In this report, 155 vulnerabilities have been publicly disclosed. Security patches for 54 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 101 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.7.2 is now available! This minor release includes 35 bug fixes, addressing issues affecting multiple components including the block editor, HTML API, and Customize.
WordPress Plugins — 51 Patched / 100 Unpatched
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
- Plugin Slug:
- wedevs-project-manager
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22649
Payment Forms for Paystack
- Plugin:
- Payment Forms for Paystack
- Plugin Slug:
- payment-forms-for-paystack
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22652
Eventer
- Plugin:
- Eventer
- Plugin Slug:
- eventer
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11133
Eventer
- Plugin:
- Eventer
- Plugin Slug:
- eventer
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11133
Eventer
- Plugin:
- Eventer
- Plugin Slug:
- eventer
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11133
Blog, Posts and Category Filter for Elementor
- Plugin Slug:
- blog-posts-and-category-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22648
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce
- Plugin Slug:
- vayu-blocks
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22644
Job Board Manager
- Plugin:
- Job Board Manager
- Plugin Slug:
- job-board-manager
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22679
Paytm Payment Donation
- Plugin:
- Paytm Payment Donation
- Plugin Slug:
- paytm-donation
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22640
Stylish Google Sheet Reader 4.0 – Seamlessly Embed Google Sheets as Responsive Data Tables
- Plugin Slug:
- stylish-google-sheet-reader
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22651
Music Press Pro
- Plugin:
- Music Press Pro
- Plugin Slug:
- music-press-pro
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22653
Image Rotator
- Plugin:
- Image Rotator
- Plugin Slug:
- appten-image-rotator
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25089
All push notification for WP
- Plugin:
- All push notification for WP
- Plugin Slug:
- all-push-notification
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25092
Print PDF Generator and Publisher
- Plugin Slug:
- nopeamedia
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22637
AIO Performance Profiler, Monitor, Optimize, Compress & Debug
- Plugin Slug:
- all-in-one-performance-accelerator
- Installations
- 20+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22647
Appointment Buddy Widget By Accrete
- Plugin Slug:
- appointment-buddy-online-appointment-booking-by-accrete
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25099
Notification Bar – Top Bar – Easy Sticky Notification Bar | FM Notification Bar
- Plugin Slug:
- fm-notification-bar
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22641
Auto SEO
- Plugin:
- Auto SEO
- Plugin Slug:
- auto-seo
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25147
Banner Garden
- Plugin:
- Banner Garden
- Plugin Slug:
- banner-garden
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-0368
BookPress – For Book Authors
- Plugin:
- BookPress – For Book Authors
- Plugin Slug:
- book-press
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25168
Breaking News Ticker
- Plugin:
- Breaking News Ticker
- Plugin Slug:
- breaking-news-ticker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25094
Builder Shortcode Extras
- Plugin:
- Builder Shortcode Extras
- Plugin Slug:
- builder-shortcode-extras
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13841
Child Themes Helper
- Plugin:
- Child Themes Helper
- Plugin Slug:
- child-themes-helper
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25093
Custom Comment Notifications
- Plugin:
- Custom Comment Notifications
- Plugin Slug:
- custom-comment-notifications
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25154
Custom Links On Admin Dashboard Toolbar
- Plugin:
- Custom Links On Admin Dashboard Toolbar
- Plugin Slug:
- customize-wpadmin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25135
CWD – Stealth Links
- Plugin:
- CWD – Stealth Links
- Plugin Slug:
- cwd-stealth-links
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-22655
Easy Chart Builder for WordPress
- Plugin:
- Easy Chart Builder for WordPress
- Plugin Slug:
- easy-chart-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25077
Easy Related Posts
- Plugin:
- Easy Related Posts
- Plugin Slug:
- easy-related-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25123
Easy WP Tiles
- Plugin:
- Easy WP Tiles
- Plugin Slug:
- easy-wp-tiles
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25073
Embed RSS
- Plugin:
- Embed RSS
- Plugin Slug:
- embed-rss
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25081
External Video For Everybody
- Plugin:
- External Video For Everybody
- Plugin Slug:
- external-video-for-everybody
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25097
Facilita Form Tracker
- Plugin:
- Facilita Form Tracker
