WordPress Vulnerability Report — February 25, 2026

Since last week, 244 new vulnerabilities have emerged in the WordPress ecosystem, including 205 plugins and 39 themes. Of those, 80 remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Feb 25, 2026

Filed Under:WordPress Vulnerability Report

Reading Time:44 min.

In this report, 244 vulnerabilities have been publicly disclosed. Security patches for 164 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Currently, 80 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 156 Patched / 49 Unpatched

2.1 SiteGuard WP Plugin
2.2 Link Whisper Free
2.3 Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices
2.4 Banner Management, Product Slider, Product Carousel for WooCommerce
2.5 Frontend File Manager Plugin
2.6 Premmerce
2.7 Prodigy Commerce
2.8 TalkJS
2.9 Filestack
2.10 Address Bar Ads
2.11 Advance Block Extend
2.12 Applay – Shortcodes
2.13 BlueSnap Payment Gateway for WooCommerce
2.14 Clasifico Listing
2.15 Country Blocker for AdSense
2.16 Dealia – Request a quote
2.17 Dealia – Request a quote
2.18 DesignThemes Booking Manager
2.19 DesignThemes Directory Addon
2.20 Directory Pro
2.21 Eagle Booking
2.22 Easy Author Image
2.23 Geo Widget
2.24 iXML
2.25 MP-Ukagaka
2.26 News Element Elementor Blog Magazine
2.27 Page Title, Description & Open Graph Updater
2.28 personal-authors-category
2.29 Profile Builder Pro
2.30 Really Simple Security Pro
2.31 Remove Post Type Slug
2.32 salavat counter
2.33 Slider Future
2.34 Slidorion
2.35 StyleBidet
2.36 Subitem AL Slider
2.37 Super Simple Contact Form
2.38 Tennis Court Bookings
2.39 Toret Manager
2.40 WeDesignTech Ultimate Booking Addon
2.41 WeDesignTech Ultimate Booking Addon
2.42 Whatsiplus Scheduled Notification for Woocommerce
2.43 Woocommerce Wholesale Lead Capture
2.44 Woocommerce Wholesale Lead Capture
2.45 WP AUDIO GALLERY
2.46 Client Testimonial Slider
2.47 LiquidPoll
2.48 xmlrpc attacks blocker
2.49 XO Event Calendar
2.50 Complianz – GDPR/CCPA Cookie Consent
2.51 Image Optimizer – Optimize Images and Convert to WebP or AVIF
2.52 Breadcrumb NavXT
2.53 Easy Table of Contents
2.54 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
2.55 Forminator Forms – Contact Form, Payment Form & Custom Form Builder
2.56 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
2.57 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
2.58 BackWPup – WordPress Backup & Restore Plugin
2.59 PixelYourSite – Your smart PIXEL (TAG) & API Manager
2.60 PixelYourSite – Your smart PIXEL (TAG) & API Manager
2.61 Converter for Media – Optimize images | Convert WebP & AVIF
2.62 Ally – Web Accessibility & Usability
2.63 SiteOrigin Widgets Bundle
2.64 Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
2.65 PDF Invoices & Packing Slips for WooCommerce
2.66 Popup Builder – Create highly converting, mobile friendly marketing popups.
2.67 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
2.68 Advanced Ads – Ad Manager & AdSense
2.69 Advanced Custom Fields: Font Awesome Field
2.70 Aruba HiSpeed Cache
2.71 Aruba HiSpeed Cache
2.72 Aruba HiSpeed Cache
2.73 Backup Migration
2.74 Download Manager
2.75 Brevo – Email, SMS, Web Push, Chat, and more.
2.76 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.77 VK All in One Expansion Unit
2.78 WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel
2.79 Razorpay for WooCommerce
2.80 Checkout Field Manager (Checkout Manager) for WooCommerce
2.81 Checkout Field Manager (Checkout Manager) for WooCommerce
2.82 ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin
2.83 Customer Reviews for WooCommerce
2.84 StatCounter – Free Real Time Visitor Stats
2.85 Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels
2.86 Mailchimp List Subscribe Form
2.87 Mesmerize Companion
2.88 ACF Photo Gallery Field
2.89 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters
2.90 Zarinpal Gateway
2.91 Auto Featured Image (Auto Post Thumbnail)
2.92 Blog2Social: Social Media Auto Post & Scheduler
2.93 Booking Calendar
2.94 Printful Integration for WooCommerce
2.95 Advanced AJAX Product Filters
2.96 Super Page Cache
2.97 WP-Members Membership Plugin
2.98 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging
2.99 YayMail – WooCommerce Email Customizer
2.100 YayMail – WooCommerce Email Customizer
2.101 YayMail – WooCommerce Email Customizer
2.102 YayMail – WooCommerce Email Customizer
2.103 Calculated Fields Form
2.104 Easy SVG Support
2.105 OneClick Chat to Order
2.106 Simple Membership
2.107 Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
2.108 Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
2.109 Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
2.110 Image Hotspot by DevVN
2.111 Easy Social Feed – Social Photos Gallery and Post Feed for WordPress
2.112 Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations
2.113 SEO Plugin by Squirrly SEO
2.114 Product Addons for Woocommerce – Product Options with Custom Fields
2.115 WP 404 Auto Redirect to Similar Post
2.116 Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation
2.117 Apollo13 Framework Extensions
2.118 Image Photo Gallery Final Tiles Grid
2.119 Kali Forms — Contact Form & Drag-and-Drop Builder
2.120 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
2.121 Quiz Maker
2.122 Secure Copy Content Protection and Content Locking
2.123 Smartsupp – live chat, AI shopping assistant and chatbots
2.124 Video Conferencing with Zoom
2.125 WP Customer Reviews
2.126 WP Import – Ultimate CSV XML Importer for WordPress
2.127 wpForo Forum
2.128 wpForo Forum
2.129 Web Accessibility by accessiBe
2.130 Business Directory Plugin – Easy Listing Directories for WordPress
2.131 Business Directory Plugin – Easy Listing Directories for WordPress
2.132 Classified Listing – AI-Powered Classified ads & Business Directory Plugin
2.133 Cookie Banner for GDPR / CCPA – WPLP Cookie Consent
2.134 Groups
2.135 Open User Map
2.136 Membership Plugin – Restrict Content
2.137 Two Factor (2FA) Authentication via Email
2.138 URL Shortify – Simple and Easy URL Shortener
2.139 URL Shortify – Simple and Easy URL Shortener
2.140 User Submitted Posts – Enable Users to Submit Posts from the Front End
2.141 Product Table and List Builder for WooCommerce Lite
2.142 WP Compress – Instant Performance & Speed Optimization
2.143 YaMaps for WordPress Plugin
2.144 Album and Image Gallery Plus Lightbox
2.145 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
2.146 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
2.147 s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
2.148 s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
2.149 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent
2.150 EventPrime – Events Calendar, Bookings and Tickets
2.151 EventPrime – Events Calendar, Bookings and Tickets
2.152 EventPrime – Events Calendar, Bookings and Tickets
2.153 Event Booking Manager for WooCommerce
2.154 Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
2.155 Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin
2.156 Cart All In One For WooCommerce
2.157 Popup Box – Easily Create WordPress Popups
2.158 Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization
2.159 Import Eventbrite Events
2.160 Paytium: Mollie payment forms & donations
2.161 Paytium: Mollie payment forms & donations
2.162 Paytium: Mollie payment forms & donations
2.163 Paytium: Mollie payment forms & donations
2.164 Paytium: Mollie payment forms & donations
2.165 Paytium: Mollie payment forms & donations
2.166 Paytium: Mollie payment forms & donations
2.167 Paytium: Mollie payment forms & donations
2.168 Tickera – Sell Tickets & Manage Events
2.169 WP-DownloadManager
2.170 WP-DownloadManager
2.171 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
2.172 Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin
2.173 IMGspider – ????????
2.174 Simple Ajax Chat – Add a Fast, Secure Chat Box
2.175 Virusdie – One-click website security
2.176 WP-Lister Lite for eBay
2.177 WowRevenue – Product Bundles & Bulk Discounts
2.178 WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar
2.179 Taskbuilder – Project & Task Management with Kanban
2.180 Taskbuilder – Project & Task Management with Kanban
2.181 Dam Spam
2.182 My Tickets – Accessible Event Ticketing
2.183 WP Plugin Info Card
2.184 Build App Online
2.185 Library Management System
2.186 Order Splitter for WooCommerce
2.187 Bookster – WordPress Appointment Booking Plugin
2.188 Display During Conditional Shortcode
2.189 IDonate – Blood Donation, Request And Donor Management System
2.190 Video Share VOD – Turnkey Video Site Builder Script
2.191 Private Comment
2.192 Frontend User Notes
2.193 Activity Log for WordPress
2.194 Community Events
2.195 Keybase.io Verification
2.196 InteractiveCalculator for WordPress
2.197 Rent Fetch
2.198 WPNakama – Team and multi-Client Collaboration, Editorial and Project Management
2.199 Ads Pro
2.200 ARForms Form Builder
2.201 Lizza LMS Pro
2.202 tagDiv Composer
2.203 Truelysell Core
2.204 Uni CPO (Premium)
2.205 Wolmart Core

