Vulnerability Report

WordPress Vulnerability Report: July 10 – July 17, 2026

178 WordPress vulnerabilities disclosed between July 10 – July 17, 2026. 8 critical, 42 high severity. 1 patched, 177 unpatched.

WPSentryJuly 17, 202640 min read

During the reporting period (July 10 – July 17, 2026), 178 WordPress security vulnerabilities were disclosed across plugins, themes, and core. This report aggregates data from the NIST National Vulnerability Database, Wordfence Intelligence, and our own scanning database.

Summary

178
Total
8
Critical
42
High
126
Medium
2
Low
1
Patched
Table of Contents 183 plugins & components

WordPress Plugin Vulnerabilities (177)

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

critical
Vulnerability
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) — Authentication bypass leading to account takeover
Severity
critical Critical risk
Affected Versions
<=7.7.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

User Registration & Membership

critical
Vulnerability
User Registration & Membership — Verify the authenticity of incoming payment-provider webhook notifications before acting on them
Severity
critical Critical risk
Affected Versions
<=5.2.2
CVE Reference
Patch Status
No patch
Source
NVD

Word Count and Social Shares

critical
Vulnerability
Word Count and Social Shares — Validate a user-supplied file path before deletion
Severity
critical Critical risk
Affected Versions
<=1.0
CVE Reference
Patch Status
No patch
Source
NVD

Podlove Podcast Publisher

critical
Vulnerability
Podlove Podcast Publisher — Arbitrary file uploads
Severity
critical Critical risk
Affected Versions
<=4.5.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

SAML Single Sign On – SSO Login

critical
Vulnerability
SAML Single Sign On – SSO Login — Authentication Bypass
Severity
critical Critical risk
Affected Versions
<=5.4.3
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Happy Coders OTP Login for WooCommerce

critical
Vulnerability
Happy Coders OTP Login for WooCommerce — Verify that a one-time password was actually validated before authenticating a user based on a suppl
Severity
critical Critical risk
Affected Versions
<=2.8
CVE Reference
Patch Status
No patch
Source
NVD

Bricksforge

critical
Vulnerability
Bricksforge — Privilege Escalation
Severity
critical Critical risk
Affected Versions
<=3.1.8.6
CVE Reference
Patch Status
No patch
Source
NVD

Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit

critical
Vulnerability
Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit — Privilege Escalation
Severity
critical Critical risk
Affected Versions
<=2.8.4
CVE Reference
Patch Status
No patch
Source
NVD

Hide My WP Lite

high
Vulnerability
Hide My WP Lite — Arbitrary File Read
Severity
high High risk
Affected Versions
<=1.3
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

SEO Plugin by Squirrly SEO

high
Vulnerability
SEO Plugin by Squirrly SEO — Arbitrary Post Creation and Stored Cross-Site Scripting
Severity
high High risk
Affected Versions
<=14.0.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WP Grid Builder

high
Vulnerability
WP Grid Builder — Privilege Escalation
Severity
high High risk
Affected Versions
<=2.3.3
CVE Reference
Patch Status
No patch
Source
NVD

Motors – Car Dealership & Classified Listings Plugin

high
Vulnerability
Motors – Car Dealership & Classified Listings Plugin — Stored Cross-Site Scripting
Severity
high High risk
Affected Versions
<=1.4.112
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel

high
Vulnerability
WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel — Remote Code Execution
Severity
high High risk
Affected Versions
<=8.0.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

LA-Studio Element Kit for Elementor

high
Vulnerability
LA-Studio Element Kit for Elementor — Local File Inclusion
Severity
high High risk
Affected Versions
<=1.6.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Simple JWT Login – Allows you to use JWT on REST endpoints.

high
Vulnerability
Simple JWT Login – Allows you to use JWT on REST endpoints. — Authentication Bypass to Privilege Escalation
Severity
high High risk
Affected Versions
<=3.6.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Booking Package

high
Vulnerability
Booking Package — Generic SQL Injection
Severity
high High risk
Affected Versions
<=1.7.20
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Swiss Toolkit For WP

high
Vulnerability
Swiss Toolkit For WP — Arbitrary file upload
Severity
high High risk
Affected Versions
<=1.4.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Planyo Online Reservation System

high
Vulnerability
Planyo Online Reservation System — Server-Side Request Forgery leading to Local File Inclusion
Severity
high High risk
Affected Versions
<=3.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Form Vibes – Database Manager for Forms

high
Vulnerability
Form Vibes – Database Manager for Forms — Stored Cross-Site Scripting
Severity
high High risk
Affected Versions
<=1.5.2
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

