Lucene search
+L

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 8, 2025 to September 14, 2025)

๐Ÿ—“๏ธย 18 Sep 2025ย 14:42:05Reported byย Chloe ChamberlandTypeย 
wordfence
ย wordfence
๐Ÿ”—ย www.wordfence.com๐Ÿ‘ย 35ย Views

Wordfence Intelligence weekly report (Sept 8โ€“14, 2025) on WordPress plugin and theme vulnerabilities.

Related
ReporterTitlePublishedViews
Family
Vulnrichment
CVE-2025-8570 BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter
11 Sep 202507:24
โ€“vulnrichment
Vulnrichment
CVE-2025-8575 LWS Cleaner <= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via 'lws_cl_delete_file'
12 Sep 202505:24
โ€“vulnrichment
Vulnrichment
CVE-2025-8686 WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode
11 Sep 202507:24
โ€“vulnrichment
Vulnrichment
CVE-2025-8689 Elements Plus! <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
11 Sep 202507:24
โ€“vulnrichment
Vulnrichment
CVE-2025-8691 WP Scriptcase <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
11 Sep 202507:25
โ€“vulnrichment
Vulnrichment
CVE-2025-8692 Coupon API <= 6.2.12 - Authenticated (Administrator+) SQL Injection via 'log_duration'
11 Sep 202507:24
โ€“vulnrichment
Vulnrichment
CVE-2025-8721 Workable API <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via workable_jobs Shortcode
11 Sep 202507:24
โ€“vulnrichment
Vulnrichment
CVE-2025-8778 NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function
10 Sep 202506:38
โ€“vulnrichment
Vulnrichment
CVE-2025-9018 Time Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deletion
11 Sep 202511:15
โ€“vulnrichment
Vulnrichment
CVE-2025-9058 Mikado Core <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
9 Sep 202505:25
โ€“vulnrichment
Rows per page

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 Sep 2025 14:42Current
8.8High risk
Vulners AI Score8.8
CVSS 3.19.8
EPSS0.00746
SSVC
35