Wordfence Intelligence Weekly WordPress Vulnerability Report (February 17, 2025 to February 23, 2025)

Patch Status	Number of Vulnerabilities
Patched	205
Unpatched	103

Severity Rating	Number of Vulnerabilities
Low Severity	2
Medium Severity	227
High Severity	65
Critical Severity	14

Vulnerability Type by CWE	Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	169
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	30
Cross-Site Request Forgery (CSRF)	20
Missing Authorization	20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	15
Deserialization of Untrusted Data	9
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	7
Improper Control of Generation of Code ('Code Injection')	6
Authorization Bypass Through User-Controlled Key	5
Generation of Error Message Containing Sensitive Information	4
Exposure of Sensitive Information to an Unauthorized Actor	3
Improper Access Control	3
Improper Input Validation	3
Unrestricted Upload of File with Dangerous Type	3
Server-Side Request Forgery (SSRF)	2
URL Redirection to Untrusted Site ('Open Redirect')	2
Improper Authorization	1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	1
Incorrect Privilege Assignment	1
Insertion of Sensitive Information into Log File	1
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute	1
Unverified Password Change	1
Use of Cache Containing Sensitive Information	1

Researcher Name	Number of Vulnerabilities
Peter Thaleikis	33
Trương Hữu Phúc (truonghuuphuc)	16
Colin Xu	15
Hassan Khan Yusufzai - Splint3r7	13
0xd4rk5id3	12
SOPROBRO	12
Krzysztof Zając	12
stealthcopter	9
Nguyen Xuan Chien	9
LVT-tholv2k	8
Phat RiO	8
Logan Cote	8
Dmitrii Ignatyev	7
Dimas Maulana	6
Muhammad Yudha - DJ	6
johska	6
Tim Coen	6
mikemyers	6
João Pedro Soares de Alcântara	6
zakaria	5
zer0gh0st	5
Francesco Carlucci	5
zaim	4
theviper17y	4
Lucio Sá	4
Pham Van Tam	4
Bonds	4
Bob Matyas	4
Abdi Pranata	3
Rafie Muhammad	3
Revan Arifio	3
Nguyễn Trung Kiên	3
wesley (wcraft)	3
Joshua Provoste	3
Brian Sans-Souci (liardom)	3
Cristian Bejan (cbejan)	3
vgo0	2
Prissy	2
lucky_buddy	2
Dhabaleshwar Das	2
Webbernaut	2
Tieu Pham Trong Nhan	2
shaman0x01	2
Bassem Essam	2
Kévin Mosbahi (Mika)	2
Frissi0n	2
Hoang Phuc Vo (HrxKnight)	2
Krugov Artyom	2
Ryan Kozak	1
lowol	1
Tran Le Anh Tu	1
Nguyễn Văn Đạt	1
Luciano Hanna	1
Noah Stead (TurtleBurg)	1
thevietronin	1
NAWardRox	1
Rob Banks	1
Webula	1
Hiroho Shimada	1
Thái An	1
tiborisaak	1
Avraham Shemesh	1
astra.r3verii	1
Arkadiusz Hydzik	1
Ananda Dhakal	1
Nishiv	1
abrahack	1
Hakiduck	1
Phan Trong Quan	1
Rein Daelman (trein)	1
José Aguilera	1
Parasimpaticki	1
Max Boll (_b0lli)	1

