Wordfence: Protege tu WordPress con el informe semanal de vulnerabilidades.
Este es un resumen del artículo. Si necesitas contexto adicional, aquí tienes el enlace original: https://www.wordfence.com/blog/2026/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-february-9-2026-to-february-15-2026/
Triple Threat Bug Bounty Challenge
Hunt High Threat vulnerabilities and earn triple the incentives!
Now through April 6, 2026, earn three stacked bonuses on all valid submissions from our ‘High Threat Vulnerabilities’ list:
2x all high threat vulnerability bounties (excluding 5,000,000+ installs)- +30% bonus for high threat vulnerabilities in software with 30,000+ active installs (excluding 5,000,000+ installs)
- $300 extra for every 3 High Threat vulnerabilities submitted (minimum of 1,000 installs)
2x all high threat vulnerability bounties (excluding 5,000,000+ installs)
+30% bonus for high threat vulnerabilities in software with 30,000+ active installs (excluding 5,000,000+ installs)
$300 extra for every 3 High Threat vulnerabilities submitted (minimum of 1,000 installs)Use the Bounty Estimator to see what rewards are possible through the promotion. Submit through our Bug Bounty Program today to maximize your impact and your payout.
Last week, there were 174 vulnerabilities disclosed in 139 WordPress Plugins and 28 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 64 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. As the world’s leading quality vulnerability database provider for WordPress, site owners can rest assured knowing Wordfence has their back.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 33,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
-
-
- WAF-RULE-894 – Data redacted while we work with the vendor on a patch.
-
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 85 |
| Unpatched | 89 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 108 |
| High Severity | 60 |
| Critical Severity | 6 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 62 |
| Missing Authorization | 36 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 22 |
| Deserialization of Untrusted Data | 12 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 6 |
| Authorization Bypass Through User-Controlled Key | 5 |
| Cross-Site Request Forgery (CSRF) | 5 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
| Improper Privilege Management | 4 |
| Exposure of Sensitive Information to an Unauthorized Actor | 3 |
| Server-Side Request Forgery (SSRF) | 3 |
| Unrestricted Upload of File with Dangerous Type | 3 |
| Improper Control of Generation of Code ('Code Injection') | 2 |
| Missing Authentication for Critical Function | 2 |
| Improper Input Validation | 1 |
| Incorrect Authorization | 1 |
| Insufficient Verification of Data Authenticity | 1 |
| Reliance on Reverse DNS Resolution for a Security-Critical Action | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 15 | |
| 15 | |
| 12 | |
| 10 | |
| 10 | |
| 8 | |
| 8 | |
| 8 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Accordion and Accordion Slider | accordion-and-accordion-slider |
| Activity Log for WordPress | winterlock |
| Address Bar Ads | address-bar-ads |
| Allow HTML in Category Descriptions | allow-html-in-category-descriptions |
| AMP Enhancer – Compatibility Layer for Official AMP Plugin | amp-enhancer |
| Appointment Booking Calendar Plugin – Bookr | bookr |
| Beaver Builder Page Builder – Drag and Drop Website Builder | beaver-builder-lite-version |
| BFG Tools – Extension Zipper | bfg-tools-extension-zipper |
| BlueSnap Payment Gateway for WooCommerce | bluesnap-payment-gateway-for-woocommerce |
| Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment | booking-and-rental-manager-for-woocommerce |
| Bravis Addons | bravis-addons |
| BuddyHolis ListSearch | listsearch |
| Business Template Blocks for WPBakery (Visual Composer) Page Builder | templates-and-addons-for-wpbakery-page-builder |
| CallbackKiller service widget | callbackkiller-service-widget |
| Category Image | category-image |
Chatbot for WordPress by Collect.chat  |
collectchat |
| Citations tools | citations-tools |
| Cliengo – Chatbot | cliengo |
| Cnvrse | cnvrse |
| Converter for Media – Optimize images | Convert WebP & AVIF | webp-converter-for-media |
| Custom Block Builder – Lazy Blocks | lazy-blocks |
| Customer Reviews for WooCommerce | customer-reviews-woocommerce |
| Download Manager Addons for Elementor | wpdm-elementor |
| Easy Form Builder by WhiteStudio — Drag & Drop Form Builder | easy-form-builder |
| Easy Voice Mail | easy-voice-mail |
| Ecwid by Lightspeed Ecommerce Shopping Cart | ecwid-shopping-cart |
| Element Pack Addons for Elementor | bdthemes-element-pack-lite |
| Essential Addons for Elementor – Popular Elementor Templates & Widgets | essential-addons-for-elementor-lite |
| FastDup – Fastest WordPress Migration & Duplicator | fastdup |
| Flexi Product Slider and Grid for WooCommerce | flexi-product-slider-grid |
| Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | fluentform |
| Gallery by FooGallery | foogallery |
| Geo Widget | geowidget |
| HTML Shortcodes | html-shortcodes |
| IDE Micro code-editor | flask-micro |
| Image Gallery | new-image-gallery |
| iMoney | imoney |
| Invoct – PDF Invoices & Billing for WooCommerce | kirilkirkov-pdf-invoice-manager |
