Last week, 69 vulnerabilities were revealed in 60 WordPress plugins and 4 themes that were added to the Wordfence Intelligence vulnerability database, and 32 vulnerability researchers contributed to WordPress security last week.
The mission of the Wordfence Intelligence security plugin is to make valuable vulnerability information easily accessible to everyone, such as the WordPress community, so that individuals and organizations can use this data to make the Internet safer. This article was translated directly from their newsletter.
New firewall rules rolled out last week:
Wordfence’s Threat Intelligence team reviews each vulnerability for impact and severity, as well as likelihood of exploitation, to ensure that Wordfence’s firewall provides sufficient protection.
Last week, the team deployed enhanced protection via firewall rules for the following real-time vulnerabilities for our Premium, Care and Response customers:
ZM Ajax Login & Register <= 2.0.2 – Authentication Bypass
At Farweb, we have properly updated the affected plugins and themes so that they are no longer a risk to your website even with the free version of WordFence.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| AFFILIATE Solution | affiliate-solution |
| AI ChatBot | chatbot |
| AdFoxly – Ad Manager, AdSense Ads & Ads.txt | adfoxly |
| Affiliate Links Lite | affiliate-links |
| Article Directory Redux | article-directory-redux |
| Best WordPress Gallery Plugin – FooGallery | foogallery |
| Better Search – Relevant search results for WordPress | better-search |
| Blocksy Companion | blocksy-companion |
| Booqable Rental Plugin | booqable-rental-reservations |
| Cloud Manager | cloud-manager |
| CoSchedule | coschedule-by-todaymade |
| Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress | contact-form-to-db |
| Coupon Affiliates – WooCommerce Affiliate Plugin | woo-coupon-usage |
| Custom Order Numbers for WooCommerce | custom-order-numbers-for-woocommerce |
| Cyr to Lat enhanced | cyr3lat |
| Database Collation Fix | database-collation-fix |
| Download Manager Pro | download-manager |
| Easy Appointments | easy-appointments |
| ElasticPress | elasticpress |
| Electric Studio Client Login | electric-studio-client-login |
| Enable Accessibility | enable-accessibility |
| External Videos | external-videos |
| Fantastic Content Protector Free | fantastic-content-protector-free |
| Featured Post Creative | featured-post-creative |
| Forminator – Contact Form, Payment Form & Custom Form Builder | forminator |
| Kaya QR Code Generator | kaya-qr-code-generator |
| Landing Page Builder – Free Landing Page Templates | ultimate-landing-page |
| Limit Login Attempts | limit-login-attempts |
| Motor Racing League | motor-racing-league |
| Neshan Maps | neshan-maps |
| Newsletters | newsletters-lite |
| Optima Express + MarketBoost IDX Plugin | optima-express |
| Paytm – Donation Plugin | paytm-donation |
| Pickup | Delivery | Dine-in date time | restaurant-pickup-delivery-dine-in |
| PowerPress Podcasting plugin by Blubrry | powerpress |
| Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin | pretty-link |
| Product Catalog Feed by PixelYourSite | product-catalog-feed |
| Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress | quiz-master-next |
| Restricted Site Access | restricted-site-access |
| ReviewX – Multi-criteria Rating & Reviews for WooCommerce | reviewx |
| Ruby Help Desk | ruby-help-desk |
| ShiftController Employee Shift Scheduling | shiftcontroller |
| Shortcodes by Angie Makes | wc-shortcodes |
| Simple PopUp | simple-popup |
| Stamped.io Product Reviews & UGC for WooCommerce | stampedio-product-reviews |
| Stock Exporter for WooCommerce | stock-exporter-for-woocommerce |
| SupportCandy – Helpdesk & Support Ticket System | supportcandy |
| Ultimate Noindex Nofollow Tool II | ultimate-noindex-nofollow-tool-ii |
| User registration & user profile – UserPlus | userplus |
| Vimeotheque / Vimeo | codeflavors-vimeo-video-post-lite |
| WP EasyPay – Square for WordPress | wp-easy-pay |
| WP Inventory Manager | wp-inventory-manager |
| WP Reroute Email | wp-reroute-email |
| WP Roles at Registration | wp-roles-at-registration |
| Watu Quiz | watu |
| WooCommerce Wishlist by MC + (Free Elementor & Email Marketing Automation) | smart-wishlist-for-more-convert |
| ZM Ajax Login & Register | zm-ajax-login-register |
| a3 Portfolio | a3-portfolio |
| hiWeb Migration Simple | hiweb-migration-simple |
| tencentcloud-cos | tencentcloud-cos |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| Betheme | betheme |
| Blogger Buzz | blogger-buzz |
| Educenter | educenter |
| Square | square |
