Calling all Vulnerability Researchers and Bug Bounty Hunters!
Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big!
Participate in the SQLsplorer Challenge! Now through September 22, 2025, all SQL Injection vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier AND earn a 20% bonus on all SQL Injection vulnerability submissions.
Last week, there were 107 vulnerabilities disclosed in 91 WordPress Plugins and 8 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 43 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 28,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 86 |
| Unpatched | 21 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 74 |
| High Severity | 26 |
| Critical Severity | 7 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 42 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 12 |
| Missing Authorization | 12 |
| Cross-Site Request Forgery (CSRF) | 9 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 5 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 4 |
| Deserialization of Untrusted Data | 3 |
| Exposure of Sensitive Information to an Unauthorized Actor | 3 |
| Unrestricted Upload of File with Dangerous Type | 3 |
| Authorization Bypass Through User-Controlled Key | 2 |
| Improper Privilege Management | 2 |
| Incorrect Privilege Assignment | 2 |
| Absolute Path Traversal | 1 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) | 1 |
| Improper Authorization | 1 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Incorrect Authorization | 1 |
| Server-Side Request Forgery (SSRF) | 1 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 9 | |
| 8 | |
| 8 | |
| 8 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 360 Photo Spheres | 360-sphere-images |
| Advanced Google Universal Analytics | advanced-google-universal-analytics |
| AI Engine | ai-engine |
| All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier | aio-time-clock-lite |
| Appointment Booking Plugin for WordPress | Efficient Booking, Calendar & Client Scheduling – Bookify | bookify |
| BeeTeam368 Extensions | beeteam368-extensions |
| BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript | searchpro |
| BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security | bitfire |
| BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed | blockspare |
| Bonanza – WooCommerce Free Gifts Lite | bonanza-woocommerce-free-gifts-lite |
| Brave Conversion Engine (PRO) | bravepopup-pro |
| Brizy – Page Builder | brizy |
| BuddyPress XProfile Custom Image Field | buddypress-xprofile-image-field |
| Button Block – Get fully customizable & multi-functional buttons | button-block |
| Chartify – WordPress Chart Plugin | chart-builder |
| Classified Listing – Classified ads & Business Directory Plugin | classified-listing |
| Connector for Gravity Forms and Google Sheets | wp-gravity-forms-spreadsheets |
| Content Egg | content-egg |
| Custom API for WP | custom-api-for-wp |
| Custom Word Cloud | custom-word-cloud |
| Customer Reviews for WooCommerce | customer-reviews-woocommerce |
| DELUCKS SEO | delucks-seo |
| Easiest Funnel Builder For WordPress & WooCommerce, Specialized For Digital Creators – WPFunnels | wpfunnels |
| Easy Elementor Addons | easy-elementor-addons |
| Ebook Store | ebook-store |
| Elementor Website Builder – More Than Just a Page Builder | elementor |
| Event Booking Manager for WooCommerce – WpEvently | mage-eventpress |
| Fan Page | fan-page |
| File Manager for Google Drive – Integrate Google Drive with WordPress | integrate-google-drive |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| Google Map Targeting | gmap-targeting |
| Graphina – Elementor Charts and Graphs | graphina-elementor-charts-and-graphs |
| Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks | advanced-gutenberg |
| HT Mega – Absolute Addons For Elementor | ht-mega-for-elementor |
| Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings | hydra-booking |
| IDonate – Blood Donation, Request And Donor Management System | idonate |
| Image Gallery | bee-quick-gallery |
| Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms | cf7-constant-contact |
| JetEngine | jet-engine |
| JetTabs | jet-tabs |
| Magic Edge – Lite | magic-edge-lite-image-background-remover |
| Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) | magical-addons-for-elementor |
| Magical Posts Display – Elementor Advanced Posts widgets | magical-posts-display |
