Weekly WP Vulnerabilities: 9/8/25 – 9/14/25

via Wordfence Email

Table of Contents

Wordfence Plugin

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch StatusNumber of Vulnerabilities
Patched46
Unpatched53

Total Vulnerabilities by CVSS Severity Last Week

Severity RatingNumber of Vulnerabilities
Medium Severity78
High Severity17
Critical Severity4

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWENumber of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)34
Cross-Site Request Forgery (CSRF)19
Missing Authorization16
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)11
Unrestricted Upload of File with Dangerous Type4
Authorization Bypass Through User-Controlled Key3
Improper Control of Generation of Code (‘Code Injection’)3
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)2
Server-Side Request Forgery (SSRF)2
Absolute Path Traversal1
Exposure of Sensitive Information to an Unauthorized Actor1
External Control of File Name or Path1
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)1
Use of Hard-coded Credentials1
Wordfence Plugin

WordPress Themes with Reported Vulnerabilities Last Week

Software NameSoftware Slug
ButterBellybutterbelly
Cloriato Litecloriato-lite
ColorWaycolorway
Compasscompass
Doccuredoccure
Dzonia Litedzonia-lite
Goza – Nonprofit Charity WordPress Themegoza-theme
Mowmow
Poloraypoloray
Rethinkrethink
Road Fighterroad-fighter
Themia Litethemia-lite

WordPress Plugins with Reported Vulnerabilities Last Week

Software NameSoftware Slug
Additional Custom Product Tabs for WooCommerceproduct-tabs-for-woocommerce
Admin in English with Switchadmin-in-english-with-switch
Advanced Settings 3advanced-settings
All in one Minifierall-in-one-minifier
Analytics Reduce Bounce Rateanalytics-unbounce
Auto Save Remote Images (Drafts)auto-save-remote-images-drafts
AutoCatSetautocatset
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPressautomatorwp
azurecurve BBCodeazurecurve-bbcode
BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScriptsearchpro
BeyondCart Connectorbeyondcart
Blog Designer For Elementor – Post Slider, Post Carousel, Post Gridblog-designer-for-elementor
Catalog Importer, Scraper & Crawlerintelligent-importer
Categorify – WordPress Media Library Category & File Managercategorify
CatFolders – Tame Your WordPress Media Library by Categorycatfolders
CBX Map for Google Map & OpenStreetMapcbxgooglemap
Certifica WPcertifica-wp
Countdown Timer for Elementorcountdown-timer-for-elementor
Coupon APIcouponapi
Digital Events Calendardigital-events-calendar
Duplicate Page and Postduplicate-wp-page-post
Dynamic Text Field For Contact Form 7dynamic-text-field-for-contact-form-7
eID Easysmart-id
Elements Plus!elements-plus
Embed Google Datastudioembed-google-data-studio
Enhanced BibliPlugenhanced-bibliplug
Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errorsaccessibility-checker
Eveniumevenium
Export WP Page to Static HTML & PDFexport-wp-page-to-static-html
Football Poolfootball-pool
Fortnox for WooCommercewoocommerce-fortnox-integration
Heateor Login – Social Login Pluginheateor-login
Import any XML, CSV or Excel File to WordPresswp-all-import
Include Meinclude-me
Jobifyjobify
LH Signinglh-signing
LWS Cleanerlws-cleaner
Maspik – Ultimate Spam Protectioncontact-forms-anti-spam
Mikado Coremikado-core
Mitfahrgelegenheitmitfahrgelegenheit
Mixtapemixtape
My Tickets – Accessible Event Ticketingmy-tickets
My WP Translatemy-wp-translate
MyBrain Utilitiesmybrain-utilities
NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDNnitropack
PagBank / PagSeguro Connect para WooCommercepagbank-connect
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.netpeachpay-for-woocommerce
PDF Generator for WordPresspdf-generator-for-wp
PhpList Subberphpls
Pixeline’s Email Protectorpixelines-email-protector
Plugin updates blockerplugin-update-blocker
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)powerpack-lite-for-elementor
Propovoice: All-in-One Client Management Systempropovoice
Publish approvalpublish-approval
Resideo Plugin for Resideo – Real Estate WordPress Themeresideo-plugin
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templatesresponsive-addons-for-elementor
Responsive Filterable Portfolioresponsive-filterable-portfolio
Run Logrun-log
Salon Booking System – Free Versionsalon-booking-system
Seo Monsterseo-monster
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor)woolentor-addons
Side Slide Responsive Menuside-slide-responsive-menu
Smartcat Translator for WPMLsmartcat-wpml
Spotify Embed Creatorspotify-embed-creator
Testimonialindianic-testimonial
The Events Calendarthe-events-calendar
The Hack Repair Guy’s Plugin Archiverhackrepair-plugin-archiver
The integration of the AMO.CRMleads-for-amo-crm
ThemeLoom Widgetsthemeloom-widgets
Time Trackertime-tracker
Tutor LMS – eLearning and online course solutiontutor
Ultimate Blogrollultimate-blogroll
Ultimate Classified Listingsultimate-classified-listings
User Meta – User Profile Builder and User management pluginuser-meta
Welcart e-Commerceusc-e-shop
Wilmer Corewilmer-core
WooCommerce Booking Bundle Hourswoo-booking-bundle-hours
Workable Apiwrapper-for-workable-api
WP Blast | SEO & Performance Boosterwpblast
WP Easy FAQswp-easy-faqs
WP eBay Product Feedsebay-feeds-for-wordpress
WP Import – Ultimate CSV XML Importer for WordPresswp-ultimate-csv-importer
WP Mailgun SMTPwp-mailgun-smtp
WP Scriptcasewp-scriptcase
WP SendGrid SMTPwp-sendgrid-smtp
WP-Members Membership Pluginwp-members
WPGYM – WordPress Gym Management Systemgym-management
ZIP Code Based Content Protectionzip-code-based-content-protection
Zoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automationzoho-flow

Have ServiceNow & WordPress?

Purchase ServicePress Core and get ServicePress: Wordfence Security (add-on) for Free.

Wordfence Plugin

Leave a Reply

Your email address will not be published. Required fields are marked *