Wordfence Intelligence Weekly WordPress Vulnerability Report (April 21, 2025 to April 27, 2025)

In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond.

Last week, there were 229 vulnerabilities disclosed in 196 WordPress Plugins and 14 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 53 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 26,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

My Tickets – Accessible Event Ticketing <= 2.0.16 – Authenticated (Subscriber+) Privilege Escalation
WAF-RULE-822 – Data redacted while we work with the vendor on a patch.
WAF-RULE-824 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status	Number of Vulnerabilities
Patched	81
Unpatched	148

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating	Number of Vulnerabilities
Medium Severity	170
High Severity	34
Critical Severity	25

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE	Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)	91
Cross-Site Request Forgery (CSRF)	42
Missing Authorization	20
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)	17
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)	15
Deserialization of Untrusted Data	10
Improper Control of Generation of Code (‘Code Injection’)	6
Server-Side Request Forgery (SSRF)	5
Improper Privilege Management	4
Unrestricted Upload of File with Dangerous Type	4
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)	3
Unverified Password Change	3
Exposure of Sensitive Information to an Unauthorized Actor	2
External Control of Assumed-Immutable Web Parameter	2
Authorization Bypass Through User-Controlled Key	1
Improper Authentication	1
Incorrect Authorization	1
Incorrect Privilege Assignment	1
Insertion of Sensitive Information Into Sent Data	1

