Last week, there were 139 vulnerabilities disclosed in 116 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 84 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 33,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 109 |
| Unpatched | 30 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 1 |
| Medium Severity | 86 |
| High Severity | 46 |
| Critical Severity | 6 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 48 |
| Missing Authorization | 27 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 15 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 10 |
| Deserialization of Untrusted Data | 9 |
| Cross-Site Request Forgery (CSRF) | 7 |
| Authorization Bypass Through User-Controlled Key | 5 |
| Unrestricted Upload of File with Dangerous Type | 5 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 2 |
| Improper Control of Generation of Code (‘Code Injection’) | 2 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| Embedded Malicious Code | 1 |
| Exposure of Sensitive Information to an Unauthorized Actor | 1 |
| Improper Input Validation | 1 |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) | 1 |
| Improper Privilege Management | 1 |
| Improper Verification of Cryptographic Signature | 1 |
| Incorrect Privilege Assignment | 1 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 9 | |
| 9 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | interactive-3d-flipbook-powered-physics-engine |
| Academy LMS Pro | academy-pro |
| Accept Cryptocurrencies with Plisio | plisio-payment-gateway-for-woocommerce |
| Accessibility Suite by Ability, Inc | online-accessibility |
| Accessibly – WordPress Website Accessibility | otm-accessibly |
| AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress | acymailing |
| Advanced Custom Fields (ACF®) | advanced-custom-fields |
| Age Verification & Identity Verification by Token of Trust | token-of-trust |
| Avada (Fusion) Builder | fusion-builder |
| BackWPup – WordPress Backup & Restore Plugin | backwpup |
| Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) | barcode-scanner-lite-pos-to-manage-products-inventory-and-orders |
| Basic Google Maps Placemarks | basic-google-maps-placemarks |
| bBlocks – Essential Gutenberg Blocks & Patterns Collection | b-blocks |
| Better Find and Replace – AI-Powered Suggestions | real-time-auto-find-and-replace |
| BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | betterdocs |
| Booking Activities | booking-activities |
| Canto | canto |
| Career Section | career-section |
| Categories Images | categories-images |
| Client Portal Pro | leco-client-portal |
| CMP – Coming Soon & Maintenance Plugin by NiteoThemes | cmp-coming-soon-maintenance |
| Coachific Shortcode | coachific-shortcode |
| CodeColorer | codecolorer |
| Content Blocks (Custom Post Widget) | custom-post-widget |
| Contextual Related Posts | contextual-related-posts |
| Custom New User Notification | custom-new-user-notification |
| Customer Reviews for WooCommerce | customer-reviews-woocommerce |
| DirectoryPress – Business Directory And Classified Ad Listing | directorypress |
| Drag and Drop Multiple File Upload for Contact Form 7 | drag-and-drop-multiple-file-upload-contact-form-7 |
| e-shot | e-shot-form-builder |
| Easy Appointments | easy-appointments |
| Email Encoder – Protect Email Addresses and Phone Numbers | email-encoder-bundle |
| EMC – Easily Embed Calendly Scheduling | embed-calendly-scheduling |
| Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | wp-event-solution |
| Events Calendar for GeoDirectory | events-for-geodirectory |
| Flipbox Addon for Elementor | ultimate-flipbox-addon-for-elementor |
| Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | fluentform |
| FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration | fluent-boards |
| Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
| GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | geodirectory |
| Germanized for WooCommerce | woocommerce-germanized |
| Groundhogg — CRM, Newsletters, and Marketing Automation | groundhogg |
| HAPPY – Helpdesk Support Ticket System | happy-helpdesk-support-ticket-system |
| Hostel | hostel |
| Inquiry form to posts or pages | inquiry-form-to-posts-or-pages |
| JetBackup – Backup, Restore & Migrate | backup |
| JetEngine | jet-engine |
| Jupiter X Core | jupiterx-core |
| Katalogportal-pdf-sync Widget | katalogportal-pdf-sync |
| Kubio AI Page Builder | kubio |
| LatePoint – Calendar Booking Plugin for Appointments and Events | latepoint |
| LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | learnpress |
| List View Google Calendar | list-view-google-calendar |
| Livemesh Addons by Elementor | addons-for-elementor |