3. WordPress Themes — 8 Patched / 31 Unpatched

3.1 Drift
3.2 Mega Store Woocommerce
3.3 NewsBlogger
3.4 Renden
3.5 A-Mart
3.6 Blabber
3.7 Buyent
3.8 Coworking
3.9 Dentario
3.10 Fooddy
3.11 Gustavo
3.12 Impacto Patronus
3.13 Ironfit
3.14 Isida
3.15 Jude
3.16 Kingler
3.17 Marveland
3.18 Netmix
3.19 Parkivia
3.20 PawFriends – Pet Shop and Veterinary WordPress Theme
3.21 PawFriends – Pet Shop and Veterinary WordPress Theme
3.22 Photolia
3.23 Redy
3.24 Rhodos
3.25 Saveo
3.26 SevenTrees
3.27 Soleng
3.28 Tennis Club
3.29 UnlimHost
3.30 Valenti
3.31 Zio Alberto
3.32 Context Blog
3.33 Shopire
3.34 Spa and Salon
3.35 Grand Restaurant
3.36 Ippsum
3.37 CitiLights
3.38 Sweet Date
3.39 Wiguard

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 7.0 Beta 1 is now available for testing. As this is a pre-release version, it is intended for testing and development only and should not be installed on production or mission-critical sites. Organizations should use local or staging environments to evaluate compatibility and new features before the final rollout.

