenge! Now through November 10, 2025, earn 2X bounty rewards for all in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big!
The LFInder Challenge: Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier, AND earn a 30% bonus on all Local File Inclusion vulnerability submissions not already increased by another promotion.
Last week, there were 118 vulnerabilities disclosed in 99 WordPress Plugins and 7 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 40 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 29,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-866 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-867 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-868 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 76 |
| Unpatched | 42 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 91 |
| High Severity | 21 |
| Critical Severity | 6 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Missing Authorization | 27 |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 24 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 15 |
| Cross-Site Request Forgery (CSRF) | 13 |
| Authorization Bypass Through User-Controlled Key | 6 |
| Exposure of Sensitive Information to an Unauthorized Actor | 6 |
| Unrestricted Upload of File with Dangerous Type | 4 |
| Authentication Bypass Using an Alternate Path or Channel | 2 |
| Improper Authorization | 2 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 2 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 2 |
| Incorrect Privilege Assignment | 2 |
| Server-Side Request Forgery (SSRF) | 2 |
| Acceptance of Extraneous Untrusted Data With Trusted Data | 1 |
| Deserialization of Untrusted Data | 1 |
| External Control of File Name or Path | 1 |
| Improper Authentication | 1 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 1 |
| Improper Neutralization of Alternate XSS Syntax | 1 |
| Improper Privilege Management | 1 |
| Insertion of Sensitive Information into Log File | 1 |
| Insertion of Sensitive Information Into Sent Data | 1 |
| Missing Authentication for Critical Function | 1 |
| Use of Hard-coded Credentials | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 18 | |
| 16 | |
| 7 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Acknowledgify | acknowledgify |
| Advanced Coupons – WooCommerce Coupons & Store Credit | advanced-coupons-for-woocommerce-free |
| Ally – Web Accessibility & Usability | pojo-accessibility |
| Binary MLM Plan | binary-mlm-plan |
| Block Country | block-country |
| BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor | blockspare |
| Content Writer | content-writer |
| Demo Import Kit | demo-import-kit |
| Dhivehi Text | dhivehi-text |
| Digiseller | digiseller |
| DocoDoco Store Locator | docodoco-store-locator |
| Dynamically Display Posts | dynamically-display-posts |
| E2Pdf – Export Pdf Tool for WordPress | e2pdf |
| Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress | easy-post-submission |
| Event post | event-post |
| Event Tickets and Registration | event-tickets |
| Events Calendar Made Simple – Pie Calendar | pie-calendar |
| External Login | external-login |
| FileBird – WordPress Media Library Folders & File Manager | filebird |
| Find And Replace content for WordPress | find-and-replace-content |
| Flex QR Code Generator | flex-qr-code-generator |
| Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic | shopmagic-for-woocommerce |
| Front End Users | front-end-only-users |
| FunKItools | funkitools |
| GSpeech TTS – WordPress Text To Speech Plugin | gspeech |
| Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | essential-blocks |
| Houzez Theme – Functionality | houzez-theme-functionality |
| Keyy Two Factor Authentication (like Clef) | keyy |
| Kognetiks Chatbot | chatbot-chatgpt |
| LearnPress – WordPress LMS Plugin | learnpress |
| Library Management System | library-management-system |