- Plugin Slug:
- facilita-form-tracker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25128
Status Updater
- Plugin:
- Status Updater
- Plugin Slug:
- fb-status-updater
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25124
FlexIDX Home Search
- Plugin:
- FlexIDX Home Search
- Plugin Slug:
- flexidx-home-search
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25082
Fyrebox Quizzes
- Plugin:
- Fyrebox Quizzes
- Plugin Slug:
- fyrebox-shortcode
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25125
Giga Messenger – Express
- Plugin:
- Giga Messenger – Express
- Plugin Slug:
- giga-messenger-bots
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13328
GlobalQuran
- Plugin:
- GlobalQuran
- Plugin Slug:
- globalquran
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25143
Glossy
- Plugin:
- Glossy
- Plugin Slug:
- glossy
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13325
URL-Preview-Box
- Plugin:
- URL-Preview-Box
- Plugin Slug:
- good-url-preview-box
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25104
Google Earth Embed
- Plugin:
- Google Earth Embed
- Plugin Slug:
- google-earth-tours
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25078
Graceful Email Obfuscation
- Plugin:
- Graceful Email Obfuscation
- Plugin Slug:
- graceful-email-obfuscation
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25076
iBuildApp
- Plugin:
- iBuildApp
- Plugin Slug:
- ibuildapp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13326
Indeed API
- Plugin:
- Indeed API
- Plugin Slug:
- indeed-api
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25103
Infusionsoft Analytics
- Plugin:
- Infusionsoft Analytics
- Plugin Slug:
- infusionsoft-web-tracker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25145
InLocation
- Plugin:
- InLocation
- Plugin Slug:
- inlocation
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25166
JustRows free
- Plugin:
- JustRows free
- Plugin Slug:
- justrows-free
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13330
Event Kikfyre
- Plugin:
- Event Kikfyre
- Plugin Slug:
- kikfyre-events-calendar-tickets
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25110
Kona Gallery Block
- Plugin:
- Kona Gallery Block
- Plugin Slug:
- kona-instagram-feed-for-gutenberg
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25080
Legull
- Plugin:
- Legull
- Plugin Slug:
- legull
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13352
LikeBot
- Plugin:
- LikeBot
- Plugin Slug:
- likebot
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-0522
Link to URL / Post
- Plugin:
- Link to URL / Post
- Plugin Slug:
- link-to-url-post
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25116
Links in Captions
- Plugin:
- Links in Captions
- Plugin Slug:
- links-in-captions
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25098
Login-box
- Plugin:
- Login-box
- Plugin Slug:
- login-box
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25149
Munk Sites
- Plugin:
- Munk Sites
- Plugin Slug:
- munk-sites
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-25101
Musicbox
- Plugin:
- Musicbox
- Plugin Slug:
- musicbox
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13327
NextGen Cooliris Gallery
- Plugin:
- NextGen Cooliris Gallery
- Plugin Slug:
- nextgen-cooliris-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25091
OneStore Sites
- Plugin:
- OneStore Sites
- Plugin Slug:
- onestore-sites
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-25107
On Page SEO + Whatsapp Chat Button
- Plugin:
- On Page SEO + Whatsapp Chat Button
- Plugin Slug:
- ops-robots-txt
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25138
Optimate Ads
- Plugin:
- Optimate Ads
- Plugin Slug:
- optimate-ads
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25136
Pop Up
- Plugin:
- Pop Up
- Plugin Slug:
- popup-seo-optimized
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25105
Quote Comments
- Plugin:
- Quote Comments
- Plugin Slug:
- quote-comments
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25156
Read More Copy Link
- Plugin:
- Read More Copy Link
- Plugin Slug:
- read-more-copy-link
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25148
Responsive iframe
- Plugin:
- Responsive iframe
- Plugin Slug:
- responsive-iframe
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12768
ReverbNation Widgets
- Plugin:
- ReverbNation Widgets
- Plugin Slug:
- reverbnation-widgets
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25095
RSS in Page
- Plugin:
- RSS in Page
- Plugin Slug:
- rss-in-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25096
Show notice or message on admin area
- Plugin:
- Show notice or message on admin area
- Plugin Slug:
- show-notice-or-message-on-admin-area
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25075
Simple Add Pages or Posts
- Plugin:
- Simple Add Pages or Posts
- Plugin Slug:
- simple-add-pages-or-posts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13850
Simple Auto Tag
- Plugin:
- Simple Auto Tag
- Plugin Slug:
- simple-auto-tag
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25153
Simple Select All Text Box