SureCart

high
Vulnerability
SureCart — Privilege escalation
Severity
high High risk
Affected Versions
<=4.2.3
CVE Reference
Patch Status
No patch
Source
NVD

Code Engine

high
Vulnerability
Code Engine — Remote Code Execution
Severity
high High risk
Affected Versions
<=0.3.5
CVE Reference
Patch Status
No patch
Source
NVD

Essential Addons for Elementor – Popular Elementor Templates & Widgets

high
Vulnerability
Essential Addons for Elementor – Popular Elementor Templates & Widgets — Authenticated Account Takeover
Severity
high High risk
Affected Versions
<=6.6.10
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales

high
Vulnerability
WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales — Time-based blind SQL Injection
Severity
high High risk
Affected Versions
<=2.2.2
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

CorvusPay WooCommerce Payment Gateway

high
Vulnerability
CorvusPay WooCommerce Payment Gateway — Stored Cross-Site Scripting
Severity
high High risk
Affected Versions
<=2.7.4
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

W3 Total Cache

high
Vulnerability
W3 Total Cache — Directory Traversal
Severity
high High risk
Affected Versions
<=2.9.4
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Genolve – AI image AI video generation

high
Vulnerability
Genolve – AI image AI video generation — Unauthorized modification of data
Severity
high High risk
Affected Versions
<=5.0.5
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

User Registration & Membership

high
Vulnerability
User Registration & Membership — Perform an authorization check on a membership-upgrade action and derives the user to modify from a
Severity
high High risk
Affected Versions
<=5.2.2
CVE Reference
Patch Status
No patch
Source
NVD

Tutor LMS

high
Vulnerability
Tutor LMS — CVE-2026-12275
Severity
high High risk
Affected Versions
<=3.9.13
CVE Reference
Patch Status
No patch
Source
NVD

Library Management System

high
Vulnerability
Library Management System — Sanitize and escape a user-supplied parameter before using it in a SQL statement
Severity
high High risk
Affected Versions
<=3.5.8
CVE Reference
Patch Status
No patch
Source
NVD

PDF Generator

high
Vulnerability
PDF Generator — Server Side Request Forgery
Severity
high High risk
Affected Versions
<=1.6.2
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Forminator

high
Vulnerability
Forminator — DOM-Based XSS
Severity
high High risk
Affected Versions
<=1.55.0.1
CVE Reference
Patch Status
No patch
Source
NVD

Forminator

high
Vulnerability
Forminator — Path Traversal
Severity
high High risk
Affected Versions
<=1.55.0.2
CVE Reference
Patch Status
No patch
Source
NVD

AI Engine

high
Vulnerability
AI Engine — Sanitize a user-supplied filename before using it to write a downloaded file
Severity
high High risk
Affected Versions
<=3.5.5
CVE Reference
Patch Status
No patch
Source
NVD

Newsletters

high
Vulnerability
Newsletters — Prevent deserialization of untrusted input that is stored through a public form
Severity
high High risk
Affected Versions
<=4.15
CVE Reference
Patch Status
No patch
Source
NVD

Shibboleth

high
Vulnerability
Shibboleth — Fail closed when its HTTP header identity mode is enabled without an anti-spoofing key
Severity
high High risk
Affected Versions
<=2.5.4
CVE Reference
Patch Status
No patch
Source
NVD

Quotes llama

high
Vulnerability
Quotes llama — Properly sanitize and escape a user-supplied parameter before using it in a SQL query
Severity
high High risk
Affected Versions
<=3.1.6
CVE Reference
Patch Status
No patch
Source
NVD

Gravity Forms

high
Vulnerability
Gravity Forms — Directory Traversal
Severity
high High risk
Affected Versions
<=2.10.4
CVE Reference
Patch Status
No patch
Source
NVD