| Lisfinity Core – Lisfinity Core plugin used for pebas® Lisfinity WordPress theme | lisfinity-core |
| MasterStudy LMS WordPress Plugin – for Online Courses and Education | masterstudy-lms-learning-management-system |
| MDTF – Meta Data and Taxonomies Filter | wp-meta-data-filter-and-taxonomy-filter |
| Media Library Assistant | media-library-assistant |
| MeetingHub for Zoom Meeting, Google Meet, Jitsi Meet, Webex, & Microsoft Teams | The All-in-One Webinar & Video Conference Solution | meetinghub |
| Oceanpayment CreditCard Gateway | oceanpayment-creditcard-gateway |
| One Page Express Companion | one-page-express-companion |
| onOffice for WP-Websites | onoffice-for-wp-websites |
| Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization | optimole-wp |
| Orion SMS OTP Verification | orion-sms-otp-verification |
| Outdoor | outdoor |
| Ova Advent | ova-advent |
| OwnID Passwordless Login | ownid-passwordless-login |
| PowerBI Embed Reports | embed-power-bi-reports |
| PPOM – Product Addons & Custom Fields for WooCommerce | woocommerce-product-addon |
| Product Bundles, Quantity/Bulk Discount, BOGO, Buy X Get Y – WowRevenue | revenue |
| Product Catalog Simple | post-type-x |
| Product Table For WooCommerce | product-table-for-woocommerce |
| Quick Featured Images | quick-featured-images |
| Quick Social Login | quick-login |
| Redirection for Contact Form 7 | wpcf7-redirect |
| Related Posts Lite | related-posts-lite |
| replyMail | replymail |
| Reviews Widgets for Google & 45+ platforms by Repuso | social-testimonials-and-reviews-widget |
| Rich Snippet Site Report | easysnippet |
| Shortcode Button | shortcode-button |
| ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | shortpixel-image-optimiser |
| Simple Job Board | simple-job-board |
| Simple Stripe | simple-stripe |
| Slick Google Map | slick-google-map |
| SmartCrawl SEO checker, analyzer & optimizer | smartcrawl-seo |
| SUMO Memberships for WooCommerce | sumomemberships |
| SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more | sureforms |
| Tab Ultimate | tabs-pro |
| tagDiv Cloud Library | td-cloud-library |
| tagDiv Composer | td-composer |
| TARIFFUXX | tariffuxx |
| Task Scheduler | task-scheduler |
| thegem-elements | thegem-elements |
| Theme Editor | theme-editor |
| Theme Importer | theme-importer |
| TopBar | topbar |
| Truelysell Core | truelysell-core |
| u-design-core | u-design-core |
| UiChemy — Figma Converter for Elementor, Gutenberg and Bricks | uichemy |
| UPC/EAN/GTIN Barcode Generator/Importer | upc-ean-barcode-generator |
| URLYar URL Shortner | urlyar |
| Voice Feedback – Voice Recorder for Audio Feedback | voice-feedback |
| WhyDonate – FREE Donate button – Crowdfunding – Fundraising | wp-whydonate |
| Woocommerce Category and Products Accordion Panel | accordion-panel-for-category-and-products |
| WP BookWidgets | wp-bookwidgets |
| WP Dashboard Chat | wp-dashboard-chat |
| WP Go Maps (formerly WP Google Maps) | wp-google-maps |
| WP Google Map Plugin | wp-google-map |
| WP jQuery Pager | wp-jquery-pdf-paged |
| WP SMS – Ultimate SMS & MMS Notifications, OTP, 2FA, and WooCommerce & Forms Integrations | wp-sms |
| Wp tabber widget | wp-tabber-widget |
| WP Travel Gutenberg Blocks | wp-travel-blocks |
| WP ViewSTL | wp-viewstl |
| WPBakery Page Builder | js_composer |
| WPBifröst – Instant Passwordless Temporary Login Links | create-temporary-login |
| WPC Smart Quick View for WooCommerce | woo-smart-quick-view |
| WPC Smart Wishlist for WooCommerce | woo-smart-wishlist |
| WPCasa | wpcasa |
| wpNamedUsers | wpnamedusers |
| XX2WP Integration Tools | fb2wp-integration-tools |
| YourMembership Single Sign On – YM SSO Login | login-with-yourmembership |
| Zip Attachments | zip-attachments |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| ClassifiedPro – reCommerce WordPress Theme | classified-pro |
| Felan Framework | felan-framework |