| Masteriyo LMS – Online Course Builder for eLearning, LMS & Education | learning-management-system |
| Medical Addon for Elementor | medical-addon-for-elementor |
| MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | metform |
| Mmm Unity Loader | mmm-unity-loader |
| Motors – Car Dealership & Classified Listings Plugin | motors-car-dealership-classified-listings |
| myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program. | mycred |
| Newsletters | newsletters-lite |
| NinjaScanner – Virus & Malware scan | ninjascanner |
| Ocean Social Sharing | ocean-social-sharing |
| oik | oik |
| Online Booking & Scheduling Calendar for WordPress by vcita | meeting-scheduler-by-vcita |
| Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | paid-member-subscriptions |
| Photo Engine (Media Organizer & Lightroom) | wplr-sync |
| Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI | contest-gallery |
| PressForward | pressforward |
| Product Configurator for WooCommerce | product-configurator-for-woocommerce |
| Product XML Feed Manager for WooCommerce – Google Shopping, Social Sites, Skroutz & More | product-xml-feeds-for-woocommerce |
| Qi Addons For Elementor | qi-addons-for-elementor |
| Realtyna Organic IDX plugin + WPL Real Estate | real-estate-listing-realtyna-wpl |
| RT-Theme 18 Responsive WordPress Theme | rt18-extensions |
| SEO Metrics | seo-metrics-helper |
| Service Finder Bookings | sf-booking |
| Service Finder SMS System | aone-sms |
| ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | shortpixel-adaptive-images |
| Simple File List | simple-file-list |
| Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) | sina-extension-for-elementor |
| Sky Addons – Elementor Addons with Widgets & Templates | sky-elementor-addons |
| Smart Slider 3 | smart-slider-3 |
| StoreKeeper for WooCommerce | storekeeper-for-woocommerce |
| Stratum – Elementor Widgets | stratum |
| StreamWeasels Kick Integration | streamweasels-kick-integration |
| StreamWeasels Twitch Integration | streamweasels-twitch-integration |
| StreamWeasels YouTube Integration | streamweasels-youtube-integration |
| Super Store Finder | superstorefinder-wp |
| Supermalink | supermalink |
| SureDash | suredash |
| The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce | the-plus-addons-for-elementor-page-builder |
| Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) | header-footer-elementor |
| Woffice Core | woffice-core |
| woozone-contextual | woozone-contextual |
| WordPress Booking Plugin – TheBooking | thebooking |
| WordPress Image Gallery Plugin – WordPress Photo Gallery | cubeportfolio |
| WP CTA | easy-sticky-sidebar |
| WP LOL Rotation | league-of-legends-rotation |
| WP Modal Popup with Cookie Integration | wp-modal-popup-with-cookie-integration |
| WP REST Cache | wp-rest-cache |
| YITH WooCommerce Popup | yith-woocommerce-popup |
| YouTube Embed – YouTube Gallery, Vimeo Gallery – WordPress Plugin | youram-youtube-embed |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Appzend | appzend |
| Blogger Buzz | blogger-buzz |
| Bricks | bricks |
| Cook&Meal – Food Blog & Recipe WordPress Theme | cookandmeal |
| Druco – Elementor WooCommerce WordPress Theme | druco |
| Exertio – Freelance Marketplace WordPress Theme | exertio |
| MediCenter – Health Medical Clinic WordPress Theme | medicenter |
| News Magazine X | news-magazine-x |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2025-7710
CVE-2025-7710
Patch Status
Patched
Patched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
Brave Conversion Engine (PRO)
Brave Conversion Engine (PRO)
Researcher
CVE-ID
CVE-2025-48332
CVE-2025-48332
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Researcher
CVE-ID
CVE-2025-32288
CVE-2025-32288
Patch Status
Unpatched
Unpatched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
RT-Theme 18 Responsive WordPress Theme
RT-Theme 18 Responsive WordPress Theme
Researcher
CVE-ID
CVE-2025-5947
CVE-2025-5947
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
Service Finder Bookings
Service Finder Bookings
Researcher
CVE-ID
CVE-2025-5954
CVE-2025-5954
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
Service Finder SMS System
Service Finder SMS System
Researcher
CVE-ID
CVE-2025-48148
CVE-2025-48148
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
StoreKeeper for WooCommerce
