(647) 243-4688

Last week, there were 267 vulnerabilities disclosed in 222 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 136 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 35,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

  • WAF-RULE-925 – Data redacted while we work with the vendor on a patch.
  • WAF-RULE-926 – Data redacted while we work with the vendor on a patch.
  • WAF-RULE-927 – Data redacted while we work with the vendor on a patch.
  • WAF-RULE-928 – Data redacted while we work with the vendor on a patch.

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 234
Unpatched 33

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 150
High Severity 104
Critical Severity 13

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 94
Missing Authorization 61
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 26
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 12
Authorization Bypass Through User-Controlled Key 11
Deserialization of Untrusted Data 8
Unrestricted Upload of File with Dangerous Type 8
Cross-Site Request Forgery (CSRF) 6
Exposure of Sensitive Information to an Unauthorized Actor 5
Improper Privilege Management 5
Improper Authentication 4
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 4
Incorrect Privilege Assignment 4
Server-Side Request Forgery (SSRF) 4
Improper Control of Generation of Code (‘Code Injection’) 2
Incorrect Authorization 2
Weak Password Recovery Mechanism for Forgotten Password 2
Authentication Bypass by Alternate Name 1
External Control of File Name or Path 1
Improper Input Validation 1
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) 1
Improper Validation of Specified Quantity in Input 1
Improper Verification of Cryptographic Signature 1
Insufficient Verification of Data Authenticity 1
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 1
Weak Password Requirements 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
22
15
10
8
7
6
6
5
5
4
4
4
4
4
4
4
4
4
4
3
3
3
3
3
3
3
3
3
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
13759cde08eee381719e07adbb4bd3e4
hio

1
1
1
1
1
1
1
1
1
1
1
1
91fa2778357b3c3d842647faa82d01ac
1M4

1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
8c6ee01bd09c541cf8300189e2960e3f
snr