| iONE360 configurator | ione360-configurator |
| JetEngine | jet-engine |
| JS Help Desk – AI-Powered Support & Ticketing System | js-support-ticket |
| Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | kadence-blocks |
| LatePoint – Calendar Booking Plugin for Appointments and Events | latepoint |
| Link Hopper | link-hopper |
| Lucky Wheel Giveaway | wp-lucky-wheel |
| Magic Login Mail or QR Code | magic-login-mail |
| Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more | mail-mint |
| MailChimp Campaigns | olalaweb-mailchimp-campaign-manager |
| MasterStudy LMS WordPress Plugin – for Online Courses and Education | masterstudy-lms-learning-management-system |
| MDirector Newsletter WordPress Plugin | mdirector-newsletter |
| Media Library Folders | media-library-plus |
| Microtango | microtango |
| midi-Synth | midi-synth |
| Migration, Backup, Staging – WPvivid Backup & Migration | wpvivid-backuprestore |
| Miraculous Elementor | miraculous-el |
| MMA Call Tracking | mma-call-tracking |
| Modal Popup Box: A Flexible Pop Up Box Builder | modal-popup-box |
| Modula Image Gallery – Photo Grid & Video Gallery | modula-best-grid-gallery |
| Mollie Payments for WooCommerce | mollie-payments-for-woocommerce |
| MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar | mp3-music-player-by-sonaar |
| myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program. | mycred |
| Name Directory | name-directory |
| New User Approve | new-user-approve |
| NEX-Forms – Ultimate Forms Plugin for WordPress | nex-forms-express-wp-form-builder |
| Ninja Forms – The Contact Form Builder That Grows With You | ninja-forms |
| One to one user Chat by WPGuppy | wpguppy-lite |
| OpenPix for WooCommerce | openpix-for-woocommerce |
| OpenPOS Lite – Point of Sale for WooCommerce | wpos-lite-version |
| Orbisius Random Name Generator | orbisius-random-name-generator |
| Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | paid-member-subscriptions |
| Passster – Password Protect Pages and Content | content-protector |
| Payment Page | Payment Form for Stripe | payment-page |
| PDF for Elementor Forms + Drag And Drop Template Builder | pdf-for-elementor-forms |
| PDF for WPForms + Drag and Drop Template Builder | pdf-for-wpforms |
| Percent to Infograph | percent-to-infograph |
| personal-authors-category | personal-authors-category |
| PhotoStack Gallery | photostack-gallery |
| PixelYourSite Pro – Your smart PIXEL (TAG) Manager | pixelyoursite-pro |
| PixelYourSite – Your smart PIXEL (TAG) & API Manager | pixelyoursite |
| Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | popup-builder-block |
| Press3D | press3d |
| Primer MyData for Woocommerce | primer-mydata |
| Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) | uni-woo-custom-product-options-premium |
| QuestionPro Surveys | questionpro-surveys |
| Ravelry Designs Widget | ravelry-designs-widget |
| Responsive Slideshow | slider-responsive-slideshow |
| RVCFDI para Woocommerce | rvcfdi-para-woocommerce |
| Scheduler Widget | scheduler-widget |
| SEATT: Simple Event Attendance | simple-event-attendance |
| Secure Copy Content Protection and Content Locking | secure-copy-content-protection |
| Simple File List | simple-file-list |
| Simple Plyr | simple-plyr |
| Simple Retail Menus | simple-retail-menus |
| Simple Wp colorfull Accordion | simple-wp-colorfull-accordion |
| Slideshow Wp | slideshow-wp |
| SlimStat Analytics | wp-slimstat |
| Smart Forms – when you need more than just a contact form | smart-forms |
| Spam protection, Honeypot, Anti-Spam by CleanTalk | cleantalk-spam-protect |
| Sphere Manager | sphere-manager |
| Starfish Review Generation & Marketing for WordPress | starfish-reviews |
| StickEasy Protected Contact Form | stickeasy-protected-contact-form |
| StyleBidet | stylebidet |
| Sudoku Shortcode | sudoku-shortcode |
| Super Page Cache | wp-cloudflare-page-cache |
| Super Simple Contact Form | super-simple-contact-form |
| SureForms – Contact Form, Payment Form & Other Custom Form Builder | sureforms |
| The Events Calendar Shortcode & Block | the-events-calendar-shortcode |
| Themesflat Elementor | themesflat-elementor |
| Timeline Event History | timeline-event-history |
| Truelysell Core | truelysell-core |
| Twitter posts to Blog | twitter-posts-to-blog |
| UpMenu – Online ordering for restaurants | upmenu |
| User Language Switch | user-language-switch |
| Videospirecore Theme Plugin | videospirecore |
| Visitor Maps Extended Referer Field | visitor-maps-extended-referer-field |
| Visual Feedback, Review & AI Collaboration Tool For WordPress – Atarim | atarim-visual-collaboration |
| WaMate Confirm – Order Confirmation | wamate-confirm |
| WCFM Marketplace – Multivendor Marketplace for WooCommerce | wc-multivendor-marketplace |
| WCFM Membership – WooCommerce Memberships for Multivendor Marketplace | wc-multivendor-membership |
| WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible | wc-frontend-manager |
| WDES Responsive Popup | wdes-responsive-popup |
| Whizz Plugins | whizz-plugins |
| WooCommerce Bulk Product Editor | woocommerce-quick-product-editor |
| WooCommerce Coming Soon Product with Countdown | woo-coming-soon-product |