StoreKeeper for WooCommerce
Researcher
CVE-ID
CVE-2025-48158
CVE-2025-48158
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
BuddyPress XProfile Custom Image Field
BuddyPress XProfile Custom Image Field
Researcher
CVE-ID
CVE-2025-7847
CVE-2025-7847
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
AI Engine
AI Engine
Researcher
CVE-ID
CVE-2025-48142
CVE-2025-48142
Patch Status
Patched
Patched
Published
Jul 29, 2025
Jul 29, 2025
Affected Software
Appointment Booking Plugin for WordPress | Efficient Booking, Calendar & Client Scheduling – Bookify
Appointment Booking Plugin for WordPress | Efficient Booking, Calendar & Client Scheduling – Bookify
Researcher
CVE-ID
CVE-2025-54049
CVE-2025-54049
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Custom API for WP
Custom API for WP
Researcher
CVE-ID
CVE-2025-48165
CVE-2025-48165
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
DELUCKS SEO
DELUCKS SEO
Researcher
CVE-ID
CVE-2025-7689
CVE-2025-7689
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
CVE-ID
CVE-2025-49887
CVE-2025-49887
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
Product XML Feed Manager for WooCommerce – Google Shopping, Social Sites, Skroutz & More
Product XML Feed Manager for WooCommerce – Google Shopping, Social Sites, Skroutz & More
Researcher
SEO Metrics <= 1.0.5 – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
8.8
CVE-ID
CVE-2025-6754
CVE-2025-6754
Patch Status
Unpatched
Unpatched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
SEO Metrics
SEO Metrics
Researcher
CVE-ID
CVE-2025-48164
CVE-2025-48164
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
SureDash
SureDash
Researcher
CVE-ID
CVE-2025-25174
CVE-2025-25174
Patch Status
Unpatched
Unpatched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
BeeTeam368 Extensions
BeeTeam368 Extensions
Researcher
CVE-ID
CVE-2025-7443
CVE-2025-7443
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
CVE-ID
CVE-2025-48149
CVE-2025-48149
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Cook&Meal – Food Blog & Recipe WordPress Theme
Cook&Meal – Food Blog & Recipe WordPress Theme
Researcher
CVE-ID
CVE-2025-54686
CVE-2025-54686
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
Exertio – Freelance Marketplace WordPress Theme
Exertio – Freelance Marketplace WordPress Theme
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Unpatched
Unpatched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Graphina – Elementor Charts and Graphs
Graphina – Elementor Charts and Graphs
Researcher
CVE-ID
CVE-2025-54014
CVE-2025-54014
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
MediCenter – Health Medical Clinic WordPress Theme
MediCenter – Health Medical Clinic WordPress Theme
Researcher
CVE-ID
CVE-2025-24766
CVE-2025-24766
Patch Status
Unpatched
Unpatched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
News Magazine X
News Magazine X
Researcher
CVE-ID
CVE-2025-54034
CVE-2025-54034
Patch Status
Patched
Patched
Published
Jul 29, 2025
Jul 29, 2025
Affected Software
Newsletters
Newsletters
Researcher
CVE-ID
CVE-2025-54017
CVE-2025-54017
Patch Status
Patched
Patched
Published
Jul 29, 2025
Jul 29, 2025
Affected Software
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Researcher
CVE-ID
CVE-2025-54017
CVE-2025-54017
Patch Status
Patched
Patched
Published
Jul 29, 2025
Jul 29, 2025
Affected Software
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Researcher
CVE-ID
CVE-2025-54052
CVE-2025-54052
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Realtyna Organic IDX plugin + WPL Real Estate
Realtyna Organic IDX plugin + WPL Real Estate
Researcher
CVE-ID
CVE-2025-52716
CVE-2025-52716
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
WP REST Cache
WP REST Cache
Researcher
CVE-ID
CVE-2025-30633
CVE-2025-30633
Patch Status
Unpatched
Unpatched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
woozone-contextual
woozone-contextual
Researcher
CVE-ID
CVE-2025-6495
CVE-2025-6495
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Bricks
Bricks
Researcher
CVE-ID
CVE-2025-52732
CVE-2025-52732
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
Google Map Targeting
Google Map Targeting
Researcher
CVE-ID
CVE-2025-52720
CVE-2025-52720
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
Super Store Finder
Super Store Finder
Researcher
CVE-ID
CVE-2025-8213
CVE-2025-8213
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
