Wordfence Intelligence Weekly WordPress Vulnerability Report (December 1, 2025 to December 7, 2025)

Patch Status	Number of Vulnerabilities
Patched	123
Unpatched	69

Severity Rating	Number of Vulnerabilities
Medium Severity	160
High Severity	22
Critical Severity	10

Vulnerability Type by CWE	Number of Vulnerabilities
Missing Authorization	56
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	53
Cross-Site Request Forgery (CSRF)	30
Exposure of Sensitive Information to an Unauthorized Actor	14
Unrestricted Upload of File with Dangerous Type	11
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	8
Authorization Bypass Through User-Controlled Key	6
Improper Authorization	2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	2
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	2
Improper Privilege Management	2
External Control of File Name or Path	1
Improper Authentication	1
Improper Control of Generation of Code ('Code Injection')	1
Incorrect Implementation of Authentication Algorithm	1
Incorrect Privilege Assignment	1
Server-Side Request Forgery (SSRF)	1

Researcher Name	Number of Vulnerabilities
Legion Hunter	18
Nabil Irawan	16
Athiwat Tiprasaharn (Jitlada)	14
Abdulsamad Yusuf (0xVenus)	9
Muhammad Yudha - DJ	9
type5afe	6
daroo	6
Ryan Kozak	6
kr0d	5
Md. Moniruzzaman Prodhan (NomanProdhan)	5
Abu Hurayra (HurayraIIT)	5
Muhammad Nur Ibnu Hubab	4
Jonas Benjamin Friedli	4
Ananda Dhakal	4
Rafshanzani Suhada	4
Mdr	4
Kishan Vyas	3
Ivan Cese	3
shark3y	3
Itthidej Aramsri (Boeing777)	3
dayea song	3
zaim	3
Rooting	3
Gilang - DJ	3
Certus Cybersecurity	2
benzdeus	2
Peter Thaleikis	2
NumeX	2
Phat RiO	2
lucky_buddy	2
YC_Infosec	2
Deadbee	2
mikemyers	2
Dmitrii Ignatyev	2
Doan Dinh Van	2
João Pedro Soares de Alcântara	2
ChamlaVic	2
Peerapat Samatathanyakorn	2
theviper17y	2
Doan Dinh Van (DinhVan52)	1
ISMAILSHADOW	1
Moose Love	1
Kai Aizen	1
Denver Jackson	1
0xQRx	1
Aurélien BOURDOIS (Elymaro)	1
Adrian Lukita	1
Powpy	1
Waris Damkham	1
zhenhua fan	1
Nicolai Hellesnes (nico_)	1
mahdi salhi (CaptinSharky01)	1
Farhan Dio Arrafiq	1
Marcin Dudek (dudekmar)	1
シルAsuna	1
tmrswrr	1
Sarawut Poolkhet (MisterHelloz)	1
Kévin Mosbahi (Mika)	1
Drew Webber (mcdruid)	1
Jarno Vos (jarnovos)	1

