In this report, 180 vulnerabilities have been publicly disclosed. Security patches for 62 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 118 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.9 “Gene” was released on December 2, 2025, adding Notes for block-level comments, an expanded Command Palette, and the new Abilities API to standardize permissions for future automation. It also includes performance improvements and new blocks and design tools to support faster, more flexible site building.
After any major release, don’t update live sites until you’ve taken backups and tested in a non-production environment.
WordPress Plugins — 57 Patched / 80 Unpatched
WP Test Email
- Plugin:
- WP Test Email
- Plugin Slug:
- wp-test-email
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69102
Related Posts by Taxonomy
- Plugin:
- Related Posts by Taxonomy
- Plugin Slug:
- related-posts-by-taxonomy
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0916
GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation
- Plugin Slug:
- geeky-bot
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-15266
CleverReach® WP
- Plugin:
- CleverReach® WP
- Plugin Slug:
- cleverreach-wp
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-68034
DK PDF – WordPress PDF Generator
- Plugin:
- DK PDF – WordPress PDF Generator
- Plugin Slug:
- dk-pdf
- Installations
- 3,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14793
Name Directory
- Plugin:
- Name Directory
- Plugin Slug:
- name-directory
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-15283
Event Tickets with Ticket Scanner
- Plugin Slug:
- event-tickets-with-ticket-scanner
- Installations
- 1,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-68015
SEO Booster
- Plugin:
- SEO Booster
- Plugin Slug:
- seo-booster
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68019
Order Notification for WooCommerce – Get Audio Alert on new Orders
- Plugin Slug:
- woc-order-alert
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-68018
Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit
- Plugin Slug:
- woo-rede
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0939
Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit
- Plugin Slug:
- woo-rede
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0942
Antideo Email Validator
- Plugin:
- Antideo Email Validator
- Plugin Slug:
- antideo-email-validator
- Installations
- 900+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68017
Event Espresso – Event Registration & Ticketing Sales
- Plugin Slug:
- event-espresso-decaf
- Installations
- 700+
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68007
WP Mail
- Plugin:
- WP Mail
- Plugin Slug:
- wp-mail
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68008
Shipping Rate By Cities
- Plugin:
- Shipping Rate By Cities
- Plugin Slug:
- shipping-rate-by-cities
- Installations
- 600+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-14770
My Post Order
- Plugin:
- My Post Order
- Plugin Slug:
- my-posts-order
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68004
Shown Connector
- Plugin:
- Shown Connector
- Plugin Slug:
- shown-connector
- Installations
- 400+
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68003
Table of Contents Creator
- Plugin:
- Table of Contents Creator
- Plugin Slug:
- table-of-contents-creator
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68836
Netcash WooCommerce Payment Gateway
- Plugin Slug:
- netcash-pay-now-payment-gateway-for-woocommerce
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14880
Quote Master
- Plugin:
- Quote Master
- Plugin Slug:
- quote-master
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68849
Infility Global
- Plugin:
- Infility Global
- Plugin Slug:
- infility-global
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68864
Syntax Highlighter Compress
- Plugin:
- Syntax Highlighter Compress
- Plugin Slug:
- syntax-highlighter-compress
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68859
HDForms | Contact Form Builder
- Plugin:
- HDForms | Contact Form Builder
- Plugin Slug:
- hdforms
- Installations
- 70+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68912
Dooodl
- Plugin:
- Dooodl
- Plugin Slug:
- dooodl
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68871
Gotham Block Extra Light
- Plugin:
- Gotham Block Extra Light
- Plugin Slug:
- gotham-block-extra-light
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15021
Gotham Block Extra Light
- Plugin:
- Gotham Block Extra Light
- Plugin Slug:
- gotham-block-extra-light
- Installations
- 60+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15020
WP Simple Redirect
- Plugin:
- WP Simple Redirect
- Plugin Slug:
- wp-simple-redirect
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68884
bidorbuy Store Integrator