Advance Product Search- Voice & Ajax Search for WooCommerce

high
Vulnerability
Advance Product Search- Voice & Ajax Search for WooCommerce — Generic SQL Injection
Severity
high High risk
Affected Versions
<=1.4.4
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

RPB Chessboard

high
Vulnerability
RPB Chessboard — Stored Cross-Site Scripting
Severity
high High risk
Affected Versions
<=8.1.2
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Redux Framework

high
Vulnerability
Redux Framework — Restrict which user meta keys can be written when saving custom profile fields
Severity
high High risk
Affected Versions
<=4.5.13
CVE Reference
Patch Status
No patch
Source
NVD

Abandoned Cart Lite for WooCommerce

high
Vulnerability
Abandoned Cart Lite for WooCommerce — Protect the integrity of its cart-recovery tokens or bind them to the requesting account
Severity
high High risk
Affected Versions
<=6.8.2
CVE Reference
Patch Status
No patch
Source
NVD

FunnelKit

high
Vulnerability
FunnelKit — Escape a user-supplied parameter before reflecting it into the HTML response of one of its page-buil
Severity
high High risk
Affected Versions
<=3.15.0.6
CVE Reference
Patch Status
No patch
Source
NVD

Digits: WordPress Mobile Number Signup and Login

high
Vulnerability
Digits: WordPress Mobile Number Signup and Login — Privilege Escalation
Severity
high High risk
Affected Versions
<=9.1.0.5
CVE Reference
Patch Status
No patch
Source
NVD

Loco Translate

high
Vulnerability
Loco Translate — Cross-Site Request Forgery
Severity
high High risk
Affected Versions
<=2.8.5
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

high
Vulnerability
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin — Arbitrary file deletion
Severity
high High risk
Affected Versions
<=7.3.1.4
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell

high
Vulnerability
WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell — Privilege Escalation
Severity
high High risk
Affected Versions
<=3.12.8
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Breakdance

high
Vulnerability
Breakdance — Stored Cross-Site Scripting
Severity
high High risk
Affected Versions
<=2.7.1
CVE Reference
Patch Status
No patch
Source
NVD

Kali Forms — Contact Form & Drag-and-Drop Builder

high
Vulnerability
Kali Forms — Contact Form & Drag-and-Drop Builder — Stored Cross-Site Scripting
Severity
high High risk
Affected Versions
<=2.4.18
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

high
Vulnerability
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress — Arbitrary File Upload
Severity
high High risk
Affected Versions
<=4.16.18
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

high
Vulnerability
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses — Sensitive Information Exposure
Severity
high High risk
Affected Versions
<=4.4.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Notification for Telegram

medium
Vulnerability
Notification for Telegram <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Cron Modification via nftb_cron_action_set AJAX Action
Severity
medium Medium risk
Affected Versions
<=3.5.1
CVE Reference
Patch Status
3.5.2
Source
Wordfence
Plugin Page

Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms

medium
Vulnerability
Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms — Local File Inclusion
Severity
medium Medium risk
Affected Versions
<=1.26.12
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Easy Appointments

medium
Vulnerability
Easy Appointments — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=3.12.27
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Highlighting Code Block

medium
Vulnerability
Highlighting Code Block — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=2.2.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

FlowForms – Conversational Form Builder

medium
Vulnerability
FlowForms – Conversational Form Builder — Insecure Direct Object Reference
Severity
medium Medium risk
Affected Versions
<=1.1.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)

medium
Vulnerability
Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=4.1.15
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

GDPR Cookie Consent

medium
Vulnerability
GDPR Cookie Consent — Unauthorized modification of data
Severity
medium Medium risk
Affected Versions
<=4.3.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

medium
Vulnerability
Cookie Banner for GDPR / CCPA – WPLP Cookie Consent — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=4.3.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Import and export users and customers

medium
Vulnerability
Import and export users and customers — Sensitive Information Exposure
Severity
medium Medium risk
Affected Versions
<=2.4.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot

medium
Vulnerability
BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=4.6.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