| WooODT Lite – Delivery & pickup date time location for WooCommerce | byconsole-woo-order-delivery-time |
| WordPress Upload Files Anywhere | wp-upload-files-anywhere |
| WordPress User Extra Fields | wp-user-extra-fields |
| WP Data Access – No-Code App Builder with Tables, Forms, Charts & Maps | wp-data-access |
| WP FullCalendar | wp-fullcalendar |
| WP Last Modified Info | wp-last-modified-info |
| WP Quick Contact Us | wp-quick-contact-us |
| wpForo Forum | wpforo |
| WPlyr Media Block | wplyr-media-block |
| WPshop 2 – E-Commerce | wpshop |
| WPZOOM Addons for Elementor – Starter Templates & Widgets | wpzoom-elementor-addons |
| YayCurrency – WooCommerce Multi-Currency Switcher | yaycurrency |
| Yoast Duplicate Post | duplicate-post |
| ZoomifyWP Free | tz-zoomifywp-free |
| افزونه پیامک ووکامرس Persian WooCommerce SMS | persian-woocommerce-sms |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| AdForest | adforest |
| Belletrist – Blog Theme for WordPress Theme | belletrist |
| Cartify – WooCommerce Gutenberg WordPress | cartify |
| Cobble | cobble |
| Dating | DA10 |
| Diamond | diamond |
| Diza – Pharmacy Store Elementor WooCommerce Theme | diza |
| Electronics eCommerce WordPress Woocommerce Theme – Exzo | exzo |
| Extreme Store | extremestore |
| Fana – Fashion Shop WordPress Theme | fana |
| FiveStar – Hotel Booking WordPress Theme | fivestar |
| FreightCo – Free Transportation & Logistics WordPress Theme | freightco |
| Gable – Structure & Building Franework WordPress Theme | gable |
| HealthFirst – Nutrition and Recipes WordPress Theme | healthfirst |
| Lorem Ipsum | lorem-ipsum-books-media-store |
| Nestin | nestin |
| Nika – Medical Elementor WooCommerce Theme | nika |
| PatioTime – Restaurant WordPress Theme | patiotime |
| PJ | Life & Business Coaching Site Template | pj |
| Plank – Carpenter, Flooring & Woodworker WordPress Theme | plank |
| Prestige | prestige |
| R&F – Roof & Floor Carpenter WordPress Theme | rf |
| Splendour | splendour |
| Struktur – Creative Agency WordPress Theme | struktur |
| Tint – Renovation, Painting & Wallpapering WordPress Theme | tint |
| Travelicious – Tour Operator WordPress Theme | travelicious |
| Yokoo | yokoo |
| Zota – Elementor Multi-Purpose WooCommerce Theme | zota |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2026-1729
CVE-2026-1729
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
AdForest
AdForest
Researcher
CVE-ID
CVE-2026-1306
CVE-2026-1306
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
midi-Synth
midi-Synth
CVE-ID
CVE-2026-1357
CVE-2026-1357
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Migration, Backup, Staging – WPvivid Backup & Migration
Migration, Backup, Staging – WPvivid Backup & Migration
Researcher
CVE-ID
CVE-2026-1490
CVE-2026-1490
Patch Status
Patched
Patched
Published
Feb 14, 2026
Feb 14, 2026
Affected Software
Spam protection, Honeypot, Anti-Spam by CleanTalk
Spam protection, Honeypot, Anti-Spam by CleanTalk
Researcher
CVE-ID
CVE-2025-8572
CVE-2025-8572
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Truelysell Core
Truelysell Core
Researcher
CVE-ID
CVE-2025-69379
CVE-2025-69379
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
WordPress Upload Files Anywhere
WordPress Upload Files Anywhere
Researcher
CVE-ID
CVE-2025-69403
CVE-2025-69403
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Bravis Addons
Bravis Addons
Researcher
Custom Block Builder – Lazy Blocks <= 4.2.0 – Authenticated (Contributor+) Remote Code Execution
8.8
CVE-ID
CVE-2026-1560
CVE-2026-1560
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Custom Block Builder – Lazy Blocks
Custom Block Builder – Lazy Blocks
Researcher
CVE-ID
CVE-2026-1750
CVE-2026-1750
Patch Status
Patched
Patched
Published
Feb 14, 2026
Feb 14, 2026
Affected Software
Ecwid by Lightspeed Ecommerce Shopping Cart
Ecwid by Lightspeed Ecommerce Shopping Cart
Researcher
CVE-ID
CVE-2026-1104
CVE-2026-1104
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
FastDup – Fastest WordPress Migration & Duplicator
FastDup – Fastest WordPress Migration & Duplicator
CVE-ID
CVE-2025-67998
CVE-2025-67998
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Miraculous Elementor
Miraculous Elementor
Researcher
CVE-ID
CVE-2025-15157
CVE-2025-15157
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Starfish Review Generation & Marketing for WordPress
Starfish Review Generation & Marketing for WordPress
CVE-ID
CVE-2025-15096
CVE-2025-15096
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Videospirecore Theme Plugin
Videospirecore Theme Plugin
Researcher
CVE-ID
CVE-2026-0910
CVE-2026-0910
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
wpForo Forum
wpForo Forum
Researcher
CVE-ID
CVE-2025-69410
CVE-2025-69410
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Belletrist – Blog Theme for WordPress Theme
Belletrist – Blog Theme for WordPress Theme
Researcher
CVE-ID
CVE-2025-69399
CVE-2025-69399
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Cobble
Cobble
Researcher
CVE-ID
CVE-2025-68543
CVE-2025-68543
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Diza – Pharmacy Store Elementor WooCommerce Theme
Diza – Pharmacy Store Elementor WooCommerce Theme
Researcher
CVE-ID
CVE-2025-69404
CVE-2025-69404
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Extreme Store
Extreme Store
Researcher
CVE-ID
