Wordfence: protege tu WordPress con las últimas vulnerabilidades detectadas.
Este es un resumen del artículo. Si necesitas contexto adicional, aquí tienes el enlace original: https://www.wordfence.com/blog/2026/04/wordfence-intelligence-weekly-wordpress-vulnerability-report-april-6-2026-to-april-12-2026/
Last week, there were 153 vulnerabilities disclosed in 117 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 74 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 33,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 137 |
| Unpatched | 16 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 89 |
| High Severity | 54 |
| Critical Severity | 10 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 44 |
| Missing Authorization | 26 |
| Deserialization of Untrusted Data | 17 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 14 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 11 |
| Cross-Site Request Forgery (CSRF) | 9 |
| Authorization Bypass Through User-Controlled Key | 6 |
| Unrestricted Upload of File with Dangerous Type | 5 |
| Exposure of Sensitive Information to an Unauthorized Actor | 4 |
| Incorrect Privilege Assignment | 4 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 3 |
| Improper Privilege Management | 2 |
| Embedded Malicious Code | 1 |
| External Control of Assumed-Immutable Web Parameter | 1 |
| External Control of File Name or Path | 1 |
| Improper Authentication | 1 |
| Improper Neutralization of Alternate XSS Syntax | 1 |
| Incorrect Authorization | 1 |
| Insufficient Verification of Data Authenticity | 1 |
| Server-Side Request Forgery (SSRF) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 17 | |
| 11 | |
| 8 | |
| 7 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| AddFunc Head & Footer Code | addfunc-head-footer-code |
| Advanced Contact form 7 DB | advanced-cf7-db |
| Advanced Members for ACF | advanced-members |
| AM LottiePlayer | am-lottieplayer |
| Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | simply-schedule-appointments |
| Aruba HiSpeed Cache | aruba-hispeed-cache |
| Attendance Manager | attendance-manager |
| Awesome Support – WordPress HelpDesk & Support Plugin | awesome-support |
| AWP Classifieds | another-wordpress-classifieds-plugin |
| BackupBliss – Backup & Migration with Free Cloud Storage | backup-backup |
| BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | woo-bulk-editor |
| Beaver Builder Page Builder – Drag and Drop Website Builder | beaver-builder-lite-version |
| BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library | blockart-blocks |
| Blocksy Companion Pro | blocksy-companion-pro |
| Blog2Social: Social Media Auto Post & Scheduler | blog2social |
| Booking for Appointments and Events Calendar – Amelia | ameliabooking |
| Bricksforge | bricksforge |
| BuddyPress Groupblog | bp-groupblog |
| Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails | woo-cart-abandonment-recovery |
| Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | charitable |
| Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets | columns-bws |
| Customer Reviews for WooCommerce | customer-reviews-woocommerce |
| Datalogics Ecommerce Delivery – Datalogics | datalogics |
| Download Manager | download-manager |
| Download Monitor | download-monitor |
| DSGVO Google Web Fonts GDPR | dsgvo-google-web-fonts-gdpr |
| Element Pack – Widgets, Templates & Addons for Elementor | bdthemes-element-pack-lite |
| Elementor Website Builder – more than just a page builder | elementor |
| Event Tickets Manager for WooCommerce | event-tickets-manager-for-woocommerce |
| Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | everest-forms |
| Experto Dashboard for WooCommerce | experto-custom-dashboard |
| Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
| GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content | geeky-bot |
| Gerador de Certificados – DevApps | gerador-de-certificados-devapps |
| Gravity Forms | gravityforms |
| Gravity SMTP | gravitysmtp |
| Greenshift – animation and page builder blocks | greenshift-animation-and-page-builder-blocks |
| Hustle – Email Marketing, Lead Generation, Optins, Popups | wordpress-popup |
| iControlWP | worpit-admin-dashboard-plugin |