| Login as User – Switch User & WooCommerce Login as Customer | one-click-login-as-user |
| ManageWP Worker | worker |
| MasterStudy LMS WordPress Plugin – for Online Courses and Education | masterstudy-lms-learning-management-system |
| Meta Box | meta-box |
| MetForm Pro | metform-pro |
| Mini Ajax Cart for WooCommerce | mini-ajax-woo-cart |
| MyRewards | woorewards |
| Nexi XPay | cartasi-x-pay |
| OneSignal – Web Push Notifications | onesignal-free-web-push-notifications |
| OPEN-BRAIN | open-brain |
| Page Builder Gutenberg Blocks – CoBlocks | coblocks |
| Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | wp-user-avatar |
| Payment Gateway for Redsys & WooCommerce Lite | woo-redsys-gateway-light |
| Petje.af | petje-af |
| Plugin: CMS für Motorrad Werkstätten | cms-fuer-motorrad-werkstaetten |
| Post Duplicator | post-duplicator |
| Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | ultimate-post |
| Power Charts – Responsive Beautiful Charts & Graphs | wpgo-power-charts-lite |
| Prismatic | prismatic |
| Product Filter for WooCommerce by WBW | woo-product-filter |
| Product Pricing Table by WooBeWoo | woo-product-pricing-tables |
| Pz-LinkCard | pz-linkcard |
| Quick Interest Slider | quick-interest-slider |
| Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | quiz-master-next |
| Riaxe Product Customizer | riaxe-product-customizer |
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons |
| Royal Elementor Addons Pro | wpr-addons-pro |
| Shipment Tracker for Woocommerce | shipment-tracker-for-woocommerce |
| ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | woolentor-addons |
| Smart Online Order for Clover | clover-online-orders |
| Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts | post-carousel |
| Social Slider Feed | instagram-slider-widget |
| SpeakOut! Email Petitions | speakout |
| Surbma | Booking.com Shortcode | surbma-bookingcom-shortcode |
| Tutor LMS – eLearning and online course solution | tutor |
| Ultra Addons for WPForms | ultra-addons-for-wpforms |
| Unlimited Elements For Elementor | unlimited-elements-for-elementor |
| User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | user-registration |
| User Registration Stripe | user-registration-stripe |
| UserPro – Community and User Profile WordPress Plugin | userpro |
| VI: Include Post By | vi-include-post-by |
| Video Gallery – YouTube Gallery & Responsive Video Playlist | youtube-showcase |
| VideoZen | videozen |
| Visa Acceptance Solutions | visa-acceptance-solutions |
| WCFM Marketplace – Multivendor Marketplace for WooCommerce | wc-multivendor-marketplace |
| WholeSale Products Dynamic Pricing Management WooCommerce | wholesale-products-dynamic-pricing-management-woocommerce |
| WM JqMath | wm-jqmath |
| WooCommerce Product Filters | woocommerce-product-filters |
| WowShipping Pro | table-rate-shipping-pro |
| WP Circliful | wp-circliful |
| WP Customer Area | customer-area |
| WP Directory Kit | wpdirectorykit |
| WP Docs | wp-docs |
| WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters | wp-google-map-plugin |
| WP Photo Album Plus | wp-photo-album-plus |
| WP Shortcodes Plugin — Shortcodes Ultimate | shortcodes-ultimate |
| WP Statistics – Simple, privacy-friendly Google Analytics alternative | wp-statistics |
| WP YouTube Lyte | wp-youtube-lyte |
| wpForo Forum | wpforo |
| WpStream – Live Streaming, Video on Demand, Pay Per View | wpstream |
| WPZOOM Addons for Elementor – Starter Templates & Widgets | wpzoom-elementor-addons |
| Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | youzify |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| ChapterOne – Bookstore and Publisher WordPress Theme | chapterone |
| Eldon – Artist Portfolio WordPress Theme | eldon |
| Eleganzo | eleganzo |
| Laurits – Portfolio and Agency WordPress Theme | laurits |
| LuxeDrive – Limousine and Car Rental WordPress Theme | luxedrive |
| magone | magone |
| Reina – Spa and Wellness WordPress Theme | reina |
| ShiftUp – Car Repair & Auto Services WordPress Theme | shiftup |
| Vantage | vantage |
| WebStack | webstack |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software
Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) [barcode-scanner-lite-pos-to-manage-products-inventory-and-orders]
Researcher
Affected Software
Riaxe Product Customizer [riaxe-product-customizer]
Researcher
Affected Software
Visa Acceptance Solutions [visa-acceptance-solutions]
Researcher
Affected Software
WebStack [webstack]
Researcher
Affected Software
Researcher
Affected Software
Academy LMS Pro [academy-pro]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Career Section [career-section]
Researcher
Affected Software