CVE-2025-68539
CVE-2025-68539
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Fana – Fashion Shop WordPress Theme
Fana – Fashion Shop WordPress Theme
Researcher
CVE-ID
CVE-2026-22344
CVE-2026-22344
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
FiveStar – Hotel Booking WordPress Theme
FiveStar – Hotel Booking WordPress Theme
Researcher
CVE-ID
CVE-2025-69406
CVE-2025-69406
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
FreightCo – Free Transportation & Logistics WordPress Theme
FreightCo – Free Transportation & Logistics WordPress Theme
Researcher
CVE-ID
CVE-2025-69395
CVE-2025-69395
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Gable – Structure & Building Franework WordPress Theme
Gable – Structure & Building Franework WordPress Theme
Researcher
CVE-ID
CVE-2025-69408
CVE-2025-69408
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
HealthFirst – Nutrition and Recipes WordPress Theme
HealthFirst – Nutrition and Recipes WordPress Theme
Researcher
CVE-ID
CVE-2025-69405
CVE-2025-69405
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Lorem Ipsum
Lorem Ipsum
Researcher
CVE-ID
CVE-2026-2144
CVE-2026-2144
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Magic Login Mail or QR Code
Magic Login Mail or QR Code
Researcher
CVE-ID
CVE-2025-67996
CVE-2025-67996
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Nestin
Nestin
Researcher
CVE-ID
CVE-2025-68545
CVE-2025-68545
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Nika – Medical Elementor WooCommerce Theme
Nika – Medical Elementor WooCommerce Theme
Researcher
CVE-ID
CVE-2025-67992
CVE-2025-67992
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
PatioTime – Restaurant WordPress Theme
PatioTime – Restaurant WordPress Theme
Researcher
CVE-ID
CVE-2025-67995
CVE-2025-67995
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
PatioTime – Restaurant WordPress Theme
PatioTime – Restaurant WordPress Theme
Researcher
CVE-ID
CVE-2025-69409
CVE-2025-69409
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
PJ | Life & Business Coaching Site Template
PJ | Life & Business Coaching Site Template
Researcher
CVE-ID
CVE-2025-69398
CVE-2025-69398
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Plank – Carpenter, Flooring & Woodworker WordPress Theme
Plank – Carpenter, Flooring & Woodworker WordPress Theme
Researcher
CVE-ID
CVE-2025-69402
CVE-2025-69402
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
R&F – Roof & Floor Carpenter WordPress Theme
R&F – Roof & Floor Carpenter WordPress Theme
Researcher
CVE-ID
CVE-2025-69383
CVE-2025-69383
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
WPshop 2 – E-Commerce
WPshop 2 – E-Commerce
Researcher
CVE-ID
CVE-2025-69387
CVE-2025-69387
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Simple Retail Menus
Simple Retail Menus
Researcher
CVE-ID
CVE-2025-69396
CVE-2025-69396
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Splendour
Splendour
Researcher
CVE-ID
CVE-2025-69407
CVE-2025-69407
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Struktur – Creative Agency WordPress Theme
Struktur – Creative Agency WordPress Theme
Researcher
CVE-ID
CVE-2025-69382
CVE-2025-69382
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Themesflat Elementor
Themesflat Elementor
Researcher
CVE-ID
CVE-2025-69397
CVE-2025-69397
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Tint – Renovation, Painting & Wallpapering WordPress Theme
Tint – Renovation, Painting & Wallpapering WordPress Theme
Researcher
CVE-ID
CVE-2025-67997
CVE-2025-67997
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Travelicious – Tour Operator WordPress Theme
Travelicious – Tour Operator WordPress Theme
Researcher
CVE-ID
CVE-2025-69400
CVE-2025-69400
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Yokoo
Yokoo
Researcher
CVE-ID
CVE-2025-68536
CVE-2025-68536
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Zota – Elementor Multi-Purpose WooCommerce Theme
Zota – Elementor Multi-Purpose WooCommerce Theme
Researcher
CVE-ID
CVE-2026-0692
CVE-2026-0692
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
BlueSnap Payment Gateway for WooCommerce
BlueSnap Payment Gateway for WooCommerce
Researcher
CVE-ID
CVE-2025-69328
CVE-2025-69328
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Researcher
CVE-ID
CVE-2026-24956
CVE-2026-24956
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Download Manager Addons for Elementor
Download Manager Addons for Elementor
Researcher
CVE-ID
CVE-2026-1988
CVE-2026-1988
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Flexi Product Slider and Grid for WooCommerce
Flexi Product Slider and Grid for WooCommerce
Researcher
CVE-ID
CVE-2026-22345
CVE-2026-22345
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Image Gallery
Image Gallery
Researcher
CVE-ID
CVE-2025-68526
CVE-2025-68526
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Modal Popup Box: A Flexible Pop Up Box Builder
Modal Popup Box: A Flexible Pop Up Box Builder
Researcher
CVE-ID
CVE-2026-2268
CVE-2026-2268
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Ninja Forms – The Contact Form Builder That Grows With You
Ninja Forms – The Contact Form Builder That Grows With You
Researcher
CVE-ID
CVE-2026-2024
CVE-2026-2024
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
PhotoStack Gallery