1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery
aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder ablocks
Active Products Tables for WooCommerce. Use constructor to create tables  profit-products-tables-for-woocommerce
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress acymailing
Ad Inserter – Ad Manager & AdSense Ads ad-inserter
Advanced Forms for ACF advanced-forms
Advanced iFrame advanced-iframe
Affiliate Program & Referral Tracking for WooCommerce & WordPress – Affilia affiliaa-affiliate-program-with-mlm
Age Verification & Identity Verification by Token of Trust token-of-trust
Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk thrivedesk
AI ChatBot for WooCommerce with ChatGPT, Retargeting, Exit Intent woowbot-pro-max
AI ChatBot for WooCommerce – WoowBot woowbot-woocommerce-chatbot
AI Copilot – Content Generator ai-copilot-content-generator
Aimogen Pro – All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit aimogen-pro
All-in-One Video Gallery all-in-one-video-gallery
AMP for WP – Accelerated Mobile Pages accelerated-mobile-pages
Anti-Malware Security and Brute-Force Firewall gotmls
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin simply-schedule-appointments
Appointment Booking Plugin – LatePoint | Calendar & Scheduling for WordPress latepoint
Author Box WP Lens author-box-for-divi
Backstage – Customizer Demo Access backstage
Backup and Staging by WP Time Capsule wp-time-capsule
bbp style pack bbp-style-pack
Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More better-payment
BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot betterdocs
Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder bit-form
Block, Suspend, Report for BuddyPress bp-toolkit
Blocks for ACF Fields — Display Custom Fields in the Block Editor acf-field-blocks
Bookero.pl – system rezerwacji online bookeropl
Booking for Appointments and Events Calendar – Amelia ameliabooking
Booking Package booking-package
Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder
Breakdance breakdance
BuddyBoss Platform buddyboss-platform
Bulk Edit Products for WooCommerce – WP Sheet Editor woo-bulk-edit-products
Bulk Order Update for WooCommerce bulk-order-update-for-woocommerce
Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD cart-lift
Catalyst Connect Zoho CRM Client Portal catalyst-connect-client-portal
CF7 Views – Complete Entry Management for Contact Form 7 cf7-views
Chatra Live Chat + ChatBot + Cart Saver chatra-live-chat
Code Engine – PHP Snippets, AI Functions & Automation for WordPress code-engine
Colissimo shipping methods for WooCommerce colissimo-shipping-methods-for-woocommerce
Connect Contact Form 7 to Mailchimp, Brevo, MailerLite & Klaviyo contact-form-7-mailchimp-extension
Contact Form to Chat Apps | Click to Chat to Order – FormyChat social-contact-form
Cookie Banner for GDPR / CCPA – WPLP Cookie Consent gdpr-cookie-consent
CorvusPay WooCommerce Payment Gateway corvuspay-woocommerce-integration
Cost Calculator Builder cost-calculator-builder
Customer Reviews for WooCommerce customer-reviews-woocommerce
Database for Contact Form 7, WPforms, Elementor forms contact-form-entries
DHL eCommerce (Benelux) for WooCommerce dhlpwc
Directorist: AI-Powered Business Directory, Listings & Classified Ads directorist
Divi Form Builder divi-form-builder
Divi Torque Lite – Divi Modules for the Divi Builder & Theme addons-for-divi
Document Gallery document-gallery
Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy dokan-lite
DoLogin Security dologin
Download Manager download-manager
DSGVO All in one for WP dsgvo-all-in-one-for-wp
Easy Appointments easy-appointments
Easy Invoice – Invoice Generator, PDF Quotes & Payments easy-invoice
Easy Upload Files During Checkout easy-upload-files-during-checkout
ElementInvader Addons for Elementor elementinvader-addons-for-elementor
Employee, Leave and Recruitment Management System – Crew HRM hr-management
ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce erp
Essential Addons for Elementor – Popular Elementor Templates & Widgets essential-addons-for-elementor-lite
Event Tickets and Registration event-tickets
Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce
Eventer eventer
Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) wp-event-solution
EventPrime – Events Calendar, Bookings and Tickets eventprime-event-calendar-management
Events Manager – Calendar, Bookings, Tickets, and more! events-manager
Exclusive Addons for Elementor exclusive-addons-for-elementor
Extensions for Leaflet Map extensions-leaflet-map
Flexible Refund for WooCommerce – EU One Click Return flexible-refund-and-return-order-for-woocommerce
FlowForms – Conversational Form Builder flowforms
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder fluentform
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution fluent-crm
Form Vibes – Save Contact Form 7 & Elementor Form Entries to Database form-vibes
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
Free Gifts for WooCommerce free-gifts-for-woocommerce
fresh Podcaster fresh-podcaster
FundEngine – Donation and Crowdfunding Platform wp-fundraising-donation
FunnelKit Funnel Builder Pro funnel-builder-pro
FunnelKit – Funnel Builder for WooCommerce Checkout funnel-builder
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress gamipress
GD Security Headers gd-security-headers
Genolve – Genolve AI Business Graphics, AI Images genolve-toolkit
GEO Plugin by Squirrly SEO squirrly-seo
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) gift-voucher
GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference goodmeet
Groundhogg — CRM, Newsletters, and Marketing Automation groundhogg
GW AI Website Builder gw-ai-website-builder
Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms happyforms
Hide My WP Lite hide-wp-login
Highlighting Code Block highlighting-code-block
Hostel hostel
Houzez Login Register houzez-login-register
Hydra Booking — Appointment Scheduling & Booking Calendar hydra-booking
ICS Calendar ics-calendar
Import and export users and customers import-users-from-csv-with-meta
Instant AI Image Generator – Create & Import Images ai-image
Invoice123 saskaita123-lt
Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress jeg-elementor-kit
JobSearch WP Job Board wp-jobsearch
JoomSport – for Sports: Team & League, Football, Hockey & more joomsport-sports-league-results-management
Jssor Slider by jssor.com jssor-slider
Kirki – Freeform Page Builder, Website Builder & Customizer kirki
KiviCare – Clinic & Patient Management System (EHR) kivicare-clinic-management-system