| HiStudy – Online Courses & Education Template | histudy |
| HomeLancer | homelancer |
| KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme | kallyas |
| Salient | Creative Multipurpose & WooCommerce Theme | salient |
| XStore | xstore |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-10850
CVE-2025-10850
Patch Status
Patched
Patched
Published
Oct 15, 2025
Oct 15, 2025
Affected Software
Felan Framework
Felan Framework
Researcher
CVE-ID
CVE-2025-10041
CVE-2025-10041
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Flex QR Code Generator
Flex QR Code Generator
Researcher
CVE-ID
CVE-2025-9967
CVE-2025-9967
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Orion SMS OTP Verification
Orion SMS OTP Verification
Researcher
CVE-ID
CVE-2025-10294
CVE-2025-10294
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
OwnID Passwordless Login
OwnID Passwordless Login
Researcher
CVE-ID
CVE-2025-11391
CVE-2025-11391
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
PPOM – Product Addons & Custom Fields for WooCommerce
PPOM – Product Addons & Custom Fields for WooCommerce
Researcher
CVE-ID
CVE-2025-10742
CVE-2025-10742
Patch Status
Unpatched
Unpatched
Published
Oct 15, 2025
Oct 15, 2025
Affected Software
Truelysell Core
Truelysell Core
Researcher
CVE-ID
CVE-2025-10706
CVE-2025-10706
Patch Status
Unpatched
Unpatched
Published
Oct 15, 2025
Oct 15, 2025
Affected Software
ClassifiedPro – reCommerce WordPress Theme
ClassifiedPro – reCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-10293
CVE-2025-10293
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Keyy Two Factor Authentication (like Clef)
Keyy Two Factor Authentication (like Clef)
Researcher
CVE-ID
CVE-2025-9890
CVE-2025-9890
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
Theme Editor
Theme Editor
Researcher
CVE-ID
CVE-2025-62007
CVE-2025-62007
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Voice Feedback – Voice Recorder for Audio Feedback
Voice Feedback – Voice Recorder for Audio Feedback
Researcher
CVE-ID
CVE-2025-10299
CVE-2025-10299
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
WPBifröst – Instant Passwordless Temporary Login Links
WPBifröst – Instant Passwordless Temporary Login Links
Researcher
XStore | Multipurpose WooCommerce Theme <= 9.5.4 – Authenticated (Subscriber+) Local File Inclusion
8.8
CVE-ID
CVE-2025-11746
CVE-2025-11746
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
XStore
XStore
Researcher
Category and Products Accordion Panel <= 1.0 – Authenticated (Contributor+) Local File Inclusion
7.5
CVE-ID
CVE-2025-11722
CVE-2025-11722
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Woocommerce Category and Products Accordion Panel
Woocommerce Category and Products Accordion Panel
Researcher
CVE-ID
CVE-2025-11501
CVE-2025-11501
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Dynamically Display Posts
Dynamically Display Posts
Researcher
CVE-ID
CVE-2025-11517
CVE-2025-11517
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
Event Tickets and Registration
Event Tickets and Registration
Researcher
CVE-ID
CVE-2025-11177
CVE-2025-11177
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
External Login
External Login
Researcher
CVE-ID
CVE-2025-59578
CVE-2025-59578
Patch Status
Patched
Patched
Published
Oct 15, 2025
Oct 15, 2025
Affected Software
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic
Researcher
CVE-ID
CVE-2025-48089
CVE-2025-48089
Patch Status
Patched
Patched
Published
Oct 13, 2025
Oct 13, 2025
Affected Software
HiStudy – Online Courses & Education Template
HiStudy – Online Courses & Education Template
Researcher
CVE-ID
CVE-2025-48089
CVE-2025-48089
Patch Status
Patched
Patched
Published
Oct 13, 2025
Oct 13, 2025
Affected Software
HiStudy – Online Courses & Education Template
HiStudy – Online Courses & Education Template
Researcher
CVE-ID
CVE-2025-62054
CVE-2025-62054