Software Name	Software Slug
10Web Booster – Website speed optimization, Cache & Page Speed optimizer	tenweb-speed-optimizer
Accessiy by CodeConfig – Accessibility Widgets for ADA, EAA & WCAG Compliance	codeconfig-accessibility
Actionwear products sync	actionwear-products-sync
Add Custom Codes – Insert Header, Footer, Custom PHP Snippets, CSS, Javascript	add-custom-codes
Advanced Custom Fields: Extended	acf-extended
Advanced FAQ Manager	advanced-faq-manager
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic	all-in-one-seo-pack
All-in-One Video Gallery	all-in-one-video-gallery
Application Passwords	application-passwords
Arconix Shortcodes	arconix-shortcodes
ARK Related Posts	ark-relatedpost
Auto Alt Text	auto-alt-text
Auto Thumbnailer	auto-thumbnailer
Autoptimize	autoptimize
Backup, Restore and Migrate your sites with XCloner	xcloner-backup-and-restore
Beaver Builder Page Builder – Drag and Drop Website Builder	beaver-builder-lite-version
BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library	blockart-blocks
Booking Calendar	booking
Bread & Butter: AI Lead Intelligence Engine	bread-butter
Business Directory Plugin – Easy Listing Directories for WordPress	business-directory-plugin
Canadian Nutrition Facts Label	canadian-nutrition-facts-label
Chartify – WordPress Chart Plugin	chart-builder
Clik stats	clikstats
Constant Contact + WooCommerce	constant-contact-woocommerce
Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress	contact-form-plugin
Contact Form Email	contact-form-to-email
ContentStudio	contentstudio
Cool Tag Cloud	cool-tag-cloud
CoSign Single Signon	cosign-sso
Cost Calculator Builder	cost-calculator-builder
CRM Memberships	crm-memberships
CryptX	cryptx
CSS3 Buttons	css3-buttons
CSSIgniter Shortcodes	cssigniter-shortcodes
CSV Sumotto	csv-sumotto
Custom Layouts – Post + Product grids made easy	custom-layouts
Custom Post Type UI	custom-post-type-ui
Custom Sidebars by ProteusThemes	custom-sidebars-by-proteusthemes
Cute News Ticker	cute-news-ticker
Demo Importer Plus	demo-importer-plus
DesignThemes LMS	designthemes-lms
dream gallery	dream-gallery
Easy Jump Links Menus	easy-jump-links-menus
ELEX WordPress HelpDesk & Customer Ticketing System	elex-helpdesk-customer-support-ticket-system
Envo Extra	envo-extra
EPROLO-Dropshipping	eprolo-dropshipping
Ergonet Cache	ergonet-varnish-cache
ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support	erp
Event Booking Manager for WooCommerce	mage-eventpress
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin	everest-backup
Export All Posts, Products, Orders, Refunds & Users	wp-ultimate-exporter
Extra Post Images	extra-post-images
Featured Image via URL	featured-image-via-url
Feedback Modal for Website	feedback-modal-for-website
Feeds for TikTok – Display Video Feeds in Grid Layouts	b-tiktok-feed
FitVids for WordPress	fitvids-for-wordpress
Flex QR Code Generator	flex-qr-code-generator
Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution	fluent-booking
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	fluentform
FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler	fluent-cart
Formstack Online Forms	formstack
Frontend Admin by DynamiApps	acf-frontend-form-element
FunnelKit – Funnel Builder for WooCommerce Checkout	funnel-builder
g-FFL Cockpit	g-ffl-cockpit
Generic Elements	generic-elements-for-elementor
Get Cash	get-cash
Gravitec.net – Web Push Notifications	gravitec-net-web-push-notifications
Gravity Forms	gravityforms
GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync)	gsheetconnector-wpforms
Gutenverse News – News Blocks for Blog & Magazine Sites	gutenverse-news
Happy Addons for Elementor	happy-elementor-addons
Hide Categories Or Products On Shop Page	hide-categories-or-products-on-shop-page
HUSKY – Products Filter Professional for WooCommerce	woocommerce-products-filter
Hype	pico
Image Cleanup	image-cleanup
Image Optimizer by wps.sk	image-optimizer-wpssk
Jabbernotification	jabberbenachrichtigung
JNews Gallery	jnews-gallery
JNews Paywall	jnews-paywall
Kadence WooCommerce Email Designer	kadence-woocommerce-email-designer
Link Whisper Free	link-whisper
List Attachments Shortcode	list-attachments-shortcode
Listar – Directory Listing & Classifieds WordPress Plugin	listar-directory-listing
Live CSS Preview	live-css-preview
Live Sales Notification for Woocommerce – Woomotiv	woomotiv
Make Section & Column Clickable For Elementor	make-section-column-clickable-elementor
Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits	master-addons
Media Library Downloader	media-library-downloader
Modula Image Gallery – Photo Grid & Video Gallery	modula-best-grid-gallery
MultiParcels Shipping For WooCommerce	multiparcels-shipping-for-woocommerce
MxChat – AI Chatbot & Content Generation for WordPress	mxchat-basic
My auctions allegro	my-auctions-allegro-free-edition
My Tickets – Accessible Event Ticketing	my-tickets
myLCO	mylco
Nexter Extension – Security, Performance, Code Snippets & Site Toolkit	nexter-extension
Norby AI	norby-ai
Nouri.sh Newsletter	newsletters-from-rss-to-email-newsletters-using-nourish
Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto	codistoconnect
Omnipress	omnipress
Order Delivery Date for WooCommerce	order-delivery-date-for-woocommerce
Payaza	payaza