LA-Studio Element Kit for Elementor lastudio-element-kit
Lockme calendars integration lockme-calendars-integration
LoginPress Pro loginpress-pro
Logo Slider WP – Responsive Logo Carousel, Logo Gallery & Logo Showcase logo-slider-wp
Loops & Logic tangible-loops-and-logic
Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails mail-mint
MailerPress – Newsletter, email marketing & AI automation mailerpress
MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc. mailoptin
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin majestic-support
Mang Board WP mangboard
Members – Membership & User Role Editor Plugin members
Membership For WooCommerce membership-for-woocommerce
Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration ecommerce-user-profiles-by-profilegrid
Message Filter for Contact Form 7 cf7-message-filter
miniOrange OTP Login, Verification and SMS Notifications miniorange-otp-verification
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) miniorange-login-openid
Motors – Car Dealership & Classified Listings Plugin motors-car-dealership-classified-listings
MStore API – Create Native Android & iOS Apps On The Cloud mstore-api
Mux Video Uploader 2coders-integration-mux-video
My Calendar – Accessible Event Manager my-calendar
MyParcel woocommerce-myparcel
Newsletters newsletters-lite
NEX-Forms – Ultimate Forms Plugin for WordPress nex-forms-express-wp-form-builder
Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder the-plus-addons-for-block-editor
Notification for Telegram notification-for-telegram
PDF Builder for WooCommerce. Create invoices,packing slips and more woo-pdf-invoice-builder
PDF Generator for WordPress pdf-generator-for-wp
PDF Invoices & Packing Slips for WooCommerce woocommerce-pdf-invoices-packing-slips
Peach Payments Gateway wc-peach-payments-gateway
picu – Online Photo Proofing Gallery picu
Planyo online reservation system planyo-online-reservation-system
Points and Rewards for WooCommerce points-and-rewards-for-woocommerce
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder popup-maker
Post Export Import with Media post-export-import-with-media
Post Grid Gutenberg Blocks – PostX ultimate-post
Premium Addons for Elementor – Powerful Elementor Templates & Widgets premium-addons-for-elementor
Print, PDF & Email by PrintFriendly printfriendly
Product Addons and Product Options With Custom Fields – WowAddons product-addons
ProfileGrid – User Profiles, Groups and Communities profilegrid-user-profiles-groups-and-communities
Property Hive propertyhive
Proxy & VPN Blocker proxy-vpn-blocker
Razorpay Payment Links for WooCommerce rzp-woocommerce
Real Estate Manager Pro real-estate-manager-pro
Real Testimonials – Testimonial Slider, Collect Customer Reviews and Video Testimonials testimonial-free
Realtyna Organic IDX plugin + WPL Real Estate real-estate-listing-realtyna-wpl
reCAPTCHA for Asgaros Forum recaptcha-for-asgaros-forum
Recurio – Ultimate Subscription for WooCommerce recurio
RT-Theme 18 Responsive WordPress Theme rt18-extensions
Salon Booking System – Free Version salon-booking-system
Simple Business Directory Pro simple-business-directory-pro
Simple Coherent Form simple-coherent-form
Simple File List simple-file-list
Simple JWT Login – Allows you to use JWT on REST endpoints. simple-jwt-login
SimpLy Gallery simply-gallery-block
SiteGround Email Marketing siteground-email-marketing
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin instagram-feed
Social Share, Social Login and Social Comments Plugin – Super Socializer super-socializer
Solace Extra solace-extra
Sprout Invoices – Client Invoicing & Estimates sprout-invoices
Starboard Suite Reservation Calendars starboard-suite-reservation-calendars
Stock Locations for WooCommerce stock-locations-for-woocommerce
Super Forms – Drag & Drop Form Builder super-forms
SupportCandy – AI Customer Support Ticket System & Live Chatbot Agent supportcandy
SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments surecart
SureDash – Community, Courses & Member Dashboard suredash
SurfLink – Link Manager & Backup Restore surflink
Swiss Toolkit For WP swiss-toolkit-for-wp
Sympl Repeater for ACF and Elementor acf-repeater-for-elementor
tagDiv Composer td-composer
tagDiv Opt-In Builder td-subscription
Tainacan tainacan
TH Login Registration themehunk-login-registration
Themify Builder themify-builder
Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin tourfic
Tutor LMS – eLearning and online course solution tutor
Under Construction Page (Pro) under-construction-page
Unlimited Elements For Elementor unlimited-elements-for-elementor
User Frontend: AI Powered Frontend Post Submission, User Directory, User Profile, Membership & User Registration wp-user-frontend
User Management user-management
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP userswp
VikBooking Hotel Booking Engine & PMS vikbooking
Vitepos – Point of Sale (POS) for WooCommerce vitepos-lite
W3 Total Cache w3-total-cache
Wallet for WooCommerce woo-wallet
WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce woosquare
WCFM Marketplace – Multivendor Marketplace for WooCommerce wc-multivendor-marketplace
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace wc-multivendor-membership
WCFM – Frontend Manager for WooCommerce wc-frontend-manager
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode coming-soon
White Label CMS white-label-cms
WHMCS Bridge whmcs-bridge
Widget Logic Visual widget-logic-visual
Widgets for Google Reviews wp-reviews-plugin-for-google
Wishlist Member X wishlist-member
WordPress Single Sign-On (SSO) – Multisite Enterprise miniorange-oauth-oidc-single-sign-on
WP Booking System – Booking Calendar Premium wp-booking-system-premium
WP Cost Estimation & Payment Forms Builder lfb-premium
WP Cost Estimation & Payment Forms Builder wp-estimation-form
WP CTA – Call Now Button, Sticky Button & Call to Action Builder easy-sticky-sidebar
WP Easy Pay – Payment and Donation form Builder for Square wp-easy-pay
WP Google Maps Pro wp-google-maps-pro
WP Grid Builder wp-grid-builder
WP Hotel Booking wp-hotel-booking
Wp Js Detect wp-js-detect
WP Learn Manager learn-manager
WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel wp-ultimate-csv-importer
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services chatbot
WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System wp-cafe
WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell wpfunnels
WPJAM Basic wpjam-basic
WPZOOM Portfolio Lite – Filterable Portfolio Plugin wpzoom-portfolio
ووسلام – همگام سازی ووکامرس و باسلام sync-basalam
گرویتی فرم فارسی persian-gravity-forms
多说社会化评论框 duoshuo