Software Name	Software Slug
.htaccess Login block	htaccess-login-block
1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone	1-click-migration
17TRACK for WooCommerce	17track
3D Photo Gallery	3d-photo-gallery
A1POST.BG Shipping for WooCommerce	a1post-bg-shipping-for-woocommerce
aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder	ablocks
Accept Donations with PayPal & Stripe	easy-paypal-donation
Actionwear products sync	actionwear-products-sync
Active Products Tables for WooCommerce. Use constructor to create tables	profit-products-tables-for-woocommerce
AcuGIS Leaflet Maps	mapfig-premium-leaflet-map-maker
ADFO – Custom data in admin dashboard	admin-form
Adsmonetizer	adsensei-b30
Affiliate Coupons – Coupon Display Manager – Excellent Tool for Affiliate Marketers	affiliate-coupons
Affiliate Links Manager	affiliate-links-manager
Affiliate Links – Link Cloaking and Management	affiliate-links
All In Menu – Header menu creator	all-in-menu
AMO Team Showcase	amo-team-showcase
Apptivo Business Site	apptivo-business-site
AR for WordPress	ar-for-wordpress
Assistant – Every Day Productivity Apps	assistant
Atarim – Visual Feedback, Review & AI Collaboration	atarim-visual-collaboration
Autoship Cloud for WooCommerce Subscription Products	autoship-cloud
Bandsintown Events	bandsintown
Better Customer List for WooCommerce	woo-better-customer-list
BigBuy Dropshipping Connector for WooCommerce	bigbuy-wc-dropshipping-connector
Booking and Rental Manager for Bike \| Car \| Resort \| Appointment \| Dress \| Equipment	booking-and-rental-manager-for-woocommerce
Booking Package	booking-package
Booking Ultra Pro Appointments Booking Calendar Plugin	booking-ultra-pro
Brevo SMTP – YaySMTP	smtp-sendinblue
Business Card Block – Display Business or Personal Info in Card Format	business-card-block
C9 Admin Dashboard	c9-admin-dashboard
C9 Blocks	c9-blocks
CanadaHelps Embedded Donation Form	embedded-cdn
Categorized Gallery Plugin	categorized-gallery
CATS Job Listings	cats-job-listings
CHATLIVE – Support online chat	chatlive
Coaching Staffs	coaching-staffs
Contact Form Plugin	contact-form-lite
Contact Us By Lord Linus	contact-us-by-lord-linus
Content Blocks (Custom Post Widget)	custom-post-widget
Cookie Notice Bar	cookie-notice-bar
Coronavirus (COVID-19) Notice Message	coronavirus-covid-19-notice-message
Cosmic Blocks (40+) Content Editor Blocks Collection	cosmic-blocks
Countdown Timer	timer-countdown
Countdown Timer Block – Animated Countdown for Events or Launches	countdown-time
Counters Block – Animated Number Counters, Stats & Dynamic KPIs	counters-block
Custom Post Type Date Archives	custom-post-type-date-archives
DB Tables Import/Export	db-tables-importexport
DeBounce Email Validator	debounce-io-email-validator
Delivery Date Time & Pickup for WooCommerce	byconsole-woo-order-delivery-time
Digihood HTML Sitemap	wedesin-html-sitemap
Disable Auto Updates	disable-auto-updates
Doctor Appointment Booking	doctor-appointment-booking
Drivr Lite – Google Drive Plugin	drivr-google-drive-file-picker
Easy Charts	easy-charts
Easy Elementor Addons – Addons Pack for Elementor Page Builder	easy-elementor-addons
Easy Form	easy-form
Easy MLS Listings Import	easy-mls-listings-import
Easy Notify Lite	easy-notify-lite
Easy Quotes	easy-quotes
Easypromos Plugin	easypromos
Ecwid by Lightspeed Ecommerce Shopping Cart	ecwid-shopping-cart
Education Addon for Elementor	education-addon
Elementor Website Builder – more than just a page builder	elementor
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor	elementskit-lite
Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files	embed-any-document
Estatik Mortgage Calculator	estatik-mortgage-calculator
Estatik Real Estate Plugin	estatik
Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)	wp-event-solution
Events Calendar for GeoDirectory	events-for-geodirectory
Events Manager – Calendar, Bookings, Tickets, and more!	events-manager
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI	everest-forms
EZ SQL Reports Shortcode Widget and DB Backup	elisqlreports
Fast Flow	fast-flow-dashboard
File Icons	file-icons
File Uploads Addon for WooCommerce	woo-addon-uploads
FileBird – WordPress Media Library Folders & File Manager	filebird
Flagged Content	flagged-content
Flashfader	flashfader
Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later	flexible-wishlist
Flexmls® IDX Plugin	flexmls-idx
flickr-slideshow-wrapper	flickr-slideshow-wrapper
Fontsampler	fontsampler
FormCraft	formcraft3
Front End Users	front-end-only-users
Frontend Admin by DynamiApps	acf-frontend-form-element
FunnelKit – Funnel Builder for WooCommerce Checkout	funnel-builder
GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law	gdpr-cookie-compliance