- Plugin:
- Simple Select All Text Box
- Plugin Slug:
- simple-select-all-text-box
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25079
Simple User Profile
- Plugin:
- Simple User Profile
- Plugin Slug:
- simple-user-profile
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25140
Slide Banners
- Plugin:
- Slide Banners
- Plugin Slug:
- slide-banners
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25120
Smart Countdown FX
- Plugin:
- Smart Countdown FX
- Plugin Slug:
- smart-countdown-fx
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25117
Smart DoFollow
- Plugin:
- Smart DoFollow
- Plugin Slug:
- smart-dofollow
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25152
Songkick Concerts and Festivals
- Plugin:
- Songkick Concerts and Festivals
- Plugin Slug:
- songkick-concerts-and-festivals
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25146
Starter Templates by FancyWP
- Plugin:
- Starter Templates by FancyWP
- Plugin Slug:
- starter-templates
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-25106
Style Tweaker
- Plugin:
- Style Tweaker
- Plugin Slug:
- style-tweaker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25160
Theasys
- Plugin:
- Theasys
- Plugin Slug:
- theasys
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25144
Theme Options Z
- Plugin:
- Theme Options Z
- Plugin Slug:
- theme-options-z
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25121
TransFinanz
- Plugin:
- TransFinanz
- Plugin Slug:
- transfinanz
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13332
Vignette Ads
- Plugin:
- Vignette Ads
- Plugin Slug:
- vignete-ads
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25071
VR-Frases
- Plugin:
- VR-Frases
- Plugin Slug:
- vr-frases
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22636
WizShop
- Plugin:
- WizShop
- Plugin Slug:
- wizshop
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25122
WP Admin Custom Page
- Plugin:
- WP Admin Custom Page
- Plugin Slug:
- wp-admin-custom-page
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25072
WP Custom Post RSS Feed
- Plugin:
- WP Custom Post RSS Feed
- Plugin Slug:
- wp-custom-post-rss-feed
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25139
WP Directorybox Manager
- Plugin:
- WP Directorybox Manager
- Plugin Slug:
- wp-directorybox-manager
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-0316
WP Dream Carousel
- Plugin:
- WP Dream Carousel
- Plugin Slug:
- wp-dream-carousel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13331
WP Email Newsletter
- Plugin:
- WP Email Newsletter
- Plugin Slug:
- wp-email-newsletter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13098
WP Finance
- Plugin:
- WP Finance
- Plugin Slug:
- wp-finance
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13097
WP Finance
- Plugin:
- WP Finance
- Plugin Slug:
- wp-finance
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13096
FoodBakery
- Plugin:
- FoodBakery
- Plugin Slug:
- wp-foodbakery
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-0181
FoodBakery
- Plugin:
- FoodBakery
- Plugin Slug:
- wp-foodbakery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13010
FoodBakery
- Plugin:
- FoodBakery
- Plugin Slug:
- wp-foodbakery
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-13011
WP Keyword Monitor
- Plugin:
- WP Keyword Monitor
- Plugin Slug:
- wp-keyword-monitor
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25088
WP Projects Portfolio
- Plugin:
- WP Projects Portfolio
- Plugin Slug:
- wp-projects-portfolio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13115
WP Projects Portfolio
- Plugin:
- WP Projects Portfolio
- Plugin Slug:
- wp-projects-portfolio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13114
WP SimpleWeather
- Plugin:
- WP SimpleWeather
- Plugin Slug:
- wp-simpleweather
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25085
WP Social Stream
- Plugin:
- WP Social Stream
- Plugin Slug:
- wp-social-stream
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25074
WP Spell Check
- Plugin:
- WP Spell Check
- Plugin Slug:
- wp-spell-check
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25111
WP doodlez
- Plugin:
- WP doodlez
- Plugin Slug:
- wpdoodlez
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25159
ZMSEO
- Plugin:
- ZMSEO
- Plugin Slug:
- zmseo
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25126
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
- Plugin Slug:
- wpforms-lite
- Installations
- 6,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.3.2
- Severity Score:
- Medium
- CVE:
- 2024-13403
Qi Addons For Elementor
- Plugin:
- Qi Addons For Elementor
- Plugin Slug:
- qi-addons-for-elementor
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.8
- Severity Score:
- Medium
- CVE:
- 2024-13699
Orbit Fox by ThemeIsle
- Plugin:
- Orbit Fox by ThemeIsle
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.45
- Severity Score:
- Medium
- CVE:
- 2025-22659
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.2.0
- Severity Score:
- Medium
- CVE:
- 2024-11829
Import any XML, CSV or Excel File to WordPress
- Plugin Slug:
- wp-all-import
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.0
- Severity Score:
- Medium
- CVE:
- 2024-9661
Import any XML, CSV or Excel File to WordPress
- Plugin Slug:
- wp-all-import
- Installations
- 100,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.8.0
- Severity Score:
- High
- CVE:
- 2024-9664
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.2
- Severity Score:
- Medium
- CVE:
- 2024-12599
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.7
- Severity Score:
- Medium
- CVE:
- 2024-12597
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
- Plugin Slug:
- post-and-page-builder
- Installations
- 70,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 1.27.7
- Severity Score:
- Medium
- CVE:
- 2025-0859
Dynamic Conditions
- Plugin:
- Dynamic Conditions
- Plugin Slug:
- dynamicconditions
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.5
- Severity Score:
- Medium
- CVE:
- 2025-22642
DSGVO All in one for WP
- Plugin:
- DSGVO All in one for WP
- Plugin Slug:
- dsgvo-all-in-one-for-wp
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.7
- Severity Score:
- Medium
- CVE:
- 2024-13356
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x
- Plugin Slug:
- woo-multi-currency
- Installations
- 20,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 2.2.6
- Severity Score:
- High
- CVE:
- 2024-13487
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
- Plugin Slug:
- bp-better-messages
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.0
- Severity Score:
- Medium
- CVE:
- 2024-13612
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory
- Plugin Slug:
- ean-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.4.0
- Severity Score:
- Medium
- CVE:
- 2025-22673
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
- Plugin Slug:
- geodirectory
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.98
- Severity Score:
- Medium
- CVE:
- 2024-13506
Sensei LMS – Online Courses, Quizzes, & Learning
- Plugin Slug:
- sensei-lms
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.24.4
- Severity Score:
- Medium
- CVE:
- 2025-0466
VikBooking Hotel Booking Engine & PMS
- Plugin Slug:
- vikbooking
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.3
- Severity Score:
- Medium
- CVE:
- 2025-22670
JS Help Desk – The Ultimate Help Desk & Support Plugin
- Plugin Slug:
- js-support-ticket
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.8.9
- Severity Score:
- Medium
- CVE:
- 2024-13607
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-13372
Survey Maker
- Plugin:
- Survey Maker
- Plugin Slug:
- survey-maker
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.3.6
- Severity Score:
- Medium
- CVE:
- 2025-22664
B Slider- Gutenberg Slider Block for WP
- Plugin Slug:
- b-slider
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.24
- Severity Score:
- Medium
- CVE:
- 2024-13514
Product Blocks for WooCommerce
- Plugin:
- Product Blocks for WooCommerce
- Plugin Slug:
- product-blocks-for-woocommerce
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0
- Severity Score:
- Medium
- CVE:
- 2025-22674
aThemes Addons for Elementor
- Plugin:
- aThemes Addons for Elementor
- Plugin Slug:
- athemes-addons-for-elementor-lite
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.9
- Severity Score:
- Medium
- CVE:
- 2025-22646
Medical Addon for Elementor
- Plugin:
- Medical Addon for Elementor
- Plugin Slug:
- medical-addon-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.6.3
- Severity Score:
- Medium
- CVE:
- 2024-12046
SendPulse Email Marketing Newsletter
- Plugin Slug:
- sendpulse-email-marketing-newsletter
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.6
- Severity Score:
- Medium
- CVE:
- 2025-22662
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
- Plugin Slug:
- tripetto
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 8.0.9
- Severity Score:
- Medium
- CVE:
- 2024-13829
Directory Listings WordPress plugin – uListing
- Plugin Slug:
- ulisting
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.1.7
- Severity Score:
- Critical
- CVE:
- 2025-25150
Directory Listings WordPress plugin – uListing
- Plugin Slug:
- ulisting
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.1.7
- Severity Score:
- High
- CVE:
- 2025-25151
SuperSaaS – online appointment scheduling
- Plugin Slug:
- supersaas-appointment-scheduling
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.13
- Severity Score:
- Medium
- CVE:
- 2025-0862
RapidLoad AI – Optimize Web Vitals Automatically
- Plugin Slug:
- unusedcss
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.5
- Severity Score:
- Medium
- CVE:
- 2025-22665
Include Mastodon Feed
- Plugin:
- Include Mastodon Feed
- Plugin Slug:
- include-mastodon-feed
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.10
- Severity Score:
- Medium
- CVE:
- 2025-22660
Product Table For WooCommerce
- Plugin:
- Product Table For WooCommerce
- Plugin Slug:
- product-table-for-woocommerce
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.4
- Severity Score:
- Medium
- CVE:
- 2025-22638
Alert Box Block – Display notice/alerts in the front end.