The full release of WordPress 7.0 is currently scheduled for April 9, 2026. You can find the complete release schedule and technical testing details in the official announcement.

WordPress Plugins — 156 Patched / 49 Unpatched

Plugin:: SiteGuard WP Plugin
Plugin Slug:: siteguard
Installations: 500,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-27411

Plugin:: Link Whisper Free
Plugin Slug:: link-whisper
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22357

Plugin:: Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices
Plugin Slug:: woocommerce-wholesale-prices
Installations: 20,000+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27541

Plugin:: Banner Management, Product Slider, Product Carousel for WooCommerce
Plugin Slug:: banner-management-for-woocommerce
Installations: 2,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22354

Plugin:: Frontend File Manager Plugin
Plugin Slug:: nmedia-user-file-uploader
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0829

Plugin:: Premmerce
Plugin Slug:: premmerce
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0555

Plugin:: Prodigy Commerce
Plugin Slug:: prodigy-commerce
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-0926

Plugin:: TalkJS
Plugin Slug:: talkjs
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1055

Plugin:: Filestack
Plugin Slug:: filepicker-media-uploader
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13959

Plugin:: Address Bar Ads
Plugin Slug:: address-bar-ads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1795

Plugin:: Advance Block Extend
Plugin Slug:: advance-block-extend
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1646

Plugin:: Applay – Shortcodes
Plugin Slug:: applay-shortcodes
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22384

Plugin:: BlueSnap Payment Gateway for WooCommerce
Plugin Slug:: bluesnap-payment-gateway-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-0692

Plugin:: Clasifico Listing
Plugin Slug:: clasifico-listing
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-12882

Plugin:: Country Blocker for AdSense
Plugin Slug:: country-blocker-for-adsense
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13413

Plugin:: Dealia – Request a quote
Plugin Slug:: dealia-request-a-quote
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-2718

Plugin:: Dealia – Request a quote
Plugin Slug:: dealia-request-a-quote
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-2504

Plugin:: DesignThemes Booking Manager
Plugin Slug:: designthemes-booking-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27388

Plugin:: DesignThemes Directory Addon
Plugin Slug:: designthemes-directory-addon
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27386

Plugin:: Directory Pro
Plugin Slug:: directory-pro
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27396

Plugin:: Eagle Booking
Plugin Slug:: eagle-booking
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27428

Plugin:: Easy Author Image
Plugin Slug:: easy-author-image
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1373

Plugin:: Geo Widget
Plugin Slug:: geowidget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1792

Plugin:: iXML
Plugin Slug:: ixml
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-14076

Plugin:: MP-Ukagaka
Plugin Slug:: mp-ukagaka
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1643

Plugin:: News Element Elementor Blog Magazine
Plugin Slug:: news-element
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-2284

Plugin:: Page Title, Description & Open Graph Updater
Plugin Slug:: page-title-description-open-graph-updater
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13438

Plugin:: personal-authors-category
Plugin Slug:: personal-authors-category
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1754

Plugin:: Profile Builder Pro
Plugin Slug:: profile-builder-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27413

Plugin:: Really Simple Security Pro
Plugin Slug:: really-simple-ssl-pro
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-27397

Plugin:: Remove Post Type Slug
Plugin Slug:: remove-post-type-slug
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14167

Plugin:: salavat counter
Plugin Slug:: salavat-counter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1047

Plugin:: Slider Future
Plugin Slug:: slider-future
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-1405

Plugin:: Slidorion
Plugin Slug:: slidorion
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-2282

Plugin:: StyleBidet
Plugin Slug:: stylebidet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1796

Plugin:: Subitem AL Slider
Plugin Slug:: subitem-al-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1634

Plugin:: Super Simple Contact Form
Plugin Slug:: super-simple-contact-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-0753

Plugin:: Tennis Court Bookings
Plugin Slug:: tennis-court-bookings
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1044

Plugin:: Toret Manager
Plugin Slug:: toret-manager
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0912

Plugin:: WeDesignTech Ultimate Booking Addon
Plugin Slug:: wedesigntech-ultimate-booking-addon
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27389

Plugin:: WeDesignTech Ultimate Booking Addon
Plugin Slug:: wedesigntech-ultimate-booking-addon
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27390

Plugin:: Whatsiplus Scheduled Notification for Woocommerce
Plugin Slug:: whatsiplus-scheduled-notification-for-woocommerce
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1455

Plugin:: Woocommerce Wholesale Lead Capture
Plugin Slug:: woocommerce-wholesale-lead-capture
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27542

Plugin:: Woocommerce Wholesale Lead Capture
Plugin Slug:: woocommerce-wholesale-lead-capture
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27540

Plugin:: WP AUDIO GALLERY
Plugin Slug:: wp-audio-gallery
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-13603

Plugin:: Client Testimonial Slider
Plugin Slug:: wp-client-testimonial
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-2716

Plugin:: LiquidPoll
Plugin Slug:: wp-poll
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7134

Plugin:: xmlrpc attacks blocker
Plugin Slug:: xmlrpc-attacks-blocker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-2502

Plugin:: XO Event Calendar
Plugin Slug:: xo-event-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0556

Plugin:: Complianz – GDPR/CCPA Cookie Consent
Plugin Slug:: complianz-gdpr
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.4
Severity Score:: Medium
CVE:: 2025-11185