GetBookingsWP – Appointments Booking Calendar Plugin For WordPress	get-bookings-wp
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)	gift-voucher
Google Maps GPX Viewer	google-maps-gpx-viewer
GPX Viewer	gpx-viewer
Greenshift – animation and page builder blocks	greenshift-animation-and-page-builder-blocks
Gtbabel	gtbabel
Gumlet Video	gumlet-video
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns	essential-blocks
Head, Footer and Post Injections	header-footer
Icon List Block – Add Icon-Based Lists with Custom Styles	icon-list-block
igumbi Online Booking	igumbi-online-booking
Indeed Ultimate Learning Pro	ulp-duplicate-post-sql-timebased
Info Cards – Add Text and Media in Card Layouts	info-cards
IP2Location Country Blocker	ip2location-country-blocker
K Elements	k-elements
Keap Official Opt-in Forms	infusionsoft-official-opt-in-forms
Kush Micro News	kush-micro-news
Legoeso PDF Manager	legoeso-pdf-manager
Lenix Leads Collector	lenix-elementor-leads-addon
Lexicata	lexicata
Library Bookshelves	library-bookshelves
Limit Bio	limit-bio
List Urls	list-urls
Live css	css-live
Login & Register Customizer – Popup \| Slider \| Inline \| WooCommerce	easy-login-woocommerce
LTL Freight Quotes – ABF Freight Edition	ltl-freight-quotes-abf-freight-edition
LTL Freight Quotes – GlobalTranz Edition	ltl-freight-quotes-globaltranz-edition
LTL Freight Quotes – Old Dominion Edition	ltl-freight-quotes-odfl-edition
LTL Freight Quotes – Purolator Edition	ltl-freight-quotes-purolator-freight-edition
LTL Freight Quotes – R+L Carriers Edition	ltl-freight-quotes-rl-edition
LTL Freight Quotes – SAIA Edition	ltl-freight-quotes-saia-edition
LTL Freight Quotes – SEFL Edition	ltl-freight-quotes-sefl-edition
LTL Freight Quotes – TForce Edition	ltl-freight-quotes-ups-edition
magayo Lottery Results	magayo-lottery-results
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin	majestic-support
Mambo Importer	mambo-joomla-importer
Maps for WP	maps-for-wp
Market Exporter	market-exporter
MemorialDay	memorialday
Mini Course Generator \| Embed mini-courses and interactive content	mini-course-generator
Modal Window – create popup modal window	modal-window
Mortgage Calculator / Loan Calculator	mortgage-loan-calculator
MyTicket Events	myticket-events
Newpost Catch	newpost-catch
Online Payments – Get Paid with PayPal, Square & Stripe	paypal-payment-button-by-vcita
Open Hours – Easy Opening Hours	open-hours
Option Editor	option-editor
Order Limit For WooCommerce ( Free Version )	wc-order-limit-lite
Page and Post Lister	page-and-post-lister
Pago por Redsys	pago-redsys-tpv-grafreak
PeproDev Ultimate Invoice	pepro-ultimate-invoice
Pie Calendar – Events Calendar Made Simple	pie-calendar
Pie Register – User Registration, Profiles & Content Restriction	pie-register
Pinpoint Booking System – Version 2	booking-system
Place Order Without Payment for WooCommerce	wc-place-order-without-payment
Plug your WooCommerce into the largest catalog of customized print products from Helloprint	helloprint
Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls	poll-maker
Pollin	pollin
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)	buddyforms
Post Grid	post-grid
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App	post-smtp
Prime Addons for Elementor	prime-addons-for-elementor
ProfileGrid – User Profiles, Groups and Communities	profilegrid-user-profiles-groups-and-communities
Protected wp-login	protected-wp-login
Pure Chat – Live Chat & More!	pure-chat
QR Code for WooCommerce	wc-qr-codes
Rapid Cache	rapid-cache
Raptive Ads	adthrive-ads
ravpage	ravpage
Reaction Buttons	reaction-buttons
Rebuild Permalinks	rebuild-permalinks
Recipe Card Blocks Lite	recipe-card-blocks-by-wpzoom
Reset – WordPress Database Reset Plugin	reset
Residential Address Detection	residential-address-detection
Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates	responsive-addons-for-elementor
Responsive Flickr Slideshow	mobile-friendly-flickr-slideshow
Restrict Taxonomies	restrict-taxonomies
Rife Extensions & Templates for Elementor	rife-elementor-extensions
Royal Addons for Elementor – Addons and Templates Kit for Elementor	royal-elementor-addons
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions	s2member
S3Bubble Media Streaming (AWS\|Elementor\|YouTube\|Vimeo Functionality)	s3bubble-amazon-web-services-oembed-media-streaming-support
Saoshyant Slider	saoshyant-slider
Schedule	schedule
Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more	scratch-win-giveaways-for-website-facebook
Search with Typesense	search-with-typesense
Secure Client Portal and Private File Sharing Plugin – User Private Files	user-private-files
SEO Tools	seo-automatic-seo-tools
