Calling all Vulnerability Researchers and Bug Bounty Hunters!
Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big!
Last week, there were 87 vulnerabilities disclosed in 61 WordPress Plugins and 13 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 40 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 27,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 48 |
| Unpatched | 39 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 54 |
| High Severity | 25 |
| Critical Severity | 8 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 28 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 15 |
| Missing Authorization | 12 |
| Deserialization of Untrusted Data | 8 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 4 |
| Unrestricted Upload of File with Dangerous Type | 4 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 3 |
| Exposure of Sensitive Information to an Unauthorized Actor | 2 |
| Improper Control of Generation of Code (‘Code Injection’) | 2 |
| Improper Privilege Management | 2 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| Authorization Bypass Through User-Controlled Key | 1 |
| External Control of File Name or Path | 1 |
| Improper Neutralization of Formula Elements in a CSV File | 1 |
| Server-Side Request Forgery (SSRF) | 1 |
| Unverified Password Change | 1 |
| Use of Hard-coded Credentials | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 9 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| AI Engine | ai-engine |
| Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) | azon-addon-js-composer |
| BeeTeam368 Extensions | beeteam368-extensions |
| Broken Link Notifier | broken-link-notifier |
| Contact Form 7 Editor Button | cf7-editor-button |
| CoSchool LMS – A complete Learning Management System to Create and Sell Your Courses Online | coschool |
| CSS3 Compare Pricing Tables for WordPress | css3_web_pricing_tables_grids |
| Dot html,php,xml etc pages | dot-htmlphpxml-etc-pages |
| Essential Addons for Elementor – Popular Elementor Templates & Widgets | essential-addons-for-elementor-lite |
| Events Manager – Calendar, Bookings, Tickets, and more! | events-manager |
| FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel | foogallery |
| Friends | friends |
| FunnelKit – Funnel Builder for WooCommerce Checkout | funnel-builder |
| GB Forms DB | gb-forms-db |
| Guest Support – Complete customer support ticket system for WordPress | guest-support |
| Gutenberg Blocks with AI by Kadence WP – Page Builder Features | kadence-blocks |
| Gwolle Guestbook | gwolle-gb |
| HTML5 Radio Player – WPBakery Page Builder Addon | lbg-cleverbakery |
| Infility Global | infility-global |
| Internal Linking of Related Contents | internal-linking-of-related-contents |
| Lana Downloads Manager | lana-downloads-manager |
| Lightbox & Modal Popup WordPress Plugin – FooBox | foobox-image-lightbox |
| LoginWP – Pro | loginwp-pro |
| Media Folder | media-folder |
| Modern Events Calendar Lite | modern-events-calendar-lite |
| Multi-language Responsive Contact Form | responsive-contact-form |
| Pakke Envíos | pakke |
| Pay with Contact Form 7 | pay-with-contact-form-7 |
| Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI | contest-gallery |
| Premium Age Verification / Restriction for WordPress | age-restriction |
| Premium SEO Pack – WP SEO Plugin | premium-seo-pack |
| Pro Bulk Watermark Plugin for WordPress | pro-watermark |
| Product XML Feed Manager for WooCommerce – Google Shopping, Social Sites, Skroutz & More | product-xml-feeds-for-woocommerce |
| ProfileGrid – User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
| Profiler – What Slowing Down Your WP | profiler-what-slowing-down |
| PW WooCommerce On Sale! | pw-woocommerce-on-sale |
| RSFirewall! | rsfirewall |
| Simple Featured Image | simple-featured-image |
| Site Chat on Telegram | site-chat-on-telegram |
| SmartSEO | SEO & Marketing Services WordPress Theme | smartseo |
| SMu Manual DoFollow | manuall-dofollow |
| Super Store Finder | superstorefinder-wp |
| Support Board | supportboard |
| SureForms – Drag and Drop Form Builder for WordPress | sureforms |
| Tennis Court Bookings | tennis-court-bookings |
| The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis | profitori |
| Torod – The smart shipping and delivery portal for e-shops and retailers | torod |
| Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More | ultimate-push-notifications |
| URL Shortener Plugin For WordPress | exact-links |
| WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible | wc-frontend-manager |
| Widget for Google Reviews | business-reviews-wp |
| Wishlist for WooCommerce: Multi Wishlists Per Customer | wish-list-for-woocommerce |
| WordPress Auto Spinner | wp-auto-spinner |
| wordpress-flat-countdown | wordpress-flat-countdown |