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
johska	49
Nabil Irawan	16
muhammad yudha	15
Dimas Maulana	12
Nguyen Xuan Chien	10
ch4r0n	10
Aiden (Thái An)	7
Bonds	7
Trương Hữu Phúc (truonghuuphuc)	6
Ananda Dhakal	6
kr0d	6
Nguyen Ngoc Quang Bach (maysbachs)	5
Tonn	5
stealthcopter	4
astra.r3verii	4
timomangcut	4
Avraham Shemesh	4
Peter Thaleikis	4
Skalucy	3
Phat RiO – BlueRock	3
Dave Jong	3
Lucio Sá	3
0x1ceKing	3
Chuck	3
mikemyers	2
theviper17y	2
nquangit	2
Michael	2
Le Ngoc Anh	2
Jack Taylor	2
haudayroi	2
Webbernaut	2
João Pedro Soares de Alcântara	1
0xVenus	1
0xbro	1
Amin Beheshti	1
Gab	1
Ngo Bui Truong Vu	1
domiee13	1
shaman0x01	1
Foxyyy	1
lucky_buddy	1
Francesco Carlucci	1
LVT-tholv2k	1
zer0gh0st	1
Psai	1
Khalid Yusuf	1
Alyudin Nafiie	1
p4	1
Hiro	1
Tom Broucke	1
Dhabaleshwar Das	1
zaim	1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name	Software Slug
1 Decembrie 1918	1-decembrie-1918
360 View	360-view
Able Player, accessible HTML5 media player	ableplayer
Absolute Links	absolute-links
ACF: Google Font Selector	acf-google-font-selector-field
Add custom page template	add-custom-page-template
Add Google +1 (Plus one) social share Button	add-google-plus-one-social-share-button
Advanced Accordion Gutenberg Block	advanced-accordion-block
Advanced lazy load	advanced-lazy-load
Advanced Linked Variations for Woocommerce	linked-variation
Aeropage Sync for Airtable	aeropage-sync-for-airtable
affiliate-toolkit – WP Affiliate Plugin with Amazon	affiliate-toolkit-starter
Ajax Comment Form CST	ajax-comment-form-cst
All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier	aio-time-clock-lite
Alt Text AI – Automatically generate image alt text for SEO and accessibility	alttext-ai
AnalyticsWP	analyticswp
Animate	animate
Anps Theme plugin	anps_theme_plugin
Anything Popup	anything-popup
Appointment Booking Calendar	appointment-booking-calendar
Appsero Helper	appsero-helper
Author Box After Posts	author-box-after-posts
Author Box Plugin With Different Description	author-box-with-different-description
Availability Calendar	availability
Awesome Wp Image Gallery	awesome-wp-image-gallery
BBCode Deluxe	bbcode-deluxe
BeerXML Shortcode	beerxml-shortcode
Best Posts Summary	best-posts-summary
Best Quiz Plugin for WordPress: WP Quiz	wp-quiz
Blog Manager WP	blog-manager-wp
BM Content Builder	bm-builder
Breeze Display	wt-display-breeze
Buddypress Force Password Change	buddy-press-force-password-change
Bulk Assign Linked Products For WooCommerce	wc-bulk-assign-linked-products
Business Contact Widget	business-contact-widget
Call Now PHT Blog	call-now-coccoc-pht-blog
Capturly	capturly-optimize-your-website
Car Park Booking System for WordPress	car-park-booking-system-for-wordpress
Carousel-of-post-images	carousel-of-post-images
CheckBot	checkbot
Checkout Field Visibility for WooCommerce	checkout-field-visibility-for-woocommerce
CM Ad Changer – A simple tool to control and optimize your site’s banners	cm-ad-changer
CM Answers – Easy-to-use forum to grow your WP community	cm-answers
Configurator Theme Core	amz-configurator-core
Confirm User Registration	confirm-user-registration
Contact Form 7 Calendar	cf7-calendar
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder	bit-form
Control Listings – Classifieds Ads Directory Portal Manager	control-listings
cookieBAR	cookiebar
COVID-19 (Coronavirus) Update Your Customers	covid-19-alert
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress	abcsubmit
Crossword Compiler Puzzles	crossword-compiler-puzzles
Custom Admin-Bar Favorites	admin-bookmarks
Custom Functions Plugin	custom-functions
Custom Login and Registration	ms-registration
Custom Related Posts	custom-related-posts
Database Toolset	database-toolset
Document Management System	dms
Drop Caps	drop-caps
Dropdown Content	dropdown-content
Easy Child Theme Creator	easy-child-theme-creator
eForm – WordPress Form Builder	wp-fsqm-pro
Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder	bdthemes-element-pack-lite
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes	elex-bulk-edit-products-prices-attributes-for-woocommerce-basic
Enhanced Paypal Shortcodes	enhanced-paypal-shortcodes
Event post	event-post
External Markdown	external-markdown
Fable Extra	fable-extra
FAT Services Booking	fat-services-booking
Flickr Shortcode Importer	flickr-shortcode-importer
Floating Social Bar	floating-social-bar
Flynax Bridge	flynax-bridge
Foodbakery Sticky Cart	foodbakery-sticky-cart
Frontend Dashboard	frontend-dashboard
Frontend Login and Registration Blocks	frontend-login-and-registration-blocks
FuseDesk	fusedesk
GNA Search Shortcode	gna-search-shortcode
Google News	google-news
Grand Conference \| Event WordPress	grandconference
Greenshift – animation and page builder blocks	greenshift-animation-and-page-builder-blocks
GTDB Guitar Tuners	guitar-tuner
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor	gutenkit-blocks-addon
Hacklog Remote Attachment	hacklog-remote-attachment
Hospital Management System for WordPress	hospital-management
HTML Forms – Simple WordPress Forms Plugin	html-forms
iCafe Library	icafe-library
Image Hover Effects For WPBakery Page Builder	image-hover-effects-for-visual-composer
Image Optimizer, Resizer and CDN – Sirv	sirv
Image Style Hover – Displays content when you hover on image	image-content-show-hover
Inline Text Popup	inline-text-popup
Integração entre Eduzz e Woocommerce	integracao-entre-eduzz-e-wc-powers
JobSearch WP Job Board	wp-jobsearch
Jupiter X Core	jupiterx-core
Landing pages and Domain aliases for WordPress	landing-pages-and-domain-aliases
Libro de Reclamaciones	libro-de-reclamaciones
License For Envato	license-envato
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm	v-form
Link Library	link-library
List Last Changes	list-last-changes
Loan Calculator	repayment-calculator
Lottie Player- Great Lottie Player Solution	embed-lottie-player
LSD Custom taxonomy and category meta	custom-taxonomy-category-and-term-fields
Mad Mimi for WordPress	mad-mimi
Mailing Group Listserv	wp-mailing-group
Mang Board WP	mangboard
Mayosis Core	mayosis-core
Media Library Downloader	media-library-downloader
Memberpress	memberpress
Message Filter for Contact Form 7	cf7-message-filter
Milat jQuery Automatic Popup	milat-jquery-automatic-popup
Mini twitter feed	mini-twitter-feed
Mixcloud Embed	mixcloud-embed
Modern Polls	modern-polls
MPL-Publisher — Ebook & Audiobook Creator	mpl-publisher
Multi-Column Taxonomy List	multi-column-taxonomy-list
My Custom Widgets	mycustomwidget
My Tickets – Accessible Event Ticketing	my-tickets
Navegg Analytics	navegg
Nepali Post Date	nepali-post-date
occupancyplan	occupancyplan
Ocean Extra	ocean-extra
PayPal Express Checkout	paypal-express-checkout
Peadig’s Google +1 Button	google-1
Peekaboo	peekaboo
Plugin Central	plugin-central
Popup Builder	easy-notify-lite
Post in page for Elementor	post-in-page-for-elementor
Posts for Page	posts-for-page
Prevent Direct Access – Protect WordPress Files	prevent-direct-access
Print Science Designer	print-science-designer
Product Lister for eBay	product-lister-ebay
RAphicon	raphicon
Recover abandoned cart for WooCommerce	recover-wc-abandoned-cart
Related Posts via Taxonomies	related-posts-via-taxonomies
Revy	revy
RRSSB	rrssb
SCSS-Library	scss-library
Send From	send-from
Seriously Simple Podcasting	seriously-simple-podcasting
Service Finder Bookings	sf-booking
SEUR Oficial	seur
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor)	woolentor-addons
Simple calendar for Elementor	simple-calendar-for-elementor
Simple Download Counter	simple-download-counter
Simple Google Photos Grid	simple-google-photos-grid
SKT Blocks – Gutenberg based Page Builder	skt-blocks
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)	sky-elementor-addons
Smart Hashtags [#hashtagger]	hashtagger
Social Counter	social-counter
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light	excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
SUMO Reward Points for WooCommerce	rewardsystem
Tax Switch for WooCommerce	tax-switch-for-woocommerce
Tayori Form Plugin	tayori
Textmetrics	webtexttool
The Pack Elementor addon	the-pack-addon
Theme Switcha – Easily Switch Themes for Development and Testing	theme-switcha
Time Based Greeting	time-based-greeting
Twitter Card Generator	twitter-card-generator
UiCore Elements – Free Elementor widgets and templates	uicore-elements
Unsafe Mimetypes	unsafe-mimetypes
Upsell Funnel Builder for WooCommerce	upsell-order-bump-offer-for-woocommerce
User Registration & Membership – Custom Registration Form, Login Form, and User Profile	user-registration
Vasaio QR Code	vasaio-qr-code
Verification SMS with TargetSMS	verification-sms-targetsms
VikRestaurants Table Reservations and Take-Away	vikrestaurants
Visual Composer Website Builder	visualcomposer
Watu Quiz	watu
Woocommerce Automatic Order Printing \| ( Formerly WooCommerce Google Cloud Print)	xc-woo-google-cloud-print
WordPress Easy Guide	wp-easy-guide
WordPress Events Calendar Registration & Tickets	wpeventplus
WordPress Simple Shopping Cart	wordpress-simple-paypal-shopping-cart
WordPress Tabs	gt-tabs
WordPress Tooltip	wp-tooltip
WoWHead Tooltips	wowhead-tooltips
WP AVCL Automation Helper (formerly WPFlyLeads)	woozap
WP Cookie Consent	wp-cookie-consent
Wp Custom CMS Block	wp-custom-cms-block
WP Custom Post Popup	custom-post-popup
WP Customize Login Page	wp-customize-login-page
WP Filter Post Category	wp-filter-post-categories
WP Foodbakery	wp-foodbakery
WP HRM LITE	wp-hrm-lite-human-resource-management-system
WP Import Export Lite	wp-import-export-lite
WP Vegas	vegas-fullscreen-background-slider
wp-cyr-cho \| Конвертира кирилски символи в латиниски	wp-cyr-cho
WP-reCAPTCHA-bp	wp-recaptcha-bp
WPMasterToolKit (WPMTK) – All in one plugin	wpmastertoolkit
WPVN – Username Changer	wpvn-username-changer
WpZon – Amazon Affiliate Plugin	wpzon
WS Force Login Page	ws-force-login-page
WS Form LITE – Drag & Drop Contact Form Builder for WordPress	ws-form
Xelion Webchat	xelion-webchat
Xpert Tab	xpert-tab
Xpro Elementor Addons – Pro	xpro-elementor-addons-pro
Zalo Official Live Chat	zalo-official-live-chat
Zoho Creator Forms	zohocreator

