Triple Threat Bug Bounty Challenge
Hunt High Threat vulnerabilities and earn triple the incentives!
Now through April 6, 2026, earn three stacked bonuses on all valid submissions from our ‘High Threat Vulnerabilities’ list:
2x all high threat vulnerability bounties (excluding 5,000,000+ installs)
+30% bonus for high threat vulnerabilities in software with 30,000+ active installs (excluding 5,000,000+ installs)
$300 extra for every 3 High Threat vulnerabilities submitted (minimum of 1,000 installs)
Use the Bounty Estimator to see what rewards are possible through the promotion.
Submit through our Bug Bounty Program today to maximize your impact and your payout.
Last week, there were 204 vulnerabilities disclosed in 77 WordPress Plugins and 119 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 33,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
-
-
- Master Addons for Elementor Premium <= 2.1.3 – Authenticated (Subscriber+) Remote Code Execution via render_preview
- Woocommerce Wholesale Lead Capture <= 2.0.3.1 – Unauthenticated Privilege Escalation
- Woocommerce Wholesale Lead Capture <= 2.0.3.1 – Unauthenticated Arbitrary File Upload
- WAF-RULE-896 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-897 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-901 – Data redacted while we work with the vendor on a patch.
-
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 41 |
| Unpatched | 163 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 70 |
| High Severity | 131 |
| Critical Severity | 3 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 99 |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 43 |
| Missing Authorization | 16 |
| Deserialization of Untrusted Data | 10 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 8 |
| Improper Control of Generation of Code (‘Code Injection’) | 4 |
| Unrestricted Upload of File with Dangerous Type | 4 |
| Authentication Bypass Using an Alternate Path or Channel | 3 |
| Authorization Bypass Through User-Controlled Key | 3 |
| Exposure of Sensitive Information to an Unauthorized Actor | 3 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 3 |
| Cross-Site Request Forgery (CSRF) | 1 |
| Embedded Malicious Code | 1 |
| Improper Access Control | 1 |
| Improper Authentication | 1 |
| Improper Authorization | 1 |
| Improper Privilege Management | 1 |
| Insufficient Verification of Data Authenticity | 1 |
| Server-Side Request Forgery (SSRF) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 65 | |
| 38 | |
| 30 | |
| 12 | |
| 6 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Advanced Woo Labels – Product Labels & Badges for WooCommerce | advanced-woo-labels |
| AI Engine – The Chatbot, AI Framework & MCP for WordPress | ai-engine |
| AllInOne – Banner Rotator | all-in-one-bannerRotator |
| Bakery Autoresponder Addon | vc-autoresponder-addon |
| Builderall for WordPress | builderall-cheetah-for-wp |
| Classified Listing – AI-Powered Classified ads & Business Directory Plugin | classified-listing |
| Custom Logo | custom-logo |
| designthemes-portfolio | designthemes-portfolio |
| Directory Listings WordPress plugin – uListing | ulisting |
| Directory Pro | directory-pro |
| Disable Admin Notices – Hide Dashboard Notifications | disable-admin-notices |
| DT – Directory WordPress Plugin | designthemes-directory-addon |
| DT Booking – WordPress Ultimate Booking Plugin | designthemes-booking-manager |
| Eagle Booking | eagle-booking |
| Electric Enquiries | electric-enquiries |
| ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | elementskit-lite |
| EM Cost Calculator | cost-calculator |
| Filr – Secure document library | filr-protection |
| Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | chaty |
| Fluent Forms Pro Add On Pack | fluentformpro |
| Frontend Publishing Pro | rh-frontend |
| Geo Mashup | geo-mashup |
| Japanized for WooCommerce | woocommerce-for-japan |
| JetEngine | jet-engine |
| LambertGroup – AllInOne – Banner with Playlist | all-in-one-bannerWithPlaylist |
| LambertGroup – AllInOne – Banner with Thumbnails | all-in-one-thumbnailsBanner |
| LambertGroup – AllInOne – Content Slider | all-in-one-contentSlider |
| Lawyer Directory | lawyer-directory |
| ListingPro Plugin | listingpro-plugin |
| Livemesh Addons for Beaver Builder | addons-for-beaver-builder |
| MailArchiver | mailarchiver |
| My Tickets – Accessible Event Ticketing | my-tickets |
| NextScripts: Social Networks Auto-Poster | social-networks-auto-poster-facebook-twitter-g |
| OVRI Payment | moneytigo |
| Portfolio Awa | awa-plugins |
| Post Duplicator | post-duplicator |
| PowerPress Podcasting plugin by Blubrry | powerpress |
| Profile Builder Pro | profile-builder-pro |
| Really Simple Security Pro | really-simple-ssl-pro |
| Responsive Lightbox & Gallery | responsive-lightbox |
| Responsive Posts Carousel WordPress Plugin | responsive-posts-carousel-pro |
| Responsive Zoom In/Out Slider WordPress Plugin | lbg_zoominoutslider |
| Riode Core | riode-core |
| Rise Blocks – A Complete Gutenberg Page Builder | rise-blocks |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons |
| Scientific and Interactive Blocks – inseri core | inseri-core |
| Secure Copy Content Protection and Content Locking | secure-copy-content-protection |
| Simple Download Monitor | simple-download-monitor |
| Site Suggest | site-suggest |
| SiteGuard WP Plugin | siteguard |
| Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent | tablesome |
| The Events Calendar | the-events-calendar |
| Theater for WordPress | theatre |
| TP2WP Importer | tp2wp-importer |
| Tutor LMS – eLearning and online course solution | tutor |
| UberSlider – Layer Slider WordPress Plugin | uberSlider_perpetuummobile |
| UberSlider – Layer Slider WordPress Plugin | uberSlider_mouseinteraction |
| UberSlider – Layer Slider WordPress Plugin | uberSlider_ultra |
| uberSlider_classic | uberSlider_classic |
| Ultimate Learning Pro | indeed-learning-pro |
| User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration | wp-user-frontend |
| User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | user-registration |
| W3 Total Cache | w3-total-cache |
| WeDesignTech Ultimate Booking Addon | wedesigntech-ultimate-booking-addon |
| WooCommerce Coming Soon Product with Countdown | woo-coming-soon-product |
| WooCommerce License Manager | fs-license-manager |
| WooCommerce Order Details | woocommerce-order-details |
| Worry Proof Backup | worry-proof-backup |
| WP Accessibility | wp-accessibility |
| WP Attractive Donations System – Easy Stripe & Paypal donations | WP_AttractiveDonationsSystem |
| WP Mail Logging | wp-mail-logging |
| WP Recipe Maker | wp-recipe-maker |
| WP Responsive Images | wp-responsive-images |
| WP Social Meta | wp-social-meta |
| WPGSI: Spreadsheet Integration | wpgsi |
| WPZOOM Addons for Elementor – Starter Templates & Widgets | wpzoom-elementor-addons |
| Xpro Addons — 140+ Widgets for Elementor | xpro-elementor-addons |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Accalia | Dermatology Clinic & Cosmetology WordPress Theme + Elementor | dermatology-clinic |
| Alchemists – Sports, eSports & Gaming Club and News WordPress Theme | alchemists |
| Alliance | Intranet & Extranet BuddyPress WordPress Theme | alliance |
| Anderson | Physical Therapy & Orthopedic Clinic WordPress Theme | andersonclinic |
