WordPress Vulnerability Report

WordPress Vulnerability Report — April 2, 2025

Last week, 542 new vulnerabilities emerged in the WordPress ecosystem, including 520 plugins and 22 themes. 275 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Avatar photo
Sarah Ulmer

Published:Apr 2, 2025

Filed Under:WordPress Vulnerability Report

Reading Time:96 min.

In this report, 542 vulnerabilities have been publicly disclosed. Security patches for 267 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 275 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.8 Release Candidate 2 is ready for download and testing! This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended that you evaluate RC2 on a test server and site.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 263 Patched / 257 Unpatched

Themesflat Addons For Elementor

Plugin:
Themesflat Addons For Elementor
Plugin Slug:
themesflat-addons-for-elementor
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31567
The vulnerability has not been patched. You should deactivate the plugin.

GTM Kit – Google Tag Manager & GA4 integration

Plugin:
GTM Kit – Google Tag Manager & GA4 integration
Plugin Slug:
gtm-kit
Installations
30,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31001
The vulnerability has not been patched. You should deactivate the plugin.

OSM – OpenStreetMap

Plugin:
OSM – OpenStreetMap
Plugin Slug:
osm
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31557
The vulnerability has not been patched. You should deactivate the plugin.

WPCargo Track & Trace

Plugin:
WPCargo Track & Trace
Plugin Slug:
wpcargo
Installations
10,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31609
The vulnerability has not been patched. You should deactivate the plugin.

WP Mobile Bottom Menu

Plugin:
WP Mobile Bottom Menu
Plugin Slug:
mobile-bottom-menu-for-wp
Installations
8,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31525
The vulnerability has not been patched. You should deactivate the plugin.

IMPress for IDX Broker

Plugin:
IMPress for IDX Broker
Plugin Slug:
idx-broker-platinum
Installations
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31556
The vulnerability has not been patched. You should deactivate the plugin.

Sliced Invoices – WordPress Invoice Plugin

Plugin:
Sliced Invoices – WordPress Invoice Plugin
Plugin Slug:
sliced-invoices
Installations
6,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31628
The vulnerability has not been patched. You should deactivate the plugin.

Flag Icons

Plugin:
Flag Icons
Plugin Slug:
language-icons-flags-switcher
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31575
The vulnerability has not been patched. You should deactivate the plugin.

Fusion Page Builder

Plugin:
Fusion Page Builder
Plugin Slug:
fusion
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31549
The vulnerability has not been patched. You should deactivate the plugin.

Gallery – Photo Albums Plugin

Plugin:
Gallery – Photo Albums Plugin
Plugin Slug:
easy-media-gallery
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31586
The vulnerability has not been patched. You should deactivate the plugin.

ELEX WooCommerce Request a Quote

Plugin:
ELEX WooCommerce Request a Quote
Plugin Slug:
elex-request-a-quote
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31406
The vulnerability has not been patched. You should deactivate the plugin.

Quick Interest Slider

Plugin:
Quick Interest Slider
Plugin Slug:
quick-interest-slider
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-26738
The vulnerability has not been patched. You should deactivate the plugin.

Safe Ai Malware Protection for WP

Plugin:
Safe Ai Malware Protection for WP
Plugin Slug:
safe-ai-malware-protection-for-wp
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31545
The vulnerability has not been patched. You should deactivate the plugin.

teachPress

Plugin:
teachPress
Plugin Slug:
teachpress
Installations
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-1320
The vulnerability has not been patched. You should deactivate the plugin.

Timeline Event History

Plugin:
Timeline Event History
Plugin Slug:
timeline-event-history
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31595
The vulnerability has not been patched. You should deactivate the plugin.

Directory Listings WordPress plugin – uListing

Plugin:
Directory Listings WordPress plugin – uListing
Plugin Slug:
ulisting
Installations
2,000+
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-1653
The vulnerability has not been patched. You should deactivate the plugin.

Cal.com

Plugin:
Cal.com
Plugin Slug:
cal-com
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31604
The vulnerability has not been patched. You should deactivate the plugin.

Cryptocurrency Widgets Pack

Plugin:
Cryptocurrency Widgets Pack
Plugin Slug:
cryptocurrency-widgets-pack
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31539
The vulnerability has not been patched. You should deactivate the plugin.

Click to Chat – WP Support All-in-One Floating Widget

Plugin:
Click to Chat – WP Support All-in-One Floating Widget
Plugin Slug:
support-chat
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31092
The vulnerability has not been patched. You should deactivate the plugin.

Swiss Toolkit For WP

Plugin:
Swiss Toolkit For WP
Plugin Slug:
swiss-toolkit-for-wp
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31546
The vulnerability has not been patched. You should deactivate the plugin.

Swiss Toolkit For WP

Plugin:
Swiss Toolkit For WP
Plugin Slug:
swiss-toolkit-for-wp
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31544
The vulnerability has not been patched. You should deactivate the plugin.

Price by Quantity & Bulk Quantity Discounts for WooCommerce

Plugin:
Price by Quantity & Bulk Quantity Discounts for WooCommerce
Plugin Slug:
wholesale-pricing-woocommerce
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31598
The vulnerability has not been patched. You should deactivate the plugin.

Group Chat & Video Chat by AtomChat

Plugin:
Group Chat & Video Chat by AtomChat
Plugin Slug:
atomchat
Installations
800+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31532
The vulnerability has not been patched. You should deactivate the plugin.

Simple Owl Carousel

Plugin:
Simple Owl Carousel
Plugin Slug:
simple-owl-carousel
Installations
700+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31535
The vulnerability has not been patched. You should deactivate the plugin.

Slider Path for Elementor

Plugin:
Slider Path for Elementor
Plugin Slug:
slider-path
Installations
700+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31529
The vulnerability has not been patched. You should deactivate the plugin.