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Houzez Theme – Functionality
Houzez Theme – Functionality
Researcher
PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 – Unauthenticated SQL Injection
7.5
CVE-ID
CVE-2025-11691
CVE-2025-11691
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
PPOM – Product Addons & Custom Fields for WooCommerce
PPOM – Product Addons & Custom Fields for WooCommerce
Researcher
CVE-ID
CVE-2025-62008
CVE-2025-62008
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Product Table For WooCommerce
Product Table For WooCommerce
Researcher
CVE-ID
CVE-2025-6042
CVE-2025-6042
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Researcher
CVE-ID
CVE-2025-10051
CVE-2025-10051
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Demo Import Kit
Demo Import Kit
Researcher
CVE-ID
CVE-2025-10754
CVE-2025-10754
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
DocoDoco Store Locator
DocoDoco Store Locator
Researcher
CVE-ID
CVE-2025-10313
CVE-2025-10313
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Find And Replace content for WordPress
Find And Replace content for WordPress
Researcher
CVE-ID
CVE-2025-10038
CVE-2025-10038
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Binary MLM Plan
Binary MLM Plan
Researcher
CVE-ID
CVE-2025-11372
CVE-2025-11372
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
LearnPress – WordPress LMS Plugin
LearnPress – WordPress LMS Plugin
Researcher
TARIFFUXX <= 1.4 – Authenticated (Contributor+) SQL Injection via tariffuxx_configurator Shortcode
6.5
CVE-ID
CVE-2025-10682
CVE-2025-10682
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
TARIFFUXX
TARIFFUXX
Researcher
CVE-ID
CVE-2025-10660
CVE-2025-10660
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
WP Dashboard Chat
WP Dashboard Chat
Researcher
CVE-ID
CVE-2025-11365
CVE-2025-11365
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
WP Google Map Plugin
WP Google Map Plugin
Researcher
CVE-ID
CVE-2025-10575
CVE-2025-10575
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
WP jQuery Pager
WP jQuery Pager
Researcher
CVE-ID
CVE-2025-10730
CVE-2025-10730
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Wp tabber widget
Wp tabber widget
Researcher
CVE-ID
CVE-2025-10132
CVE-2025-10132
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Dhivehi Text
Dhivehi Text
Researcher
CVE-ID
CVE-2025-10141
CVE-2025-10141
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Digiseller
Digiseller
Researcher
CVE-ID
CVE-2025-62068
CVE-2025-62068
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
E2Pdf – Export Pdf Tool for WordPress
E2Pdf – Export Pdf Tool for WordPress
Researcher
CVE-ID
CVE-2025-11361
CVE-2025-11361
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Researcher
CVE-ID
CVE-2025-62042
CVE-2025-62042
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Event post
Event post
Researcher
CVE-ID
CVE-2025-11270
CVE-2025-11270
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Researcher
CVE-ID
CVE-2025-62058
CVE-2025-62058
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Houzez Theme – Functionality
Houzez Theme – Functionality
Researcher
CVE-ID
CVE-2025-62069
CVE-2025-62069
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
MDTF – Meta Data and Taxonomies Filter
MDTF – Meta Data and Taxonomies Filter
Researcher
CVE-ID
CVE-2025-8561
CVE-2025-8561
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Ova Advent
Ova Advent
Researcher
CVE-ID
CVE-2025-62024
CVE-2025-62024
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Events Calendar Made Simple – Pie Calendar
Events Calendar Made Simple – Pie Calendar
Researcher
CVE-ID
CVE-2025-10140
CVE-2025-10140
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Quick Social Login
Quick Social Login
Researcher
CVE-ID
CVE-2025-9562
CVE-2025-9562
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
Redirection for Contact Form 7
Redirection for Contact Form 7