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
777 triple-seven
coaching coaching
Context Blog context-blog
Flatsome flatsome
Grand Photography WordPress grandphotography
Open Shop open-shop

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
9.8 (Critical)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

Eventer [eventer]

Researcher

CVSS Rating
9.8 (Critical)
Patch Status
Unpatched
Published
Jul 8, 2026

Affected Software

Houzez Login Register [houzez-login-register]

Researcher

CVSS Rating
9.8 (Critical)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

ProfileGrid – User Profiles, Groups and Communities [profilegrid-user-profiles-groups-and-communities]

Researcher

CVSS Rating
9.8 (Critical)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

Realtyna Organic IDX plugin + WPL Real Estate [real-estate-listing-realtyna-wpl]

Researcher

CVSS Rating
9.1 (Critical)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

Membership For WooCommerce [membership-for-woocommerce]

Researcher

CVSS Rating
9.1 (Critical)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

Simple Coherent Form [simple-coherent-form]

Researcher

CVSS Rating
8.8 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Divi Form Builder [divi-form-builder]

Researcher

CVSS Rating
8.8 (High)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

Researcher

CVSS Rating
8.8 (High)
Patch Status
Unpatched
Published
Jul 10, 2026

Affected Software

Swiss Toolkit For WP [swiss-toolkit-for-wp]

Researcher

CVSS Rating
8.8 (High)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

WHMCS Bridge [whmcs-bridge]

Researcher

CVSS Rating
8.8 (High)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

Widget Logic Visual [widget-logic-visual]

Researcher

CVSS Rating
8.8 (High)
Patch Status
Patched
Published
Jul 9, 2026

CVSS Rating
8.8 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

WP Grid Builder [wp-grid-builder]