WordPress Themes with Reported Vulnerabilities Last Week

Software Name	Software Slug
Altair	altair
Arrival	arrival
bellevuex	bellevuex
CiyaShop – Multipurpose WooCommerce Theme	ciyashop
CWW Portfolio	cww-portfolio
EduMall – Professional LMS Education Center WordPress Theme	edumall
Grace Mag	grace-mag
Grand Restaurant WordPress	grandrestaurant
JNews – WordPress Newspaper Magazine Blog AMP Theme	jnews
Opstore	opstore
Reales WP – Real Estate WordPress Theme	reales-wp-real-estate-wordpress-theme
Vikinger	vikinger
wProject	wproject
Xews Lite	xews-lite

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32928

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Altair

Researcher

Bonds

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32921

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Arrival

Researcher

Dimas Maulana

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39379

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Capturly

Researcher

Dimas Maulana

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39391

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Checkout Field Visibility for WooCommerce

Researcher

Dimas Maulana

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39349

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
CiyaShop – Multipurpose WooCommerce Theme

Researcher

Bonds

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39359

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
CWW Portfolio

Researcher

Dimas Maulana

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-46468

Patch Status
Patched

Published
Apr 25, 2025

Affected Software
Fable Extra

Researcher

stealthcopter

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-3604

Patch Status
Unpatched

Published
Apr 23, 2025

Affected Software
Flynax Bridge

Researcher

kr0d

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-3603

Patch Status
Unpatched

Published
Apr 23, 2025

Affected Software
Flynax Bridge

Researcher

kr0d

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39356

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Foodbakery Sticky Cart

Researcher

Bonds

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39360

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Grace Mag

Researcher

Dimas Maulana

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39354

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Grand Conference | Event WordPress

Researcher

Bonds

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39348

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Grand Restaurant WordPress

Researcher

Ananda Dhakal

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32926

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Grand Restaurant WordPress

Researcher

Ananda Dhakal

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39380

Patch Status
Unpatched

Published
Apr 22, 2025

Affected Software
Hospital Management System for WordPress

Researcher

Aiden (Thái An)