Researcher
CVE-ID
CVE-2025-10194
CVE-2025-10194
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Shortcode Button
Shortcode Button
Researcher
CVE-ID
CVE-2025-62060
CVE-2025-62060
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Tab Ultimate
Tab Ultimate
Researcher
CVE-ID
CVE-2025-62032
CVE-2025-62032
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
tagDiv Cloud Library
tagDiv Cloud Library
Researcher
CVE-ID
CVE-2025-62030
CVE-2025-62030
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
tagDiv Composer
tagDiv Composer
Researcher
CVE-ID
CVE-2025-62044
CVE-2025-62044
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
thegem-elements
thegem-elements
Researcher
CVE-ID
CVE-2025-62051
CVE-2025-62051
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
u-design-core
u-design-core
Researcher
CVE-ID
CVE-2025-10133
CVE-2025-10133
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
URLYar URL Shortner
URLYar URL Shortner
Researcher
CVE-ID
CVE-2025-10139
CVE-2025-10139
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
WP BookWidgets
WP BookWidgets
Researcher
CVE-ID
CVE-2025-62063
CVE-2025-62063
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
WP Travel Gutenberg Blocks
WP Travel Gutenberg Blocks
Researcher
CVE-ID
CVE-2025-10135
CVE-2025-10135
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
WP ViewSTL
WP ViewSTL
Researcher
CVE-ID
CVE-2025-10006
CVE-2025-10006
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
WPBakery Page Builder
WPBakery Page Builder
Researcher
CVE-ID
CVE-2025-11160
CVE-2025-11160
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
WPBakery Page Builder
WPBakery Page Builder
Researcher
CVE-ID
CVE-2025-11161
CVE-2025-11161
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
WPBakery Page Builder
WPBakery Page Builder
Researcher
CVE-ID
CVE-2025-62043
CVE-2025-62043
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
WPCasa
WPCasa
Researcher
CVE-ID
CVE-2025-11857
CVE-2025-11857
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
XX2WP Integration Tools
XX2WP Integration Tools
Researcher
CVE-ID
CVE-2025-11378
CVE-2025-11378
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
Researcher
CVE-ID
CVE-2025-10486
CVE-2025-10486
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Content Writer
Content Writer
Researcher
CVE-ID
CVE-2025-62062
CVE-2025-62062
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress
Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress
Researcher
CVE-ID
CVE-2025-10849
CVE-2025-10849
Patch Status
Patched
Patched
Published
Oct 15, 2025
Oct 15, 2025
Affected Software
Felan Framework
Felan Framework
Researcher
CVE-ID
CVE-2025-62018
CVE-2025-62018
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme
KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme
Researcher
CVE-ID
CVE-2025-11256
CVE-2025-11256
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
Kognetiks Chatbot
Kognetiks Chatbot
Researcher
CVE-ID
CVE-2025-10648
CVE-2025-10648
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
YourMembership Single Sign On – YM SSO Login
YourMembership Single Sign On – YM SSO Login
Researcher
CVE-ID
CVE-2025-11738
CVE-2025-11738
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
Media Library Assistant
Media Library Assistant
Researcher
CVE-ID
CVE-2025-11728
CVE-2025-11728
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Oceanpayment CreditCard Gateway
Oceanpayment CreditCard Gateway
Researcher
CVE-ID
CVE-2025-10750
CVE-2025-10750
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
PowerBI Embed Reports
PowerBI Embed Reports
Researcher
CVE-ID
CVE-2025-59579
CVE-2025-59579
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Simple Job Board
Simple Job Board
Researcher
CVE-ID
CVE-2025-10186
CVE-2025-10186
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
WhyDonate – FREE Donate button – Crowdfunding – Fundraising