| IDPay Payment Gateway for Woocommerce | woo-idpay-gateway |
| Inquiry form to posts or pages | inquiry-form-to-posts-or-pages |
| Integrio Core | integrio-core |
| Investi | investi |
| LatePoint – Calendar Booking Plugin for Appointments and Events | latepoint |
| LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | learnpress |
| LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes | lifterlms |
| LightPress Lightbox | wp-jquery-lightbox |
| Link Whisper Free | link-whisper |
| List category posts | list-category-posts |
| LTL Freight Quotes – R+L Carriers Edition | ltl-freight-quotes-rl-edition |
| LTL Freight Quotes – Worldwide Express Edition | ltl-freight-quotes-worldwide-express-edition |
| Magic Conversation For Gravity Forms | magic-conversation-for-gravity-forms |
| MainWP Child Reports | mainwp-child-reports |
| Masteriyo LMS – Online Course Builder for eLearning, LMS & Education | learning-management-system |
| Media Library Assistant | media-library-assistant |
| Mikado Core | mikado-core |
| MStore API – Create Native Android & iOS Apps On The Cloud | mstore-api |
| MultiLoca – WooCommerce Multi Locations Inventory Management | WooCommerce-Multi-Locations-Inventory-Management |
| MW WP Form | mw-wp-form |
| Ninja Forms – File Uploads | ninja-forms-uploads |
| Ocean Extra | ocean-extra |
| Online Scheduling and Appointment Booking System – Bookly | bookly-responsive-appointment-booking-tool |
| Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization | optimole-wp |
| OSM – OpenStreetMap | osm |
| Page Builder: Pagelayer – Drag and Drop website builder | pagelayer |
| pdfl.io | pdfl-io |
| Perfmatters | perfmatters |
| Pinterest Site Verification plugin using Meta Tag | pinterest-site-verification |
| Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | ays-popup-box |
| Post Blocks & Tools | bnm-blocks |
| PowerPress Podcasting plugin by Blubrry | powerpress |
| Prime Slider – Addons for Elementor | bdthemes-prime-slider-lite |
| PrivateContent Free | privatecontent-free |
| Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels | webappick-product-feed-for-woocommerce |
| Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce | woo-product-feed-pro |
| Product Table and List Builder for WooCommerce Lite | wc-product-table-lite |
| ProSolution WP Client | prosolution-wp-client |
| PZ Frontend Manager | pz-frontend-manager |
| Quick Playground | quick-playground |
| Quran Translations | quran-translations-by-edc |
| Riaxe Product Customizer | riaxe-product-customizer |
| Robo Gallery – Photo & Image Slider | robo-gallery |
| Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely | royal-backup-reset |
| Simple Social Media Share Buttons – Social Sharing for Everyone | simple-social-buttons |
| Smart Slider 3 | smart-slider-3 |
| Smart Slider 3 Pro | nextend-smart-slider3-pro |
| Softlab Core | softlab-core |
| Solene Core | solene-core |
| Sports Club Management | sports-club-management |
| SQL Chart Builder | sql-chart-builder |
| Strong Testimonials | strong-testimonials |
| TableOn – WordPress Posts Table Filterable | posts-table-filterable |
| The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | the-plus-addons-for-elementor-page-builder |
| TheGov Core | thegov-core |
| Timetics – Appointment Booking & Scheduling | timetics |
| Tutor LMS – eLearning and online course solution | tutor |
| Ultimate FAQ Accordion Plugin | ultimate-faqs |
| Under Construction, Coming Soon & Maintenance Mode | under-construction-maintenance-mode |
| User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | user-registration |
| Users manager – PN | userspn |
| UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | userswp |
| Vertex Addons for Elementor | addons-for-elementor-builder |
| Wavr | wavr |
| WCAPF – Ajax Product Filter for WooCommerce | wc-ajax-product-filter |
| Webling | webling |
| Whole Enquiry Cart for WooCommerce | whole-cart-enquiry |
| WowPress | wowpress |
| WP BASE Booking of Appointments, Services and Events | wp-base-booking-of-appointments-services-and-events |
| WP Blockade – Visual Page Builder | wp-blockade |
| WP Directory Kit | wpdirectorykit |
| WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters | wp-google-map-plugin |
| WP Visitor Statistics (Real Time Traffic) | wp-stats-manager |
| WP-BusinessDirectory – Business directory plugin for WordPress | wp-businessdirectory |
| WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance | wp-optimize |
| WPAMS – Apartment Management System for wordpress | apartment-management |
| wpForo Forum | wpforo |
| Ziggeo | ziggeo |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Alloggio – Hotel Booking WordPress Theme | alloggio |
| Aperitif – Wine Shop and Liquor Store WordPress Theme | aperitif |
| Askka – Candle Shop WordPress Theme | askka |
| blueprint | blueprint |
| Fidalgo – Restaurant WordPress Theme | fidalgo |
| Getaway – Travel & Tourism WordPress Theme | getaway |
| Hiroshi – Architecture and Interior Design WordPress Theme | hiroshi |
| Hitek – Electronics WooCommerce Theme | xts-hitek |
| Konsept – Furniture Store WordPress Theme | konsept |
| Malmö – A Charming Multi-concept WordPress Theme | malmo |
| Micdrop – Music WordPress Theme | micdrop |
| Mildhill – Organic and Food Store WordPress Theme | mildhill |
| Mr. SEO – Social Media Marketing Agency WordPress Theme | mrseo |
| NeoBeat – Music WordPress Theme | neobeat |
| Playroom – Kids & Kindergarten WordPress Theme | playroom |
| Santé – Organic Shop WordPress Theme | sante |
| SingleMalt – Drink Store WordPress Theme | singlemalt |
| Solene – Wedding Photography WordPress Theme | solene |
| Töbel – Modern Furniture Store WordPress Theme | tobel |
| Uppercase – WordPress Blog Theme with Dark Mode | uppercase |
| Valiance – Business Consulting WordPress Theme | valiance |
| WaveRide – Surfing and Water Sports WordPress Theme | waveride |
| Zermatt – Agency WordPress Theme | zermatt |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software
Datalogics Ecommerce Delivery – Datalogics [datalogics]
Researcher
DSGVO Google Web Fonts GDPR <= 1.1 – Unauthenticated Arbitrary File Upload via 'fonturl' Parameter
9.8
Affected Software
DSGVO Google Web Fonts GDPR [dsgvo-google-web-fonts-gdpr]
Researcher
Affected Software
Researcher
Affected Software
iControlWP [worpit-admin-dashboard-plugin]
Researcher
Affected Software
Ninja Forms – File Uploads [ninja-forms-uploads]
Researcher
ProSolution WP Client <= 1.9.9 – Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess
9.8
Affected Software
ProSolution WP Client [prosolution-wp-client]
Researcher
Affected Software
Quick Playground [quick-playground]
Affected Software
Users manager – PN [userspn]
Researcher
WP BASE Booking of Appointments, Services and Events <= 5.9.0 – Unauthenticated Privilege Escalation
9.8
Affected Software
WP BASE Booking of Appointments, Services and Events [wp-base-booking-of-appointments-services-and-events]
Researcher
Affected Software
Advanced Members for ACF [advanced-members]
Researcher
Affected Software
Booking for Appointments and Events Calendar – Amelia [ameliabooking]
Researcher
Affected Software
BuddyPress Groupblog [bp-groupblog]
Researcher
Affected Software
MultiLoca – WooCommerce Multi Locations Inventory Management [WooCommerce-Multi-Locations-Inventory-Management]
Researcher
Affected Software
Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce [woo-product-feed-pro]
Researcher
Affected Software
Vertex Addons for Elementor [addons-for-elementor-builder]
Researcher
Affected Software
WP-BusinessDirectory – Business directory plugin for WordPress [wp-businessdirectory]
Researcher
Affected Software
Alloggio – Hotel Booking WordPress Theme [alloggio]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
blueprint [blueprint]
Researcher
Affected Software
Fidalgo – Restaurant WordPress Theme [fidalgo]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Hitek – Electronics WooCommerce Theme [xts-hitek]
Researcher
Affected Software
Integrio Core [integrio-core]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Micdrop – Music WordPress Theme [micdrop]
Researcher
Affected Software
Mikado Core [mikado-core]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
MW WP Form [mw-wp-form]
Researcher
Affected Software
NeoBeat – Music WordPress Theme [neobeat]
Researcher
Perfmatters <= 2.5.9 – Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter
8.1
Affected Software
Perfmatters [perfmatters]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
SingleMalt – Drink Store WordPress Theme [singlemalt]
Researcher
Affected Software
Softlab Core [softlab-core]
Researcher
Affected Software
Researcher
Affected Software
Solene Core [solene-core]
Researcher
Affected Software
TheGov Core [thegov-core]
Researcher
Affected Software
Researcher
Affected Software
Uppercase – WordPress Blog Theme with Dark Mode [uppercase]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Zermatt – Agency WordPress Theme [zermatt]
Researcher
Affected Software
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin [simply-schedule-appointments]
Researcher
Affected Software
AWP Classifieds [another-wordpress-classifieds-plugin]
Researcher
Affected Software
Blocksy Companion Pro [blocksy-companion-pro]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
SQL Chart Builder [sql-chart-builder]
Researcher
Affected Software
Researcher
Affected Software
WCAPF – Ajax Product Filter for WooCommerce [wc-ajax-product-filter]
Researcher
Affected Software
WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters [wp-google-map-plugin]
Researcher
Affected Software
Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails [woo-cart-abandonment-recovery]
Researcher
Gerador de Certificados – DevApps <= 1.3.6 – Authenticated (Administrator+) Arbitrary File Upload
7.2
Affected Software
Gerador de Certificados – DevApps [gerador-de-certificados-devapps]
Researcher
Affected Software
Researcher
Affected Software
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups [ays-popup-box]
Researcher
Affected Software
Product Table and List Builder for WooCommerce Lite [wc-product-table-lite]
Researcher
Affected Software
Gravity SMTP [gravitysmtp]
Researcher
Affected Software
wpForo Forum [wpforo]
Researcher
Affected Software
Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels [webappick-product-feed-for-woocommerce]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Media Library Assistant [media-library-assistant]
Researcher
Affected Software
Affected Software
WP Blockade – Visual Page Builder [wp-blockade]
Researcher
Affected Software
AddFunc Head & Footer Code [addfunc-head-footer-code]
Researcher
Affected Software
Beaver Builder Page Builder – Drag and Drop Website Builder [beaver-builder-lite-version]
Affected Software
Affected Software
PowerPress Podcasting plugin by Blubrry [powerpress]
Researcher
Affected Software
Researcher
Affected Software
Download Manager [download-manager]
Researcher
Affected Software
Element Pack – Widgets, Templates & Addons for Elementor [bdthemes-element-pack-lite]
Researcher
Affected Software
Researcher
Affected Software
Greenshift – animation and page builder blocks [greenshift-animation-and-page-builder-blocks]
Researcher
Affected Software
Investi [investi]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
LightPress Lightbox [wp-jquery-lightbox]
Researcher
Affected Software
List category posts [list-category-posts]
Affected Software
Magic Conversation For Gravity Forms [magic-conversation-for-gravity-forms]
Researcher
Affected Software
Media Library Assistant [media-library-assistant]
Researcher
Affected Software
OSM – OpenStreetMap [osm]
Researcher
Affected Software
Researcher
Affected Software
Pinterest Site Verification plugin using Meta Tag [pinterest-site-verification]
Researcher
Affected Software
Post Blocks & Tools [bnm-blocks]
Researcher
Affected Software
Prime Slider – Addons for Elementor [bdthemes-prime-slider-lite]
Affected Software
PrivateContent Free [privatecontent-free]
Researcher
Affected Software
Robo Gallery – Photo & Image Slider [robo-gallery]
Researcher
Affected Software
Sports Club Management [sports-club-management]
Researcher
Affected Software
Strong Testimonials [strong-testimonials]
Affected Software
TableOn – WordPress Posts Table Filterable [posts-table-filterable]
Researcher
Affected Software
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce [the-plus-addons-for-elementor-page-builder]
Researcher
Affected Software
Ultimate FAQ Accordion Plugin [ultimate-faqs]
Affected Software
Researcher
Wavr <= 0.2.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
6.4
Webling <= 3.9.0 – Authenticated (Subscriber+) Stored Cross-Site Scripting via 'title' Parameter
6.4
Affected Software
Webling [webling]
Researcher
Affected Software
WP Visitor Statistics (Real Time Traffic) [wp-stats-manager]
Researcher
Affected Software
Gravity Forms [gravityforms]
Researcher
Affected Software
Researchers
Affected Software
Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely [royal-backup-reset]
Researcher
Affected Software
Advanced Contact form 7 DB [advanced-cf7-db]
Researcher
Affected Software
AM LottiePlayer [am-lottieplayer]
Researcher
Attendance Manager <= 0.6.2 – Authenticated (Subscriber+) SQL Injection via 'attmgr_off' Parameter
5.4
Affected Software
Attendance Manager [attendance-manager]
Researcher
Affected Software
Download Monitor [download-monitor]
Researcher
Affected Software
Smart Slider 3 [smart-slider-3]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Ziggeo [ziggeo]
Researcher
Affected Software
Awesome Support – WordPress HelpDesk & Support Plugin [awesome-support]
Researcher
Affected Software
BackupBliss – Backup & Migration with Free Cloud Storage [backup-backup]
Researcher
Affected Software
BackupBliss – Backup & Migration with Free Cloud Storage [backup-backup]
Researcher
Affected Software
Bricksforge [bricksforge]
Researcher
Affected Software
Researcher
Affected Software
Customer Reviews for WooCommerce [customer-reviews-woocommerce]
Researcher
Affected Software
Event Tickets Manager for WooCommerce [event-tickets-manager-for-woocommerce]
Researcher
Affected Software
Hustle – Email Marketing, Lead Generation, Optins, Popups [wordpress-popup]
Researcher
Affected Software
IDPay Payment Gateway for Woocommerce [woo-idpay-gateway]
Researcher
Affected Software
Link Whisper Free [link-whisper]
Researcher
Affected Software
LTL Freight Quotes – R+L Carriers Edition [ltl-freight-quotes-rl-edition]
Researcher
Affected Software
LTL Freight Quotes – Worldwide Express Edition [ltl-freight-quotes-worldwide-express-edition]
Researcher
Affected Software
MainWP Child Reports [mainwp-child-reports]
Researcher
Affected Software
Masteriyo LMS – Online Course Builder for eLearning, LMS & Education [learning-management-system]
Researcher
Affected Software
Masteriyo LMS – Online Course Builder for eLearning, LMS & Education [learning-management-system]
Researcher
Affected Software
Online Scheduling and Appointment Booking System – Bookly [bookly-responsive-appointment-booking-tool]
Researcher
Affected Software
PZ Frontend Manager [pz-frontend-manager]
Researcher
Affected Software
Riaxe Product Customizer [riaxe-product-customizer]
Researcher
Affected Software
Timetics – Appointment Booking & Scheduling [timetics]
Researcher
Affected Software
WP Directory Kit [wpdirectorykit]
Researcher
UsersWP <= 1.2.58 – Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter
5.0
Affected Software
Researcher
Affected Software
Gravity Forms [gravityforms]
Researcher
Affected Software
Experto Dashboard for WooCommerce [experto-custom-dashboard]
Researcher
Affected Software
Inquiry form to posts or pages [inquiry-form-to-posts-or-pages]
Researcher
Affected Software
Whole Enquiry Cart for WooCommerce [whole-cart-enquiry]
Researcher
Affected Software
Advanced Contact form 7 DB [advanced-cf7-db]
Researcher
Affected Software
Aruba HiSpeed Cache [aruba-hispeed-cache]
Researcher
Affected Software
Researcher
Affected Software
Blog2Social: Social Media Auto Post & Scheduler [blog2social]
Researcher
Affected Software
Download Manager [download-manager]
Researcher
Affected Software
Researcher
Affected Software
Ocean Extra [ocean-extra]
Researcher
Affected Software
Quran Translations [quran-translations-by-edc]
Researcher
Affected Software
Simple Social Media Share Buttons – Social Sharing for Everyone [simple-social-buttons]
Researcher
Affected Software
Researcher
Affected Software
Under Construction, Coming Soon & Maintenance Mode [under-construction-maintenance-mode]
Researcher
Affected Software
Researcher
Affected Software
WPAMS – Apartment Management System for wordpress [apartment-management]
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026) appeared first on Wordfence.
Puedes consultar el artículo original aquí: https://www.wordfence.com/blog/2026/04/wordfence-intelligence-weekly-wordpress-vulnerability-report-april-6-2026-to-april-12-2026/