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39399

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
License For Envato

Researcher

Dimas Maulana

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39387

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Opstore

Researcher

Dimas Maulana

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39384

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Product Lister for eBay

Researcher

Dimas Maulana

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-2470

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Service Finder Bookings

Researcher

Alyudin Nafiie

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-46474

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
SEUR Oficial

Researcher

Aiden (Thái An)

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39378

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light

Researcher

Dimas Maulana

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32925

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
SUMO Reward Points for WooCommerce

Researcher

Bonds

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32927

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
WP Foodbakery

Researcher

Bonds

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-39383

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Xews Lite

Researcher

Dimas Maulana

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2025-3065

Patch Status
Unpatched

Published
Apr 23, 2025

Affected Software
Database Toolset

Researcher

theviper17y

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-3914

Patch Status
Patched

Published
Apr 25, 2025

Affected Software
Aeropage Sync for Airtable

Researcher

Chuck

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-1279

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
BM Content Builder

Researcher

Tonn

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-3101

Patch Status
Unpatched

Published
Apr 23, 2025

Affected Software
Configurator Theme Core

Researcher

Tonn

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-46490

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Crossword Compiler Puzzles

Researcher

astra.r3verii

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-3607

Patch Status
Unpatched

Published
Apr 23, 2025

Affected Software
Frontend Login and Registration Blocks

Researcher

kr0d

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-3616

Patch Status
Patched

Published
Apr 21, 2025

Affected Software
Greenshift – animation and page builder blocks

Researcher

mikemyers

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-3906

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Integração entre Eduzz e Woocommerce

Researcher

kr0d

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-3761

Patch Status
Patched

Published
Apr 23, 2025

Affected Software
My Tickets – Accessible Event Ticketing

Researcher

Le Ngoc Anh

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-46230

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Popup Builder

Researcher

LVT-tholv2k

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-2238

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Vikinger

Researcher

Tonn

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-39366

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
wProject

Researcher

Dave Jong

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-3058

Patch Status
Patched

Published
Apr 23, 2025

Affected Software
Xelion Webchat

Researcher

kr0d

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-13808

Patch Status
Patched

Published
Apr 25, 2025

Affected Software
Xpro Elementor Addons – Pro

Researcher

stealthcopter

CVSS Rating
High (8.3)

CVE-ID
CVE-2025-3776

Patch Status
Unpatched

Published
Apr 23, 2025

Affected Software
Verification SMS with TargetSMS

Researcher

Chuck

CVSS Rating
High (8.2)

CVE-ID
CVE-2025-39352

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Grand Restaurant WordPress

Researcher

Ananda Dhakal

CVSS Rating
High (8.2)

CVE-ID
CVE-2025-3529

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
WordPress Simple Shopping Cart

Researcher

Jack Taylor

CVSS Rating
High (8.1)

CVE-ID
CVE-2025-2101

Patch Status
Patched

Published
Apr 25, 2025

Affected Software
EduMall – Professional LMS Education Center WordPress Theme

Researcher

Tonn

CVSS Rating
High (8.1)

CVE-ID
CVE-2024-11917

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
JobSearch WP Job Board

Researcher

Foxyyy

CVSS Rating
High (8.1)

CVE-ID
CVE-2025-2105

Patch Status
Patched

Published
Apr 25, 2025

Affected Software
Jupiter X Core

Researcher

Phat RiO – BlueRock

CVSS Rating
High (8.1)

CVE-ID
CVE-2025-46439

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Plugin Central

Researcher

Nguyen Xuan Chien

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-39389

Patch Status
Patched

Published
Apr 21, 2025

Affected Software
AnalyticsWP

Researcher

Trương Hữu Phúc (truonghuuphuc)

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-46460

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
WordPress Easy Guide

Researcher

Le Ngoc Anh

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-46539

Patch Status
Patched

Published
Apr 25, 2025

Affected Software
Fable Extra

Researcher

timomangcut

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-46248

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Frontend Dashboard

Researcher

Nguyen Ngoc Quang Bach (maysbachs)

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-46248

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Frontend Dashboard

Researcher

Nguyen Ngoc Quang Bach (maysbachs)

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-39386

Patch Status
Unpatched

Published
Apr 22, 2025

Affected Software
Hospital Management System for WordPress

Researcher

Trương Hữu Phúc (truonghuuphuc)

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-1565

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Mayosis Core

Researcher

Tonn

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-3530

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
WordPress Simple Shopping Cart

Researcher

Jack Taylor

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-46455

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
WP HRM LITE

Researcher

Hiro

CVSS Rating
High (7.3)

CVE-ID
CVE-2025-2801

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress

Researcher

Avraham Shemesh

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-3491

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Add custom page template

Researcher

ch4r0n

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-1294

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
eForm – WordPress Form Builder

Researcher

shaman0x01

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-46481

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Flickr Shortcode Importer

Researcher

Ngo Bui Truong Vu

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-3300

Patch Status
Patched

Published
Apr 23, 2025

Affected Software
WPMasterToolKit (WPMTK) – All in one plugin

Researcher

nquangit

CVSS Rating
Medium (6.6)