CMP – Coming Soon & Maintenance Plugin by NiteoThemes [cmp-coming-soon-maintenance]
Researcher
Affected Software
Livemesh Addons by Elementor [addons-for-elementor]
Researcher
Affected Software
Login as User – Switch User & WooCommerce Login as Customer [one-click-login-as-user]
Researcher
Affected Software
WP Customer Area [customer-area]
Researcher
Affected Software
Researcher
Affected Software
ChapterOne – Bookstore and Publisher WordPress Theme [chapterone]
Researcher
Affected Software
Drag and Drop Multiple File Upload for Contact Form 7 [drag-and-drop-multiple-file-upload-contact-form-7]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
LuxeDrive – Limousine and Car Rental WordPress Theme <= 1.4 – Unauthenticated PHP Object Injection
8.1
Affected Software
Researcher
Affected Software
Meta Box [meta-box]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
WooCommerce Product Filters [woocommerce-product-filters]
Researcher
Affected Software
DirectoryPress – Business Directory And Classified Ad Listing [directorypress]
Researcher
Affected Software
Drag and Drop Multiple File Upload for Contact Form 7 [drag-and-drop-multiple-file-upload-contact-form-7]
Researcher
Affected Software
Easy Appointments [easy-appointments]
Researcher
Affected Software
Events Calendar for GeoDirectory [events-for-geodirectory]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Payment Gateway for Redsys & WooCommerce Lite [woo-redsys-gateway-light]
Researcher
Affected Software
Post Duplicator [post-duplicator]
Researcher
Affected Software
Product Filter for WooCommerce by WBW [woo-product-filter]
Researcher
Affected Software
Product Filter for WooCommerce by WBW [woo-product-filter]
Researcher
Affected Software
Riaxe Product Customizer [riaxe-product-customizer]
Researcher
Affected Software
SpeakOut! Email Petitions [speakout]
Researcher
Affected Software
Unlimited Elements For Elementor [unlimited-elements-for-elementor]
Researcher
Affected Software
WP Directory Kit [wpdirectorykit]
Researcher
Affected Software
WP Photo Album Plus [wp-photo-album-plus]
Researcher
Affected Software
Accessibly – WordPress Website Accessibility [otm-accessibly]
Affected Software
Age Verification & Identity Verification by Token of Trust [token-of-trust]
Researcher
BackWPup <= 5.6.6 – Authenticated (Administrator+) Local File Inclusion via ‘block_name’ Parameter
7.2
Affected Software
BackWPup – WordPress Backup & Restore Plugin [backwpup]
Researcher
Affected Software
Researcher
Affected Software
ManageWP Worker [worker]
Researcher
Affected Software
Prismatic [prismatic]
Researcher
Affected Software
Quick Interest Slider [quick-interest-slider]
Researcher
Affected Software
Royal Elementor Addons Pro [wpr-addons-pro]
Researcher
Affected Software
Researcher
Affected Software
Social Slider Feed [instagram-slider-widget]
Researcher
WP Statistics <= 14.16.4 – Unauthenticated Stored Cross-Site Scripting via ‘utm_source’ Parameter
7.2
Affected Software
Researcher
Affected Software
Accessibility Suite by Ability, Inc [online-accessibility]
Researcher
Affected Software
Client Portal Pro [leco-client-portal]
Researcher
Affected Software
Germanized for WooCommerce [woocommerce-germanized]
Researcher
Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education [masterstudy-lms-learning-management-system]
Researcher
Affected Software
Researcher
Affected Software
WCFM Marketplace – Multivendor Marketplace for WooCommerce [wc-multivendor-marketplace]
Researcher
Affected Software
Researcher
Affected Software
wpForo Forum [wpforo]
Researcher
Affected Software
Researcher
Affected Software
Coachific Shortcode [coachific-shortcode]
Researcher
Affected Software
Content Blocks (Custom Post Widget) [custom-post-widget]
Researcher
Affected Software
Contextual Related Posts [contextual-related-posts]
Affected Software
Email Encoder – Protect Email Addresses and Phone Numbers [email-encoder-bundle]
Researcher
Affected Software
EMC – Easily Embed Calendly Scheduling [embed-calendly-scheduling]
Researcher
Affected Software
Flipbox Addon for Elementor [ultimate-flipbox-addon-for-elementor]
Affected Software
Jupiter X Core [jupiterx-core]
Researcher
Affected Software
Livemesh Addons by Elementor [addons-for-elementor]
Researcher
Affected Software
Mini Ajax Cart for WooCommerce [mini-ajax-woo-cart]
Researcher
Affected Software
Page Builder Gutenberg Blocks – CoBlocks [coblocks]
Researcher
Affected Software
Power Charts – Responsive Beautiful Charts & Graphs [wpgo-power-charts-lite]
Researcher
Affected Software
Pz-LinkCard [pz-linkcard]
Researcher
Affected Software
Royal Addons for Elementor – Addons and Templates Kit for Elementor [royal-elementor-addons]
Researcher
Affected Software
