In this report, 333 vulnerabilities have been publicly disclosed. Security patches for 97 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 236 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.9 “Gene” was released on December 2, 2025. This release brings major upgrades to how teams collaborate and create. The new Notes feature adds block-level commenting for posts and pages, streamlining editorial reviews, while an expanded Command Palette helps power users navigate and operate across the dashboard even faster. The introduction of the Abilities API delivers a standardized, machine-readable permissions system that lays the groundwork for next-generation AI-powered and automated workflows. WordPress 6.9 also includes notable performance improvements for faster page loads, several new practical blocks, and more visual drag-and-drop tools to help creators build richer, more dynamic content.
Following a major release, you should not update live sites without first taking backups and testing the update in a non-production environment.
WordPress Plugins — 83 Patched / 170 Unpatched
Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations
- Plugin:
- Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations
- Plugin Slug:
- master-addons
- Installations
- 40,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63053
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
- Plugin:
- Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
- Plugin Slug:
- popup-builder-block
- Installations
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-69026
EasyTest – Simplify A/B Testing
- Plugin:
- EasyTest – Simplify A/B Testing
- Plugin Slug:
- convertpro
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63031
Post Snippets – Custom WordPress Code Snippets Customizer
- Plugin Slug:
- post-snippets
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63040
Cookies and Content Security Policy
- Plugin Slug:
- cookies-and-content-security-policy
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63019
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
- Plugin Slug:
- gt3-photo-video-gallery
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69084
Five Star Restaurant Reservations – WordPress Booking Plugin
- Plugin Slug:
- restaurant-reservations
- Installations
- 10,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68044
Simple Like Page Plugin
- Plugin:
- Simple Like Page Plugin
- Plugin Slug:
- simple-facebook-plugin
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63022
Gmedia Photo Gallery
- Plugin:
- Gmedia Photo Gallery
- Plugin Slug:
- grand-media
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63014
QuadLayers TikTok Feed
- Plugin:
- QuadLayers TikTok Feed
- Plugin Slug:
- wp-tiktok-feed
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63016
All in One Accessibility
- Plugin:
- All in One Accessibility
- Plugin Slug:
- all-in-one-accessibility
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63004
Tooltips for WordPress
- Plugin:
- Tooltips for WordPress
- Plugin Slug:
- wordpress-tooltips
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63005
Hotel Booking
- Plugin:
- Hotel Booking
- Plugin Slug:
- nd-booking
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63001
Zoho ZeptoMail
- Plugin:
- Zoho ZeptoMail
- Plugin Slug:
- transmail
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49028
Livemesh Addons for Beaver Builder
- Plugin Slug:
- addons-for-beaver-builder
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62990
AnyComment
- Plugin:
- AnyComment
- Plugin Slug:
- anycomment
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62874
Cooked – Recipe Management
- Plugin:
- Cooked – Recipe Management
- Plugin Slug:
- cooked
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62989
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
- Plugin Slug:
- everest-backup
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62992
GS Portfolio for Envato
- Plugin:
- GS Portfolio for Envato
- Plugin Slug:
- gs-envato-portfolio
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62755
WP Attachments
- Plugin:
- WP Attachments
- Plugin Slug:
- wp-attachments
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62888
Knowledge Base documentation & wiki plugin – BasePress Docs
- Plugin Slug:
- basepress
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62761
Carousel Horizontal Posts Content Slider
- Plugin Slug:
- carousel-horizontal-posts-content-slider
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22347
Civic Cookie Control
- Plugin:
- Civic Cookie Control
- Plugin Slug:
- civic-cookie-control-8
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22348
Curator.io
- Plugin:
- Curator.io
- Plugin Slug:
- curatorio
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62742
Featured Image Generator
- Plugin:
- Featured Image Generator
- Plugin Slug:
- featured-image-generator
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62747
Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
- Plugin:
- Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
- Plugin Slug:
- funnelforms-free
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62758
Calendar.online / Kalender.digital – Plugin
- Plugin Slug:
- kalender-digital
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62752
MAS Videos
- Plugin:
- MAS Videos
- Plugin Slug:
- masvideos
- Installations
- 2,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-62753
Menu In Post
- Plugin:
- Menu In Post
- Plugin Slug:
- menu-in-post
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22349
MyBookTable Bookstore by Stormhill Media
- Plugin Slug:
- mybooktable
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62743
Series
- Plugin:
- Series
- Plugin Slug:
- series
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62759
teachPress
- Plugin:
- teachPress
- Plugin Slug:
- teachpress
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22353
The Moneytizer
- Plugin:
- The Moneytizer
- Plugin Slug:
- the-moneytizer
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62756
User Specific Content
- Plugin:
- User Specific Content
- Plugin Slug:
- user-specific-content
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62749
Web and WooCommerce Addons for WPBakery Builder
- Plugin Slug:
- vc-addons-by-bit14
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62748
Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments
- Plugin Slug:
- wallet-system-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68029