GW AI Website Builder

medium
Vulnerability
GW AI Website Builder — Unauthorized modification of data
Severity
medium Medium risk
Affected Versions
<=1.0.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Hostel

medium
Vulnerability
Hostel — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=1.1.7
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference

medium
Vulnerability
GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference — Cross-Site Request Forgery
Severity
medium Medium risk
Affected Versions
<=1.1.8
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Easy Upload Files During Checkout

medium
Vulnerability
Easy Upload Files During Checkout — Unauthorized access
Severity
medium Medium risk
Affected Versions
<=3.0.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

ICS Calendar

medium
Vulnerability
ICS Calendar — Reflected Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=12.0.9
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

KiviCare – Clinic & Patient Management System (EHR)

medium
Vulnerability
KiviCare – Clinic & Patient Management System (EHR) — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=4.4.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

medium
Vulnerability
Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=1.24.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

JoomSport – for Sports: Team & League, Football, Hockey & more

medium
Vulnerability
JoomSport – for Sports: Team & League, Football, Hockey & more — Time-based SQL Injection
Severity
medium Medium risk
Affected Versions
<=5.7.9
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress

medium
Vulnerability
Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=5.5
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress

medium
Vulnerability
Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.2.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Invoice123

medium
Vulnerability
Invoice123 — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=1.7.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WordPress Infinite Scroll – Ajax Load More

medium
Vulnerability
WordPress Infinite Scroll – Ajax Load More — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=7.0.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)

medium
Vulnerability
Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=4.1.15
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

UnderConstructionPage PRO

medium
Vulnerability
UnderConstructionPage PRO — Arbitrary File Read
Severity
medium Medium risk
Affected Versions
<=5.76
CVE Reference
Patch Status
No patch
Source
NVD

Points and Rewards for WooCommerce

medium
Vulnerability
Points and Rewards for WooCommerce — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=2.10.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Members – Membership & User Role Editor Plugin

medium
Vulnerability
Members – Membership & User Role Editor Plugin — Sensitive Information Exposure
Severity
medium Medium risk
Affected Versions
<=3.2.22
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin

medium
Vulnerability
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=1.1.9
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

KiviCare – Clinic & Patient Management System (EHR)

medium
Vulnerability
KiviCare – Clinic & Patient Management System (EHR) — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=4.5.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

KiviCare – Clinic & Patient Management System (EHR)

medium
Vulnerability
KiviCare – Clinic & Patient Management System (EHR) — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=4.5.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Lockme OAuth2 calendars integration

medium
Vulnerability
Lockme OAuth2 calendars integration — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=2.11.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

SimpLy Gallery Block & Lightbox

medium
Vulnerability
SimpLy Gallery Block & Lightbox — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.3.3.2
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Mux Video Uploader

medium
Vulnerability
Mux Video Uploader — Sensitive Information Exposure
Severity
medium Medium risk
Affected Versions
<=1.1.4
CVE Reference
Patch Status
No patch
Source
NVD

MyParcel

medium
Vulnerability
MyParcel — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=4.25.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Starboard Suite Reservation Calendars

medium
Vulnerability
Starboard Suite Reservation Calendars — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.1.4
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

medium
Vulnerability
Premium Addons for Elementor – Powerful Elementor Templates & Widgets — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=4.11.84
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

PDF Invoices & Packing Slips for WooCommerce

medium
Vulnerability
PDF Invoices & Packing Slips for WooCommerce — Insecure Direct Object Reference
Severity
medium Medium risk
Affected Versions
<=5.14.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Solace Extra

medium
Vulnerability
Solace Extra — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=1.5.3
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Themify Builder

medium
Vulnerability
Themify Builder — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=7.7.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Themify Builder

medium
Vulnerability
Themify Builder — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=7.7.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base

medium
Vulnerability
ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base — Unauthorized cache deletion
Severity
medium Medium risk
Affected Versions
<=2.1.7
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

SurfLink - Ultimate Link Manager

medium
Vulnerability
SurfLink - Ultimate Link Manager — Unauthorized data modification
Severity
medium Medium risk
Affected Versions
<=2.6.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

AI Chatbot & Workflow Automation by AIWU

medium
Vulnerability
AI Chatbot & Workflow Automation by AIWU — Missing Authorization
Severity
medium Medium risk
Affected Versions
<=1.4.12
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