| Aora – Home & Lifestyle Elementor WooCommerce Theme | aora |
| apollo | apollo |
| Aqualots | aqualots |
| Architecturer WordPress for Interior Designer | architecturer |
| Artrium – Creative Agency & Web Studio WP Theme | artrium |
| asia-garden | asia-garden |
| Automotive Car Dealership Business WordPress Theme | automotive |
| Aviana – Elegant Wellness & Spa WordPress Theme | aviana |
| Bassein | Swimming Pool Cleaning & Maintenance WordPress Theme | bassein |
| Bazinga | Viral Blog WordPress Theme | bazinga |
| Beacon | Funeral Services WordPress Theme | beacon |
| Buzz Stone | Magazine & Viral Blog WordPress Theme | buzzstone |
| Celeste – Life Coach & Therapist WordPress Theme | celeste |
| Chronicle | chronicle |
| Claue – Clean, Minimal Elementor WooCommerce Them | claue |
| CloudMe | Cloud Storage & File-Sharing WordPress Theme | cloudme |
| Cocco – Kids Store and Baby Shop WordPress Theme | cocco |
| Coleo | coleo |
| Conquerors | American Football & NFL PSD Template | conquerors |
| Consultor | A Business Financial Advisor PSD Template | consultor |
| Cortex – Agency WordPress Theme | cortex |
| Crown Art | Drawing and Music School WordPress Theme | crown-art |
| Daiquiri | daiquiri |
| Dentario – Dentist & Medical Elementor Template Kit | dentario |
| Dixon & Lamber | dixon |
| Dolcino – Pastry and Cake Shop WordPress Theme | dolcino |
| Dr.Patterson | Medical & Healthcare Doctor WordPress Theme | dr-patterson |
| Edge Decor | edge-decor |
| Eject | eject |
| Ekoterra – NonProfit & Ecology Theme | ekoterra |
| ElectroServ | Electrical Repair Service WordPress Theme | electroserv |
| Eona – Fashion WordPress Theme | eona |
| Evently – Conference & Meetup WordPress Theme | evently |
| Filmax | Cinema & Movie News Magazine WordPress Theme | filmax |
| Fiorello – Florist and Flower Shop WordPress Theme | fiorello |
| FixTeam | Electronics & Mobile Devices Repair WordPress Theme | fixteam |
| fleur | fleur |
| gamezone | gamezone |
| Gecko 6.0 – Responsive Shopify Theme – RTL support | gecko |
| Good Energy – Ecology & Renewable Energy WordPress Theme | goodenergy |
| GoTravel – Travel Agency WordPress Theme | gotravel |
| grandnews | grandnews |
| Great Lotus | Buddhist Temple WordPress Theme + RTL | great-lotus |
| Green Planet | Environmental Non-Profit WordPress Theme | green-planet |
| Guff – Blog & Magazine Ghost Theme | guff |
| Happy Baby | Nanny & Babysitting Services Children WordPress Theme | happy-baby |
| Helvig – Creative Portfolio WordPress Theme | helvig |
| Holmes – Digital Agency WordPress Theme | holmes |
| Honor | Shooting Club & Weapon and Gun Store Theme | honor |
| horizon | horizon |
| Innovio – Multipurpose Landing Page WordPress Theme | innovio |
| Justicia – Lawyer WordPress Theme | justicia |
| Kingler | kingler |
| Le Truffe | letruffe |
| Legal Stone | Lawyers & Attorneys WordPress Theme | legal-stone |
| LeGrand | Modern Business WordPress Theme | legrand |
| Listee | listee |
| Little Birdies | Multipurpose Children PSD Template | little-birdies |
| M.Williamson | Lawyer & Legal Adviser WordPress Theme | williamson |
| Mahogany | mahogany |
| Malgré – Creative Agency WordPress Theme | malgre |
| Mandala – Responsive Ecommerce WordPress Theme | mandala |
| Marcell – Personal Blog & Magazine WordPress Theme | marcell |
| Marra – Beauty WordPress Theme | marra |
| MCKinney’s Politics | mckinney-politics |
| MediCenter – Health Medical Clinic WordPress Theme | medicenter |
| metro | metro |
| Midi – Sound & Music WordPress Theme | midi |
| Miller | Personal Assistant & Administrative Services WordPress Theme | christine-miller |
| Molla – eCommerce HTML5 Template | molla |
| Music WordPress | musico |