| WP Pipes | wp-pipes |
| WP Register Profile With Shortcode | wp-register-profile-with-shortcode |
| WP-BusinessDirectory – Business directory plugin for WordPress | wp-businessdirectory |
| WPBookit | wpbookit |
| WPC Smart Compare for WooCommerce | woo-smart-compare |
| wpForo Forum | wpforo |
| WPGYM – WordPress Gym Management System | gym-management |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| electrician | electrician |
| fwdevp | fwdevp |
| Hillter – Responsive Hotel Booking for WordPress | hillter |
| Invico – WordPress Consulting Business Theme | invico |
| ListingEasy – Directory Listing WordPress Theme | listingeasy |
| Noisa | noisa |
| Nokri – Job Board WordPress Theme | nokri |
| Nuss – Hotel Booking WordPress | nuss |
| Ofiz – WordPress Business Consulting Theme | ofiz |
| Sala – Startup & SaaS WordPress Theme | sala |
| Travel Booking WordPress Theme | traveler |
| Woodmart | woodmart |
| Yogi – Health Beauty & Yoga WordPress Theme | yogi |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-5392
CVE-2025-5392
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
GB Forms DB
GB Forms DB
Researcher
CVE-ID
CVE-2025-31070
CVE-2025-31070
Patch Status
Patched
Patched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
HTML5 Radio Player – WPBakery Page Builder Addon
HTML5 Radio Player – WPBakery Page Builder Addon
Researcher
CVE-ID
CVE-2025-7401
CVE-2025-7401
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
Premium Age Verification / Restriction for WordPress
Premium Age Verification / Restriction for WordPress
Researcher
CVE-ID
CVE-2025-4606
CVE-2025-4606
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Sala – Startup & SaaS WordPress Theme
Sala – Startup & SaaS WordPress Theme
Researcher
CVE-ID
CVE-2025-4828
CVE-2025-4828
Patch Status
Patched
Patched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Support Board
Support Board
Researcher
CVE-ID
CVE-2025-4855
CVE-2025-4855
Patch Status
Patched
Patched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Support Board
Support Board
Researcher
CVE-ID
CVE-2025-52836
CVE-2025-52836
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis
Researcher
CVE-ID
CVE-2025-6058
CVE-2025-6058
Patch Status
Patched
Patched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
WPBookit
WPBookit
Researcher
CVE-ID
CVE-2025-6423
CVE-2025-6423
Patch Status
Patched
Patched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
BeeTeam368 Extensions
BeeTeam368 Extensions
Researcher
CVE-ID
CVE-2025-24777
CVE-2025-24777
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Hillter – Responsive Hotel Booking for WordPress
Hillter – Responsive Hotel Booking for WordPress
Researcher
CVE-ID
CVE-2025-1313
CVE-2025-1313
Patch Status
Patched
Patched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
Nokri – Job Board WordPress Theme
Nokri – Job Board WordPress Theme
Researcher
CVE-ID
CVE-2025-29004
CVE-2025-29004
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
wordpress-flat-countdown
wordpress-flat-countdown
Researcher
CVE-ID
CVE-2025-7327
CVE-2025-7327
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Widget for Google Reviews
Widget for Google Reviews
Researcher
CVE-ID
CVE-2025-6746
CVE-2025-6746
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Woodmart
Woodmart
Researcher
CVE-ID
CVE-2025-6057
CVE-2025-6057
Patch Status
Patched
Patched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
WPBookit
WPBookit
Researcher
CVE-ID
CVE-2025-24779
CVE-2025-24779
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Yogi – Health Beauty & Yoga WordPress Theme
Yogi – Health Beauty & Yoga WordPress Theme
Researcher
CVE-ID
CVE-2025-30973
CVE-2025-30973
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
CoSchool LMS – A complete Learning Management System to Create and Sell Your Courses Online
CoSchool LMS – A complete Learning Management System to Create and Sell Your Courses Online
Researcher
CVE-ID
CVE-2025-30949
CVE-2025-30949
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Site Chat on Telegram
Site Chat on Telegram
Researcher
CVE-ID
CVE-2025-47571
CVE-2025-47571
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Super Store Finder
Super Store Finder
Researcher
CVE-ID
CVE-2025-6691
CVE-2025-6691
Patch Status
Patched
Patched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
SureForms – Drag and Drop Form Builder for WordPress
SureForms – Drag and Drop Form Builder for WordPress
Researcher
CVE-ID
CVE-2025-28961
CVE-2025-28961
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
URL Shortener Plugin For WordPress
URL Shortener Plugin For WordPress
Researcher
CVE-ID
CVE-2025-6970
CVE-2025-6970
Patch Status
Patched
Patched
Published
Jul 9, 2025
Jul 9, 2025
Affected Software
Events Manager – Calendar, Bookings, Tickets, and more!