AI Chatbot & Workflow Automation by AIWU

medium
Vulnerability
AI Chatbot & Workflow Automation by AIWU — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=1.4.12
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Affilia – Affiliate Program & Referral Tracking for WordPress

medium
Vulnerability
Affilia – Affiliate Program & Referral Tracking for WordPress — Unauthorized access
Severity
medium Medium risk
Affected Versions
<=3.3.3
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Notification for Telegram

medium
Vulnerability
Notification for Telegram — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=3.5.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Print, PDF, Email by PrintFriendly

medium
Vulnerability
Print, PDF, Email by PrintFriendly — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=5.5.10
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Catalyst Connect Zoho CRM Client Portal

medium
Vulnerability
Catalyst Connect Zoho CRM Client Portal — Time-based SQL Injection
Severity
medium Medium risk
Affected Versions
<=2.2.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WCFM – Frontend Manager for WooCommerce

medium
Vulnerability
WCFM – Frontend Manager for WooCommerce — Insecure Direct Object Reference
Severity
medium Medium risk
Affected Versions
<=6.7.27
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Cost Calculator Builder

medium
Vulnerability
Cost Calculator Builder — Sensitive Information Exposure
Severity
medium Medium risk
Affected Versions
<=4.0.11
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Widgets for Google Reviews

medium
Vulnerability
Widgets for Google Reviews — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=13.3
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

White Label CMS

medium
Vulnerability
White Label CMS — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=2.7.12
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WP Hotel Booking

medium
Vulnerability
WP Hotel Booking — Insufficient Verification of Data Authenticity
Severity
medium Medium risk
Affected Versions
<=2.3.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Wallet for WooCommerce

medium
Vulnerability
Wallet for WooCommerce — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=1.6.4
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WCFM Marketplace – Multivendor Marketplace for WooCommerce

medium
Vulnerability
WCFM Marketplace – Multivendor Marketplace for WooCommerce — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.7.3
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WP Easy Pay – Payment and Donation form Builder for Square

medium
Vulnerability
WP Easy Pay – Payment and Donation form Builder for Square — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=4.5.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WCFM – Frontend Manager for WooCommerce

medium
Vulnerability
WCFM – Frontend Manager for WooCommerce — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=6.7.27
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

bbp Style Pack

medium
Vulnerability
bbp Style Pack — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=6.4.5
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

fresh Podcaster

medium
Vulnerability
fresh Podcaster — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=1.0.7
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

NEX-Forms – Ultimate Forms

medium
Vulnerability
NEX-Forms – Ultimate Forms — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=9.2.2
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Breeze Cache

medium
Vulnerability
Breeze Cache — Unauthenticated Stored Cross-Site Scripting (XSS)
Severity
medium Medium risk
Affected Versions
<=2.5.6
CVE Reference
Patch Status
No patch
Source
NVD

Database for Contact Form 7, WPforms, Elementor forms

medium
Vulnerability
Database for Contact Form 7, WPforms, Elementor forms — Restrict the PHP classes allowed when unserializing an attacker-supplied form-field value
Severity
medium Medium risk
Affected Versions
<=1.5.2
CVE Reference
Patch Status
No patch
Source
NVD

Tutor LMS

medium
Vulnerability
Tutor LMS — Verify ownership of the targeted quiz attempt before writing to it
Severity
medium Medium risk
Affected Versions
<=3.9.13
CVE Reference
Patch Status
No patch
Source
NVD

Tutor LMS

medium
Vulnerability
Tutor LMS — Perform any authorization or post-target validation before creating a comment in one of its handlers
Severity
medium Medium risk
Affected Versions
<=3.9.13
CVE Reference
Patch Status
No patch
Source
NVD

Tutor LMS

medium
Vulnerability
Tutor LMS — Verify that the requesting user is allowed to edit a target post before overwriting it in one of its
Severity
medium Medium risk
Affected Versions
<=3.9.13
CVE Reference
Patch Status
No patch
Source
NVD

WP Job Portal

medium
Vulnerability
WP Job Portal — Perform capability or ownership checks before
Severity
medium Medium risk
Affected Versions
<=2.5.5
CVE Reference
Patch Status
No patch
Source
NVD