StaticPress

Plugin:
StaticPress
Plugin Slug:
staticpress
Installations
700+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31528
The vulnerability has not been patched. You should deactivate the plugin.

Custom Database Applications by Caspio

Plugin:
Custom Database Applications by Caspio
Plugin Slug:
custom-database-applications-by-caspio
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31559
The vulnerability has not been patched. You should deactivate the plugin.

Google SEO Pressor for Rich snippets

Plugin:
Google SEO Pressor for Rich snippets
Plugin Slug:
google-seo-author-snippets
Installations
600+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31530
The vulnerability has not been patched. You should deactivate the plugin.

History Log by click5

Plugin:
History Log by click5
Plugin Slug:
history-log-by-click5
Installations
600+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-31531
The vulnerability has not been patched. You should deactivate the plugin.

My auctions allegro

Plugin:
My auctions allegro
Plugin Slug:
my-auctions-allegro-free-edition
Installations
600+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31542
The vulnerability has not been patched. You should deactivate the plugin.

Behance Portfolio Manager

Plugin:
Behance Portfolio Manager
Plugin Slug:
portfolio-manager-powered-by-behance
Installations
600+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31526
The vulnerability has not been patched. You should deactivate the plugin.

TGG – WP Optimizer

Plugin:
TGG – WP Optimizer
Plugin Slug:
tgg-wp-optimizer
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31463
The vulnerability has not been patched. You should deactivate the plugin.

Uptime Robot Plugin for WordPress

Plugin:
Uptime Robot Plugin for WordPress
Plugin Slug:
uptime-robot-monitor
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31562
The vulnerability has not been patched. You should deactivate the plugin.

Uptime Robot Plugin for WordPress

Plugin:
Uptime Robot Plugin for WordPress
Plugin Slug:
uptime-robot-monitor
Installations
600+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31547
The vulnerability has not been patched. You should deactivate the plugin.

WP Link Preview

Plugin:
WP Link Preview
Plugin Slug:
wp-link-preview
Installations
600+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31527
The vulnerability has not been patched. You should deactivate the plugin.

ACME Divi Modules

Plugin:
ACME Divi Modules
Plugin Slug:
acme-divi-modules
Installations
500+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31540
The vulnerability has not been patched. You should deactivate the plugin.

CF7 Spreadsheets

Plugin:
CF7 Spreadsheets
Plugin Slug:
cf7-spreadsheets
Installations
500+
Vulnerability:
Settings Change
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31603
The vulnerability has not been patched. You should deactivate the plugin.

Checklist

Plugin:
Checklist
Plugin Slug:
checklist
Installations
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31538
The vulnerability has not been patched. You should deactivate the plugin.

EZ SQL Reports Shortcode Widget and DB Backup

Plugin:
EZ SQL Reports Shortcode Widget and DB Backup
Plugin Slug:
elisqlreports
Installations
500+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-2319
The vulnerability has not been patched. You should deactivate the plugin.

Twice Commerce – Easy Rental Booking System

Plugin:
Twice Commerce – Easy Rental Booking System
Plugin Slug:
embed-rentle
Installations
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31543
The vulnerability has not been patched. You should deactivate the plugin.

Flipdish Ordering System

Plugin:
Flipdish Ordering System
Plugin Slug:
flipdish-ordering-system
Installations
500+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30601
The vulnerability has not been patched. You should deactivate the plugin.

Appointify

Plugin:
Appointify
Plugin Slug:
appointify
Installations
400+
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31577
The vulnerability has not been patched. You should deactivate the plugin.

RSVPMaker

Plugin:
RSVPMaker
Plugin Slug:
rsvpmaker
Installations
400+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-31552
The vulnerability has not been patched. You should deactivate the plugin.

WP AutoKeyword

Plugin:
WP AutoKeyword
Plugin Slug:
wp-autokeyword
Installations
400+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-31579
The vulnerability has not been patched. You should deactivate the plugin.

SimplyRETS Real Estate IDX

Plugin:
SimplyRETS Real Estate IDX
Plugin Slug:
simply-rets
Installations
300+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31010
The vulnerability has not been patched. You should deactivate the plugin.

Auto Post After Image Upload

Plugin:
Auto Post After Image Upload
Plugin Slug:
auto-post-after-image-upload
Installations
200+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31611
The vulnerability has not been patched. You should deactivate the plugin.

Connector to CiviCRM with CiviMcRestFace

Plugin:
Connector to CiviCRM with CiviMcRestFace
Plugin Slug:
connector-civicrm-mcrestface
Installations
200+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31618
The vulnerability has not been patched. You should deactivate the plugin.

Leadfox for WordPress

Plugin:
Leadfox for WordPress
Plugin Slug:
leadfox
Installations
200+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31585
The vulnerability has not been patched. You should deactivate the plugin.

Ni WooCommerce Product Enquiry

Plugin:
Ni WooCommerce Product Enquiry
Plugin Slug:
ni-woocommerce-product-enquiry
Installations
200+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31580
The vulnerability has not been patched. You should deactivate the plugin.

Send E-mail

Plugin:
Send E-mail
Plugin Slug:
send-e-mail
Installations
200+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31592
The vulnerability has not been patched. You should deactivate the plugin.

Welcome Popup

Plugin:
Welcome Popup
Plugin Slug:
welcome-popup
Installations
200+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31605
The vulnerability has not been patched. You should deactivate the plugin.

WP Copy Media URL

Plugin:
WP Copy Media URL
Plugin Slug:
wp-copy-media-url
Installations
200+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31583
The vulnerability has not been patched. You should deactivate the plugin.

Related Posts Widget with Thumbnails

Plugin:
Related Posts Widget with Thumbnails
Plugin Slug:
advanced-css3-related-posts-widget
Installations
100+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31570
The vulnerability has not been patched. You should deactivate the plugin.