PhotoStack Gallery
Researcher
CVE-ID
CVE-2026-22346
CVE-2026-22346
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Responsive Slideshow
Responsive Slideshow
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
SureForms – Contact Form, Payment Form & Other Custom Form Builder
SureForms – Contact Form, Payment Form & Other Custom Form Builder
Researcher
CVE-ID
CVE-2025-69380
CVE-2025-69380
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
WordPress Upload Files Anywhere
WordPress Upload Files Anywhere
Researcher
CVE-ID
CVE-2025-68552
CVE-2025-68552
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
WooCommerce Coming Soon Product with Countdown
WooCommerce Coming Soon Product with Countdown
Researcher
CVE-ID
CVE-2026-1316
CVE-2026-1316
Patch Status
Patched
Patched
Published
Feb 12, 2026
Feb 12, 2026
Affected Software
Customer Reviews for WooCommerce
Customer Reviews for WooCommerce
Researcher
CVE-ID
CVE-2025-15440
CVE-2025-15440
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
iONE360 configurator
iONE360 configurator
Researcher
CVE-ID
CVE-2025-14541
CVE-2025-14541
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Lucky Wheel Giveaway
Lucky Wheel Giveaway
Researcher
CVE-ID
CVE-2026-1866
CVE-2026-1866
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Name Directory
Name Directory
Researcher
CVE-ID
CVE-2026-1841
CVE-2026-1841
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
PixelYourSite – Your smart PIXEL (TAG) & API Manager
PixelYourSite – Your smart PIXEL (TAG) & API Manager
Researcher
CVE-ID
CVE-2026-1844
CVE-2026-1844
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
PixelYourSite Pro – Your smart PIXEL (TAG) Manager
PixelYourSite Pro – Your smart PIXEL (TAG) Manager
Researcher
CVE-ID
CVE-2026-1320
CVE-2026-1320
Patch Status
Patched
Patched
Published
Feb 12, 2026
Feb 12, 2026
Affected Software
Secure Copy Content Protection and Content Locking
Secure Copy Content Protection and Content Locking
Researcher
CVE-ID
CVE-2026-1843
CVE-2026-1843
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Super Page Cache
Super Page Cache
Researcher
CVE-ID
CVE-2026-0753
CVE-2026-0753
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Super Simple Contact Form
Super Simple Contact Form
Researcher
CVE-ID
CVE-2025-67991
CVE-2025-67991
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
WordPress User Extra Fields
WordPress User Extra Fields
Researcher
CVE-ID
CVE-2026-0745
CVE-2026-0745
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
User Language Switch
User Language Switch
Researcher
CVE-ID
CVE-2026-0845
CVE-2026-0845
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
CVE-ID
CVE-2026-1671
CVE-2026-1671
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Activity Log for WordPress
Activity Log for WordPress
CVE-ID
CVE-2026-1793
CVE-2026-1793
Patch Status
Patched
Patched
Published
Feb 14, 2026
Feb 14, 2026
Affected Software
Element Pack Addons for Elementor
Element Pack Addons for Elementor
Researcher
CVE-ID
CVE-2026-24959
CVE-2026-24959
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
JS Help Desk – AI-Powered Support & Ticketing System
JS Help Desk – AI-Powered Support & Ticketing System
Researcher
CVE-ID
CVE-2026-24953
CVE-2026-24953
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Simple File List
Simple File List
Researcher
CVE-ID
CVE-2025-13431
CVE-2025-13431
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
SlimStat Analytics
SlimStat Analytics
Researcher
Twitter posts to Blog <= 1.11.25 – Missing Authorization to Unauthenticated Plugin Settings Update
6.5
CVE-ID
CVE-2026-1786
CVE-2026-1786
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Twitter posts to Blog
Twitter posts to Blog
Researcher
CVE-ID
CVE-2026-1231
CVE-2026-1231
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Beaver Builder Page Builder – Drag and Drop Website Builder
Beaver Builder Page Builder – Drag and Drop Website Builder
CVE-ID
CVE-2026-1853
CVE-2026-1853
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
BuddyHolis ListSearch
BuddyHolis ListSearch
Researcher
CVE-ID
CVE-2026-0736
CVE-2026-0736
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Chatbot for WordPress by Collect.chat
Chatbot for WordPress by Collect.chat
Researcher
CVE-ID
CVE-2026-1912
CVE-2026-1912
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Citations tools
Citations tools
Researcher
CVE-ID
CVE-2026-1512
CVE-2026-1512
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Essential Addons for Elementor – Popular Elementor Templates & Widgets
Essential Addons for Elementor – Popular Elementor Templates & Widgets
Researcher
CVE-ID
CVE-2026-0996
CVE-2026-0996
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Researcher
CVE-ID
CVE-2026-1809
CVE-2026-1809
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
HTML Shortcodes
HTML Shortcodes
Researcher
CVE-ID
CVE-2026-1827
CVE-2026-1827
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
IDE Micro code-editor
IDE Micro code-editor
Researcher
CVE-ID
CVE-2026-0559
CVE-2026-0559
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Researcher
CVE-ID
CVE-2026-1821
CVE-2026-1821
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Microtango
Microtango
Researcher
CVE-ID
CVE-2026-0550
CVE-2026-0550
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program.