WP Job Portal

medium
Vulnerability
WP Job Portal — Verify ownership when returning an employer's contact email for a given job
Severity
medium Medium risk
Affected Versions
<=2.5.5
CVE Reference
Patch Status
No patch
Source
NVD

Smart Slider 3

medium
Vulnerability
Smart Slider 3 — Sensitive Information Exposure
Severity
medium Medium risk
Affected Versions
<=3.5.1.37
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Avada (Fusion) Builder

medium
Vulnerability
Avada (Fusion) Builder — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.15.5
CVE Reference
Patch Status
No patch
Source
NVD

News Kit Addons For Elementor

medium
Vulnerability
News Kit Addons For Elementor — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=1.4.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

FoodBook Lite - Online Food Ordering System

medium
Vulnerability
FoodBook Lite - Online Food Ordering System — Missing Authorization
Severity
medium Medium risk
Affected Versions
<=1.5.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WP Customer Area

medium
Vulnerability
WP Customer Area — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=8.3.5
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Ultimate Before After Image Slider & Gallery

medium
Vulnerability
Ultimate Before After Image Slider & Gallery — Escape the value of the BEAF Slider widget's shortcode field before outputting it on the front end (
Severity
medium Medium risk
Affected Versions
<=4.7.1
CVE Reference
Patch Status
No patch
Source
NVD

SureForms

medium
Vulnerability
SureForms — Properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payme
Severity
medium Medium risk
Affected Versions
<=2.11.1
CVE Reference
Patch Status
No patch
Source
NVD

WP 2FA

medium
Vulnerability
WP 2FA — Verify that the email address supplied during two-factor authentication setup belongs to the user
Severity
medium Medium risk
Affected Versions
<=3.1.1.2
CVE Reference
Patch Status
No patch
Source
NVD

Academy LMS – WordPress LMS Plugin for Complete eLearning Solution

medium
Vulnerability
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution — Insecure Direct Object Reference
Severity
medium Medium risk
Affected Versions
<=3.8.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Kali Forms — Contact Form & Drag-and-Drop Builder

medium
Vulnerability
Kali Forms — Contact Form & Drag-and-Drop Builder — Verify that a file upload is made against an existing form configured with a file-upload field
Severity
medium Medium risk
Affected Versions
<=2.4.17
CVE Reference
Patch Status
No patch
Source
NVD

Kali Forms — Contact Form & Drag-and-Drop Builder

medium
Vulnerability
Kali Forms — Contact Form & Drag-and-Drop Builder — Perform a per-object capability check in its post-duplication AJAX action
Severity
medium Medium risk
Affected Versions
<=2.4.17
CVE Reference
Patch Status
No patch
Source
NVD

Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages

medium
Vulnerability
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages — Cross-Site Request Forgery
Severity
medium Medium risk
Affected Versions
<=1.5.3.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

List category posts

medium
Vulnerability
List category posts — Sensitive Information Exposure
Severity
medium Medium risk
Affected Versions
<=0.95.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions

medium
Vulnerability
MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=5.0.9
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

MxChat – AI Chatbot & Content Generation for WordPress

medium
Vulnerability
MxChat – AI Chatbot & Content Generation for WordPress — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.2.10
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

GiveWP – Donation Plugin and Fundraising Platform

medium
Vulnerability
GiveWP – Donation Plugin and Fundraising Platform — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=4.16.3
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Catch Themes Demo Import

medium
Vulnerability
Catch Themes Demo Import — Missing Authorization
Severity
medium Medium risk
Affected Versions
<=3.3
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ

medium
Vulnerability
Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.1.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces

medium
Vulnerability
Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces — Reflected Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=7.6.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

SEO Booster

medium
Vulnerability
SEO Booster — Time-based SQL Injection
Severity
medium Medium risk
Affected Versions
<=7.3.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

SEO Booster

medium
Vulnerability
SEO Booster — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=7.3.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

BetterDocs

medium
Vulnerability
BetterDocs — Sanitise an AI-generated documentation summary before storing and outputting it
Severity
medium Medium risk
Affected Versions
<=4.5.5
CVE Reference
Patch Status
No patch
Source
NVD

Appointment Booking Plugin

medium
Vulnerability
Appointment Booking Plugin — Validate a CSRF nonce on several state-changing actions handled by its central request dispatcher
Severity
medium Medium risk
Affected Versions
<=5.6.3
CVE Reference
Patch Status
No patch
Source
NVD