Services Section Block – Showcase Service Details in Grid or Columns	services-section
Shipmozo Courier Tracking	webparex
Shopwarden – Automated WooCommerce monitoring & testing	shopwarden
Show Me The Cookies	show-me-the-cookies
Simple Charts	simple-charts
Simple Email Subscriber	simple-email-subscriber
Simple Map No Api	simple-map-no-api
Simple Photo Feed	simple-photo-feed
Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer)	simple-pricing-tables-vc-extension
Simple Signup Form	simple-signup-form
Simplebooklet PDF Viewer and Embedder	simplebooklet
Small Package Quotes – For Customers of FedEx	small-package-quotes-fedex-edition
Small Package Quotes – Unishippers Edition	small-package-quotes-unishippers-edition
Small Package Quotes – USPS Edition	small-package-quotes-usps-edition
Small Package Quotes – Worldwide Express Edition	small-package-quotes-wwe-edition
SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery	sms-alert
SMTP for Amazon SES – YaySMTP	smtp-amazon-ses
SMTP for SendGrid – YaySMTP	smtp-sendgrid
Social Sharing Plugin – Social Warfare	social-warfare
Social Snap — Social Share Buttons & Click to Tweet	socialsnap
SpeedSize Image & Video AI-Optimizer	speedsize-ai-image-optimizer
SS Quiz	ssquiz
Sticky Content – Make Any Section Sticky on Scroll	sticky-menu-block
Store Locator Widget	store-locator-widget
Strong Testimonials	strong-testimonials
Subscribe2 – Form, Email Subscribers & Newsletters	subscribe2
Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress	super-testimonial
SVG Support	svg-support
System Dashboard	system-dashboard
TCBD Tooltip	tcbd-tooltip
Team Builder For WPBakery Page Builder(Formerly Visual Composer)	team-builder-for-wpbakery-page-builder
Team Builder – Meet the Team	team-display
Team Section Block – Showcase Team Members with Layout Options	team-section
Terms Dictionary	terms-dictionary
Theme File Duplicator	theme-file-duplicator
Threepress	threepress
Tour Master - Tour Booking, Travel, Hotel	tourmaster
Trash Duplicate and 301 Redirect	trash-duplicate-and-301-redirect
Tribulant Gallery Voting	gallery-voting
Typed JS: A typewriter style animation	mrlegend-typedjs
Ultimate Classified Listings – Classifieds, Directory & Marketplace	ultimate-classified-listings
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	ultimate-member
UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included	ultraembed-advanced-iframe
UMich OIDC Login	umich-oidc-login
Uncode Core	uncode-core
Unlimited Elements For Elementor	unlimited-elements-for-elementor
User List	user-list
Variable Inspector	variable-inspector
Visualizer – Tables & Charts Manager with Built-in AI Generator	visualizer
Web Accessibility by accessiBe	accessibe
Web Stories Enhancer – Level Up Your Web Stories	web-stories-enhancer
Widget BUY.BOX	buybox-widget
Wired Impact Volunteer Management	wired-impact-volunteer-management
Wishlist	wishlist
Wonder Video Embed	wonderplugin-video-embed
WOO Codice Fiscale	woo-codice-fiscale
WooCommerce Food - Restaurant Menu & Food ordering	woo-exfood
WooCommerce HTML5 Video	woocommerce-html5-video
WOOEXIM – WooCommerce Export Import Plugin	wooexim
WordPress Photo Gallery – Image Gallery	photo-image-gallery
WordPress Portfolio Builder – Portfolio Gallery	uber-grid
WoWPth	wowpth
WP Click Info	wp-click-info
WP e-Customers Beta	wp-e-customers
WP Job Portal – AI-Powered Recruitment System for Company or Job Board website	wp-job-portal
WP Login Control	wp-login-control
WP Media Category Management	wp-media-category-management
WP Multistore Locator — WP Store Locator Plugin: Effortless Integration With Snazzy Maps	wp-multi-store-locator
WP Responsive Auto Fit Text	wp-responsive-slab-text
WP Templata – WordPress Template Library for Elementor	wptemplata
WP Video Posts	wp-video-posts
WP Wiki Tooltip	wp-wiki-tooltip
WP Yelp Review Slider	wp-yelp-review-slider
WP-Appbox	wp-appbox
WP-Asambleas	wp-asambleas
WP-BibTeX	wp-bibtex
WP-FormAssembly	formassembly-web-forms
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	chatbot
WPExperts Square For GiveWP	wpexperts-square-for-give
WPMobile.App	wpappninja
WPO365 \| MICROSOFT 365 GRAPH MAILER	wpo365-msgraphmailer
WPPizza – A Restaurant Plugin	wppizza
WPrequal	wprequal
WPUpper Share Buttons	wpupper-share-buttons
WPvivid — Backup, Migration & Staging	wpvivid-backuprestore
WPYog Documents	wpyog-documents
XV Random Quotes	xv-random-quotes
Yay! Forms	yayforms
YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports	yaysmtp
YouTube Playlists with Schema	jma-youtube-playlists-with-schema
Zigaform – Form Builder Lite	zigaform-form-builder-lite
Zigaform – Price Calculator & Cost Estimation Form Builder Lite	zigaform-calculator-cost-estimation-form-builder-lite
Ziggeo	ziggeo