Apimo Connector

Plugin:
Apimo Connector
Plugin Slug:
apimo
Installations
100+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31602
The vulnerability has not been patched. You should deactivate the plugin.

CBX Poll

Plugin:
CBX Poll
Plugin Slug:
cbxpoll
Installations
100+
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-31612
The vulnerability has not been patched. You should deactivate the plugin.

ContentMX Content Publisher

Plugin:
ContentMX Content Publisher
Plugin Slug:
contentmx-content-publisher
Installations
100+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31555
The vulnerability has not been patched. You should deactivate the plugin.

CookieHint WP

Plugin:
CookieHint WP
Plugin Slug:
cookiehint-wp
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31608
The vulnerability has not been patched. You should deactivate the plugin.

Custom Content Scrollbar

Plugin:
Custom Content Scrollbar
Plugin Slug:
custom-content-scrollbar
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31574
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Testimonials Slider

Plugin:
WordPress Testimonials Slider
Plugin Slug:
elfsight-testimonials-slider
Installations
100+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31588
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Testimonials Slider

Plugin:
WordPress Testimonials Slider
Plugin Slug:
elfsight-testimonials-slider
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31587
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Testimonials Slider

Plugin:
WordPress Testimonials Slider
Plugin Slug:
elfsight-testimonials-slider
Installations
100+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31584
The vulnerability has not been patched. You should deactivate the plugin.

Rio Video Gallery

Plugin:
Rio Video Gallery
Plugin Slug:
rio-video-gallery
Installations
100+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31566
The vulnerability has not been patched. You should deactivate the plugin.

Simple-Audioplayer

Plugin:
Simple-Audioplayer
Plugin Slug:
simple-audioplayer
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31607
The vulnerability has not been patched. You should deactivate the plugin.

SP Blog Designer

Plugin:
SP Blog Designer
Plugin Slug:
sp-blog-designer
Installations
100+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31606
The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Live Cricket WordPress Lite

Plugin:
Ultimate Live Cricket WordPress Lite
Plugin Slug:
ultimate-live-cricket-lite
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31597
The vulnerability has not been patched. You should deactivate the plugin.

AB Google Map Travel (AB-MAP)

Plugin:
AB Google Map Travel (AB-MAP)
Plugin Slug:
ab-google-map-travel
Installations
90+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31613
The vulnerability has not been patched. You should deactivate the plugin.

byBrick Accordion

Plugin:
byBrick Accordion
Plugin Slug:
bybrick-accordion
Installations
80+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31621
The vulnerability has not been patched. You should deactivate the plugin.

CoverManager

Plugin:
CoverManager
Plugin Slug:
covermanager
Installations
80+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31620
The vulnerability has not been patched. You should deactivate the plugin.

OpenMenu – The official plugin for OpenMenu

Plugin:
OpenMenu – The official plugin for OpenMenu
Plugin Slug:
open-menu
Installations
80+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31593
The vulnerability has not been patched. You should deactivate the plugin.

wordpress related Posts with thumbnails

Plugin:
wordpress related Posts with thumbnails
Plugin Slug:
related-posts-list-grid-and-slider-all-in-one
Installations
80+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31569
The vulnerability has not been patched. You should deactivate the plugin.

Terms Before Download

Plugin:
Terms Before Download
Plugin Slug:
terms-before-download
Installations
80+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31614
The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More

Plugin:
Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More
Plugin Slug:
ultimate-push-notifications
Installations
80+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31561
The vulnerability has not been patched. You should deactivate the plugin.

Varnish WordPress

Plugin:
Varnish WordPress
Plugin Slug:
varnish-wp
Installations
80+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31616
The vulnerability has not been patched. You should deactivate the plugin.

PostmarkApp Email Integrator

Plugin:
PostmarkApp Email Integrator
Plugin Slug:
postmarkapp-email-integrator
Installations
70+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31617
The vulnerability has not been patched. You should deactivate the plugin.

PostmarkApp Email Integrator

Plugin:
PostmarkApp Email Integrator
Plugin Slug:
postmarkapp-email-integrator
Installations
70+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31576
The vulnerability has not been patched. You should deactivate the plugin.

Rich Text Editor

Plugin:
Rich Text Editor
Plugin Slug:
richtexteditor
Installations
70+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31623
The vulnerability has not been patched. You should deactivate the plugin.

Simple Contact Forms

Plugin:
Simple Contact Forms
Plugin Slug:
simple-contact-forms
Installations
70+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31615
The vulnerability has not been patched. You should deactivate the plugin.

Actionwear products sync

Plugin:
Actionwear products sync
Plugin Slug:
actionwear-products-sync
Installations
60+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31619
The vulnerability has not been patched. You should deactivate the plugin.

Infusionsoft Web Form JavaScript

Plugin:
Infusionsoft Web Form JavaScript
Plugin Slug:
infusionsoft-web-form-javascript
Installations
60+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31629
The vulnerability has not been patched. You should deactivate the plugin.

Processing Projects

Plugin:
Processing Projects
Plugin Slug:
processing-projects
Installations
60+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31624
The vulnerability has not been patched. You should deactivate the plugin.

Useinfluence

Plugin:
Useinfluence
Plugin Slug:
useinfluence
Installations
60+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31625
The vulnerability has not been patched. You should deactivate the plugin.

Chat by Chatwee

Plugin:
Chat by Chatwee
Plugin Slug:
chatwee
Installations
50+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31596
The vulnerability has not been patched. You should deactivate the plugin.

DesignO

Plugin:
DesignO
Plugin Slug:
designo
Installations
50+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31600
The vulnerability has not been patched. You should deactivate the plugin.

