(647) 243-4688

Last week, there were 246 vulnerabilities disclosed in 179 WordPress Plugins and 40 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 100 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 35,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 158
Unpatched 88

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 150
High Severity 87
Critical Severity 9

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 87
Missing Authorization 50
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 25
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 19
Authorization Bypass Through User-Controlled Key 12
Cross-Site Request Forgery (CSRF) 12
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 11
Exposure of Sensitive Information to an Unauthorized Actor 7
Deserialization of Untrusted Data 4
Improper Control of Generation of Code (‘Code Injection’) 4
Improper Privilege Management 3
Server-Side Request Forgery (SSRF) 3
Unrestricted Upload of File with Dangerous Type 3
External Control of File Name or Path 2
Improper Authentication 1
Improper Neutralization of CRLF Sequences (‘CRLF Injection’) 1
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) 1
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
34
18
14
13
12
7
5
5
5
5
5
4
4
4
4
4
4
3
3
3
3
3
3
2
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
5b840087cae0a13b411eb404ad102a47
Yat

1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Academy LMS academy
Ad Inserter – Ad Manager & AdSense Ads ad-inserter
Admin and Site Enhancements (ASE) Pro admin-site-enhancements-pro
Advanced Booking & Appointment System – Webba Booking Calendar webba-booking-lite
Advanced Contact form 7 DB advanced-cf7-db
Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking
Ajax Load More – Filters ajax-load-more-filters
ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce woo-alidropship
ApplyOnline – Application Form Builder and Manager apply-online
Appointment Booking Calendar appointment-booking-calendar
Appointment Booking Plugin – LatePoint | Calendar & Scheduling for WordPress latepoint
Appointment Bookings for Zoom GoogleMeet and more – Wappointment wappointment
AR for WooCommerce ar-for-woocommerce
AR for WordPress ar-for-wordpress
ARforms arforms
ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup armember
Automotive Listings automotive
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net woo-bulk-editor
Blocksy Companion blocksy-companion
Blocksy Companion Pro blocksy-companion-pro
Booked – Appointment Booking for WordPress booked
Booking calendar, Appointment Booking System booking-calendar
BookingPress Appointment Booking Pro bookingpress-appointment-booking-pro
Business Directory Plugin – Easy Listing Directories for WordPress business-directory-plugin
Classified Listing – AI-Powered Classified ads & Business Directory classified-listing
CM Business Directory – Optimise and showcase local business cm-business-directory
CodePeople Post Map for Google Maps codepeople-post-map
Colissimo shipping methods for WooCommerce colissimo-shipping-methods-for-woocommerce
Comments – wpDiscuz wpdiscuz
Cookie Banner for GDPR / CCPA – WPLP Cookie Consent gdpr-cookie-consent
CrawlWP SEO – Instant Search Engine Indexing & SEO Performance Monitor mihdan-index-now
CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x woo-multi-currency
Custom Field Template custom-field-template
Custom Payment Gateways for WooCommerce custom-payment-gateways-woocommerce
cws-svgicons cws-svgicons
Database for Contact Form 7, WPforms, Elementor forms contact-form-entries
Divi Form Builder divi-form-builder
Dokan Pro dokan-pro
Download Manager download-manager
eCommerce Product Catalog Plugin for WordPress ecommerce-product-catalog
Editorial Rating – Product Review & Rating System editorial-rating
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress email-subscribers
Embed Privacy embed-privacy
Enable Media Replace enable-media-replace
Envision Page Builder – A collection of WordPress Gutenberg blocks & templates envision-page-builder
Envo’s Templates & Widgets for Elementor and WooCommerce envo-elementor-for-woocommerce
Event Organiser event-organiser
EventON (Pro) – WordPress Virtual Event Calendar Plugin eventON
Exclusive Addons for Elementor exclusive-addons-for-elementor
Export User Data export-user-data
ez Form Calculator Premium ez-form-calculator-premium
Five Star Business Profile and Schema business-profile
FormLayer formlayer
FV Flowplayer Video Player fv-wordpress-flowplayer
GD Rating System gd-rating-system
GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content geeky-bot
GenerateBlocks generateblocks
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory geodirectory
GiveWP – Donation Plugin and Fundraising Platform give
Golo Framework golo-framework
Groundhogg — CRM, Newsletters, and Marketing Automation groundhogg
HandL UTM Grabber / Tracker handl-utm-grabber
Heateor Social Login WordPress heateor-social-login
Houzez Property Feed houzez-property-feed
HubSpot All-In-One Marketing – Forms, Popups, Live Chat leadin
Image Optimization – Compress Images and Convert to WebP or AVIF image-optimization
iNET Webkit inet-webkit
Insert Pages insert-pages
Internal Links Manager seo-automated-link-building
Japanized for WooCommerce woocommerce-for-japan
JetFormBuilder — Dynamic Blocks Form Builder jetformbuilder
JetWidgets For Elementor jetwidgets-for-elementor
JoomSport – for Sports: Team & League, Football, Hockey & more joomsport-sports-league-results-management
JSON API User json-api-user
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor kadence-blocks
Kali Forms — Contact Form & Drag-and-Drop Builder kali-forms
Kirki – Freeform Page Builder, Website Builder & Customizer kirki
Kit (formerly ConvertKit) for WooCommerce convertkit-for-woocommerce
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages page-builder-add
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses learnpress