Shipment Tracker for Woocommerce [shipment-tracker-for-woocommerce]
Researcher
Affected Software
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin [woolentor-addons]
Researcher
Surbma | Booking.com <= 2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
Affected Software
Surbma | Booking.com Shortcode [surbma-bookingcom-shortcode]
Researcher
Affected Software
Vantage [vantage]
Researcher
Affected Software
VI: Include Post By [vi-include-post-by]
Researcher
Affected Software
Video Gallery – YouTube Gallery & Responsive Video Playlist [youtube-showcase]
Researcher
Affected Software
WM JqMath [wm-jqmath]
Researcher
Affected Software
WP Circliful [wp-circliful]
Researcher
Affected Software
WP Docs [wp-docs]
Researcher
Affected Software
WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters [wp-google-map-plugin]
Researcher
Affected Software
WP Shortcodes Plugin — Shortcodes Ultimate [shortcodes-ultimate]
Researcher
Affected Software
WP YouTube Lyte [wp-youtube-lyte]
Researcher
Affected Software
Researcher
Affected Software
CodeColorer [codecolorer]
Researcher
Affected Software
Customer Reviews for WooCommerce [customer-reviews-woocommerce]
Affected Software
magone [magone]
Researcher
Affected Software
OPEN-BRAIN [open-brain]
Researcher
Affected Software
Product Pricing Table by WooBeWoo [woo-product-pricing-tables]
Researcher
WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.4 – Reflected Cross-Site Scripting
6.1
Affected Software
WPZOOM Addons for Elementor – Starter Templates & Widgets [wpzoom-elementor-addons]
Researcher
Affected Software
Avada (Fusion) Builder [fusion-builder]
Researcher
Affected Software
Better Find and Replace – AI-Powered Suggestions [real-time-auto-find-and-replace]
Researcher
Affected Software
Categories Images [categories-images]
Affected Software
3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery [interactive-3d-flipbook-powered-physics-engine]
Researcher
Affected Software
Accept Cryptocurrencies with Plisio [plisio-payment-gateway-for-woocommerce]
Researcher
Affected Software
Advanced Custom Fields (ACF®) [advanced-custom-fields]
Researcher
Affected Software
Basic Google Maps Placemarks [basic-google-maps-placemarks]
Researcher
Affected Software
Booking Activities [booking-activities]
Researcher
Affected Software
Easy Appointments [easy-appointments]
Researcher
Affected Software
Researcher
Affected Software
HAPPY – Helpdesk Support Ticket System [happy-helpdesk-support-ticket-system]
Researcher
Affected Software
Katalogportal-pdf-sync Widget [katalogportal-pdf-sync]
Researcher
Affected Software
Kubio AI Page Builder [kubio]
Researcher
Affected Software
Researcher
Affected Software
MetForm Pro [metform-pro]
Researcher
Affected Software
Nexi XPay [cartasi-x-pay]
Researcher
Affected Software
Payment Gateway for Redsys & WooCommerce Lite [woo-redsys-gateway-light]
Researcher
Affected Software
Researcher
Affected Software
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker [quiz-master-next]
Researcher
Riaxe Product Customizer <= 2.1.2 – Unauthenticated Arbitrary User Deletion via ‘user_id’ Parameter
5.3
Affected Software
Riaxe Product Customizer [riaxe-product-customizer]
Researcher
Affected Software
Researcher
Affected Software
User Registration Stripe [user-registration-stripe]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Custom New User Notification [custom-new-user-notification]
Researcher
Affected Software
List View Google Calendar [list-view-google-calendar]
Researcher
Affected Software
OPEN-BRAIN [open-brain]
Researcher
Affected Software
VideoZen [videozen]
Researcher
Affected Software
WholeSale Products Dynamic Pricing Management WooCommerce [wholesale-products-dynamic-pricing-management-woocommerce]
Researcher
Affected Software
Avada (Fusion) Builder [fusion-builder]
Researcher
Canto <= 3.1.1 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification
4.3
Affected Software
Canto [canto]
Researcher
Affected Software
Plugin: CMS für Motorrad Werkstätten [cms-fuer-motorrad-werkstaetten]
Researcher
Affected Software
Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) [wp-event-solution]
Researcher
Affected Software
Researcher
Affected Software
Inquiry form to posts or pages [inquiry-form-to-posts-or-pages]
Researcher
Affected Software
Petje.af [petje-af]
Researcher
Affected Software
Researcher
Affected Software
Smart Online Order for Clover [clover-online-orders]
Researcher
Affected Software
Ultra Addons for WPForms [ultra-addons-for-wpforms]
Researcher
Affected Software
Researcher
Affected Software
OneSignal – Web Push Notifications [onesignal-free-web-push-notifications]
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026) appeared first on Wordfence.