- Plugin Slug:
- alert-box-block
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2025-22675
Uix Shortcodes
- Plugin:
- Uix Shortcodes
- Plugin Slug:
- uix-shortcodes
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.4
- Severity Score:
- Medium
- CVE:
- 2025-22677
Disable Elementor Editor Translation
- Plugin Slug:
- disable-elementor-editor-translation
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.3
- Severity Score:
- Medium
- CVE:
- 2025-22671
Listings for Appfolio
- Plugin:
- Listings for Appfolio
- Plugin Slug:
- listings-for-appfolio
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.1
- Severity Score:
- High
- CVE:
- 2025-22658
Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets
- Plugin Slug:
- wpsyncsheets-woocommerce
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9
- Severity Score:
- Medium
- CVE:
- 2025-22667
Contact Manager
- Plugin:
- Contact Manager
- Plugin Slug:
- contact-manager
- Installations
- 100+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 8.6.5
- Severity Score:
- High
- CVE:
- 2025-1028
Video & Photo Gallery for Ultimate Member
- Plugin Slug:
- gallery-for-ultimate-member
- Installations
- 100+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2025-22672
ShopSite
- Plugin:
- ShopSite
- Plugin Slug:
- shopsite-plugin
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.11
- Severity Score:
- High
- CVE:
- 2024-13510
Awesome Event Booking
- Plugin:
- Awesome Event Booking
- Plugin Slug:
- awesome-event-booking
- Installations
- 40+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.5
- Severity Score:
- Medium
- CVE:
- 2025-22668
Awesome Event Booking
- Plugin:
- Awesome Event Booking
- Plugin Slug:
- awesome-event-booking
- Installations
- 40+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.8.0
- Severity Score:
- Medium
- CVE:
- 2025-22669
Admin and Site Enhancements (ASE) Pro
- Plugin:
- Admin and Site Enhancements (ASE) Pro
- Plugin Slug:
- admin-site-enhancements-pro
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 7.6.3
- Severity Score:
- High
- CVE:
- 2024-43333
BoomBox Theme Extensions
- Plugin:
- BoomBox Theme Extensions
- Plugin Slug:
- boombox-theme-extensions
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.8.1
- Severity Score:
- High
- CVE:
- 2024-12859
Nextend Social Login Pro
- Plugin:
- Nextend Social Login Pro
- Plugin Slug:
- nextend-social-login-pro
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 3.1.17
- Severity Score:
- Critical
- CVE:
- 2025-1061
Super Store Finder
- Plugin:
- Super Store Finder
- Plugin Slug:
- superstorefinder-wp
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.1
- Severity Score:
- Critical
- CVE:
- 2024-13440
WooCommerce Support Ticket System
- Plugin:
- WooCommerce Support Ticket System
- Plugin Slug:
- woocommerce-support-ticket-system
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 17.9
- Severity Score:
- Medium
- CVE:
- 2024-13775
WP ALL Export Pro
- Plugin:
- WP ALL Export Pro
- Plugin Slug:
- wp-all-export-pro
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.9.2
- Severity Score:
- Critical
- CVE:
- 2024-7419
WP ALL Export Pro
- Plugin:
- WP ALL Export Pro
- Plugin Slug:
- wp-all-export-pro
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.9.2
- Severity Score:
- Critical
- CVE:
- 2024-7425
WP All Import Pro
- Plugin:
- WP All Import Pro
- Plugin Slug:
- wp-all-import-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.9.8
- Severity Score:
- Medium
- CVE:
- 2024-9661
WP All Import Pro
- Plugin:
- WP All Import Pro
- Plugin Slug:
- wp-all-import-pro
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.9.8
- Severity Score:
- High
- CVE:
- 2024-9664
WordPress Themes — 3 Patched / 1 Unpatched
OnePress
- Theme:
- OnePress
- Theme Slug:
- onepress
- Downloads
- 2,355,283
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22643
DWT – Directory & Listing
- Theme:
- DWT – Directory & Listing
- Theme Slug:
- dwt-listing
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.5
- Severity Score:
- Medium
- CVE:
- 2025-0169
SocialV
- Theme:
- SocialV
- Theme Slug:
- socialv
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.16
- Severity Score:
- Medium
- CVE:
- 2024-13529
Zox News
- Theme:
- Zox News
- Theme Slug:
- zox-news
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.17.1
- Severity Score:
- Medium
- CVE:
- 2024-13643
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