CVE-ID
CVE-2025-46473

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Social Counter

Researcher

Nguyen Ngoc Quang Bach (maysbachs)

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-13812

Patch Status
Patched

Published
Apr 25, 2025

Affected Software
Anps Theme plugin

Researcher

Lucio Sá

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-46241

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Appointment Booking Calendar

Researcher

astra.r3verii

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-39377

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Appsero Helper

Researcher

Trương Hữu Phúc (truonghuuphuc)

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-3280

Patch Status
Unpatched

Published
Apr 23, 2025

Affected Software
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes

Researcher

Phat RiO – BlueRock

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-39355

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
FAT Services Booking

Researcher

Aiden (Thái An)

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-39357

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Hospital Management System for WordPress

Researcher

Aiden (Thái An)

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-46463

Patch Status
Patched

Published
Apr 25, 2025

Affected Software
Mailing Group Listserv

Researcher

timomangcut

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-3472

Patch Status
Patched

Published
Apr 21, 2025

Affected Software
Ocean Extra

Researcher

stealthcopter

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-32924

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Revy

Researcher

Aiden (Thái An)

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-3775

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor)

Researcher

mikemyers

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46509

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
360 View

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46475

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Able Player, accessible HTML5 media player

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-3752

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Able Player, accessible HTML5 media player

Researcher

Peter Thaleikis

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-2543

Patch Status
Patched

Published
Apr 23, 2025

Affected Software
Advanced Accordion Gutenberg Block

Researcher

Avraham Shemesh

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46443

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Animate

Researcher

Nguyen Xuan Chien

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46263

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Author Box After Posts

Researcher

Michael

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46476

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Awesome Wp Image Gallery

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46479

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
BBCode Deluxe

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46511

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
BeerXML Shortcode

Researcher

ch4r0n

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-3749

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Breeze Display

Researcher

Peter Thaleikis

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46536

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Carousel-of-post-images

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46227

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Custom Related Posts

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46478

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Dropdown Content

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-1458

Patch Status
Patched

Published
Apr 25, 2025

Affected Software
Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder

Researcher

zer0gh0st

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46543

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Enhanced Paypal Shortcodes

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46228

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Event post

Researcher

astra.r3verii

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46445

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
External Markdown

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46447

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Fable Extra

Researcher

timomangcut

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-3832

Patch Status
Patched

Published
Apr 23, 2025

Affected Software
FuseDesk

Researcher

Peter Thaleikis

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46540

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
GNA Search Shortcode

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46438

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
GTDB Guitar Tuners

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46253

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

Researcher

Khalid Yusuf

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46236

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
HTML Forms – Simple WordPress Forms Plugin

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46484

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Image Hover Effects For WPBakery Page Builder

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46534

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Image Style Hover – Displays content when you hover on image

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46538

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Inline Text Popup

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46237

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Link Library

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46238

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
List Last Changes

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-2579

Patch Status
Patched

Published
Apr 23, 2025

Affected Software
Lottie Player- Great Lottie Player Solution

Researcher

Avraham Shemesh

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46262

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Mad Mimi for WordPress

Researcher

0x1ceKing

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46496

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Mini twitter feed

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46501

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Mixcloud Embed

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46226

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
MPL-Publisher — Ebook & Audiobook Creator

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46491

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Multi-Column Taxonomy List

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46480

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Nepali Post Date

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-3458

Patch Status
Patched

Published
Apr 21, 2025

Affected Software
Ocean Extra

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-3457

Patch Status
Patched

Published
Apr 21, 2025

Affected Software
Ocean Extra

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46483

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Peadig’s Google +1 Button

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46505

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Peekaboo

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46225

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Post in page for Elementor

Researcher

Gab

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-39369

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Posts for Page

Researcher

theviper17y

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46467

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
RAphicon

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46461

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
RRSSB

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46240

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Simple Download Counter

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46503

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Simple Google Photos Grid

Researcher

ch4r0n

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46233

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Image Optimizer, Resizer and CDN – Sirv

Researcher

Trương Hữu Phúc (truonghuuphuc)

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46235

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
SKT Blocks – Gutenberg based Page Builder

Researcher

zaim

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46260

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)

Researcher

João Pedro Soares de Alcântara

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-3814

Patch Status
Patched

Published
Apr 21, 2025

Affected Software
Tax Switch for WooCommerce

Researcher

Peter Thaleikis

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46472

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
The Pack Elementor addon

Researcher

Michael

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46239

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Theme Switcha – Easily Switch Themes for Development and Testing

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46532

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WordPress Tooltip

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-1054

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
UiCore Elements – Free Elementor widgets and templates

Researcher

Webbernaut

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46254

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Visual Composer Website Builder

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46449

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WoWHead Tooltips

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46531

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WP AVCL Automation Helper (formerly WPFlyLeads)

Researcher

ch4r0n

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46471

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WP Custom Post Popup

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-2839

Patch Status
Patched

Published
Apr 21, 2025

Affected Software
WP Import Export Lite

Researcher

Webbernaut

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46482

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Best Quiz Plugin for WordPress: WP Quiz