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program.
Researcher
CVE-ID
CVE-2026-1826
CVE-2026-1826
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
OpenPOS Lite – Point of Sale for WooCommerce
OpenPOS Lite – Point of Sale for WooCommerce
Researcher
CVE-ID
CVE-2026-1893
CVE-2026-1893
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Orbisius Random Name Generator
Orbisius Random Name Generator
Researcher
CVE-ID
CVE-2026-0751
CVE-2026-0751
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Payment Page | Payment Form for Stripe
Payment Page | Payment Form for Stripe
Researcher
CVE-ID
CVE-2026-1939
CVE-2026-1939
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Percent to Infograph
Percent to Infograph
Researcher
CVE-ID
CVE-2026-1985
CVE-2026-1985
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Press3D
Press3D
CVE-ID
CVE-2026-1901
CVE-2026-1901
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
QuestionPro Surveys
QuestionPro Surveys
Researcher
CVE-ID
CVE-2026-1903
CVE-2026-1903
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Ravelry Designs Widget
Ravelry Designs Widget
Researcher
CVE-ID
CVE-2026-1915
CVE-2026-1915
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Simple Plyr
Simple Plyr
Researcher
CVE-ID
CVE-2026-1904
CVE-2026-1904
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Simple Wp colorfull Accordion
Simple Wp colorfull Accordion
Researcher
CVE-ID
CVE-2026-1885
CVE-2026-1885
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Slideshow Wp
Slideshow Wp
Researcher
CVE-ID
CVE-2026-1905
CVE-2026-1905
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Sphere Manager
Sphere Manager
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Sudoku Shortcode
Sudoku Shortcode
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Sudoku Shortcode
Sudoku Shortcode
Researcher
CVE-ID
CVE-2026-1922
CVE-2026-1922
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
The Events Calendar Shortcode & Block
The Events Calendar Shortcode & Block
Researcher
CVE-ID
CVE-2026-1910
CVE-2026-1910
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
UpMenu – Online ordering for restaurants
UpMenu – Online ordering for restaurants
Researcher
CVE-ID
CVE-2026-1804
CVE-2026-1804
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
WDES Responsive Popup
WDES Responsive Popup
Researcher
CVE-ID
CVE-2026-0557
CVE-2026-0557
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
WP Data Access – No-Code App Builder with Tables, Forms, Charts & Maps
WP Data Access – No-Code App Builder with Tables, Forms, Charts & Maps
Researcher
CVE-ID
CVE-2026-1187
CVE-2026-1187
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
ZoomifyWP Free
ZoomifyWP Free
Researcher
CVE-ID
CVE-2026-1795
CVE-2026-1795
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Address Bar Ads
Address Bar Ads
Researcher
CVE-ID
CVE-2025-69390
CVE-2025-69390
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Business Template Blocks for WPBakery (Visual Composer) Page Builder
Business Template Blocks for WPBakery (Visual Composer) Page Builder
Researcher
CVE-ID
CVE-2025-69391
CVE-2025-69391
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Diamond
Diamond
Researcher
CVE-ID
CVE-2026-1164
CVE-2026-1164
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Easy Voice Mail
Easy Voice Mail
Researcher
CVE-ID
CVE-2026-1792
CVE-2026-1792
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Geo Widget
Geo Widget
Researcher
CVE-ID
CVE-2025-68501
CVE-2025-68501
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Mollie Payments for WooCommerce
Mollie Payments for WooCommerce
Researcher
CVE-ID
CVE-2025-69326
CVE-2025-69326
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
NEX-Forms – Ultimate Forms Plugin for WordPress
NEX-Forms – Ultimate Forms Plugin for WordPress
Researcher
CVE-ID
CVE-2026-22352
CVE-2026-22352
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
افزونه پیامک ووکامرس Persian WooCommerce SMS
افزونه پیامک ووکامرس Persian WooCommerce SMS
Researcher
CVE-ID
CVE-2026-1754
CVE-2026-1754
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
personal-authors-category
personal-authors-category
Researcher
CVE-ID
CVE-2025-69386
CVE-2025-69386
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
RVCFDI para Woocommerce
RVCFDI para Woocommerce
Researcher
CVE-ID
CVE-2026-1796
CVE-2026-1796
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
StyleBidet
StyleBidet
Researcher
CVE-ID
CVE-2025-69384
CVE-2025-69384
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Timeline Event History
Timeline Event History
Researcher
CVE-ID
CVE-2025-69389
CVE-2025-69389
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Visitor Maps Extended Referer Field
Visitor Maps Extended Referer Field
Researcher
CVE-ID
CVE-2026-24955
CVE-2026-24955
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Whizz Plugins
Whizz Plugins
Researcher
CVE-ID
CVE-2025-13391
CVE-2025-13391
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium)
Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium)
Researcher
CVE-ID
CVE-2026-0727
CVE-2026-0727
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Accordion and Accordion Slider
Accordion and Accordion Slider
Researcher
CVE-ID
CVE-2025-14895
CVE-2025-14895
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Researcher
CVE-ID
CVE-2026-1987
CVE-2026-1987
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Scheduler Widget
Scheduler Widget
Researcher
CVE-ID
CVE-2026-1932
CVE-2026-1932
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Appointment Booking Calendar Plugin – Bookr
Appointment Booking Calendar Plugin – Bookr
Researcher
CVE-ID
CVE-2025-67993
CVE-2025-67993
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Visual Feedback, Review & AI Collaboration Tool For WordPress – Atarim
Visual Feedback, Review & AI Collaboration Tool For WordPress – Atarim
Researcher
CVE-ID
CVE-2026-1944
CVE-2026-1944
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
CallbackKiller service widget
CallbackKiller service widget
Researcher
CVE-ID
CVE-2025-69394
CVE-2025-69394
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Cnvrse
Cnvrse
Researcher
CVE-ID
CVE-2026-22343
CVE-2026-22343
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Dating
Dating
Researcher
CVE-ID
CVE-2025-14067
CVE-2025-14067
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Easy Form Builder by WhiteStudio — Drag & Drop Form Builder
Easy Form Builder by WhiteStudio — Drag & Drop Form Builder
Researcher
CVE-ID
CVE-2025-69393
CVE-2025-69393
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Electronics eCommerce WordPress Woocommerce Theme – Exzo
Electronics eCommerce WordPress Woocommerce Theme – Exzo
Researcher
CVE-ID
CVE-2026-22351
CVE-2026-22351
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
WP FullCalendar
WP FullCalendar
Researcher
CVE-ID
CVE-2026-1537
CVE-2026-1537
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
LatePoint – Calendar Booking Plugin for Appointments and Events
LatePoint – Calendar Booking Plugin for Appointments and Events
Researcher
CVE-ID
CVE-2026-1303
CVE-2026-1303
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
MailChimp Campaigns
MailChimp Campaigns
Researcher
CVE-ID
CVE-2025-69063
CVE-2025-69063
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
New User Approve
New User Approve
Researcher
CVE-ID
CVE-2025-6792
CVE-2025-6792
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
One to one user Chat by WPGuppy
One to one user Chat by WPGuppy
Researcher
CVE-ID
CVE-2025-69325
CVE-2025-69325
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Primer MyData for Woocommerce
Primer MyData for Woocommerce
Researcher
CVE-ID
CVE-2025-13973
CVE-2025-13973
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
StickEasy Protected Contact Form
StickEasy Protected Contact Form
Researcher
CVE-ID
CVE-2026-1833
CVE-2026-1833
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
WaMate Confirm – Order Confirmation
WaMate Confirm – Order Confirmation
Researcher
CVE-ID
CVE-2026-1722
CVE-2026-1722
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
WCFM Marketplace – Multivendor Marketplace for WooCommerce
WCFM Marketplace – Multivendor Marketplace for WooCommerce
Researcher
CVE-ID
CVE-2025-69401
CVE-2025-69401
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
WooODT Lite – Delivery & pickup date time location for WooCommerce
WooODT Lite – Delivery & pickup date time location for WooCommerce
Researcher
CVE-ID
CVE-2025-14608
CVE-2025-14608
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
WP Last Modified Info
WP Last Modified Info
Researcher
CVE-ID
CVE-2026-2295
CVE-2026-2295
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
WPZOOM Addons for Elementor – Starter Templates & Widgets
WPZOOM Addons for Elementor – Starter Templates & Widgets
Researcher
CVE-ID
CVE-2025-67994
CVE-2025-67994
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
YayCurrency – WooCommerce Multi-Currency Switcher
YayCurrency – WooCommerce Multi-Currency Switcher
Researcher
CVE-ID
CVE-2026-1249
CVE-2026-1249
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
Researcher
CVE-ID
CVE-2025-13681
CVE-2025-13681
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
BFG Tools – Extension Zipper
BFG Tools – Extension Zipper
Researcher
CVE-ID
CVE-2026-1258
CVE-2026-1258
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Researcher
CVE-ID
CVE-2026-1356
CVE-2026-1356
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Converter for Media – Optimize images | Convert WebP & AVIF
Converter for Media – Optimize images | Convert WebP & AVIF
Researcher
CVE-ID
CVE-2026-0693
CVE-2026-0693
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Allow HTML in Category Descriptions
Allow HTML in Category Descriptions
Researcher
CVE-ID
CVE-2026-2027
CVE-2026-2027
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
AMP Enhancer – Compatibility Layer for Official AMP Plugin