| Muzicon – Music Festival & Concert WordPress Theme | muzicon |
| Nirvana | nirvana |
| Notarius – Legal Advisor WordPress Theme | notarius |
| Overton – Creative WordPress Theme for Agencies and Freelancers | overton |
| Ozisti | Augmented Reality WooCommerce Theme | ozisti |
| Peter Mason | Custom Tailoring and Clothing Store WordPress Theme | petermason |
| photography | photography |
| Pizza House – Restaurant / Cafe / Bistro WordPress Theme | pizzahouse |
| Playa | Beach & Pool Club WordPress Theme | playa |
| Police Department – Fire & Security WordPress Theme | police-department |
| porto | porto |
| quantum | quantum |
| RexCoin – Cryptocurrency & Coin ICO WordPress | rexcoin |
| Run Gran | run-gran |
| Rythmo | rhythmo |
| Save Life | Non-Profit, Charity & Donations WordPress Theme | save-life |
| SetSail – Travel Agency WordPress Theme | setsail |
| Shaha | Islamic Centre & Mosque Theme + RTL | shaha |
| SmartSEO | SEO & Marketing HTML Theme | smartseo |
| Sounder | Internet Radio & Streaming Elementor Template Kit | sounder |
| Starto | Software AI Startup WordPress | starto |
| Sweet Date | sweetdate |
| Sweet Jane – Delightful Cake Shop Theme | sweetjane |
| Tennis SportClub – Tennis Sports Events WordPress Theme | tennis-sportclub |
| The Issue – Versatile Magazine WordPress Theme | theissue |
| The Mounty | Hiking Campground & Children Camping WordPress Theme | the-mounty |
| Tiger Claw | tiger-claw |
| Tooth Fairy – Dentist & Dental Clinic WordPress Theme | tooth-fairy |
| TopFit – Fitness and Gym WordPress Theme | topfit |
| TopScorer – Sports WordPress Theme | topscorer |
| tribe | tribe |
| uDesign – Responsive WordPress Theme | u-design |
| Vapester | Cigarette Store & Vape Shop WooCommerce Theme | vapester |
| Veil – Wedding & Photographer WordPress Theme | veil |
| Verdure – Organic Tea Shop WordPress Theme | verdure |
| Verse – Music, Radio & Concert WordPress Theme | verse |
| wabi-sabi | wabi-sabi |
| WealthCo | wealthco |
| Welldone – Sports Store WordPress Theme | welldone |
| Windsor – Apartment Complex Single Property WordPress Theme | windsor |
| Wolmart | Multi-Vendor Marketplace WooCommerce Theme | wolmart |
| Woopy – Multipurpose Store WooCommerce WordPress Shop Theme | woopy |
| Yacht Rental – Boat Services WordPress Theme | yacht-rental |
| Zentrum – Property & Apartment Showcase WordPress Theme | zentrum |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software
W3 Total Cache [w3-total-cache]
Researcher
Affected Software
WeDesignTech Ultimate Booking Addon [wedesigntech-ultimate-booking-addon]
Researcher
Affected Software
Advanced Woo Labels – Product Labels & Badges for WooCommerce [advanced-woo-labels]
Researcher
Affected Software
Builderall for WordPress [builderall-cheetah-for-wp]
Researcher
Affected Software
Filr – Secure document library [filr-protection]
Researcher
Affected Software
JetEngine [jet-engine]
Researcher
Affected Software
Researcher
WeDesignTech Ultimate Booking Addon <= 1.0.1 – Authenticated (Subscriber+) Authentication Bypass
8.8
Affected Software
WeDesignTech Ultimate Booking Addon [wedesigntech-ultimate-booking-addon]
Researcher
Affected Software
Worry Proof Backup [worry-proof-backup]
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Anderson | Physical Therapy & Orthopedic Clinic WordPress Theme [andersonclinic]
Researcher
Aora – Home & Lifestyle Elementor WooCommerce Theme <= 1.3.15 – Unauthenticated Local File Inclusion
8.1
Affected Software
Researcher
Affected Software
apollo [apollo]
Researcher
Affected Software
Researcher
Affected Software
asia-garden [asia-garden]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Bazinga | Viral Blog WordPress Theme [bazinga]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Chronicle [chronicle]