Researcher

CVSS Rating
8.8 (High)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

Researcher

CVSS Rating
8.1 (High)
Patch Status
Unpatched
Published
Jul 9, 2026

Affected Software

777 [triple-seven]

Researcher

CVSS Rating
8.1 (High)
Patch Status
Unpatched
Published
Jul 9, 2026

Affected Software

Grand Photography WordPress [grandphotography]

CVSS Rating
8.1 (High)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

LoginPress Pro [loginpress-pro]

CVSS Rating
8.1 (High)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

LoginPress Pro [loginpress-pro]

CVSS Rating
8.1 (High)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

LoginPress Pro [loginpress-pro]

CVSS Rating
8.1 (High)
Patch Status
Unpatched
Published
Jul 6, 2026

Affected Software

Researcher

CVSS Rating
8.1 (High)
Patch Status
Unpatched
Published
Jul 6, 2026

Affected Software

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

AI Copilot – Content Generator [ai-copilot-content-generator]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 8, 2026

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Booking Package [booking-package]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

BuddyBoss Platform [buddyboss-platform]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

Eventer [eventer]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 9, 2026

Affected Software

Hide My WP Lite [hide-wp-login]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Simple Business Directory Pro [simple-business-directory-pro]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

Tainacan [tainacan]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

W3 Total Cache [w3-total-cache]

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 10, 2026

Researcher

CVSS Rating
7.5 (High)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

WPJAM Basic [wpjam-basic]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Breakdance [breakdance]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

coaching [coaching]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

CorvusPay WooCommerce Payment Gateway [corvuspay-woocommerce-integration]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Document Gallery [document-gallery]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

ElementInvader Addons for Elementor [elementinvader-addons-for-elementor]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

EventPrime – Events Calendar, Bookings and Tickets [eventprime-event-calendar-management]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

Extensions for Leaflet Map [extensions-leaflet-map]

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Free Gifts for WooCommerce [free-gifts-for-woocommerce]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

FunnelKit Funnel Builder Pro [funnel-builder-pro]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

GD Security Headers [gd-security-headers]

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

ICS Calendar [ics-calendar]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

JobSearch WP Job Board [wp-jobsearch]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Motors – Car Dealership & Classified Listings Plugin [motors-car-dealership-classified-listings]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Newsletters [newsletters-lite]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

NEX-Forms – Ultimate Forms Plugin for WordPress [nex-forms-express-wp-form-builder]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

Property Hive [propertyhive]

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Proxy & VPN Blocker [proxy-vpn-blocker]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Real Estate Manager Pro [real-estate-manager-pro]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

SiteGround Email Marketing [siteground-email-marketing]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Unpatched
Published
Jul 6, 2026

Affected Software

tagDiv Opt-In Builder [td-subscription]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

Themify Builder [themify-builder]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

Unlimited Elements For Elementor [unlimited-elements-for-elementor]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

WP Google Maps Pro [wp-google-maps-pro]

Researcher

CVSS Rating
7.2 (High)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

WPJAM Basic [wpjam-basic]

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

JoomSport – for Sports: Team & League, Football, Hockey & more [joomsport-sports-league-results-management]

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

KiviCare – Clinic & Patient Management System (EHR) [kivicare-clinic-management-system]

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

KiviCare – Clinic & Patient Management System (EHR) [kivicare-clinic-management-system]

Researcher

CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Under Construction Page (Pro) [under-construction-page]

CVSS Rating
6.5 (Medium)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

AI ChatBot for WooCommerce – WoowBot [woowbot-woocommerce-chatbot]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

All-in-One Video Gallery [all-in-one-video-gallery]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Author Box WP Lens [author-box-for-divi]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

bbp style pack [bbp-style-pack]

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 6, 2026

Affected Software

Exclusive Addons for Elementor [exclusive-addons-for-elementor]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Flexible Refund for WooCommerce – EU One Click Return [flexible-refund-and-return-order-for-woocommerce]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jul 10, 2026

Affected Software

fresh Podcaster [fresh-podcaster]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

FunnelKit Funnel Builder Pro [funnel-builder-pro]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

Hostel [hostel]