AMP Enhancer – Compatibility Layer for Official AMP Plugin
Researcher
CVE-ID
CVE-2026-0815
CVE-2026-0815
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Category Image
Category Image
Researcher
CVE-ID
CVE-2019-25314
CVE-2019-25314
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Yoast Duplicate Post
Yoast Duplicate Post
Researcher
CVE-ID
CVE-2025-15483
CVE-2025-15483
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Link Hopper
Link Hopper
Researcher
CVE-ID
CVE-2026-0735
CVE-2026-0735
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
User Language Switch
User Language Switch
Researcher
CVE-ID
CVE-2026-0724
CVE-2026-0724
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
WPlyr Media Block
WPlyr Media Block
Researcher
CVE-ID
CVE-2025-69385
CVE-2025-69385
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Cartify – WooCommerce Gutenberg WordPress
Cartify – WooCommerce Gutenberg WordPress
Researcher
CVE-ID
CVE-2025-69388
CVE-2025-69388
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
Cliengo – Chatbot
Cliengo – Chatbot
Researcher
CVE-ID
CVE-2025-15524
CVE-2025-15524
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Gallery by FooGallery
Gallery by FooGallery
Researcher
CVE-ID
CVE-2026-2608
CVE-2026-2608
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
Researcher
CVE-ID
Unknown
Unknown
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
Researcher
CVE-ID
CVE-2026-1748
CVE-2026-1748
Patch Status
Patched
Patched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
Invoct – PDF Invoices & Billing for WooCommerce
Invoct – PDF Invoices & Billing for WooCommerce
Researchers
CVE-ID
CVE-2025-14873
CVE-2025-14873
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
LatePoint – Calendar Booking Plugin for Appointments and Events
LatePoint – Calendar Booking Plugin for Appointments and Events
Researcher
CVE-ID
CVE-2025-14852
CVE-2025-14852
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
MDirector Newsletter WordPress Plugin
MDirector Newsletter WordPress Plugin
Researcher
CVE-ID
CVE-2026-2312
CVE-2026-2312
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Media Library Folders
Media Library Folders
Researcher
CVE-ID
CVE-2026-1215
CVE-2026-1215
Patch Status
Unpatched
Unpatched
Published
Feb 10, 2026
Feb 10, 2026
Affected Software
MMA Call Tracking
MMA Call Tracking
Researcher
CVE-ID
CVE-2026-1254
CVE-2026-1254
Patch Status
Patched
Patched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Modula Image Gallery – Photo Grid & Video Gallery
Modula Image Gallery – Photo Grid & Video Gallery
Researcher
CVE-ID
CVE-2025-15400
CVE-2025-15400
Patch Status
Unpatched
Unpatched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
OpenPix for WooCommerce
OpenPix for WooCommerce
Researcher
Paid Member Subscriptions <= 2.16.8 – Authenticated (Subscriber+) Insecure Direct Object Reference
4.3
CVE-ID
CVE-2025-68514
CVE-2025-68514
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Researcher
CVE-ID
CVE-2026-25036
CVE-2026-25036
Patch Status
Patched
Patched
Published
Feb 12, 2026
Feb 12, 2026
Affected Software
Passster – Password Protect Pages and Content
Passster – Password Protect Pages and Content
Researcher
CVE-ID
CVE-2026-22350
CVE-2026-22350
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
PDF for Elementor Forms + Drag And Drop Template Builder
PDF for Elementor Forms + Drag And Drop Template Builder
Researcher
CVE-ID
CVE-2025-68534
CVE-2025-68534
Patch Status
Patched
Patched
Published
Feb 11, 2026
Feb 11, 2026
Affected Software
PDF for WPForms + Drag and Drop Template Builder
PDF for WPForms + Drag and Drop Template Builder
Researcher
SEATT: Simple Event Attendance <= 1.5.0 – Cross-Site Request Forgery to Arbitrary Event Deletion
4.3
CVE-ID
CVE-2026-1983
CVE-2026-1983
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
SEATT: Simple Event Attendance
SEATT: Simple Event Attendance
Researcher
Smart Forms <= 2.6.99 – Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure
4.3
CVE-ID
CVE-2026-2022
CVE-2026-2022
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
Smart Forms – when you need more than just a contact form
Smart Forms – when you need more than just a contact form
Researcher
CVE-ID
CVE-2025-15147
CVE-2025-15147
Patch Status
Patched
Patched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace
Researcher
CVE-ID
CVE-2025-69381
CVE-2025-69381
Patch Status
Unpatched
Unpatched
Published
Feb 9, 2026
Feb 9, 2026
Affected Software
WooCommerce Bulk Product Editor
WooCommerce Bulk Product Editor
Researcher
CVE-ID
CVE-2026-1394
CVE-2026-1394
Patch Status
Unpatched
Unpatched
Published
Feb 13, 2026
Feb 13, 2026
Affected Software
WP Quick Contact Us
WP Quick Contact Us
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (February 9, 2026 to February 15, 2026) appeared first on Wordfence.
Puedes consultar el artículo original aquí: https://www.wordfence.com/blog/2026/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-february-9-2026-to-february-15-2026/