- Plugin:
- bidorbuy Store Integrator
- Plugin Slug:
- bidorbuystoreintegrator
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68883
ShoutOut
- Plugin:
- ShoutOut
- Plugin Slug:
- shoutout
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68894
Accordion Slider PRO
- Plugin:
- Accordion Slider PRO
- Plugin Slug:
- accordion_slider_pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49066
AJS Footnotes
- Plugin:
- AJS Footnotes
- Plugin Slug:
- ajs-footnotes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-15378
Aplazo Payment Gateway
- Plugin:
- Aplazo Payment Gateway
- Plugin Slug:
- aplazo-payment-gateway
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15512
SocialChamp with WordPress
- Plugin:
- SocialChamp with WordPress
- Plugin Slug:
- auto-post-to-social-media-wp-to-social-champ
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14846
WP Page Permalink Extension
- Plugin:
- WP Page Permalink Extension
- Plugin Slug:
- change-wp-page-permalinks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14172
Omnichannel for WooCommerce
- Plugin:
- Omnichannel for WooCommerce
- Plugin Slug:
- codistoconnect
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68041
Crush.pics Image Optimizer
- Plugin:
- Crush.pics Image Optimizer
- Plugin Slug:
- crush-pics
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14482
DASHBOARD BUILDER
- Plugin:
- DASHBOARD BUILDER
- Plugin Slug:
- dashboard-builder
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14615
Reservation Plugin
- Plugin:
- Reservation Plugin
- Plugin Slug:
- dt-reservation-plugin
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-69095
Electric Studio Download Counter
- Plugin:
- Electric Studio Download Counter
- Plugin Slug:
- electric-studio-download-counter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0741
Shipping Rates by City for WooCommerce
- Plugin:
- Shipping Rates by City for WooCommerce
- Plugin Slug:
- flat-shipping-rate-by-city-for-woocommerce
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-0678
Float Payment Gateway
- Plugin:
- Float Payment Gateway
- Plugin Slug:
- float-gateway
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15513
GetContentFromURL
- Plugin:
- GetContentFromURL
- Plugin Slug:
- getcontentfromurl
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14613
Hide My WP
- Plugin:
- Hide My WP
- Plugin Slug:
- hide_my_wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69098
JNews – Frontend Submit
- Plugin:
- JNews – Frontend Submit
- Plugin Slug:
- jnews-frontend-submit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68904
JNews – Pay Writer
- Plugin:
- JNews – Pay Writer
- Plugin Slug:
- jnews-pay-writer
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68905
JNews – Video
- Plugin:
- JNews – Video
- Plugin Slug:
- jnews-video
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68906
Kunze Law
- Plugin:
- Kunze Law
- Plugin Slug:
- kunze-law
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15486
LEAV Last Email Address Validator
- Plugin:
- LEAV Last Email Address Validator
- Plugin Slug:
- last-email-address-validator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14853
LinkedIn SC
- Plugin:
- LinkedIn SC
- Plugin Slug:
- linkedin-sc
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0812
List Site Contributors
- Plugin:
- List Site Contributors
- Plugin Slug:
- list-site-contributors
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-0594
Makesweat
- Plugin:
- Makesweat
- Plugin Slug:
- makesweat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13627
News and Blog Designer Bundle
- Plugin:
- News and Blog Designer Bundle
- Plugin Slug:
- news-and-blog-designer-bundle
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14502
PayHere Payment Gateway Plugin for WooCommerce
- Plugin:
- PayHere Payment Gateway Plugin for WooCommerce
- Plugin Slug:
- payhere-payment-gateway
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15475
PDF Resume Parser
- Plugin:
- PDF Resume Parser
- Plugin Slug:
- pdf-resume-parser
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14464
Perfit WooCommerce
- Plugin:
- Perfit WooCommerce
- Plugin Slug:
- perfit-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14173
Real Post Slider Lite
- Plugin:
- Real Post Slider Lite
- Plugin Slug:
- real-post-slider-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0680
Responsive Accordion Slider
- Plugin:
- Responsive Accordion Slider
- Plugin Slug:
- responsive-accordion-slider
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0635
SearchWiz
- Plugin:
- SearchWiz
- Plugin Slug:
- searchwiz
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0694
Shabat Keeper
- Plugin:
- Shabat Keeper
- Plugin Slug:
- shabat-keeper
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13701
Short Link
