In this report, 209 vulnerabilities have been publicly disclosed. Security patches for 104 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 105 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8 Beta 1 is available for download and testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, set up a test environment or a local site to explore the new features.
WordPress Plugins — 93 Patched / 104 Unpatched
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
- Plugin Slug:
- foogallery
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22624
SEO Plugin by Squirrly SEO
- Plugin:
- SEO Plugin by Squirrly SEO
- Plugin Slug:
- squirrly-seo
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-24654
Ibtana – WordPress Website Builder
- Plugin Slug:
- ibtana-visual-editor
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26891
Fluent Support – Helpdesk & Customer Support Ticket System
- Plugin Slug:
- fluent-support
- Installations
- 9,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13568
Age Verification for your checkout page. Verify your customer’s identity
- Plugin Slug:
- agecheckernet
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22622
1 click passwordless login, temporary login, social login & user switching – Login Me Now
- Plugin Slug:
- login-me-now
- Installations
- 400+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-1717
Forex Calculators
- Plugin:
- Forex Calculators
- Plugin Slug:
- fx-calculators
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13716
PiwigoPress
- Plugin:
- PiwigoPress
- Plugin Slug:
- piwigopress
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26896
List Related Attachments
- Plugin:
- List Related Attachments
- Plugin Slug:
- list-related-attachments-widget
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26897
URL Media Uploader
- Plugin:
- URL Media Uploader
- Plugin Slug:
- url-media-uploader
- Installations
- 100+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-1662
WHMCS Client Area for WordPress by WHMpress
- Plugin:
- WHMCS Client Area for WordPress by WHMpress
- Plugin Slug:
- WHMpress_Client_Area_Api
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9195
Add Linked Images To Gallery
- Plugin:
- Add Linked Images To Gallery
- Plugin Slug:
- add-linked-images-to-gallery-v01
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27277
ADFO
- Plugin:
- ADFO
- Plugin Slug:
- admin-form
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27300
Admin Menu Manager
- Plugin:
- Admin Menu Manager
- Plugin Slug:
- admin-menu-manager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26925
All-In-One Cufon
- Plugin:
- All-In-One Cufon
- Plugin Slug:
- all-in-one-cufon
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27315
Archive Page
- Plugin:
- Archive Page
- Plugin Slug:
- archive-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27280
Ark Theme Core
- Plugin:
- Ark Theme Core
- Plugin Slug:
- ark-core
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-26970
Auto Tag Links
- Plugin:
- Auto Tag Links
- Plugin Slug:
- auto-tag-links
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27335
Blightly Explorer
- Plugin:
- Blightly Explorer
- Plugin Slug:
- blighty-explorer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27321
Booknetic
- Plugin:
- Booknetic
- Plugin Slug:
- booknetic
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26926
Bravo Search & Replace
- Plugin:
- Bravo Search & Replace
- Plugin Slug:
- bravo-search-and-replace
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27297
Bulk Content Creator
- Plugin:
- Bulk Content Creator
- Plugin Slug:
- bulk-content-creator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27311
Clicface Trombi
- Plugin:
- Clicface Trombi
- Plugin Slug:
- clicface-trombi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-0820
Contact Form 7 Star Rating
- Plugin:
- Contact Form 7 Star Rating
- Plugin Slug:
- contact-form-7-star-rating
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27303
Contact Form 7 Star Rating with font Awesome
- Plugin:
- Contact Form 7 Star Rating with font Awesome
- Plugin Slug:
- contact-form-7-star-rating-with-font-awersome
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27304
Currency Switcher for WooCommerce
- Plugin:
- Currency Switcher for WooCommerce
- Plugin Slug:
- currency-switcher-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9217
Download HTML TinyMCE Button
- Plugin:
- Download HTML TinyMCE Button
- Plugin Slug:
- download-html-tinymce-button
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-1286
URL Shortener | Conversion Tracking | AB Testing | WooCommerce
- Plugin:
- URL Shortener | Conversion Tracking | AB Testing | WooCommerce
- Plugin Slug:
- easy-broken-link-checker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-1363
URL Shortener | Conversion Tracking | AB Testing | WooCommerce
- Plugin:
- URL Shortener | Conversion Tracking | AB Testing | WooCommerce
- Plugin Slug:
- easy-broken-link-checker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-1362
Erima Zarinpal Donate
- Plugin:
- Erima Zarinpal Donate
- Plugin Slug:
- erima-zarinpal-donate
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27290
F12-Profiler
- Plugin:
- F12-Profiler
- Plugin Slug:
- f12-profiler
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27340
Fresh Framework
- Plugin:
- Fresh Framework
- Plugin Slug:
- fresh-framework
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-26936
FS Poster
- Plugin:
- FS Poster
- Plugin Slug:
- fs-poster
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26978
Google Maps for WordPress
- Plugin:
- Google Maps for WordPress
- Plugin Slug:
- google-maps-for-wordpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27265
Hover Image Button
- Plugin:
- Hover Image Button
- Plugin Slug:
- hover-image-button
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27266
EZ InLinkz linkup
- Plugin:
- EZ InLinkz linkup
- Plugin Slug:
- inlinkz-scripter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27329
Just Variables
- Plugin:
- Just Variables
- Plugin Slug:
- just-wp-variables
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27336
Limit Bio
- Plugin:
- Limit Bio
- Plugin Slug:
- limit-bio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-1436
Limit Bio
- Plugin:
- Limit Bio
- Plugin Slug:
- limit-bio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13884
Link My Posts
- Plugin:
- Link My Posts
- Plugin Slug:
- linkmyposts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13881
Phee’s LinkPreview
- Plugin:
- Phee’s LinkPreview
- Plugin Slug:
- linkpreview
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27344
Local Search SEO Contact Page
- Plugin:
- Local Search SEO Contact Page
- Plugin Slug:
- local-search-seo-contact-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27351
Woocommerce – Loi Hamon
- Plugin:
- Woocommerce – Loi Hamon
- Plugin Slug:
- loi-hamon
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27355
mEintopf
- Plugin:
- mEintopf
- Plugin Slug:
- meintopf
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13876
Minimum Password Strength
- Plugin:
- Minimum Password Strength
- Plugin Slug:
- minimum-password-strength
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27339
Modal Portfolio
- Plugin:
- Modal Portfolio
- Plugin Slug:
- modal-portfolio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13851
Multilevel Referral Affiliate Plugin for WooCommerce
- Plugin:
- Multilevel Referral Affiliate Plugin for WooCommerce
- Plugin Slug:
- multilevel-referral-plugin-for-woocommerce
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13750
My Quota
- Plugin:
- My Quota
- Plugin Slug:
- my-quota
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13880
Namaste! LMS
- Plugin:
- Namaste! LMS
- Plugin Slug:
- namaste-lms
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27353
NewsTicker
- Plugin:
- NewsTicker
- Plugin Slug:
- news-list
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13630
NHR Options Table Manager
- Plugin:
- NHR Options Table Manager
- Plugin Slug:
- nhrrob-options-table-manager
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27301
Ninja Pages
- Plugin:
- Ninja Pages
- Plugin Slug:
- ninja-page-categories-and-tags
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-1454
Get Posts
- Plugin:
- Get Posts
- Plugin Slug:
- nurelm-get-posts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27349
Ohio Extra
- Plugin:
- Ohio Extra
- Plugin Slug:
- ohio-extra
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26924
Om Stripe
- Plugin:
- Om Stripe
- Plugin Slug:
- om-stripe
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13631
Önceki Yaz? Link
- Plugin:
- Önceki Yaz? Link
- Plugin Slug:
- onceki-yazi-linki
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27357
OneStore Sites
- Plugin:
- OneStore Sites
- Plugin Slug:
- onestore-sites
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13905
Order Attachments for WooCommerce
- Plugin:
- Order Attachments for WooCommerce
- Plugin Slug:
- order-attachments-for-woocommerce
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13638
Passbeemedia Web Push Notification
- Plugin:
- Passbeemedia Web Push Notification
- Plugin Slug:
- passbeemedia-web-push-notifications
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13877
Pathomation
- Plugin:
- Pathomation
- Plugin Slug:
- pathomation
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27306