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Loops & Logic [tangible-loops-and-logic]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

SimpLy Gallery [simply-gallery-block]

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

PDF Generator for WordPress [pdf-generator-for-wp]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 6, 2026

Affected Software

reCAPTCHA for Asgaros Forum [recaptcha-for-asgaros-forum]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Starboard Suite Reservation Calendars [starboard-suite-reservation-calendars]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

Sympl Repeater for ACF and Elementor [acf-repeater-for-elementor]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Themify Builder [themify-builder]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Themify Builder [themify-builder]

Researcher

CVSS Rating
6.4 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Wishlist Member X [wishlist-member]

Researcher

CVSS Rating
6.3 (Medium)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

TH Login Registration [themehunk-login-registration]

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Bopo – WooCommerce Product Bundle Builder [bopo-woo-product-bundle-builder]

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Unpatched
Published
Jul 6, 2026

Affected Software

Flatsome [flatsome]

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

ICS Calendar [ics-calendar]

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Mang Board WP [mangboard]

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Unpatched
Published
Jul 6, 2026

Affected Software

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

Simple File List [simple-file-list]

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Unpatched
Published
Jul 6, 2026

Affected Software

tagDiv Composer [td-composer]

Researcher

CVSS Rating
6.1 (Medium)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

WP Hotel Booking [wp-hotel-booking]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Abandoned Cart Recovery for WooCommerce [woo-abandoned-cart-recovery]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

Advanced Forms for ACF [advanced-forms]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

Bulk Order Update for WooCommerce [bulk-order-update-for-woocommerce]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Context Blog [context-blog]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Cost Calculator Builder [cost-calculator-builder]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Event Tickets Manager for WooCommerce [event-tickets-manager-for-woocommerce]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 6, 2026

Affected Software

Flatsome [flatsome]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Peach Payments Gateway [wc-peach-payments-gateway]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

User Management [user-management]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Unpatched
Published
Jul 9, 2026

Affected Software

WordPress Single Sign-On (SSO) – Multisite Enterprise [miniorange-oauth-oidc-single-sign-on]

Researcher

CVSS Rating
5.3 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

WP Hotel Booking [wp-hotel-booking]

Researcher

CVSS Rating
4.9 (Medium)
Patch Status
Unpatched
Published
Jul 10, 2026

Affected Software

Catalyst Connect Zoho CRM Client Portal [catalyst-connect-client-portal]

Researcher

CVSS Rating
4.9 (Medium)
Patch Status
Patched
Published
Jul 7, 2026

Researcher

CVSS Rating
4.9 (Medium)
Patch Status
Patched
Published
Jul 12, 2026

Affected Software

گرویتی فرم فارسی [persian-gravity-forms]

Researcher

CVSS Rating
4.4 (Medium)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

Highlighting Code Block [highlighting-code-block]

CVSS Rating
4.4 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Lockme calendars integration [lockme-calendars-integration]

CVSS Rating
4.4 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

White Label CMS [white-label-cms]

Researcher

CVSS Rating
4.4 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Widgets for Google Reviews [wp-reviews-plugin-for-google]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 12, 2026

Affected Software

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

DSGVO All in one for WP [dsgvo-all-in-one-for-wp]

Researchers

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

Easy Appointments [easy-appointments]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 9, 2026

Affected Software

GW AI Website Builder [gw-ai-website-builder]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Mux Video Uploader [2coders-integration-mux-video]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Open Shop [open-shop]

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 10, 2026

Affected Software

Points and Rewards for WooCommerce [points-and-rewards-for-woocommerce]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 8, 2026

Affected Software

Stock Locations for WooCommerce [stock-locations-for-woocommerce]

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 12, 2026

CVSS Rating
4.3 (Medium)
Patch Status
Patched
Published
Jul 7, 2026

Affected Software

Researcher

CVSS Rating
4.3 (Medium)
Patch Status
Unpatched
Published
Jul 7, 2026

Affected Software

Wp Js Detect [wp-js-detect]

Researcher


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (July 6, 2026 to July 12, 2026) appeared first on Wordfence.