Link Whisper Free link-whisper
Link Whisper Premium link-whisper-premium
MainWP Dashboard: Self-hosted WordPress Management for Agencies mainwp
MasterStudy LMS WordPress Plugin – for Online Courses and Education masterstudy-lms-learning-management-system
MeetingHub – Webinar & Meeting Plugin for Zoom, Google Meet, Webex, Microsoft Teams, & Jitsi Meet meetinghub
Module PRO modula
MoreConvert Wishlist for WooCommerce smart-wishlist-for-more-convert
Mosaic Gallery – Advanced Gallery mosaic-gallery-advanced-gallery
MotoPress Appointment Booking motopress-appointment-lite
MotoPress Hotel Booking motopress-hotel-booking-lite
Motors – Car Dealership & Classified Listings Plugin motors-car-dealership-classified-listings
My Calendar – Accessible Event Manager my-calendar
NewsPlus Shortcodes newsplus-shortcodes
NEX-Forms – Ultimate Forms Plugin for WordPress nex-forms-express-wp-form-builder
Ninja Forms – File Uploads ninja-forms-uploads
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
Novalnet Payment Gateway for WooCommerce woocommerce-novalnet-gateway
NOWPayments for WooCommerce – Crypto Payment Gateway nowpayments-for-woocommerce
OpenAI Chatbot for WordPress – Helper helper
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization optimole-wp
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction paid-member-subscriptions
Paid Videochat Turnkey Site – HTML5 PPV Live Webcams ppv-live-webcams
pCloud WP Backup pcloud-wp-backup
Perfmatters perfmatters
Permalink Manager for WooCommerce permalink-manager-for-woocommerce
PixMagix – WordPress Image Editor pixmagix
Plugin for Google Analytics by IO technologies io-engagement-analytics
POS Entegratör – Gurmehub Ödeme Eklentisi pos-entegrator
Premium Addons for KingComposer premium-addons-for-kingcomposer
Printcart Web to Print Product Designer for WooCommerce printcart-integration
Private Content private-content
Product Addons and Product Options With Custom Fields – WowAddons product-addons
Product Video Gallery for Woocommerce product-video-gallery-slider-for-woocommerce
ProfileGrid – User Profiles, Groups and Communities profilegrid-user-profiles-groups-and-communities
Qi Blocks qi-blocks
Quads Ads Manager for Google AdSense quick-adsense-reloaded
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker quiz-master-next
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login custom-registration-form-builder-with-submission-manager
Request a Quote – Quote Forms for Any WordPress Site request-a-quote
Reviews Widgets for Google, TripAdvisor, Yelp & Recommendations fb-reviews-widget
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema reviewx
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator feedzy-rss-feeds
RTMKit rometheme-for-elementor
Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization metasync
Sendcloud Shipping sendcloud-connected-shipping
Shopify shopify-plugin
Shopping Cart & eCommerce Store wp-easycart
Shortcodes and extra features for Phlox theme auxin-elements
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization shortpixel-adaptive-images
Simple Link Directory Pro qc-simple-link-directory
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management simple-urls
Simple User Avatar simple-user-avatar
Slider Revolution revslider
Slim SEO – A Fast & Automated SEO Plugin For WordPress slim-seo
SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery sms-alert
Speaker speaker
SportsPress Pro sportspress-pro
Structured Content (JSON-LD) #wpsc structured-content
Struktur Core struktur-core
Surbma | Yoast SEO Breadcrumb Shortcode surbma-yoast-breadcrumb-shortcode
Survey Maker by AYS survey-maker
SysBasics Customize My Account for WooCommerce – Live My Account Customizer customize-my-account-for-woocommerce
Taskbuilder – Project Management & Task Management Tool With Kanban Board taskbuilder
Tax Exempt for WooCommerce woocommerce-tax-exempt-plugin
Team Members – Multi Language Supported Team Plugin team-showcase-supreme
TheGem Theme Elements thegem-elements-elementor
ThumbPress – Compress Images, Manage Thumbnails, Detect Image Issues, WebP/AVIF, Lazy Loading, Hotlinking & More image-sizes
Timetics – Appointment Booking Calendar & Scheduling System timetics
TinyPNG – JPEG, PNG & WebP image compression tiny-compress-images
Tour Master – Tour Booking, Travel, Hotel tourmaster
Tutor LMS – eLearning and online course solution tutor
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member
Universal Clocks universal-clocks
User Frontend: AI Powered Frontend Posting, User Directory, Profile Builder, Membership & User Registration wp-user-frontend
Video Gallery – YouTube Gallery, Playlist & Video Grid youtube-showcase
VikBooking Hotel Booking Engine & PMS vikbooking
Visualizer – Tables & Charts Manager with Built-in AI Generator visualizer
W3 Total Cache w3-total-cache
Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments wallet-system-for-woocommerce
Webmention webmention
weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot wedocs
WooCommerce Designer Pro wc-designer-pro
Woostify Sites Library woostify-sites-library
WP Database Backup – Unlimited Database & Files Backup by Backup for WP wp-database-backup
WP Debugging wp-debugging
WP Fast Total Search – The Power of Indexed Search fulltext-search
WP Google Review Slider wp-google-places-review-slider
WP Import Export Lite wp-import-export-lite
WP Inventory Manager wp-inventory-manager
WP Photo Album Plus wp-photo-album-plus
WP Review Slider Pro wp-review-slider-pro
WP-BusinessDirectory – Business directory plugin for WordPress wp-businessdirectory
WPAdverts – Classifieds Plugin wpadverts
WPBakery Page Builder Addons by Livemesh addons-for-visual-composer
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services chatbot
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin wpdatatables
WPeMatico RSS Feed Fetcher wpematico
WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More wpforms-lite
WPIDE – File Manager & Code Editor wpide

