In this report, 304 vulnerabilities have been publicly disclosed. Security patches for 162 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 142 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8 “Cecil” is here! Launched April 15, 2025, it honors jazz legend Cecil Taylor, whose pioneering piano fused chaos and harmony. Explore its bold features with the same experimental spirit.
Plus, WordCamp Europe 2025 lands in Basel, Switzerland, June 5-7! Connect with WordPress enthusiasts, developers, and pros for three days of learning, networking, and collaboration with the global community.
WordPress Plugins — 153 Patched / 126 Unpatched
Master Slider – Responsive Touch Slider
- Plugin Slug:
- master-slider
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39412
Simple Sitemap – Create a Responsive HTML Sitemap
- Plugin Slug:
- simple-sitemap
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39413
Asgaros Forum
- Plugin:
- Asgaros Forum
- Plugin Slug:
- asgaros-forum
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39514
Scriptless Social Sharing
- Plugin:
- Scriptless Social Sharing
- Plugin Slug:
- scriptless-social-sharing
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39529
Logo Carousel Slider
- Plugin:
- Logo Carousel Slider
- Plugin Slug:
- logo-carousel-slider
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39525
Checkout Files Upload for WooCommerce
- Plugin Slug:
- checkout-files-upload-woocommerce
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39520
License For Envato
- Plugin:
- License For Envato
- Plugin Slug:
- license-envato
- Installations
- 5,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39399
Hotel Booking
- Plugin:
- Hotel Booking
- Plugin Slug:
- nd-booking
- Installations
- 5,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39526
ACF: Google Font Selector
- Plugin:
- ACF: Google Font Selector
- Plugin Slug:
- acf-google-font-selector-field
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39382
Anything Popup
- Plugin:
- Anything Popup
- Plugin Slug:
- anything-popup
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39397
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder
- Plugin Slug:
- wps-team
- Installations
- 3,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32686
Directory Listings WordPress plugin – uListing
- Plugin Slug:
- ulisting
- Installations
- 2,000+
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32662
ActiveDEMAND
- Plugin:
- ActiveDEMAND
- Plugin Slug:
- activedemand
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39513
Basic Interactive World Map
- Plugin:
- Basic Interactive World Map
- Plugin Slug:
- basic-interactive-world-map
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39517
Rescue Shortcodes
- Plugin:
- Rescue Shortcodes
- Plugin Slug:
- rescue-shortcodes
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39528
Attendance Manager
- Plugin:
- Attendance Manager
- Plugin Slug:
- attendance-manager
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39515
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
- Plugin Slug:
- booking-and-rental-manager-for-woocommerce
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39390
Real Estate Manager – Property Listing and Agent Management
- Plugin Slug:
- real-estate-manager
- Installations
- 900+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32596
JS Job Manager
- Plugin:
- JS Job Manager
- Plugin Slug:
- js-jobs
- Installations
- 800+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32626
JS Job Manager
- Plugin:
- JS Job Manager
- Plugin Slug:
- js-jobs
- Installations
- 800+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32660
Movylo Marketing Automation
- Plugin:
- Movylo Marketing Automation
- Plugin Slug:
- movylo-widget
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32608
WP Flipclock
- Plugin:
- WP Flipclock
- Plugin Slug:
- wp-flipclock
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39540
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light
- Plugin Slug:
- excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
- Installations
- 700+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39378
MapSVG – Vector maps, Image maps, Google Maps
- Plugin Slug:
- mapsvg-lite-interactive-vector-maps
- Installations
- 700+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32682
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates
- Plugin Slug:
- kata-plus
- Installations
- 600+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32572
Question Answer
- Plugin:
- Question Answer
- Plugin Slug:
- question-answer
- Installations
- 600+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32647
Spice Blocks
- Plugin:
- Spice Blocks
- Plugin Slug:
- spice-blocks
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39532
WooMS
- Plugin:
- WooMS
- Plugin Slug:
- wooms
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32602
Author WIP Progress Bar
- Plugin:
- Author WIP Progress Bar
- Plugin Slug:
- author-work-in-progress-bar
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39516
Bulk Term Editor
- Plugin:
- Bulk Term Editor
- Plugin Slug:
- bulk-term-editor
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39512
WordPress WP-Advanced-Search
- Plugin:
- WordPress WP-Advanced-Search
- Plugin Slug:
- wp-advanced-search
- Installations
- 500+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39538
Bulk Page Stub Creator
- Plugin:
- Bulk Page Stub Creator
- Plugin Slug:
- bulk-page-stub-creator
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39519
Rating by BestWebSoft
- Plugin:
- Rating by BestWebSoft
- Plugin Slug:
- rating-bws
- Installations
- 400+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39527
Site Search 360
- Plugin:
- Site Search 360
- Plugin Slug:
- site-search-360
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39530
Contact Form vCard Generator
- Plugin:
- Contact Form vCard Generator
- Plugin Slug:
- contact-form-vcard-generator
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39521
Projectopia – WordPress Project Management
- Plugin Slug:
- projectopia-core
- Installations
- 300+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32648
BruteGuard – Brute Force Login Protection
- Plugin Slug:
- bruteguard
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39408
Dynamic Post
- Plugin:
- Dynamic Post
- Plugin Slug:
- dynamic-post
- Installations
- 200+
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39522
Starfish Review Generation & Marketing for WordPress
- Plugin Slug:
- starfish-reviews
- Installations
- 200+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39533
Capturly
- Plugin:
- Capturly
- Plugin Slug:
- capturly-optimize-your-website
- Installations
- 100+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39379
Run Contests, Raffles, and Giveaways with ContestsWP
- Plugin Slug:
- contest-code-checker
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32634
Course Booking System
- Plugin:
- Course Booking System
- Plugin Slug:
- course-booking-system
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32508
HelpGent – The Ultimate Form Builder & TypeForm Alternative on WordPress | Craft Conversational Multi Step Form with Video, Voice, Screen Recording, & Text Messaging
- Plugin Slug:
- helpgent
- Installations
- 100+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32658
Local Magic
- Plugin:
- Local Magic
- Plugin Slug:
- local-magic
- Installations
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32636
PDF 2 Post
- Plugin:
- PDF 2 Post
- Plugin Slug:
- pdf2post
- Installations
- 100+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32583
Slazzer Background Changer
- Plugin:
- Slazzer Background Changer
- Plugin Slug:
- slazzer-background-changer
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39531
Theme Changer
- Plugin:
- Theme Changer
- Plugin Slug:
- theme-changer
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39438
WooCommerce Products without featured images
- Plugin Slug:
- woocommerce-products-without-featured-images
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32545
Target Video Easy Publish
- Plugin:
- Target Video Easy Publish
- Plugin Slug:
- brid-video-easy-publish
- Installations
- 80+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-32688
Checkout Field Visibility for WooCommerce
- Plugin Slug:
- checkout-field-visibility-for-woocommerce
- Installations
- 80+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39391
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
- Plugin Slug:
- hive-support
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32666
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
- Plugin Slug:
- hive-support
- Installations
- 70+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32635
Product Lister for eBay
- Plugin:
- Product Lister for eBay
- Plugin Slug:
- product-lister-ebay
- Installations
- 70+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39384
T&P Gallery Slider
- Plugin:
- T&P Gallery Slider
- Plugin Slug:
- tp-gallery-slider
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32527
All push notification for WP
- Plugin:
- All push notification for WP
- Plugin Slug:
- all-push-notification
- Installations
- 60+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32546
WP_DEBUG Toggle
- Plugin:
- WP_DEBUG Toggle
- Plugin Slug:
- enable-wp-debug-toggle
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32561
Appsero Helper
- Plugin:
- Appsero Helper
- Plugin Slug:
- appsero-helper
- Installations
- 50+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39377
Office Locator
- Plugin:
- Office Locator
- Plugin Slug:
- office-locator
- Installations
- 50+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32665
WP Donate
- Plugin:
- WP Donate
- Plugin Slug:
- wp-donate
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32637
ShopApper: Mobile App for WooCommerce
- Plugin Slug:
- mobile-app-for-woocommerce
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32638
BMA Lite – Appointment Booking and Scheduling Plugin
- Plugin Slug:
- bma-lite-appointment-booking-and-scheduling
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39518
Event Espresso – Custom Email Template Shortcode
- Plugin Slug:
- email-shortcode
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32507
ZooEffect
- Plugin:
- ZooEffect
- Plugin Slug:
- 1-jquery-photo-gallery-slideshow-flash
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26954
Add to Header
- Plugin:
- Add to Header
- Plugin Slug:
- add-to-header
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39423
Amazon Showcase WordPress Plugin
- Plugin:
- Amazon Showcase WordPress Plugin
- Plugin Slug:
- amazon-showcase-wordpress-widget
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39431
AnalyticsWP
- Plugin:
- AnalyticsWP
- Plugin Slug:
- analyticswp
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39388
AnalyticsWP
- Plugin:
- AnalyticsWP
- Plugin Slug:
- analyticswp
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39394
Anthologize
- Plugin:
- Anthologize
- Plugin Slug:
- anthologize
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39437
WPAMS
- Plugin:
- WPAMS
- Plugin Slug:
- apartment-management
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39402
WPAMS
- Plugin:
- WPAMS
- Plugin Slug:
- apartment-management
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39405
WPAMS
- Plugin:
- WPAMS
- Plugin Slug:
- apartment-management
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39401
WPAMS
- Plugin:
- WPAMS
- Plugin Slug:
- apartment-management
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39406
WPAMS
- Plugin:
- WPAMS
- Plugin Slug:
- apartment-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39395
WPAMS
- Plugin:
- WPAMS
- Plugin Slug:
- apartment-management
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39392
WPAMS
- Plugin:
- WPAMS
- Plugin Slug:
- apartment-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39403
Avatar
- Plugin:
- Avatar
- Plugin Slug:
- avatar
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3520
Avatar
- Plugin:
- Avatar
- Plugin Slug:
- avatar
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39434
bbPress2 shortcode whitelist
- Plugin:
- bbPress2 shortcode whitelist
- Plugin Slug:
- bbpress2-shortcode-whitelist
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39432
Bknewsticker
- Plugin:
- Bknewsticker
- Plugin Slug:
- bknewsticker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39433
Broken Links Remover
- Plugin:
- Broken Links Remover
- Plugin Slug:
- broken-links-remover
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39440
Login Manager
- Plugin:
- Login Manager
- Plugin Slug:
- customized-login
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-2613
Dashboard Notepads
- Plugin:
- Dashboard Notepads
- Plugin Slug:
- dashboard-notepads
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39441
FAT Services Booking
- Plugin:
- FAT Services Booking
- Plugin Slug:
- fat-services-booking
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39355
Foodbakery Sticky Cart
- Plugin:
- Foodbakery Sticky Cart
- Plugin Slug:
- foodbakery-sticky-cart
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39356
Grand Conference
- Plugin:
- Grand Conference
- Plugin Slug:
- grandconference
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39354
Gravity Forms CSS Themes with Fontawesome and Placeholders
- Plugin:
- Gravity Forms CSS Themes with Fontawesome and Placeholders
- Plugin Slug:
- gravity-forms-css-themes-with-fontawesome-and-placeholder-support
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39428
hockeydata LOS
- Plugin:
- hockeydata LOS
- Plugin Slug:
- hockeydata-los
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26889
Hospital Management System
- Plugin:
- Hospital Management System
- Plugin Slug:
- hospital-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39357
I Draw
- Plugin:
- I Draw
- Plugin Slug:
- idraw
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39436
Simple Maps
- Plugin:
- Simple Maps
- Plugin Slug:
- interactive-maps
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39424
KiotViet Sync
- Plugin:
- KiotViet Sync
- Plugin Slug:
- kiotvietsync
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39381
KiotViet Sync
- Plugin:
- KiotViet Sync
- Plugin Slug:
- kiotvietsync
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32573
illow – Cookies Consent
- Plugin:
- illow – Cookies Consent
- Plugin Slug:
- lgpd-compliant-cookie-banner
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39426
Macro Calculator with Admin Email Optin & Data
- Plugin:
- Macro Calculator with Admin Email Optin & Data
- Plugin Slug:
- macro-admin-email-data-optin-calculator
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26730
Memberpress
- Plugin:
- Memberpress
- Plugin Slug:
- memberpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39407
mLanguage
- Plugin:
- mLanguage
- Plugin Slug:
- mlanguage
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39430
Modal Survey
- Plugin:
- Modal Survey
- Plugin Slug:
- modal-survey
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39469
Modal Survey
- Plugin:
- Modal Survey
- Plugin Slug:
- modal-survey
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39468
Modal Survey
- Plugin:
- Modal Survey
- Plugin Slug:
- modal-survey
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39471
My auctions allegro
- Plugin:
- My auctions allegro
- Plugin Slug:
- my-auctions-allegro-free-edition
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27009
My Marginalia
- Plugin:
- My Marginalia
- Plugin Slug:
- my-marginalia
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39435
Redirect wordpress to welcome or landing page
- Plugin:
- Redirect wordpress to welcome or landing page
- Plugin Slug:
- redirect-to-welcome-or-landing-page
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39417
Review Wave – Google Places Reviews
- Plugin:
- Review Wave – Google Places Reviews
- Plugin Slug:
- review-wave-google-places-reviews
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39442
Revision Diet
- Plugin:
- Revision Diet
- Plugin Slug:
- revision-diet
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39419
Revy
- Plugin:
- Revy
- Plugin Slug:
- revy
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32924
SUMO Reward Points
- Plugin:
- SUMO Reward Points
- Plugin Slug:
- rewardsystem
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32925
RSS Manager
- Plugin:
- RSS Manager
- Plugin Slug:
- rss-manager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39418
Social Media Links
- Plugin:
- Social Media Links
- Plugin Slug:
- social-media-links
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39415
spam-stopper
- Plugin:
- spam-stopper
- Plugin Slug:
- spam-stopper
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39414
Style Manager
- Plugin:
- Style Manager
- Plugin Slug:
- style-manager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39425
Széchenyi 2020 Logo
- Plugin:
- Széchenyi 2020 Logo
- Plugin Slug:
- szechenyi-2020-logo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39429
Testimonial Slider And Showcase Pro
- Plugin:
- Testimonial Slider And Showcase Pro
- Plugin Slug:
- testimonial-slider-showcase-pro
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32657
translit it!
- Plugin:
- translit it!
- Plugin Slug:
- translit-it
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39416
TuriTop Booking System
- Plugin:
- TuriTop Booking System
- Plugin Slug:
- turitop-booking-system
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32571
Smart Sections Theme Builder – WPBakery Page Builder Addon
- Plugin:
- Smart Sections Theme Builder – WPBakery Page Builder Addon
- Plugin Slug:
- visucom-smart-sections
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39410
WooCommerce Social Login
- Plugin:
- WooCommerce Social Login
- Plugin Slug:
- woo-social-login
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39472
FoodBakery
- Plugin:
- FoodBakery
- Plugin Slug:
- wp-foodbakery
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32927
WP Post to PDF Enhanced
- Plugin:
- WP Post to PDF Enhanced
- Plugin Slug:
- wp-post-to-pdf-enhanced
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39427
WP Social Bookmarking
- Plugin:
- WP Social Bookmarking
- Plugin Slug:
- wp-social-bookmarking
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39422
WP Sticky Side Buttons
- Plugin:
- WP Sticky Side Buttons
- Plugin Slug:
- wp-sticky-side-buttons
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39421
WP Syntax
- Plugin:
- WP Syntax
- Plugin Slug:
- wp-syntax
- Vulnerability:
- Denial of Service Attack
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2024-13926
WP Twitter Button
- Plugin:
- WP Twitter Button
- Plugin Slug:
- wp-twitter-button
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39420
WordPress Video Robot – The Ultimate Video Importer
- Plugin:
- WordPress Video Robot – The Ultimate Video Importer
- Plugin Slug:
- wp-video-robot
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39409
wpLike2Get
- Plugin:
- wpLike2Get
- Plugin Slug:
- wplike2get
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39439
WhatsApp Click to Chat Plugin for WordPress
- Plugin:
- WhatsApp Click to Chat Plugin for WordPress
- Plugin Slug:
- wpt-whatsapp
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39411
Xelion Webchat
- Plugin:
- Xelion Webchat
- Plugin Slug:
- xelion-webchat
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39542
Contact Form 7
- Plugin:
- Contact Form 7
- Plugin Slug:
- contact-form-7
- Installations
- 10,000,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 6.0.6
- Severity Score:
- Medium
- CVE:
- 2025-3247
Essential Addons for Elementor – Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.1.10
- Severity Score:
- Medium
- CVE:
- 2025-39589
Essential Addons for Elementor – Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.1.10
- Severity Score:
- Medium
- CVE:
- 2025-39590
Ocean Extra
- Plugin:
- Ocean Extra
- Plugin Slug:
- ocean-extra
- Installations
- 600,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2025-3472
Ocean Extra
- Plugin:
- Ocean Extra
- Plugin Slug:
- ocean-extra
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2025-3457
Royal Elementor Addons and Templates
- Plugin Slug:
- royal-elementor-addons
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.979
- Severity Score:
- Medium
- CVE:
- 2025-39543
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
- Plugin Slug:
- fluentform
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.0.3
- Severity Score:
- Medium
- CVE:
- 2025-3615
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 1.42.1
- Severity Score:
- Medium
- CVE:
- 2025-3479
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.42.1
- Severity Score:
- Medium
- CVE:
- 2025-3487
Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more
- Plugin Slug:
- password-protected
- Installations
- 300,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.7.8
- Severity Score:
- Medium
- CVE:
- 2025-3453
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
- Plugin Slug:
- ultimate-member
- Installations
- 200,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.10.2
- Severity Score:
- Critical
- CVE:
- 2025-0308
Insert Headers And Footers
- Plugin:
- Insert Headers And Footers
- Plugin Slug:
- wp-headers-and-footers
- Installations
- 200,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.2
- Severity Score:
- High
- CVE:
- 2025-2111
Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.10.29
- Severity Score:
- Medium
- CVE:
- 2025-1457
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.3.13
- Severity Score:
- Medium
- CVE:
- 2025-3404
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.13
- Severity Score:
- Medium
- CVE:
- 2025-3056
Kadence WooCommerce Email Designer
- Plugin Slug:
- kadence-woocommerce-email-designer
- Installations
- 100,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.5.15
- Severity Score:
- Critical
- CVE:
- 2025-39557
Social Sharing Plugin – Sassy Social Share
- Plugin Slug:
- sassy-social-share
- Installations
- 100,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 3.3.74
- Severity Score:
- Medium
- CVE:
- 2025-39404
WordPress Button Plugin MaxButtons
- Plugin Slug:
- maxbuttons
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.8.4
- Severity Score:
- Medium
- CVE:
- 2025-39444
Icegram Express – email subscribers, optin forms, newsletters and marketing automation for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.7.52
- Severity Score:
- Medium
- CVE:
- 2024-11924
Widget for Social Page Feeds
- Plugin:
- Widget for Social Page Feeds
- Plugin Slug:
- facebook-pagelike-widget
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.2
- Severity Score:
- Medium
- CVE:
- 2024-13207
Ultimate Dashboard – Custom WordPress Dashboard
- Plugin Slug:
- ultimate-dashboard
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.6
- Severity Score:
- Medium
- CVE:
- 2025-1523
Greenshift – animation and page builder blocks
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 50,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.4.6
- Severity Score:
- High
- CVE:
- 2025-3616
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
- Plugin Slug:
- profile-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.13.7
- Severity Score:
- Medium
- CVE:
- 2025-2314
WP Import Export Lite
- Plugin:
- WP Import Export Lite
- Plugin Slug:
- wp-import-export-lite
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.28
- Severity Score:
- Medium
- CVE:
- 2025-2839
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.32
- Severity Score:
- Medium
- CVE:
- 2024-10680
MapPress Maps for WordPress
- Plugin:
- MapPress Maps for WordPress
- Plugin Slug:
- mappress-google-maps-for-wordpress
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.94.10
- Severity Score:
- Medium
- CVE:
- 2025-2162
Contact Form & SMTP Plugin for WordPress by PirateForms
- Plugin Slug:
- pirate-forms
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.0
- Severity Score:
- Medium
- CVE:
- 2024-11273
Themesflat Addons For Elementor
- Plugin:
- Themesflat Addons For Elementor
- Plugin Slug:
- themesflat-addons-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.6
- Severity Score:
- Medium
- CVE:
- 2025-3275
Cost Calculator Builder
- Plugin:
- Cost Calculator Builder
- Plugin Slug:
- cost-calculator-builder
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.2.68
- Severity Score:
- Critical
- CVE:
- 2025-39587
Social Slider Feed
- Plugin:
- Social Slider Feed
- Plugin Slug:
- instagram-slider-widget
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.9
- Severity Score:
- Medium
- CVE:
- 2025-0717
PowerPress Podcasting plugin by Blubrry
- Plugin Slug:
- powerpress
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 11.9.18
- Severity Score:
- Medium
- CVE:
- 2024-9230
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
- Plugin Slug:
- rafflepress
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.12.17
- Severity Score:
- Medium
- CVE:
- 2024-10107
WP Editor
WP Editor
Advanced Dynamic Pricing for WooCommerce
- Plugin Slug:
- advanced-dynamic-pricing-for-woocommerce
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.9.5
- Severity Score:
- Medium
- CVE:
- 2025-39453
Docket Cache – Object Cache Accelerator
- Plugin Slug:
- docket-cache
- Installations
- 20,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 24.07.03
- Severity Score:
- High
- CVE:
- 2025-39461
Simple Social Media Share Buttons – Social Sharing for Everyone
- Plugin Slug:
- simple-social-buttons
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.0.0
- Severity Score:
- Medium
- CVE:
- 2024-13610
WordPress REST API Authentication
- Plugin Slug:
- wp-rest-api-authentication
- Installations
- 20,000+
- Vulnerability:
- Settings Change
- Patched in Version:
- 3.6.4
- Severity Score:
- Medium
- CVE:
- 2025-39545
WP Simple Booking Calendar
- Plugin:
- WP Simple Booking Calendar
- Plugin Slug:
- wp-simple-booking-calendar
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.14
- Severity Score:
- Medium
- CVE:
- 2025-39541
AFI – The Easiest Integration Plugin
- Plugin Slug:
- advanced-form-integration
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.100.0
- Severity Score:
- Medium
- CVE:
- 2024-13123
Conditional Payments for WooCommerce
- Plugin Slug:
- conditional-payments-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.3.1
- Severity Score:
- Medium
- CVE:
- 2025-39563
Conditional Shipping for WooCommerce
- Plugin Slug:
- conditional-shipping-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4.1
- Severity Score:
- Medium
- CVE:
- 2025-39564
HTML5 Audio Player- Best WordPress Audio Player Plugin
- Plugin Slug:
- html5-audio-player
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
- 2025-39524
Klarna Checkout for WooCommerce
- Plugin:
- Klarna Checkout for WooCommerce
- Plugin Slug:
- klarna-checkout-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Denial of Service Attack
- Patched in Version:
- 2.13.5
- Severity Score:
- High
- CVE:
- 2024-13925
Mediavine Control Panel
- Plugin:
- Mediavine Control Panel
- Plugin Slug:
- mediavine-control-panel
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.10.7
- Severity Score:
- Medium
- CVE:
- 2025-39556
WooCommerce Product Table Lite
- Plugin:
- WooCommerce Product Table Lite
- Plugin Slug:
- wc-product-table-lite
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.6
- Severity Score:
- Medium
- CVE:
- 2025-39602
WP Data Access – App, Table, Form, Chart & Map Builder plugin
- Plugin Slug:
- wp-data-access
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.37
- Severity Score:
- Medium
- CVE:
- 2025-39582
Event Manager, Events Calendar, Tickets, Registrations – Eventin
- Plugin Slug:
- wp-event-solution
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.0.26
- Severity Score:
- High
- CVE:
- 2025-39584
Themify Shortcodes
- Plugin:
- Themify Shortcodes
- Plugin Slug:
- themify-shortcodes
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
- 2025-39581
Contact Form by Supsystic
- Plugin:
- Contact Form by Supsystic
- Plugin Slug:
- contact-form-by-supsystic
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.30
- Severity Score:
- High
- CVE:
- 2024-13452
Debug Log Manager
- Plugin:
- Debug Log Manager
- Plugin Slug:
- debug-log-manager
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.5
- Severity Score:
- High
- CVE:
- 2025-32613
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.9.4.9
- Severity Score:
- High
- CVE:
- 2025-39586
Drag and Drop Multiple File Upload for WooCommerce
- Plugin Slug:
- drag-and-drop-multiple-file-upload-for-woocommerce
- Installations
- 6,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.1.5
- Severity Score:
- Critical
- CVE:
- 2025-2941
WPCafe: Food Menu, Ordering, Reservation, and Delivery Solution – All in One Place!
- Plugin Slug:
- wp-cafe
- Installations
- 6,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.2.33
- Severity Score:
- High
- CVE:
- 2025-39452
TS Poll – Survey, Versus Poll, Image Poll, Video Poll
- Plugin Slug:
- poll-wp
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.4.7
- Severity Score:
- High
- CVE:
- 2025-3470
WooCommerce Builder & Gutenberg WooCommerce Blocks – WowStore
- Plugin Slug:
- product-blocks
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.5
- Severity Score:
- Medium
- CVE:
- 2025-39571
Coupon Affiliates – Affiliate Plugin for WooCommerce
- Plugin Slug:
- woo-coupon-usage
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.3.1
- Severity Score:
- High
- CVE:
- 2025-3598
WPAdverts – Classifieds Plugin
- Plugin:
- WPAdverts – Classifieds Plugin
- Plugin Slug:
- wpadverts
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2025-39576
Logo Carousel Gutenberg Block
- Plugin:
- Logo Carousel Gutenberg Block
- Plugin Slug:
- awesome-logo-carousel-block
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
- 2025-2083
ElementsReady Addons for Elementor
- Plugin Slug:
- element-ready-lite
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.6.3
- Severity Score:
- Medium
- CVE:
- 2025-39546
FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration
- Plugin Slug:
- fluent-boards
- Installations
- 4,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.48
- Severity Score:
- Critical
- CVE:
- 2025-39551
FluentCommunity – Ultra-Fast High-Performance Social Network, Community, LMS & Online Courses Plugin
- Plugin:
- FluentCommunity – Ultra-Fast High-Performance Social Network, Community, LMS & Online Courses Plugin
- Plugin Slug:
- fluent-community
- Installations
- 4,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.3.1
- Severity Score:
- Critical
- CVE:
- 2025-39550
Responsive Blocks – WordPress Gutenberg Blocks
- Plugin Slug:
- responsive-block-editor-addons
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.3
- Severity Score:
- Medium
- CVE:
- 2025-39578
WP Posts Carousel
- Plugin:
- WP Posts Carousel
- Plugin Slug:
- wp-posts-carousel
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.11
- Severity Score:
- Medium
- CVE:
- 2025-39573
Name Directory
- Plugin:
- Name Directory
- Plugin Slug:
- name-directory
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.30.1
- Severity Score:
- Medium
- CVE:
- 2025-39454
Property Hive
- Plugin:
- Property Hive
- Plugin Slug:
- propertyhive
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
- 2025-39577
GoodBarber
- Plugin:
- GoodBarber
- Plugin Slug:
- goodbarber
- Installations
- 2,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 1.0.27
- Severity Score:
- Medium
- CVE:
- 2025-39523
MelaPress Login Security
- Plugin:
- MelaPress Login Security
- Plugin Slug:
- melapress-login-security
- Installations
- 2,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.1.1
- Severity Score:
- Medium
- CVE:
- 2025-39565
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
- Plugin Slug:
- responsive-addons-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.9.1
- Severity Score:
- Medium
- CVE:
- 2025-2225
SKT Blocks – Gutenberg based Page Builder
- Plugin Slug:
- skt-blocks
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0
- Severity Score:
- Medium
- CVE:
- 2025-3276
WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce
- Plugin Slug:
- wp-optin-wheel
- Installations
- 2,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.4.8
- Severity Score:
- Medium
- CVE:
- 2025-31824
WPCOM Member
- Plugin:
- WPCOM Member
- Plugin Slug:
- wpcom-member
- Installations
- 2,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.7.8
- Severity Score:
- High
- CVE:
- 2025-39570
WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log
- Plugin Slug:
- wptools
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.19
- Severity Score:
- High
- CVE:
- 2025-39544
JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin
- Plugin Slug:
- jobwp
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.4.0
- Severity Score:
- High
- CVE:
- 2025-2010
Listdom – Business Directory and Classified Ads Listings WordPress Plugin
- Plugin Slug:
- listdom
- Installations
- 1,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 4.1.0
- Severity Score:
- Medium
- CVE:
- 2025-39599
Membership For WooCommerce
- Plugin:
- Membership For WooCommerce
- Plugin Slug:
- membership-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.1
- Severity Score:
- Medium
- CVE:
- 2025-39579
Most And Least Read Posts Widget
- Plugin:
- Most And Least Read Posts Widget
- Plugin Slug:
- most-and-least-read-posts-widget
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.21
- Severity Score:
- Medium
- CVE:
- 2025-39549
Sign-up Sheets
- Plugin:
- Sign-up Sheets
- Plugin Slug:
- sign-up-sheets
- Installations
- 1,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 2.3.1
- Severity Score:
- Medium
- CVE:
- 2025-26996
Smart Maintenance Mode
- Plugin:
- Smart Maintenance Mode
- Plugin Slug:
- smart-maintenance-mode
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.2
- Severity Score:
- Medium
- CVE:
- 2024-12683
Tourfic Toolkit
- Plugin:
- Tourfic Toolkit
- Plugin Slug:
- travelfic-toolkit
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2025-39585
Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
- Plugin:
- Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
- Plugin Slug:
- ultimate-store-kit
- Installations
- 1,000+
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- 2.4.1
- Severity Score:
- Critical
- CVE:
- 2025-39588
Ever Accounting – WordPress Accounting and Invoice Plugin
- Plugin Slug:
- wp-ever-accounting
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.6
- Severity Score:
- Medium
- CVE:
- 2025-39593
Integration for WooCommerce and QuickBooks
- Plugin Slug:
- wp-woocommerce-quickbooks
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2025-39600
WPCasa
- Plugin:
- WPCasa
- Plugin Slug:
- wpcasa
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2025-39575
Zephyr Project Manager
- Plugin:
- Zephyr Project Manager
- Plugin Slug:
- zephyr-project-manager
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.201
- Severity Score:
- Medium
- CVE:
- 2025-39552
Arigato Autoresponder and Newsletter
- Plugin Slug:
- bft-autoresponder
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.2.5
- Severity Score:
- High
- CVE:
- 2025-39594
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
- Plugin Slug:
- booking-and-rental-manager-for-woocommerce
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.9
- Severity Score:
- Medium
- CVE:
- 2025-39457
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 900+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.0.10
- Severity Score:
- Medium
- CVE:
- 2025-39553
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.24
- Severity Score:
- Medium
- CVE:
- 2025-39555
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages
- Plugin Slug:
- landing-page-cat
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.9
- Severity Score:
- High
- CVE:
- 2025-26992
Taskbuilder – WordPress Project & Task Management plugin
- Plugin Slug:
- taskbuilder
- Installations
- 900+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.0.2
- Severity Score:
- High
- CVE:
- 2025-39569
Checkout for PayPal
- Plugin:
- Checkout for PayPal
- Plugin Slug:
- checkout-for-paypal
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.39
- Severity Score:
- Medium
- CVE:
- 2025-39572
OTP-less one tap Sign in
- Plugin:
- OTP-less one tap Sign in
- Plugin Slug:
- otpless
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.59
- Severity Score:
- High
- CVE:
- 2025-32622
BERTHA AI. Your AI co-pilot for WordPress and Chrome
- Plugin Slug:
- bertha-ai-free
- Installations
- 600+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 1.12.11
- Severity Score:
- High
- CVE:
- 2025-39583
Bring Fraktguiden for WooCommerce
- Plugin Slug:
- bring-fraktguiden-for-woocommerce
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.11.5
- Severity Score:
- Medium
- CVE:
- 2025-39559
Verge3D Publishing and E-Commerce
- Plugin Slug:
- verge3d
- Installations
- 600+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.9.3
- Severity Score:
- Medium
- CVE:
- 2025-39443
Cloak Front End Email
- Plugin:
- Cloak Front End Email
- Plugin Slug:
- cloak-front-end-email
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.6
- Severity Score:
- High
- CVE:
- 2025-26968
Quentn WP
- Plugin:
- Quentn WP
- Plugin Slug:
- quentn-wp
- Installations
- 500+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.2.9
- Severity Score:
- Critical
- CVE:
- 2025-39595
Quentn WP
- Plugin:
- Quentn WP
- Plugin Slug:
- quentn-wp
- Installations
- 500+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.2.9
- Severity Score:
- Critical
- CVE:
- 2025-39596
Subscribe to Unlock Lite – Opt In Content Locker Plugin for WordPress
- Plugin Slug:
- subscribe-to-unlock-lite
- Installations
- 500+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2025-39592
Web Directory Free
- Plugin:
- Web Directory Free
- Plugin Slug:
- web-directory-free
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.9
- Severity Score:
- High
- CVE:
- 2025-39567
WP Subscription Forms – Subscription Form Plugin for WordPress
- Plugin Slug:
- wp-subscription-forms
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.4
- Severity Score:
- Medium
- CVE:
- 2025-39591
Administrator Z
- Plugin:
- Administrator Z
- Plugin Slug:
- administrator-z
- Installations
- 400+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 2025.03.30
- Severity Score:
- Medium
- CVE:
- 2025-39598
Administrator Z
- Plugin:
- Administrator Z
- Plugin Slug:
- administrator-z
- Installations
- 400+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2025.03.27
- Severity Score:
- High
- CVE:
- 2025-26959
Custom CSS, JS & PHP
- Plugin:
- Custom CSS, JS & PHP
- Plugin Slug:
- custom-css
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.4.2
- Severity Score:
- Critical
- CVE:
- 2025-39601
Uix Shortcodes
- Plugin:
- Uix Shortcodes
- Plugin Slug:
- uix-shortcodes
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.5
- Severity Score:
- Medium
- CVE:
- 2025-39574
Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages
- Plugin:
- Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages
- Plugin Slug:
- embedding-barcodes-into-product-pages-and-orders
- Installations
- 300+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 2.0.5
- Severity Score:
- High
- CVE:
- 2025-32929
Sell access, Automate, and add Engaging Exclusive Discord Access: Introducing the MemberPress Discord Addon — Elevate Your Community!
- Plugin Slug:
- expresstechsoftwares-memberpress-discord-add-on
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.2
- Severity Score:
- High
- CVE:
- 2025-32605
Fast eBay Listings
- Plugin:
- Fast eBay Listings
- Plugin Slug:
- fast-ebay-listings
- Installations
- 300+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 2.12.16
- Severity Score:
- Medium
- CVE:
- 2025-39597
TableOn – WordPress Posts Table Filterable
- Plugin Slug:
- posts-table-filterable
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.4
- Severity Score:
- High
- CVE:
- 2025-32592
SB Chart block
- Plugin:
- SB Chart block
- Plugin Slug:
- sb-chart-block
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
- 2025-3661
Tax Switch for WooCommerce
- Plugin:
- Tax Switch for WooCommerce
- Plugin Slug:
- tax-switch-for-woocommerce
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.3
- Severity Score:
- Medium
- CVE:
- 2025-3814
WP Logger
- Plugin:
- WP Logger
- Plugin Slug:
- wp-data-logger
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2025-39456
AdminQuickbar
- Plugin:
- AdminQuickbar
- Plugin Slug:
- adminquickbar
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.2
- Severity Score:
- High
- CVE:
- 2025-39464
Feedify – Web Push Notifications
- Plugin:
- Feedify – Web Push Notifications
- Plugin Slug:
- push-notification-by-feedify
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.6
- Severity Score:
- High
- CVE:
- 2025-32540
Total processing card payments for WooCommerce
- Plugin Slug:
- totalprocessing-card-payments
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.7
- Severity Score:
- High
- CVE:
- 2025-32513
Dashi
- Plugin:
- Dashi
- Plugin Slug:
- dashi
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.9
- Severity Score:
- Medium
- CVE:
- 2025-39580
WordPress Internal Link Optimiser
- Plugin Slug:
- internal-link-finder
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.1.4
- Severity Score:
- High
- CVE:
- 2025-39547
IP2Location Variables
- Plugin:
- IP2Location Variables
- Plugin Slug:
- ip2location-variables
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.9.6
- Severity Score:
- High
- CVE:
- 2025-39455
Right Click Disable OR Ban
- Plugin:
- Right Click Disable OR Ban
- Plugin Slug:
- right-click-disable-or-ban
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.0
- Severity Score:
- High
- CVE:
- 2025-39548
Verowa Connect
- Plugin:
- Verowa Connect
- Plugin Slug:
- verowa-connect
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.5
- Severity Score:
- High
- CVE:
- 2025-32609
Email Notifications for Updates
- Plugin:
- Email Notifications for Updates
- Plugin Slug:
- wp-update-mail-notification
- Installations
- 100+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.2.0
- Severity Score:
- High
- CVE:
- 2025-26741
Material Dashboard
- Plugin:
- Material Dashboard
- Plugin Slug:
- material-dashboard
- Installations
- 80+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.4.7
- Severity Score:
- Critical
- CVE:
- 2025-32486
AI Text to Speech – TTS Plugin For WordPress
- Plugin Slug:
- ai-text-to-speech
- Installations
- 70+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.4
- Severity Score:
- Medium
- CVE:
- 2025-39554
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout
- Plugin Slug:
- support-x
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.8
- Severity Score:
- High
- CVE:
- 2025-39558
Hostel
- Plugin:
- Hostel
- Plugin Slug:
- hostel
- Installations
- 60+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.5.7
- Severity Score:
- High
- CVE:
- 2025-39566
StoreContrl Woocommerce
- Plugin:
- StoreContrl Woocommerce
- Plugin Slug:
- storecontrl-wp-connection
- Installations
- 60+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 4.1.4
- Severity Score:
- High
- CVE:
- 2025-39568
Smart Agreements
- Plugin:
- Smart Agreements
- Plugin Slug:
- smart-agreements
- Installations
- 40+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.0.4
- Severity Score:
- High
- CVE:
- 2025-39462
Payment Form for PayPal Pro
- Plugin:
- Payment Form for PayPal Pro
- Plugin Slug:
- payment-form-for-paypal-pro
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.73
- Severity Score:
- Medium
- CVE:
- 2025-39562
AnalyticsWP
- Plugin:
- AnalyticsWP
- Plugin Slug:
- analyticswp
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.1.5
- Severity Score:
- Critical
- CVE:
- 2025-39389
Booster Plus for WooCommerce
- Plugin:
- Booster Plus for WooCommerce
- Plugin Slug:
- booster-plus-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.2.5
- Severity Score:
- High
- CVE:
- 2025-39446
FS Poster
- Plugin:
- FS Poster
- Plugin Slug:
- fs-poster
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.1.8
- Severity Score:
- High
- CVE:
- 2025-30960
JetBlocks For Elementor
- Plugin:
- JetBlocks For Elementor
- Plugin Slug:
- jet-blocks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.16.1
- Severity Score:
- High
- CVE:
- 2025-39451
JetBlog
- Plugin:
- JetBlog
- Plugin Slug:
- jet-blog
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.3.1
- Severity Score:
- High
- CVE:
- 2025-26958
JetElements For Elementor
- Plugin:
- JetElements For Elementor
- Plugin Slug:
- jet-elements
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.4.2
- Severity Score:
- High
- CVE:
- 2025-39447
JetElements For Elementor
- Plugin:
- JetElements For Elementor
- Plugin Slug:
- jet-elements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.4.2
- Severity Score:
- Medium
- CVE:
- 2025-39448
JetMenu
- Plugin:
- JetMenu
- Plugin Slug:
- jet-menu
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.9.1
- Severity Score:
- High
- CVE:
- 2025-26953
JetPopup
- Plugin:
- JetPopup
- Plugin Slug:
- jet-popup
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.12
- Severity Score:
- High
- CVE:
- 2025-26944
JetReviews
- Plugin:
- JetReviews
- Plugin Slug:
- jet-reviews
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.3.7
- Severity Score:
- High
- CVE:
- 2025-39396
JetTabs
- Plugin:
- JetTabs
- Plugin Slug:
- jet-tabs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.8
- Severity Score:
- Medium
- CVE:
- 2025-39450
JetTricks
- Plugin:
- JetTricks
- Plugin Slug:
- jet-tricks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.1.1
- Severity Score:
- High
- CVE:
- 2025-26942
JetWooBuilder
- Plugin:
- JetWooBuilder
- Plugin Slug:
- jet-woo-builder
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.18.1
- Severity Score:
- High
- CVE:
- 2025-39449
CLEVER
- Plugin:
- CLEVER
- Plugin Slug:
- lbg-audio11-html5-shoutcast_history
- Vulnerability:
- Path Traversal
- Patched in Version:
- 2.5
- Severity Score:
- High
- CVE:
- 2025-3103
Live Forms
- Plugin:
- Live Forms
- Plugin Slug:
- liveforms
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.8.5
- Severity Score:
- Medium
- CVE:
- 2025-39560
Smart Product Review
- Plugin:
- Smart Product Review
- Plugin Slug:
- smart-product-review
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.0.5
- Severity Score:
- Critical
- CVE:
- 2021-4455
Super Store Finder
- Plugin:
- Super Store Finder
- Plugin Slug:
- superstorefinder-wp
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.5
- Severity Score:
- Critical
- CVE:
- 2025-39445
Tourmaster
- Plugin:
- Tourmaster
- Plugin Slug:
- tourmaster
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.1
- Severity Score:
- High
- CVE:
- 2025-32923
Unlimited Timeline
- Plugin:
- Unlimited Timeline
- Plugin Slug:
- unlimited-timeline
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.1
- Severity Score:
- High
- CVE:
- 2025-27008
UrbanGo Membership
- Plugin:
- UrbanGo Membership
- Plugin Slug:
- urbango-membership
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.1
- Severity Score:
- Critical
- CVE:
- 2025-3278
User Registration & Membership Pro
- Plugin:
- User Registration & Membership Pro
- Plugin Slug:
- user-registration-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.2.0
- Severity Score:
- Medium
- CVE:
- 2025-3284
Vitepos
- Plugin:
- Vitepos
- Plugin Slug:
- vitepos-lite
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 3.1.8
- Severity Score:
- High
- CVE:
- 2025-39535
Advanced Google Maps
- Plugin:
- Advanced Google Maps
- Plugin Slug:
- wp-google-map-gold
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.8.5
- Severity Score:
- Medium
- CVE:
- 2025-39465
Wp Staging Pro
- Plugin:
- Wp Staging Pro
- Plugin Slug:
- wp-staging-pro
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.1.3
- Severity Score:
- Medium
- CVE:
- 2025-3104
WordPress Themes — 9 Patched / 16 Unpatched
Arrival
- Theme:
- Arrival
- Theme Slug:
- arrival
- Downloads
- 126,390
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32921
CWW Portfolio
- Theme:
- CWW Portfolio
- Theme Slug:
- cww-portfolio
- Downloads
- 85,610
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39359
Grace Mag
- Theme:
- Grace Mag
- Theme Slug:
- grace-mag
- Downloads
- 70,093
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39360
Opstore
- Theme:
- Opstore
- Theme Slug:
- opstore
- Downloads
- 82,183
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39387
Sirat
- Theme:
- Sirat
- Theme Slug:
- sirat
- Downloads
- 355,294
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39385
Xews Lite
- Theme:
- Xews Lite
- Theme Slug:
- xews-lite
- Downloads
- 14,599
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39383
Altair
- Theme:
- Altair
- Theme Slug:
- altair
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32928
Celestial Aura
- Theme:
- Celestial Aura
- Theme Slug:
- celestial-aura
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-26892
CiyaShop
- Theme:
- CiyaShop
- Theme Slug:
- ciyashop
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39349
Eximius
- Theme:
- Eximius
- Theme Slug:
- eximius
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-26872
Grand Restaurant WordPress
- Theme:
- Grand Restaurant WordPress
- Theme Slug:
- grandrestaurant
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39348
Grand Restaurant WordPress
- Theme:
- Grand Restaurant WordPress
- Theme Slug:
- grandrestaurant
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39352
Grand Restaurant WordPress
- Theme:
- Grand Restaurant WordPress
- Theme Slug:
- grandrestaurant
- Vulnerability:
- Path Traversal
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32926
Grand Restaurant WordPress
- Theme:
- Grand Restaurant WordPress
- Theme Slug:
- grandrestaurant
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39351
Grand Restaurant WordPress
- Theme:
- Grand Restaurant WordPress
- Theme Slug:
- grandrestaurant
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39353
Grip
- Theme:
- Grip
- Theme Slug:
- grip
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26735
Betheme
- Theme:
- Betheme
- Theme Slug:
- betheme
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 28.0.4
- Severity Score:
- Medium
- CVE:
- 2025-3077
Dessau
- Theme:
- Dessau
- Theme Slug:
- dessau
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.9
- Severity Score:
- High
- CVE:
- 2025-39463
Dør
- Theme:
- Dør
- Theme Slug:
- dor
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.4.1
- Severity Score:
- High
- CVE:
- 2025-39466
Eduma
- Theme:
- Eduma
- Theme Slug:
- eduma
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.6.5
- Severity Score:
- Medium
- CVE:
- 2025-39460
Foton
- Theme:
- Foton
- Theme Slug:
- foton
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.6.1
- Severity Score:
- High
- CVE:
- 2025-39458
Ivy School
- Theme:
- Ivy School
- Theme Slug:
- ivy-school
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.6.1
- Severity Score:
- High
- CVE:
- 2025-39470
Real Estate 7
- Theme:
- Real Estate 7
- Theme Slug:
- realestate-7
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.5.3
- Severity Score:
- High
- CVE:
- 2025-39459
Tastyc
- Theme:
- Tastyc
- Theme Slug:
- tastyc
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.5.2
- Severity Score:
- High
- CVE:
- 2025-27010
Wanderland
- Theme:
- Wanderland
- Theme Slug:
- wanderland
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.7.2
- Severity Score:
- High
- CVE:
- 2025-39467
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