Events Manager – Calendar, Bookings, Tickets, and more!
Researcher
CVE-ID
CVE-2025-7504
CVE-2025-7504
Patch Status
Patched
Patched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
Friends
Friends
Researcher
CVE-ID
CVE-2025-6742
CVE-2025-6742
Patch Status
Patched
Patched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
SureForms – Drag and Drop Form Builder for WordPress
SureForms – Drag and Drop Form Builder for WordPress
Researcher
CVE-ID
CVE-2025-30936
CVE-2025-30936
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Torod – The smart shipping and delivery portal for e-shops and retailers
Torod – The smart shipping and delivery portal for e-shops and retailers
Researcher
CVE-ID
CVE-2025-52714
CVE-2025-52714
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
Travel Booking WordPress Theme
Travel Booking WordPress Theme
Researcher
CVE-ID
CVE-2025-28959
CVE-2025-28959
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
URL Shortener Plugin For WordPress
URL Shortener Plugin For WordPress
Researcher
CVE-ID
CVE-2025-28982
CVE-2025-28982
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
WP Pipes
WP Pipes
Researcher
CVE-ID
CVE-2025-24759
CVE-2025-24759
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
WP-BusinessDirectory – Business directory plugin for WordPress
WP-BusinessDirectory – Business directory plugin for WordPress
Researcher
CVE-ID
CVE-2025-7442
CVE-2025-7442
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
WPGYM – WordPress Gym Management System
WPGYM – WordPress Gym Management System
Researcher
CVE-ID
CVE-2025-6744
CVE-2025-6744
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Woodmart
Woodmart
Researcher
CVE-ID
CVE-2025-6851
CVE-2025-6851
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
Broken Link Notifier
Broken Link Notifier
Researcher
CVE-ID
CVE-2025-30628
CVE-2025-30628
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Researcher
CVE-ID
CVE-2025-28955
CVE-2025-28955
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
fwdevp
fwdevp
Researcher
CVE-ID
CVE-2025-52819
CVE-2025-52819
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Pakke Envíos
Pakke Envíos
Researcher
CVE-ID
CVE-2025-31044
CVE-2025-31044
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Premium SEO Pack – WP SEO Plugin
Premium SEO Pack – WP SEO Plugin
Researcher
CVE-ID
CVE-2025-49876
CVE-2025-49876
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
ProfileGrid – User Profiles, Groups and Communities
ProfileGrid – User Profiles, Groups and Communities
Researcher
CVE-ID
CVE-2025-28953
CVE-2025-28953
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
SmartSEO | SEO & Marketing Services WordPress Theme
SmartSEO | SEO & Marketing Services WordPress Theme
Researcher
CVE-ID
CVE-2025-3780
CVE-2025-3780
Patch Status
Patched
Patched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
Researcher
CVE-ID
CVE-2025-4593
CVE-2025-4593
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
WP Register Profile With Shortcode
WP Register Profile With Shortcode
Researcher
CVE-ID
CVE-2025-32574
CVE-2025-32574
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
WPGYM – WordPress Gym Management System
WPGYM – WordPress Gym Management System
Researcher
CVE-ID
CVE-2025-6716
CVE-2025-6716
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
CVE-ID
CVE-2025-6244
CVE-2025-6244
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Essential Addons for Elementor – Popular Elementor Templates & Widgets
Essential Addons for Elementor – Popular Elementor Templates & Widgets
Researcher
CVE-ID
CVE-2025-6976
CVE-2025-6976
Patch Status
Patched
Patched
Published
Jul 9, 2025
Jul 9, 2025
Affected Software
Events Manager – Calendar, Bookings, Tickets, and more!