Researcher

muhammad yudha

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-43841

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
WP Vegas

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46542

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Xpert Tab

Researcher

johska

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-46453

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Zoho Creator Forms

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-3870

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
1 Decembrie 1918

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-39382

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
ACF: Google Font Selector

Researcher

Dimas Maulana

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-3866

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Add Google +1 (Plus one) social share Button

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46508

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Advanced lazy load

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-3867

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Ajax Comment Form CST

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-39397

Patch Status
Unpatched

Published
Apr 21, 2025

Affected Software
Anything Popup

Researcher

Dimas Maulana

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-39374

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Best Posts Summary

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-43840

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
CheckBot

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46510

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Contact Form 7 Calendar

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46234

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Control Listings – Classifieds Ads Directory Portal Manager

Researcher

Aiden (Thái An)

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-3868

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Custom Admin-Bar Favorites

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46512

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Custom Functions Plugin

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46448

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Document Management System

Researcher

Nguyen Xuan Chien

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46495

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Drop Caps

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46452

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Google News

Researcher

Nguyen Xuan Chien

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-39393

Patch Status
Unpatched

Published
Apr 22, 2025

Affected Software
Hospital Management System for WordPress

Researcher

Aiden (Thái An)

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46446

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Libro de Reclamaciones

Researcher

Nguyen Xuan Chien

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46442

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Loan Calculator

Researcher

Nabil Irawan

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46502

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
LSD Custom taxonomy and category meta

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46514

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Milat jQuery Automatic Popup

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46526

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
My Custom Widgets

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46450

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
occupancyplan

Researcher

Nguyen Xuan Chien

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46520

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Related Posts via Taxonomies

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46437

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Tayori Form Plugin

Researcher

Nguyen Xuan Chien

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46435

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Time Based Greeting

Researcher

Nguyen Xuan Chien

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46516

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Twitter Card Generator

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-39400

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile

Researcher

Psai

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46504

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Vasaio QR Code

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46251

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
VikRestaurants Table Reservations and Take-Away

Researcher

Dhabaleshwar Das

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-39372

Patch Status
Unpatched

Published
Apr 22, 2025

Affected Software
WordPress Events Calendar Registration & Tickets

Researcher

Bonds

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46457

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Wp Custom CMS Block

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46524

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WP Filter Post Category

Researcher

johska

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-39365

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
wProject

Researcher

Dave Jong

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-46506

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WpZon – Amazon Affiliate Plugin

Researcher

johska

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-46459

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Confirm User Registration

Researcher

Nabil Irawan

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-46469

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Send From

Researcher

Nabil Irawan

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-46477

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WP Customize Login Page

Researcher

Nabil Irawan

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2025-3861

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Prevent Direct Access – Protect WordPress Files

Researcher

0xbro

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2025-46465

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Print Science Designer

Researcher

Skalucy

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-46244

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Advanced Linked Variations for Woocommerce

Researcher

ch4r0n

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-46247

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Appointment Booking Calendar

Researcher

timomangcut

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-46489

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Bulk Assign Linked Products For WooCommerce

Researcher

ch4r0n

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-39373

Patch Status
Unpatched

Published
Apr 22, 2025

Affected Software
JNews – WordPress Newspaper Magazine Blog AMP Theme

Researcher

Ananda Dhakal

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-11299

Patch Status
Patched

Published
Apr 21, 2025

Affected Software
Memberpress

Researcher

Francesco Carlucci

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-3923

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Prevent Direct Access – Protect WordPress Files

Researcher

Tom Broucke

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-13307

Patch Status
Unpatched

Published
Apr 23, 2025

Affected Software
Reales WP – Real Estate WordPress Theme

Researcher

Lucio Sá

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-3743

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Upsell Funnel Builder for WooCommerce

Researcher

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-46485

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WP Customize Login Page

Researcher

Nabil Irawan

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-39350

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
wProject

Researcher

Dave Jong

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-3912

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
WS Form LITE – Drag & Drop Contact Form Builder for WordPress

Researcher

Amin Beheshti

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-43833

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Absolute Links

Researcher

0x1ceKing

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-2580

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder

Researcher

Avraham Shemesh

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-39370

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
iCafe Library

Researcher

0x1ceKing

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-46252

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Message Filter for Contact Form 7

Researcher

Phat RiO – BlueRock

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-46242

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Watu Quiz

Researcher

astra.r3verii

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46517

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Blog Manager WP

Researcher

Nabil Irawan

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46529

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Business Contact Widget

Researcher

Nabil Irawan

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-43834

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
cookieBAR

Researcher

Nabil Irawan

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46523

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
COVID-19 (Coronavirus) Update Your Customers

Researcher

Nguyen Ngoc Quang Bach (maysbachs)

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46451

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Floating Social Bar

Researcher

Nabil Irawan

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46533

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Landing pages and Domain aliases for WordPress

Researcher

Nabil Irawan

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-3435

Patch Status
Patched

Published
Apr 23, 2025

Affected Software
Mang Board WP

Researcher

nquangit

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46261

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Seriously Simple Podcasting

Researcher

Trương Hữu Phúc (truonghuuphuc)