Researcher
Affected Software
Researcher
Cocco – Kids Store and Baby Shop WordPress Theme <= 1.5.1 – Unauthenticated Local File Inclusion
8.1
Affected Software
Researcher
Conquerors | American Football & NFL PSD Template <= 1.2.13 – Unauthenticated Local File Inclusion
8.1
Affected Software
Conquerors | American Football & NFL PSD Template [conquerors]
Researcher
Affected Software
Researcher
Affected Software
Cortex – Agency WordPress Theme [cortex]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Accalia | Dermatology Clinic & Cosmetology WordPress Theme + Elementor [dermatology-clinic]
Researcher
Affected Software
Dixon & Lamber [dixon]
Researcher
Affected Software
Researcher
Affected Software
Dr.Patterson | Medical & Healthcare Doctor WordPress Theme [dr-patterson]
Researcher
Affected Software
Edge Decor [edge-decor]
Researcher
Affected Software
Ekoterra – NonProfit & Ecology Theme [ekoterra]
Researcher
Affected Software
ElectroServ | Electrical Repair Service WordPress Theme [electroserv]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Fiorello – Florist and Flower Shop WordPress Theme <= 1.0 – Unauthenticated Local File Inclusion
8.1
Affected Software
Researcher
Affected Software
Researcher
Affected Software
fleur [fleur]
Researcher
Affected Software
Researcher
Affected Software
GoTravel – Travel Agency WordPress Theme [gotravel]
Researcher
Great Lotus | Buddhist Temple WordPress Theme + RTL <= 1.3.1 – Unauthenticated Local File Inclusion
8.1
Affected Software
Great Lotus | Buddhist Temple WordPress Theme + RTL [great-lotus]
Researcher
Affected Software
Green Planet | Environmental Non-Profit WordPress Theme [green-planet]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Honor | Shooting Club & Weapon and Gun Store Theme <= 2.3 – Unauthenticated Local File Inclusion
8.1
Affected Software
Researcher
Affected Software
horizon [horizon]
Researcher
Innovio – Multipurpose Landing Page WordPress Theme <= 1.7 – Unauthenticated Local File Inclusion
8.1
Affected Software
Researcher
Affected Software
Justicia – Lawyer WordPress Theme [justicia]
Researcher
Affected Software
Kingler [kingler]
Researcher
Affected Software
Legal Stone | Lawyers & Attorneys WordPress Theme [legal-stone]
Researcher
Affected Software
Researcher
Little Birdies | Multipurpose Children PSD Template <= 1.3.16 – Unauthenticated Local File Inclusion
8.1
Affected Software
Little Birdies | Multipurpose Children PSD Template [little-birdies]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Marra – Beauty WordPress Theme [marra]
Researcher
Affected Software
MCKinney’s Politics [mckinney-politics]
Researcher
Affected Software
metro [metro]
Researcher
Affected Software
Researcher
Affected Software
Miller | Personal Assistant & Administrative Services WordPress Theme [christine-miller]
Researcher
Affected Software
Molla – eCommerce HTML5 Template [molla]
Researcher
Affected Software
Researcher
Affected Software
Nirvana [nirvana]
Researcher
Affected Software
Notarius – Legal Advisor WordPress Theme [notarius]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Police Department – Fire & Security WordPress Theme [police-department]
Researcher
Affected Software
quantum [quantum]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
SetSail – Travel Agency WordPress Theme [setsail]
Researcher
Affected Software
Researcher
Affected Software
SmartSEO | SEO & Marketing HTML Theme [smartseo]
Researcher
Affected Software
Researcher
Affected Software
Sweet Date [sweetdate]
Researcher
Affected Software
Sweet Jane – Delightful Cake Shop Theme [sweetjane]
Researcher
Affected Software
