In this report, 191 vulnerabilities have been publicly disclosed. Security patches for 93 of these plugins and themes are now available, so please run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 98 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.2 was released on July 15, 2025. This maintenance release includes fixes for 20 Core tickets and 15 Block Editor issues. For a full list of bug fixes, please refer to the release candidate announcement.
WordPress Plugins — 81 Patched / 93 Unpatched
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations
- 8,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53340
EventON – Events Calendar
- Plugin:
- EventON – Events Calendar
- Plugin Slug:
- eventon-lite
- Installations
- 6,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8091
Simple Login Log
- Plugin:
- Simple Login Log
- Plugin Slug:
- simple-login-log
- Installations
- 6,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49438
Thank You Page Customizer for WooCommerce – Increase Your Sales
- Plugin Slug:
- woo-thank-you-page-customizer
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30993
WP Emmet
- Plugin:
- WP Emmet
- Plugin Slug:
- wp-emmet
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49894
Contact Info Widget
- Plugin:
- Contact Info Widget
- Plugin Slug:
- simple-contact-info-widget
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49891
Add Custom Codes – Insert Header, Footer, Custom PHP Snippets, CSS, Javascript
- Plugin Slug:
- add-custom-codes
- Installations
- 1,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30975
StoryChief
- Plugin:
- StoryChief
- Plugin Slug:
- story-chief
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-7441
Cookie Warning
- Plugin:
- Cookie Warning
- Plugin Slug:
- cookie-warning
- Installations
- 900+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49426
Cookie Warning
- Plugin:
- Cookie Warning
- Plugin Slug:
- cookie-warning
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49428
Page Transition
- Plugin:
- Page Transition
- Plugin Slug:
- page-transition
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49412
WP Discord Post Plus – Supports Unlimited Channels
- Plugin Slug:
- wp-discord-post-plus
- Installations
- 900+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49896
AL Pack
DigitalOcean Spaces Sync
- Plugin:
- DigitalOcean Spaces Sync
- Plugin Slug:
- do-spaces-sync
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49047
Inspectlet – User Session Recording and Heatmaps
- Plugin Slug:
- inspectlet-heatmaps-and-user-session-recording
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49048
Terms of Service & Privacy Policy Generator
- Plugin Slug:
- terms-of-service-and-privacy-policy
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49413
iframe Wrapper
- Plugin:
- iframe Wrapper
- Plugin Slug:
- iframe-wrapper
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49422
Essential Doo Components for Visual Composer
- Plugin Slug:
- animated-icon-banner-for-visual-composer
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49424
Build App Online
- Plugin:
- Build App Online
- Plugin Slug:
- build-app-online
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53249
Custom Menu
- Plugin:
- Custom Menu
- Plugin Slug:
- custom-menu
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49436
Hide Text Shortcode
- Plugin:
- Hide Text Shortcode
- Plugin Slug:
- hide-text-shortcode
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49051
Laposta WooCommerce
- Plugin:
- Laposta WooCommerce
- Plugin Slug:
- laposta-woocommerce
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49434
WP Pipes
- Plugin:
- WP Pipes
- Plugin Slug:
- wp-pipes
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28977
CF7 Spreadsheets
- Plugin:
- CF7 Spreadsheets
- Plugin Slug:
- cf7-spreadsheets
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50040
CodeablePress: Simple Frontend Profile Picture Upload
- Plugin Slug:
- codeablepress-simple-frontend-profile-picture-upload
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53221
Embed Bokun
- Plugin:
- Embed Bokun
- Plugin Slug:
- embed-bokun
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6221
Forms
- Plugin:
- Forms
- Plugin Slug:
- forms-by-made-it
- Installations
- 100+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-24775
Netease Music
- Plugin:
- Netease Music
- Plugin Slug:
- netease-music
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49052
Project Cost Calculator
- Plugin:
- Project Cost Calculator
- Plugin Slug:
- project-cost-calculator
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52775
Time Sheets
- Plugin:
- Time Sheets
- Plugin Slug:
- time-sheets
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49054
WP-Database-Optimizer-Tools
- Plugin:
- WP-Database-Optimizer-Tools
- Plugin Slug:
- wp-database-optimizer-tools
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53219
WP Dynamic Links
- Plugin:
- WP Dynamic Links
- Plugin Slug:
- wp-dynamic-links
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49038
Authentication and xmlrpc log writer
- Plugin Slug:
- authentication-and-xmlrpc-log-writer
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49037
Infility Global
- Plugin:
- Infility Global
- Plugin Slug:
- infility-global
- Installations
- 80+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47650
Premium Addons for KingComposer
- Plugin:
- Premium Addons for KingComposer
- Plugin Slug:
- premium-addons-for-kingcomposer
- Installations
- 70+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49036
Simplified Plugin
- Plugin:
- Simplified Plugin
- Plugin Slug:
- simplified
- Installations
- 70+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53241
WP Voting
- Plugin:
- WP Voting
- Plugin Slug:
- wp-voting
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49057
Jenga Payment Gateway for WooCommerce
- Plugin Slug:
- woo-jenga-payment-gateway
- Installations
- 50+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49432
WordPress StoryMap Plugin
- Plugin:
- WordPress StoryMap Plugin
- Plugin Slug:
- wp-storymap
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52797
AWStats Script
- Plugin:
- AWStats Script
- Plugin Slug:
- awstats-script
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49890
Custom Comment
- Plugin:
- Custom Comment
- Plugin Slug:
- customcomment
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49889
WP Airdrop Manager
- Plugin:
- WP Airdrop Manager
- Plugin Slug:
- airdrop
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49053
Elizaibots
- Plugin:
- Elizaibots
- Plugin Slug:
- elizaibot-chatbots
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49893
Vertical scroll slideshow gallery v2
- Plugin Slug:
- vertical-scroll-slideshow-gallery-v2
- Installations
- 20+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49897
Dropshix
- Plugin:
- Dropshix
- Plugin Slug:
- dropshipping-xox
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49898
Simple Poll
- Plugin:
- Simple Poll
- Plugin Slug:
- simple-poll
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49044
SoundSt SEO Search
- Plugin:
- SoundSt SEO Search
- Plugin Slug:
- soundst-seo-search
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49058
Video Expander
- Plugin:
- Video Expander
- Plugin Slug:
- video-expander
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-52771
Add User Meta
- Plugin:
- Add User Meta
- Plugin Slug:
- add-user-meta
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7688
Simple Responsive Slider
- Plugin:
- Simple Responsive Slider
- Plugin Slug:
- addi-simple-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8690
Alobaidi Captcha
- Plugin:
- Alobaidi Captcha
- Plugin Slug:
- alobaidi-captcha
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8080
Anber Elementor Addon
- Plugin:
- Anber Elementor Addon
- Plugin Slug:
- anber-elementor-addon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7440
Assistant for NextGEN Gallery
- Plugin:
- Assistant for NextGEN Gallery
- Plugin Slug:
- assistant-for-nextgen-gallery
- Vulnerability:
- Path Traversal
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7641
bizcalendar-web
- Plugin:
- bizcalendar-web
- Plugin Slug:
- bizcalendar-web
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7650
Blog Designer PRO
- Plugin:
- Blog Designer PRO
- Plugin Slug:
- blog-designer-pro
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47695
CBX Restaurant Booking
- Plugin:
- CBX Restaurant Booking
- Plugin Slug:
- cbx-restaurant-booking
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7965
CleverReach® WP
- Plugin:
- CleverReach® WP
- Plugin Slug:
- cleverreach-wp
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-7036
CleverReach® WP
- Plugin:
- CleverReach® WP
- Plugin Slug:
- cleverreach-wp
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-49059
Earnware Connect
- Plugin:
- Earnware Connect
- Plugin Slug:
- earnware-connect
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7651
elink – Embed Content
- Plugin:
- elink – Embed Content
- Plugin Slug:
- elink-embed-content
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7507
flexo-social-gallery
- Plugin:
- flexo-social-gallery
- Plugin Slug:
- flexo-social-gallery
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-52769
Ultimate Video Player
- Plugin:
- Ultimate Video Player
- Plugin Slug:
- fwduvp
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49432
Gestion de tarifs
- Plugin:
- Gestion de tarifs
- Plugin Slug:
- gestion-tarifs
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7662
GMap Generator
- Plugin:
- GMap Generator
- Plugin Slug:
- gmap-venturit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8568
WPGYM
- Plugin:
- WPGYM
- Plugin Slug:
- gym-management
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3671
WPGYM
- Plugin:
- WPGYM
- Plugin Slug:
- gym-management
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6080
Icons Factory
- Plugin:
- Icons Factory
- Plugin Slug:
- icons-factory
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7778
Inline Stock Quotes
- Plugin:
- Inline Stock Quotes
- Plugin Slug:
- inline-stock-quotes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8688
Intl DateTime Calendar
- Plugin:
- Intl DateTime Calendar
- Plugin Slug:
- intl-datetime-calendar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8293
Last.fm Recent Album Artwork
- Plugin:
- Last.fm Recent Album Artwork
- Plugin Slug:
- lastfm-recent-album-artwork
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7684
LatestCheckins
- Plugin:
- LatestCheckins
- Plugin Slug:
- latestcheckins
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7683
Linux Promotional Plugin
- Plugin:
- Linux Promotional Plugin
- Plugin Slug:
- linux-promotional-plugin
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7668
Mosaic Generator
- Plugin:
- Mosaic Generator
- Plugin Slug:
- mosaic-generator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8621
NetInsight Analytics Implementation Plugin
- Plugin:
- NetInsight Analytics Implementation Plugin
- Plugin Slug:
- netinsight-analytics-implementation-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52765
NetInsight Analytics Implementation Plugin
- Plugin:
- NetInsight Analytics Implementation Plugin
- Plugin Slug:
- netinsight-analytics-implementation-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-52767
Pending Order Bot
- Plugin:
- Pending Order Bot
- Plugin Slug:
- pending-order-bot
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49892
Radius Blocks
- Plugin:
- Radius Blocks
- Plugin Slug:
- radius-blocks
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5844
RT Easy Builder – Advanced addons for Elementor
- Plugin:
- RT Easy Builder – Advanced addons for Elementor
- Plugin Slug:
- rt-easy-builder-advanced-addons-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8462
School Management
- Plugin:
- School Management
- Plugin Slug:
- school-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-12612
School Management
- Plugin:
- School Management
- Plugin Slug:
- school-management
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49895
School Management
- Plugin:
- School Management
- Plugin Slug:
- school-management
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49896
School Management
- Plugin:
- School Management
- Plugin Slug:
- school-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49898
School Management
- Plugin:
- School Management
- Plugin Slug:
- school-management
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31100
ServerBuddy by PluginBuddy.com
- Plugin:
- ServerBuddy by PluginBuddy.com
- Plugin Slug:
- serverbuddy-by-pluginbuddy
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49895
Surbma | Recent Comments Shortcode
- Plugin:
- Surbma | Recent Comments Shortcode
- Plugin Slug:
- surbma-recent-comments-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7649
Thim Core
- Plugin:
- Thim Core
- Plugin Slug:
- thim-core
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53344
Thim Core
- Plugin:
- Thim Core
- Plugin Slug:
- thim-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53346
WooCommerce Purchase Orders
- Plugin:
- WooCommerce Purchase Orders
- Plugin Slug:
- wc-purchase-orders
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-5391
weichuncai(WP???)
- Plugin:
- weichuncai(WP???)
- Plugin Slug:
- weichuncai
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7686
Wp chart generator
- Plugin:
- Wp chart generator
- Plugin Slug:
- wp-chart-generator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8685
JobSearch
- Plugin:
- JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52806
WP Private Content Plus
- Plugin:
- WP Private Content Plus
- Plugin Slug:
- wp-private-content-plus
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4390
Plugin README Parser
- Plugin:
- Plugin README Parser
- Plugin Slug:
- wp-readme-parser
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8720
Elementor Website Builder – More Than Just a Page Builder
- Plugin Slug:
- elementor
- Installations
- 10,000,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 3.30.3
- Severity Score:
- Medium
- CVE:
- 2025-8081
Essential Addons for Elementor – Popular Elementor Templates & Widgets
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.2.3
- Severity Score:
- Medium
- CVE:
- 2025-8451
WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin
- Plugin Slug:
- wp-statistics
- Installations
- 600,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 14.15.2
- Severity Score:
- Medium
- CVE:
- 2025-55716
Advanced File Manager – Ultimate WP File Manager And Document Library Solution
- Plugin Slug:
- file-manager-advanced
- Installations
- 200,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 5.4.0
- Severity Score:
- Medium
- CVE:
- 2025-0818
File Manager Pro – Filester
- Plugin:
- File Manager Pro – Filester
- Plugin Slug:
- filester
- Installations
- 100,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.9
- Severity Score:
- Medium
- CVE:
- 2025-0818
Kadence WooCommerce Email Designer
- Plugin Slug:
- kadence-woocommerce-email-designer
- Installations
- 100,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.5.17
- Severity Score:
- High
- CVE:
- 2025-54697
Simple Local Avatars
- Plugin:
- Simple Local Avatars
- Plugin Slug:
- simple-local-avatars
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.5
- Severity Score:
- Medium
- CVE:
- 2025-8482
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.14
- Severity Score:
- Medium
- CVE:
- 2025-55712
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
- Plugin Slug:
- wp-user-avatar
- Installations
- 100,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 4.16.5
- Severity Score:
- Medium
- CVE:
- 2025-8878
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 80,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.1.94
- Severity Score:
- High
- CVE:
- 2025-6715
Media Library Assistant
- Plugin:
- Media Library Assistant
- Plugin Slug:
- media-library-assistant
- Installations
- 70,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.28
- Severity Score:
- Medium
- CVE:
- 2025-8357
WPC Smart Compare for WooCommerce
- Plugin Slug:
- woo-smart-compare
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.8
- Severity Score:
- Medium
- CVE:
- 2025-7496
Drag and Drop Multiple File Upload for Contact Form 7
- Plugin Slug:
- drag-and-drop-multiple-file-upload-contact-form-7
- Installations
- 60,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 1.3.9.1
- Severity Score:
- Medium
- CVE:
- 2025-8464
WP Table Builder – WordPress Table Plugin
- Plugin Slug:
- wp-table-builder
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.13
- Severity Score:
- Medium
- CVE:
- 2025-55711
Advanced iFrame
- Plugin:
- Advanced iFrame
- Plugin Slug:
- advanced-iframe
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2025.7
- Severity Score:
- Medium
- CVE:
- 2025-8089
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
- Plugin Slug:
- profile-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.14.4
- Severity Score:
- Medium
- CVE:
- 2025-8896
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
- Plugin Slug:
- simple-tags
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.37.3
- Severity Score:
- Medium
- CVE:
- 2025-55710
Structured Content (JSON-LD) #wpsc
- Plugin Slug:
- structured-content
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.0
- Severity Score:
- Medium
- CVE:
- 2025-3414
Visual Composer Website Builder
- Plugin:
- Visual Composer Website Builder
- Plugin Slug:
- visualcomposer
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 45.15.0
- Severity Score:
- Medium
- CVE:
- 2025-55709
BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers
- Plugin Slug:
- betterdocs
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.2
- Severity Score:
- Medium
- CVE:
- 2025-7499
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
- Plugin Slug:
- master-addons
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.9.1
- Severity Score:
- Medium
- CVE:
- 2025-8874
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
- Plugin Slug:
- quiz-master-next
- Installations
- 40,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 10.2.3
- Severity Score:
- Medium
- CVE:
- 2025-6790
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
- Plugin Slug:
- quiz-master-next
- Installations
- 40,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 10.2.5
- Severity Score:
- High
- CVE:
- 2025-55708
UiCore Elements – Free Elementor widgets and templates
- Plugin Slug:
- uicore-elements
- Installations
- 40,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2025-6253
FunnelKit – Funnel Builder for WooCommerce Checkout
- Plugin Slug:
- funnel-builder
- Installations
- 30,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.11.1
- Severity Score:
- High
- CVE:
- 2025-7654
PPWP – Password Protect WordPress | #1 Most-Reviewed Password Plugin
- Plugin Slug:
- password-protect-page
- Installations
- 30,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.9.11
- Severity Score:
- Medium
- CVE:
- 2025-5998
Welcart e-Commerce
- Plugin:
- Welcart e-Commerce
- Plugin Slug:
- usc-e-shop
- Installations
- 20,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.11.17
- Severity Score:
- High
- CVE:
- 2025-54012
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
- Plugin Slug:
- wp-marketing-automations
- Installations
- 20,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.6.4
- Severity Score:
- High
- CVE:
- 2025-7654
Frontend Admin by DynamiApps
- Plugin:
- Frontend Admin by DynamiApps
- Plugin Slug:
- acf-frontend-form-element
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.28.5
- Severity Score:
- High
- CVE:
- 2025-49267
Bit Form – Custom Contact Form, Multi Step, Conversational, Payment & Quiz Form builder
- Plugin Slug:
- bit-form
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.20.4
- Severity Score:
- Critical
- CVE:
- 2025-6679
Graphina – Elementor Charts and Graphs
- Plugin Slug:
- graphina-elementor-charts-and-graphs
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.4
- Severity Score:
- Medium
- CVE:
- 2025-8867
Quttera Web Malware Scanner
- Plugin:
- Quttera Web Malware Scanner
- Plugin Slug:
- quttera-web-malware-scanner
- Installations
- 10,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.5.2.1
- Severity Score:
- Low
- CVE:
- 2025-8013
Shortcode Redirect
- Plugin:
- Shortcode Redirect
- Plugin Slug:
- shortcode-redirect
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.03
- Severity Score:
- Medium
- CVE:
- 2025-54746
Eventin – AI Powered Event Manager, Events Calendar, Booking and Tickets Plugin
- Plugin Slug:
- wp-event-solution
- Installations
- 10,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.0.32
- Severity Score:
- High
- CVE:
- 2025-49869
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates
- Plugin Slug:
- the-plus-addons-for-block-editor
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.5
- Severity Score:
- Medium
- CVE:
- 2025-8567
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates
- Plugin Slug:
- the-plus-addons-for-block-editor
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.5.5
- Severity Score:
- Medium
- CVE:
- 2025-54739
Flexible Map
- Plugin:
- Flexible Map
- Plugin Slug:
- wp-flexible-map
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.19.0
- Severity Score:
- Medium
- CVE:
- 2025-8622
Dynamic Pricing With Discount Rules for WooCommerce
- Plugin Slug:
- aco-woo-dynamic-pricing
- Installations
- 7,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 4.5.10
- Severity Score:
- Critical
- CVE:
- 2025-47588
Poll Maker – Versus Polls, Anonymous Polls, Image Polls
- Plugin Slug:
- poll-maker
- Installations
- 7,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.9.0
- Severity Score:
- Medium
- CVE:
- 2024-12575
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
- Plugin Slug:
- print-my-blog
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.27.10
- Severity Score:
- Medium
- CVE:
- 2025-54740
B Slider – Responsive Image Slider
- Plugin Slug:
- b-slider
- Installations
- 5,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.0.1
- Severity Score:
- Medium
- CVE:
- 2025-8680
B Slider – Responsive Image Slider
- Plugin Slug:
- b-slider
- Installations
- 5,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.1
- Severity Score:
- Medium
- CVE:
- 2025-8676
CM Search And Replace – Optimize content edits with a powerful search and replace tool
- Plugin Slug:
- cm-on-demand-search-and-replace
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- CVE:
- 2025-54727
CM Search And Replace – Optimize content edits with a powerful search and replace tool
- Plugin Slug:
- cm-on-demand-search-and-replace
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- CVE:
- 2025-54728
Embedder for Google Reviews
- Plugin:
- Embedder for Google Reviews
- Plugin Slug:
- embedder-for-google-reviews
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.4
- Severity Score:
- Medium
- CVE:
- 2025-54730
Appointment Booking & Scheduling Plugin — Webba Booking Calendar
- Plugin Slug:
- webba-booking-lite
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.0.6
- Severity Score:
- Medium
- CVE:
- 2025-54729
WP Shopify
- Plugin:
- WP Shopify
- Plugin Slug:
- wp-shopify
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.4
- Severity Score:
- High
- CVE:
- 2025-7808
Premium Packages – Sell Digital Products Securely
- Plugin Slug:
- wpdm-premium-packages
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.0.3
- Severity Score:
- Medium
- CVE:
- 2025-54732
Online Booking & Scheduling Calendar for WordPress by vcita
- Plugin Slug:
- meeting-scheduler-by-vcita
- Installations
- 2,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.5.5
- Severity Score:
- Critical
- CVE:
- 2025-54677
oik
- Plugin:
- oik
- Plugin Slug:
- oik
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.15.3
- Severity Score:
- High
- CVE:
- 2025-54670
Order Tip for WooCommerce
- Plugin:
- Order Tip for WooCommerce
- Plugin Slug:
- order-tip-woo
- Installations
- 2,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 1.5.5
- Severity Score:
- High
- CVE:
- 2025-6025
Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)
- Plugin:
- Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)
- Plugin Slug:
- barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.9.1
- Severity Score:
- Medium
- CVE:
- 2025-54715
Easy Elementor Addons
- Plugin:
- Easy Elementor Addons
- Plugin Slug:
- easy-elementor-addons
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.8
- Severity Score:
- Medium
- CVE:
- 2025-54712
AnWP Football Leagues
- Plugin:
- AnWP Football Leagues
- Plugin Slug:
- football-leagues-by-anwppro
- Installations
- 1,000+
- Vulnerability:
- CSV Injection
- Patched in Version:
- 0.16.18
- Severity Score:
- Medium
- CVE:
- 2025-8767
Injection Guard
- Plugin:
- Injection Guard
- Plugin Slug:
- injection-guard
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.8
- Severity Score:
- High
- CVE:
- 2025-8046
Markup Markdown
- Plugin:
- Markup Markdown
- Plugin Slug:
- markup-markdown
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.20.7
- Severity Score:
- Medium
- CVE:
- 2025-49420
Membership For WooCommerce – WordPress Membership Plugin, Restrict Content, Build Online Communities, Paywall & Content Dripping
- Plugin Slug:
- membership-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.0
- Severity Score:
- High
- CVE:
- 2025-54692
MDTF – Meta Data and Taxonomies Filter
- Plugin Slug:
- wp-meta-data-filter-and-taxonomy-filter
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.3.8
- Severity Score:
- Critical
- CVE:
- 2025-54707
12 Step Meeting List
- Plugin:
- 12 Step Meeting List
- Plugin Slug:
- 12-step-meeting-list
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.18.4
- Severity Score:
- Medium
- CVE:
- 2025-54054
B Blocks – Essential Gutenberg Blocks & Patterns Collection
- Plugin Slug:
- b-blocks
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6
- Severity Score:
- Medium
- CVE:
- 2025-54708
B Blocks – Essential Gutenberg Blocks & Patterns Collection
- Plugin Slug:
- b-blocks
- Installations
- 800+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.0.7
- Severity Score:
- Critical
- CVE:
- 2025-8059
RSS Feed Pro
- Plugin:
- RSS Feed Pro
- Plugin Slug:
- rss-feed-pro
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.9
- Severity Score:
- Medium
- CVE:
- 2025-53581
WordLift – AI powered SEO – Schema
- Plugin Slug:
- wordlift
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.54.6
- Severity Score:
- Medium
- CVE:
- 2025-53582
Cloudflare Image Resizing – Optimize & Accelerate Your Images
- Plugin Slug:
- cf-image-resizing
- Installations
- 300+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.5.7
- Severity Score:
- Critical
- CVE:
- 2025-8723
Easy restaurant menu manager
- Plugin:
- Easy restaurant menu manager
- Plugin Slug:
- easy-pdf-restaurant-menu-upload
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.3
- Severity Score:
- Medium
- CVE:
- 2025-8491
WooCommerce Fortnox Integration
- Plugin:
- WooCommerce Fortnox Integration
- Plugin Slug:
- woocommerce-fortnox-integration
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.7
- Severity Score:
- Medium
- CVE:
- 2025-47610
Primer MyData for Woocommerce
- Plugin:
- Primer MyData for Woocommerce
- Plugin Slug:
- primer-mydata
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.2.6
- Severity Score:
- High
- CVE:
- 2025-53575
Neon Channel Product Customizer Free
- Plugin Slug:
- neon-channel-product-customizer-free
- Installations
- 40+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 3.0
- Severity Score:
- High
- CVE:
- 2025-54679
Project Management, Bug and Issue Tracking Plugin – Software Issue Manager
- Plugin Slug:
- software-issue-manager
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.1
- Severity Score:
- Medium
- CVE:
- 2025-8314
Billplz Addon for Contact Form 7
- Plugin:
- Billplz Addon for Contact Form 7
- Plugin Slug:
- billplz-for-contact-form-7
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.1
- Severity Score:
- High
- CVE:
- 2025-31007
WordPress Event Manager, Event Calendar and Booking Plugin
- Plugin:
- WordPress Event Manager, Event Calendar and Booking Plugin
- Plugin Slug:
- eventin-pro
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 4.0.25
- Severity Score:
- High
- CVE:
- 2025-52731
WordPress Event Manager, Event Calendar and Booking Plugin
- Plugin:
- WordPress Event Manager, Event Calendar and Booking Plugin
- Plugin Slug:
- eventin-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.25
- Severity Score:
- Medium
- CVE:
- 2025-52730
JetElements For Elementor
- Plugin:
- JetElements For Elementor
- Plugin Slug:
- jet-elements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.9.1
- Severity Score:
- Medium
- CVE:
- 2025-55714
JetProductGallery
- Plugin:
- JetProductGallery
- Plugin Slug:
- jet-woo-product-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0.3
- Severity Score:
- Medium
- CVE:
- 2025-54749
Login with phone number
- Plugin:
- Login with phone number
- Plugin Slug:
- login-with-phone-number
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.8.48
- Severity Score:
- High
- CVE:
- 2025-8342
Real Estate Manager Pro
- Plugin:
- Real Estate Manager Pro
- Plugin Slug:
- real-estate-manager-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.7.4
- Severity Score:
- High
- CVE:
- 2025-54032
Responsive Posts Carousel WordPress Plugin
- Plugin:
- Responsive Posts Carousel WordPress Plugin
- Plugin Slug:
- responsive-posts-carousel-pro
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 15.1
- Severity Score:
- High
- CVE:
- 2025-52728
Templatera
- Plugin:
- Templatera
- Plugin Slug:
- templatera
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.0
- Severity Score:
- Medium
- CVE:
- 2025-54747
Tutor LMS Pro
- Plugin:
- Tutor LMS Pro
- Plugin Slug:
- tutor-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.7.1
- Severity Score:
- High
- CVE:
- 2025-6184
File Manager Pro
- Plugin:
- File Manager Pro
- Plugin Slug:
- wp-file-manager-pro
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 8.4.3
- Severity Score:
- Medium
- CVE:
- 2025-0818
WP Membership
- Plugin:
- WP Membership
- Plugin Slug:
- wp-membership
- Vulnerability:
- Settings Change
- Patched in Version:
- 1.6.4
- Severity Score:
- Medium
- CVE:
- 2025-54717
WordPress Themes — 12 Patched / 5 Unpatched
modernize
- Theme:
- modernize
- Theme Slug:
- modernize
- Downloads
- 59,351
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53342
modernize
- Theme:
- modernize
- Theme Slug:
- modernize
- Downloads
- 59,351
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53343
Kalium
- Theme:
- Kalium
- Theme Slug:
- kalium
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53347
Stratus
- Theme:
- Stratus
- Theme Slug:
- stratus
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53341
WP Rentals
- Theme:
- WP Rentals
- Theme Slug:
- wprentals
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-53330
Blocksy
- Theme:
- Blocksy
- Theme Slug:
- blocksy
- Downloads
- 4,877,063
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
- 2025-55713
OceanWP
The7
- Theme:
- The7
- Theme Slug:
- dt-the7
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.7.0
- Severity Score:
- Medium
- CVE:
- 2025-7726
Findgo
- Theme:
- Findgo
- Theme Slug:
- findgo
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.58
- Severity Score:
- High
- CVE:
- 2025-53587
Makeaholic
- Theme:
- Makeaholic
- Theme Slug:
- makeaholic
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.8.5
- Severity Score:
- High
- CVE:
- 2025-54700
Real Spaces
- Theme:
- Real Spaces
- Theme Slug:
- real-spaces
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.6.1
- Severity Score:
- Critical
- CVE:
- 2025-6758
Real Spaces
- Theme:
- Real Spaces
- Theme Slug:
- real-spaces
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.6
- Severity Score:
- High
- CVE:
- 2025-8218
Savoy
- Theme:
- Savoy
- Theme Slug:
- savoy
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.0.9
- Severity Score:
- Medium
- CVE:
- 2025-54736
Soledad
- Theme:
- Soledad
- Theme Slug:
- soledad
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.6.8
- Severity Score:
- Medium
- CVE:
- 2025-8143
Soledad
- Theme:
- Soledad
- Theme Slug:
- soledad
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 8.6.8
- Severity Score:
- High
- CVE:
- 2025-8142
Soledad
- Theme:
- Soledad
- Theme Slug:
- soledad
- Vulnerability:
- Content Injection
- Patched in Version:
- 8.6.8
- Severity Score:
- High
- CVE:
- 2025-8105
Unicamp
- Theme:
- Unicamp
- Theme Slug:
- unicamp
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.6.4
- Severity Score:
- High
- CVE:
- 2025-54701
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