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Aalto – Architecture and Interior Design WordPress Theme aalto
aqua aqua
Artale | Wedding Photography WordPress artale
Audrey – Fashion WordPress Theme audrey
Automotive Car Dealership Business WordPress Theme automotive
Billey – Creative Portfolio & Agency Elementor WordPress Theme billey
Brook – Agency Business Creative WordPress Theme brook
Corpkit – Business Consulting WordPress Theme corpkit
Dør – Modern Architecture and Interior Design Theme dor
EduMall – Professional LMS Education Center WordPress Theme edumall
Fascinate fascinate
Fitness Zone WordPress Theme fitnesszone
Flatsome flatsome
Flow flow
Kids Life | Children School WordPress kidslife
Kids Zone – Children WordPress Theme kidszone
Kitchor – Interior Design WordPress Theme kitchor
Leedo – Modern, Colorful & Creative Portfolio WordPress Theme leedo
Lighthouse | School for Kids with Disabilities & Special Needs WordPress Theme lighthouseschool
LMS – Education WordPress Theme lms
Martfury – Marketplace Mobile App Figma Template martfury
Motors – Car Dealer, Rental & Listing WordPress theme motors
NativeChurch NativeChurch
Nuss – Hotel Booking WordPress nuss
Overworld – eSports and Gaming WordPress Theme overworld
pearl pearl
Real Estate 7 WordPress realestate-7
SetSail – Travel Agency WordPress Theme setsail
SpaLab | Beauty Salon WordPress Theme spalab
Struktur – Creative Agency WordPress Theme struktur
TheFox | Responsive Multi-Purpose WordPress Theme thefox
Tonda – Elegant Shop WordPress Theme tonda
Trendy Travel WordPress trendytravel
unicamp unicamp
VW Food Corner vw-food-corner
VW Wedding vw-wedding
Werkstatt – Creative Portfolio WordPress Theme werkstatt
Woffice CRM woffice
Zakra zakra
Zegen – Church WordPress Theme zegen