WhyDonate – FREE Donate button – Crowdfunding – Fundraising
Researcher
CVE-ID
CVE-2025-11703
CVE-2025-11703
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
WP Go Maps (formerly WP Google Maps)
WP Go Maps (formerly WP Google Maps)
Researcher
CVE-ID
CVE-2025-11741
CVE-2025-11741
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
WPC Smart Quick View for WooCommerce
WPC Smart Quick View for WooCommerce
Researcher
CVE-ID
CVE-2025-11692
CVE-2025-11692
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Zip Attachments
Zip Attachments
Researcher
CVE-ID
CVE-2025-11701
CVE-2025-11701
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Zip Attachments
Zip Attachments
Researcher
CVE-ID
CVE-2025-62015
CVE-2025-62015
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Advanced Coupons – WooCommerce Coupons & Store Credit
Advanced Coupons – WooCommerce Coupons & Store Credit
Researcher
CVE-ID
CVE-2025-10187
CVE-2025-10187
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
GSpeech TTS – WordPress Text To Speech Plugin
GSpeech TTS – WordPress Text To Speech Plugin
Researcher
CVE-ID
CVE-2025-10045
CVE-2025-10045
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
onOffice for WP-Websites
onOffice for WP-Websites
Researcher
CVE-ID
CVE-2025-10310
CVE-2025-10310
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Rich Snippet Site Report
Rich Snippet Site Report
Researcher
CVE-ID
CVE-2025-11926
CVE-2025-11926
Patch Status
Unpatched
Unpatched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
Related Posts Lite
Related Posts Lite
Researcher
CVE-ID
CVE-2025-10056
CVE-2025-10056
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Task Scheduler
Task Scheduler
Researcher
CVE-ID
CVE-2025-62021
CVE-2025-62021
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Acknowledgify
Acknowledgify
Researcher
Ally – Web Accessibility & Usability <= 3.8.0 – Cross-Site Request Forgery to Plugin Settings Update
4.3
CVE-ID
CVE-2025-10700
CVE-2025-10700
Patch Status
Patched
Patched
Published
Oct 15, 2025
Oct 15, 2025
Affected Software
Ally – Web Accessibility & Usability
Ally – Web Accessibility & Usability
Researcher
CVE-ID
CVE-2025-11895
CVE-2025-11895
Patch Status
Unpatched
Unpatched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Binary MLM Plan
Binary MLM Plan
Researcher
CVE-ID
CVE-2025-48077
CVE-2025-48077
Patch Status
Unpatched
Unpatched
Published
Oct 13, 2025
Oct 13, 2025
Affected Software
Block Country
Block Country
Researcher
CVE-ID
CVE-2025-62026
CVE-2025-62026
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor
BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor
Researcher
CVE-ID
CVE-2025-62027
CVE-2025-62027
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Event Tickets and Registration
Event Tickets and Registration
Researcher
External Login <= 1.11.2 – Authenticated (Subscriber+) Sensitive Data Exposure via Test Connection
4.3
CVE-ID
CVE-2025-11196
CVE-2025-11196
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
External Login
External Login
Researcher
CVE-ID
CVE-2025-11510
CVE-2025-11510
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
FileBird – WordPress Media Library Folders & File Manager
FileBird – WordPress Media Library Folders & File Manager
Researcher
CVE-ID
CVE-2025-62072
CVE-2025-62072
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Front End Users
Front End Users
Researcher
CVE-ID
CVE-2025-10301
CVE-2025-10301
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
FunKItools
FunKItools
Researcher
CVE-ID
CVE-2025-49375
CVE-2025-49375
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
HomeLancer
HomeLancer
Researcher
CVE-ID
CVE-2025-11519
CVE-2025-11519
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization
Researcher
CVE-ID
CVE-2025-62017
CVE-2025-62017
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme
KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme
Researcher
CVE-ID
CVE-2025-10303