WP Job Portal

medium
Vulnerability
WP Job Portal — Properly sanitize and escape a parameter before using it in a SQL query
Severity
medium Medium risk
Affected Versions
<=2.5.5
CVE Reference
Patch Status
No patch
Source
NVD

AI Engine

medium
Vulnerability
AI Engine — Verify that a user owns the chatbot conversation referenced by a client-supplied identifier
Severity
medium Medium risk
Affected Versions
<=3.5.5
CVE Reference
Patch Status
No patch
Source
NVD

Customer Reviews for WooCommerce

medium
Vulnerability
Customer Reviews for WooCommerce — Perform authentication
Severity
medium Medium risk
Affected Versions
<=5.113.0
CVE Reference
Patch Status
No patch
Source
NVD

Header Footer Builder for Elementor

medium
Vulnerability
Header Footer Builder for Elementor — Require an administrative capability for its dashboard template-import action (it allows any edit_po
Severity
medium Medium risk
Affected Versions
<=1.2.1
CVE Reference
Patch Status
No patch
Source
NVD

FunnelKit

medium
Vulnerability
FunnelKit — Validate a user-supplied path before deleting a file during a template-import operation
Severity
medium Medium risk
Affected Versions
<=3.15.0.6
CVE Reference
Patch Status
No patch
Source
NVD

Tickera – Sell Tickets & Manage Events

medium
Vulnerability
Tickera – Sell Tickets & Manage Events — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=3.6.0.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Tickera – Sell Tickets & Manage Events

medium
Vulnerability
Tickera – Sell Tickets & Manage Events — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.6.0.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Quiz Master Next

medium
Vulnerability
Quiz Master Next — SQL Injection
Severity
medium Medium risk
Affected Versions
<=11.2.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

wpForo Forum

medium
Vulnerability
wpForo Forum — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.1.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Tutor LMS – eLearning and online course solution

medium
Vulnerability
Tutor LMS – eLearning and online course solution — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=4.0.0
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Delicious Recipes

medium
Vulnerability
Delicious Recipes — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=1.10.2
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

medium
Vulnerability
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=8.5.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

SysBasics Customize My Account for WooCommerce – Live My Account Customizer

medium
Vulnerability
SysBasics Customize My Account for WooCommerce – Live My Account Customizer — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=4.4.14
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

The Cache Purger

medium
Vulnerability
The Cache Purger — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=2.3.20
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Themify Builder

medium
Vulnerability
Themify Builder — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=7.7.7
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

medium
Vulnerability
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=8.5.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WP TripAdvisor Review Slider

medium
Vulnerability
WP TripAdvisor Review Slider — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=14.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WP Bulk Delete

medium
Vulnerability
WP Bulk Delete — Generic SQL Injection
Severity
medium Medium risk
Affected Versions
<=1.4.2
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Booking for Appointments and Events Calendar – Amelia

medium
Vulnerability
Booking for Appointments and Events Calendar – Amelia — SQL Injection
Severity
medium Medium risk
Affected Versions
<=2.4.3
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Smart Custom Fields

medium
Vulnerability
Smart Custom Fields — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=5.0.7
CVE Reference
Patch Status
No patch
Source
NVD

Ninja Forms - Excel Export

medium
Vulnerability
Ninja Forms - Excel Export — Insecure Direct Object Reference
Severity
medium Medium risk
Affected Versions
<=3.3.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Ninja Forms - Excel Export

medium
Vulnerability
Ninja Forms - Excel Export — Directory Traversal
Severity
medium Medium risk
Affected Versions
<=3.3.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Fense Proxy & VPN Blocker

medium
Vulnerability
Fense Proxy & VPN Blocker — Unauthorized modification of data
Severity
medium Medium risk
Affected Versions
<=3.0.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

pCloud WP Backup

medium
Vulnerability
pCloud WP Backup — Sensitive Information Exposure
Severity
medium Medium risk
Affected Versions
<=2.0.3
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Ninja Forms - Excel Export

medium
Vulnerability
Ninja Forms - Excel Export — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.3.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce

medium
Vulnerability
ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce — Authorization bypass
Severity
medium Medium risk
Affected Versions
<=1.17.6
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