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
9.8 (Critical)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Blocksy Companion [blocksy-companion]

Researcher

CVSS Rating
9.8 (Critical)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Blocksy Companion Pro [blocksy-companion-pro]

Researcher

CVSS Rating
9.8 (Critical)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Divi Form Builder [divi-form-builder]

Researcher

CVSS Rating
9.8 (Critical)
Patch Status
Unpatched
Published
Jul 1, 2026

Affected Software

Private Content [private-content]

Researcher

CVSS Rating
9.8 (Critical)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

ProfileGrid – User Profiles, Groups and Communities [profilegrid-user-profiles-groups-and-communities]

Researcher

CVSS Rating
9.1 (Critical)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

Researcher

CVSS Rating
8.8 (High)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Dokan Pro [dokan-pro]

Researcher

CVSS Rating
8.8 (High)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

CVSS Rating
8.1 (High)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

CVSS Rating
8.1 (High)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Embed Privacy [embed-privacy]

Researcher

CVSS Rating
8.1 (High)
Patch Status
Unpatched
Published
Jun 29, 2026

CVSS Rating
8.1 (High)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Novalnet Payment Gateway for WooCommerce [woocommerce-novalnet-gateway]

Researcher

CVSS Rating
8.1 (High)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

pearl [pearl]

CVSS Rating
8.1 (High)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

W3 Total Cache [w3-total-cache]

Researcher

CVSS Rating
8.0 (High)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

Export User Data [export-user-data]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

aqua [aqua]

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

AR for WooCommerce [ar-for-woocommerce]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

AR for WordPress [ar-for-wordpress]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

BookingPress Appointment Booking Pro [bookingpress-appointment-booking-pro]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Flow [flow]

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Golo Framework [golo-framework]

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 2, 2026

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

NewsPlus Shortcodes [newsplus-shortcodes]

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Perfmatters [perfmatters]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Researcher

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Shopify [shopify-plugin]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

SportsPress Pro [sportspress-pro]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Struktur Core [struktur-core]

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

TheGem Theme Elements [thegem-elements-elementor]

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 2, 2026

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

WP Review Slider Pro [wp-review-slider-pro]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Admin and Site Enhancements (ASE) Pro [admin-site-enhancements-pro]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Ajax Load More – Filters [ajax-load-more-filters]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Researcher

CVSS Rating
7.2 (High)
Patch Status
Unpatched
Published
Jun 30, 2026

Affected Software

CVSS Rating
7.2 (High)
Patch Status
Unpatched
Published
Jun 30, 2026

Affected Software

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

HandL UTM Grabber / Tracker [handl-utm-grabber]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Internal Links Manager [seo-automated-link-building]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Module PRO [modula]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

MoreConvert Wishlist for WooCommerce [smart-wishlist-for-more-convert]

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

NEX-Forms – Ultimate Forms Plugin for WordPress [nex-forms-express-wp-form-builder]

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

NEX-Forms – Ultimate Forms Plugin for WordPress [nex-forms-express-wp-form-builder]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Perfmatters [perfmatters]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Simple Link Directory Pro [qc-simple-link-directory]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Slider Revolution [revslider]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Survey Maker by AYS [survey-maker]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Webmention [webmention]

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

WP Debugging [wp-debugging]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

WP Photo Album Plus [wp-photo-album-plus]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Custom Field Template [custom-field-template]

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

cws-svgicons [cws-svgicons]

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

GD Rating System [gd-rating-system]

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jul 1, 2026

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

iNET Webkit [inet-webkit]

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

MotoPress Appointment Booking [motopress-appointment-lite]

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

CVSS Rating
6.5 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

unicamp [unicamp]

