In this report, 293 vulnerabilities have been publicly disclosed. Security patches for 158 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 135 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.9 “Gene” was released on December 2, 2025. This release brings major upgrades to how teams collaborate and create. The new Notes feature adds block-level commenting for posts and pages, streamlining editorial reviews, while an expanded Command Palette helps power users navigate and operate across the dashboard even faster. The introduction of the Abilities API delivers a standardized, machine-readable permissions system that lays the groundwork for next-generation AI-powered and automated workflows. WordPress 6.9 also includes notable performance improvements for faster page loads, several new practical blocks, and more visual drag-and-drop tools to help creators build richer, more dynamic content.
Following a major release, you should not update live sites without first taking backups and testing the update in a non-production environment.
WordPress Plugins — 141 Patched / 133 Unpatched
Health Check & Troubleshooting
- Plugin:
- Health Check & Troubleshooting
- Plugin Slug:
- health-check
- Installations
- 300,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64253
Custom Field Template
- Plugin:
- Custom Field Template
- Plugin Slug:
- custom-field-template
- Installations
- 30,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63058
Brevo for WooCommerce
- Plugin:
- Brevo for WooCommerce
- Plugin Slug:
- woocommerce-sendinblue-newsletter-subscription
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66128
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
- Plugin Slug:
- directorist
- Installations
- 20,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64250
Page View Count
- Plugin:
- Page View Count
- Plugin Slug:
- page-views-count
- Installations
- 20,000+
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63034
Pochipp
- Plugin:
- Pochipp
- Plugin Slug:
- pochipp
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66129
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
- Plugin:
- WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
- Plugin Slug:
- wc-frontend-manager
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2025-54004
WCFM Marketplace – Multivendor Marketplace for WooCommerce
- Plugin Slug:
- wc-multivendor-marketplace
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64631
Business Directory Plugin – Easy Listing Directories for WordPress
- Plugin Slug:
- business-directory-plugin
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64630
Read More & Accordion
- Plugin:
- Read More & Accordion
- Plugin Slug:
- expand-maker
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64247
Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent
- Plugin Slug:
- gdpr-cookie-consent
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66133
King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor
- Plugin Slug:
- king-addons
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7960
Protect WP Admin
- Plugin:
- Protect WP Admin
- Plugin Slug:
- protect-wp-admin
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64249
WP User Manager – User Profile Builder & Membership
- Plugin Slug:
- wp-user-manager
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13320
Blaze Demo Importer
- Plugin:
- Blaze Demo Importer
- Plugin Slug:
- blaze-demo-importer
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13334
Essential Real Estate
- Plugin:
- Essential Real Estate
- Plugin Slug:
- essential-real-estate
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66127
Essential Real Estate
- Plugin:
- Essential Real Estate
- Plugin Slug:
- essential-real-estate
- Installations
- 8,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68071
Easy Property Listings
- Plugin:
- Easy Property Listings
- Plugin Slug:
- easy-property-listings
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64242
WP AI CoPilot – AI content writer plugin, ChatGPT WordPress, GPT-3/4 , Ai assistance
- Plugin Slug:
- ai-co-pilot-for-wp
- Installations
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62998
Accessibility by AudioEye
- Plugin:
- Accessibility by AudioEye
- Plugin Slug:
- accessibility-by-audioeye
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64246
Eupago Gateway For Woocommerce
- Plugin:
- Eupago Gateway For Woocommerce
- Plugin Slug:
- eupago-gateway-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62870
Social Photo Fetcher
- Plugin:
- Social Photo Fetcher
- Plugin Slug:
- facebook-photo-fetcher
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62872
Freshchat
- Plugin:
- Freshchat
- Plugin Slug:
- freshchat
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64240
Import external attachments
- Plugin:
- Import external attachments
- Plugin Slug:
- import-external-attachments
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64245
Just TinyMCE Custom Styles
- Plugin:
- Just TinyMCE Custom Styles
- Plugin Slug:
- just-tinymce-styles
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62871
Meks Quick Plugin Disabler
- Plugin:
- Meks Quick Plugin Disabler
- Plugin Slug:
- meks-quick-plugin-disabler
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68083
RTL Tester
- Plugin:
- RTL Tester
- Plugin Slug:
- rtl-tester
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64239
Semrush Content Toolkit
- Plugin:
- Semrush Content Toolkit
- Plugin Slug:
- semrush-contentshake
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68082
Fix Media Library
- Plugin:
- Fix Media Library
- Plugin Slug:
- wow-media-library-fix
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66126
WP Coupons and Deals – Click to Copy Coupons
- Plugin Slug:
- wp-coupons-and-deals
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64241
WP Flashy Marketing Automation
- Plugin:
- WP Flashy Marketing Automation
- Plugin Slug:
- wp-flashy-marketing-automation
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62873
WP Views Counter
- Plugin:
- WP Views Counter
- Plugin Slug:
- wpecounter
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66130
Yaad Sarig Payment Gateway For WC
- Plugin Slug:
- yaad-sarig-payment-gateway-for-wc
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66131
Ultimate WordPress Auction Plugin
- Plugin Slug:
- ultimate-auction
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66125
Ultimate WordPress Auction Plugin
- Plugin Slug:
- ultimate-auction
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68084
Leaky Paywall
- Plugin:
- Leaky Paywall
- Plugin Slug:
- leaky-paywall
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66124
Restrict Elementor Widgets, Columns and Sections
- Plugin Slug:
- restrict-elementor-widgets
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64244
Easy Notify Lite
- Plugin:
- Easy Notify Lite
- Plugin Slug:
- easy-notify-lite
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14446
FAPI Member
- Plugin:
- FAPI Member
- Plugin Slug:
- fapi-member
- Installations
- 500+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66132
Accept Stripe Payments Using Contact Form 7
- Plugin Slug:
- accept-stripe-payments-using-contact-form-7
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12834
Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus
- Plugin Slug:
- filter-plus
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13314
Flex QR Code Generator
- Plugin:
- Flex QR Code Generator
- Plugin Slug:
- flex-qr-code-generator
- Installations
- 40+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-12673
Animated Pixel Marquee Creator
- Plugin:
- Animated Pixel Marquee Creator
- Plugin Slug:
- animated-pixel-marquee-creator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14062
AnnunciFunebri Impresa
- Plugin:
- AnnunciFunebri Impresa
- Plugin Slug:
- annuncifunebri-onoranza
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14447
App Landing Template Blocks for WPBakery (Visual Composer) Page Builder
- Plugin:
- App Landing Template Blocks for WPBakery (Visual Composer) Page Builder
- Plugin Slug:
- app-template-blocks-for-wpbakery-page-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14119
Application Passwords
- Plugin:
- Application Passwords
- Plugin Slug:
- application-passwords
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13308
Ayo Shortcodes
- Plugin:
- Ayo Shortcodes
- Plugin Slug:
- ayo-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14143
Better Elementor Addons
- Plugin:
- Better Elementor Addons
- Plugin Slug:
- better-elementor-addons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12830
Hide Email Address
- Plugin:
- Hide Email Address
- Plugin Slug:
- bg-hide-email-address
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13884
BMLT WordPress Plugin
- Plugin:
- BMLT WordPress Plugin
- Plugin Slug:
- bmlt-wordpress-satellite-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14162
BUKAZU Search widget
- Plugin:
- BUKAZU Search widget
- Plugin Slug:
- bukazu-search-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13840
Buttoner for Elementor
- Plugin:
- Buttoner for Elementor
- Plugin Slug:
- buttoner-elementor
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68085
Campay Woocommerce Payment Gateway
- Plugin:
- Campay Woocommerce Payment Gateway
- Plugin Slug:
- campay-api
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12883
Coder for Elementor
- Plugin:
- Coder for Elementor
- Plugin Slug:
- coder-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66147
Coding Blocks
- Plugin:
- Coding Blocks
- Plugin Slug:
- coding-blocks
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14158
?????
- Plugin:
- ?????
- Plugin Slug:
- comments-secretary
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13988
Contact Form 7 with ChatWork
- Plugin:
- Contact Form 7 with ChatWork
- Plugin Slug:
- contact-form-7-with-chatwork
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13975
CountDown With Image or Video Background
- Plugin:
- CountDown With Image or Video Background
- Plugin Slug:
- countdown_with_background
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68054
CSV Sumotto
- Plugin:
- CSV Sumotto
- Plugin Slug:
- csv-sumotto
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13894
CSV to SortTable
- Plugin:
- CSV to SortTable
- Plugin Slug:
- csv-to-sorttable
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13070
Custom Admin Menu
- Plugin:
- Custom Admin Menu
- Plugin Slug:
- custom-admin-menu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13071
Custom Frames
- Plugin:
- Custom Frames
- Plugin Slug:
- custom-frames
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13705
Data Visualizer
- Plugin:
- Data Visualizer
- Plugin Slug:
- data-visualizer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13961
DebateMaster
- Plugin:
- DebateMaster
- Plugin Slug:
- debatemaster
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14035
Devs CRM
- Plugin:
- Devs CRM
- Plugin Slug:
- devs-crm
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13093
Devs CRM
- Plugin:
- Devs CRM
- Plugin Slug:
- devs-crm
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13092
Directory Pro
- Plugin:
- Directory Pro
- Plugin Slug:
- directory-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64243
Donation
- Plugin:
- Donation
- Plugin Slug:
- donation
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13001
Resource Library for Logged In Users
- Plugin:
- Resource Library for Logged In Users
- Plugin Slug:
- doubledome-resource-link-library
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14354
Category Dropdown List
- Plugin:
- Category Dropdown List
- Plugin Slug:
- dropdown-category-list
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14132
Easy Map Creator
- Plugin:
- Easy Map Creator
- Plugin Slug:
- easy-map-creator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13846
Easy Theme Options
- Plugin:
- Easy Theme Options
- Plugin Slug:
- easy-theme-options
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14367
Eyewear prescription form
- Plugin:
- Eyewear prescription form
- Plugin Slug:
- eyewear-prescription-form
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14366
Flow-Flow Social Stream
- Plugin:
- Flow-Flow Social Stream
- Plugin Slug:
- flow-flow-social-streams
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13866
Multi Uploader for Gravity Forms
- Plugin:
- Multi Uploader for Gravity Forms
- Plugin Slug:
- gf-multi-uploader
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14344
GPXpress
- Plugin:
- GPXpress
- Plugin Slug:
- gpxpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13960
Grider for Elementor
- Plugin:
- Grider for Elementor
- Plugin Slug:
- grider-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66161
Huger for Elementor
- Plugin:
- Huger for Elementor
- Plugin Slug:
- huger-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68088
IMAQ CORE
- Plugin:
- IMAQ CORE
- Plugin Slug:
- imaq-core
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13363
Infility Global
- Plugin:
- Infility Global
- Plugin Slug:
- infility-global
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-12968
Kirim.Email WooCommerce Integration
- Plugin:
- Kirim.Email WooCommerce Integration
- Plugin Slug:
- kirimemail-woocommerce-integration
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14165
Laser
- Plugin:
- Laser
- Plugin Slug:
- laser
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66164
Like DisLike Voting
- Plugin:
- Like DisLike Voting
- Plugin Slug:
- like-dislike-voting
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14129
Listar – Directory Listing & Classifieds
- Plugin:
- Listar – Directory Listing & Classifieds
- Plugin Slug:
- listar-directory-listing
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12574
LJUsers
- Plugin:
- LJUsers
- Plugin Slug:
- ljusers
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13839
Visitor Logic Lite
- Plugin:
- Visitor Logic Lite
- Plugin Slug:
- logic-pro
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-14044
Lottier for Elementor
- Plugin:
- Lottier for Elementor
- Plugin Slug:
- lottier-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66166
Lottier
- Plugin:
- Lottier
- Plugin Slug:
- lottier-gutenberg
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66167
Lottier for WPBakery
- Plugin:
- Lottier for WPBakery
- Plugin Slug:
- lottier-wpbakery
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66165
LS Google Map Router
- Plugin:
- LS Google Map Router
- Plugin Slug:
- ls-gmap-route
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13850
LT Unleashed
- Plugin:
- LT Unleashed
- Plugin Slug:
- lt-unleashed
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13886
Lucky Draw Contests
- Plugin:
- Lucky Draw Contests
- Plugin Slug:
- lucky-draw
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14462
Masker for Elementor
- Plugin:
- Masker for Elementor
- Plugin Slug:
- masker-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66163
Modalier for Elementor
- Plugin:
- Modalier for Elementor
- Plugin Slug:
- modalier-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68087
myLCO
- Plugin:
- myLCO
- Plugin Slug:
- mylco
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13626
NewStatPress
- Plugin:
- NewStatPress
- Plugin Slug:
- newstatpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13747
Complag
- Plugin:
- Complag
- Plugin Slug:
- omplag
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14125
Paypal Payment Shortcode
- Plugin:
- Paypal Payment Shortcode
- Plugin Slug:
- paypal-payments-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13966
Popover Windows
- Plugin:
- Popover Windows
- Plugin Slug:
- popover-windows
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14395
Popover Windows
- Plugin:
- Popover Windows
- Plugin Slug:
- popover-windows
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14394
Purchase and Expense Manager
- Plugin:
- Purchase and Expense Manager
- Plugin Slug:
- purchase-and-expense-manager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13987
Quick Testimonials
- Plugin:
- Quick Testimonials
- Plugin Slug:
- quick-testimonials
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14378
Rabbit Hole
- Plugin:
- Rabbit Hole
- Plugin Slug:
- rabbit-hole
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13366
Reformer for Elementor
- Plugin:
- Reformer for Elementor
- Plugin Slug:
- reformer-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68086
Reviews Sorted
- Plugin:
- Reviews Sorted
- Plugin Slug:
- reviews-sorted
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13969
Shortcode Ajax
- Plugin:
- Shortcode Ajax
- Plugin Slug:
- shortcode-ajax
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14539
Simple Nivo Slider
- Plugin:
- Simple Nivo Slider
- Plugin Slug:
- simple-nivo-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13889
Simple post listing
- Plugin:
- Simple post listing
- Plugin Slug:
- simple-post-listing
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12650
Simple Theme Changer
- Plugin:
- Simple Theme Changer
- Plugin Slug:
- simple-theme-changer
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14392
Simple Theme Changer
- Plugin:
- Simple Theme Changer
- Plugin Slug:
- simple-theme-changer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14391
SimplyConvert
- Plugin:
- SimplyConvert
- Plugin Slug:
- simplyconvert
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14048
Solutions Ad Manager
- Plugin:
- Solutions Ad Manager
- Plugin Slug:
- solutions-ad-manager
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14451
Spoter for Elementor
- Plugin:
- Spoter for Elementor
- Plugin Slug:
- spoter-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66162
SurveyFunnel
- Plugin:
- SurveyFunnel
- Plugin Slug:
- surveyfunnel-lite
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13006
SurveyFunnel
- Plugin:
- SurveyFunnel
- Plugin Slug:
- surveyfunnel-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12417
xPromoter
- Plugin:
- xPromoter
- Plugin Slug:
- top_bar_promoter
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68053
Truefy Embed
- Plugin:
- Truefy Embed
- Plugin Slug:
- truefy-embed
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14161
TWW Protein Calculator
- Plugin:
- TWW Protein Calculator
- Plugin Slug:
- twwc-protein
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13971
URL Media Uploader
- Plugin:
- URL Media Uploader
- Plugin Slug:
- url-media-uploader
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14045
Userback
- Plugin:
- Userback
- Plugin Slug:
- userback
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14540
Video Merchant
- Plugin:
- Video Merchant
- Plugin Slug:
- video-merchant
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-14390
VigLink SpotLight By ShortCode
- Plugin:
- VigLink SpotLight By ShortCode
- Plugin Slug:
- viglink-spotlight-by-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13843
Vimeo SimpleGallery
- Plugin:
- Vimeo SimpleGallery
- Plugin Slug:
- vimeo-simplegallery
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14170
WatchTowerHQ
- Plugin:
- WatchTowerHQ
- Plugin Slug:
- watchtowerhq
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-13972
Live Sales Notification for Woocommerce – Woomotiv
- Plugin:
- Live Sales Notification for Woocommerce – Woomotiv
- Plugin Slug:
- woomotiv
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13137
WP Dropzone
- Plugin:
- WP Dropzone
- Plugin Slug:
- wp-dropzone
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13989
WP Flot
- Plugin:
- WP Flot
- Plugin Slug:
- wp-flot
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13906
WP Job Portal
- Plugin:
- WP Job Portal
- Plugin Slug:
- wp-job-portal
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14467
WP Job Portal
- Plugin:
- WP Job Portal
- Plugin Slug:
- wp-job-portal
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14293
WPGancio
- Plugin:
- WPGancio
- Plugin Slug:
- wpgancio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13904
Wpik WordPress Basic Ajax Form
- Plugin:
- Wpik WordPress Basic Ajax Form
- Plugin Slug:
- wpik-wordpress-basic-ajax-form
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14393
WPLG Default Mail From
- Plugin:
- WPLG Default Mail From
- Plugin Slug:
- wplg-default-mail-from
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14138
Zenost Shortcodes
- Plugin:
- Zenost Shortcodes
- Plugin Slug:
- zenost-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13885
Elementor Website Builder – More Than Just a Page Builder
- Plugin Slug:
- elementor
- Installations
- 10,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.33.4
- Severity Score:
- Medium
- CVE:
- 2025-11220
Starter Templates – AI-Powered Templates for Elementor & Gutenberg
- Plugin Slug:
- astra-sites
- Installations
- 2,000,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.4.42
- Severity Score:
- Critical
- CVE:
- 2025-13065
Custom Post Type UI
- Plugin:
- Custom Post Type UI
- Plugin Slug:
- custom-post-type-ui
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.18.2
- Severity Score:
- Medium
- CVE:
- 2025-14056
Redux Framework
- Plugin:
- Redux Framework
- Plugin Slug:
- redux-framework
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.9
- Severity Score:
- Medium
- CVE:
- 2025-9488
Widgets for Google Reviews
- Plugin:
- Widgets for Google Reviews
- Plugin Slug:
- wp-reviews-plugin-for-google
- Installations
- 800,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 13.2.2
- Severity Score:
- Medium
- CVE:
- 2025-9436
Widgets for Google Reviews
- Plugin:
- Widgets for Google Reviews
- Plugin Slug:
- wp-reviews-plugin-for-google
- Installations
- 800,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 13.2.5
- Severity Score:
- High
- CVE:
- 2025-12510
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
- Plugin Slug:
- fluentform
- Installations
- 600,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 6.1.8
- Severity Score:
- Medium
- CVE:
- 2025-13748
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links
- Plugin Slug:
- broken-link-checker-seo
- Installations
- 300,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.2.7
- Severity Score:
- High
- CVE:
- 2025-67962
Newsletter – Send awesome emails from WordPress
- Plugin Slug:
- newsletter
- Installations
- 300,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 9.1.0
- Severity Score:
- High
- CVE:
- 2025-67999
Admin and Site Enhancements (ASE)
- Plugin Slug:
- admin-site-enhancements
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.1.0
- Severity Score:
- Low
- CVE:
- 2025-64255
FileBird – WordPress Media Library Folders & File Manager
- Plugin Slug:
- filebird
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.5.2
- Severity Score:
- Medium
- CVE:
- 2025-12900
GenerateBlocks
- Plugin:
- GenerateBlocks
- Plugin Slug:
- generateblocks
- Installations
- 200,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2025-12512
Popup Builder – Create highly converting, mobile friendly marketing popups.
- Plugin Slug:
- popup-builder
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.2
- Severity Score:
- Medium
- CVE:
- 2025-9856
a3 Lazy Load
- Plugin:
- a3 Lazy Load
- Plugin Slug:
- a3-lazy-load
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.6
- Severity Score:
- Medium
- CVE:
- 2025-9873
Addon Elements for Elementor (formerly Elementor Addon Elements)
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.14.4
- Severity Score:
- Medium
- CVE:
- 2025-12537
Beaver Builder Page Builder – Drag and Drop Website Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.9.4.1
- Severity Score:
- Medium
- CVE:
- 2025-12558
Colibri Page Builder
- Plugin:
- Colibri Page Builder
- Plugin Slug:
- colibri-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.342
- Severity Score:
- Medium
- CVE:
- 2025-11376
Image Gallery – Photo Grid & Video Gallery
- Plugin Slug:
- modula-best-grid-gallery
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.13.4
- Severity Score:
- Medium
- CVE:
- 2025-14003
Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories
- Plugin Slug:
- post-expirator
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.3
- Severity Score:
- Medium
- CVE:
- 2025-13741
TI WooCommerce Wishlist
- Plugin:
- TI WooCommerce Wishlist
- Plugin Slug:
- ti-woocommerce-wishlist
- Installations
- 100,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 2.11.0
- Severity Score:
- Medium
- CVE:
- 2025-9207
Rich Shortcodes for Google Reviews
- Plugin Slug:
- widget-google-reviews
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.8.1
- Severity Score:
- High
- CVE:
- 2025-12499
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
- Plugin Slug:
- wp-user-avatar
- Installations
- 100,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 4.16.8
- Severity Score:
- Medium
- CVE:
- 2025-13642
YITH WooCommerce Quick View
- Plugin:
- YITH WooCommerce Quick View
- Plugin Slug:
- yith-woocommerce-quick-view
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.1
- Severity Score:
- Medium
- CVE:
- 2025-8617
MailerLite – Signup forms (official)
- Plugin Slug:
- official-mailerlite-sign-up-forms
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.17
- Severity Score:
- Medium
- CVE:
- 2025-13993
10Web Booster – Website speed optimization, Cache & Page Speed optimizer
- Plugin Slug:
- tenweb-speed-optimizer
- Installations
- 90,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 2.32.11
- Severity Score:
- Critical
- CVE:
- 2025-13377
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.2
- Severity Score:
- Medium
- CVE:
- 2025-13956
List category posts
- Plugin:
- List category posts
- Plugin Slug:
- list-category-posts
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 0.92.0
- Severity Score:
- High
- CVE:
- 2025-10163
Ninja Tables – Easy Data Table Builder
- Plugin Slug:
- ninja-tables
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.2.4
- Severity Score:
- High
- CVE:
- 2025-67519
OneSignal – Web Push Notifications
- Plugin Slug:
- onesignal-free-web-push-notifications
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.2
- Severity Score:
- Medium
- CVE:
- 2025-13950
Brizy – Page Builder
- Plugin:
- Brizy – Page Builder
- Plugin Slug:
- brizy
- Installations
- 70,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.7.17
- Severity Score:
- Medium
- CVE:
- 2025-0969
Email Subscribers & Newsletters – Powerful Email Marketing, Post Notification & Newsletter Plugin for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.9.11
- Severity Score:
- Medium
- CVE:
- 2025-12348
Events Manager – Calendar, Bookings, Tickets, and more!
- Plugin Slug:
- events-manager
- Installations
- 70,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.2.2.3
- Severity Score:
- Medium
- CVE:
- 2025-12407
Events Manager – Calendar, Bookings, Tickets, and more!
- Plugin Slug:
- events-manager
- Installations
- 70,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.2.2.3
- Severity Score:
- Medium
- CVE:
- 2025-12408
Ultra Addons for Contact Form 7
- Plugin:
- Ultra Addons for Contact Form 7
- Plugin Slug:
- ultimate-addons-for-contact-form-7
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.34
- Severity Score:
- Medium
- CVE:
- 2025-14356
User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
- Plugin Slug:
- user-registration
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.7
- Severity Score:
- Medium
- CVE:
- 2025-13367
Advanced Product Fields (Product Addons) for WooCommerce
- Plugin Slug:
- advanced-product-fields-for-woocommerce
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.18
- Severity Score:
- Medium
- CVE:
- 2025-13924
Auto Featured Image (Auto Post Thumbnail)
- Plugin Slug:
- auto-post-thumbnail
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.2
- Severity Score:
- Medium
- CVE:
- 2025-13794
Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more
- Plugin:
- Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more
- Plugin Slug:
- woocommerce-google-adwords-conversion-tracking-tag
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.52.0
- Severity Score:
- Medium
- CVE:
- 2025-67564
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 10.2.3
- Severity Score:
- Medium
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
- Plugin:
- RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
- Plugin Slug:
- feedzy-rss-feeds
- Installations
- 40,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 5.1.2
- Severity Score:
- Medium
- CVE:
- 2025-11467
FunnelKit – Funnel Builder for WooCommerce Checkout
- Plugin Slug:
- funnel-builder
- Installations
- 40,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.13.1.6
- Severity Score:
- Critical
- CVE:
- 2025-14169
InstaWP Connect – 1-click WP Staging & Migration
- Plugin Slug:
- instawp-connect
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.1.2.0
- Severity Score:
- Medium
- CVE:
- 2025-66068
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery
- Plugin Slug:
- simply-gallery-block
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.1
- Severity Score:
- Medium
- CVE:
- 2025-14288
HT Slider For Elementor
- Plugin:
- HT Slider For Elementor
- Plugin Slug:
- ht-slider-for-elementor
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.5
- Severity Score:
- Medium
- CVE:
- 2025-14278
Login Security, FireWall, Malware removal by CleanTalk
- Plugin Slug:
- security-malware-firewall
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.169
- Severity Score:
- High
- CVE:
- 2025-13604
Themify Portfolio Post
- Plugin:
- Themify Portfolio Post
- Plugin Slug:
- themify-portfolio-post
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2025-67533
ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
- Plugin Slug:
- thirstyaffiliates
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.11.9
- Severity Score:
- Medium
- CVE:
- 2025-67537
WP Visitor Statistics (Real Time Traffic)
- Plugin Slug:
- wp-stats-manager
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.4
- Severity Score:
- Medium
- CVE:
- 2025-67983
All-in-One Video Gallery
- Plugin:
- All-in-One Video Gallery
- Plugin Slug:
- all-in-one-video-gallery
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.6.4
- Severity Score:
- Critical
- CVE:
- 2025-12966
Livemesh SiteOrigin Widgets
- Plugin:
- Livemesh SiteOrigin Widgets
- Plugin Slug:
- livemesh-siteorigin-widgets
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.2
- Severity Score:
- Medium
- CVE:
- 2025-8780
My Calendar – Accessible Event Manager
- Plugin Slug:
- my-calendar
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.17
- Severity Score:
- Medium
- CVE:
- 2025-67592
Secure Copy Content Protection and Content Locking
- Plugin Slug:
- secure-copy-content-protection
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.9.3
- Severity Score:
- Medium
- CVE:
- 2025-14442
Secure Copy Content Protection and Content Locking
- Plugin Slug:
- secure-copy-content-protection
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.9.3
- Severity Score:
- Medium
- CVE:
- 2025-14159
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
- Plugin:
- UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
- Plugin Slug:
- userswp
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.49
- Severity Score:
- Medium
- CVE:
- 2025-67593
WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress
- Plugin Slug:
- wp-webhooks
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.3.9
- Severity Score:
- Critical
- CVE:
- 2025-66074
404 Solution
- Plugin:
- 404 Solution
- Plugin Slug:
- 404-solution
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.1.1
- Severity Score:
- High
- CVE:
- 2025-14477
Store Locator WordPress
- Plugin:
- Store Locator WordPress
- Plugin Slug:
- agile-store-locator
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.6.3
- Severity Score:
- High
- CVE:
- 2025-67516
Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates
- Plugin Slug:
- animation-addons-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 2.4.6
- Severity Score:
- Medium
- CVE:
- 2025-67540
CC Child Pages
- Plugin:
- CC Child Pages
- Plugin Slug:
- cc-child-pages
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.1
- Severity Score:
- Medium
- CVE:
- 2025-13608
Reviews Widget for Google, Yelp & Recommendations
- Plugin Slug:
- fb-reviews-widget
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6
- Severity Score:
- High
- CVE:
- 2025-12705
FluentAuth – The Ultimate Authorization & Security Plugin for WordPress
- Plugin Slug:
- fluent-security
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2025-13728
HandL UTM Grabber / Tracker
- Plugin:
- HandL UTM Grabber / Tracker
- Plugin Slug:
- handl-utm-grabber
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.1
- Severity Score:
- High
- CVE:
- 2025-13073
Head Meta Data
- Plugin:
- Head Meta Data
- Plugin Slug:
- head-meta-data
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 20251118
- Severity Score:
- Medium
- CVE:
- 2025-66081
JetWidgets For Elementor
- Plugin:
- JetWidgets For Elementor
- Plugin Slug:
- jetwidgets-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.21
- Severity Score:
- Medium
- CVE:
- 2025-8195
Lightweight Accordion
- Plugin:
- Lightweight Accordion
- Plugin Slug:
- lightweight-accordion
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.0
- Severity Score:
- Medium
- CVE:
- 2025-13740
Marquee Addons for Elementor – Advanced Elements & Modern Motion Widgets
- Plugin Slug:
- marquee-addons-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.0
- Severity Score:
- Medium
- CVE:
- 2025-8199
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program.
- Plugin Slug:
- mycred
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.9.7.1
- Severity Score:
- Medium
- CVE:
- 2025-12362
WP-ShowHide
- Plugin:
- WP-ShowHide
- Plugin Slug:
- wp-showhide
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.06
- Severity Score:
- Medium
- CVE:
- 2025-67541
WPeMatico RSS Feed Fetcher
- Plugin:
- WPeMatico RSS Feed Fetcher
- Plugin Slug:
- wpematico
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.13
- Severity Score:
- Medium
- CVE:
- 2025-13031
rtMedia for WordPress, BuddyPress and bbPress
- Plugin Slug:
- buddypress-media
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.7.4
- Severity Score:
- Low
- CVE:
- 2025-9218
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.0.6.8
- Severity Score:
- Medium
- CVE:
- 2025-13610
All-in-One Addons for Elementor – WidgetKit
- Plugin Slug:
- widgetkit-for-elementor
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.7
- Severity Score:
- Medium
- CVE:
- 2025-8779
Multi-Step Checkout for WooCommerce
- Plugin Slug:
- wp-multi-step-checkout
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.34
- Severity Score:
- Medium
- CVE:
- 2025-67542
BSK PDF Manager
- Plugin:
- BSK PDF Manager
- Plugin Slug:
- bsk-pdf-manager
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.2
- Severity Score:
- Medium
- CVE:
- 2025-4970
Foxtool All-in-One: Contact chat button, Custom login, Media optimize images
- Plugin Slug:
- foxtool
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
- 2025-13408
Booking calendar, Appointment Booking System
- Plugin Slug:
- booking-calendar
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.31
- Severity Score:
- Medium
- CVE:
- 2025-67574
Watu Quiz
- Plugin:
- Watu Quiz
- Plugin Slug:
- watu
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.5.1
- Severity Score:
- Medium
- CVE:
- 2025-67976
WPGraphQL Smart Cache
- Plugin:
- WPGraphQL Smart Cache
- Plugin Slug:
- wpgraphql-smart-cache
- Installations
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.1
- Severity Score:
- High
Document Library Lite
- Plugin:
- Document Library Lite
- Plugin Slug:
- document-library-lite
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2025-67986
Document Library Lite
- Plugin:
- Document Library Lite
- Plugin Slug:
- document-library-lite
- Installations
- 3,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2025-67985
Magical Posts Display – Elementor Advanced Posts widgets
- Plugin Slug:
- magical-posts-display
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.55
- Severity Score:
- Medium
- CVE:
- 2025-12965
Sitewide Notice WP
- Plugin:
- Sitewide Notice WP
- Plugin Slug:
- sitewide-notice-wp
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2025-67575
Easy Appointment Booking & Scheduling System – Webba Booking Calendar
- Plugin Slug:
- webba-booking-lite
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.2.2
- Severity Score:
- Medium
- CVE:
- 2025-66530
WPMasterToolKit (WPMTK) – All in one plugin
- Plugin Slug:
- wpmastertoolkit
- Installations
- 3,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 2.13.1
- Severity Score:
- High
- CVE:
- 2025-14166
UseStrict’s Calendly Embedder
- Plugin:
- UseStrict’s Calendly Embedder
- Plugin Slug:
- cal-embedder-lite
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2
- Severity Score:
- Medium
- CVE:
- 2025-67555
Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
- Plugin Slug:
- cf7-salesforce
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.7
- Severity Score:
- Medium
- CVE:
- 2025-67468
Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder
- Plugin Slug:
- easy-form-builder
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.8.21
- Severity Score:
- Medium
- CVE:
- 2025-67577
Simple Download Counter
- Plugin:
- Simple Download Counter
- Plugin Slug:
- simple-download-counter
- Installations
- 2,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.2.3
- Severity Score:
- Medium
- CVE:
- 2025-13677
Simple Link Directory
- Plugin:
- Simple Link Directory
- Plugin Slug:
- simple-link-directory
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.8.4
- Severity Score:
- Medium
- CVE:
- 2025-67465
Simple Link Directory
- Plugin:
- Simple Link Directory
- Plugin Slug:
- simple-link-directory
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.8.4
- Severity Score:
- Medium
- CVE:
- 2025-67576
Tableberg – Simple Gutenberg Table Block
- Plugin Slug:
- tableberg
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.6.10
- Severity Score:
- Medium
- CVE:
- 2025-66096
Trinity Audio – Text to Speech AI audio player to convert content into audio
- Plugin Slug:
- trinity-audio
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.24
- Severity Score:
- Medium
- CVE:
- 2025-67466
VK Google Job Posting Manager
- Plugin:
- VK Google Job Posting Manager
- Plugin Slug:
- vk-google-job-posting-manager
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.23
- Severity Score:
- Medium
- CVE:
- 2025-68070
Email Marketing Plugin – WP Email Capture
- Plugin Slug:
- wp-email-capture
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.12.5
- Severity Score:
- Medium
- CVE:
- 2025-67578
CWW Companion
- Plugin:
- CWW Companion
- Plugin Slug:
- cww-companion
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2025-67473
Enter Addons – Ultimate Template Builder for Elementor
- Plugin Slug:
- enteraddons
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.8
- Severity Score:
- Medium
- CVE:
- 2025-8687
Hippoo Mobile App for WooCommerce
- Plugin Slug:
- hippoo
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.2
- Severity Score:
- Medium
- CVE:
- 2025-12655
Hippoo Mobile App for WooCommerce
- Plugin Slug:
- hippoo
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.7.2
- Severity Score:
- High
- CVE:
- 2025-13339
AI-Powered Business Directory and Classified Ads Listings – Listdom
- Plugin Slug:
- listdom
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.0
- Severity Score:
- Medium
- CVE:
- 2025-67560
Media File Rename, Unused File Cleaner & CSV Export Import – Add Alt for Image SEO – Media Library Tools
- Plugin Slug:
- media-library-tools
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.7.0
- Severity Score:
- High
- CVE:
- 2025-67520
Nelio Popups
- Plugin:
- Nelio Popups
- Plugin Slug:
- nelio-popups
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
- 2025-66111
Request a Quote Form Plugin – Price Quote Request Management Made Easy
- Plugin Slug:
- request-a-quote
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.4
- Severity Score:
- Medium
- CVE:
- 2025-64248
Highlight and Share – Social Text and Image Sharing
- Plugin Slug:
- highlight-and-share
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.3.0
- Severity Score:
- Medium
- CVE:
- 2025-67586
WP eBay Product Feeds
- Plugin:
- WP eBay Product Feeds
- Plugin Slug:
- ebay-feeds-for-wordpress
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.10
- Severity Score:
- Medium
- CVE:
- 2025-67557
VikRentItems Flexible Rental Management System
- Plugin Slug:
- vikrentitems
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.1
- Severity Score:
- High
- CVE:
- 2025-14049
Header Footer Script Adder – Insert Code in Header, Body & Footer
- Plugin Slug:
- header-and-footer-script-adder
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6
- Severity Score:
- Medium
- CVE:
- 2025-12109
Appointment Booking and Scheduler Plugin – Truebooker
- Plugin Slug:
- truebooker-appointment-booking
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2025-67581
Easy Invoice – PDF Invoice Generator & Quote Builder
- Plugin Slug:
- easy-invoice
- Installations
- 500+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.1.5
- Severity Score:
- Medium
- CVE:
- 2025-66115
Employee Spotlight – Team Member Showcase & Meet the Team Plugin
- Plugin Slug:
- employee-spotlight
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.4
- Severity Score:
- Medium
- CVE:
- 2025-13403
Wbcom Designs – Private Community for BuddyPress
- Plugin Slug:
- lock-my-bp
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.2
- Severity Score:
- Medium
- CVE:
- 2025-67582
PDF for Contact Form 7 + Drag and Drop Template Builder
- Plugin Slug:
- pdf-for-contact-form-7
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.4
- Severity Score:
- Medium
- CVE:
- 2025-14074
Rencontre – Dating Site
- Plugin:
- Rencontre – Dating Site
- Plugin Slug:
- rencontre
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.13.8
- Severity Score:
- Medium
- CVE:
- 2025-67558
Design Import/Export – Styles, Templates, Template Parts and Patterns
- Plugin Slug:
- design-import-export
- Installations
- 200+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.3
- Severity Score:
- High
- CVE:
- 2025-14050
Image Slider by Ays- Responsive Slider and Carousel
- Plugin Slug:
- ays-slider
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.7.1
- Severity Score:
- Medium
- CVE:
- 2025-14454
BuddyTask
- Plugin:
- BuddyTask
- Plugin Slug:
- buddytask
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2025-14064
Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated
- Plugin Slug:
- emplibot
- Installations
- 100+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
- 2025-11970
Upcoming for Calendly
- Plugin:
- Upcoming for Calendly
- Plugin Slug:
- upcoming-for-calendly
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.5
- Severity Score:
- Medium
- CVE:
- 2025-14160
AI Feeds
- Plugin:
- AI Feeds
- Plugin Slug:
- ai-feeds
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.23
- Severity Score:
- Medium
- CVE:
- 2025-14030
Guest Support
- Plugin:
- Guest Support
- Plugin Slug:
- guest-support
- Installations
- 40+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2025-13660
Simple Folio
- Plugin:
- Simple Folio
- Plugin Slug:
- simple-folio
- Installations
- 40+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2025-64256
Divelogs Widget
- Plugin:
- Divelogs Widget
- Plugin Slug:
- divelogs-widget
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6
- Severity Score:
- Medium
- CVE:
- 2025-13962
FX Currency Converter
- Plugin:
- FX Currency Converter
- Plugin Slug:
- fx-currency-converter
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.2.1
- Severity Score:
- Medium
- CVE:
- 2025-13963
MediaCommander – Bring Folders to Media, Posts, and Pages
- Plugin Slug:
- mediacommander
- Installations
- 20+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.0
- Severity Score:
- Medium
- CVE:
- 2025-14508
Player Leaderboard
- Plugin:
- Player Leaderboard
- Plugin Slug:
- player-leaderboard
- Installations
- 20+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.0.3
- Severity Score:
- High
- CVE:
- 2025-12824
HAPPY – Helpdesk Support Ticket System
- Plugin Slug:
- happy-helpdesk-support-ticket-system
- Installations
- 10+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.10
- Severity Score:
- Medium
- CVE:
- 2025-14581
Mailgun Subscriptions
- Plugin:
- Mailgun Subscriptions
- Plugin Slug:
- mailgun-subscriptions
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2025-11876
Photo Block – A Better Responsive Image Block With Lightbox and Caption Support
- Plugin Slug:
- photo-block
- Installations
- 10+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.0
- Severity Score:
- Low
- CVE:
- 2025-64254
Simple CSV Table
- Plugin:
- Simple CSV Table
- Plugin Slug:
- simple-csv-table
- Installations
- 10+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2025-12960
WPNakama – Team and multi-Client Collaboration, Editorial and Project Management
- Plugin Slug:
- wpnakama
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 0.6.4
- Severity Score:
- Critical
- CVE:
- 2025-14068
Accordion Slider PRO
- Plugin:
- Accordion Slider PRO
- Plugin Slug:
- accordion_slider_pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3
- Severity Score:
- High
- CVE:
- 2025-67518
Dokan Pro
- Plugin:
- Dokan Pro
- Plugin Slug:
- dokan-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.0
- Severity Score:
- Medium
- CVE:
- 2025-12809
Elated Membership
- Plugin:
- Elated Membership
- Plugin Slug:
- eltdf-membership
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.3
- Severity Score:
- Critical
- CVE:
- 2025-13613
Fancy Product Designer
- Plugin:
- Fancy Product Designer
- Plugin Slug:
- fancy-product-designer
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.5.0
- Severity Score:
- Medium
Fancy Product Designer
- Plugin:
- Fancy Product Designer
- Plugin Slug:
- fancy-product-designer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.0
- Severity Score:
- High
- CVE:
- 2025-12570
Homey Core
- Plugin:
- Homey Core
- Plugin Slug:
- homey-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.4
- Severity Score:
- Medium
- CVE:
- 2025-67965
Image Caption Hover Pro
- Plugin:
- Image Caption Hover Pro
- Plugin Slug:
- image-caption-hover-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 20.0
- Severity Score:
- Medium
- CVE:
- 2025-67562
Jobmonster Elementor Addon
- Plugin:
- Jobmonster Elementor Addon
- Plugin Slug:
- jobmonster-addon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.1.5
- Severity Score:
- High
- CVE:
- 2025-67524
Simple Bike Rental
- Plugin:
- Simple Bike Rental
- Plugin Slug:
- simple-bike-rental
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
- 2025-14065
WP CarDealer
- Plugin:
- WP CarDealer
- Plugin Slug:
- wp-cardealer
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.2.17
- Severity Score:
- Critical
- CVE:
- 2025-13764
WP Fastest Cache Premium
- Plugin:
- WP Fastest Cache Premium
- Plugin Slug:
- wp-fastest-cache-premium
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.5
- Severity Score:
- Low
- CVE:
- 2025-10583
User Extra Fields
- Plugin:
- User Extra Fields
- Plugin Slug:
- wp-user-extra-fields
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 16.9
- Severity Score:
- Medium
- CVE:
- 2025-67579
WordPress Themes — 17 Patched / 2 Unpatched
EduMall
- Theme:
- EduMall
- Theme Slug:
- edumall
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68061
MinimogWP
- Theme:
- MinimogWP
- Theme Slug:
- minimog
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68062
Kingcabs
Mavix Education
- Theme:
- Mavix Education
- Theme Slug:
- mavix-education
- Downloads
- 2,776
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1
- Severity Score:
- Medium
- CVE:
- 2025-11164
Besa
- Theme:
- Besa
- Theme Slug:
- besa
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.3.16
- Severity Score:
- High
- CVE:
- 2025-67530
Digiqole
- Theme:
- Digiqole
- Theme Slug:
- digiqole
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.2.7
- Severity Score:
- High
- CVE:
- 2025-67527
ekommart
- Theme:
- ekommart
- Theme Slug:
- ekommart
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.3.1
- Severity Score:
- High
- CVE:
- 2025-67525
Exhibz
- Theme:
- Exhibz
- Theme Slug:
- exhibz
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.0.10
- Severity Score:
- High
- CVE:
- 2025-67523
Fashion
- Theme:
- Fashion
- Theme Slug:
- fashion2
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.3.0
- Severity Score:
- High
- CVE:
- 2025-67529
Hara
- Theme:
- Hara
- Theme Slug:
- hara
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.2.18
- Severity Score:
- High
- CVE:
- 2025-67532
Kerge
- Theme:
- Kerge
- Theme Slug:
- kerge
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.1.4
- Severity Score:
- Medium
- CVE:
- 2025-67989
Jobmonster
- Theme:
- Jobmonster
- Theme Slug:
- noo-jobmonster
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.8.3
- Severity Score:
- High
- CVE:
- 2025-67522
PenNews
- Theme:
- PenNews
- Theme Slug:
- pennews
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.7.4
- Severity Score:
- Medium
- CVE:
- 2025-67572
Sailing
- Theme:
- Sailing
- Theme Slug:
- sailing
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4.6
- Severity Score:
- Medium
- CVE:
- 2025-67573
Sailing
- Theme:
- Sailing
- Theme Slug:
- sailing
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.4.6
- Severity Score:
- High
- CVE:
- 2025-67526
Sober
- Theme:
- Sober
- Theme Slug:
- sober
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.5.12
- Severity Score:
- Medium
- CVE:
- 2025-67567
Turitor
- Theme:
- Turitor
- Theme Slug:
- turitor
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.5.3
- Severity Score:
- High
- CVE:
- 2025-67531
Urna
- Theme:
- Urna
- Theme Slug:
- urna
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.5.13
- Severity Score:
- High
- CVE:
- 2025-67528
Wilmër
- Theme:
- Wilmër
- Theme Slug:
- wilmer
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.5
- Severity Score:
- High
- CVE:
- 2025-67515
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