NinjaScanner – Virus & Malware scan
NinjaScanner – Virus & Malware scan
Researcher
CVE-ID
CVE-2025-7725
CVE-2025-7725
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
CVE-ID
CVE-2025-7694
CVE-2025-7694
Patch Status
Patched
Patched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
Woffice Core
Woffice Core
Researcher
CVE-ID
CVE-2025-47536
CVE-2025-47536
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Content Egg
Content Egg
Researcher
CVE-ID
CVE-2025-52823
CVE-2025-52823
Patch Status
Unpatched
Unpatched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
WordPress Image Gallery Plugin – WordPress Photo Gallery
WordPress Image Gallery Plugin – WordPress Photo Gallery
Researcher
CVE-ID
CVE-2025-4523
CVE-2025-4523
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
IDonate – Blood Donation, Request And Donor Management System
IDonate – Blood Donation, Request And Donor Management System
Researcher
CVE-ID
CVE-2025-4588
CVE-2025-4588
Patch Status
Unpatched
Unpatched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
360 Photo Spheres
360 Photo Spheres
Researcher
CVE-ID
CVE-2025-5587
CVE-2025-5587
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Appzend
Appzend
Researcher
CVE-ID
CVE-2025-4684
CVE-2025-4684
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
CVE-ID
CVE-2025-54680
CVE-2025-54680
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Blogger Buzz
Blogger Buzz
Researcher
CVE-ID
CVE-2025-8317
CVE-2025-8317
Patch Status
Unpatched
Unpatched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
Custom Word Cloud
Custom Word Cloud
Researcher
CVE-ID
CVE-2025-5720
CVE-2025-5720
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Customer Reviews for WooCommerce
Customer Reviews for WooCommerce
Researcher
CVE-ID
CVE-2025-54704
CVE-2025-54704
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Easy Elementor Addons
Easy Elementor Addons
Researcher
CVE-ID
CVE-2025-3075
CVE-2025-3075
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Elementor Website Builder – More Than Just a Page Builder
Elementor Website Builder – More Than Just a Page Builder
Researcher
Elementor <= 3.30.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget
6.4
CVE-ID
CVE-2025-4566
CVE-2025-4566
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Elementor Website Builder – More Than Just a Page Builder
Elementor Website Builder – More Than Just a Page Builder
Researcher
CVE-ID
CVE-2025-54688
CVE-2025-54688
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
JetEngine
JetEngine
Researcher
CVE-ID
CVE-2025-54687
CVE-2025-54687
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
JetTabs
JetTabs
Researcher
CVE-ID
CVE-2025-8391
CVE-2025-8391
Patch Status
Unpatched
Unpatched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
Magic Edge – Lite
Magic Edge – Lite
Researcher
CVE-ID
CVE-2025-8196
CVE-2025-8196
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Researcher
CVE-ID
CVE-2025-54706
CVE-2025-54706
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Magical Posts Display – Elementor Advanced Posts widgets
Magical Posts Display – Elementor Advanced Posts widgets
Researcher
CVE-ID
CVE-2025-54699
CVE-2025-54699
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Masteriyo LMS – Online Course Builder for eLearning, LMS & Education
Masteriyo LMS – Online Course Builder for eLearning, LMS & Education
Researcher
CVE-ID
CVE-2025-8212
CVE-2025-8212
Patch Status
Unpatched
Unpatched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
Medical Addon for Elementor
Medical Addon for Elementor
Researcher
CVE-ID
CVE-2025-5684
CVE-2025-5684
Patch Status
Patched
Patched
Published
Jul 29, 2025
Jul 29, 2025
Researcher
CVE-ID
CVE-2025-8399
CVE-2025-8399
Patch Status
Unpatched
Unpatched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
Mmm Unity Loader
Mmm Unity Loader
Researcher
CVE-ID
CVE-2025-54668
CVE-2025-54668
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
Researcher
CVE-ID
CVE-2025-7500
CVE-2025-7500
Patch Status
Patched
Patched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
Ocean Social Sharing
Ocean Social Sharing
Researcher
CVE-ID
CVE-2025-54676
CVE-2025-54676
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Online Booking & Scheduling Calendar for WordPress by vcita
Online Booking & Scheduling Calendar for WordPress by vcita
Researcher
CVE-ID
CVE-2025-28987
CVE-2025-28987
Patch Status