Tennis SportClub – Tennis Sports Events WordPress Theme [tennis-sportclub]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Tiger Claw [tiger-claw]
Researcher
Tooth Fairy – Dentist & Dental Clinic WordPress Theme <= 1.16 – Unauthenticated Local File Inclusion
8.1
Affected Software
Tooth Fairy – Dentist & Dental Clinic WordPress Theme [tooth-fairy]
Researcher
Affected Software
Researcher
Affected Software
TopScorer – Sports WordPress Theme [topscorer]
Researcher
Affected Software
tribe [tribe]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
wabi-sabi [wabi-sabi]
Researcher
Affected Software
Welldone – Sports Store WordPress Theme [welldone]
Researcher
Affected Software
Researcher
Wolmart | Multi-Vendor Marketplace WooCommerce Theme <= 1.9.6 – Unauthenticated Local File Inclusion
8.1
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Yacht Rental – Boat Services WordPress Theme [yacht-rental]
Researcher
Affected Software
Researcher
Affected Software
Fluent Forms Pro Add On Pack [fluentformpro]
Researcher
Affected Software
Geo Mashup [geo-mashup]
Researcher
Affected Software
NextScripts: Social Networks Auto-Poster [social-networks-auto-poster-facebook-twitter-g]
Researcher
Affected Software
PowerPress Podcasting plugin by Blubrry [powerpress]
Researcher
Affected Software
Profile Builder Pro [profile-builder-pro]
Researcher
Affected Software
Riode Core [riode-core]
Researcher
Affected Software
Researcher
Affected Software
WP Attractive Donations System – Easy Stripe & Paypal donations [WP_AttractiveDonationsSystem]
Researcher
Affected Software
WP Mail Logging [wp-mail-logging]
Researcher
Affected Software
WP Responsive Images [wp-responsive-images]
Researcher
Affected Software
WPGSI: Spreadsheet Integration [wpgsi]
Researcher
Affected Software
Researcher
Affected Software
Bakery Autoresponder Addon [vc-autoresponder-addon]
Researcher
Affected Software
Lawyer Directory [lawyer-directory]
Researcher
Affected Software
photography [photography]
Researcher
Affected Software
Responsive Lightbox & Gallery [responsive-lightbox]
Researcher
Affected Software
WooCommerce License Manager [fs-license-manager]
Researcher
Affected Software
Eagle Booking [eagle-booking]
Researcher
Affected Software
OVRI Payment [moneytigo]
Researcher
Affected Software
Researcher
Affected Software
Automotive Car Dealership Business WordPress Theme [automotive]
Researcher
Affected Software
Electric Enquiries [electric-enquiries]
Researcher
Affected Software
Livemesh Addons for Beaver Builder [addons-for-beaver-builder]
Researcher
Affected Software
Rise Blocks – A Complete Gutenberg Page Builder [rise-blocks]
Researcher
Affected Software
Secure Copy Content Protection and Content Locking [secure-copy-content-protection]
Researcher
Affected Software
Simple Download Monitor [simple-download-monitor]
Researcher
Affected Software
Theater for WordPress [theatre]
Researcher
Affected Software
WooCommerce Coming Soon Product with Countdown [woo-coming-soon-product]
Researcher
Affected Software
WP Accessibility [wp-accessibility]
Researcher
Affected Software
Xpro Addons — 140+ Widgets for Elementor [xpro-elementor-addons]
Researcher
Affected Software
AllInOne – Banner Rotator [all-in-one-bannerRotator]
Researcher
Affected Software
Architecturer WordPress for Interior Designer [architecturer]
Researcher
Affected Software
Portfolio Awa [awa-plugins]
Researcher
Affected Software
Researcher
Affected Software
designthemes-portfolio [designthemes-portfolio]
Researcher
Affected Software
EM Cost Calculator [cost-calculator]
Researcher
Affected Software
Researcher
Affected Software
grandnews [grandnews]
Researcher
Affected Software
LambertGroup – AllInOne – Banner with Playlist [all-in-one-bannerWithPlaylist]
