Weekly WP Vulnerabilities: 7/21/25 – 7/27/25

via Wordfence Email

Last week, there were 140 vulnerabilities disclosed in 120 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Table of Contents

Have ServiceNow & WordPress? Purchase ServicePress Core and get ServicePress: Wordfence Security (add-on) for Free.

Wordfence Plugin

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch StatusNumber of Vulnerabilities
Patched46
Unpatched42

Total Vulnerabilities by CVSS Severity Last Week

Severity RatingNumber of Vulnerabilities
Medium Severity59
High Severity23
Critical Severity6

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWENumber of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)35
Missing Authorization14
Cross-Site Request Forgery (CSRF)8
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)8
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)4
Unrestricted Upload of File with Dangerous Type4
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)3
Authentication Bypass Using an Alternate Path or Channel2
Exposure of Sensitive Information to an Unauthorized Actor2
Improper Input Validation2
Absolute Path Traversal1
Dependency on Vulnerable Third-Party Component1
External Control of Assumed-Immutable Web Parameter1
Improper Control of Generation of Code (‘Code Injection’)1
Least Privilege Violation1
Server-Side Request Forgery (SSRF)1

Have ServiceNow & WordPress? Purchase ServicePress Core and get ServicePress: Wordfence Security (add-on) for Free.

Wordfence Plugin

WordPress Themes with Reported Vulnerabilities Last Week

Software NameSoftware Slug
Caliris – Responsive One Page WordPress Themecaliris-wp
cenacena
Educentereducenter
KALLYAS – Creative eCommerce Multi-Purpose WordPress Themekallyas
MinimogWP – The High Converting eCommerce WordPress Thememinimog
Noo JobMonsternoo-jobmonster
VidMov – Video WordPress Themevidmov
Woodmartwoodmart

WordPress Plugins with Reported Vulnerabilities Last Week

Software NameSoftware Slug
Advanced iFrameadvanced-iframe
Affiliate Plusaffiliate-plus
AI Engineai-engine
AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPTartificial-intelligence-auto-content-generator
Birth Chart Compatibilitybirth-chart-compatibility
bSecure – Your Universal Checkoutbsecure
CaptionPixcaptionpix
CM Map Locations – Visualize and share your locations in a few clickscm-map-locations
CRM and Lead Management by vcitacrm-customer-relationship-management-by-vcita
CSS & JavaScript Toolboxcss-javascript-toolbox
Dataverse Integrationintegration-cds
Droipdroip
Ebook Storeebook-store
ElementsKit Elementor Addons and Templateselementskit-lite
Elite Video Playerelite-video-player
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)extensions-for-cf7
Featured Image Plus – Quick & Bulk Edit with Unsplashfeatured-image-plus
Fleetwire Fleet Managementfleetwire-fleet-management
Frontend File Manager Pluginnmedia-user-file-uploader
FunnelCockpitfunnelcockpit
Get Youtube Subsget-youtube-subs
hiWeb Export Postshiweb-export-posts
iThoughts Advanced Code Editorithoughts-advanced-code-editor
Latest Post Accordian Sliderlatest-post-accordian-slider
Like & Share My Sitelike-share-my-site
LoginWP – Prologinwp-pro
Melapress Login Securitymelapress-login-security
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestionswp-memory
muse.ai video embeddingmuse-ai
Nginx Cache Purge Preloadfastcgi-cache-purge-and-preload-nginx
Omnishop – Mobile shop apps complementing your WooCommerce webshopomnishop
ONLYOFFICE Docsonlyoffice
Orion Login with SMSorion-login-with-sms
Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallerypixel-gallery
Post and Page Builder by BoldGrid – Visual Drag and Drop Editorpost-and-page-builder
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builderajax-filter-posts
Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and morepost-smtp
ProfileGrid – User Profiles, Groups and Communitiesprofilegrid-user-profiles-groups-and-communities
ReachShip WooCommerce Multi-Carrier & Conditional Shippingelex-reachship-multi-carrier-conditional-shipping
Realty Portal – Agentrealty-portal-agent
Responsive HTML5 Audio Player PRO With Playlistlbg-audio2-html5
Security Ninja – WordPress Security Plugin & Firewallsecurity-ninja
SEOPress for MainWPseopress-for-mainwp
Simple Business Directory Prosimple-business-directory-pro
Social Streamssocial-streams
Station Pro – Advanced Audio Streaming & Player for WordPressstation-pro
Structured Content (JSON-LD) #wpscstructured-content
Support Boardsupportboard
Supreme Addons for Beaver Builder –supreme-addons-for-beaver-builder-lite
Tablesome Table Premiumtablesome-premium
Taeggie Feedtaeggie-feed
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysisprofitori
Timbertimber-library
Universal Video Player – Addon for WPBakery Page Builderlbg-universal-video-player-addon-visual-composer
User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Pluginuser-registration
Valuation Calculatorcommercial-real-estate-valuation-calculator
Video and Audio Player for WordPress – Mine CloudVod LMSmine-cloudvod
Video Blogster Litevideo-blogster-lite
video-player-youtube-vimeovideo-player-youtube-vimeo
Voltax Video Playervoltax-video-player
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnitionwebinar-ignition
Wonder Sliderwonderplugin-slider
Wonder Slider Litewonderplugin-slider-lite
WooCommerce Point Of Sale (POS)woo-point-of-salepos
WP Applinkwp-applink
WP Get The Tablewp-get-the-table
WP JobHuntwp-jobhunt
WP Links Pagewp-links-page
WP Pipeswp-pipes
WP Shortcodes Plugin — Shortcodes Ultimateshortcodes-ultimate
WP Wallcreeperwp-wallcreeper
WP-Members Membership Pluginwp-members
WPBakery Page Builderjs_composer
WPBookitwpbookit
WPeMatico RSS Feed Fetcherwpematico
YANewsflashyanewsflash

Have ServiceNow & WordPress? Purchase ServicePress Core and get ServicePress: Wordfence Security (add-on) for Free.

Wordfence Plugin

Leave a Reply

Your email address will not be published. Required fields are marked *