WebMan Amplifier
- Plugin:
- WebMan Amplifier
- Plugin Slug:
- webman-amplifier
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62757
Accordion Slider Gallery
- Plugin:
- Accordion Slider Gallery
- Plugin Slug:
- accordion-slider-gallery
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62130
Add Custom Codes – Insert Header, Footer, Custom PHP Snippets, CSS, Javascript
- Plugin Slug:
- add-custom-codes
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62108
Add Custom Codes – Insert Header, Footer, Custom PHP Snippets, CSS, Javascript
- Plugin Slug:
- add-custom-codes
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62149
AdWords Conversion Tracking Code
- Plugin:
- AdWords Conversion Tracking Code
- Plugin Slug:
- adwords-conversion-tracking-code
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62118
AI Content Writing Assistant
- Plugin:
- AI Content Writing Assistant
- Plugin Slug:
- ai-content-writing-assistant
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62154
AI Copilot – ChatGPT Chatbot & AI Engine for Post Automation
- Plugin Slug:
- ai-copilot
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62116
Payment Gateway Authorize.Net CIM for WooCommerce
- Plugin Slug:
- authnet-cim-for-woo
- Installations
- 1,000+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68013
AweBooking – Hotel Booking System
- Plugin Slug:
- awebooking
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68014
Bootstrap Modals
- Plugin:
- Bootstrap Modals
- Plugin Slug:
- bootstrap-modals
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62095
Co-marquage service-public.fr
- Plugin:
- Co-marquage service-public.fr
- Plugin Slug:
- co-marquage-service-public
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62113
CodeColorer
- Plugin:
- CodeColorer
- Plugin Slug:
- codecolorer
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68012
Core Web Vitals & PageSpeed Booster
- Plugin Slug:
- core-web-vitals-pagespeed-booster
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62144
Custom Background Changer
- Plugin:
- Custom Background Changer
- Plugin Slug:
- custom-background-changer
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62125
Add Featured Image Custom Link
- Plugin:
- Add Featured Image Custom Link
- Plugin Slug:
- custom-url-to-featured-image
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62119
DMCA Protection Badge
- Plugin:
- DMCA Protection Badge
- Plugin Slug:
- dmca-badge
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62145
Download Media Library
- Plugin:
- Download Media Library
- Plugin Slug:
- download-media-library
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62114
EasyIndex
- Plugin:
- EasyIndex
- Plugin Slug:
- easyindex
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62117
Extra Shortcodes
- Plugin:
- Extra Shortcodes
- Plugin Slug:
- extra-shortcodes
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62111
FormFacade – Embed Google Forms in your website
- Plugin Slug:
- formfacade
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62133
Portfolio Gallery – Responsive Image Gallery
- Plugin Slug:
- gallery-portfolio
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62098
GLS Shipping for WooCommerce
- Plugin:
- GLS Shipping for WooCommerce
- Plugin Slug:
- gls-shipping-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68011
Hide Plugins
- Plugin:
- Hide Plugins
- Plugin Slug:
- hide-plugins
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62115
Locatoraid Store Locator
- Plugin:
- Locatoraid Store Locator
- Plugin Slug:
- locatoraid
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62140
MX Time Zone Clocks
- Plugin:
- MX Time Zone Clocks
- Plugin Slug:
- mx-time-zone-clocks
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62146
Netgsm
- Plugin:
- Netgsm
- Plugin Slug:
- netgsm
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68010
Contact Form Widget
- Plugin:
- Contact Form Widget
- Plugin Slug:
- new-contact-form-widget
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62134
Owl Carousel WP
- Plugin:
- Owl Carousel WP
- Plugin Slug:
- owl-carousel-wp
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22388
Page Title Splitter
- Plugin:
- Page Title Splitter
- Plugin Slug:
- page-title-splitter
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62744
?????? ?????? ??????
- Plugin:
- ?????? ?????? ??????
- Plugin Slug:
- pardakht-delkhah
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62101
Product Delivery Date for WooCommerce – Lite
- Plugin Slug:
- product-delivery-date-for-woocommerce-lite
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-69027
Realbig For WordPress
- Plugin:
- Realbig For WordPress
- Plugin Slug:
- realbig-media
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62147
Responsive Block Control – Hide blocks based on display width
- Plugin Slug:
- responsive-block-control
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62135
RestroPress – Online Food Ordering System
- Plugin Slug:
- restropress
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62129
Robots.txt rewrite
- Plugin:
- Robots.txt rewrite
- Plugin Slug:
- robotstxt-rewrite
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62148
SEO Slider
- Plugin:
- SEO Slider
- Plugin Slug:
- seo-slider
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62097
Slider Templates
- Plugin:
- Slider Templates
- Plugin Slug:
- slider-templates
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68009
Tasty Recipes Lite
- Plugin:
- Tasty Recipes Lite
- Plugin Slug:
- tasty-recipes-lite
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62131
Tasty Recipes Lite
- Plugin:
- Tasty Recipes Lite
- Plugin Slug:
- tasty-recipes-lite
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62132
Logo Slider , Logo Carousel , Logo showcase , Client Logo
- Plugin Slug:
- tc-logo-slider
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62121
Terms descriptions
- Plugin:
- Terms descriptions
- Plugin Slug:
- terms-descriptions
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62139
OpenHook
- Plugin:
- OpenHook
- Plugin Slug:
- thesis-openhook
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62120
History Timeline for Biography, Company History & Event Timeline
- Plugin Slug:
- timeline-awesome
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62150
Trash Duplicate and 301 Redirect
- Plugin:
- Trash Duplicate and 301 Redirect
- Plugin Slug:
- trash-duplicate-and-301-redirect