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

WP Inventory Manager [wp-inventory-manager]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Download Manager [download-manager]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Event Organiser [event-organiser]

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Insert Pages [insert-pages]

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

JSON API User [json-api-user]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Mosaic Gallery – Advanced Gallery [mosaic-gallery-advanced-gallery]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

RTMKit [rometheme-for-elementor]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Speaker [speaker]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Surbma | Yoast SEO Breadcrumb Shortcode [surbma-yoast-breadcrumb-shortcode]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

WooCommerce Designer Pro [wc-designer-pro]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

WP Photo Album Plus [wp-photo-album-plus]

CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

WPBakery Page Builder Addons by Livemesh [addons-for-visual-composer]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

Zakra [zakra]

CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

ARforms [arforms]

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

Automotive Listings [automotive]

CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Link Whisper Free [link-whisper]

CVSS Rating
6.1 (Medium)
Patch Status
Unpatched
Published
Jun 30, 2026

CVSS Rating
6.1 (Medium)
Patch Status
Unpatched
Published
Jun 30, 2026

Affected Software

NativeChurch [NativeChurch]

CVSS Rating
6.1 (Medium)
Patch Status
Unpatched
Published
Jun 30, 2026

Affected Software

CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

WP Google Review Slider [wp-google-places-review-slider]

Researcher

CVSS Rating
5.5 (Medium)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

WP Import Export Lite [wp-import-export-lite]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Academy LMS [academy]

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Colissimo shipping methods for WooCommerce [colissimo-shipping-methods-for-woocommerce]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 5, 2026

Affected Software

Exclusive Addons for Elementor [exclusive-addons-for-elementor]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

ez Form Calculator Premium [ez-form-calculator-premium]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Fascinate [fascinate]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 5, 2026

Affected Software

FormLayer [formlayer]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Japanized for WooCommerce [woocommerce-for-japan]

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Kit (formerly ConvertKit) for WooCommerce [convertkit-for-woocommerce]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

MotoPress Appointment Booking [motopress-appointment-lite]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Sendcloud Shipping [sendcloud-connected-shipping]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Universal Clocks [universal-clocks]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

VW Food Corner [vw-food-corner]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

VW Wedding [vw-wedding]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

Woffice CRM [woffice]

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

Woostify Sites Library [woostify-sites-library]

Researcher

CVSS Rating
4.9 (Medium)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

Advanced Shipment Tracking for WooCommerce [woo-advanced-shipment-tracking]

Researcher

CVSS Rating
4.9 (Medium)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

Researcher

CVSS Rating
4.9 (Medium)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Houzez Property Feed [houzez-property-feed]

Researcher

CVSS Rating
4.4 (Medium)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Enable Media Replace [enable-media-replace]

Researcher

CVSS Rating
4.4 (Medium)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Product Video Gallery for Woocommerce [product-video-gallery-slider-for-woocommerce]

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Advanced Contact form 7 DB [advanced-cf7-db]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 30, 2026

Affected Software

Appointment Booking Calendar [appointment-booking-calendar]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jul 1, 2026

Affected Software

Flatsome [flatsome]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jul 1, 2026

Affected Software

Flatsome [flatsome]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 30, 2026

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jul 1, 2026

Affected Software

Heateor Social Login WordPress [heateor-social-login]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Link Whisper Premium [link-whisper-premium]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

MotoPress Hotel Booking [motopress-hotel-booking-lite]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

pCloud WP Backup [pcloud-wp-backup]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Permalink Manager for WooCommerce [permalink-manager-for-woocommerce]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

ProfileGrid – User Profiles, Groups and Communities [profilegrid-user-profiles-groups-and-communities]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Quads Ads Manager for Google AdSense [quick-adsense-reloaded]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 2, 2026

Affected Software

RTMKit [rometheme-for-elementor]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jun 29, 2026

Affected Software

Simple User Avatar [simple-user-avatar]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

Tax Exempt for WooCommerce [woocommerce-tax-exempt-plugin]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 1, 2026

Affected Software

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jun 29, 2026

Affected Software

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jul 2, 2026

Affected Software

Researcher


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 29, 2026 to July 5, 2026) appeared first on Wordfence.