WordPress Vulnerability Report — February 11, 2026

Since last week, 467 new vulnerabilities have emerged in the WordPress ecosystem, including 448 plugins and 19 themes. Of those, 81 remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Feb 11, 2026

Filed Under:WordPress Vulnerability Report

Reading Time:88 min.

In this report, 467 vulnerabilities have been publicly disclosed. Security patches for 386 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Currently, 81 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 372 Patched / 76 Unpatched

2.1 Bold Page Builder
2.2 Bold Page Builder
2.3 Bold Page Builder
2.4 Bold Page Builder
2.5 SportsPress – Sports Club & League Manager
2.6 AWCA – The Great Analytics Insights for Your eStore
2.7 Advanced Country Blocker
2.8 Plugin BlueX for WooCommerce
2.9 Cliengo – Chatbot
2.10 GA4WP – Analytics Dashboard for the Website
2.11 Addonify – Compare Products For WooCommerce
2.12 Addonify Floating Cart For WooCommerce
2.13 Addonify – WooCommerce Wishlist
2.14 TopperPack – Complete Elementor Addons, Theme & CPT Builder
2.15 WP Duplicate – WordPress Migration Plugin
2.16 Contact Manager
2.17 Court Reservation – Manage Your Court Bookings Online
2.18 RVCFDI para Woocommerce
2.19 Simple Retail Menus
2.20 iContact for Gravity Forms
2.21 Optimize More! – Images
2.22 WPshop 2 – E-Commerce
2.23 All push notification for WP
2.24 Bulk Edit Post Titles
2.25 Buy one click WooCommerce
2.26 Buy one click WooCommerce
2.27 Catch Popup
2.28 Chapa Payment Gateway Plugin for WooCommerce
2.29 Code Explorer
2.30 CommentTweets
2.31 Eleblog – Elementor Blog And Magazine Addons
2.32 Elegant Addons for elementor
2.33 Extended Random Number Generator
2.34 Font Farsi
2.35 Fortis for WooCommerce
2.36 Image Hover Effects – Caption Hover with Carousel
2.37 Infility Global
2.38 Login Logout Register Menu
2.39 SEO Flow by LupsOnline
2.40 Magic Import Document Extractor
2.41 Magic Import Document Extractor
2.42 Newsletter Popup
2.43 Okay Toolkit
2.44 OMIGO
2.45 Product Filter for WooCommerce
2.46 Redirects
2.47 SIBS woocommerce payment gateway
2.48 Simple Bible Verse via Shortcode
2.49 Smart PopUp Blaster
2.50 SP Project & Document Manager
2.51 Store Locator
2.52 SVS Pricing Tables
2.53 Portfolio Builder
2.54 Tabs Maker
2.55 Testimonials Widget
2.56 The Bucketlister
2.57 The Bucketlister
2.58 Themesflat Elementor
2.59 Timeline Event History
2.60 TITLE ANIMATOR
2.61 WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
2.62 UserPlus
2.63 Video Onclick
2.64 WebPurify Profanity Filter
2.65 Wikiloops Track Player
2.66 Wonka Slide
2.67 Woo File Dropzone
2.68 Xendit Payment
2.69 WooCommerce Bulk Product Editor
2.70 MyRewards
2.71 WP Content Permission
2.72 WP-Revive Adserver
2.73 Upload Files Anywhere
2.74 Upload Files Anywhere
2.75 User Extra Fields
2.76 User Extra Fields
2.77 Yoast SEO – Advanced SEO with real-time guidance and built-in AI
2.78 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.79 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.80 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.81 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.82 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.83 Code Snippets
2.84 Spectra Gutenberg Blocks – Website Builder for the Block Editor
2.85 Spectra Gutenberg Blocks – Website Builder for the Block Editor
2.86 Premium Addons for Elementor – Powerful Elementor Templates & Widgets
2.87 Premium Addons for Elementor – Powerful Elementor Templates & Widgets
2.88 Premium Addons for Elementor – Powerful Elementor Templates & Widgets
2.89 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
2.90 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
2.91 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.92 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.93 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.94 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.95 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.96 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.97 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.98 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.99 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.100 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.101 Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more
2.102 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
2.103 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
2.104 Happy Addons for Elementor
2.105 Happy Addons for Elementor
2.106 Happy Addons for Elementor
2.107 Happy Addons for Elementor
2.108 Happy Addons for Elementor
2.109 Happy Addons for Elementor
2.110 Happy Addons for Elementor
2.111 Happy Addons for Elementor
2.112 Happy Addons for Elementor
2.113 Happy Addons for Elementor
2.114 Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
2.115 Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
2.116 Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
2.117 Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App
2.118 ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
2.119 Unlimited Elements For Elementor
2.120 Unlimited Elements For Elementor
2.121 SEOPress – On-site SEO & Analytics
2.122 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
2.123 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
2.124 FileOrganizer – WordPress File Manager
2.125 Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer
2.126 Element Pack Addons for Elementor
2.127 Element Pack Addons for Elementor
2.128 Element Pack Addons for Elementor
2.129 Element Pack Addons for Elementor
2.130 Element Pack Addons for Elementor
2.131 Prime Slider – Addons for Elementor
2.132 Beaver Builder Page Builder – Drag and Drop Website Builder
2.133 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
2.134 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
2.135 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
2.136 Gallery by FooGallery
2.137 GiveWP – Donation Plugin and Fundraising Platform
2.138 LatePoint – Calendar Booking Plugin for Appointments and Events
2.139 Menu Icons by ThemeIsle
2.140 Modula Image Gallery – Photo Grid & Video Gallery
2.141 WebSub (FKA. PubSubHubbub)
2.142 Relevanssi – A Better Search
2.143 Relevanssi – A Better Search
2.144 Robin Image Optimizer – Unlimited Image Optimization & WebP Converter
2.145 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.146 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.147 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.148 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.149 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.150 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.151 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.152 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.153 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.154 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.155 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
2.156 Tutor LMS – eLearning and online course solution
2.157 Tutor LMS – eLearning and online course solution
2.158 WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets
2.159 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.160 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.161 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.162 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.163 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.164 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.165 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.166 Shortcodes and extra features for Phlox theme
2.167 Shortcodes and extra features for Phlox theme
2.168 Shortcodes and extra features for Phlox theme
2.169 Shortcodes and extra features for Phlox theme
2.170 Shortcodes and extra features for Phlox theme
2.171 Shortcodes and extra features for Phlox theme
2.172 Shortcodes and extra features for Phlox theme
2.173 Colibri Page Builder
2.174 Colibri Page Builder
2.175 ShopLentor – All-in-One WooCommerce Builder Solution for Elementor & Gutenberg
2.176 HT Mega – Absolute Addons For Elementor
2.177 HT Mega – Absolute Addons For Elementor
2.178 HT Mega – Absolute Addons For Elementor
2.179 HT Mega – Absolute Addons For Elementor
2.180 Import and export users and customers
2.181 Advanced Contact form 7 DB
2.182 Brizy – Page Builder
2.183 Brizy – Page Builder
2.184 Brizy – Page Builder
2.185 Brizy – Page Builder
2.186 WP ULike – Like & Dislike Buttons for Engagement and Feedback
2.187 Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
2.188 Exclusive Addons for Elementor
2.189 Exclusive Addons for Elementor
2.190 Greenshift – animation and page builder blocks
2.191 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
2.192 Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
2.193 Bold Page Builder
2.194 Getwid – Gutenberg Blocks
2.195 ?????? ????? ??????? Persian WooCommerce SMS
2.196 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
2.197 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
2.198 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
2.199 Sina Extension for Elementor
2.200 Themesflat Addons For Elementor
2.201 Themesflat Addons For Elementor
2.202 Themesflat Addons For Elementor
2.203 Themesflat Addons For Elementor
2.204 Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
2.205 WP Recipe Maker
2.206 WP Recipe Maker
2.207 Livemesh Addons by Elementor
2.208 Livemesh Addons by Elementor
2.209 Livemesh Addons by Elementor
2.210 Livemesh Addons by Elementor
2.211 Livemesh Addons by Elementor
2.212 Livemesh Addons by Elementor
2.213 Livemesh Addons by Elementor
2.214 Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress
2.215 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
2.216 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.217 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.218 SEO Plugin by Squirrly SEO
2.219 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
2.220 ACF Quick Edit Fields
2.221 Piotnet Addons For Elementor
2.222 Post Grid
2.223 Post Grid
2.224 Hubbub Lite – Fast, free social sharing and follow buttons
2.225 ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
2.226 Tutor LMS Elementor Addons
2.227 Tutor LMS Elementor Addons
2.228 Print Invoice & Delivery Notes for WooCommerce
2.229 All-in-One Video Gallery
2.230 Subscribe2 – Form, Email Subscribers & Newsletters
2.231 The Events Calendar Shortcode & Block
2.232 The Events Calendar Shortcode & Block
2.233 Ultimate Addons for Beaver Builder – Lite
2.234 Ultimate Addons for Beaver Builder – Lite
2.235 Ultimate Addons for Beaver Builder – Lite
2.236 Ultimate Addons for Beaver Builder – Lite
2.237 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
2.238 WCFM Marketplace – Multivendor Marketplace for WooCommerce
2.239 Frontend Admin by DynamiApps
2.240 Frontend Admin by DynamiApps
2.241 BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor
2.242 Content Blocks (Custom Post Widget)
2.243 WP Customer Area
2.244 Essential Widgets
2.245 LA-Studio Element Kit for Elementor
2.246 Child Theme Creator by Orbisius
2.247 OSM – OpenStreetMap
2.248 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
2.249 SupportCandy – Helpdesk & Customer Support Ticket System
2.250 Testimonial Carousel For Elementor
2.251 Ultimate Maps by Supsystic
2.252 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace
2.253 Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
2.254 Ultimate Coming Soon & Maintenance
2.255 Ultimate Coming Soon & Maintenance
2.256 GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync)
2.257 NEX-Forms – Ultimate Forms Plugin for WordPress
2.258 NEX-Forms – Ultimate Forms Plugin for WordPress
2.259 NEX-Forms – Ultimate Forms Plugin for WordPress
2.260 NEX-Forms – Ultimate Forms Plugin for WordPress
2.261 WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
2.262 WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
2.263 WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
2.264 WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
2.265 WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
2.266 WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
2.267 WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
2.268 Awesome Support – WordPress HelpDesk & Support Plugin
2.269 EventPrime – Events Calendar, Bookings and Tickets
2.270 EventPrime – Events Calendar, Bookings and Tickets
2.271 EventPrime – Events Calendar, Bookings and Tickets
2.272 LottieFiles
2.273 OAuth Single Sign On – SSO (OAuth Client)
2.274 Schema App Structured Data
2.275 Schema App Structured Data
2.276 YayCurrency – WooCommerce Multi-Currency Switcher
2.277 WPBot – AI ChatBot for Live Support, Lead Generation, AI Services
2.278 WPBot – AI ChatBot for Live Support, Lead Generation, AI Services
2.279 ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support
2.280 Export Media URLs
2.281 Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
2.282 ProfileGrid – User Profiles, Groups and Communities
2.283 ProfileGrid – User Profiles, Groups and Communities
2.284 Contact Form 7 Connector
2.285 easy.jobs – AI powered Job Listing, Job Board, Career Page, Recruitment & Hiring Solution
2.286 Shortcodes for Elementor
2.287 Simple File List
2.288 Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor
2.289 ElementInvader Addons for Elementor
2.290 ElementInvader Addons for Elementor
2.291 HelloAsso
2.292 Snippet Shortcodes
2.293 Payment Button for PayPal
2.294 WPZOOM Addons for Beaver Builder
2.295 WPZOOM Addons for Beaver Builder
2.296 WPZOOM Addons for Beaver Builder
2.297 WPZOOM Addons for Beaver Builder
2.298 Classic Addons – WPBakery Page Builder
2.299 Product Enquiry for WooCommerce
2.300 Salon Booking System – Free Version
2.301 Tickera – Sell Tickets & Manage Events
2.302 Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)
2.303 WP-WebAuthn
2.304 WPB Addons for Elementor – News Ticker, Timeline, Team, Services, Testimonials, and Much More
2.305 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
2.306 GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets
2.307 PeproDev WooCommerce Receipt Uploader
2.308 PDF Builder for WooCommerce. Create invoices,packing slips and more
2.309 WPBITS Addons For Elementor Page Builder
2.310 Visual Feedback, Review & AI Collaboration Tool For WordPress – Atarim
2.311 Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating
2.312 Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
2.313 Categorify – WordPress Media Library Category & File Manager
2.314 Categorify – WordPress Media Library Category & File Manager
2.315 Categorify – WordPress Media Library Category & File Manager
2.316 Categorify – WordPress Media Library Category & File Manager
2.317 Categorify – WordPress Media Library Category & File Manager
2.318 Categorify – WordPress Media Library Category & File Manager
2.319 Categorify – WordPress Media Library Category & File Manager
2.320 Categorify – WordPress Media Library Category & File Manager
2.321 Geo Controller
2.322 Message Filter for Contact Form 7
2.323 Smart Online Order for Clover
2.324 Web3 Crypto Payments by DePay for WooCommerce
2.325 Enter Addons – Ultimate Template Builder for Elementor
2.326 Enter Addons – Ultimate Template Builder for Elementor
2.327 Flamix: Bitrix24 and Contact Form 7 integrations
2.328 Gestpay for WooCommerce
2.329 Gestpay for WooCommerce
2.330 Connector Wizard (formerly LC Wizard)
2.331 Keap Official Opt-in Forms
2.332 PDF Generator for WordPress Elementor
2.333 Simple Popup Plugin
2.334 Squelch Tabs and Accordions Shortcodes
2.335 Tutor LMS – Migration Tool
2.336 Vayu Blocks – Website Builder for the Block Editor
2.337 Views for WPForms – Display & Edit WPForms Entries on your site frontend
2.338 Views for WPForms – Display & Edit WPForms Entries on your site frontend
2.339 Views for WPForms – Display & Edit WPForms Entries on your site frontend
2.340 Views for WPForms – Display & Edit WPForms Entries on your site frontend
2.341 WP AdCenter – Ad Manager & Adsense Ads
2.342 Zephyr Project Manager
2.343 Checkout Gateway for IRIS
2.344 Ebook Store
2.345 ForumWP – Forum & Discussion Board
2.346 IdeaPush
2.347 Koalendar – Easy Appointment Scheduling & Booking Plugin
2.348 Confetti Fall Animation
2.349 Integrate Firebase
2.350 PowerBI Embed Reports
2.351 GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress
2.352 Sync Master Sheet – Product Sync with Google Sheet for WooCommerce
2.353 WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
2.354 Dynamic Widget Content
2.355 Library Viewer
2.356 SmartAgenda – Prise de rendez-vous en ligne
2.357 WaveSurfer-WP
2.358 JSM file_get_contents() Shortcode
2.359 WP Mailster
2.360 ELEX WordPress HelpDesk & Customer Ticketing System
2.361 Awesome FAQ – Modern Accordion, Tabs,Responsive & Super Fast FAQ Builder.
2.362 GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more
2.363 Accept Stripe Payments Using Contact Form 7
2.364 Arena.IM – Live Blogging for real-time events
2.365 Bukza
2.366 Eveeno
2.367 All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink
2.368 OS DataHub Maps
2.369 Password for WP
2.370 Plezi
2.371 WP GeoNames
2.372 Add infos to The Events Calendar
2.373 Run Contests, Raffles, and Giveaways with ContestsWP
2.374 IMS Countdown
2.375 Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms
2.376 My IDX Home Search
2.377 Primer MyData for Woocommerce
2.378 Sigmize: A/B Testing, Session Recordings, Heatmaps & Revenue Tracking for WooCommerce, SureCart & EDD
2.379 WP To Do
2.380 WP To Do
2.381 WP To Do
2.382 GMap Targeting – Simple Targeting Inside Google Maps
2.383 ONLYOFFICE DocSpace
2.384 Pdf & Print to Post – Custom Post Type and Pages
2.385 Ganohrs Toggle Shortcode
2.386 Events Listing Widget
2.387 GeoDataSource Country Region DropDown
2.388 NPS computy
2.389 Social Media Shortcodes
2.390 Employee Directory – Staff Directory and Listing
2.391 Sell BTC – Cryptocurrency Selling Calculator
2.392 Docus – YouTube Video Playlist
2.393 Orange Comfort+ accessibility toolbar for WordPress
2.394 Peter’s Date Countdown
2.395 WP FOFT Loader
2.396 Aiomatic
2.397 ARMember Premium
2.398 Bit Form
2.399 bodi0’s Easy Cache
2.400 Bridge Core
2.401 EventON-RSVP
2.402 Fluent Forms Pro Add On Pack
2.403 Integrate Google Drive
2.404 WPBakery Page Builder
2.405 WPBakery Page Builder
2.406 WPBakery Page Builder
2.407 Paid Memberships Pro
2.408 Community by PeepSo
2.409 Community by PeepSo
2.410 Porto Theme – Functionality
2.411 Premium Addons PRO
2.412 Premium Addons PRO
2.413 Premium Addons PRO
2.414 Premium Addons PRO
2.415 Premium Addons PRO
2.416 Reflector
2.417 Relevanssi Premium
2.418 Relevanssi Premium
2.419 Slider Revolution
2.420 Slider Revolution
2.421 Salient Core
2.422 Salient Shortcodes
2.423 Salient Shortcodes
2.424 School Management
2.425 Simple Locator
2.426 Smart Appointment & Booking
2.427 Ultimate Addons for WPBakery Page Builder
2.428 Ultimate Addons for WPBakery Page Builder
2.429 Ultimate Addons for WPBakery Page Builder
2.430 Ultimate Addons for WPBakery Page Builder
2.431 Whizz Plugins
2.432 WooCommerce Social Login
2.433 WooCommerce Social Login
2.434 WooCommerce Social Login
2.435 WooCommerce PDF Vouchers
2.436 WooCommerce Support Ticket System
2.437 Affiliate Manager
2.438 Affiliate Manager
2.439 Affiliate Manager
2.440 Affiliate Manager
2.441 WP eStore
2.442 WP eStore
2.443 WP eStore
2.444 WP eStore
2.445 WP eMember
2.446 WP eMember
2.447 User Extra Fields
2.448 WPB Show Core

3. WordPress Themes — 14 Patched / 5 Unpatched

3.1 WordPress Dating Theme
3.2 Cartify – WooCommerce Gutenberg WordPress Theme
3.3 Meris
3.4 SevenHills
3.5 VidoRev
3.6 Royal Elementor Kit
3.7 Besa
3.8 CozyStay
3.9 Golo
3.10 Golo
3.11 Grand Conference
3.12 Hara
3.13 Nestin
3.14 PatioTime
3.15 PatioTime
3.16 PhotoMe
3.17 Travelicious
3.18 Unicamp
3.19 Urna

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.9.1 was released on February 3, 2026, as a short-cycle maintenance update, addressing 49 bugs across WordPress Core and the Block Editor, including fixes affecting the editor, mail functionality, and classic themes. Sites with automatic background updates may already be updated. We recommend reviewing the details and updating as part of your regular maintenance cycle.

The next major WordPress release, version 7.0, is scheduled for April 9, 2026, during WordCamp Asia.

WordPress Plugins — 372 Patched / 76 Unpatched

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12159

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13463

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15267

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12803

Plugin:: SportsPress – Sports Club & League Manager
Plugin Slug:: sportspress
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-15368

Plugin:: AWCA – The Great Analytics Insights for Your eStore
Plugin Slug:: advance-wc-analytics
Installations: 3,000+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68032

Plugin:: Advanced Country Blocker
Plugin Slug:: advanced-country-blocker
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1675

Plugin:: Plugin BlueX for WooCommerce
Plugin Slug:: bluex-for-woocommerce
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68022

Plugin:: Cliengo – Chatbot
Plugin Slug:: cliengo
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-69388

Plugin:: GA4WP – Analytics Dashboard for the Website
Plugin Slug:: ga-for-wp
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68028

Plugin:: Addonify – Compare Products For WooCommerce
Plugin Slug:: addonify-compare-products
Installations: 1,000+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68023

Plugin:: Addonify Floating Cart For WooCommerce
Plugin Slug:: addonify-floating-cart
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68025

Plugin:: Addonify – WooCommerce Wishlist
Plugin Slug:: addonify-wishlist
Installations: 1,000+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68024

Plugin:: TopperPack – Complete Elementor Addons, Theme & CPT Builder
Plugin Slug:: topper-pack
Installations: 300+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68841

Plugin:: WP Duplicate – WordPress Migration Plugin
Plugin Slug:: local-sync
Installations: 200+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-1499

Plugin:: Contact Manager
Plugin Slug:: contact-manager
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68853

Plugin:: Court Reservation – Manage Your Court Bookings Online
Plugin Slug:: court-reservation
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68852

Plugin:: RVCFDI para Woocommerce
Plugin Slug:: rvcfdi-para-woocommerce
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69386

Plugin:: Simple Retail Menus
Plugin Slug:: simple-retail-menus
Installations: 90+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69387

Plugin:: iContact for Gravity Forms
Plugin Slug:: gravity-forms-icontact
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68863

Plugin:: Optimize More! – Images
Plugin Slug:: optimize-more-images
Installations: 80+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-67624

Plugin:: WPshop 2 – E-Commerce
Plugin Slug:: wpshop
Installations: 70+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69383

Plugin:: All push notification for WP
Plugin Slug:: all-push-notification
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-0816

Plugin:: Bulk Edit Post Titles
Plugin Slug:: bulk-edit-post-titles
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0369

Plugin:: Buy one click WooCommerce
Plugin Slug:: buy-one-click-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10853

Plugin:: Buy one click WooCommerce
Plugin Slug:: buy-one-click-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10854

Plugin:: Catch Popup
Plugin Slug:: catch-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11427

Plugin:: Chapa Payment Gateway Plugin for WooCommerce
Plugin Slug:: chapa-payment-gateway-for-woocommerce
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15482

Plugin:: Code Explorer
Plugin Slug:: code-explorer
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15487

Plugin:: CommentTweets
Plugin Slug:: commenttweets
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6845

Plugin:: Eleblog – Elementor Blog And Magazine Addons
Plugin Slug:: ele-blog
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69374

Plugin:: Elegant Addons for elementor
Plugin Slug:: elegant-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5092

Plugin:: Extended Random Number Generator
Plugin Slug:: extended-random-number-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0681

Plugin:: Font Farsi
Plugin Slug:: font-farsi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2657

Plugin:: Fortis for WooCommerce
Plugin Slug:: fortis-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0679

Plugin:: Image Hover Effects – Caption Hover with Carousel
Plugin Slug:: image-hover-effects-with-carousel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5001

Plugin:: Infility Global
Plugin Slug:: infility-global
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-15268

Plugin:: Login Logout Register Menu
Plugin Slug:: login-logout-register-menu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3726

Plugin:: SEO Flow by LupsOnline
Plugin Slug:: lupsonline-link-netwerk
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-15285

Plugin:: Magic Import Document Extractor
Plugin Slug:: magic-import-document-extractor
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15508

Plugin:: Magic Import Document Extractor
Plugin Slug:: magic-import-document-extractor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15507

Plugin:: Newsletter Popup
Plugin Slug:: newsletter-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3641

Plugin:: Okay Toolkit
Plugin Slug:: okay-toolkit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68851

Plugin:: OMIGO
Plugin Slug:: omigo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1573

Plugin:: Product Filter for WooCommerce
Plugin Slug:: prdctfltr
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69378

Plugin:: Redirects
Plugin Slug:: redirects
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1566

Plugin:: SIBS woocommerce payment gateway
Plugin Slug:: sibs-woocommerce
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1370

Plugin:: Simple Bible Verse via Shortcode
Plugin Slug:: simple-bible-verse-via-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1570

Plugin:: Smart PopUp Blaster
Plugin Slug:: smart-popup-blaster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12458

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3749

Plugin:: Store Locator
Plugin Slug:: store-locator
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12571

Plugin:: SVS Pricing Tables
Plugin Slug:: svs-pricing-tables
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2960

Plugin:: Portfolio Builder
Plugin Slug:: swp-portfolio
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69375

Plugin:: Tabs Maker
Plugin Slug:: tabs-maker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11865

Plugin:: Testimonials Widget
Plugin Slug:: testimonials-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4705

Plugin:: The Bucketlister
Plugin Slug:: the-bucketlister
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15476

Plugin:: The Bucketlister
Plugin Slug:: the-bucketlister
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-15477

Plugin:: Themesflat Elementor
Plugin Slug:: themesflat-elementor
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69382

Plugin:: Timeline Event History
Plugin Slug:: timeline-event-history
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69384

Plugin:: TITLE ANIMATOR
Plugin Slug:: title-animator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1082

Plugin:: WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
Plugin Slug:: tripetto
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10260

Plugin:: UserPlus
Plugin Slug:: userplus
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9520

Plugin:: Video Onclick
Plugin Slug:: video-onclick
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1608

Plugin:: WebPurify Profanity Filter
Plugin Slug:: webpurifytextreplace
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0572

Plugin:: Wikiloops Track Player
Plugin Slug:: wikiloops-track-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1611

Plugin:: Wonka Slide
Plugin Slug:: wonka-slide
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1613

Plugin:: Woo File Dropzone
Plugin Slug:: woo-file-dropzone
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68862

Plugin:: Xendit Payment
Plugin Slug:: woo-xendit-virtual-accounts
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14461

Plugin:: WooCommerce Bulk Product Editor
Plugin Slug:: woocommerce-quick-product-editor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69381

Plugin:: MyRewards
Plugin Slug:: woorewards
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15260

Plugin:: WP Content Permission
Plugin Slug:: wp-content-permission
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0743

Plugin:: WP-Revive Adserver
Plugin Slug:: wp-revive-adserver
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12461

Plugin:: Upload Files Anywhere
Plugin Slug:: wp-upload-files-anywhere
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69380

Plugin:: Upload Files Anywhere
Plugin Slug:: wp-upload-files-anywhere
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69379

Plugin:: User Extra Fields
Plugin Slug:: wp-user-extra-fields
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69377

Plugin:: User Extra Fields
Plugin Slug:: wp-user-extra-fields
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69376

Plugin:: Yoast SEO – Advanced SEO with real-time guidance and built-in AI
Plugin Slug:: wordpress-seo
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 26.9
Severity Score:: Medium
CVE:: 2026-1293

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.12
Severity Score:: Medium
CVE:: 2024-2650

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.16
Severity Score:: Medium
CVE:: 2024-3728

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.20
Severity Score:: Medium
CVE:: 2024-4448

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.20
Severity Score:: Medium
CVE:: 2024-4449

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-8742

Plugin:: Code Snippets
Plugin Slug:: code-snippets
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.9.5
Severity Score:: Medium
CVE:: 2026-1785

Plugin:: Spectra Gutenberg Blocks – Website Builder for the Block Editor
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.19.18
Severity Score:: Medium
CVE:: 2026-0950

Plugin:: Spectra Gutenberg Blocks – Website Builder for the Block Editor
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.9
Severity Score:: Medium
CVE:: 2024-1815

Plugin:: Premium Addons for Elementor – Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.29
Severity Score:: Medium
CVE:: 2024-3647

Plugin:: Premium Addons for Elementor – Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.32
Severity Score:: Medium
CVE:: 2024-4376

Plugin:: Premium Addons for Elementor – Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.32
Severity Score:: Medium
CVE:: 2024-4379

Plugin:: Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-6518

Plugin:: Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-6521

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0516

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0515

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0514

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0513

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-2798

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-2799

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-3889

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.976
Severity Score:: Medium
CVE:: 2024-4087

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-9059

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-9668

Plugin:: Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more
Plugin Slug:: easy-wp-smtp
Installations: 500,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.1
Severity Score:: Low
CVE:: 2024-3073

Plugin:: Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.38
Severity Score:: Medium
CVE:: 2024-4208

Plugin:: Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.37
Severity Score:: Medium
CVE:: 2024-4209

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.20.8
Severity Score:: Medium
CVE:: 2026-1210

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.4
Severity Score:: Medium
CVE:: 2024-1498

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2786

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2787

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2788

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2789

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-3724

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.8
Severity Score:: Medium
CVE:: 2024-4391

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.0
Severity Score:: Medium
CVE:: 2024-5041

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.9
Severity Score:: Medium
CVE:: 2024-5088

Plugin:: Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-0334

Plugin:: Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-3161

Plugin:: Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-3162

Plugin:: Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App
Plugin Slug:: post-smtp
Installations: 300,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.7
Severity Score:: High
CVE:: 2023-6620

Plugin:: ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
Plugin Slug:: shortpixel-image-optimiser
Installations: 300,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 6.4.3
Severity Score:: Medium
CVE:: 2026-1246

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2025-14274

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.113
Severity Score:: Medium
CVE:: 2024-6170

Plugin:: SEOPress – On-site SEO & Analytics
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1134

Plugin:: Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
Plugin Slug:: essential-blocks
Installations: 200,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.4.3
Severity Score:: High
CVE:: 2023-6623

Plugin:: Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
Plugin Slug:: essential-blocks
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.4
Severity Score:: Medium
CVE:: 2024-2255

Plugin:: FileOrganizer – WordPress File Manager
Plugin Slug:: fileorganizer
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.8
Severity Score:: High
CVE:: 2024-5599

Plugin:: Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer
Plugin Slug:: 3d-flipbook-dflip-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.27
Severity Score:: Medium
CVE:: 2024-0895

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.2
Severity Score:: Medium
CVE:: 2024-10310

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-1426

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-1429

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.12
Severity Score:: Medium
CVE:: 2024-5554

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.3
Severity Score:: Medium
CVE:: 2024-9867

Plugin:: Prime Slider – Addons for Elementor
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.2
Severity Score:: Medium
CVE:: 2024-3997

Plugin:: Beaver Builder Page Builder – Drag and Drop Website Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4.3
Severity Score:: Medium
CVE:: 2024-0896

Plugin:: EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.11
Severity Score:: Medium
CVE:: 2024-1565

Plugin:: EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.13
Severity Score:: Medium
CVE:: 2024-2688

Plugin:: EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.15
Severity Score:: Medium
CVE:: 2024-3245

Plugin:: Gallery by FooGallery
Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.15
Severity Score:: Medium
CVE:: 2024-2081

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.14.2
Severity Score:: Critical
CVE:: 2024-5932

Plugin:: LatePoint – Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.6
Severity Score:: High
CVE:: 2026-0617

Plugin:: Menu Icons by ThemeIsle
Plugin Slug:: menu-icons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.13.21
Severity Score:: Medium
CVE:: 2026-1755

Plugin:: Modula Image Gallery – Photo Grid & Video Gallery
Plugin Slug:: modula-best-grid-gallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.13.5
Severity Score:: Medium
CVE:: 2026-23976

Plugin:: WebSub (FKA. PubSubHubbub)
Plugin Slug:: pubsubhubbub
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-0688

Plugin:: Relevanssi – A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.22.0
Severity Score:: Medium
CVE:: 2023-7199

Plugin:: Relevanssi – A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.22.1
Severity Score:: Medium
CVE:: 2024-1380

Plugin:: Robin Image Optimizer – Unlimited Image Optimization & WebP Converter
Plugin Slug:: robin-image-optimizer
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.3
Severity Score:: Medium
CVE:: 2026-1319

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-0445

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.4.2
Severity Score:: High
CVE:: 2024-2210

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.5
Severity Score:: Medium
CVE:: 2024-2784

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-2785

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-3197

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-3199

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.3
Severity Score:: Medium
CVE:: 2024-4484

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.3
Severity Score:: Medium
CVE:: 2024-4485

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-6575

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-5583

Plugin:: Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
Plugin Slug:: themeisle-companion
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.31
Severity Score:: Medium
CVE:: 2024-1497

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.9.6
Severity Score:: High
CVE:: 2026-1375

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.9.6
Severity Score:: Medium
CVE:: 2026-1371

Plugin:: WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets
Plugin Slug:: wp-all-import
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.7.3
Severity Score:: Critical
CVE:: 2023-7082

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13
Severity Score:: Medium
CVE:: 2024-1391

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13
Severity Score:: Medium
CVE:: 2024-1392

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.3
Severity Score:: Medium
CVE:: 2024-2091

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.4
Severity Score:: Medium
CVE:: 2024-2092

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.6
Severity Score:: Medium
CVE:: 2024-4570

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.6
Severity Score:: Medium
CVE:: 2024-4401

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.7
Severity Score:: Medium
CVE:: 2024-7122

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.17.3
Severity Score:: Medium
CVE:: 2024-12588

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1348

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1357

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1396

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1533

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-3341

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.17.1
Severity Score:: Medium
CVE:: 2024-9545

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.274
Severity Score:: Medium
CVE:: 2024-3337

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.277
Severity Score:: Medium
CVE:: 2024-4451

Plugin:: ShopLentor – All-in-One WooCommerce Builder Solution for Elementor & Gutenberg
Plugin Slug:: woolentor-addons
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-1057

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2024-2084

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-3308

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-3989

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.6
Severity Score:: Medium
CVE:: 2024-5173

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.7
Severity Score:: Medium
CVE:: 2024-4734

Plugin:: Advanced Contact form 7 DB
Plugin Slug:: advanced-cf7-db
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.3
Severity Score:: Medium
CVE:: 2024-3723

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.44
Severity Score:: Medium
CVE:: 2024-1164

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.44
Severity Score:: Medium
CVE:: 2024-1161

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.41
Severity Score:: Medium
CVE:: 2024-1293

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.42
Severity Score:: Medium
CVE:: 2024-1940

Plugin:: WP ULike – Like & Dislike Buttons for Engagement and Feedback
Plugin Slug:: wp-ulike
Installations: 70,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.0.0
Severity Score:: Medium
CVE:: 2026-0909

Plugin:: Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.18
Severity Score:: Medium
CVE:: 2024-3626

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.3
Severity Score:: Medium
CVE:: 2024-2503

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.5
Severity Score:: Medium
CVE:: 2024-3985

Plugin:: Greenshift – animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 12.6
Severity Score:: Medium
CVE:: 2026-1927

Plugin:: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Plugin Slug:: post-and-page-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.7
Severity Score:: Medium
CVE:: 2024-6848

Plugin:: Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
Plugin Slug:: ays-popup-box
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.1.2
Severity Score:: Medium
CVE:: 2026-1165

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium
CVE:: 2024-3266

Plugin:: Getwid – Gutenberg Blocks
Plugin Slug:: getwid
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.11
Severity Score:: Medium
CVE:: 2024-6489

Plugin:: ?????? ????? ??????? Persian WooCommerce SMS
Plugin Slug:: persian-woocommerce-sms
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.6
Severity Score:: High
CVE:: 2024-10046

Plugin:: Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Plugin Slug:: popup-builder-block
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2025-14895

Plugin:: Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Plugin Slug:: popup-builder-block
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.1
Severity Score:: High
CVE:: 2025-13192

Plugin:: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.15.2
Severity Score:: Critical
CVE:: 2025-15030

Plugin:: Sina Extension for Elementor
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2024-4333

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-2922

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4458

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4459

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4212

Plugin:: Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-4268

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-0383

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-0381

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1458

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1461

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1464

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1465

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1466

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.4
Severity Score:: Medium
CVE:: 2024-2926

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.4
Severity Score:: Medium
CVE:: 2024-3639

Plugin:: Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress
Plugin Slug:: contact-form-plugin
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.9
Severity Score:: High
CVE:: 2024-2200

Plugin:: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-6691

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.36
Severity Score:: High
CVE:: 2026-1058

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.36
Severity Score:: High
CVE:: 2026-1065

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 12.3.20
Severity Score:: High
CVE:: 2024-6497

Plugin:: Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.3
Severity Score:: High
CVE:: 2024-5326

Plugin:: ACF Quick Edit Fields
Plugin Slug:: acf-quickedit-fields
Installations: 30,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2023-7286

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.29
Severity Score:: Medium
CVE:: 2024-4262

Plugin:: Post Grid
Plugin Slug:: post-grid
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-1988

Plugin:: Post Grid
Plugin Slug:: post-grid
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-4042

Plugin:: Hubbub Lite – Fast, free social sharing and follow buttons
Plugin Slug:: social-pug
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.32.0
Severity Score:: Medium
CVE:: 2023-7154

Plugin:: ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
Plugin Slug:: thirstyaffiliates
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.11.10
Severity Score:: Medium
CVE:: 2026-25024

Plugin:: Tutor LMS Elementor Addons
Plugin Slug:: tutor-lms-elementor-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-10897

Plugin:: Tutor LMS Elementor Addons
Plugin Slug:: tutor-lms-elementor-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-5576

Plugin:: Print Invoice & Delivery Notes for WooCommerce
Plugin Slug:: woocommerce-delivery-notes
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.0
Severity Score:: Medium
CVE:: 2026-24946

Plugin:: All-in-One Video Gallery
Plugin Slug:: all-in-one-video-gallery
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.6.4
Severity Score:: Critical
CVE:: 2025-12957

Plugin:: Subscribe2 – Form, Email Subscribers & Newsletters
Plugin Slug:: subscribe2
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.45
Severity Score:: Medium
CVE:: 2026-24944

Plugin:: The Events Calendar Shortcode & Block
Plugin Slug:: the-events-calendar-shortcode
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2026-1922

Plugin:: The Events Calendar Shortcode & Block
Plugin Slug:: the-events-calendar-shortcode
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.2
Severity Score:: Medium
CVE:: 2026-24988

Plugin:: Ultimate Addons for Beaver Builder – Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2140

Plugin:: Ultimate Addons for Beaver Builder – Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2142

Plugin:: Ultimate Addons for Beaver Builder – Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2143

Plugin:: Ultimate Addons for Beaver Builder – Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2144

Plugin:: WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
Plugin Slug:: wc-frontend-manager
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.7.25
Severity Score:: High
CVE:: 2026-0845

Plugin:: WCFM Marketplace – Multivendor Marketplace for WooCommerce
Plugin Slug:: wc-multivendor-marketplace
Installations: 20,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.7.1
Severity Score:: Medium
CVE:: 2026-1722

Plugin:: Frontend Admin by DynamiApps
Plugin Slug:: acf-frontend-form-element
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.25.1
Severity Score:: High
CVE:: 2024-11720

Plugin:: Frontend Admin by DynamiApps
Plugin Slug:: acf-frontend-form-element
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.25.1
Severity Score:: High
CVE:: 2024-11721

Plugin:: BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor
Plugin Slug:: blockspare
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2024-8325

Plugin:: Content Blocks (Custom Post Widget)
Plugin Slug:: custom-post-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2024-3565

Plugin:: WP Customer Area
Plugin Slug:: customer-area
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.2.1
Severity Score:: Medium
CVE:: 2023-6741

Plugin:: Essential Widgets
Plugin Slug:: essential-widgets
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2026-0867

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.9
Severity Score:: High
CVE:: 2024-5349

Plugin:: Child Theme Creator by Orbisius
Plugin Slug:: orbisius-child-theme-creator
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-12263

Plugin:: OSM – OpenStreetMap
Plugin Slug:: osm
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-3603

Plugin:: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.11.2
Severity Score:: Medium
CVE:: 2024-1389

Plugin:: SupportCandy – Helpdesk & Customer Support Ticket System
Plugin Slug:: supportcandy
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.5
Severity Score:: High
CVE:: 2026-0683

Plugin:: Testimonial Carousel For Elementor
Plugin Slug:: testimonials-carousel-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.2.0
Severity Score:: Medium
CVE:: 2024-4698

Plugin:: Ultimate Maps by Supsystic
Plugin Slug:: ultimate-maps-by-supsystic
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.16
Severity Score:: Medium
CVE:: 2023-6732

Plugin:: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace
Plugin Slug:: wc-multivendor-membership
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.11.9
Severity Score:: Medium
CVE:: 2025-15147

Plugin:: Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.9
Severity Score:: High
CVE:: 2024-7149

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-9705

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-9706

Plugin:: GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync)
Plugin Slug:: gsheetconnector-wpforms
Installations: 8,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 4.0.2
Severity Score:: Critical
CVE:: 2025-67979

Plugin:: NEX-Forms – Ultimate Forms Plugin for WordPress
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.8
Severity Score:: High
CVE:: 2025-69326

Plugin:: NEX-Forms – Ultimate Forms Plugin for WordPress
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.8
Severity Score:: High
CVE:: 2025-69324

Plugin:: NEX-Forms – Ultimate Forms Plugin for WordPress
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.5.7
Severity Score:: Medium
CVE:: 2024-0907

Plugin:: NEX-Forms – Ultimate Forms Plugin for WordPress
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.5.7
Severity Score:: Medium
CVE:: 2024-1129

Plugin:: WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.5
Severity Score:: High
CVE:: 2026-24941

Plugin:: WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.3
Severity Score:: High
CVE:: 2024-11710

Plugin:: WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.3
Severity Score:: Critical
CVE:: 2024-11711

Plugin:: WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2024-11712

Plugin:: WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.3
Severity Score:: High
CVE:: 2024-11713

Plugin:: WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.3
Severity Score:: High
CVE:: 2024-11714

Plugin:: WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2024-11715

Plugin:: Awesome Support – WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.8
Severity Score:: Medium
CVE:: 2024-0596

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.4
Severity Score:: Medium
CVE:: 2024-1125

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.2
Severity Score:: Medium
CVE:: 2024-1127

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium
CVE:: 2024-1321

Plugin:: LottieFiles
Plugin Slug:: lottiefiles
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.0
Severity Score:: High
CVE:: 2025-68043

Plugin:: OAuth Single Sign On – SSO (OAuth Client)
Plugin Slug:: miniorange-login-with-eve-online-google-facebook
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.26.15
Severity Score:: Medium
CVE:: 2025-10753

Plugin:: Schema App Structured Data
Plugin Slug:: schema-app-structured-data-for-schemaorg
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-0893

Plugin:: Schema App Structured Data
Plugin Slug:: schema-app-structured-data-for-schemaorg
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.5
Severity Score:: High
CVE:: 2024-11279

Plugin:: YayCurrency – WooCommerce Multi-Currency Switcher
Plugin Slug:: yaycurrency
Installations: 7,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 3.3.1
Severity Score:: High
CVE:: 2025-67994

Plugin:: WPBot – AI ChatBot for Live Support, Lead Generation, AI Services
Plugin Slug:: chatbot
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.6
Severity Score:: Medium
CVE:: 2024-0453

Plugin:: WPBot – AI ChatBot for Live Support, Lead Generation, AI Services
Plugin Slug:: chatbot
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.6
Severity Score:: Medium
CVE:: 2024-0451

Plugin:: ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support
Plugin Slug:: erp
Installations: 6,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.13.1
Severity Score:: High
CVE:: 2024-0913

Plugin:: Export Media URLs
Plugin Slug:: export-media-urls
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3
Severity Score:: High
CVE:: 2025-68037

Plugin:: Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Plugin Slug:: mail-mint
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.19.3
Severity Score:: High
CVE:: 2026-1447

Plugin:: ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.9.7.3
Severity Score:: Medium
CVE:: 2026-1271

Plugin:: ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.7.3
Severity Score:: Medium
CVE:: 2025-13416

Plugin:: Contact Form 7 Connector
Plugin Slug:: ari-cf7-connector
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: High
CVE:: 2024-0239

Plugin:: easy.jobs – AI powered Job Listing, Job Board, Career Page, Recruitment & Hiring Solution
Plugin Slug:: easyjobs
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2023-6843

Plugin:: Shortcodes for Elementor
Plugin Slug:: shortcode-elementor
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.5
Severity Score:: Medium
CVE:: 2024-10690

Plugin:: Simple File List
Plugin Slug:: simple-file-list
Installations: 5,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 6.1.16
Severity Score:: Medium
CVE:: 2026-24953

Plugin:: Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor
Plugin Slug:: ultimate-store-kit
Installations: 5,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.0.0
Severity Score:: Critical
CVE:: 2024-5335

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-12059

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2026-25028

Plugin:: HelloAsso
Plugin Slug:: helloasso
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.11
Severity Score:: Medium
CVE:: 2024-7605

Plugin:: Snippet Shortcodes
Plugin Slug:: shortcode-variables
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.7
Severity Score:: Medium
CVE:: 2024-12018

Plugin:: Payment Button for PayPal
Plugin Slug:: wp-paypal
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3.42
Severity Score:: Medium
CVE:: 2025-14463

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2181

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2185

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2186

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2187

Plugin:: Classic Addons – WPBakery Page Builder
Plugin Slug:: classic-addons-wpbakery-page-builder-addons
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1
Severity Score:: High
CVE:: 2024-11952

Plugin:: Product Enquiry for WooCommerce
Plugin Slug:: gm-woocommerce-quote-popup
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1
Severity Score:: Medium
CVE:: 2023-6626

Plugin:: Salon Booking System – Free Version
Plugin Slug:: salon-booking-system
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.3
Severity Score:: High
CVE:: 2024-2102

Plugin:: Tickera – Sell Tickets & Manage Events
Plugin Slug:: tickera-event-ticketing-system
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.5.4.9
Severity Score:: Medium
CVE:: 2024-12578

Plugin:: Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)
Plugin Slug:: timeline-block-block
Installations: 3,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2026-1228

Plugin:: WP-WebAuthn
Plugin Slug:: wp-webauthn
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-9023

Plugin:: WPB Addons for Elementor – News Ticker, Timeline, Team, Services, Testimonials, and Much More
Plugin Slug:: wpb-elementor-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2024-3063

Plugin:: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
Plugin Slug:: funnelforms-free
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4.1
Severity Score:: Medium
CVE:: 2024-5857

Plugin:: GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets
Plugin Slug:: gs-pinterest-portfolio
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.9
Severity Score:: Medium
CVE:: 2024-11453

Plugin:: PeproDev WooCommerce Receipt Uploader
Plugin Slug:: pepro-bacs-receipt-upload-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: High
CVE:: 2024-8873

Plugin:: PDF Builder for WooCommerce. Create invoices,packing slips and more
Plugin Slug:: woo-pdf-invoice-builder
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.137
Severity Score:: High
CVE:: 2024-11276

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2024-2129

Plugin:: Visual Feedback, Review & AI Collaboration Tool For WordPress – Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.2
Severity Score:: Medium
CVE:: 2025-67993

Plugin:: Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating
Plugin Slug:: authorsy
Installations: 1,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.0.7
Severity Score:: High
CVE:: 2026-24950

Plugin:: Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Plugin Slug:: booking-and-rental-manager-for-woocommerce
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.0
Severity Score:: High
CVE:: 2025-69328

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-0385

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1650

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1652

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1653

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1907

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1909

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1910

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1912

Plugin:: Geo Controller
Plugin Slug:: cf-geoplugin
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 8.7.0
Severity Score:: Medium
CVE:: 2024-7381

Plugin:: Message Filter for Contact Form 7
Plugin Slug:: cf7-message-filter
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.3.1
Severity Score:: Medium
CVE:: 2024-12026

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.7
Severity Score:: Medium
CVE:: 2024-7030

Plugin:: Web3 Crypto Payments by DePay for WooCommerce
Plugin Slug:: depay-payments-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.18
Severity Score:: Medium
CVE:: 2024-12265

Plugin:: Enter Addons – Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-3680

Plugin:: Enter Addons – Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-7611

Plugin:: Flamix: Bitrix24 and Contact Form 7 integrations
Plugin Slug:: flamix-bitrix24-and-contact-forms-7-integrations
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-6568

Plugin:: Gestpay for WooCommerce
Plugin Slug:: gestpay-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 20240307
Severity Score:: Medium
CVE:: 2024-0433

Plugin:: Gestpay for WooCommerce
Plugin Slug:: gestpay-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 20240307
Severity Score:: Medium
CVE:: 2024-0432

Plugin:: Connector Wizard (formerly LC Wizard)
Plugin Slug:: ghl-wizard
Installations: 1,000+
Vulnerability:: Settings Change
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2025-68026

Plugin:: Keap Official Opt-in Forms
Plugin Slug:: infusionsoft-official-opt-in-forms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.12
Severity Score:: Medium
CVE:: 2023-6941

Plugin:: PDF Generator for WordPress Elementor
Plugin Slug:: pdf-generator-addon-for-elementor-page-builder
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.0.1
Severity Score:: High
CVE:: 2024-9935

Plugin:: Simple Popup Plugin
Plugin Slug:: simple-popup-plugin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6
Severity Score:: Medium
CVE:: 2024-8547

Plugin:: Squelch Tabs and Accordions Shortcodes
Plugin Slug:: squelch-tabs-and-accordions-shortcodes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.4.4
Severity Score:: Medium
CVE:: 2024-2499

Plugin:: Tutor LMS – Migration Tool
Plugin Slug:: tutor-lms-migration-tool
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-1804

Plugin:: Vayu Blocks – Website Builder for the Block Editor
Plugin Slug:: vayu-blocks
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.0
Severity Score:: Critical
CVE:: 2024-10124

Plugin:: Views for WPForms – Display & Edit WPForms Entries on your site frontend
Plugin Slug:: views-for-wpforms-lite
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2024-0374

Plugin:: Views for WPForms – Display & Edit WPForms Entries on your site frontend
Plugin Slug:: views-for-wpforms-lite
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2024-0373

Plugin:: Views for WPForms – Display & Edit WPForms Entries on your site frontend
Plugin Slug:: views-for-wpforms-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2024-0372

Plugin:: Views for WPForms – Display & Edit WPForms Entries on your site frontend
Plugin Slug:: views-for-wpforms-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2024-0371

Plugin:: WP AdCenter – Ad Manager & Adsense Ads
Plugin Slug:: wpadcenter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.8
Severity Score:: Medium
CVE:: 2024-10113

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.102
Severity Score:: High
CVE:: 2024-7624

Plugin:: Checkout Gateway for IRIS
Plugin Slug:: checkout-gateway-iris
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2025-68542

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8002
Severity Score:: High
CVE:: 2024-11287

Plugin:: ForumWP – Forum & Discussion Board
Plugin Slug:: forumwp
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: High
CVE:: 2024-11204

Plugin:: IdeaPush
Plugin Slug:: ideapush
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 8.72
Severity Score:: Medium
CVE:: 2024-11844

Plugin:: Koalendar – Easy Appointment Scheduling & Booking Plugin
Plugin Slug:: koalendar-free-booking-widget
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2024-11855

Plugin:: Confetti Fall Animation
Plugin Slug:: confetti-fall-animation
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-8919

Plugin:: Integrate Firebase
Plugin Slug:: integrate-firebase
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.10.0
Severity Score:: Medium
CVE:: 2024-11785

Plugin:: PowerBI Embed Reports
Plugin Slug:: embed-power-bi-reports
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.8
Severity Score:: Medium
CVE:: 2024-11901

Plugin:: GS Books Showcase – Display Books in Grid, Slider & More | Library for WordPress
Plugin Slug:: gs-books-showcase
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-11766

Plugin:: Sync Master Sheet – Product Sync with Google Sheet for WooCommerce
Plugin Slug:: product-sync-master-sheet
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.4
Severity Score:: High
CVE:: 2025-68834

Plugin:: WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
Plugin Slug:: wp-courses
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.22
Severity Score:: High
CVE:: 2024-12172

Plugin:: Dynamic Widget Content
Plugin Slug:: dynamic-widget-content
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2026-1268

Plugin:: Library Viewer
Plugin Slug:: library-viewer
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: High
CVE:: 2025-15396

Plugin:: SmartAgenda – Prise de rendez-vous en ligne
Plugin Slug:: smart-agenda-prise-de-rendez-vous-en-ligne
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7
Severity Score:: Medium
CVE:: 2024-11781

Plugin:: WaveSurfer-WP
Plugin Slug:: wavesurfer-wp
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.4
Severity Score:: Medium
CVE:: 2026-1909

Plugin:: JSM file_get_contents() Shortcode
Plugin Slug:: wp-file-get-contents
Installations: 400+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.7.1
Severity Score:: Medium
CVE:: 2023-6991

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.18.0
Severity Score:: Medium
CVE:: 2024-11782

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2025-14079

Plugin:: Awesome FAQ – Modern Accordion, Tabs,Responsive & Super Fast FAQ Builder.
Plugin Slug:: faq-and-answers
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2024-11882

Plugin:: GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more
Plugin Slug:: gs-portfolio
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.4
Severity Score:: Medium
CVE:: 2024-11765

Plugin:: Accept Stripe Payments Using Contact Form 7
Plugin Slug:: accept-stripe-payments-using-contact-form-7
Installations: 200+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6
Severity Score:: Medium
CVE:: 2024-12255

Plugin:: Arena.IM – Live Blogging for real-time events
Plugin Slug:: arena-liveblog-and-chat-tool
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.4.0
Severity Score:: Medium
CVE:: 2024-11384

Plugin:: Bukza
Plugin Slug:: bukza
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-11759

Plugin:: Eveeno
Plugin Slug:: eveeno
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8
Severity Score:: Medium
CVE:: 2024-11752

Plugin:: All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink
Plugin Slug:: image-viewer
Installations: 200+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.0.3
Severity Score:: High
CVE:: 2026-1294

Plugin:: OS DataHub Maps
Plugin Slug:: os-datahub-maps
Installations: 200+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.8.4
Severity Score:: Critical
CVE:: 2026-1730

Plugin:: Password for WP
Plugin Slug:: password-for-wp
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6
Severity Score:: High
CVE:: 2024-11419

Plugin:: Plezi
Plugin Slug:: plezi
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-11763

Plugin:: WP GeoNames
Plugin Slug:: wp-geonames
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-11757

Plugin:: Add infos to The Events Calendar
Plugin Slug:: add-infos-to-the-events-calendar
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-11875

Plugin:: Run Contests, Raffles, and Giveaways with ContestsWP
Plugin Slug:: contest-code-checker
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2026-25023

Plugin:: IMS Countdown
Plugin Slug:: ims-countdown
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-11755

Plugin:: Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms
Plugin Slug:: kudos-donations
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: High
CVE:: 2024-11685

Plugin:: My IDX Home Search
Plugin Slug:: my-idx-home-search
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-11889

Plugin:: Primer MyData for Woocommerce
Plugin Slug:: primer-mydata
Installations: 100+
Vulnerability:: Path Traversal
Patched in Version:: 4.2.9
Severity Score:: Medium
CVE:: 2025-69325

Plugin:: Sigmize: A/B Testing, Session Recordings, Heatmaps & Revenue Tracking for WooCommerce, SureCart & EDD
Plugin Slug:: sigmize
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.0.10
Severity Score:: Medium
CVE:: 2026-24962

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3944

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3945

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3947

Plugin:: GMap Targeting – Simple Targeting Inside Google Maps
Plugin Slug:: gmap-targeting
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.8
Severity Score:: High
CVE:: 2025-67990

Plugin:: ONLYOFFICE DocSpace
Plugin Slug:: onlyoffice-docspace
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-11750

Plugin:: Pdf & Print to Post – Custom Post Type and Pages
Plugin Slug:: post-to-pdf
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2024-12446

Plugin:: Ganohrs Toggle Shortcode
Plugin Slug:: ganohrs-toggle-shortcode
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.2.5
Severity Score:: Medium
CVE:: 2024-12459

Plugin:: Events Listing Widget
Plugin Slug:: events-listing-widget
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2026-1252

Plugin:: GeoDataSource Country Region DropDown
Plugin Slug:: geodatasource-country-region-dropdown
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2024-12474

Plugin:: NPS computy
Plugin Slug:: nps-computy
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3
Severity Score:: High
CVE:: 2025-67984

Plugin:: Social Media Shortcodes
Plugin Slug:: social-media-shortcodes
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-11871

Plugin:: Employee Directory – Staff Directory and Listing
Plugin Slug:: employee-staff-directory
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2026-1279

Plugin:: Sell BTC – Cryptocurrency Selling Calculator
Plugin Slug:: sell-btc-by-hayyatapps
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: High
CVE:: 2025-14554

Plugin:: Docus – YouTube Video Playlist
Plugin Slug:: docus
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2026-1888

Plugin:: Orange Comfort+ accessibility toolbar for WordPress
Plugin Slug:: orange-confort-plus
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.7.1
Severity Score:: Medium
CVE:: 2026-1808

Plugin:: Peter’s Date Countdown
Plugin Slug:: peters-date-countdown
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: High
CVE:: 2026-1654

Plugin:: WP FOFT Loader
Plugin Slug:: wp-foft-loader
Installations: 10+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.1.40
Severity Score:: High
CVE:: 2026-1756

Plugin:: Aiomatic
Plugin Slug:: aiomatic-automatic-ai-content-writer
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-5969

Plugin:: ARMember Premium
Plugin Slug:: armember
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.7.1
Severity Score:: Medium
CVE:: 2024-5596

Plugin:: Bit Form
Plugin Slug:: bit-form
Vulnerability:: SQL Injection
Patched in Version:: 2.13.10
Severity Score:: High
CVE:: 2024-7780

Plugin:: bodi0’s Easy Cache
Plugin Slug:: bodi0s-easy-cache
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9
Severity Score:: Medium
CVE:: 2024-12628

Plugin:: Bridge Core
Plugin Slug:: bridge-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3
Severity Score:: Medium
CVE:: 2024-9292

Plugin:: EventON-RSVP
Plugin Slug:: eventon-rsvp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.5
Severity Score:: High
CVE:: 2023-7170

Plugin:: Fluent Forms Pro Add On Pack
Plugin Slug:: fluentformpro
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 6.1.13
Severity Score:: Medium
CVE:: 2026-0632

Plugin:: Integrate Google Drive
Plugin Slug:: integrate-google-drive
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.9
Severity Score:: Critical
CVE:: 2024-2086

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1841

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1842

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7
Severity Score:: Medium
CVE:: 2024-5265

Plugin:: Paid Memberships Pro
Plugin Slug:: paid-memberships-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.12.8
Severity Score:: Medium
CVE:: 2024-0624

Plugin:: Community by PeepSo
Plugin Slug:: peepso-core
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3.1.2
Severity Score:: Medium
CVE:: 2023-7125

Plugin:: Community by PeepSo
Plugin Slug:: peepso-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.6.0
Severity Score:: Medium
CVE:: 2024-7655

Plugin:: Porto Theme – Functionality
Plugin Slug:: porto-functionality
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1.0
Severity Score:: High
CVE:: 2024-3809

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-1997

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2000

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2237

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2238

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2239

Plugin:: Reflector
Plugin Slug:: reflector-plugins
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: High
CVE:: 2026-24948

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.25.0
Severity Score:: Medium
CVE:: 2023-7199

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: Broken Access Control
Patched in Version:: 2.25.1
Severity Score:: Medium
CVE:: 2024-1380

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.11
Severity Score:: Medium
CVE:: 2024-4581

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.11
Severity Score:: Medium
CVE:: 2024-4637

Plugin:: Salient Core
Plugin Slug:: salient-core
Vulnerability:: Local File Inclusion
Patched in Version:: 2.0.8
Severity Score:: High
CVE:: 2024-3812

Plugin:: Salient Shortcodes
Plugin Slug:: salient-shortcodes
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2024-3810

Plugin:: Salient Shortcodes
Plugin Slug:: salient-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-3811

Plugin:: School Management
Plugin Slug:: school-management
Vulnerability:: Arbitrary File Upload
Patched in Version:: 92.0.0
Severity Score:: Critical
CVE:: 2024-9660

Plugin:: Simple Locator
Plugin Slug:: simple-locator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.4
Severity Score:: Medium
CVE:: 2024-12501

Plugin:: Smart Appointment & Booking
Plugin Slug:: smart-appointment-booking
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2026-0742

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5252

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5253

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5254

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5255

Plugin:: Whizz Plugins
Plugin Slug:: whizz-plugins
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: High
CVE:: 2026-24955

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Broken Authentication
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-6635

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Privilege Escalation
Patched in Version:: 2.7.4
Severity Score:: Critical
CVE:: 2024-6636

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Privilege Escalation
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-6637

Plugin:: WooCommerce PDF Vouchers
Plugin Slug:: woocommerce-pdf-vouchers
Vulnerability:: Broken Authentication
Patched in Version:: 4.9.4
Severity Score:: High
CVE:: 2024-7027

Plugin:: WooCommerce Support Ticket System
Plugin Slug:: woocommerce-support-ticket-system
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 17.8
Severity Score:: High
CVE:: 2024-10626

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5281

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5282

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5283

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5286

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6073

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6074

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6076

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.6
Severity Score:: High
CVE:: 2024-6134

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.6
Severity Score:: High
CVE:: 2024-5075

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.7
Severity Score:: High
CVE:: 2024-5744

Plugin:: User Extra Fields
Plugin Slug:: wp-user-extra-fields
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 16.9
Severity Score:: High
CVE:: 2025-67991

Plugin:: WPB Show Core
Plugin Slug:: wpb-show-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7
Severity Score:: High
CVE:: 2024-1958

WordPress Themes — 14 Patched / 5 Unpatched

Theme:: WordPress Dating Theme
Theme Slug:: DA10
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22343

Theme:: Cartify – WooCommerce Gutenberg WordPress Theme
Theme Slug:: cartify
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-69385

Theme:: Meris
Theme Slug:: meris
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-7194

Theme:: SevenHills
Theme Slug:: sevenhills
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69372

Theme:: VidoRev
Theme Slug:: vidorev
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69373

Theme:: Royal Elementor Kit
Theme Slug:: royal-elementor-kit
Downloads: 986,469
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.117
Severity Score:: Medium
CVE:: 2024-0835

Theme:: Besa
Theme Slug:: besa
Vulnerability:: Local File Inclusion
Patched in Version:: 2.3.16
Severity Score:: High
CVE:: 2025-67981

Theme:: CozyStay
Theme Slug:: cozystay
Vulnerability:: Local File Inclusion
Patched in Version:: 1.9.1
Severity Score:: High
CVE:: 2025-67988

Theme:: Golo
Theme Slug:: golo
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.5
Severity Score:: Medium
CVE:: 2026-23974

Theme:: Golo
Theme Slug:: golo
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7.5
Severity Score:: High
CVE:: 2026-23975

Theme:: Grand Conference
Theme Slug:: grandconference
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.5
Severity Score:: High
CVE:: 2026-24943

Theme:: Hara
Theme Slug:: hara
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.18
Severity Score:: High
CVE:: 2025-67980

Theme:: Nestin
Theme Slug:: nestin
Vulnerability:: PHP Object Injection
Patched in Version:: 1.2.6
Severity Score:: Critical
CVE:: 2025-67996

Theme:: PatioTime
Theme Slug:: patiotime
Vulnerability:: PHP Object Injection
Patched in Version:: 2.1
Severity Score:: Critical
CVE:: 2025-67995

Theme:: PatioTime
Theme Slug:: patiotime
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1
Severity Score:: High
CVE:: 2025-67992

Theme:: PhotoMe
Theme Slug:: photome
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.2
Severity Score:: High
CVE:: 2026-24949

Theme:: Travelicious
Theme Slug:: travelicious
Vulnerability:: PHP Object Injection
Patched in Version:: 1.6.7
Severity Score:: Critical
CVE:: 2025-67997

Theme:: Unicamp
Theme Slug:: unicamp
Vulnerability:: Local File Inclusion
Patched in Version:: 2.7.2
Severity Score:: High
CVE:: 2026-25027

Theme:: Urna
Theme Slug:: urna
Vulnerability:: Local File Inclusion
Patched in Version:: 2.5.13
Severity Score:: High
CVE:: 2025-67982

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 372 Patched / 76 Unpatched