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62122
Cincopa video and media plug-in
- Plugin:
- Cincopa video and media plug-in
- Plugin Slug:
- video-playlist-and-gallery-plugin
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62143
Cincopa video and media plug-in
- Plugin:
- Cincopa video and media plug-in
- Plugin Slug:
- video-playlist-and-gallery-plugin
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62142
WP Gmail SMTP
- Plugin:
- WP Gmail SMTP
- Plugin Slug:
- wp-gmail-smtp
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62123
WP Post Signature
- Plugin:
- WP Post Signature
- Plugin Slug:
- wp-post-signature
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62124
Varnish/Nginx Proxy Caching
- Plugin:
- Varnish/Nginx Proxy Caching
- Plugin Slug:
- vcaching
- Installations
- 900+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62126
Sticky Notes for WP Dashboard
- Plugin:
- Sticky Notes for WP Dashboard
- Plugin Slug:
- wb-sticky-notes
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62087
WP Advanced PDF
- Plugin:
- WP Advanced PDF
- Plugin Slug:
- wp-advanced-pdf
- Installations
- 900+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62138
iNext Woo Pincode Checker
- Plugin:
- iNext Woo Pincode Checker
- Plugin Slug:
- inext-woo-pincode-checker
- Installations
- 800+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62084
Mergado Pack
- Plugin:
- Mergado Pack
- Plugin Slug:
- mergado-marketing-pack
- Installations
- 800+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62089
Wiremo – Product Reviews for WooCommerce
- Plugin Slug:
- woo-reviews-by-wiremo
- Installations
- 800+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62092
BoomDevs WordPress Coming Soon Plugin
- Plugin Slug:
- coming-soon-by-boomdevs
- Installations
- 700+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62083
Easy Upload Files During Checkout
- Plugin Slug:
- easy-upload-files-during-checkout
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62078
Live Shopping & Shoppable Videos For WooCommerce
- Plugin Slug:
- live-shopping-video-streams
- Installations
- 600+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62080
Live Shopping & Shoppable Videos For WooCommerce
- Plugin Slug:
- live-shopping-video-streams
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62081
Efí Bank
- Plugin:
- Efí Bank
- Plugin Slug:
- woo-gerencianet-official
- Installations
- 500+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59136
WP Export Categories & Taxonomies
- Plugin Slug:
- wp-export-categories-taxonomies
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62079
Behance Portfolio Manager
- Plugin:
- Behance Portfolio Manager
- Plugin Slug:
- portfolio-manager-powered-by-behance
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59135
Behance Portfolio Manager
- Plugin:
- Behance Portfolio Manager
- Plugin Slug:
- portfolio-manager-powered-by-behance
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-59137
WP-CalDav2ICS
- Plugin:
- WP-CalDav2ICS
- Plugin Slug:
- wp-caldav2ics
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-59131
Audiomack
- Plugin:
- Audiomack
- Plugin Slug:
- audiomack
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49357
Content Fetcher
- Plugin:
- Content Fetcher
- Plugin Slug:
- content-fetcher
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49358
Sell Downloads
- Plugin:
- Sell Downloads
- Plugin Slug:
- sell-downloads
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68850
Accessibility Press
- Plugin:
- Accessibility Press
- Plugin Slug:
- ilogic-accessibility
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49355
Infility Global
- Plugin:
- Infility Global
- Plugin Slug:
- infility-global
- Installations
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-68865
MyD Delivery
- Plugin:
- MyD Delivery
- Plugin Slug:
- myd-delivery
- Installations
- 100+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49334
Orders Chat for WooCommerce
- Plugin:
- Orders Chat for WooCommerce
- Plugin Slug:
- orders-chat-for-woocommerce
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49356
Simple XML Sitemap
- Plugin:
- Simple XML Sitemap
- Plugin Slug:
- simple-xml-sitemap
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22355
Order Cancellation & Returns for WooCommerce
- Plugin Slug:
- wc-order-cancellation-return
- Installations
- 100+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49352
Effect Maker
- Plugin:
- Effect Maker
- Plugin Slug:
- effect-maker
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68867
Flaming Password Reset
- Plugin:
- Flaming Password Reset
- Plugin Slug:
- flaming-password-reset
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68875
PRIMER by chloédigital
- Plugin:
- PRIMER by chloédigital
- Plugin Slug:
- primer-by-chloedigital
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68873
Visitor Stats Widget
- Plugin:
- Visitor Stats Widget
- Plugin Slug:
- visitor-stats-widget
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68874
Custom Style
- Plugin:
- Custom Style
- Plugin Slug:
- custom-style
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49342
e-shops???2
- Plugin:
- e-shops???2
- Plugin Slug:
- e-shops-cart2
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68890
Noindex by Path
- Plugin:
- Noindex by Path
- Plugin Slug:
- noindex-by-path
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49353
Pinpoll
- Plugin:
- Pinpoll
- Plugin Slug:
- pinpoll
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68889
Recent Posts From Each Category
- Plugin:
- Recent Posts From Each Category
- Plugin Slug:
- recent-posts-from-each-category
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49354
Scroll rss excerpt
- Plugin:
- Scroll rss excerpt
- Plugin Slug:
- scroll-rss-excerpt
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68892
SensitiveTagCloud
- Plugin:
- SensitiveTagCloud
- Plugin Slug:
- sensitive-tag-cloud
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49344
Simple Archive Generator
- Plugin:
- Simple Archive Generator
- Plugin Slug:
- simple-archive-generator
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49346
Social Profilr
- Plugin:
- Social Profilr
- Plugin Slug:
- social-profilr-display-social-network-profile
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49343
WP App Bar
- Plugin:
- WP App Bar
- Plugin Slug:
- wp-app-bar
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68891
WP-BusinessDirectory – Business directory plugin for WordPress
- Plugin Slug:
- wp-businessdirectory
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68887
WP-EasyArchives
- Plugin:
- WP-EasyArchives
- Plugin Slug:
- wp-easyarchives
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49345
Custom Post Status
- Plugin:
- Custom Post Status
- Plugin Slug:
- custom-post-status
- Installations
- 40+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68885
Direct Payments WP
- Plugin:
- Direct Payments WP
- Plugin Slug:
- direct-payments-wp
- Installations
- 40+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49339
Direct Payments WP
- Plugin:
- Direct Payments WP
- Plugin Slug:
- direct-payments-wp
- Installations
- 40+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49340
Flowbox
- Plugin:
- Flowbox
- Plugin Slug:
- flowbox
- Installations
- 10+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49338
Dashboard Beacon
- Plugin:
- Dashboard Beacon
- Plugin Slug:
- wp-dashboard-beacon
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49337
WPBookit
- Plugin:
- WPBookit
- Plugin Slug:
- wpbookit
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12685
Advance WP Query Search Filter
- Plugin:
- Advance WP Query Search Filter
- Plugin Slug:
- advance-wp-query-search-filter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14313
Advance WP Query Search Filter
- Plugin:
- Advance WP Query Search Filter
- Plugin Slug:
- advance-wp-query-search-filter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14312
Appender
- Plugin:
- Appender
- Plugin Slug:
- appender
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66150
Appointify
- Plugin:
- Appointify
- Plugin Slug:
- appointify
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59130
Appointify
- Plugin:
- Appointify
- Plugin Slug:
- appointify
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-59129
Wawp
- Plugin:
- Wawp
- Plugin Slug:
- automation-web-platform
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62141
BM Content Builder
- Plugin:
- BM Content Builder
- Plugin Slug:
- bm-builder
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-69055
Conformer for Elementor
- Plugin:
- Conformer for Elementor
- Plugin Slug:
- conformer-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66148
Countdowner for Elementor
- Plugin:
- Countdowner for Elementor
- Plugin Slug:
- countdowner-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66151
Couponer for Elementor
- Plugin:
- Couponer for Elementor
- Plugin Slug:
- couponer-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66154
Criptopayer for Elementor
- Plugin:
- Criptopayer for Elementor
- Plugin Slug:
- criptopayer-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66152
Dental Care CPT
- Plugin:
- Dental Care CPT
- Plugin Slug:
- dentalcare-cpt
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69035
Gmaper for Elementor
- Plugin:
- Gmaper for Elementor
- Plugin Slug:
- gmaper-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66158
Select Graphist for Elementor Graphist for Elementor
- Plugin:
- Select Graphist for Elementor Graphist for Elementor
- Plugin Slug:
- graphist-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66160
Headinger for Elementor
- Plugin:
- Headinger for Elementor
- Plugin Slug:
- headinger-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66153
Hotel Listing
- Plugin:
- Hotel Listing
- Plugin Slug:
- hotel-listing
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69056
iRecco Core
- Plugin:
- iRecco Core
- Plugin Slug:
- irecco-core
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69046
JobBank
- Plugin:
- JobBank
- Plugin Slug:
- jobbank
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69085
ListingPro Reviews
- Plugin:
- ListingPro Reviews
- Plugin Slug:
- listingpro-reviews
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69051
Logger for Elementor
- Plugin:
- Logger for Elementor
- Plugin Slug:
- logger-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66146
WordPress Movies Bulk Importer
- Plugin:
- WordPress Movies Bulk Importer
- Plugin Slug:
- movies importer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22359
Questionar for Elementor
- Plugin:
- Questionar for Elementor
- Plugin Slug:
- questionar-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66155
Registration & Login with Mobile Phone Number for WooCommerce
- Plugin:
- Registration & Login with Mobile Phone Number for WooCommerce
- Plugin Slug:
- registration-login-with-mobile-phone-number
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-69052
Reuters Direct
- Plugin:
- Reuters Direct
- Plugin Slug:
- reuters-direct
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49349
SearchAzon
- Plugin:
- SearchAzon
- Plugin Slug:
- searchazon
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22360
Sermon Manager
- Plugin:
- Sermon Manager
- Plugin Slug:
- sermon-manager-for-wordpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63000
Sliper for Elementor
- Plugin:
- Sliper for Elementor
- Plugin Slug:
- sliper-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66157
Super Logos Showcase
- Plugin:
- Super Logos Showcase
- Plugin Slug:
- superlogoshowcase-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69054
Tech Life CPT
- Plugin:
- Tech Life CPT
- Plugin Slug:
- techlife-cpt
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69036
UnGrabber
- Plugin:
- UnGrabber
- Plugin Slug:
- ungrabber
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66149
Universal Video Player
- Plugin:
- Universal Video Player
- Plugin Slug:
- universal-video-player
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69053
Universal Video Player
- Plugin:
- Universal Video Player
- Plugin Slug:
- universal-video-player
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69048
Valenti Engine
- Plugin:
- Valenti Engine
- Plugin Slug:
- valenti-engine
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63021
Walker for Elementor
- Plugin:
- Walker for Elementor
- Plugin Slug:
- walker-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66159
Watcher for Elementor
- Plugin:
- Watcher for Elementor
- Plugin Slug:
- watcher-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66156
WING WordPress Migrator
- Plugin:
- WING WordPress Migrator
- Plugin Slug:
- wing-migrator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-52835
WooCommerce Parcelas
- Plugin:
- WooCommerce Parcelas
- Plugin Slug:
- woocommerce-parcelas
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62750
Worker for Elementor
- Plugin:
- Worker for Elementor