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46229

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Textmetrics

Researcher

Nabil Irawan

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46250

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm

Researcher

0xVenus

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46525

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WP Cookie Consent

Researcher

Nabil Irawan

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46541

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WP-reCAPTCHA-bp

Researcher

Nabil Irawan

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-46521

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WS Force Login Page

Researcher

Nabil Irawan

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-3915

Patch Status
Patched

Published
Apr 25, 2025

Affected Software
Aeropage Sync for Airtable

Researcher

Chuck

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46231

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
affiliate-toolkit – WP Affiliate Plugin with Amazon

Researcher

stealthcopter

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46513

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier

Researcher

Nabil Irawan

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-39371

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Author Box Plugin With Different Description

Researcher

johska

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46528

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Availability Calendar

Researcher

johska

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46492

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Call Now PHT Blog

Researcher

johska

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-39376

Patch Status
Unpatched

Published
Apr 22, 2025

Affected Software
Car Park Booking System for WordPress

Researcher

Ananda Dhakal

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46245

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
CM Ad Changer – A simple tool to control and optimize your site’s banners

Researcher

ch4r0n

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46246

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
CM Answers – Easy-to-use forum to grow your WP community

Researcher

ch4r0n

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46535

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Custom Login and Registration

Researcher

Nguyen Ngoc Quang Bach (maysbachs)

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46232

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Alt Text AI – Automatically generate image alt text for SEO and accessibility

Researcher

Trương Hữu Phúc (truonghuuphuc)

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-39375

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
Easy Child Theme Creator

Researcher

Nguyen Xuan Chien

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46530

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Hacklog Remote Attachment

Researcher

johska

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-39398

Patch Status
Unpatched

Published
Apr 22, 2025

Affected Software
bellevuex

Researcher

Ananda Dhakal

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46519

Patch Status
Patched

Published
Apr 24, 2025

Affected Software
Media Library Downloader

Researcher

ch4r0n

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46466

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Modern Polls

Researcher

Skalucy

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46497

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Navegg Analytics

Researcher

johska

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46499

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
PayPal Express Checkout

Researcher

johska

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46243

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Recover abandoned cart for WooCommerce

Researcher

ch4r0n

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46436

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
SCSS-Library

Researcher

Nguyen Xuan Chien

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46249

Patch Status
Patched

Published
Apr 22, 2025

Affected Software
Simple calendar for Elementor

Researcher

haudayroi

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46470

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Smart Hashtags [#hashtagger]

Researcher

domiee13

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46522

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WordPress Tabs

Researcher

johska

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46507

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Unsafe Mimetypes

Researcher

lucky_buddy

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-1284

Patch Status
Unpatched

Published
Apr 23, 2025

Affected Software
Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print)

Researcher

Lucio Sá

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-43835

Patch Status
Unpatched

Published
Apr 25, 2025

Affected Software
wp-cyr-cho | Конвертира кирилски символи в латиниски

Researcher

Nabil Irawan

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46462

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
WPVN – Username Changer

Researcher

Skalucy

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-46498

Patch Status
Unpatched

Published
Apr 24, 2025

Affected Software
Zalo Official Live Chat

Researcher

haudayroi

CVSS Rating
Medium (4.2)

CVE-ID
CVE-2025-3793

Patch Status
Unpatched

Published
Apr 23, 2025

Affected Software
Buddypress Force Password Change

Researcher

kr0d

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 21, 2025 to April 27, 2025) appeared first on Wordfence.

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 21, 2025 to April 27, 2025)

New Firewall Rules Deployed Last Week

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details

Altair <= 5.2.2 – Unauthenticated PHP Object Injection

Arrival <= 1.4.5 – Unauthenticated Local File Inclusion

Capturly <= 2.0.1 – Unauthenticated Local File Inclusion

Checkout Field Visibility for WooCommerce <= 1.2.3 – Unauthenticated Local File Inclusion

CiyaShop <= 4.18.0 – Unauthenticated PHP Object Injection

CWW Portfolio <= 1.3.1 – Unauthenticated Local File Inclusion

Fable Extra <= 1.0.6 – Unauthenticated Local File Inclusion

Flynax Bridge <= 2.2.0 – Unauthenticated Privilege Escalation via Account Takeover

Flynax Bridge <= 2.2.0 – Unauthenticated Privilege Escalation via Password Update

Foodbakery Sticky Cart <= 3.2 – Unauthenticated PHP Object Injection

Grace Mag <= 1.1.5 – Unauthenticated Local File Inclusion

Grand Conference <= 5.2 – Unauthenticated PHP Object Injection

Grand Restaurant WordPress <= 7.0 – Unauthenticated PHP Object Injection

Grand Restaurant WordPress <= 7.0 – Unauthenticated PHP Object Injection via Path Traversal

Hospital Management System <= 47.0(20-11-2023) – Unauthenticated Arbitrary File Upload