Salesmate Add-On for Gravity Forms

Plugin:
Salesmate Add-On for Gravity Forms
Plugin Slug:
gf-salesmate-add-on
Installations
40+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-31551
The vulnerability has not been patched. You should deactivate the plugin.

Salesmate Add-On for Gravity Forms

Plugin:
Salesmate Add-On for Gravity Forms
Plugin Slug:
gf-salesmate-add-on
Installations
40+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31533
The vulnerability has not been patched. You should deactivate the plugin.

Ethiopian Calendar

Plugin:
Ethiopian Calendar
Plugin Slug:
ethiopian-calendar
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31589
The vulnerability has not been patched. You should deactivate the plugin.

AdSense Privacy Policy

Plugin:
AdSense Privacy Policy
Plugin Slug:
adsense-privacy-policy
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30578
The vulnerability has not been patched. You should deactivate the plugin.

Advanced Dewplayer

Plugin:
Advanced Dewplayer
Plugin Slug:
advanced-dewplayer
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30592
The vulnerability has not been patched. You should deactivate the plugin.

Advanced Post Search

Plugin:
Advanced Post Search
Plugin Slug:
advanced-post-search
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30548
The vulnerability has not been patched. You should deactivate the plugin.

AI Preloader

Plugin:
AI Preloader
Plugin Slug:
ai-preloader
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30530
The vulnerability has not been patched. You should deactivate the plugin.

Alert Box Block – Display notice/alerts in the front end

Plugin:
Alert Box Block – Display notice/alerts in the front end
Plugin Slug:
alert-box-block
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-13731
The vulnerability has not been patched. You should deactivate the plugin.

AlphaOmega Captcha & Anti-Spam Filter

Plugin:
AlphaOmega Captcha & Anti-Spam Filter
Plugin Slug:
alphaomega-captcha-anti-spam
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30584
The vulnerability has not been patched. You should deactivate the plugin.

Amazing service box Addons For WPBakery Page Builder

Plugin:
Amazing service box Addons For WPBakery Page Builder
Plugin Slug:
amazing-service-box-visual-composer-addons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-2573
The vulnerability has not been patched. You should deactivate the plugin.

ANAC XML Render

Plugin:
ANAC XML Render
Plugin Slug:
anac-xml-render
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30558
The vulnerability has not been patched. You should deactivate the plugin.

Arrow Maps

Plugin:
Arrow Maps
Plugin Slug:
ap-google-maps
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28858
The vulnerability has not been patched. You should deactivate the plugin.

AppExperts

Plugin:
AppExperts
Plugin Slug:
appexperts
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30609
The vulnerability has not been patched. You should deactivate the plugin.

ARPrice

Plugin:
ARPrice
Plugin Slug:
arprice
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-26731
The vulnerability has not been patched. You should deactivate the plugin.

Auto Load Next Post

Plugin:
Auto Load Next Post
Plugin Slug:
auto-load-next-post
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30529
The vulnerability has not been patched. You should deactivate the plugin.

AvaiBook

Plugin:
AvaiBook
Plugin Slug:
avaibook
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30540
The vulnerability has not been patched. You should deactivate the plugin.

Awesome Logos

Plugin:
Awesome Logos
Plugin Slug:
awesome-logos
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-30528
The vulnerability has not been patched. You should deactivate the plugin.

Ayyash Studio

Plugin:
Ayyash Studio
Plugin Slug:
ayyash-studio
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-2576
The vulnerability has not been patched. You should deactivate the plugin.

banner-manager

Plugin:
banner-manager
Plugin Slug:
banner-manager
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30565
The vulnerability has not been patched. You should deactivate the plugin.

Beautiful Link Preview

Plugin:
Beautiful Link Preview
Plugin Slug:
beautiful-link-preview
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30536
The vulnerability has not been patched. You should deactivate the plugin.

Blue Captcha

Plugin:
Blue Captcha
Plugin Slug:
blue-captcha
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28880
The vulnerability has not been patched. You should deactivate the plugin.

BMo Expo

Plugin:
BMo Expo
Plugin Slug:
bmo-expo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30539
The vulnerability has not been patched. You should deactivate the plugin.

Breezing Forms

Plugin:
Breezing Forms
Plugin Slug:
breezing-forms
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30520
The vulnerability has not been patched. You should deactivate the plugin.

Browser Address Bar Color

Plugin:
Browser Address Bar Color
Plugin Slug:
browser-address-bar-color
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30577
The vulnerability has not been patched. You should deactivate the plugin.

Browser Caching with .htaccess

Plugin:
Browser Caching with .htaccess
Plugin Slug:
browser-caching-with-htaccess
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31439
The vulnerability has not been patched. You should deactivate the plugin.

Cackle

Plugin:
Cackle
Plugin Slug:
cackle
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30546
The vulnerability has not been patched. You should deactivate the plugin.

CallPhone’r

Plugin:
CallPhone’r
Plugin Slug:
callphoner
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30550
The vulnerability has not been patched. You should deactivate the plugin.

CAS Maestro

Plugin:
CAS Maestro
Plugin Slug:
cas-maestro
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30561
The vulnerability has not been patched. You should deactivate the plugin.

Cazamba

Plugin:
Cazamba
Plugin Slug:
cazamba
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-25100
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form 7 Material Design

Plugin:
Contact Form 7 Material Design
Plugin Slug:
cf7-material-design
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30522
The vulnerability has not been patched. You should deactivate the plugin.

Clear Sucuri Cache

Plugin:
Clear Sucuri Cache
Plugin Slug:
clear-sucuri-cache
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31469
The vulnerability has not been patched. You should deactivate the plugin.

Clink

Plugin:
Clink
Plugin Slug:
clink
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30566
The vulnerability has not been patched. You should deactivate the plugin.

CopyLink

Plugin:
CopyLink
Plugin Slug:
copy-link
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30603
The vulnerability has not been patched. You should deactivate the plugin.

Menu Duplicator

Plugin:
Menu Duplicator
Plugin Slug:
copy-menu
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30543
The vulnerability has not been patched. You should deactivate the plugin.

CSV to Responsive Tables

Plugin:
CSV to Responsive Tables
Plugin Slug:
csv-to-webpage-plugin
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-56012
The vulnerability has not been patched. You should deactivate the plugin.

cTabs

Plugin:
cTabs
Plugin Slug:
ctabs
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30586
The vulnerability has not been patched. You should deactivate the plugin.

Custom Product Stickers for Woocommerce

Plugin:
Custom Product Stickers for Woocommerce
Plugin Slug:
custom-product-stickers-for-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28889
The vulnerability has not been patched. You should deactivate the plugin.

Custom Script Integration

Plugin:
Custom Script Integration
Plugin Slug:
custom-script-integration
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30564
The vulnerability has not been patched. You should deactivate the plugin.

DAP to Autoresponders Email Syncing

Plugin:
DAP to Autoresponders Email Syncing
Plugin Slug:
dap-to-autoresponders-daar
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-2840
The vulnerability has not been patched. You should deactivate the plugin.

Driving Directions

Plugin:
Driving Directions
Plugin Slug:
ddirections
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28903
The vulnerability has not been patched. You should deactivate the plugin.

DesignThemes Core Features

Plugin:
DesignThemes Core Features
Plugin Slug:
designthemes-core-features
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-0845
The vulnerability has not been patched. You should deactivate the plugin.

Product Catalog

Plugin:
Product Catalog
Plugin Slug:
displayproduct
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-30524
The vulnerability has not been patched. You should deactivate the plugin.

????? ???? ??????? ????

Plugin:
????? ???? ??????? ????
Plugin Slug:
dokme
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30570
The vulnerability has not been patched. You should deactivate the plugin.

Multi Days Events and Multi Events in One Day Calendar

Plugin:
Multi Days Events and Multi Events in One Day Calendar
Plugin Slug:
dragon-calendar-free-version
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31572
The vulnerability has not been patched. You should deactivate the plugin.

Duplicate Page and Post

Plugin:
Duplicate Page and Post
Plugin Slug:
duplicate-post-and-page
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31466
The vulnerability has not been patched. You should deactivate the plugin.

Duplicate Page and Post

Plugin:
Duplicate Page and Post
Plugin Slug:
duplicate-post-and-page
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31471
The vulnerability has not been patched. You should deactivate the plugin.

Easy Page Transition

Plugin:
Easy Page Transition
Plugin Slug:
easy-page-transition
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30606
The vulnerability has not been patched. You should deactivate the plugin.

Exit Popup Free

Plugin:
Exit Popup Free
Plugin Slug:
exit-popup-free
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31591
The vulnerability has not been patched. You should deactivate the plugin.

External image replace

Plugin:
External image replace
Plugin Slug:
external-image-replace
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30535
The vulnerability has not been patched. You should deactivate the plugin.

Secret Meta

Plugin:
Secret Meta
Plugin Slug:
facebook-secret-meta
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-25086
The vulnerability has not been patched. You should deactivate the plugin.

Fiverr.com Official Search Box

Plugin:
Fiverr.com Official Search Box
Plugin Slug:
fiverr-official-search-box
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-28885
The vulnerability has not been patched. You should deactivate the plugin.

Fix Rss Feeds

Plugin:
Fix Rss Feeds
Plugin Slug:
fix-rss-feed
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30556
The vulnerability has not been patched. You should deactivate the plugin.

Flatty

Plugin:
Flatty
Plugin Slug:
flatty-flat-admin-theme
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31472
The vulnerability has not been patched. You should deactivate the plugin.

Flickr set slideshows

Plugin:
Flickr set slideshows
Plugin Slug:
flickr-set-slideshows
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30589
The vulnerability has not been patched. You should deactivate the plugin.

Flickr set slideshows

Plugin:
Flickr set slideshows
Plugin Slug:
flickr-set-slideshows
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30590
The vulnerability has not been patched. You should deactivate the plugin.

Frndzk Expandable Bottom Bar

Plugin:
Frndzk Expandable Bottom Bar
Plugin Slug:
frndzk-expandable-bottom-bar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-2510
The vulnerability has not been patched. You should deactivate the plugin.

Generate Post Thumbnails

Plugin:
Generate Post Thumbnails
Plugin Slug:
generate-post-thumbnails
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30585
The vulnerability has not been patched. You should deactivate the plugin.

GMO Font Agent

Plugin:
GMO Font Agent
Plugin Slug:
gmo-font-agent
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30553
The vulnerability has not been patched. You should deactivate the plugin.

Google Font Fix

Plugin:
Google Font Fix
Plugin Slug:
google-font-fix
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30614
The vulnerability has not been patched. You should deactivate the plugin.

GP Back To Top

Plugin:
GP Back To Top
Plugin Slug:
gp-back-to-top
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30521
The vulnerability has not been patched. You should deactivate the plugin.

Hacklog Remote Image Autosave

Plugin:
Hacklog Remote Image Autosave
Plugin Slug:
hacklog-remote-image-autosave
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30576
The vulnerability has not been patched. You should deactivate the plugin.

IG Shortcodes

Plugin:
IG Shortcodes
Plugin Slug:
ig-shortcodes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30597
The vulnerability has not been patched. You should deactivate the plugin.

Image Captcha

Plugin:
Image Captcha
Plugin Slug:
image-captcha
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30534
The vulnerability has not been patched. You should deactivate the plugin.

Image Slider / Slideshow Pearlbells

Plugin:
Image Slider / Slideshow Pearlbells
Plugin Slug:
image-slider-pearlbells
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-56012
The vulnerability has not been patched. You should deactivate the plugin.

Photo Slideshow (Responsive)

Plugin:
Photo Slideshow (Responsive)
Plugin Slug:
image-slideshow-pearlbells
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-56012
The vulnerability has not been patched. You should deactivate the plugin.

include-file

Plugin:
include-file
Plugin Slug:
include-file
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30595
The vulnerability has not been patched. You should deactivate the plugin.

Include URL

Plugin:
Include URL
Plugin Slug:
include-url
Vulnerability:
Arbitrary File Download
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30594
The vulnerability has not been patched. You should deactivate the plugin.

Include URL

Plugin:
Include URL
Plugin Slug:
include-url
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30593
The vulnerability has not been patched. You should deactivate the plugin.

Info Boxes Shortcode and Widget

Plugin:
Info Boxes Shortcode and Widget
Plugin Slug:
info-boxes-shortcode-and-widget
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30541
The vulnerability has not been patched. You should deactivate the plugin.

issuuPress

Plugin:
issuuPress
Plugin Slug:
issuupress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30545
The vulnerability has not been patched. You should deactivate the plugin.

JiangQie Official Website Mini Program

Plugin:
JiangQie Official Website Mini Program
Plugin Slug:
jiangqie-official-website-mini-program
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30604
The vulnerability has not been patched. You should deactivate the plugin.

jQuery Dropdown Menu

Plugin:
jQuery Dropdown Menu
Plugin Slug:
jquery-drop-down-menu-plugin
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30560
The vulnerability has not been patched. You should deactivate the plugin.

Kento WordPress Stats

Plugin:
Kento WordPress Stats
Plugin Slug:
kento-wp-stats
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30559
The vulnerability has not been patched. You should deactivate the plugin.

Key4ce osTicket Bridge

Plugin:
Key4ce osTicket Bridge
Plugin Slug:
key4ce-osticket-bridge
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28877
The vulnerability has not been patched. You should deactivate the plugin.

KK I Like It

Plugin:
KK I Like It
Plugin Slug:
kk-i-like-it
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31443
The vulnerability has not been patched. You should deactivate the plugin.

LH OGP Meta

Plugin:
LH OGP Meta
Plugin Slug:
lh-ogp-meta-tags
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30587
The vulnerability has not been patched. You should deactivate the plugin.

Lightview Plus

Plugin:
Lightview Plus
Plugin Slug:
lightview-plus
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28890
The vulnerability has not been patched. You should deactivate the plugin.

Login Alert

Plugin:
Login Alert
Plugin Slug:
login-alert
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31459
The vulnerability has not been patched. You should deactivate the plugin.

Login Redirect

Plugin:
Login Redirect
Plugin Slug:
login-redirect
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30575
The vulnerability has not been patched. You should deactivate the plugin.

LWS SMS

Plugin:
LWS SMS
Plugin Slug:
lws-sms
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31457
The vulnerability has not been patched. You should deactivate the plugin.

Map Contact

Plugin:
Map Contact
Plugin Slug:
map-contact
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30588
The vulnerability has not been patched. You should deactivate the plugin.

Message ticker

Plugin:
Message ticker
Plugin Slug:
message-ticker
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30533
The vulnerability has not been patched. You should deactivate the plugin.

Microblog Poster

Plugin:
Microblog Poster
Plugin Slug:
microblog-poster
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31435
The vulnerability has not been patched. You should deactivate the plugin.

Mobile Navigation

Plugin:
Mobile Navigation
Plugin Slug:
mobile-navigation
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30574
The vulnerability has not been patched. You should deactivate the plugin.

Music Press Pro

Plugin:
Music Press Pro
Plugin Slug:
music-press-pro
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30591
The vulnerability has not been patched. You should deactivate the plugin.

My Bootstrap Menu

Plugin:
My Bootstrap Menu
Plugin Slug:
my-bootstrap-menu
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30527
The vulnerability has not been patched. You should deactivate the plugin.

My Default Post Content

Plugin:
My Default Post Content
Plugin Slug:
my-default-post-content
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30573
The vulnerability has not been patched. You should deactivate the plugin.

NanoSupport

Plugin:
NanoSupport
Plugin Slug:
nanosupport
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31376
The vulnerability has not been patched. You should deactivate the plugin.

NertWorks All in One Social Share Tools

Plugin:
NertWorks All in One Social Share Tools
Plugin Slug:
nertworks-all-in-one-social-share-tools
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31447
The vulnerability has not been patched. You should deactivate the plugin.

NextGEN Gallery Voting

Plugin:
NextGEN Gallery Voting
Plugin Slug:
nextgen-gallery-voting
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28869
The vulnerability has not been patched. You should deactivate the plugin.

Nmedia MailChimp

Plugin:
Nmedia MailChimp
Plugin Slug:
nmedia-mailchimp-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30613
The vulnerability has not been patched. You should deactivate the plugin.

Easy 301 Redirects

Plugin:
Easy 301 Redirects
Plugin Slug:
odihost-easy-redirect-301
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30557
The vulnerability has not been patched. You should deactivate the plugin.

OK Poster Group

Plugin:
OK Poster Group
Plugin Slug:
ok-poster-group
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30544
The vulnerability has not been patched. You should deactivate the plugin.

Omnify

Plugin:
Omnify
Plugin Slug:
omnify-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28882
The vulnerability has not been patched. You should deactivate the plugin.

OmniLeads Scripts and Tags Manager

Plugin:
OmniLeads Scripts and Tags Manager
Plugin Slug:
omnileads-scripts-and-tags-manager
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31460
The vulnerability has not been patched. You should deactivate the plugin.

OSS Upload

Plugin:
OSS Upload
Plugin Slug:
oss-upload
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30598
The vulnerability has not been patched. You should deactivate the plugin.