- Plugin Slug:
- worker-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66144
Worker for WPBakery
- Plugin:
- Worker for WPBakery
- Plugin Slug:
- worker-wpbakery
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-66145
WordPress & WooCommerce Scraper Plugin, Import Data from Any Site
- Plugin:
- WordPress & WooCommerce Scraper Plugin, Import Data from Any Site
- Plugin Slug:
- wp_scraper
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62088
PixelYourSite – Your smart PIXEL (TAG) & API Manager
- Plugin Slug:
- pixelyoursite
- Installations
- 500,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 11.1.5.1
- Severity Score:
- Medium
- CVE:
- 2025-14280
Advanced Ads – Ad Manager & AdSense
- Plugin Slug:
- advanced-ads
- Installations
- 100,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 2.0.15
- Severity Score:
- Critical
- CVE:
- 2025-13592
Aruba HiSpeed Cache
- Plugin:
- Aruba HiSpeed Cache
- Plugin Slug:
- aruba-hispeed-cache
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.3
- Severity Score:
- Medium
- CVE:
- 2025-67913
Depicter — Popup & Slider Builder
- Plugin Slug:
- depicter
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.7.0
- Severity Score:
- Medium
- CVE:
- 2025-11370
Depicter — Popup & Slider Builder
- Plugin Slug:
- depicter
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.5
- Severity Score:
- Medium
- CVE:
- 2025-68558
Strong Testimonials
- Plugin:
- Strong Testimonials
- Plugin Slug:
- strong-testimonials
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.19
- Severity Score:
- Medium
- CVE:
- 2025-14426
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.2.1
- Severity Score:
- Medium
- CVE:
- 2025-13964
Comments – wpDiscuz
- Plugin:
- Comments – wpDiscuz
- Plugin Slug:
- wpdiscuz
- Installations
- 80,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 7.6.40
- Severity Score:
- Critical
- CVE:
- 2025-13820
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
- Plugin Slug:
- post-and-page-builder
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.27.10
- Severity Score:
- Medium
- CVE:
- 2025-69345
Table Field Add-on for ACF and SCF
- Plugin Slug:
- advanced-custom-fields-table-field
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.31
- Severity Score:
- Medium
- CVE:
- 2025-12067
TaxoPress: Tag, Category, and Taxonomy Manager – AI Autotagger
- Plugin Slug:
- simple-tags
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.42.0
- Severity Score:
- Medium
- CVE:
- 2025-14371
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
- Plugin Slug:
- easy-digital-downloads
- Installations
- 40,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 3.6.3
- Severity Score:
- Medium
- CVE:
- 2025-14783
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
- Plugin:
- Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
- Plugin Slug:
- popup-builder-block
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2025-14441
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
- Plugin Slug:
- quiz-master-next
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 10.3.2
- Severity Score:
- Medium
- CVE:
- 2025-9294
Link Whisper Free
- Plugin:
- Link Whisper Free
- Plugin Slug:
- link-whisper
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.8.9
- Severity Score:
- High
- CVE:
- 2025-67927
Ultimate Post Kit Addons for Elementor
- Plugin Slug:
- ultimate-post-kit
- Installations
- 30,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.0.16
- Severity Score:
- Medium
- CVE:
- 2025-14434
WP Custom Admin Interface
- Plugin:
- WP Custom Admin Interface
- Plugin Slug:
- wp-custom-admin-interface
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.41
- Severity Score:
- Medium
- CVE:
- 2025-63038
Branda – White Label & Branding, Free Login Page Customizer
- Plugin Slug:
- branda-white-labeling
- Installations
- 20,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.4.29
- Severity Score:
- Critical
- CVE:
- 2025-14998
Icegram Engage – Popups, Optins, CTAs & lot more…
- Plugin Slug:
- icegram
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.36
- Severity Score:
- Medium
- CVE:
- 2025-68507
WP Import – Ultimate CSV XML Importer for WordPress
- Plugin Slug:
- wp-ultimate-csv-importer
- Installations
- 20,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 7.36
- Severity Score:
- Medium
- CVE:
- 2025-14627
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration
- Plugin:
- User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration
- Plugin Slug:
- wp-user-frontend
- Installations
- 20,000+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 4.2.5
- Severity Score:
- High
- CVE:
- 2025-14047
AffiliateX – Amazon Affiliate Plugin
- Plugin Slug:
- affiliatex
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2025-69346
Demo Importer Plus
- Plugin:
- Demo Importer Plus
- Plugin Slug:
- demo-importer-plus
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.9
- Severity Score:
- Medium
- CVE:
- 2025-69091
Fluent Support – Helpdesk & Customer Support Ticket System
- Plugin Slug:
- fluent-support
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.10.5
- Severity Score:
- Medium
- CVE:
- 2025-67926
Form Vibes – Database Manager for Forms
- Plugin Slug:
- form-vibes
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5
- Severity Score:
- High
- CVE:
- 2025-13409
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin Slug:
- gamipress
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.6.2
- Severity Score:
- Medium
- CVE:
- 2025-13812
Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin
- Plugin Slug:
- logo-slider-wp
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.0
- Severity Score:
- Medium
- CVE:
- 2025-13153
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.7
- Severity Score:
- Medium
- CVE:
- 2025-13766
Plugin Organizer
- Plugin:
- Plugin Organizer
- Plugin Slug:
- plugin-organizer
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 10.2.4
- Severity Score:
- High
- CVE:
- 2025-13417
Postie
- Plugin:
- Postie
- Plugin Slug:
- postie
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.74
- Severity Score:
- Medium
- CVE:
- 2025-63020
Team – Team Members Showcase Plugin
- Plugin Slug:
- tlp-team
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.0.11
- Severity Score:
- Critical
- CVE:
- 2025-14124
User Submitted Posts – Enable Users to Submit Posts from the Front End
- Plugin Slug:
- user-submitted-posts
- Installations
- 10,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 20251210
