Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)

Last week, there were 56 vulnerabilities disclosed in 50 WordPress Plugins that have been added to the Wordfence Intelligence Vulnerability Database, and there were 38 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +191 more potentially affected by CVE-2026-4634 via org.keycloak:keycloak-services (>=10.0.0 <=26.5.6)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

aero.albers.osmbse:mdzip-process-sources-maven-plugin (=0.0.1), aero.albers.osmbse:mdzip-validate-maven-plugin (=0.0.1) +23920 more potentially affected by CVE-2025-67030 via org.codehaus.plexus:plexus-utils (>=1.0.4 <=3.6.0)

org.codehaus.plexus:plexus-utils MAVEN version =1.0.4, =0.1, =0.1.0, =0.0.1, =0.0.6, =0.1.10, =0.1.3, =0.0.1, =0.0.1, =0.2.0, =0.1.3, =0.1.3, =0.1.5 - ai.pipestream:pipestream-engine =0.0.6 - ai.pipestream:pipestream-engine-kafka-sidecar =0.0.2 and more Source cves: CVE-2025-67030 Source advisory...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +181 more potentially affected by CVE-2025-13881 via org.keycloak:keycloak-services (>=10.0.0 <=26.4.7)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

org.elasticsearch.plugin:transport-netty4 (>=9.2.0 <=9.2.1), org.elasticsearch.plugin:x-pack-core (>=9.2.0 <=9.2.1) +3 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch-ssl-config (>=9.2.0 <=9.2.1)

org.elasticsearch:elasticsearch-ssl-config MAVEN version =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.1 Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14417579...

@alauda-fe/create-alauda-mfe-plugin (>=0.0.1 <=0.0.2), @apj-pace/pace-nx-plugin (>=0.0.2 <=0.0.5) +75 more potentially affected by CVE-2025-10894 via nx (>=20.0.0-beta.0 <=20.0.9)

nx NPM version =20.0.0-beta.0, =0.0.1, =0.0.2, =0.0.0, =0.5.0, =0.0.1, =0.0.25, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-canary.20240926-529ab94 and more Source cves: CVE-2025-10894 Source advisory: OSV:MAL-2025-41443...

com.planonsoftware.app:com.planonsoftware.app.gradle.plugin (=0.0.1), com.planonsoftware:gradle.development.environment.plugin (=0.0.1) +28 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-multipart-provider (>=5.0.0.Alpha1 <=5.0.5.Final)

org.jboss.resteasy:resteasy-multipart-provider MAVEN version =5.0.0.Alpha1, =0.15.3, =0.15.3, =0.15.3, =0.15.3, =0.27.1, =0.27.1, =9.5.7, =3.5.0, =0.7.6, =0.7.6, =0.7.6, =0.7.2, =4.1.5, =4.7.2 and more Source cves: CVE-2023-0482 Source advisory: OSV:GHSA-2C6G-PFX3-W7H8...

build.less:build.less.gradle.plugin (>=1.0.0-beta1 <=1.0.0-rc2), build.less:buildless-plugin-gradle (>=1.0.0-beta1 <=1.0.0-rc2) +177 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-kotlin (>=3.17.3 <=3.25.3)

com.google.protobuf:protobuf-kotlin MAVEN version =3.17.3, =1.0.0-beta1, =1.0.0-beta1, =7.0.0, =0.5.0, =0.0.1-alpha02, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =32.1.0-alpha04 and more S...

com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17), com.charlyghislain.keycloak:keycloak-importexport (>=11.0.1 <=21.0.0) +113 more potentially affected by CVE-2024-1249 via org.keycloak:keycloak-services (>=10.0.0 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =10.0.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =4.0, =1.1.1, =0.3.0-20.0.1, =1.3.2-22.0.1 and more Source cves: CVE-2024-1249 Source advisory: OSV:GHSA-M6Q9-P373-G5Q8...