Photo Gallery ( Responsive )
- Plugin:
- Photo Gallery ( Responsive )
- Plugin Slug:
- photo-gallery-pearlbells
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27276
Pricing Table by PickPlugins
- Plugin:
- Pricing Table by PickPlugins
- Plugin Slug:
- pricingtable
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13469
PrivateContent
- Plugin:
- PrivateContent
- Plugin Slug:
- private-content
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26976
PrivateContent
- Plugin:
- PrivateContent
- Plugin Slug:
- private-content
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26969
PrivateContent
- Plugin:
- PrivateContent
- Plugin Slug:
- private-content
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26972
PrivateContent
- Plugin:
- PrivateContent
- Plugin Slug:
- private-content
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-26966
Profile Widget Ninja
- Plugin:
- Profile Widget Ninja
- Plugin Slug:
- profile-widget-ninja
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27320
Quiz Organizer
- Plugin:
- Quiz Organizer
- Plugin Slug:
- quiz-organizer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6810
RAYS Grid
- Plugin:
- RAYS Grid
- Plugin Slug:
- rays-grid
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27317
Reactive Mortgage Calculator
- Plugin:
- Reactive Mortgage Calculator
- Plugin Slug:
- reactive-mortgage-calculator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27341
School Management System – SakolaWP
- Plugin:
- School Management System – SakolaWP
- Plugin Slug:
- sakolawp-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13647
Simple Google Sitemap
- Plugin:
- Simple Google Sitemap
- Plugin Slug:
- simple-google-sitemap
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27318
Simple:Press
- Plugin:
- Simple:Press
- Plugin Slug:
- simplepress
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13518
Smart Maintenance & Countdown
- Plugin:
- Smart Maintenance & Countdown
- Plugin Slug:
- smart-maintenance-countdown
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27332
SpotBot
- Plugin:
- SpotBot
- Plugin Slug:
- spotbot
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13878
Live Streaming Video Player – by SRS Player
- Plugin:
- Live Streaming Video Player – by SRS Player
- Plugin Slug:
- srs-player
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27327
Sticky Header On Scroll
- Plugin:
- Sticky Header On Scroll
- Plugin Slug:
- sticky-header-on-scroll
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27356
Table of Contents Block
- Plugin:
- Table of Contents Block
- Plugin Slug:
- table-of-contents
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27305
BuddyHolis TableSearch
- Plugin:
- BuddyHolis TableSearch
- Plugin Slug:
- tablesearch
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
Countdown Timer
- Plugin:
- Countdown Timer
- Plugin Slug:
- timer-countdown
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13864
Ultra Addons Lite for Elementor
- Plugin:
- Ultra Addons Lite for Elementor
- Plugin Slug:
- ut-elementor-addons-lite
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13832
VG PostCarousel
- Plugin:
- VG PostCarousel
- Plugin Slug:
- vg-postcarousel
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27272
Video.js HLS Player
- Plugin:
- Video.js HLS Player
- Plugin Slug:
- videojs-hls-player
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27325
ViperBar
- Plugin:
- ViperBar
- Plugin Slug:
- viperbar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26557
Tabs for WooCommerce
- Plugin:
- Tabs for WooCommerce
- Plugin Slug:
- wc-tabs
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13831
Bitcoin / AltCoin Payment Gateway for WooCommerce
- Plugin:
- Bitcoin / AltCoin Payment Gateway for WooCommerce
- Plugin Slug:
- woo-altcoin-payment-gateway
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-26535
Direct Checkout Button for WooCommerce
- Plugin:
- Direct Checkout Button for WooCommerce
- Plugin Slug:
- woo-direct-checkout-button
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27347
WooCommerce Recargo de Equivalencia
- Plugin:
- WooCommerce Recargo de Equivalencia
- Plugin Slug:
- woo-recargo-de-equivalencia
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27342
WooCommerce Display Products by Tags
- Plugin:
- WooCommerce Display Products by Tags
- Plugin Slug:
- woocommerce-display-products-by-tags
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27331
WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates
- Plugin:
- WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates
- Plugin Slug:
- woocommerce-ultimate-gift-card
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-8425
WOW Entrance Effects (WEE!)
- Plugin:
- WOW Entrance Effects (WEE!)
- Plugin Slug:
- wow-entrance-effects-wee
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-1560
WoWPth
- Plugin:
- WoWPth
- Plugin Slug:
- wowpth
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-1486
WP About Author
- Plugin:
- WP About Author
- Plugin Slug:
- wp-about-author
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27323
WP-Asambleas
- Plugin:
- WP-Asambleas
- Plugin Slug:
- wp-asambleas
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27294
WP Click Info
- Plugin:
- WP Click Info
- Plugin Slug:
- wp-click-info
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-1401
WP e-Customers Beta
- Plugin:
- WP e-Customers Beta
- Plugin Slug:
- wp-e-customers
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13885
JPG, PNG Compression and Optimization
- Plugin:
- JPG, PNG Compression and Optimization
- Plugin Slug:
- wp-image-compression
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27316
WP-PostRatings Cheater
- Plugin:
- WP-PostRatings Cheater
- Plugin Slug:
- wp-postratings-cheater
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27328
WP-PManager
- Plugin:
- WP-PManager
- Plugin Slug:
- wp-programmmanager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13875
WP Sitemap
- Plugin:
- WP Sitemap
- Plugin Slug:
- wp-sitemap
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27312
WP Social SEO Booster – Knowledge Graph Social Signals SEO
- Plugin:
- WP Social SEO Booster – Knowledge Graph Social Signals SEO
- Plugin Slug:
- wp-social-seo-booster
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27348
WP Video Posts
- Plugin:
- WP Video Posts
- Plugin Slug:
- wp-video-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27298
????????
- Plugin:
- ????????
- Plugin Slug:
- wumii-related-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27352
Yawave
- Plugin:
- Yawave
- Plugin Slug:
- yawave
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-1648
Elementor Website Builder – More Than Just a Page Builder
- Plugin Slug:
- elementor
- Installations
- 10,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.25.11
- Severity Score:
- Medium
- CVE:
- 2024-54444
SVG Support
- Plugin:
- SVG Support
- Plugin Slug:
- svg-support
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.9
- Severity Score:
- Medium
- CVE:
- 2022-23638
Page Builder by SiteOrigin
- Plugin:
- Page Builder by SiteOrigin
- Plugin Slug:
- siteorigin-panels
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.31.5
- Severity Score:
- Medium
- CVE:
- 2025-1459
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.39.3
- Severity Score:
- Medium
- CVE:
- 2025-0469
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.10
- Severity Score:
- Medium
- CVE:
- 2025-1291
PixelYourSite – Your smart PIXEL (TAG) & API Manager
- Plugin Slug:
- pixelyoursite
- Installations
- 500,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 10.1.1.2
- Severity Score:
- Critical
- CVE:
- 2025-0769
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.3.4
- Severity Score:
- Medium
- CVE:
- 2025-0370
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.59.9
- Severity Score:
- Medium
- CVE:
- 2024-10545
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty
- Plugin Slug:
- chaty
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.6
- Severity Score:
- Medium
- CVE:
- 2025-1450
Jeg Elementor Kit
- Plugin:
- Jeg Elementor Kit
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 300,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6.12
- Severity Score:
- Medium
- CVE:
- 2024-13217
Advanced Google reCAPTCHA
- Plugin:
- Advanced Google reCAPTCHA
- Plugin Slug:
- advanced-google-recaptcha
- Installations
- 200,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.28
- Severity Score:
- Medium
- CVE:
- 2025-1262
GenerateBlocks
- Plugin:
- GenerateBlocks
- Plugin Slug:
- generateblocks
- Installations
- 200,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.0
- Severity Score:
- Medium
- CVE:
- 2024-13546
WP Activity Log
- Plugin:
- WP Activity Log
- Plugin Slug:
- wp-security-audit-log
- Installations
- 200,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 5.3.3
- Severity Score:
- High
- CVE:
- 2025-0767
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
- Plugin Slug:
- essential-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.0
- Severity Score:
- Medium
- CVE:
- 2024-13803
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
- Plugin Slug:
- everest-forms
- Installations
- 100,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.0.9.5
- Severity Score:
- Critical
- CVE:
- 2025-1128
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.20.0
- Severity Score:
- Critical
- CVE:
- 2025-0912
Site Mailer – SMTP Replacement, Email API Deliverability & Email Log
- Plugin Slug:
- site-mailer
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.4
- Severity Score:
- High
- CVE:
- 2025-1319
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.7.5.1
- Severity Score:
- Medium
- CVE:
- 2024-13127
Events Manager – Calendar, Bookings, Tickets, and more!
- Plugin Slug:
- events-manager
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.6.4.2
- Severity Score:
- Medium
- CVE:
- 2025-1249
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
- Plugin Slug:
- boldgrid-backup
- Installations
- 70,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.16.9
- Severity Score:
- Medium
- CVE:
- 2024-13907
Simple Image Sizes
- Plugin:
- Simple Image Sizes
- Plugin Slug:
- simple-image-sizes
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.3
- Severity Score:
- Medium
- CVE:
- 2025-24810
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.7
- Severity Score:
- Medium
- CVE:
- 2025-1571
User Registration & Membership – Custom Registration Form, Login Form, and User Profile
- Plugin Slug:
- user-registration
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.0
- Severity Score:
- High
- CVE:
- 2025-1511
Advanced AJAX Product Filters
- Plugin:
- Advanced AJAX Product Filters
- Plugin Slug:
- woocommerce-ajax-filters
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.8.2
- Severity Score:
- High
- CVE:
- 2025-1505
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.33
- Severity Score:
- Medium
- CVE:
- 2024-13605
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
- Plugin Slug:
- sina-extension-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.1
- Severity Score:
- Medium
- CVE:
- 2025-1517
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
- Plugin Slug:
- master-addons
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.7.3
- Severity Score:
- Medium
- CVE:
- 2024-9618
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
- Plugin Slug:
- master-addons
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.7.2
- Severity Score:
- Medium
- CVE:
- 2025-0433
Post Grid and Gutenberg Blocks – ComboBlocks
- Plugin Slug:
- post-grid
- Installations
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.3.7
- Severity Score:
- Medium
- CVE:
- 2024-13796
Accept Donations with PayPal & Stripe
- Plugin Slug:
- easy-paypal-donation
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.5
- Severity Score:
- High
- CVE:
- 2024-13728
Image Photo Gallery Final Tiles Grid
- Plugin Slug:
- final-tiles-grid-gallery-lite
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.1
- Severity Score:
- Medium
- CVE:
- 2024-6261
Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors
- Plugin Slug:
- publishpress-authors
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.7.4
- Severity Score:
- High
- CVE:
- 2025-26886
Secure Copy Content Protection and Content Locking
- Plugin Slug:
- secure-copy-content-protection
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4.8
- Severity Score:
- Medium
- CVE:
- 2025-1404
NextMove Lite – Thank You Page for WooCommerce
- Plugin Slug:
- woo-thank-you-page-nextmove-lite
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.20.0
- Severity Score:
- Medium
- CVE:
- 2024-10860
Wp Social Login and Register Social Counter
- Plugin Slug:
- wp-social
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- CVE:
- 2025-1506
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2025-0764
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
- Plugin Slug:
- bp-better-messages
- Installations
- 10,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.7.5
- Severity Score:
- Medium
- CVE:
- 2024-13697
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
- Plugin Slug:
- bp-better-messages
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.7.0
- Severity Score:
- High
- CVE:
- 2024-13611
Classified Listing – Classified ads & Business Directory Plugin
- Plugin Slug:
- classified-listing
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.0.5
- Severity Score:
- Medium
- CVE:
- 2025-1063
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
- Plugin Slug:
- directorist
- Installations
- 10,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 8.2
- Severity Score:
- High
- CVE:
- 2025-1570
IP2Location Redirection
- Plugin:
- IP2Location Redirection
- Plugin Slug:
- ip2location-redirection
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.33.4
- Severity Score:
- Medium
- CVE:
- 2025-1502
Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin
- Plugin Slug:
- logo-slider-wp
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.0
- Severity Score:
- Medium
- CVE:
- 2024-12308
WPO365 | MICROSOFT 365 GRAPH MAILER
- Plugin Slug:
- wpo365-msgraphmailer
- Installations
- 8,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 3.3
- Severity Score:
- Medium
- CVE:
- 2025-1488
Animated Text Block
- Plugin:
- Animated Text Block
- Plugin Slug:
- animated-text-block
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.8
- Severity Score:
- Medium
- CVE:
- 2025-26883
Album Gallery – WordPress Gallery
- Plugin Slug:
- new-album-gallery
- Installations
- 5,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.6.4
- Severity Score:
- High
- CVE:
- 2024-13833
SMS Alert Order Notifications – WooCommerce
- Plugin Slug:
- sms-alert
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.7.9
- Severity Score:
- Critical
- CVE:
- 2025-26988
Authors List
- Plugin:
- Authors List
- Plugin Slug:
- authors-list
- Installations
- 4,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 2.0.6.1
- Severity Score:
- Medium
- CVE:
- 2024-13806
Card Elements for Elementor
- Plugin:
- Card Elements for Elementor
- Plugin Slug:
- card-elements-for-elementor
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2024-13734
WP Posts Carousel
- Plugin:
- WP Posts Carousel
- Plugin Slug:
- wp-posts-carousel
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.8
- Severity Score:
- Medium
- CVE:
- 2025-1491
KiviCare – Clinic & Patient Management System (EHR)
- Plugin Slug:
- kivicare-clinic-management-system
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.6.8
- Severity Score:
- High
- CVE:
- 2025-1572
Wallet System for WooCommerce
- Plugin:
- Wallet System for WooCommerce
- Plugin Slug:
- wallet-system-for-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.3
- Severity Score:
- Medium
- CVE:
- 2024-13682
Wallet System for WooCommerce
- Plugin:
- Wallet System for WooCommerce
- Plugin Slug:
- wallet-system-for-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.3
- Severity Score:
- Medium
- CVE:
- 2024-13724
Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site
- Plugin Slug:
- counter-box
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.7
- Severity Score:
- Medium
- CVE:
- 2024-13901
teachPress
- Plugin:
- teachPress
- Plugin Slug:
- teachpress
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 9.0.8
- Severity Score:
- High
- CVE:
- 2025-1321
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons
- Plugin Slug:
- contest-gallery
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 26.0.1
- Severity Score:
- High
- CVE:
- 2025-1513
Product Catalog Simple
- Plugin:
- Product Catalog Simple
- Plugin Slug:
- post-type-x
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.0
- Severity Score:
- Medium
- CVE:
- 2025-1405
Quotes llama
- Plugin:
- Quotes llama
- Plugin Slug:
- quotes-llama
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.2
- Severity Score:
- Medium
- CVE:
- 2025-27307
Simple Download Counter
- Plugin:
- Simple Download Counter
- Plugin Slug:
- simple-download-counter
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.1
- Severity Score:
- Medium
- CVE:
- 2025-1730
Subscriptions & Memberships for PayPal
- Plugin Slug:
- subscriptions-memberships-for-paypal
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- CVE:
- 2024-13560
Ultimate WordPress Auction Plugin
- Plugin Slug:
- ultimate-auction
- Installations
- 1,000+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 4.3.0
- Severity Score:
- High
- CVE:
- 2025-0958
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
- Plugin Slug:
- wc4bp
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4.26
- Severity Score:
- Medium
- CVE:
- 2025-1780
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
- Plugin Slug:
- wc4bp
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.25
- Severity Score:
- Medium
- CVE:
- 2024-13358
PlayerJS
- Plugin:
- PlayerJS
- Plugin Slug:
- playerjs
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.24
- Severity Score:
- Medium
- CVE:
- 2025-27330
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
- Plugin Slug:
- surveyjs
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.12.18
- Severity Score:
- High
- CVE:
- 2024-12544
m1.DownloadList
- Plugin:
- m1.DownloadList
- Plugin Slug:
- m1downloadlist
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.20
- Severity Score:
- Medium
- CVE:
- 2025-26895
WordPress abandoned cart recovery and email marketing for WooCommerce by Recapture
- Plugin Slug:
- recapture-for-woocommerce
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.44
- Severity Score:
- Medium
- CVE:
- 2025-26899
RateMyAgent Official
- Plugin:
- RateMyAgent Official
- Plugin Slug:
- ratemyagent-official
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.0
- Severity Score:
- Medium
- CVE:
- 2025-0801
Multiple Shipping And Billing Address For Woocommerce
- Plugin Slug:
- different-shipping-and-billing-address-for-woocommerce
- Installations
- 200+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5
- Severity Score:
- Critical
- CVE:
- 2025-26875
Database Backup and check Tables Automated With Scheduler 2024
- Plugin Slug:
- database-backup
- Installations
- 100+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 2.37
- Severity Score:
- High
- CVE:
- 2024-13910
Database Backup and check Tables Automated With Scheduler 2024
- Plugin Slug:
- database-backup
- Installations
- 100+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.36
- Severity Score:
- High
- CVE:
- 2024-13911
DefendWP Firewall
- Plugin:
- DefendWP Firewall
- Plugin Slug:
- defend-wp-firewall
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.1
- Severity Score:
- High
- CVE:
- 2025-22280
MK Google Directions
- Plugin:
- MK Google Directions
- Plugin Slug:
- google-distance-calculator
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- CVE:
- 2024-12820
Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue
- Plugin Slug:
- revenueflex-easy-ads
- Installations
- 90+
- Vulnerability:
- Settings Change
- Patched in Version:
- 1.5.1
- Severity Score:
- High
- CVE:
- 2025-27296
Activity Log WinterLock
- Plugin:
- Activity Log WinterLock
- Plugin Slug:
- winterlock
- Installations
- 70+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.5
- Severity Score:
- Medium
- CVE:
- 2025-24982
Academist Membership
- Plugin:
- Academist Membership
- Plugin Slug:
- academist-membership
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.2
- Severity Score:
- Critical
- CVE:
- 2025-1671
Alloggio Membership
- Plugin:
- Alloggio Membership
- Plugin Slug:
- alloggio-membership
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.2
- Severity Score:
- Critical
- CVE:
- 2025-1638
Animation Addons for Elementor Pro
- Plugin:
- Animation Addons for Elementor Pro
- Plugin Slug:
- animation-addons-for-elementor-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7
- Severity Score:
- High
- CVE:
- 2025-1639
Buddyboss Platform
- Plugin:
- Buddyboss Platform
- Plugin Slug:
- buddyboss-platform
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.00
- Severity Score:
- Medium
- CVE:
- 2024-13402
DHVC Form
- Plugin:
- DHVC Form
- Plugin Slug:
- dhvc-form
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.4.8
- Severity Score:
- Critical
- CVE:
- 2024-8420
Edd Google Sheet Connector Pro
- Plugin:
- Edd Google Sheet Connector Pro
- Plugin Slug:
- edd-google-sheet-connector-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4
- Severity Score:
- Medium
- CVE:
- 2023-2334
Exertio Framework
- Plugin:
- Exertio Framework
- Plugin Slug:
- exertio-framework
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.3.2
- Severity Score:
- High
- CVE:
- 2024-13373
Easy Digital Downloads Google Sheet Connector
- Plugin Slug:
- gsheetconnector-easy-digital-downloads
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.6
- Severity Score:
- Medium
- CVE:
- 2023-2334
Pie Register Premium
- Plugin:
- Pie Register Premium
- Plugin Slug:
- pie-register-premium
- Vulnerability:
- Path Traversal
- Patched in Version:
- 3.8.3.3
- Severity Score:
- Medium
- CVE:
- 2025-26940
Pie Register Premium
- Plugin:
- Pie Register Premium
- Plugin Slug:
- pie-register-premium
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.8.3.3
- Severity Score:
- Medium
- CVE:
- 2025-26948
SetSail Membership
- Plugin:
- SetSail Membership
- Plugin Slug:
- setsail-membership
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.1
- Severity Score:
- Critical
- CVE:
- 2025-1564
Social Share And Social Locker
- Plugin:
- Social Share And Social Locker
- Plugin Slug:
- social-share-and-social-locker-arsocial
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- Medium
- CVE:
- 2024-11189
SureMembers
- Plugin:
- SureMembers
- Plugin Slug:
- suremembers
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.10.7
- Severity Score:
- Medium
- CVE:
- 2024-12434
Templines Elementor Helper Core
- Plugin:
- Templines Elementor Helper Core
- Plugin Slug:
- templines-helper-core
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.8
- Severity Score:
- High
- CVE:
- 2025-1295
ThemeMakers PayPal Express Checkout
- Plugin:
- ThemeMakers PayPal Express Checkout
- Plugin Slug:
- tmm_paypal_checkout
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2025-1689
ThemeMakers Stripe Checkout
- Plugin:
- ThemeMakers Stripe Checkout
- Plugin Slug:
- tmm_stripe_checkout
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2025-1690
WHMpress
- Plugin:
- WHMpress
- Plugin Slug:
- whmpress
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 6.3-revision-1
- Severity Score:
- Critical
- CVE:
- 2024-9193
WooCommerce Cart Count Shortcode
- Plugin:
- WooCommerce Cart Count Shortcode
- Plugin Slug:
- woo-cart-count-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
- 2024-10563
WordPress File Upload
- Plugin:
- WordPress File Upload
- Plugin Slug:
- wp-file-upload
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.25.3
- Severity Score:
- Medium
- CVE:
- 2024-13494
WordPress Themes — 11 Patched / 1 Unpatched
Traveler
- Theme:
- Traveler
- Theme Slug:
- traveler
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12811
Newscrunch
- Theme:
- Newscrunch
- Theme Slug:
- newscrunch
- Downloads
- 175,636
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.8.4.1
- Severity Score:
- Critical
- CVE:
- 2025-1307
Newscrunch
- Theme:
- Newscrunch
- Theme Slug:
- newscrunch
- Downloads
- 175,636
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.8.4.1
- Severity Score:
- High
- CVE:
- 2025-1306
VW Storefront
- Theme:
- VW Storefront
- Theme Slug:
- vw-storefront
- Downloads
- 60,130
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.0
- Severity Score:
- Medium
- CVE:
- 2024-13686
Bricks Builder
- Theme:
- Bricks Builder
- Theme Slug:
- bricks
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.9.7
- Severity Score:
- High
- CVE:
- 2024-2297
Car Dealer
- Theme:
- Car Dealer
- Theme Slug:
- cardealer
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.6.5
- Severity Score:
- High
- CVE:
- 2025-1682
Car Dealer
- Theme:
- Car Dealer
- Theme Slug:
- cardealer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.5
- Severity Score:
- High
- CVE:
- 2025-1687
Car Dealer
- Theme:
- Car Dealer
- Theme Slug:
- cardealer
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.5
- Severity Score:
- Medium
- CVE:
- 2025-1681
Car Dealer
- Theme:
- Car Dealer
- Theme Slug:
- cardealer
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.6.4
- Severity Score:
- High
- CVE:
- 2025-1282
Enfold
- Theme:
- Enfold
- Theme Slug:
- enfold
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 7.0
- Severity Score:
- Medium
- CVE:
- 2024-13695
Enfold
- Theme:
- Enfold
- Theme Slug:
- enfold
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.0
- Severity Score:
- Medium
- CVE:
- 2024-13693
Nokri
- Theme:
- Nokri
- Theme Slug:
- nokri
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.6.3
- Severity Score:
- Critical
- CVE:
- 2024-12824
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