- Severity Score:
- Medium
- CVE:
- 2025-68509
weForms – Easy Drag & Drop Contact Form Builder For WordPress
- Plugin Slug:
- weforms
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.26
- Severity Score:
- Medium
- CVE:
- 2025-69028
YaMaps for WordPress Plugin
- Plugin:
- YaMaps for WordPress Plugin
- Plugin Slug:
- yamaps
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.6.40
- Severity Score:
- Medium
- CVE:
- 2025-13958
Blog Filter Post Filtering
- Plugin:
- Blog Filter Post Filtering
- Plugin Slug:
- blog-filter
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.4
- Severity Score:
- Medium
- CVE:
- 2025-69033
Customer Email Verification for WooCommerce
- Plugin Slug:
- emails-verification-for-woocommerce
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.3
- Severity Score:
- Medium
- CVE:
- 2025-47504
ShopBuilder – WooCommerce Builder For Elementor
- Plugin Slug:
- shopbuilder
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.2
- Severity Score:
- High
- CVE:
- 2025-13456
Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor
- Plugin Slug:
- ultimate-store-kit
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.9.5
- Severity Score:
- Medium
- CVE:
- 2025-69336
FlexTable – Data Table Sync with Google Sheets
- Plugin Slug:
- sheets-to-wp-table-live-sync
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.19.2
- Severity Score:
- Medium
- CVE:
- 2025-9543
WpStream – Live Streaming, Video on Demand, Pay Per View
- Plugin Slug:
- wpstream
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.6
- Severity Score:
- Medium
- CVE:
- 2025-68522
WpStream – Live Streaming, Video on Demand, Pay Per View
- Plugin Slug:
- wpstream
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.6
- Severity Score:
- Medium
- CVE:
- 2025-68521
Spiffy Calendar
- Plugin:
- Spiffy Calendar
- Plugin Slug:
- spiffy-calendar
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.8
- Severity Score:
- Medium
- CVE:
- 2025-68523
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
- Plugin Slug:
- academy
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.1
- Severity Score:
- Medium
- CVE:
- 2025-68527
Free Shipping Bar: Amount Left for Free Shipping for WooCommerce
- Plugin Slug:
- amount-left-free-shipping-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.0
- Severity Score:
- Medium
- CVE:
- 2025-68528
Auto Listings – Car Listings & Car Dealership Plugin for WordPress
- Plugin Slug:
- auto-listings
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.2
- Severity Score:
- Medium
- CVE:
- 2025-69089
BuddyPress Activity Shortcode
- Plugin:
- BuddyPress Activity Shortcode
- Plugin Slug:
- bp-activity-shortcode
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.9
- Severity Score:
- Medium
- CVE:
- 2025-62760
Newsletters
- Plugin:
- Newsletters
- Plugin Slug:
- newsletters-lite
- Installations
- 2,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.12
- Severity Score:
- Critical
- CVE:
- 2025-67911
Team Showcase – Responsive Team Members Grid, Slider, and Carousel Plugin
- Plugin Slug:
- team-showcase
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.0
- Severity Score:
- Medium
- CVE:
- 2025-69335
Appointment Booking Calendar – WP Timetics Booking Plugin
- Plugin Slug:
- timetics
- Installations
- 2,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.0.48
- Severity Score:
- High
- CVE:
- 2025-67915
Featured Video for WordPress – VideographyWP
- Plugin Slug:
- videographywp
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.20
- Severity Score:
- Medium
- CVE:
- 2025-62746
Wishlist for WooCommerce: Multi Wishlists Per Customer
- Plugin Slug:
- wish-list-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.1
- Severity Score:
- Medium
- CVE:
- 2025-69334
Combo Offers WooCommerce
- Plugin:
- Combo Offers WooCommerce
- Plugin Slug:
- woo-combo-offers
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3
- Severity Score:
- Medium
- CVE:
- 2025-69088
Email Marketing Plugin – WP Email Capture
- Plugin Slug:
- wp-email-capture
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.12.6
- Severity Score:
- Medium
- CVE:
- 2025-68529
Yada Wiki
- Plugin:
- Yada Wiki
- Plugin Slug:
- yada-wiki
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6
- Severity Score:
- Medium
- CVE:
- 2025-66094
Import into Easy Property Listings
- Plugin Slug:
- easy-property-listings-xml-csv-import
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2025-62112
Signature Add-On for Gravity Forms
- Plugin Slug:
- gravity-signature-forms-add-on
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.7
- Severity Score:
- Medium
- CVE:
- 2025-62099
Maximum Products per User for WooCommerce
- Plugin Slug:
- maximum-products-per-user-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.4
- Severity Score:
- Medium
- CVE:
- 2025-62096
Poptics – Popup Builder, Email Opt-ins, Exit-Intent & WooCommerce Popups Sales
- Plugin Slug:
- poptics
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.0.21
- Severity Score:
- Medium
- CVE:
- 2025-69025
Print Anywhere & Create PDFs of Order Receipts, Invoices, Labels & More.
- Plugin Slug:
- print-google-cloud-print-gcp-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.7.1
- Severity Score:
- Medium
- CVE:
- 2025-69024
SiteLock Security – WP Hardening, Login Security & Malware Scans
- Plugin Slug:
- sitelock
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.2
- Severity Score:
- Medium
- CVE:
- 2025-62128
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
- Plugin Slug:
- sunshine-photo-cart
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.7.2
- Severity Score:
- Medium
- CVE:
- 2025-68535
Lucky Wheel for WooCommerce – Spin a Sale
- Plugin Slug:
- woo-lucky-wheel
- Installations
- 1,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.1.14
- Severity Score:
- Critical
- CVE:
- 2025-14509
WPCal.io – Easy Meeting Scheduler
- Plugin Slug:
- wpcal
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.5.10
- Severity Score:
- Medium
- CVE:
- 2025-66103
Serial Codes Generator and Validator with WooCommerce Support
- Plugin Slug:
- serial-codes-generator-and-validator
- Installations
- 800+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.3
- Severity Score:
- Medium
- CVE:
- 2025-62091
URL Image Importer
- Plugin:
- URL Image Importer
- Plugin Slug:
- url-image-importer
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.8
- Severity Score:
- Medium
- CVE:
- 2025-14120
ilGhera Support System for WooCommerce
- Plugin Slug:
- wc-support-system