Events Manager – Calendar, Bookings, Tickets, and more!
Researcher
CVE-ID
CVE-2025-6068
CVE-2025-6068
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
Researcher
CVE-ID
CVE-2025-5678
CVE-2025-5678
Patch Status
Patched
Patched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Researcher
CVE-ID
CVE-2025-5537
CVE-2025-5537
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Lightbox & Modal Popup WordPress Plugin – FooBox
Lightbox & Modal Popup WordPress Plugin – FooBox
Researcher
CVE-ID
CVE-2025-7059
CVE-2025-7059
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Simple Featured Image
Simple Featured Image
Researcher
CVE-ID
CVE-2025-6743
CVE-2025-6743
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Woodmart
Woodmart
Researcher
CVE-ID
CVE-2025-5530
CVE-2025-5530
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
WPC Smart Compare for WooCommerce
WPC Smart Compare for WooCommerce
Researcher
CVE-ID
CVE-2025-48345
CVE-2025-48345
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Contact Form 7 Editor Button
Contact Form 7 Editor Button
Researcher
CVE-ID
CVE-2025-48291
CVE-2025-48291
Patch Status
Patched
Patched
Published
Jul 11, 2025
Jul 11, 2025
CVE-ID
CVE-2025-47554
CVE-2025-47554
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
CSS3 Compare Pricing Tables for WordPress
CSS3 Compare Pricing Tables for WordPress
Researcher
CVE-ID
CVE-2025-52779
CVE-2025-52779
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Dot html,php,xml etc pages
Dot html,php,xml etc pages
Researcher
CVE-ID
CVE-2025-31055
CVE-2025-31055
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
electrician
electrician
Researcher
CVE-ID
CVE-2025-6975
CVE-2025-6975
Patch Status
Patched
Patched
Published
Jul 9, 2025
Jul 9, 2025
Affected Software
Events Manager – Calendar, Bookings, Tickets, and more!
Events Manager – Calendar, Bookings, Tickets, and more!
Researcher
CVE-ID
CVE-2025-5807
CVE-2025-5807
Patch Status
Patched
Patched
Published
Jul 9, 2025
Jul 9, 2025
Affected Software
Gwolle Guestbook
Gwolle Guestbook
Researcher
CVE-ID
CVE-2025-47652
CVE-2025-47652
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Infility Global
Infility Global
Researcher
CVE-ID
CVE-2025-31427
CVE-2025-31427
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Invico – WordPress Consulting Business Theme
Invico – WordPress Consulting Business Theme
Researcher
CVE-ID
CVE-2025-30955
CVE-2025-30955
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
ListingEasy – Directory Listing WordPress Theme
ListingEasy – Directory Listing WordPress Theme
Researcher
CVE-ID
CVE-2025-52786
CVE-2025-52786
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Media Folder
Media Folder
Researcher
CVE-ID
CVE-2025-31072
CVE-2025-31072
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Ofiz – WordPress Business Consulting Theme
Ofiz – WordPress Business Consulting Theme
Researcher
CVE-ID
CVE-2025-52777
CVE-2025-52777
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Pay with Contact Form 7
Pay with Contact Form 7
Researcher
CVE-ID
CVE-2025-49031
CVE-2025-49031
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
SMu Manual DoFollow
SMu Manual DoFollow
Researcher
CVE-ID
CVE-2025-52787
CVE-2025-52787
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Tennis Court Bookings
Tennis Court Bookings
Researcher
CVE-ID
CVE-2025-46500
CVE-2025-46500
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
WordPress Auto Spinner
WordPress Auto Spinner