Unpatched
Unpatched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
PressForward
PressForward
Researcher
CVE-ID
CVE-2025-8146
CVE-2025-8146
Patch Status
Patched
Patched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
Qi Addons For Elementor
Qi Addons For Elementor
Researcher
CVE-ID
CVE-2025-6228
CVE-2025-6228
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
CVE-ID
CVE-2025-8216
CVE-2025-8216
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Sky Addons – Elementor Addons with Widgets & Templates
Sky Addons – Elementor Addons with Widgets & Templates
Researcher
CVE-ID
CVE-2025-7845
CVE-2025-7845
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
Stratum – Elementor Widgets
Stratum – Elementor Widgets
Researcher
StreamWeasels Twitch Integration <= 1.9.3 – Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2025-7809
CVE-2025-7809
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
StreamWeasels Twitch Integration
StreamWeasels Twitch Integration
Researcher
CVE-ID
CVE-2025-7811
CVE-2025-7811
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
StreamWeasels YouTube Integration
StreamWeasels YouTube Integration
Researcher
CVE-ID
CVE-2025-49433
CVE-2025-49433
Patch Status
Unpatched
Unpatched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Supermalink
Supermalink
Researcher
CVE-ID
CVE-2025-7646
CVE-2025-7646
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Researcher
CVE-ID
CVE-2025-49437
CVE-2025-49437
Patch Status
Unpatched
Unpatched
Published
Jul 29, 2025
Jul 29, 2025
Affected Software
WP LOL Rotation
WP LOL Rotation
Researcher
CVE-ID
CVE-2025-54696
CVE-2025-54696
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Easiest Funnel Builder For WordPress & WooCommerce, Specialized For Digital Creators – WPFunnels
Easiest Funnel Builder For WordPress & WooCommerce, Specialized For Digital Creators – WPFunnels
Researcher
CVE-ID
CVE-2025-6692
CVE-2025-6692
Patch Status
Unpatched
Unpatched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
YouTube Embed – YouTube Gallery, Vimeo Gallery – WordPress Plugin
YouTube Embed – YouTube Gallery, Vimeo Gallery – WordPress Plugin
Researcher
CVE-ID
CVE-2025-6832
CVE-2025-6832
Patch Status
Patched
Patched
Published
Aug 1, 2025
Aug 1, 2025
Researcher
CVE-ID
CVE-2025-54681
CVE-2025-54681
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Connector for Gravity Forms and Google Sheets
Connector for Gravity Forms and Google Sheets
Researcher
CVE-ID
CVE-2025-54055
CVE-2025-54055
Patch Status
Patched
Patched
Published
Aug 2, 2025
Aug 2, 2025
Affected Software
Druco – Elementor WooCommerce WordPress Theme
Druco – Elementor WooCommerce WordPress Theme
Researcher
CVE-ID
CVE-2025-8400
CVE-2025-8400
Patch Status
Unpatched
Unpatched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
Image Gallery
Image Gallery
Researcher
CVE-ID
CVE-2025-54683
CVE-2025-54683
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
WP Modal Popup with Cookie Integration
WP Modal Popup with Cookie Integration
Researcher
CVE-ID
CVE-2025-7205
CVE-2025-7205
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
GiveWP – Donation Plugin and Fundraising Platform
GiveWP – Donation Plugin and Fundraising Platform
Researcher
StreamWeasels Kick Integration <= 1.1.4 – Authenticated (Contributor+) Stored Cross-Site Scripting
5.4
CVE-ID
CVE-2025-7810
CVE-2025-7810
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
StreamWeasels Kick Integration
StreamWeasels Kick Integration
Researcher
CVE-ID
CVE-2025-6722
CVE-2025-6722
Patch Status
Patched
Patched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security
BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security
Researcher
CVE-ID
CVE-2025-4370
CVE-2025-4370
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Brizy – Page Builder
Brizy – Page Builder
Researcher
CVE-ID
CVE-2025-54691
CVE-2025-54691
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Motors – Car Dealership & Classified Listings Plugin
Motors – Car Dealership & Classified Listings Plugin
Researcher
CVE-ID
CVE-2025-54021
CVE-2025-54021
Patch Status
Patched
Patched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Simple File List
Simple File List
Researcher
CVE-ID
CVE-2025-52801
CVE-2025-52801
Patch Status
Unpatched
Unpatched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
WordPress Booking Plugin – TheBooking
WordPress Booking Plugin – TheBooking
Researcher