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2025-14034
Knowband Mobile App Builder
- Plugin:
- Knowband Mobile App Builder
- Plugin Slug:
- knowband-mobile-app-builder-for-woocommerce
- Installations
- 10+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.0
- Severity Score:
- Medium
- CVE:
- 2025-13029
Page Expire Popup/Redirection for WordPress
- Plugin Slug:
- page-expire-popup
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1
- Severity Score:
- High
- CVE:
- 2025-14153
Automotive Listings
- Plugin:
- Automotive Listings
- Plugin Slug:
- automotive
- Vulnerability:
- SQL Injection
- Patched in Version:
- 18.7
- Severity Score:
- Critical
- CVE:
- 2025-67928
XStore Core
- Plugin:
- XStore Core
- Plugin Slug:
- et-core-plugin
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6
- Severity Score:
- Medium
- CVE:
- 2025-64190
Follow My Blog Post
- Plugin:
- Follow My Blog Post
- Plugin Slug:
- follow-my-blog-post
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 2.4.1
- Severity Score:
- High
- CVE:
- 2025-68547
FooEvents for WooCommerce
- Plugin:
- FooEvents for WooCommerce
- Plugin Slug:
- fooevents
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.20.5
- Severity Score:
- High
- CVE:
- 2025-69045
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent
- Plugin:
- WP Cookie Notice for GDPR, CCPA & ePrivacy Consent
- Plugin Slug:
- gdpr-cookie-consent
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.4
- Severity Score:
- Medium
- CVE:
- 2025-66080
JetBlog
- Plugin:
- JetBlog
- Plugin Slug:
- jet-blog
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.7.1
- Severity Score:
- Medium
- CVE:
- 2025-68503
JetEngine
- Plugin:
- JetEngine
- Plugin Slug:
- jet-engine
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.8.1.2
- Severity Score:
- Medium
- CVE:
- 2025-69333
JetEngine
- Plugin:
- JetEngine
- Plugin Slug:
- jet-engine
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.8
- Severity Score:
- High
- CVE:
- 2025-67923
JetPopup
- Plugin:
- JetPopup
- Plugin Slug:
- jet-popup
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.0.20.2
- Severity Score:
- Medium
- CVE:
- 2025-68502
JetSearch
- Plugin:
- JetSearch
- Plugin Slug:
- jet-search
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.16.1
- Severity Score:
- Medium
- CVE:
- 2025-68504
JetTabs
- Plugin:
- JetTabs
- Plugin Slug:
- jet-tabs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.12.1
- Severity Score:
- Medium
- CVE:
- 2025-68499
JetTabs
- Plugin:
- JetTabs
- Plugin Slug:
- jet-tabs
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.12.1
- Severity Score:
- Medium
- CVE:
- 2025-68498
WBC907 Core
- Plugin:
- WBC907 Core
- Plugin Slug:
- wbc907-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.2
- Severity Score:
- Medium
- CVE:
- 2025-63027
WeDesignTech Ultimate Booking Addon
- Plugin:
- WeDesignTech Ultimate Booking Addon
- Plugin Slug:
- wedesigntech-ultimate-booking-addon
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.4
- Severity Score:
- Medium
- CVE:
- 2025-69341
Woffice Core
- Plugin:
- Woffice Core
- Plugin Slug:
- woffice-core
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.4.31
- Severity Score:
- Medium
- CVE:
- 2025-67919
WordPress Themes — 14 Patched / 66 Unpatched
Black Rider
- Theme:
- Black Rider
- Theme Slug:
- black-rider
- Downloads
- 45,140
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
Consulting
- Theme:
- Consulting
- Theme Slug:
- consulting
- Downloads
- 428,660
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63032
Melos
- Theme:
- Melos
- Theme Slug:
- melos
- Downloads
- 438,193
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62136
Minamaze
- Theme:
- Minamaze
- Theme Slug:
- minamaze
- Downloads
- 1,015,028
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62991
Shuttle
- Theme:
- Shuttle
- Theme Slug:
- shuttle
- Downloads
- 555,266
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62137
Vireo
- Theme:
- Vireo
- Theme Slug:
- vireo
- Downloads
- 23,014
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-62751
Arcane
- Theme:
- Arcane
- Theme Slug:
- arcane
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-69031
Arlo
- Theme:
- Arlo
- Theme Slug:
- arlo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69082
Backpack Traveler
- Theme:
- Backpack Traveler
- Theme Slug:
- backpacktraveler
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-69030
Bailly
- Theme:
- Bailly
- Theme Slug:
- bailly
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69039
Bfres
- Theme:
- Bfres
- Theme Slug:
- bfres
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69040
Hope
- Theme:
- Hope
- Theme Slug:
- charity-is-hope
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69081
Cocco
- Theme:
- Cocco
- Theme Slug:
- cocco
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22391
Curly
- Theme:
- Curly
- Theme Slug:
- curly
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22393
Dekoro
- Theme:
- Dekoro
- Theme Slug:
- dekoro
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69041
DiveIt
- Theme:
- DiveIt
- Theme Slug:
- diveit
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69059
Dolcino
- Theme:
- Dolcino
- Theme Slug:
- dolcino
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22411
Eldon
- Theme:
- Eldon
- Theme Slug:
- eldon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69057
Electrician – Electrical Service WordPress
- Theme:
- Electrician – Electrical Service WordPress
- Theme Slug:
- electrician
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22358
Fiorello
- Theme:
- Fiorello
- Theme Slug:
- fiorello
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22396
FiveStar
- Theme:
- FiveStar
- Theme Slug:
- fivestar
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-69032
Fleur
- Theme:
- Fleur
- Theme Slug:
- fleur
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22398
Frappé
- Theme:
- Frappé
- Theme Slug:
- frappe
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69083
FreeAgent
- Theme:
- FreeAgent
- Theme Slug:
- freeagent
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69087
Freshio
- Theme:
- Freshio
- Theme Slug:
- freshio
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22401
Gecko
- Theme:
- Gecko
- Theme Slug:
- gecko
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69080
Genemy
- Theme:
- Genemy
- Theme Slug:
- genemy
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59138
Hobo
- Theme:
- Hobo
- Theme Slug:
- hobo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69077