- Plugin:
- Short Link
- Plugin Slug:
- short-link
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0813
Sosh Share Buttons
- Plugin:
- Sosh Share Buttons
- Plugin Slug:
- sosh-share-buttons
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15377
SpiceForms Form Builder
- Plugin:
- SpiceForms Form Builder
- Plugin Slug:
- spiceforms-form-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12178
Stopwords for comments
- Plugin:
- Stopwords for comments
- Plugin Slug:
- stopwords-for-comments
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15376
Synergy Project Manager
- Plugin:
- Synergy Project Manager
- Plugin Slug:
- synergy-project-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68898
Testimonials Creator
- Plugin:
- Testimonials Creator
- Plugin Slug:
- testimonials-creator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14379
xPromoter
- Plugin:
- xPromoter
- Plugin Slug:
- top_bar_promoter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49046
Tutor LMS Pro
- Plugin:
- Tutor LMS Pro
- Plugin Slug:
- tutor-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22332
Viet contact
- Plugin:
- Viet contact
- Plugin Slug:
- viet-contact
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1045
WooCommerce Frontend Manager – Ultimate
- Plugin:
- WooCommerce Frontend Manager – Ultimate
- Plugin Slug:
- wc-frontend-manager-ultimate
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22335
WDV One Page Docs – Documentation Plugin for WordPress
- Plugin Slug:
- wdv-one-page-docs
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68896
WMF Mobile Redirector
- Plugin:
- WMF Mobile Redirector
- Plugin Slug:
- wmf-mobile-redirector
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0739
Woocommerce Book Price
- Plugin:
- Woocommerce Book Price
- Plugin Slug:
- woo-book-price
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22334
Integration Opvius AI for WooCommerce
- Plugin:
- Integration Opvius AI for WooCommerce
- Plugin Slug:
- woosa-ai-for-woocommerce
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14301
Eli's WordCents adSense Widget with Analytics
- Plugin:
- Eli's WordCents adSense Widget with Analytics
- Plugin Slug:
- wordcents
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68872
Workreap Core
- Plugin:
- Workreap Core
- Plugin Slug:
- workreap_core
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-69101
WP Allowed Hosts
- Plugin:
- WP Allowed Hosts
- Plugin Slug:
- wp-allow-hosts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0734
WP Hello Bar
- Plugin:
- WP Hello Bar
- Plugin Slug:
- wp-hello-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1042
WP Lead Capturing Pages
- Plugin:
- WP Lead Capturing Pages
- Plugin Slug:
- wp-lead-capture
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49050
WPBlogSyn
- Plugin:
- WPBlogSyn
- Plugin Slug:
- wpblogsync
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14389
WPLMS
- Plugin:
- WPLMS
- Plugin Slug:
- wplms_plugin
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69097
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
- Plugin Slug:
- all-in-one-seo-pack
- Installations
- 3,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.3
- Severity Score:
- Medium
- CVE:
- 2025-14384
Breeze Cache
- Plugin:
- Breeze Cache
- Plugin Slug:
- breeze
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.22
- Severity Score:
- Medium
- CVE:
- 2025-69364
Newsletter – Send awesome emails from WordPress
- Plugin Slug:
- newsletter
- Installations
- 300,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 9.1.1
- Severity Score:
- Medium
- CVE:
- 2026-1051
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
- Plugin Slug:
- supreme-modules-for-divi
- Installations
- 200,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.5.63
- Severity Score:
- Critical
- CVE:
- 2025-13062
Advanced Ads – Ad Manager & AdSense
- Plugin Slug:
- advanced-ads
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.0.16
- Severity Score:
- High
- CVE:
- 2025-12984
Jupiter X Core
- Plugin:
- Jupiter X Core
- Plugin Slug:
- jupiterx-core
- Installations
- 80,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.11.0
- Severity Score:
- High
- CVE:
- 2025-50004
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
- Plugin Slug:
- learnpress
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.2.5
- Severity Score:
- Medium
- CVE:
- 2025-14798
WooCommerce Square
- Plugin:
- WooCommerce Square
- Plugin Slug:
- woocommerce-square
- Installations
- 80,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.1.2
- Severity Score:
- High
- CVE:
- 2025-13457
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
- Plugin Slug:
- simply-schedule-appointments
- Installations
- 70,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.6.9.13
- Severity Score:
- Critical
- CVE:
- 2025-12166
Drag and Drop Multiple File Upload for Contact Form 7
- Plugin Slug:
- drag-and-drop-multiple-file-upload-contact-form-7
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.9.3
- Severity Score:
- Low
- CVE:
- 2025-14457
Booking Calendar
- Plugin:
- Booking Calendar
- Plugin Slug:
- booking
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 10.14.12
- Severity Score:
- Medium
- CVE:
- 2025-14982
WP Duplicate Page
- Plugin:
- WP Duplicate Page
- Plugin Slug:
- wp-duplicate-page
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.1
- Severity Score:
- Medium
- CVE:
- 2025-14001
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.4.4
- Severity Score:
- Medium
- CVE:
- 2025-14448
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging
- Plugin Slug:
- wp-rss-aggregator
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.11
- Severity Score:
- High
- CVE:
- 2025-14375
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
- Plugin Slug:
- ultimate-post
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.4
- Severity Score:
- High
- CVE:
- 2025-69313
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
- Plugin Slug:
- wp-simple-firewall
- Installations
- 40,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 21.0.10
- Severity Score:
- Medium
- CVE:
- 2025-15370
Cost Calculator Builder
- Plugin:
- Cost Calculator Builder
- Plugin Slug:
- cost-calculator-builder
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.10
- Severity Score:
- Medium
- CVE:
- 2025-14757
Modular DS: Monitor, update, and backup multiple websites
- Plugin Slug:
- modular-connector
- Installations
- 30,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.6.0
- Severity Score:
- Critical
- CVE:
- 2026-23800
Modular DS: Monitor, update, and backup multiple websites
- Plugin Slug:
- modular-connector
- Installations
- 30,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.5.2
- Severity Score:
- Critical
- CVE:
- 2026-23550
Xpro Addons — 140+ Widgets for Elementor
- Plugin Slug:
- xpro-elementor-addons
- Installations
- 30,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.4.20
- Severity Score:
- Critical
- CVE:
- 2025-69312
Image Photo Gallery Final Tiles Grid
- Plugin Slug:
- final-tiles-grid-gallery-lite
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.10
- Severity Score:
- Medium
- CVE:
- 2025-15466
Quiz Maker
- Plugin:
- Quiz Maker
- Plugin Slug:
- quiz-maker
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.7.0.89
- Severity Score:
- Medium
- CVE:
- 2025-14579
AffiliateX – Amazon Affiliate Plugin
- Plugin Slug:
- affiliatex
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2025-13859
Demo Importer Plus
- Plugin:
- Demo Importer Plus
- Plugin Slug:
- demo-importer-plus
- Installations
- 10,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 2.0.10
- Severity Score:
- High
- CVE:
- 2025-14478
Membership Plugin – Restrict Content
- Plugin Slug:
- restrict-content
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.17
- Severity Score:
- High
- CVE:
- 2025-14844
User Submitted Posts – Enable Users to Submit Posts from the Front End
- Plugin Slug:
- user-submitted-posts
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 20260113
- Severity Score:
- Medium
- CVE:
- 2026-0913
weMail – Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation
- Plugin Slug:
- wemail
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.8
- Severity Score:
- Medium
- CVE:
- 2025-14348
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations
- 9,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 6.0.7.2
- Severity Score:
- Critical
- CVE:
- 2025-15403
NEX-Forms – Ultimate Forms Plugin for WordPress
- Plugin Slug:
- nex-forms-express-wp-form-builder
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.8
- Severity Score:
- Medium
- CVE:
- 2025-14803
UiChemy — Figma Converter for Elementor, Gutenberg and Bricks
- Plugin Slug:
- uichemy
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.3
- Severity Score:
- Medium
- CVE:
- 2025-69362
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.7
- Severity Score:
- Medium
- CVE:
- 2025-12641
Poll, Survey & Quiz Maker Plugin by Opinion Stage
- Plugin Slug:
- social-polls-by-opinionstage
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 19.6.25
- Severity Score:
- High
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
- Plugin Slug:
- responsive-addons-for-elementor
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.9
- Severity Score:
- Medium
- CVE:
- 2025-69363
Tickera – Sell Tickets & Manage Events
- Plugin Slug:
- tickera-event-ticketing-system
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.6.3
- Severity Score:
- Medium
- CVE:
- 2025-67939
Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments
- Plugin Slug:
- wallet-system-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.3
- Severity Score:
- Medium
- CVE:
- 2025-14450
GDPR CCPA Compliance & Cookie Consent Banner
- Plugin Slug:
- ninja-gdpr-compliance
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.5
- Severity Score:
- Medium
- CVE:
- 2025-68073
Quick Contact Form
- Plugin:
- Quick Contact Form
- Plugin Slug:
- quick-contact-form
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.2.7
- Severity Score:
- Medium
- CVE:
- 2025-12718
Team Section Block – Showcase Team Members with Layout Options
- Plugin Slug:
- team-section
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.1
- Severity Score:
- Medium
- CVE:
- 2026-0833
Peach Payments Gateway
- Plugin:
- Peach Payments Gateway
- Plugin Slug:
- wc-peach-payments-gateway
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.7
- Severity Score:
- Medium
- CVE:
- 2025-67942
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 900+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 5.0.29
- Severity Score:
- Medium
- CVE:
- 2026-0682
CM E-Mail Blacklist – Simple email filtering for safer registration
- Plugin Slug:
- cm-email-blacklist
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.3
- Severity Score:
- Medium
- CVE:
- 2026-0691
onepay Payment Gateway For WooCommerce
- Plugin Slug:
- onepay-payment-gateway-for-woocommerce
- Installations
- 900+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2025-68016
Filr – Secure document library
- Plugin:
- Filr – Secure document library
- Plugin Slug:
- filr-protection
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.12
- Severity Score:
- Medium
- CVE:
- 2025-14632
Broadstreet
- Plugin:
- Broadstreet
- Plugin Slug:
- broadstreet
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.52.2
- Severity Score:
- High
- CVE:
- 2025-69311
My auctions allegro
- Plugin:
- My auctions allegro
- Plugin Slug:
- my-auctions-allegro-free-edition
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.33
- Severity Score:
- High
- CVE:
- 2025-67943
Spin Wheel – Interactive spinning wheel that offers coupons
- Plugin Slug:
- spin-wheel
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.1
- Severity Score:
- Medium
- CVE:
- 2026-0808
g-FFL Checkout
- Plugin:
- g-FFL Checkout
- Plugin Slug:
- g-ffl-checkout
- Installations
- 500+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.1.1
- Severity Score:
- Critical
- CVE:
- 2025-68001
User Registration Using Contact Form 7
- Plugin Slug:
- user-registration-using-contact-form-7
- Installations
- 500+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6
- Severity Score:
- Medium
- CVE:
- 2025-12825
RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress
- Plugin Slug:
- computer-repair-shop
- Installations
- 400+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 4.1121
- Severity Score:
- Medium
- CVE:
- 2026-0820
PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net)
- Plugin Slug:
- peachpay-for-woocommerce
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.119.9
- Severity Score:
- Medium
- CVE:
- 2025-14978
Phrase TMS Integration for WordPress
- Plugin Slug:
- memsource-connector
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.7.6
- Severity Score:
- Medium
- CVE:
- 2025-12168
Thim Blocks
- Plugin:
- Thim Blocks
- Plugin Slug:
- thim-blocks
- Installations
- 300+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2025-13725
PAYGENT for WooCommerce
- Plugin:
- PAYGENT for WooCommerce
- Plugin Slug:
- woocommerce-for-paygent-payment-main
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2025-14078
Integrate Dynamics 365 CRM
- Plugin:
- Integrate Dynamics 365 CRM
- Plugin Slug:
- integrate-dynamics-365-crm
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.2
- Severity Score:
- Medium
- CVE:
- 2026-0725
Community Events
- Plugin:
- Community Events
- Plugin Slug:
- community-events
- Installations
- 30+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.7
- Severity Score:
- Medium
- CVE:
- 2025-14029
CP Image Store with Slideshow
- Plugin:
- CP Image Store with Slideshow
- Plugin Slug:
- cp-image-store
- Installations
- 10+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2026-0684
YouTube Feed Pro
- Plugin:
- YouTube Feed Pro
- Plugin Slug:
- youtube-feed-pro
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.6.1
- Severity Score:
- High
- CVE:
- 2025-12002
WordPress Themes — 5 Patched / 38 Unpatched
Blogistic
- Theme:
- Blogistic
- Theme Slug:
- blogistic
- Downloads
- 6,185
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-68909
Blogzee
- Theme:
- Blogzee
- Theme Slug:
- blogzee
- Downloads
- 6,598
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-68910
Solace
- Theme:
- Solace
- Theme Slug:
- solace
- Downloads
- 45,016
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-68911
Anon
- Theme:
- Anon
- Theme Slug:
- anon2x
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-67620
Anona
- Theme:
- Anona
- Theme Slug:
- anona
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68903
Anona
- Theme:
- Anona
- Theme Slug:
- anona
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68902
Anona
- Theme:
- Anona
- Theme Slug:
- anona
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68901
Auto Repair
- Theme:
- Auto Repair
- Theme Slug:
- auto-repair
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22328
AutoParts
- Theme:
- AutoParts
- Theme Slug:
- autoparts
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22331
Bajaar – Highly Customizable WooCommerce WordPress Theme
- Theme:
- Bajaar – Highly Customizable WooCommerce WordPress Theme
- Theme Slug:
- bajaar
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69004
Barberry
- Theme:
- Barberry
- Theme Slug:
- barberry
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68908
Brookside
- Theme:
- Brookside
- Theme Slug:
- brookside
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-67618
Consult Aid
- Theme:
- Consult Aid
- Theme Slug:
- consultaid
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-67617
Dreamer Blog
- Theme:
- Dreamer Blog
- Theme Slug:
- dreamer-blog
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10915
Drone
- Theme:
- Drone
- Theme Slug:
- drone
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49249
Electron
- Theme:
- Electron
- Theme Slug:
- electron
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5805
Hostme v2
- Theme:
- Hostme v2
- Theme Slug:
- hostmev2
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68907
Kids Heaven
- Theme:
- Kids Heaven
- Theme Slug:
- kids-world
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-67619
Melania
- Theme:
- Melania
- Theme Slug:
- melania
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22324
Mella
- Theme:
- Mella
- Theme Slug:
- mella
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-67616
Miion
- Theme:
- Miion
- Theme Slug:
- miion
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-68986
Miion
- Theme:
- Miion
- Theme Slug:
- miion
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68913
Myour
- Theme:
- Myour
- Theme Slug:
- myour
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-67615
North
- Theme:
- North
- Theme Slug:
- north-wp
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69100
North
- Theme:
- North
- Theme Slug:
- north-wp
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69099
OneLife
- Theme:
- OneLife
- Theme Slug:
- onelife
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69002
Promo
- Theme:
- Promo
- Theme Slug:
- promo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22325
KenthaRadio
- Theme:
- KenthaRadio
- Theme Slug:
- qt-kentharadio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69003
Reprizo
- Theme:
- Reprizo
- Theme Slug:
- reprizo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22326
Restaurt
- Theme:
- Restaurt
- Theme Slug:
- restaurt
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22327
Right Way
- Theme:
- Right Way
- Theme Slug:
- rightway
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22330
Search & Go
- Theme:
- Search & Go
- Theme Slug:
- search-and-go
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69005
Skillate
- Theme:
- Skillate
- Theme Slug:
- skillate
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22329
TheNa
- Theme:
- TheNa
- Theme Slug:
- thena
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-67614
Vivagh
- Theme:
- Vivagh
- Theme Slug:
- vivagh
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68899
xSmart
- Theme:
- xSmart
- Theme Slug:
- xsmart
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-54002
xSmart
- Theme:
- xSmart
- Theme Slug:
- xsmart
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-50007
xSmart
- Theme:
- xSmart
- Theme Slug:
- xsmart
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-50006
Biagiotti
- Theme:
- Biagiotti
- Theme Slug:
- biagiotti
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.5.2
- Severity Score:
- High
- CVE:
- 2025-67938
Kalium
- Theme:
- Kalium
- Theme Slug:
- kalium
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.30
- Severity Score:
- Medium
- CVE:
- 2025-12895
Powerlift
- Theme:
- Powerlift
- Theme Slug:
- powerlift
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.2.1
- Severity Score:
- High
- CVE:
- 2025-67940
The Aisle
- Theme:
- The Aisle
- Theme Slug:
- theaisle
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.9.1
- Severity Score:
- High
- CVE:
- 2025-67941
Werkstatt
- Theme:
- Werkstatt
- Theme Slug:
- werkstatt
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.8.3
- Severity Score:
- High
- CVE:
- 2025-69314
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