Plugin:: Image Optimizer – Optimize Images and Convert to WebP or AVIF
Plugin Slug:: image-optimization
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2026-25387

Plugin:: Breadcrumb NavXT
Plugin Slug:: breadcrumb-navxt
Installations: 800,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.5.1
Severity Score:: Medium
CVE:: 2025-13842

Plugin:: Easy Table of Contents
Plugin Slug:: easy-table-of-contents
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.79
Severity Score:: Medium
CVE:: 2025-13738

Plugin:: Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-6703

Plugin:: Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.50.3
Severity Score:: Medium
CVE:: 2026-2002

Plugin:: Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
Plugin Slug:: kadence-blocks
Installations: 600,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.2
Severity Score:: Medium
CVE:: 2026-2633

Plugin:: Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
Plugin Slug:: kadence-blocks
Installations: 600,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.6.2
Severity Score:: Medium
CVE:: 2026-1857

Plugin:: BackWPup – WordPress Backup & Restore Plugin
Plugin Slug:: backwpup
Installations: 500,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.6.3
Severity Score:: High
CVE:: 2025-15041

Plugin:: PixelYourSite – Your smart PIXEL (TAG) & API Manager
Plugin Slug:: pixelyoursite
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.2.0.2
Severity Score:: High
CVE:: 2026-27072

Plugin:: PixelYourSite – Your smart PIXEL (TAG) & API Manager
Plugin Slug:: pixelyoursite
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.2.0.1
Severity Score:: High
CVE:: 2026-1841

Plugin:: Converter for Media – Optimize images | Convert WebP & AVIF
Plugin Slug:: webp-converter-for-media
Installations: 500,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 6.5.2
Severity Score:: High
CVE:: 2026-1356

Plugin:: Ally – Web Accessibility & Usability
Plugin Slug:: pojo-accessibility
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.3
Severity Score:: Medium
CVE:: 2026-25386

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 400,000+
Vulnerability:: Content Injection
Patched in Version:: 1.71.0
Severity Score:: Medium
CVE:: 2026-2127

Plugin:: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Plugin Slug:: formidable
Installations: 300,000+
Vulnerability:: Content Injection
Patched in Version:: 6.7.1
Severity Score:: Medium
CVE:: 2023-6830

Plugin:: PDF Invoices & Packing Slips for WooCommerce
Plugin Slug:: woocommerce-pdf-invoices-packing-slips
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.0
Severity Score:: Medium
CVE:: 2026-1906

Plugin:: Popup Builder – Create highly converting, mobile friendly marketing popups.
Plugin Slug:: popup-builder
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.3
Severity Score:: Medium
CVE:: 2025-13079

Plugin:: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.2
Severity Score:: High
CVE:: 2026-1404

Plugin:: Advanced Ads – Ad Manager & AdSense
Plugin Slug:: advanced-ads
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.15
Severity Score:: Medium
CVE:: 2025-12884

Plugin:: Advanced Custom Fields: Font Awesome Field
Plugin Slug:: advanced-custom-fields-font-awesome
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.2
Severity Score:: Medium
CVE:: 2025-14983

Plugin:: Aruba HiSpeed Cache
Plugin Slug:: aruba-hispeed-cache
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.3
Severity Score:: Medium
CVE:: 2025-11725

Plugin:: Aruba HiSpeed Cache
Plugin Slug:: aruba-hispeed-cache
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.3
Severity Score:: High
CVE:: 2025-11706

Plugin:: Aruba HiSpeed Cache
Plugin Slug:: aruba-hispeed-cache
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.5
Severity Score:: Medium
CVE:: 2026-23545

Plugin:: Backup Migration
Plugin Slug:: backup-backup
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.4.0
Severity Score:: High
CVE:: 2023-7002

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.47
Severity Score:: High
CVE:: 2026-1666

Plugin:: Brevo – Email, SMS, Web Push, Chat, and more.
Plugin Slug:: mailin
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2025-14799

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.4.8
Severity Score:: Medium
CVE:: 2026-2386

Plugin:: VK All in One Expansion Unit
Plugin Slug:: vk-all-in-one-expansion-unit
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.112.4
Severity Score:: Medium
CVE:: 2025-11737

Plugin:: WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel
Plugin Slug:: wp-all-export
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.15
Severity Score:: Low
CVE:: 2026-1582

Plugin:: Razorpay for WooCommerce
Plugin Slug:: woo-razorpay
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.7.9
Severity Score:: Medium
CVE:: 2025-14294

Plugin:: Checkout Field Manager (Checkout Manager) for WooCommerce
Plugin Slug:: woocommerce-checkout-manager
Installations: 90,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 7.8.6
Severity Score:: High
CVE:: 2025-13930

Plugin:: Checkout Field Manager (Checkout Manager) for WooCommerce
Plugin Slug:: woocommerce-checkout-manager
Installations: 90,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.8.2
Severity Score:: Medium
CVE:: 2025-12500

Plugin:: ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin
Plugin Slug:: woolentor-addons
Installations: 90,000+
Vulnerability:: Content Injection
Patched in Version:: 3.3.3
Severity Score:: High
CVE:: 2026-1714

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.98.0
Severity Score:: High
CVE:: 2026-1316

Plugin:: StatCounter – Free Real Time Visitor Stats
Plugin Slug:: official-statcounter-plugin-for-wordpress
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2025-13048