Holmes
- Theme:
- Holmes
- Theme Slug:
- holmes
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22400
Hyori
- Theme:
- Hyori
- Theme Slug:
- hyori
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69038
Indoor Plants
- Theme:
- Indoor Plants
- Theme Slug:
- indoor-plants
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69066
Innovio
- Theme:
- Innovio
- Theme Slug:
- innovio
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22404
Issabella
- Theme:
- Issabella
- Theme Slug:
- issabella
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69086
Justicia
- Theme:
- Justicia
- Theme Slug:
- justicia
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22409
Lekker
- Theme:
- Lekker
- Theme Slug:
- lekker
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69034
Lindo
- Theme:
- Lindo
- Theme Slug:
- lindo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69042
Malta
- Theme:
- Malta
- Theme Slug:
- malta
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69078
Modern Housewife
- Theme:
- Modern Housewife
- Theme Slug:
- modernhousewife
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69076
MoveMe
- Theme:
- MoveMe
- Theme Slug:
- moveme
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69061
Muji
- Theme:
- Muji
- Theme Slug:
- muji
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69068
Sound | Musical Instruments Online Store
- Theme:
- Sound | Musical Instruments Online Store
- Theme Slug:
- musicplace
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-69079
Overton
- Theme:
- Overton
- Theme Slug:
- overton
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22406
Overworld
- Theme:
- Overworld
- Theme Slug:
- overworld
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69050
PartyMaker
- Theme:
- PartyMaker
- Theme Slug:
- partymaker
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69058
PawFriends – Pet Shop and Veterinary WordPress Theme
- Theme:
- PawFriends – Pet Shop and Veterinary WordPress Theme
- Theme Slug:
- pawfriends
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22382
Pearson Specter
- Theme:
- Pearson Specter
- Theme Slug:
- pearsonspecter
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69074
Pets Land
- Theme:
- Pets Land
- Theme Slug:
- petsland
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69064
Pippo
- Theme:
- Pippo
- Theme Slug:
- pippo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69037
Piqes
- Theme:
- Piqes
- Theme Slug:
- piqes
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69073
Prider
- Theme:
- Prider
- Theme Slug:
- prider
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69072
Rashy
- Theme:
- Rashy
- Theme Slug:
- rashy
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69043
Roam
- Theme:
- Roam
- Theme Slug:
- roam
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22407
Snow Mountain
- Theme:
- Snow Mountain
- Theme Slug:
- snowmountain
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69065
Struktur
- Theme:
- Struktur
- Theme Slug:
- struktur
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-69029
MaxShop
- Theme:
- MaxShop
- Theme Slug:
- sw_maxshop
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69047
Sweet Jane
- Theme:
- Sweet Jane
- Theme Slug:
- sweetjane
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22426
Tails
- Theme:
- Tails
- Theme Slug:
- tails
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69067
TanTum
- Theme:
- TanTum
- Theme Slug:
- tantum
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69071
Töbel
- Theme:
- Töbel
- Theme Slug:
- tobel
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69049
Tornados
- Theme:
- Tornados
- Theme Slug:
- tornados
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69070
Triply
- Theme:
- Triply
- Theme Slug:
- triply
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22402
uReach
- Theme:
- uReach
- Theme Slug:
- ureach
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69060
Vango
- Theme:
- Vango
- Theme Slug:
- vango
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69044
Verdure
- Theme:
- Verdure
- Theme Slug:
- verdure
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22430
Weedles
- Theme:
- Weedles
- Theme Slug:
- weedles
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69062
Yolox
- Theme:
- Yolox
- Theme Slug:
- yolox
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69075
Oneline Lite
- Theme:
- Oneline Lite
- Theme Slug:
- oneline-lite
- Downloads
- 411,275
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.7
- Severity Score:
- Medium
- CVE:
- 2025-69344
Phlox
Bookory
- Theme:
- Bookory
- Theme Slug:
- bookory
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.2.8
- Severity Score:
- High
- CVE:
- 2025-68530
Calafate
- Theme:
- Calafate
- Theme Slug:
- calafate
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.7.8
- Severity Score:
- High
- CVE:
- 2025-69342
Corpkit
- Theme:
- Corpkit
- Theme Slug:
- corpkit
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.0.1
- Severity Score:
- High
- CVE:
- 2025-67925
Corpkit
- Theme:
- Corpkit
- Theme Slug:
- corpkit
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.0.1
- Severity Score:
- Critical
- CVE:
- 2025-67924
Grand Restaurant
- Theme:
- Grand Restaurant
- Theme Slug:
- grandrestaurant
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.9
- Severity Score:
- High
- CVE:
- 2025-67922
Jobify
- Theme:
- Jobify
- Theme Slug:
- jobify
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.1
- Severity Score:
- High
- CVE:
- 2025-67916
Lobo
- Theme:
- Lobo
- Theme Slug:
- lobo
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.8.6
- Severity Score:
- High
- CVE:
- 2025-67921
Neo Ocular
- Theme:
- Neo Ocular
- Theme Slug:
- neoocular
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.2
- Severity Score:
- High
- CVE:
- 2025-67920
Photography
- Theme:
- Photography
- Theme Slug:
- photography
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 7.7.5
- Severity Score:
- High
- CVE:
- 2025-68510
Traveler
- Theme:
- Traveler
- Theme Slug:
- traveler
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.7
- Severity Score:
- Medium
- CVE:
- 2025-67917
VidMov
- Theme:
- VidMov
- Theme Slug:
- vidmov
- Vulnerability:
- Path Traversal
- Patched in Version:
- 2.3.9
- Severity Score:
- High
- CVE:
- 2025-67914
Woffice
- Theme:
- Woffice
- Theme Slug:
- woffice
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.31
- Severity Score:
- High
- CVE:
- 2025-67918
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