CVE-ID
CVE-2025-8152
CVE-2025-8152
Patch Status
Patched
Patched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
WP CTA
WP CTA
Researcher
Smart Slider 3 <= 3.5.1.28 – Authenticated (Administrator+) SQL Injection via `sliderid` Parameter
4.9
CVE-ID
CVE-2025-6348
CVE-2025-6348
Patch Status
Patched
Patched
Published
Jul 29, 2025
Jul 29, 2025
Affected Software
Smart Slider 3
Smart Slider 3
Researcher
CVE-ID
CVE-2025-54684
CVE-2025-54684
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms
Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms
Researcher
CVE-ID
CVE-2025-6626
CVE-2025-6626
Patch Status
Patched
Patched
Published
Aug 1, 2025
Aug 1, 2025
Affected Software
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
Researcher
CVE-ID
CVE-2025-28962
CVE-2025-28962
Patch Status
Unpatched
Unpatched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Advanced Google Universal Analytics
Advanced Google Universal Analytics
Researcher
CVE-ID
CVE-2025-6730
CVE-2025-6730
Patch Status
Unpatched
Unpatched
Published
Jul 28, 2025
Jul 28, 2025
Affected Software
Bonanza – WooCommerce Free Gifts Lite
Bonanza – WooCommerce Free Gifts Lite
Researcher
CVE-ID
CVE-2025-54694
CVE-2025-54694
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Button Block – Get fully customizable & multi-functional buttons
Button Block – Get fully customizable & multi-functional buttons
Researcher
CVE-ID
CVE-2025-54673
CVE-2025-54673
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Chartify – WordPress Chart Plugin
Chartify – WordPress Chart Plugin
Researcher
CVE-ID
CVE-2025-54698
CVE-2025-54698
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Classified Listing – Classified ads & Business Directory Plugin
Classified Listing – Classified ads & Business Directory Plugin
Researcher
CVE-ID
CVE-2025-54682
CVE-2025-54682
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Connector for Gravity Forms and Google Sheets
Connector for Gravity Forms and Google Sheets
Researcher
CVE-ID
CVE-2025-54702
CVE-2025-54702
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Ebook Store
Ebook Store
Researcher
CVE-ID
CVE-2025-8151
CVE-2025-8151
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
HT Mega – Absolute Addons For Elementor
HT Mega – Absolute Addons For Elementor
Researcher
CVE-ID
CVE-2025-8401
CVE-2025-8401
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
HT Mega – Absolute Addons For Elementor
HT Mega – Absolute Addons For Elementor
Researcher
CVE-ID
CVE-2025-8068
CVE-2025-8068
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
HT Mega – Absolute Addons For Elementor
HT Mega – Absolute Addons For Elementor
Researcher
CVE-ID
CVE-2025-54695
CVE-2025-54695
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
HT Mega – Absolute Addons For Elementor
HT Mega – Absolute Addons For Elementor
Researcher
CVE-ID
CVE-2025-54703
CVE-2025-54703
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
File Manager for Google Drive – Integrate Google Drive with WordPress
File Manager for Google Drive – Integrate Google Drive with WordPress
Researcher
CVE-ID
CVE-2025-54667
CVE-2025-54667
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
Researcher
CVE-ID
CVE-2025-54671
CVE-2025-54671
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
oik
oik
Researcher
CVE-ID
CVE-2025-54672
CVE-2025-54672
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Photo Engine (Media Organizer & Lightroom)
Photo Engine (Media Organizer & Lightroom)
Researcher
CVE-ID
CVE-2025-54674
CVE-2025-54674
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Product Configurator for WooCommerce
Product Configurator for WooCommerce
Researcher
CVE-ID
CVE-2025-54685
CVE-2025-54685
Patch Status
Patched
Patched
Published
Jul 31, 2025
Jul 31, 2025
Affected Software
SureDash
SureDash
Researcher
CVE-ID
CVE-2025-8488
CVE-2025-8488
Patch Status
Patched
Patched
Published
Aug 1, 2025
Aug 1, 2025
Researcher
CVE-ID
CVE-2025-54705
CVE-2025-54705
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
Event Booking Manager for WooCommerce – WpEvently
Event Booking Manager for WooCommerce – WpEvently
Researcher
CVE-ID
CVE-2025-54675
CVE-2025-54675
Patch Status
Patched
Patched
Published
Jul 30, 2025
Jul 30, 2025
Affected Software
YITH WooCommerce Popup
YITH WooCommerce Popup
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (July 28, 2025 to August 3, 2025) appeared first on Wordfence.