Researcher
Affected Software
LambertGroup – AllInOne – Banner with Thumbnails [all-in-one-thumbnailsBanner]
Researcher
Affected Software
LambertGroup – AllInOne – Content Slider [all-in-one-contentSlider]
Researcher
Affected Software
ListingPro Plugin [listingpro-plugin]
Researcher
Affected Software
MediCenter – Health Medical Clinic WordPress Theme [medicenter]
Researcher
Affected Software
metro [metro]
Researcher
Affected Software
Music WordPress [musico]
Researcher
Affected Software
porto [porto]
Researcher
Affected Software
Responsive Zoom In/Out Slider WordPress Plugin [lbg_zoominoutslider]
Researcher
Affected Software
Frontend Publishing Pro [rh-frontend]
Researcher
Affected Software
Researcher
Affected Software
uberSlider_classic [uberSlider_classic]
Researcher
Affected Software
UberSlider – Layer Slider WordPress Plugin [uberSlider_mouseinteraction]
Researcher
Affected Software
UberSlider – Layer Slider WordPress Plugin [uberSlider_perpetuummobile]
Researcher
Affected Software
UberSlider – Layer Slider WordPress Plugin [uberSlider_ultra]
Researcher
Affected Software
uDesign – Responsive WordPress Theme [u-design]
Researcher
Affected Software
Ultimate Learning Pro [indeed-learning-pro]
Researcher
Affected Software
The Events Calendar [the-events-calendar]
Researcher
Affected Software
Bakery Autoresponder Addon [vc-autoresponder-addon]
Researcher
Affected Software
DT Booking – WordPress Ultimate Booking Plugin [designthemes-booking-manager]
Researcher
Affected Software
DT – Directory WordPress Plugin [designthemes-directory-addon]
Researcher
Affected Software
Directory Pro [directory-pro]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Japanized for WooCommerce [woocommerce-for-japan]
Researcher
Affected Software
My Tickets – Accessible Event Ticketing [my-tickets]
Researcher
Affected Software
Responsive Posts Carousel WordPress Plugin [responsive-posts-carousel-pro]
Researcher
Affected Software
Royal Addons for Elementor – Addons and Templates Kit for Elementor [royal-elementor-addons]
Researcher
Affected Software
Scientific and Interactive Blocks – inseri core [inseri-core]
Researcher
Affected Software
Site Suggest [site-suggest]
Researcher
Affected Software
SiteGuard WP Plugin [siteguard]
Researcher
Affected Software
Researcher
Affected Software
WeDesignTech Ultimate Booking Addon [wedesigntech-ultimate-booking-addon]
Researcher
Affected Software
WooCommerce Order Details [woocommerce-order-details]
Researcher
Affected Software
WP Recipe Maker [wp-recipe-maker]
Researcher
Affected Software
Responsive Lightbox & Gallery [responsive-lightbox]
Researcher
Affected Software
Researcher
Affected Software
MailArchiver [mailarchiver]
Researcher
Affected Software
Custom Logo [custom-logo]
Researcher
Affected Software
TP2WP Importer [tp2wp-importer]
Researcher
WP Social Meta <= 1.0.1 – Authenticated (Administrator+) Stored Cross-Site Scripting via Settings
4.4
Affected Software
WP Social Meta [wp-social-meta]
Researcher
Affected Software
Classified Listing – AI-Powered Classified ads & Business Directory Plugin [classified-listing]
Researcher
Affected Software
Disable Admin Notices – Hide Dashboard Notifications [disable-admin-notices]
Researcher
Affected Software
Post Duplicator [post-duplicator]
Researcher
Really Simple Security Pro <= 9.5.4.0 – Authenticated (Subscriber+) Insecure Direct Object Reference
4.3
Affected Software
Really Simple Security Pro [really-simple-ssl-pro]
Researcher
Affected Software
Researcher
Affected Software
WP Recipe Maker [wp-recipe-maker]
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (February 23, 2026 to March 1, 2026) appeared first on Wordfence.