Page Takeover

Plugin:
Page Takeover
Plugin Slug:
page-takeover
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31470
The vulnerability has not been patched. You should deactivate the plugin.

Pesapal Gateway for Woocommerce

Plugin:
Pesapal Gateway for Woocommerce
Plugin Slug:
pesapal-for-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30579
The vulnerability has not been patched. You should deactivate the plugin.

Pop-Up Chop Chop

Plugin:
Pop-Up Chop Chop
Plugin Slug:
pop-up
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31432
The vulnerability has not been patched. You should deactivate the plugin.

PostMash

Plugin:
PostMash
Plugin Slug:
postmash-custom
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-30622
The vulnerability has not been patched. You should deactivate the plugin.

Pretty file links

Plugin:
Pretty file links
Plugin Slug:
pretty-file-links
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30551
The vulnerability has not been patched. You should deactivate the plugin.

Pro Rank Tracker

Plugin:
Pro Rank Tracker
Plugin Slug:
proranktracker
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30583
The vulnerability has not been patched. You should deactivate the plugin.

Quick Localization

Plugin:
Quick Localization
Plugin Slug:
quick-localization
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30607
The vulnerability has not been patched. You should deactivate the plugin.

Related Posts via Categories

Plugin:
Related Posts via Categories
Plugin Slug:
related-posts-via-categories
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30602
The vulnerability has not been patched. You should deactivate the plugin.

Replace Default Words

Plugin:
Replace Default Words
Plugin Slug:
replace-default-words
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30612
The vulnerability has not been patched. You should deactivate the plugin.

Rewrite

Plugin:
Rewrite
Plugin Slug:
rewrite
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30617
The vulnerability has not been patched. You should deactivate the plugin.

RJ Quickcharts

Plugin:
RJ Quickcharts
Plugin Slug:
rj-quickcharts
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31024
The vulnerability has not been patched. You should deactivate the plugin.

SH Email Alert

Plugin:
SH Email Alert
Plugin Slug:
sh-email-alert
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-2165
The vulnerability has not been patched. You should deactivate the plugin.

ShowTime Slideshow

Plugin:
ShowTime Slideshow
Plugin Slug:
showtime-slideshow
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31444
The vulnerability has not been patched. You should deactivate the plugin.

Shuffle

Plugin:
Shuffle
Plugin Slug:
shuffle
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28873
The vulnerability has not been patched. You should deactivate the plugin.

Simple Optimizer

Plugin:
Simple Optimizer
Plugin Slug:
simple-optimizer
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30538
The vulnerability has not been patched. You should deactivate the plugin.

Simple Rating

Plugin:
Simple Rating
Plugin Slug:
simple-rating
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30572
The vulnerability has not been patched. You should deactivate the plugin.

Simple Trackback Disabler

Plugin:
Simple Trackback Disabler
Plugin Slug:
simple-trackback-disabler
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31448
The vulnerability has not been patched. You should deactivate the plugin.

Simple:Press

Plugin:
Simple:Press
Plugin Slug:
simplepress
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31386
The vulnerability has not been patched. You should deactivate the plugin.

Smart Maintenance Mode

Plugin:
Smart Maintenance Mode
Plugin Slug:
smart-maintenance-mode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-1490
The vulnerability has not been patched. You should deactivate the plugin.

So-Called Air Quotes

Plugin:
So-Called Air Quotes
Plugin Slug:
so-called-air-quotes
Vulnerability:
Content Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-2803
The vulnerability has not been patched. You should deactivate the plugin.

SoJ SoundSlides

Plugin:
SoJ SoundSlides
Plugin Slug:
soj-soundslides
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-2249
The vulnerability has not been patched. You should deactivate the plugin.

SoundCloud Ultimate

Plugin:
SoundCloud Ultimate
Plugin Slug:
soundcloud-ultimate
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30542
The vulnerability has not been patched. You should deactivate the plugin.

sourceplay-navermap

Plugin:
sourceplay-navermap
Plugin Slug:
sourceplay-navermap
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30605
The vulnerability has not been patched. You should deactivate the plugin.

SpeakPipe

Plugin:
SpeakPipe
Plugin Slug:
speakpipe-voicemail-for-websites
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30619
The vulnerability has not been patched. You should deactivate the plugin.

STEdb Forms

Plugin:
STEdb Forms
Plugin Slug:
stedb-forms
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30571
The vulnerability has not been patched. You should deactivate the plugin.

Super Simple Subscriptions

Plugin:
Super Simple Subscriptions
Plugin Slug:
super-simple-subscriptions
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30523
The vulnerability has not been patched. You should deactivate the plugin.

Super Static Cache

Plugin:
Super Static Cache
Plugin Slug:
super-static-cache
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30568
The vulnerability has not been patched. You should deactivate the plugin.

Teleport

Plugin:
Teleport
Plugin Slug:
teleport
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28855
The vulnerability has not been patched. You should deactivate the plugin.

Terms of Use

Plugin:
Terms of Use
Plugin Slug:
terms-of-use-2
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31440
The vulnerability has not been patched. You should deactivate the plugin.

Text Selection Color

Plugin:
Text Selection Color
Plugin Slug:
text-selection-color
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31464
The vulnerability has not been patched. You should deactivate the plugin.

The Visitor Counter

Plugin:
The Visitor Counter
Plugin Slug:
the-visitor-counter
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31449
The vulnerability has not been patched. You should deactivate the plugin.

Tidekey

Plugin:
Tidekey
Plugin Slug:
tidekey
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30563
The vulnerability has not been patched. You should deactivate the plugin.

Toggle Box

Plugin:
Toggle Box
Plugin Slug:
toggle-box
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31450
The vulnerability has not been patched. You should deactivate the plugin.