Plugin:: Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels
Plugin Slug:: webappick-product-feed-for-woocommerce
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.6.12
Severity Score:: High
CVE:: 2025-12975

Plugin:: Mailchimp List Subscribe Form
Plugin Slug:: mailchimp
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2025-12172

Plugin:: Mesmerize Companion
Plugin Slug:: mesmerize-companion
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.162
Severity Score:: Medium
CVE:: 2025-12027

Plugin:: ACF Photo Gallery Field
Plugin Slug:: navz-photo-gallery
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1
Severity Score:: Medium
CVE:: 2025-12081

Plugin:: WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters
Plugin Slug:: wp-google-map-plugin
Installations: 60,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.8.7
Severity Score:: High
CVE:: 2025-12062

Plugin:: Zarinpal Gateway
Plugin Slug:: zarinpal-woocommerce-payment-gateway
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.17
Severity Score:: High
CVE:: 2026-2592

Plugin:: Auto Featured Image (Auto Post Thumbnail)
Plugin Slug:: auto-post-thumbnail
Installations: 50,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.2.0
Severity Score:: Medium
CVE:: 2023-7073

Plugin:: Blog2Social: Social Media Auto Post & Scheduler
Plugin Slug:: blog2social
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.7.5
Severity Score:: Medium
CVE:: 2026-1942

Plugin:: Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 10.14.15
Severity Score:: Medium
CVE:: 2026-2230

Plugin:: Printful Integration for WooCommerce
Plugin Slug:: printful-shipping-for-woocommerce
Installations: 50,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.2.12
Severity Score:: Medium
CVE:: 2025-12375

Plugin:: Advanced AJAX Product Filters
Plugin Slug:: woocommerce-ajax-filters
Installations: 50,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1.9.7
Severity Score:: High
CVE:: 2026-1426

Plugin:: Super Page Cache
Plugin Slug:: wp-cloudflare-page-cache
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.3
Severity Score:: High
CVE:: 2026-1843

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.9
Severity Score:: Medium
CVE:: 2023-6733

Plugin:: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging
Plugin Slug:: wp-rss-aggregator
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.11
Severity Score:: High
CVE:: 2026-1216

Plugin:: YayMail – WooCommerce Email Customizer
Plugin Slug:: yaymail
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.3
Severity Score:: Low
CVE:: 2026-1938

Plugin:: YayMail – WooCommerce Email Customizer
Plugin Slug:: yaymail
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.3
Severity Score:: Low
CVE:: 2026-1831

Plugin:: YayMail – WooCommerce Email Customizer
Plugin Slug:: yaymail
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.3
Severity Score:: Medium
CVE:: 2026-1943

Plugin:: YayMail – WooCommerce Email Customizer
Plugin Slug:: yaymail
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.3
Severity Score:: High
CVE:: 2026-1937

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.4.4.2
Severity Score:: Medium
CVE:: 2026-25368

Plugin:: Easy SVG Support
Plugin Slug:: easy-svg
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1
Severity Score:: Medium
CVE:: 2025-12451

Plugin:: OneClick Chat to Order
Plugin Slug:: oneclick-whatsapp-order
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Low
CVE:: 2025-14270

Plugin:: Simple Membership
Plugin Slug:: simple-membership
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.7.1
Severity Score:: Medium
CVE:: 2026-1461

Plugin:: Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
Plugin Slug:: wp-simple-firewall
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 21.0.10
Severity Score:: Critical
CVE:: 2026-0722

Plugin:: Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
Plugin Slug:: wp-simple-firewall
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 21.0.10
Severity Score:: High
CVE:: 2026-0561

Plugin:: Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
Plugin Slug:: wp-simple-firewall
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 21.0.10
Severity Score:: Medium
CVE:: 2025-14427

Plugin:: Image Hotspot by DevVN
Plugin Slug:: devvn-image-hotspot
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2025-14445

Plugin:: Easy Social Feed – Social Photos Gallery and Post Feed for WordPress
Plugin Slug:: easy-facebook-likebox
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.5.3
Severity Score:: Medium
CVE:: 2023-6883

Plugin:: Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2026-2486

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 12.4.15
Severity Score:: Medium
CVE:: 2025-14342

Plugin:: Product Addons for Woocommerce – Product Options with Custom Fields
Plugin Slug:: woo-custom-product-addons
Installations: 30,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 3.1.1
Severity Score:: High
CVE:: 2026-2296

Plugin:: WP 404 Auto Redirect to Similar Post
Plugin Slug:: wp-404-auto-redirect-to-similar-post
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2025-12037

Plugin:: Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation
Plugin Slug:: zero-bs-crm
Installations: 30,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 6.7.1
Severity Score:: High
CVE:: 2026-22356

Plugin:: Apollo13 Framework Extensions
Plugin Slug:: apollo13-framework-extensions
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.9
Severity Score:: Medium
CVE:: 2025-13617

Plugin:: Image Photo Gallery Final Tiles Grid
Plugin Slug:: final-tiles-grid-gallery-lite
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.11
Severity Score:: Medium
CVE:: 2026-25375

Plugin:: Kali Forms — Contact Form & Drag-and-Drop Builder
Plugin Slug:: kali-forms
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.9
Severity Score:: Medium
CVE:: 2026-1860

Plugin:: MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.11
Severity Score:: Medium
CVE:: 2026-1219

Plugin:: Quiz Maker
Plugin Slug:: quiz-maker
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.1.8
Severity Score:: Medium
CVE:: 2026-2384

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.9
Severity Score:: High
CVE:: 2026-1320

Plugin:: Smartsupp – live chat, AI shopping assistant and chatbots
Plugin Slug:: smartsupp-live-chat
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.2
Severity Score:: Medium
CVE:: 2025-12448

Plugin:: Video Conferencing with Zoom
Plugin Slug:: video-conferencing-with-zoom-api
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.6.6
Severity Score:: High
CVE:: 2026-1368

Plugin:: WP Customer Reviews
Plugin Slug:: wp-customer-reviews
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.6
Severity Score:: High
CVE:: 2025-14452

Plugin:: WP Import – Ultimate CSV XML Importer for WordPress
Plugin Slug:: wp-ultimate-csv-importer
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.38
Severity Score:: High
CVE:: 2026-1317

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.15
Severity Score:: Critical
CVE:: 2026-1581

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.4.14
Severity Score:: High
CVE:: 2026-0910

Plugin:: Web Accessibility by accessiBe
Plugin Slug:: accessibe
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.12
Severity Score:: Medium
CVE:: 2025-13113

Plugin:: Business Directory Plugin – Easy Listing Directories for WordPress
Plugin Slug:: business-directory-plugin
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.4.21
Severity Score:: Medium
CVE:: 2026-1656

Plugin:: Business Directory Plugin – Easy Listing Directories for WordPress
Plugin Slug:: business-directory-plugin
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.4.22
Severity Score:: Critical
CVE:: 2026-2576

Plugin:: Classified Listing – AI-Powered Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.3.5
Severity Score:: Medium
CVE:: 2026-23546

Plugin:: Cookie Banner for GDPR / CCPA – WPLP Cookie Consent
Plugin Slug:: gdpr-cookie-consent
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.3
Severity Score:: High
CVE:: 2025-11754

Plugin:: Groups
Plugin Slug:: groups
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.0
Severity Score:: Medium
CVE:: 2026-0549

Plugin:: Open User Map
Plugin Slug:: open-user-map
Installations: 10,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.4.17
Severity Score:: Medium
CVE:: 2025-68002

Plugin:: Membership Plugin – Restrict Content
Plugin Slug:: restrict-content
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.19
Severity Score:: Medium
CVE:: 2026-1304

Plugin:: Two Factor (2FA) Authentication via Email
Plugin Slug:: two-factor-2fa-via-email
Installations: 10,000+
Vulnerability:: Broken Authentication
Patched in Version:: 1.9.9
Severity Score:: Medium
CVE:: 2025-13587

Plugin:: URL Shortify – Simple and Easy URL Shortener
Plugin Slug:: url-shortify
Installations: 10,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.12.2
Severity Score:: Medium
CVE:: 2026-1277

Plugin:: URL Shortify – Simple and Easy URL Shortener
Plugin Slug:: url-shortify
Installations: 10,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.12.4
Severity Score:: Medium
CVE:: 2026-25385

Plugin:: User Submitted Posts – Enable Users to Submit Posts from the Front End
Plugin Slug:: user-submitted-posts
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 20260217
Severity Score:: Medium
CVE:: 2026-2126

Plugin:: Product Table and List Builder for WooCommerce Lite
Plugin Slug:: wc-product-table-lite
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.6.3
Severity Score:: Critical
CVE:: 2026-2232

Plugin:: WP Compress – Instant Performance & Speed Optimization
Plugin Slug:: wp-compress-image-optimizer
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.60.29
Severity Score:: Medium
CVE:: 2026-25370

Plugin:: YaMaps for WordPress Plugin
Plugin Slug:: yamaps
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.6.41
Severity Score:: Medium
CVE:: 2025-14851

Plugin:: Album and Image Gallery Plus Lightbox
Plugin Slug:: album-and-image-gallery-plus-lightbox
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2025-13612

Plugin:: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.0.7.0
Severity Score:: Medium
CVE:: 2025-14444

Plugin:: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.0.7.2
Severity Score:: Medium
CVE:: 2026-0929

Plugin:: s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 9,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 260215
Severity Score:: Critical
CVE:: 2026-1994

Plugin:: s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 260101
Severity Score:: Medium
CVE:: 2025-13732

Plugin:: Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent
Plugin Slug:: tablesome
Installations: 9,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2025-12845

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.8.5
Severity Score:: Medium
CVE:: 2026-1655

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.2.8.4
Severity Score:: Medium
CVE:: 2026-25389

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.8.5
Severity Score:: Medium
CVE:: 2026-1657

Plugin:: Event Booking Manager for WooCommerce
Plugin Slug:: mage-eventpress
Installations: 7,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.1.2
Severity Score:: Critical
CVE:: 2026-23549

Plugin:: Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Plugin Slug:: mail-mint
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.19.5
Severity Score:: High
CVE:: 2026-23541

Plugin:: Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin
Plugin Slug:: orderable
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.20.1
Severity Score:: High
CVE:: 2026-0974

Plugin:: Cart All In One For WooCommerce
Plugin Slug:: woo-cart-all-in-one
Installations: 6,000+
Vulnerability:: Content Injection
Patched in Version:: 1.1.22
Severity Score:: High
CVE:: 2026-2019

Plugin:: Popup Box – Easily Create WordPress Popups
Plugin Slug:: popup-box
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.13
Severity Score:: Medium
CVE:: 2025-12122

Plugin:: Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization
Plugin Slug:: nelio-ab-testing
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 8.2.5
Severity Score:: High
CVE:: 2026-25378

Plugin:: Import Eventbrite Events
Plugin Slug:: import-eventbrite-events
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.5
Severity Score:: High
CVE:: 2024-12422

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4
Severity Score:: Medium
CVE:: 2023-7287

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4
Severity Score:: Medium
CVE:: 2023-7288

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4
Severity Score:: Medium
CVE:: 2023-7289

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4
Severity Score:: Medium
CVE:: 2023-7290

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4
Severity Score:: High
CVE:: 2023-7291

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4
Severity Score:: Medium
CVE:: 2023-7292

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4
Severity Score:: Medium
CVE:: 2023-7293

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4
Severity Score:: High
CVE:: 2023-7294

Plugin:: Tickera – Sell Tickets & Manage Events
Plugin Slug:: tickera-event-ticketing-system
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.6.5
Severity Score:: Medium
CVE:: 2025-12356

Plugin:: WP-DownloadManager
Plugin Slug:: wp-downloadmanager
Installations: 3,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.69.1
Severity Score:: Medium
CVE:: 2026-2426

Plugin:: WP-DownloadManager
Plugin Slug:: wp-downloadmanager
Installations: 3,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.69.1
Severity Score:: Low
CVE:: 2026-2419

Plugin:: Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Plugin Slug:: academy
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2026-25372

Plugin:: Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin
Plugin Slug:: frontend-post-submission-manager-lite
Installations: 2,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2026-1296

Plugin:: IMGspider – ????????
Plugin Slug:: imgspider
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.3.11
Severity Score:: Critical
CVE:: 2024-6318

Plugin:: Simple Ajax Chat – Add a Fast, Secure Chat Box
Plugin Slug:: simple-ajax-chat
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 20260217
Severity Score:: Medium
CVE:: 2026-3075

Plugin:: Virusdie – One-click website security
Plugin Slug:: virusdie
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.8
Severity Score:: Medium
CVE:: 2025-14864

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.6
Severity Score:: Medium
CVE:: 2026-25384

Plugin:: WowRevenue – Product Bundles & Bulk Discounts
Plugin Slug:: revenue
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.4
Severity Score:: High
CVE:: 2026-2001

Plugin:: WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar
Plugin Slug:: wp-event-aggregator
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.0
Severity Score:: Medium
CVE:: 2026-1941

Plugin:: Taskbuilder – Project & Task Management with Kanban
Plugin Slug:: taskbuilder
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.3
Severity Score:: Medium
CVE:: 2026-1640

Plugin:: Taskbuilder – Project & Task Management with Kanban
Plugin Slug:: taskbuilder
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 5.0.3
Severity Score:: High
CVE:: 2026-1639

Plugin:: Dam Spam
Plugin Slug:: dam-spam
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.9
Severity Score:: Medium
CVE:: 2026-2112

Plugin:: My Tickets – Accessible Event Ticketing
Plugin Slug:: my-tickets
Installations: 700+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.1
Severity Score:: High
CVE:: 2026-27406

Plugin:: WP Plugin Info Card
Plugin Slug:: wp-plugin-info-card
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3.0
Severity Score:: Medium
CVE:: 2026-2023

Plugin:: Build App Online
Plugin Slug:: build-app-online
Installations: 500+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.0.23
Severity Score:: High
CVE:: 2023-7264

Plugin:: Library Management System
Plugin Slug:: library-management-system
Installations: 300+
Vulnerability:: SQL Injection
Patched in Version:: 3.3
Severity Score:: Critical
CVE:: 2025-12707

Plugin:: Order Splitter for WooCommerce
Plugin Slug:: woo-order-splitter
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.6
Severity Score:: Medium
CVE:: 2025-12075

Plugin:: Bookster – WordPress Appointment Booking Plugin
Plugin Slug:: bookster
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.0
Severity Score:: High
CVE:: 2025-8781

Plugin:: Display During Conditional Shortcode
Plugin Slug:: display-during-conditional-shortcode
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2025-6460

Plugin:: IDonate – Blood Donation, Request And Donor Management System
Plugin Slug:: idonate
Installations: 90+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.1.0
Severity Score:: High
CVE:: 2025-4521

Plugin:: Video Share VOD – Turnkey Video Site Builder Script
Plugin Slug:: video-share-vod
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.12
Severity Score:: Medium
CVE:: 2025-13727

Plugin:: Private Comment
Plugin Slug:: private-comment
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.0.5
Severity Score:: Medium
CVE:: 2026-2281

Plugin:: Frontend User Notes
Plugin Slug:: frontend-user-notes
Installations: 50+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2025-12071

Plugin:: Activity Log for WordPress
Plugin Slug:: winterlock
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.9
Severity Score:: Medium
CVE:: 2026-1671

Plugin:: Community Events
Plugin Slug:: community-events
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2026-1649

Plugin:: Keybase.io Verification
Plugin Slug:: wp-keybase-verification
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.6
Severity Score:: Medium
CVE:: 2026-1072

Plugin:: InteractiveCalculator for WordPress
Plugin Slug:: interactivecalculator
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2026-1807