License For Envato <= 1.0.0 – Unauthenticated Local File Inclusion

Opstore <= 1.4.5 – Unauthenticated Local File Inclusion

Product Lister for eBay <= 2.0.9 – Unauthenticated Local File Inclusion

Service Finder Bookings <= 5.1 – Unauthenticated Privilege Escalation via ‘nsl_registration_store_extra_input’

SEUR Oficial <= 2.2.23 – Unauthenticated Local File Inclusion

Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 – Unauthenticated Local File Inclusion

SUMO Reward Points <= 30.7.0 – Unauthenticated Local File Inclusion

WP FoodBakery <= 3.3 – Unauthenticated PHP Object Injection

Xews Lite <= 1.0.9 – Unauthenticated Local File Inclusion

Database Toolset <= 1.8.4 – Unauthenticated Arbitrary File Deletion

Aeropage Sync for Airtable <= 3.2.0 – Authenticated (Subscriber+) Arbitrary File Upload

BM Content Builder <= 3.16.2.1 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

Configurator Theme Core <= 1.4.7 – Authenticated (Subscriber+) Privilege Escalation

Crossword Compiler Puzzles <= 5.2 – Authenticated (Subscriber+) Arbitrary File Upload

Frontend Login and Registration Blocks <= 1.0.7 – Authenticated (Subscriber+) Privilege Escalation via Password Reset

Greenshift 11.4 – 11.4.5 – Authenticated (Subscriber+) Arbitrary File Upload

Integração entre Eduzz e Woocommerce 1.5.0 – 1.7.5 – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

My Tickets – Accessible Event Ticketing <= 2.0.16 – Authenticated (Subscriber+) Privilege Escalation

Popup Builder <= 1.1.35 – Authenticated (Subscriber+) Local File Inclusion

Vikinger <= 1.9.30 – Authenticated (Subscriber+) Privilege Escalation via ‘vikinger_user_meta_update_ajax’

wProject < 5.8.0 – Authenticated (Subscriber+) Privilege Escalation

Xelion Webchat <= 9.1.0 – Authenticated (Subscriber+) Arbitrary Options Update

Xpro Elementor Addons – Pro <= 1.4.9 – Authenticated (Contributor+) Remote Code Execution

Verification SMS with TargetSMS <= 1.5 – Unauthenticated Limited Remote Code Execution

Grand Restaurant WordPress <= 7.0 – Missing Authorization to Unauthenticated Arbitrary Options Deletion

WordPress Simple PayPal Shopping Cart <= 5.1.2 – Unauthenticated Information Exposure via file_url Parameter

Edumall <= 4.2.4 – Unauthenticated Local File Inclusion

JobSearch WP Job Board <= 2.8.8 – Authentication Bypass via Social Logins

Jupiter X Core <= 4.8.11 – Unauthenticated PHP Object Injection via PHAR

Plugin Central <= 2.5.1 – Cross-Site Request Forgery to Arbitrary File Deletion

AnalyticsWP <= 2.1.2 – Unauthenticated SQL Injection

Easy Guide <= 1.0.0 – Unauthenticated SQL Injection

Fable Extra <= 1.0.6 – Unauthenticated SQL Injection

Frontend Dashboard <= 2.2.5 – Unauthenticated SQL Injection

Frontend Dashboard <= 2.2.5 – Unauthenticated SQL Injection

Hospital Management System <= 47.0(20-11-2023) – Unauthenticated SQL Injection

Mayosis Core <= 5.4.1 – Unauthenticated Arbitrary File Read

WordPress Simple PayPal Shopping Cart <= 5.1.2 – Unauthenticated Product Price Manipulation

WP HRM LITE <= 1.1 – Unauthenticated SQL Injection

Create custom forms for WordPress with a smart form plugin for smart businesses <= 1.2.4 – Unauthenticated Arbitrary Shortcode Execution

Add custom page template <= 2.0.1 – Authenticated (Administrator+) PHP Code Injection to Remote Code Execution

eForm <= 4.18.0 – Unauthenticated Stored Cross-Site Scripting

Flickr Shortcode Importer <= 2.2.3 – Authenticated (Administrator+) PHP Object Injection

WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 – Authenticated (Administrator+) to Arbitrary File Read and Write

Social Counter <= 2.0.5 – Authenticated (Administrator+) PHP Object Injection

Anps Theme plugin <= 1.1.1 – Unauthenticated Arbitrary Shortcode Execution

Appointment Booking Calendar <= 1.3.92 – Cross-Site Request Forgery to SQL Injection

Appsero Helper <= 1.3.4 – Authenticated (Subscriber+) SQL Injection

ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 – Authenticated (Subscriber+) SQL Injection

FAT Services Booking <= 5.6 – Authenticated (Subscriber+) SQL Injection

Hospital Management System <= 47.0(20-11-2023) – Authenticated (Subscriber+) SQL Injection

Mailing Group Listserv <= 3.0.4 – Authenticated (Subscriber+) SQL Injection

Ocean Extra <= 2.4.6 – Unauthenticated Arbitrary Shortcode Execution

Revy <= 2.1 – Authenticated (Subscriber+) SQL Injection

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 – Unauthenticated Server-Side Request Forgery via URL Parameter

360 View <= 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting