Wordfence: Anticípate a las amenazas con nuestro informe semanal de vulnerabilidades.
Este es un resumen del artículo. Si necesitas contexto adicional, aquí tienes el enlace original: https://www.wordfence.com/blog/2026/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-february-16-2026-to-february-22-2026/
Triple Threat Bug Bounty Challenge
Hunt High Threat vulnerabilities and earn triple the incentives!
Now through April 6, 2026, earn three stacked bonuses on all valid submissions from our ‘High Threat Vulnerabilities’ list:
2x all high threat vulnerability bounties (excluding 5,000,000+ installs)
- +30% bonus for high threat vulnerabilities in software with 30,000+ active installs (excluding 5,000,000+ installs)
- $300 extra for every 3 High Threat vulnerabilities submitted (minimum of 1,000 installs)
2x all high threat vulnerability bounties (excluding 5,000,000+ installs)
+30% bonus for high threat vulnerabilities in software with 30,000+ active installs (excluding 5,000,000+ installs)
$300 extra for every 3 High Threat vulnerabilities submitted (minimum of 1,000 installs)
Use the Bounty Estimator to see what rewards are possible through the promotion.
Submit through our Bug Bounty Program today to maximize your impact and your payout.
Last week, there were 195 vulnerabilities disclosed in 140 WordPress Plugins and 34 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 91 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 33,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
-
-
- WAF-RULE-895 – Data redacted while we work with the vendor on a patch.
-
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 139 |
| Unpatched | 56 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 4 |
| Medium Severity | 127 |
| High Severity | 55 |
| Critical Severity | 9 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Missing Authorization | 50 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 48 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 23 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 11 |
| Cross-Site Request Forgery (CSRF) | 9 |
| Deserialization of Untrusted Data | 7 |
| Improper Privilege Management | 7 |
| Authorization Bypass Through User-Controlled Key | 5 |
| Exposure of Sensitive Information to an Unauthorized Actor | 5 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 4 |
| Unrestricted Upload of File with Dangerous Type | 4 |
| Server-Side Request Forgery (SSRF) | 3 |
| Improper Access Control | 2 |
| Incorrect Authorization | 2 |
| Insufficient Verification of Data Authenticity | 2 |
| URL Redirection to Untrusted Site ('Open Redirect') | 2 |
| Access of Resource Using Incompatible Type ('Type Confusion') | 1 |
| External Control of System or Configuration Setting | 1 |
| Improper Authorization | 1 |
| Improper Control of Generation of Code ('Code Injection') | 1 |
| Improper Handling of Missing Values | 1 |
| Improper Input Validation | 1 |
| Improper Neutralization of CRLF Sequences ('CRLF Injection') | 1 |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 1 |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 1 |
| Missing Authentication for Critical Function | 1 |
| Use of Predictable Algorithm in Random Number Generator | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 23 | |
| 14 | |
| 11 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Academy LMS – WordPress LMS Plugin for Complete eLearning Solution | academy |
| ACF Photo Gallery Field | navz-photo-gallery |
| Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager | ap-plugin-scripteo |
| Advance Block Extend | advance-block-extend |
| Advanced Ads – Ad Manager & AdSense | advanced-ads |
| Advanced AJAX Product Filters | woocommerce-ajax-filters |
| Advanced Custom Fields: Font Awesome Field | advanced-custom-fields-font-awesome |
| Album and Image Gallery Plus Lightbox | album-and-image-gallery-plus-lightbox |
| Ally – Web Accessibility & Usability | pojo-accessibility |
| Apollo13 Framework Extensions | apollo13-framework-extensions |
| Applay – Shortcodes | applay-shortcodes |
| Aruba HiSpeed Cache | aruba-hispeed-cache |
| BackWPup – WordPress Backup & Restore Plugin | backwpup |
| Banner Management, Product Slider, Product Carousel for WooCommerce | banner-management-for-woocommerce |
| Blog2Social: Social Media Auto Post & Scheduler | blog2social |
| Booking Calendar | booking |
| Bookster – WordPress Appointment Booking Plugin | bookster |
| Breadcrumb NavXT | breadcrumb-navxt |
| Breeze Cache | breeze |
| Brevo – Email, SMS, Web Push, Chat, and more. | mailin |
| Business Directory Plugin – Easy Listing Directories for WordPress | business-directory-plugin |
| Calculated Fields Form | calculated-fields-form |
| Cart All In One For WooCommerce | woo-cart-all-in-one |
| Checkout Field Manager (Checkout Manager) for WooCommerce | woocommerce-checkout-manager |
| Clasifico Listing | clasifico-listing |
| Client Testimonial Slider | wp-client-testimonial |
| Community Events | community-events |
| Complianz – GDPR/CCPA Cookie Consent | complianz-gdpr |
| Cookie Banner for GDPR / CCPA – WPLP Cookie Consent | gdpr-cookie-consent |
| Country Blocker for AdSense | country-blocker-for-adsense |
| Dam Spam | dam-spam |
| Dealia – Request a quote | dealia-request-a-quote |
| Display During Conditional Shortcode | display-during-conditional-shortcode |
| Download Manager | download-manager |
| Easy Author Image | easy-author-image |
| Easy SVG Support | easy-svg |
| Easy Table of Contents | easy-table-of-contents |
| EmailKit – Email Customizer for WooCommerce & WP | emailkit |
| Event Booking Manager for WooCommerce | mage-eventpress |
| EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
| Filestack | filepicker-media-uploader |
| Forminator Forms – Contact Form, Payment Form & Custom Form Builder | forminator |
| Frontend File Manager Plugin | nmedia-user-file-uploader |
| Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | frontend-post-submission-manager-lite |
| Frontend User Notes | frontend-user-notes |
| Groups | groups |
| IDonate – Blood Donation, Request And Donor Management System | idonate |
| Image Hotspot by DevVN | devvn-image-hotspot |
| Image Optimizer – Optimize Images and Convert to WebP or AVIF | image-optimization |
| Image Photo Gallery Final Tiles Grid | final-tiles-grid-gallery-lite |
| InteractiveCalculator for WordPress | interactivecalculator |
| iXML – Google XML sitemap generator | ixml |
| Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation | zero-bs-crm |
| Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | kadence-blocks |
| Kali Forms — Contact Form & Drag-and-Drop Builder | kali-forms |
| Keybase.io Verification | wp-keybase-verification |
| Library Management System | library-management-system |
| Link Whisper Free | link-whisper |
| Lizza LMS Pro | lizza-lms-pro |
| Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more | mail-mint |
| Mailchimp List Subscribe Form | mailchimp |
| Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations | master-addons |
| Membership Plugin – Restrict Content | restrict-content |
| Mesmerize Companion | mesmerize-companion |
| MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar | mp3-music-player-by-sonaar |
| Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization | nelio-ab-testing |
| News Element Elementor Blog Magazine | news-element |
| OneClick Chat to Order | oneclick-whatsapp-order |
| Open User Map | open-user-map |
| Order Splitter for WooCommerce | woo-order-splitter |
| Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin | orderable |
| Page Title, Description & Open Graph Updater | page-title-description-open-graph-updater |
| PDF Invoices & Packing Slips for WooCommerce | woocommerce-pdf-invoices-packing-slips |
| Popup Box – Easily Create WordPress Popups | popup-box |
| Popup Builder – Create highly converting, mobile friendly marketing popups. | popup-builder |
| PostmarkApp Email Integrator | postmarkapp-email-integrator |
| Printful Integration for WooCommerce | printful-shipping-for-woocommerce |
| Private Comment | private-comment |
| Prodigy Commerce | prodigy-commerce |
| Product Addons for Woocommerce – Product Options with Custom Fields | woo-custom-product-addons |
| Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels | webappick-product-feed-for-woocommerce |
| Product Table and List Builder for WooCommerce Lite | wc-product-table-lite |
| Quiz Maker | quiz-maker |
| Razorpay for WooCommerce | woo-razorpay |
| RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
| Remove Post Type Slug | remove-post-type-slug |
| Rent Fetch | rentfetch |
| RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | wp-rss-aggregator |
| s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions | s2member |
| salavat counter Plugin | salavat-counter |
| SEO Plugin by Squirrly SEO | squirrly-seo |
| Shield: Blocks Bots, Protects Users, and Prevents Security Breaches | wp-simple-firewall |
| ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | woolentor-addons |
| Simple Ajax Chat – Add a Fast, Secure Chat Box | simple-ajax-chat |
| Simple Membership | simple-membership |
| SiteOrigin Widgets Bundle | so-widgets-bundle |
| Slider Future | slider-future |
| Slidorion | slidorion |
| Smartsupp – live chat, AI shopping assistant and chatbots | smartsupp-live-chat |
| StatCounter – Free Real Time Visitor Stats | official-statcounter-plugin-for-wordpress |
| Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent | tablesome |
| TalkJS | talkjs |
| Taskbuilder – Project Management & Task Management Tool With Kanban Board | taskbuilder |
| Tennis Court Bookings | tennis-court-bookings |
| The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | the-plus-addons-for-elementor-page-builder |
| Tickera – Sell Tickets & Manage Events | tickera-event-ticketing-system |
| Toret Manager | toret-manager |
| Two Factor (2FA) Authentication via Email | two-factor-2fa-via-email |
| Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | ultimate-member |
| URL Shortify – Simple and Easy URL Shortener | url-shortify |
| User Submitted Posts – Enable Users to Submit Posts from the Front End | user-submitted-posts |
| Video Conferencing with Zoom | video-conferencing-with-zoom-api |
| Video Share VOD – Turnkey Video Site Builder Script | video-share-vod |
| Virusdie – One-click website security | virusdie |
| VK All in One Expansion Unit | vk-all-in-one-expansion-unit |
| Web Accessibility by accessiBe | accessibe |
| weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins | wemail |
| Whatsiplus Scheduled Notification for Woocommerce | whatsiplus-scheduled-notification-for-woocommerce |
| Wholesale Lead Capture Plugin for WooCommerce | woocommerce-wholesale-lead-capture |
| Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices | woocommerce-wholesale-prices |
| Wolmart Core | wolmart-core |
| WowRevenue – Product Bundles & Bulk Discounts | revenue |
| WP 404 Auto Redirect to Similar Post | wp-404-auto-redirect-to-similar-post |
| WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel | wp-all-export |
| WP AUDIO GALLERY | wp-audio-gallery |
| WP Compress – Instant Performance & Speed Optimization | wp-compress-image-optimizer |
| WP Customer Reviews | wp-customer-reviews |
| WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar | wp-event-aggregator |
| WP Import – Ultimate CSV XML Importer for WordPress | wp-ultimate-csv-importer |
| WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters | wp-google-map-plugin |
| WP Plugin Info Card | wp-plugin-info-card |
| WP-DownloadManager | wp-downloadmanager |
| WP-Lister Lite for eBay | wp-lister-for-ebay |
| wpForo Forum | wpforo |
| WPNakama – Team and multi-Client Collaboration, Editorial and Project Management | wpnakama |
| xmlrpc attacks blocker | xmlrpc-attacks-blocker |
| XO Event Calendar | xo-event-calendar |
| YaMaps for WordPress Plugin | yamaps |
| YayMail – WooCommerce Email Customizer | yaymail |
| Zarinpal Gateway | zarinpal-woocommerce-payment-gateway |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| A-Mart – Organic Products Store Shopify Theme | a-mart |
| Blabber | Elementor Blog & News Magazine Theme | blabber |
| Buyent | buyent |
| Context Blog | context-blog |
| Coworking – Open Office & Creative Space WordPress Theme | coworking |
| Drift | drift |
| Fooddy 24/7 – Food Delivery Takeout WordPress Theme + Elementor + RTL | fooddy |
| Grand Restaurant WordPress | grandrestaurant |
| Gustavo | Mexican Grill, Bar & Restaurant WordPress Theme | gustavo |
| Impacto Patronus | Nature Protection, Petitions & Social Activism WordPress Theme + RTL | impacto-patronus |
| Ippsum – Business Consulting WordPress Theme | ippsum |
| Ironfit – Fitness, Gym and Crossfit WordPress Theme | ironfit |
| Isida – Plastic Surgery Clinic Medical WordPress Theme | isida |
| Jude | Nail Bar & Beauty Salon WordPress Theme | jude |
| Marveland – Theme Park & Festival WordPress Theme | marveland |
| Mega Store Woocommerce | mega-store-woocommerce |
| Netmix | Broadband & Telecom Internet Provider WordPress Theme | netmix |
| NewsBlogger | newsblogger |
| Parkivia | Auto Parking & Car Maintenance WordPress Theme | parkivia |
| PawFriends – Pet Shop and Veterinary WordPress Theme | pawfriends |
| Photolia | Photo Company & Supply Store WordPress Theme | photolia |
| redy | redy |
| Renden | renden |
| Rhodos – Business Portfolio Elementor Blocks & Template Kit | rhodos |
| Saveo | In-home Care & Private Nursing Agency WordPress Theme | saveo |
| SevenTrees | Real Estate Property WordPress Theme | seventrees |
| Shopire | shopire |
| Soleng | Solar Energy WordPress Theme | soleng |
| Spa and Salon | spa-and-salon |
| Support for CitiLights – Real Estate WordPress Theme | noo-citilights |
| UnlimHost – Web Hosting & Internet Technology WordPress Theme | unlimhost |
| Valenti | valenti |
| Wiguard – CCTV & Security WordPress Theme for Surveillance Companies | wiguard |
| Zio Alberto – Restaurant – Cafe – Bistro Theme | zioalberto |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software
Clasifico Listing [clasifico-listing]
Researcher
Affected Software
Lizza LMS Pro [lizza-lms-pro]
Researcher
Affected Software
Prodigy Commerce [prodigy-commerce]
Affected Software
Researcher
Affected Software
Slider Future [slider-future]
Researcher
Affected Software
Wholesale Lead Capture Plugin for WooCommerce [woocommerce-wholesale-lead-capture]
Researcher
Affected Software
Wholesale Lead Capture Plugin for WooCommerce [woocommerce-wholesale-lead-capture]
Researcher
Affected Software
YayMail – WooCommerce Email Customizer [yaymail]
Researcher
Affected Software
Advanced AJAX Product Filters [woocommerce-ajax-filters]
Affected Software
Researcher
Affected Software
NewsBlogger [newsblogger]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Toret Manager [toret-manager]
Researcher
Affected Software
Researcher
Affected Software
Researcher
WP AUDIO GALLERY <= 2.0 – Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation
8.8
Affected Software
WP AUDIO GALLERY [wp-audio-gallery]
Researcher
Affected Software
WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters [wp-google-map-plugin]
Researcher
Affected Software
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin [woolentor-addons]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Grand Restaurant WordPress [grandrestaurant]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
PawFriends – Pet Shop and Veterinary WordPress Theme [pawfriends]
Researcher
Affected Software
Researcher
Affected Software
redy [redy]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
SevenTrees | Real Estate Property WordPress Theme [seventrees]
Researcher
Affected Software
Researcher
Affected Software
Researcher
Affected Software
Event Booking Manager for WooCommerce [mage-eventpress]
Researcher
Affected Software
Zio Alberto – Restaurant – Cafe – Bistro Theme [zioalberto]
Researcher
Affected Software
Zarinpal Gateway [zarinpal-woocommerce-payment-gateway]
Researcher
Affected Software
Applay – Shortcodes [applay-shortcodes]
Researcher
Affected Software
Business Directory Plugin – Easy Listing Directories for WordPress [business-directory-plugin]
Researcher
Affected Software
Cookie Banner for GDPR / CCPA – WPLP Cookie Consent [gdpr-cookie-consent]
Researcher
Affected Software
Library Management System [library-management-system]
Affected Software
Product Table and List Builder for WooCommerce Lite [wc-product-table-lite]
Researcher
Affected Software
Valenti [valenti]
Researcher
Affected Software
Wolmart Core [wolmart-core]
Researcher
Woocommerce Category Banner Management <= 2.5.1 – Authenticated (Contributor+) PHP Object Injection
7.5
Affected Software
Banner Management, Product Slider, Product Carousel for WooCommerce [banner-management-for-woocommerce]
Researcher
Affected Software
wpForo Forum [wpforo]
Researcher
Affected Software
Researcher
Affected Software
BackWPup – WordPress Backup & Restore Plugin [backwpup]
Researcher
Affected Software
Cart All In One For WooCommerce [woo-cart-all-in-one]
Researcher
Affected Software
Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels [webappick-product-feed-for-woocommerce]
Researcher
Affected Software
Product Addons for Woocommerce – Product Options with Custom Fields [woo-custom-product-addons]
Researcher
Affected Software
Rent Fetch [rentfetch]
Affected Software
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging [wp-rss-aggregator]
Researcher
Affected Software
Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices [woocommerce-wholesale-prices]
Researcher
Affected Software
WP Customer Reviews [wp-customer-reviews]
Affected Software
Aruba HiSpeed Cache [aruba-hispeed-cache]
Researcher
Affected Software
Blog2Social: Social Media Auto Post & Scheduler [blog2social]
Researcher
Affected Software
Researcher
Affected Software
Open User Map [open-user-map]
Researcher
Affected Software
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches [wp-simple-firewall]
Researcher
Affected Software
Simple Membership [simple-membership]
Researcher
Affected Software
Researcher
Affected Software
Two Factor (2FA) Authentication via Email [two-factor-2fa-via-email]
Researcher
Affected Software
Researcher
Affected Software
WP Import – Ultimate CSV XML Importer for WordPress [wp-ultimate-csv-importer]
Researchers
Affected Software
WP-DownloadManager [wp-downloadmanager]
Researcher
Affected Software
Advance Block Extend [advance-block-extend]
Affected Software
Advanced Custom Fields: Font Awesome Field [advanced-custom-fields-font-awesome]
Researcher
Affected Software
Album and Image Gallery Plus Lightbox [album-and-image-gallery-plus-lightbox]
Researcher
Affected Software
Apollo13 Framework Extensions [apollo13-framework-extensions]
Researcher
Affected Software
Complianz – GDPR/CCPA Cookie Consent [complianz-gdpr]
Researcher
Affected Software
Dealia – Request a quote [dealia-request-a-quote]
Affected Software
Display During Conditional Shortcode [display-during-conditional-shortcode]
Researcher
Affected Software
Drift [drift]
Researcher
Affected Software
Easy Author Image [easy-author-image]
Researcher
Affected Software
Easy Table of Contents [easy-table-of-contents]
Researcher
Affected Software
Filestack [filepicker-media-uploader]
Researcher
Affected Software
Groups [groups]
Researcher
Affected Software
Image Hotspot by DevVN [devvn-image-hotspot]
Researcher
Affected Software
InteractiveCalculator for WordPress [interactivecalculator]
Researcher
Affected Software
Researcher
Affected Software
StatCounter – Free Real Time Visitor Stats [official-statcounter-plugin-for-wordpress]
Researcher
Affected Software
Popup Box – Easily Create WordPress Popups [popup-box]
Researcher
Affected Software
Printful Integration for WooCommerce [printful-shipping-for-woocommerce]
Researcher
Affected Software
Quiz Maker [quiz-maker]
Researcher
Affected Software
Renden [renden]
Researcher
Affected Software
Researcher
Affected Software
Smartsupp – live chat, AI shopping assistant and chatbots [smartsupp-live-chat]
Researcher
Affected Software
URL Shortify – Simple and Easy URL Shortener [url-shortify]
Researcher
Affected Software
VK All in One Expansion Unit [vk-all-in-one-expansion-unit]
Researcher
Affected Software
Researchers
Affected Software
XO Event Calendar [xo-event-calendar]
Researcher
Affected Software
YaMaps for WordPress Plugin [yamaps]
Researcher
Affected Software
Aruba HiSpeed Cache [aruba-hispeed-cache]
Researcher
Affected Software
Download Manager [download-manager]
Researcher
Easy SVG Support <= 4.0 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
6.1
Affected Software
Easy SVG Support [easy-svg]
Researcher
Affected Software
Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin [frontend-post-submission-manager-lite]
Researcher
Affected Software
Researcher
Affected Software
Link Whisper Free [link-whisper]
Researcher
Shield Security <= 21.0.8 – Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter
6.1
Affected Software
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches [wp-simple-firewall]
Researcher
Affected Software
Researcher
xmlrpc attacks blocker <= 1.0 – Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For'
6.1
Affected Software
xmlrpc attacks blocker [xmlrpc-attacks-blocker]
Researcher
Affected Software
News Element Elementor Blog Magazine [news-element]
Researcher
Affected Software
SiteOrigin Widgets Bundle [so-widgets-bundle]
Researcher
Affected Software
Ally – Web Accessibility & Usability [pojo-accessibility]
Researcher
Affected Software
Aruba HiSpeed Cache [aruba-hispeed-cache]
Researcher
Affected Software
Breadcrumb NavXT [breadcrumb-navxt]
Researcher
Affected Software
Breeze Cache [breeze]
Researcher
Affected Software
Business Directory Plugin – Easy Listing Directories for WordPress [business-directory-plugin]
Researcher
Affected Software
Checkout Field Manager (Checkout Manager) for WooCommerce [woocommerce-checkout-manager]
Researcher
Affected Software
Checkout Field Manager (Checkout Manager) for WooCommerce [woocommerce-checkout-manager]
Researcher
Affected Software
Support for CitiLights – Real Estate WordPress Theme [noo-citilights]
Researcher
Affected Software
WP Compress – Instant Performance & Speed Optimization [wp-compress-image-optimizer]
Researcher
Affected Software
Context Blog [context-blog]
Researcher
Affected Software
EventPrime – Events Calendar, Bookings and Tickets [eventprime-event-calendar-management]
Researcher
Affected Software
EventPrime – Events Calendar, Bookings and Tickets [eventprime-event-calendar-management]
Researcher
Affected Software
Frontend File Manager Plugin [nmedia-user-file-uploader]
Researcher
Affected Software
Researcher
Affected Software
Mega Store Woocommerce [mega-store-woocommerce]
Researcher
Affected Software
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar [mp3-music-player-by-sonaar]
Researcher
Affected Software
Researcher
Razorpay for WooCommerce <= 4.7.8 – Missing Authentication to Unauthenticated Order Modification
5.3
Affected Software
Razorpay for WooCommerce [woo-razorpay]
Researcher
Affected Software
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login [custom-registration-form-builder-with-submission-manager]
Researcher
Affected Software
Simple Ajax Chat – Add a Fast, Secure Chat Box [simple-ajax-chat]
Researcher
Affected Software
Spa and Salon [spa-and-salon]
Researcher
Affected Software
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce [the-plus-addons-for-elementor-page-builder]
Researcher
Affected Software
User Submitted Posts – Enable Users to Submit Posts from the Front End [user-submitted-posts]
Researcher
Affected Software
Video Conferencing with Zoom [video-conferencing-with-zoom-api]
Researcher
Affected Software
Web Accessibility by accessiBe [accessibe]
Researcher
Affected Software
WP-Lister Lite for eBay [wp-lister-for-ebay]
Researcher
Affected Software
YayMail – WooCommerce Email Customizer [yaymail]
Researcher
Affected Software
Researcher
Affected Software
Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization [nelio-ab-testing]
Researcher
Affected Software
URL Shortify – Simple and Easy URL Shortener [url-shortify]
Researcher
Affected Software
Client Testimonial Slider [wp-client-testimonial]
Researcher
Affected Software
Community Events [community-events]
Researcher
Affected Software
Researcher
Affected Software
Membership Plugin – Restrict Content [restrict-content]
Researcher
Affected Software
PostmarkApp Email Integrator [postmarkapp-email-integrator]
Researcher
Affected Software
Private Comment [private-comment]
Researcher
Affected Software
salavat counter Plugin [salavat-counter]
Researcher
Affected Software
Tennis Court Bookings [tennis-court-bookings]
Researcher
Affected Software
Video Share VOD – Turnkey Video Site Builder Script [video-share-vod]
Researcher
Affected Software
WP 404 Auto Redirect to Similar Post [wp-404-auto-redirect-to-similar-post]
Researcher
YayMail <= 4.3.2 – Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements
4.4
Affected Software
YayMail – WooCommerce Email Customizer [yaymail]
Researcher
Affected Software
Researcher
Affected Software
ACF Photo Gallery Field [navz-photo-gallery]
Researcher
Affected Software
Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager [ap-plugin-scripteo]
Researcher
Affected Software
Advanced Ads – Ad Manager & AdSense [advanced-ads]
Researcher
Affected Software
Booking Calendar [booking]
Researcher
Affected Software
Calculated Fields Form [calculated-fields-form]
Researcher
Affected Software
Country Blocker for AdSense [country-blocker-for-adsense]
Researcher
Affected Software
Dam Spam [dam-spam]
Researcher
Affected Software
Dealia – Request a quote [dealia-request-a-quote]
Affected Software
Researcher
Affected Software
EventPrime – Events Calendar, Bookings and Tickets [eventprime-event-calendar-management]
Researcher
Affected Software
Frontend User Notes [frontend-user-notes]
Researcher
Affected Software
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor [kadence-blocks]
Researcher
Affected Software
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor [kadence-blocks]
Researcher
Affected Software
Image Optimizer – Optimize Images and Convert to WebP or AVIF [image-optimization]
Researcher
Affected Software
Image Photo Gallery Final Tiles Grid [final-tiles-grid-gallery-lite]
Researcher
Affected Software
Kali Forms — Contact Form & Drag-and-Drop Builder [kali-forms]
Researcher
Affected Software
Keybase.io Verification [wp-keybase-verification]
Researcher
Affected Software
Mailchimp List Subscribe Form [mailchimp]
Researcher
Mesmerize Companion <= 1.6.158 – Missing Authorization Authenticated (Subscriber+) Settings Update
4.3
Affected Software
Mesmerize Companion [mesmerize-companion]
Researcher
Affected Software
Order Splitter for WooCommerce [woo-order-splitter]
Researcher
Affected Software
Page Title, Description & Open Graph Updater [page-title-description-open-graph-updater]
Researcher
Affected Software
PawFriends – Pet Shop and Veterinary WordPress Theme [pawfriends]
Researcher
Affected Software
PDF Invoices & Packing Slips for WooCommerce [woocommerce-pdf-invoices-packing-slips]
Researcher
Affected Software
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login [custom-registration-form-builder-with-submission-manager]
Researcher
Affected Software
Remove Post Type Slug [remove-post-type-slug]
Researcher
Affected Software
SEO Plugin by Squirrly SEO [squirrly-seo]
Researcher
Affected Software
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches [wp-simple-firewall]
Researcher
Affected Software
Researcher
Affected Software
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce [the-plus-addons-for-elementor-page-builder]
Researcher
Affected Software
Tickera – Sell Tickets & Manage Events [tickera-event-ticketing-system]
Researcher
Affected Software
Virusdie – One-click website security [virusdie]
Researcher
Affected Software
Whatsiplus Scheduled Notification for Woocommerce [whatsiplus-scheduled-notification-for-woocommerce]
Researcher
WP Plugin Info Card <= 6.2.0 – Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation
4.3
Affected Software
WP Plugin Info Card [wp-plugin-info-card]
Researcher
Affected Software
Researcher
Affected Software
OneClick Chat to Order [oneclick-whatsapp-order]
Researcher
Affected Software
WP-DownloadManager [wp-downloadmanager]
Researcher
Affected Software
YayMail – WooCommerce Email Customizer [yaymail]
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (February 16, 2026 to February 22, 2026) appeared first on Wordfence.
Puedes consultar el artículo original aquí: https://www.wordfence.com/blog/2026/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-february-16-2026-to-february-22-2026/