Plugin:: Rent Fetch
Plugin Slug:: rentfetch
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.32.7
Severity Score:: High
CVE:: 2026-1931

Plugin:: WPNakama – Team and multi-Client Collaboration, Editorial and Project Management
Plugin Slug:: wpnakama
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: 0.6.6
Severity Score:: Critical
CVE:: 2026-2495

Plugin:: Ads Pro
Plugin Slug:: ap-plugin-scripteo
Vulnerability:: Broken Access Control
Patched in Version:: 5.1
Severity Score:: Medium
CVE:: 2026-25388

Plugin:: ARForms Form Builder
Plugin Slug:: arforms-form-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.9
Severity Score:: High
CVE:: 2023-6828

Plugin:: Lizza LMS Pro
Plugin Slug:: lizza-lms-pro
Vulnerability:: Privilege Escalation
Patched in Version:: 1.0.4
Severity Score:: Critical
CVE:: 2025-13563

Plugin:: tagDiv Composer
Plugin Slug:: td-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1
Severity Score:: High
CVE:: 2024-5212

Plugin:: Truelysell Core
Plugin Slug:: truelysell-core
Vulnerability:: Privilege Escalation
Patched in Version:: 1.8.8
Severity Score:: Critical
CVE:: 2025-8572

Plugin:: Uni CPO (Premium)
Plugin Slug:: uni-woo-custom-product-options-premium
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.61
Severity Score:: Medium
CVE:: 2025-13391

Plugin:: Wolmart Core
Plugin Slug:: wolmart-core
Vulnerability:: SQL Injection
Patched in Version:: 1.9.7
Severity Score:: Critical
CVE:: 2025-69337

WordPress Themes — 8 Patched / 31 Unpatched

Theme:: Drift
Theme Slug:: drift
Downloads: 30,869
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12116

Theme:: Mega Store Woocommerce
Theme Slug:: mega-store-woocommerce
Downloads: 42,273
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14357

Theme:: NewsBlogger
Theme Slug:: newsblogger
Downloads: 155,250
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12821

Theme:: Renden
Theme Slug:: renden
Downloads: 328,852
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12117

Theme:: A-Mart
Theme Slug:: a-mart
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22361

Theme:: Blabber
Theme Slug:: blabber
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22378

Theme:: Buyent
Theme Slug:: buyent
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-13851

Theme:: Coworking
Theme Slug:: coworking
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22367

Theme:: Dentario
Theme Slug:: dentario
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27439

Theme:: Fooddy
Theme Slug:: fooddy
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22373

Theme:: Gustavo
Theme Slug:: gustavo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22371

Theme:: Impacto Patronus
Theme Slug:: impacto-patronus
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22375

Theme:: Ironfit
Theme Slug:: ironfit
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22369

Theme:: Isida
Theme Slug:: isida
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22372

Theme:: Jude
Theme Slug:: jude
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22366

Theme:: Kingler
Theme Slug:: kingler
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27438

Theme:: Marveland
Theme Slug:: marveland
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22370

Theme:: Netmix
Theme Slug:: netmix
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22379

Theme:: Parkivia
Theme Slug:: parkivia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22376

Theme:: PawFriends – Pet Shop and Veterinary WordPress Theme
Theme Slug:: pawfriends
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22383

Theme:: PawFriends – Pet Shop and Veterinary WordPress Theme
Theme Slug:: pawfriends
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22381

Theme:: Photolia
Theme Slug:: photolia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22362

Theme:: Redy
Theme Slug:: redy
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22368

Theme:: Rhodos
Theme Slug:: rhodos
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22363

Theme:: Saveo
Theme Slug:: saveo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22377

Theme:: SevenTrees
Theme Slug:: seventrees
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22364

Theme:: Soleng
Theme Slug:: soleng
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22365

Theme:: Tennis Club
Theme Slug:: tennis-sportclub
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27437

Theme:: UnlimHost
Theme Slug:: unlimhost
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22380

Theme:: Valenti
Theme Slug:: valenti
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-23544

Theme:: Zio Alberto
Theme Slug:: zioalberto
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22374

Theme:: Context Blog
Theme Slug:: context-blog
Downloads: 84,231
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2025-12074

Theme:: Shopire
Theme Slug:: shopire
Downloads: 89,293
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.58
Severity Score:: Medium
CVE:: 2025-13091

Theme:: Spa and Salon
Theme Slug:: spa-and-salon
Downloads: 165,530
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2026-25374

Theme:: Grand Restaurant
Theme Slug:: grandrestaurant
Vulnerability:: PHP Object Injection
Patched in Version:: 7.0.11
Severity Score:: Critical
CVE:: 2026-23542

Theme:: Ippsum
Theme Slug:: ippsum
Vulnerability:: PHP Object Injection
Patched in Version:: 1.2.1
Severity Score:: Critical
CVE:: 2025-68541

Theme:: CitiLights
Theme Slug:: noo-citilights
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2026-25367

Theme:: Sweet Date
Theme Slug:: sweetdate
Vulnerability:: PHP Object Injection
Patched in Version:: 4.0.1
Severity Score:: Critical
CVE:: 2026-27417

Theme:: Wiguard
Theme Slug:: wiguard
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.0.1
Severity Score:: Critical
CVE:: 2025-68549

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 156 Patched / 49 Unpatched