During the reporting period (July 1 – July 8, 2026), 103 WordPress security vulnerabilities were disclosed across plugins, themes, and core. This report aggregates data from the NIST National Vulnerability Database, Wordfence Intelligence, and our own scanning database.
Summary
Table of Contents 108 plugins & components
WordPress Plugin Vulnerabilities (97)
Divi Form Builder
critical
Printcart Web to Print Product Designer for WooCommerce
critical
FileOrganizer
critical
uncanny-automator-pro
critical
WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell
critical
DoLeads Integrator
critical
Simple Coherent Form
critical
Eventer
critical
WP Learn Manager
critical
TheGem Theme Elements
high
Request a Quote
high
Image Optimizer
high
Perfmatters
high
Ninja Forms - File Uploads
high
WP Review Slider Pro
high
WP Database Backup – Unlimited Database & Files Backup by Backup for WP
high
TinyPNG – JPEG, PNG & WebP image compression
high
AR for WordPress
high
NEX-Forms – Ultimate Forms
high
AR for WooCommerce
high
Comments – wpDiscuz
high
Notifications for Forms & WordPress Actions
high
AllCoach
high
Ultimate Member
high
Simple Membership
high
FileOrganizer
high
Admin and Site Enhancements (ASE)
high
Frontend File Manager Plugin
high
AMP for WP – Accelerated Mobile Pages
high
Widget Logic Visual
high
Jssor Slider by jssor.com
high
多说社会化评论框
high
Backstage - Customizer Demo Access
high
WHMCS Bridge
high
DoLogin Security
high
Eventer
high
Appointment Booking Calendar Plugin and Scheduling Plugin
high
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace
high
Tainacan
high
VikBooking Hotel Booking Engine & PMS
high
My Calendar – Accessible Event Manager
high
LatePoint – Calendar Booking Plugin for Appointments and Events
high
VikBooking Hotel Booking Engine & PMS
high
Insert Pages
medium
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter
medium
Envo's Templates & Widgets for Elementor and WooCommerce
medium
User Registration & Membership
medium
Houzez Property Feed
medium
GiveWP – Donation Plugin and Fundraising Platform
medium
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
medium
Product Video Gallery for Woocommerce
medium
My Calendar – Accessible Event Manager
medium
Kirki – Freeform Page Builder, Website Builder & Customizer
medium
JoomSport – for Sports: Team & League, Football, Hockey & more
medium
Kirki – Freeform Page Builder, Website Builder & Customizer
medium
LatePoint – Calendar Booking Plugin for Appointments and Events
medium
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
medium
JetFormBuilder — Dynamic Blocks Form Builder
medium
Groundhogg — CRM, Newsletters, and Marketing Automation
medium
Database for Contact Form 7, WPforms, Elementor forms
medium
Appointment Bookings for Zoom GoogleMeet and more – Wappointment
medium
weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot
medium
weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot
medium
weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot
medium
Cookie Banner for GDPR / CCPA – WPLP Cookie Consent
medium
WP Import Export Lite
medium
Ninja Forms - File Uploads
medium
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
medium
CM Business Directory – Optimise and showcase local business
medium
MotoPress Appointment Booking
medium
JSON API User
medium
RTMKit
medium
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
medium
LatePoint – Calendar Booking Plugin for Appointments and Events
medium
The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x
medium
Ad Inserter – Ad Manager & AdSense Ads
medium
GenerateBlocks
medium
RTMKit (rometheme-for-elementor)
medium
Reviews Widgets for Google, Yelp & TripAdvisor
medium
Exclusive Addons for Elementor
medium
WP Travel Engine
medium
Sympl Repeater for ACF and Elementor
medium
Social Share, Social Login and Social Comments Plugin – Super Socializer
medium
Chatra Live Chat + ChatBot + Cart Saver
medium
User Management
medium
Bulk Order Update for WooCommerce
medium
Wp Js Detect
medium
Website Builder by SeedProd - Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
medium
Recurio – Ultimate Subscription for WooCommerce
medium
Themehunk Login Registration
medium
Advanced iFrame
medium
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin
medium
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration
medium
Essential Addons for Elementor – Popular Elementor Templates & Widgets
medium
Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder
medium
Fluent Forms
low
Adminify
low
WordPress Theme Vulnerabilities (6)
Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon
high
Unauthenticated Cross Site Scripting (XSS) in Fitness Zone
high
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children
high
yootheme
medium
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace
medium
Zakra
medium
WordPress Core Vulnerabilities (0)
No vulnerabilities reported in this category this week.
Recommendations
Install the latest versions of all plugins, themes, and WordPress core.
Turn on automatic updates for minor WordPress releases and plugins where possible.
Deactivate and delete any plugins or themes you no longer use.
Use our free WordPress security scanner to check your site for known vulnerabilities.
Set up uptime monitoring and periodic security scans to catch issues early.
Methodology
This report is compiled automatically from multiple trusted sources:
Tags
Related Posts
WordPress Vulnerability Report: June 26 – July 3, 2026
142 WordPress vulnerabilities disclosed between June 26 – July 3, 2026. 8 critical, 37 high severity. 2 patched, 140 unpatched.
WordPress Vulnerability Report: May 17 – May 24, 2026
81 WordPress vulnerabilities disclosed between May 17 – May 24, 2026. 8 critical, 20 high severity. 2 patched, 79 unpatched.
WordPress Vulnerability Report: May 9 – May 16, 2026
104 WordPress vulnerabilities disclosed between May 9 – May 16, 2026. 6 critical, 23 high severity. 1 patched, 103 unpatched.