CVE-2025-10303
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Library Management System
Library Management System
Researcher
CVE-ID
CVE-2025-59575
CVE-2025-59575
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Researcher
CVE-ID
CVE-2025-62073
CVE-2025-62073
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
CVE-ID
CVE-2025-62052
CVE-2025-62052
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
One Page Express Companion
One Page Express Companion
Researcher
CVE-ID
CVE-2025-62061
CVE-2025-62061
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Product Catalog Simple
Product Catalog Simple
Researcher
CVE-ID
CVE-2025-11176
CVE-2025-11176
Patch Status
Patched
Patched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Quick Featured Images
Quick Featured Images
Researcher
CVE-ID
CVE-2025-31029
CVE-2025-31029
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
replyMail
replyMail
Researcher
CVE-ID
CVE-2025-62028
CVE-2025-62028
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Salient | Creative Multipurpose & WooCommerce Theme
Salient | Creative Multipurpose & WooCommerce Theme
Researcher
CVE-ID
CVE-2025-48085
CVE-2025-48085
Patch Status
Unpatched
Unpatched
Published
Oct 13, 2025
Oct 13, 2025
Affected Software
Simple Stripe
Simple Stripe
Researcher
CVE-ID
CVE-2025-48078
CVE-2025-48078
Patch Status
Unpatched
Unpatched
Published
Oct 13, 2025
Oct 13, 2025
Affected Software
Slick Google Map
Slick Google Map
Researcher
CVE-ID
CVE-2025-62048
CVE-2025-62048
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
SmartCrawl SEO checker, analyzer & optimizer
SmartCrawl SEO checker, analyzer & optimizer
Researcher
CVE-ID
CVE-2025-62071
CVE-2025-62071
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Reviews Widgets for Google & 45+ platforms by Repuso
Reviews Widgets for Google & 45+ platforms by Repuso
Researcher
CVE-ID
CVE-2025-62005
CVE-2025-62005
Patch Status
Patched
Patched
Published
Oct 15, 2025
Oct 15, 2025
Affected Software
SUMO Memberships for WooCommerce
SUMO Memberships for WooCommerce
Researcher
CVE-ID
CVE-2025-10732
CVE-2025-10732
Patch Status
Patched
Patched
Published
Oct 13, 2025
Oct 13, 2025
Affected Software
SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more
SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more
Researcher
CVE-ID
CVE-2025-10312
CVE-2025-10312
Patch Status
Unpatched
Unpatched
Published
Oct 14, 2025
Oct 14, 2025
Affected Software
Theme Importer
Theme Importer
Researcher
CVE-ID
CVE-2025-62013
CVE-2025-62013
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
UiChemy — Figma Converter for Elementor, Gutenberg and Bricks
UiChemy — Figma Converter for Elementor, Gutenberg and Bricks
Researcher
CVE-ID
CVE-2025-62009
CVE-2025-62009
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
UPC/EAN/GTIN Barcode Generator/Importer
UPC/EAN/GTIN Barcode Generator/Importer
Researcher
CVE-ID
CVE-2025-62070
CVE-2025-62070
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
Product Bundles, Quantity/Bulk Discount, BOGO, Buy X Get Y – WowRevenue
Product Bundles, Quantity/Bulk Discount, BOGO, Buy X Get Y – WowRevenue
Researcher
CVE-ID
CVE-2025-62006
CVE-2025-62006
Patch Status
Patched
Patched
Published
Oct 16, 2025
Oct 16, 2025
Affected Software
WP SMS – Ultimate SMS & MMS Notifications, OTP, 2FA, and WooCommerce & Forms Integrations
WP SMS – Ultimate SMS & MMS Notifications, OTP, 2FA, and WooCommerce & Forms Integrations
Researcher
CVE-ID
CVE-2025-11742
CVE-2025-11742
Patch Status
Patched
Patched
Published
Oct 17, 2025
Oct 17, 2025
Affected Software
WPC Smart Wishlist for WooCommerce
WPC Smart Wishlist for WooCommerce
Researcher
CVE-ID
CVE-2025-48083
CVE-2025-48083
Patch Status
Unpatched
Unpatched
Published
Oct 13, 2025
Oct 13, 2025
Affected Software
wpNamedUsers
wpNamedUsers
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 13, 2025 to October 19, 2025) appeared first on Wordfence.