@adamlonsdale/backstage-plugin-armorcode-backend (>=0.0.1-alpha <=0.0.4), @austin-garrard/backstage-plugin-backend (>=0.0.1 <=0.0.1-alpha.22) +188 more potentially affected by CVE-2024-26150 via @backstage/backend-common (>=0.0.0-nightly-20220708025041 <=0.17.0)

@backstage/backend-common NPM version =0.0.0-nightly-20220708025041, =0.0.1-alpha, =0.0.1, =0.0.1, =0.1.0, =0.0.0-nightly-20220709024234, =0.0.0-nightly-20220811024336, =0.0.0-nightly-20240116021644, =0.0.0-nightly-20220709024234, =0.0.0-nightly-2022042277, =0.0.0-nightly-2021782186,...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2023-27899 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.37)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2023-27899 Source advisory: OSV:GHSA-HF9H-VV4M-2F33...

Snyk CLI 操作系统命令注入漏洞

Snyk CLI is a build-time tool from Snyk USA for finding and fixing known vulnerabilities in your project. Snyk CLI before 1.1064.0, snyk-mvn-plugin before 2.31.3, snyk-gradle-plugin before 3.24.5, snyk-cocoapods-plugin before 2.5.3, snyk-sbt-plugin before 2.16.2 versions, snyk-python-plugin befor...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2021-21693 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.30)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2021-21693 Source advisory: OSV:GHSA-929W-Q433-4H9X...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2021-21639 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.27)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2021-21639 Source advisory: OSV:GHSA-PVWX-3JX5-24R2...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2021-21608 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.27)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2021-21608 Source advisory: OSV:GHSA-WV63-GWR9-5C55...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2021-21603 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.27)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2021-21603 Source advisory: OSV:GHSA-98GQ-6HXG-52R6...

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +30 more potentially affected by CVE-2020-2316 via org.jvnet.hudson.plugins:analysis-core (>=1.0 <=1.94)

org.jvnet.hudson.plugins:analysis-core MAVEN version =1.0, =1.7.2, =1.0.0, =0.9, =2.5.0, =2.5.0, =2.5.0, =2.5.0, =0.7, =1.20, =1.0.1, =0.3, =7.97, =1.0, =1.0, =1.20 and more Source cves: CVE-2020-2316 Source advisory: OSV:GHSA-FG6G-52RG-VR9Q...

aero.albers.osmbse:mdzip-process-sources-maven-plugin (=0.0.1), aero.albers.osmbse:mdzip-validate-maven-plugin (=0.0.1) +4580 more potentially affected by CVE-2022-29599 via org.apache.maven.shared:maven-shared-utils (>=0.1 <=3.2.1)

org.apache.maven.shared:maven-shared-utils MAVEN version =0.1, =1.0.0, =2.0.2.RELEASE, =2.0.0.RELEASE, =1.0.0, =1.0.0, =4.1.0, =4.0.0, =3.5.6, =3.5.6, =1.0, =3.3 - au.net.causal.maven.plugins:browserbox-maven-plugin =1.0 and more Source cves: CVE-2022-29599 Source advisory: OSV:GHSA-RHGR-952R-6P8...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +923 more potentially affected by CVE-2014-2061 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.532.1.JENKINS-19453)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.0, =1.0.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.1, =2.0.6 - com.cisco.step.jenkins.plugins:jenkow-parent =0.1 and more Source cves: CVE-2014-2061 Source advisory: OSV:GHSA-RXFV-GM5X-9WQJ...

com.xti.jenkins.plugins:aws-lambda-jenkins-plugin (=0.0.1), org.jenkins-ci.main:jenkins-test-harness (>=1.597 <=1.599) +10 more potentially affected by CVE-2015-1806 via org.jenkins-ci.main:jenkins-core (>=1.597 <=1.599)

org.jenkins-ci.main:jenkins-core MAVEN version =1.597, =1.597, =1.597, =0.0.2, =1.2.0, =0.14.0, =1.0, =1.597, =1.17, =1.0, =1.0.0, =4.0, =4.2 Source cves: CVE-2015-1806 Source advisory: OSV:GHSA-MM9C-4CV4-7RFV...