Researcher
CVE-ID
CVE-2025-7387
CVE-2025-7387
Patch Status
Patched
Patched
Published
Jul 9, 2025
Jul 9, 2025
Affected Software
Lana Downloads Manager
Lana Downloads Manager
Researcher
wpForo Forum <= 2.4.5 – Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar
5.4
CVE-ID
CVE-2025-4406
CVE-2025-4406
Patch Status
Patched
Patched
Published
Jul 9, 2025
Jul 9, 2025
Affected Software
wpForo Forum
wpForo Forum
Researcher
CVE-ID
CVE-2025-5957
CVE-2025-5957
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Guest Support – Complete customer support ticket system for WordPress
Guest Support – Complete customer support ticket system for WordPress
Researcher
CVE-ID
CVE-2025-49884
CVE-2025-49884
Patch Status
Patched
Patched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Internal Linking of Related Contents
Internal Linking of Related Contents
Researcher
CVE-ID
CVE-2025-39561
CVE-2025-39561
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
LoginWP – Pro
LoginWP – Pro
Researcher
CVE-ID
CVE-2025-29000
CVE-2025-29000
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Multi-language Responsive Contact Form
Multi-language Responsive Contact Form
Researcher
CVE-ID
CVE-2025-52804
CVE-2025-52804
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Nuss – Hotel Booking WordPress
Nuss – Hotel Booking WordPress
Researcher
CVE-ID
CVE-2025-30959
CVE-2025-30959
Patch Status
Patched
Patched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
Product XML Feed Manager for WooCommerce – Google Shopping, Social Sites, Skroutz & More
Product XML Feed Manager for WooCommerce – Google Shopping, Social Sites, Skroutz & More
Researcher
CVE-ID
CVE-2025-48339
CVE-2025-48339
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
Profiler – What Slowing Down Your WP
Profiler – What Slowing Down Your WP
Researcher
CVE-ID
CVE-2025-52803
CVE-2025-52803
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
Sala – Startup & SaaS WordPress Theme
Sala – Startup & SaaS WordPress Theme
Researcher
CVE-ID
CVE-2025-50028
CVE-2025-50028
Patch Status
Unpatched
Unpatched
Published
Jul 7, 2025
Jul 7, 2025
CVE-ID
CVE-2025-49319
CVE-2025-49319
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
Wishlist for WooCommerce: Multi Wishlists Per Customer
Wishlist for WooCommerce: Multi Wishlists Per Customer
Researcher
CVE-ID
CVE-2025-6745
CVE-2025-6745
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
Woodmart
Woodmart
Researcher
CVE-ID
CVE-2025-49034
CVE-2025-49034
Patch Status
Patched
Patched
Published
Jul 8, 2025
Jul 8, 2025
Affected Software
FunnelKit – Funnel Builder for WooCommerce Checkout
FunnelKit – Funnel Builder for WooCommerce Checkout
Researcher
CVE-ID
CVE-2025-7518
CVE-2025-7518
Patch Status
Patched
Patched
Published
Jul 11, 2025
Jul 11, 2025
Affected Software
RSFirewall!
RSFirewall!
CVE-ID
CVE-2025-28973
CVE-2025-28973
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
Pro Bulk Watermark Plugin for WordPress
Pro Bulk Watermark Plugin for WordPress
Researcher
CVE-ID
CVE-2025-49888
CVE-2025-49888
Patch Status
Patched
Patched
Published
Jul 7, 2025
Jul 7, 2025
Affected Software
PW WooCommerce On Sale!
PW WooCommerce On Sale!
Researcher
CVE-ID
CVE-2025-6838
CVE-2025-6838
Patch Status
Patched
Patched
Published
Jul 10, 2025
Jul 10, 2025
Affected Software
Broken Link Notifier
Broken Link Notifier
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (July 7, 2025 to July 13, 2025) appeared first on Wordfence.