Software Name	Software Slug
CarSpot – Dealership Wordpress Classified Theme	carspot
Hostiko - Hosting WordPress & WHMCS Theme	hostiko
Massive Dynamic	massive-dynamic
MediCenter - Health Medical Clinic WordPress Theme	medicenter
pearl	pearl
PressMart - Modern Elementor WooCommerce WordPress Theme	pressmart
Uncode	uncode

Do Not Sell or Share My Personal Information

This form enables you to request that we stop selling or sharing your personal information with third parties. "Selling" includes exchanging your information for money or other benefits, while "sharing" refers to providing your data to third parties for targeted advertising purposes. For more information on how we process personal information, please review our Privacy Notice.

When you submit this form, we will:

Immediately disable retargeting and remarketing cookies on your current browser/device

Browser/Device Specific: This opt-out applies to the specific browser from which you submit the request. To opt out on additional devices or browsers, you will need to submit separate requests.

Cookie Management: You may also manage cookies directly through your browser settings, or on our Cookie Control form.

Questions?

Contact our Privacy Team at:

Email: privacy@defiant.com
Mail: Defiant Inc. Attn: Privacy Issues, 1700 Westlake Ave N Ste 200, Seattle, WA 98109

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 17, 2025 to February 23, 2025)

New Firewall Rules Deployed Last Week

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details