Kirki – Freeform Page Builder, Website Builder & Customizer

medium
Vulnerability
Kirki – Freeform Page Builder, Website Builder & Customizer — Directory Traversal
Severity
medium Medium risk
Affected Versions
<=6.0.13
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form

medium
Vulnerability
ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form — Stored Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=3.5.1
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

WP Hotel Booking

medium
Vulnerability
WP Hotel Booking — Reflected Cross-Site Scripting
Severity
medium Medium risk
Affected Versions
<=2.3.2
CVE Reference
Patch Status
No patch
Source
NVD
Plugin Page

NEX-Forms

medium
Vulnerability
NEX-Forms — Sanitise and escape some submitted form data before storing it and outputting it back in the admin d
Severity
medium Medium risk
Affected Versions
<=9.2.3
CVE Reference
Patch Status
No patch
Source
NVD

PhonePe Payment Solutions

medium
Vulnerability
PhonePe Payment Solutions — Properly verify the authenticity of incoming payment callbacks: the secret used to validate the call
Severity
medium Medium risk
Affected Versions
<=3.1.0
CVE Reference
Patch Status
No patch
Source
NVD

User Registration & Membership

medium
Vulnerability
User Registration & Membership — Validate that the membership tier submitted during public registration is one of the tiers allowed b
Severity
medium Medium risk
Affected Versions
<=5.2.3
CVE Reference
Patch Status
No patch
Source
NVD

User Registration & Membership

medium
Vulnerability
User Registration & Membership — Perform a capability check for unauthenticated callers on one of its membership payment actions and
Severity
medium Medium risk
Affected Versions
<=5.2.3
CVE Reference
Patch Status
No patch
Source
NVD

WPS Bookings for WooCommerce

medium
Vulnerability
WPS Bookings for WooCommerce — Verify that a booking order belongs to the requesting user before cancelling it
Severity
medium Medium risk
Affected Versions
<=3.11.7
CVE Reference
Patch Status
No patch
Source
NVD

Royal Addons for Elementor

medium
Vulnerability
Royal Addons for Elementor — Check the post status of menu items or the templates they reference in one of its REST endpoints
Severity
medium Medium risk
Affected Versions
<=1.7.1063
CVE Reference
Patch Status
No patch
Source
NVD

AI Copilot

medium
Vulnerability
AI Copilot — Bind OAuth access tokens to a WordPress user
Severity
medium Medium risk
Affected Versions
<=1.5.4
CVE Reference
Patch Status
No patch
Source
NVD

RTMKit

low
Vulnerability
RTMKit — Perform a capability check in one of its AJAX actions and resolves a request-supplied post identifie
Severity
low Low risk
Affected Versions
<=2.0.9
CVE Reference
Patch Status
No patch
Source
NVD

RTMKit

low
Vulnerability
RTMKit — Perform a proper capability check on one of its -builder AJAX actions
Severity
low Low risk
Affected Versions
<=2.0.9
CVE Reference
Patch Status
No patch
Source
NVD

WordPress Theme Vulnerabilities (1)

Context Blog

medium
Vulnerability
Context Blog — Sensitive Information Exposure
Severity
medium Medium risk
Affected Versions
<=1.3.5
CVE Reference
Patch Status
No patch
Source
NVD

WordPress Core Vulnerabilities (0)

No vulnerabilities reported in this category this week.

Recommendations

1
Update immediately
Install the latest versions of all plugins, themes, and WordPress core.
2
Enable auto-updates
Turn on automatic updates for minor WordPress releases and plugins where possible.
3
Remove unused plugins
Deactivate and delete any plugins or themes you no longer use.
4
Run a security scan
Use our free WordPress security scanner to check your site for known vulnerabilities.
5
Monitor regularly
Set up uptime monitoring and periodic security scans to catch issues early.

Methodology

This report is compiled automatically from multiple trusted sources:

NIST National Vulnerability Database (NVD)
CVE records with CVSS severity scores
Wordfence Intelligence
WordPress-specific vulnerability data with patch information
Our Scanning Database
Vulnerabilities detected through active WordPress security scans

Tags

Related Posts