Paysera Payment Gateway for WooCommerce	woo-payment-gateway-paysera
PDF Catalog for WooCommerce	pdf-catalog-for-woocommerce
PDF Invoices & Packing Slips for WooCommerce	woocommerce-pdf-invoices-packing-slips
PDF Thumbnail Generator	pdf-thumbnail-generator
Photo Gallery by Ays – Responsive Image Gallery	gallery-photo-gallery
Plug your WooCommerce into the largest catalog of customized print products from Helloprint	helloprint
Portfolio and Projects	portfolio-and-projects
Post Cloner	post-cloner
Post Grid	post-grid
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App	post-smtp
PostGallery	postgallery
Premium Addons for Elementor – Powerful Elementor Templates & Widgets	premium-addons-for-elementor
Projectopia – Project Management Tool	projectopia-core
Quantic Social Image Hover	tw-image-hover-share
Quiz Maker by AYS	quiz-maker
reHub Framework	rehub-framework
RevInsite	revinsite
Rich Showcase for Google Reviews	widget-google-reviews
Salon Booking System – Free Version	salon-booking-system
Search, Filters & Merchandising for WooCommerce	instantsearch-for-woocommerce
SendPulse Email Marketing Newsletter	sendpulse-email-marketing-newsletter
Sermon Manager	sermon-manager-for-wordpress
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution	shopengine
SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery	sms-alert
SMTP Mail	smtp-mail
Social Feed Gallery Portfolio	social-feed-gallery-portfolio
SSP Debug	ssp-debugging
Starter Templates – AI-Powered Templates for Elementor & Gutenberg	astra-sites
SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers	suremails
SurveyFunnel – Survey Plugin for WordPress	surveyfunnel-lite
SurveyJS: Drag & Drop Form Builder	surveyjs
SV100 Companion	sv100-companion
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent	tablesome
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms	simple-tags
Takeads	monetize-link
Thai Lottery Widget	thai-lottery-widget
Thank You Page Customizer for WooCommerce – Increase Your Sales	woo-thank-you-page-customizer
The7 Elements	dt-the7-core
Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor	thim-elementor-kit
Time Sheets	time-sheets
Torod – The smart shipping and delivery portal for e-shops and retailers	torod
TR Timthumb	tr-timthumb
Trail Manager	trail-manager
Twitscription	twitscription
Ultra Skype Button	ultra-skype-button
User Generator and Importer	user-importer-and-generator
User Spam Remover	user-spam-remover
User Verification by PickPlugins	user-verification
VikRentCar Car Rental Management System	vikrentcar
Visualizer – Tables & Charts Manager with Built-in AI Generator	visualizer
Voidek Employee Portal	voidek-employee-portal
WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors	wc-vendors
Webcake – Landing Page Builder	webcake
WebP Express	webp-express
weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot	wedocs
Weekly Planner	weekly-planner
Widgets for Google Reviews	wp-reviews-plugin-for-google
WP AI CoPilot – AI content writer plugin, ChatGPT WordPress, GPT-3/4 , Ai assistance	ai-co-pilot-for-wp
WP Directory Kit	wpdirectorykit
WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics	wp-google-analytics-events
WP Landing Page	wp-landing-page
Wp Social Login and Register Social Counter	wp-social
WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets	wp-social-reviews
WP Ultimate Review	wp-ultimate-review
WP-SOS-Donate Donation Sidebar Plugin	wp-sos-donate
WPKoi Templates for Elementor	wpkoi-templates-for-elementor
WPS Bidouille	wps-bidouille
WPZOOM Addons for Elementor – Starter Templates & Widgets	wpzoom-elementor-addons
Xagio SEO – AI Powered SEO	xagio-seo
Xpro Addons — 140+ Widgets for Elementor	xpro-elementor-addons
Yandex.Metrica	wp-yandex-metrika
Yet Another WebClap for WordPress	yet-another-webclap-for-wordpress
Zigaform – Price Calculator & Cost Estimation Form Builder Lite	zigaform-calculator-cost-estimation-form-builder-lite

Software Name	Software Slug
AdForest	adforest
REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme	rehub-theme

Do Not Sell or Share My Personal Information

This form enables you to request that we stop selling or sharing your personal information with third parties. "Selling" includes exchanging your information for money or other benefits, while "sharing" refers to providing your data to third parties for targeted advertising purposes. For more information on how we process personal information, please review our Privacy Notice.

When you submit this form, we will:

Immediately disable retargeting and remarketing cookies on your current browser/device

Browser/Device Specific: This opt-out applies to the specific browser from which you submit the request. To opt out on additional devices or browsers, you will need to submit separate requests.

Cookie Management: You may also manage cookies directly through your browser settings, or on our Cookie Control form.

Questions?

Contact our Privacy Team at:

Email: privacy@defiant.com
Mail: Defiant Inc. Attn: Privacy Issues, 1700 Westlake Ave N Ste 200, Seattle, WA 98109

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 1, 2025 to December 7, 2025)

New Firewall Rules Deployed Last Week

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details