Trackserver

Plugin:
Trackserver
Plugin Slug:
trackserver
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30961
The vulnerability has not been patched. You should deactivate the plugin.

Translator

Plugin:
Translator
Plugin Slug:
translator
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30621
The vulnerability has not been patched. You should deactivate the plugin.

Typekit plugin for WordPress

Plugin:
Typekit plugin for WordPress
Plugin Slug:
typekit
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30526
The vulnerability has not been patched. You should deactivate the plugin.

Top Bar

Plugin:
Top Bar
Plugin Slug:
ultimate-bar
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30581
The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Security Checker

Plugin:
Ultimate Security Checker
Plugin Slug:
ultimate-security-checker
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31456
The vulnerability has not been patched. You should deactivate the plugin.

Upload Quota per User

Plugin:
Upload Quota per User
Plugin Slug:
upload-quota-per-user
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30537
The vulnerability has not been patched. You should deactivate the plugin.

Video Embedder

Plugin:
Video Embedder
Plugin Slug:
video-embedder
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31458
The vulnerability has not been patched. You should deactivate the plugin.

Visual Text Editor

Plugin:
Visual Text Editor
Plugin Slug:
visual-text-editor
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-28893
The vulnerability has not been patched. You should deactivate the plugin.

wA11y – The Web Accessibility Toolbox

Plugin:
wA11y – The Web Accessibility Toolbox
Plugin Slug:
wa11y
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30623
The vulnerability has not been patched. You should deactivate the plugin.

wBounce

Plugin:
wBounce
Plugin Slug:
wbounce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31451
The vulnerability has not been patched. You should deactivate the plugin.

Weather Layer

Plugin:
Weather Layer
Plugin Slug:
weather-layer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30532
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Admin Bar Improved

Plugin:
WordPress Admin Bar Improved
Plugin Slug:
wordpress-admin-bar-improved
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30552
The vulnerability has not been patched. You should deactivate the plugin.

WordPress SQL Backup

Plugin:
WordPress SQL Backup
Plugin Slug:
wordpress-sql-backup
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30608
The vulnerability has not been patched. You should deactivate the plugin.

WP Cards

Plugin:
WP Cards
Plugin Slug:
wp-cards
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30547
The vulnerability has not been patched. You should deactivate the plugin.

WP Church Donation

Plugin:
WP Church Donation
Plugin Slug:
wp-church-donation
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31410
The vulnerability has not been patched. You should deactivate the plugin.

WP Colorful Tag Cloud

Plugin:
WP Colorful Tag Cloud
Plugin Slug:
wp-colorful-tag-cloud
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28865
The vulnerability has not been patched. You should deactivate the plugin.

WP Database Optimizer

Plugin:
WP Database Optimizer
Plugin Slug:
wp-database-optimizer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31473
The vulnerability has not been patched. You should deactivate the plugin.

WP Database Optimizer

Plugin:
WP Database Optimizer
Plugin Slug:
wp-database-optimizer
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31474
The vulnerability has not been patched. You should deactivate the plugin.

WP e-Commerce Style Email

Plugin:
WP e-Commerce Style Email
Plugin Slug:
wp-e-commerce-style-email
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-30615
The vulnerability has not been patched. You should deactivate the plugin.

Magic Embeds

Plugin:
Magic Embeds
Plugin Slug:
wp-embed-facebook
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31433
The vulnerability has not been patched. You should deactivate the plugin.

WP Featured Entries

Plugin:
WP Featured Entries
Plugin Slug:
wp-featured-entries
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30569
The vulnerability has not been patched. You should deactivate the plugin.

WP Hotjar

Plugin:
WP Hotjar
Plugin Slug:
wp-hotjar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30600
The vulnerability has not been patched. You should deactivate the plugin.

Job Colors for WP Job Manager

Plugin:
Job Colors for WP Job Manager
Plugin Slug:
wp-job-manager-colors
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31031
The vulnerability has not been patched. You should deactivate the plugin.

WP Multistore Locator

Plugin:
WP Multistore Locator
Plugin Slug:
wp-multi-store-locator
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-28898
The vulnerability has not been patched. You should deactivate the plugin.

WP Odoo Form Integrator

Plugin:
WP Odoo Form Integrator
Plugin Slug:
wp-odoo-form-integrator
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30620
The vulnerability has not been patched. You should deactivate the plugin.

WP-OGP

Plugin:
WP-OGP
Plugin Slug:
wp-ogp
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31437
The vulnerability has not been patched. You should deactivate the plugin.

WP Parallax Content Slider

Plugin:
WP Parallax Content Slider
Plugin Slug:
wp-parallax-content-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30599
The vulnerability has not been patched. You should deactivate the plugin.

VaultRE Contact Form 7

Plugin:
VaultRE Contact Form 7
Plugin Slug:
wp-plugin-contact-form-7
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31101
The vulnerability has not been patched. You should deactivate the plugin.

WP Profitshare

Plugin:
WP Profitshare
Plugin Slug:
wp-profitshare
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30525
The vulnerability has not been patched. You should deactivate the plugin.

WP Ride Booking

Plugin:
WP Ride Booking
Plugin Slug:
wp-ride-booking
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30531
The vulnerability has not been patched. You should deactivate the plugin.

WP Social Widget

Plugin:
WP Social Widget
Plugin Slug:
wp-social-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30610
The vulnerability has not been patched. You should deactivate the plugin.

WP Supersized

Plugin:
WP Supersized
Plugin Slug:
wp-supersized
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31438
The vulnerability has not been patched. You should deactivate the plugin.

WP Ultimate Search

Plugin:
WP Ultimate Search
Plugin Slug:
wp-ultimate-search
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31452
The vulnerability has not been patched. You should deactivate the plugin.

WP01

Plugin:
WP01
Plugin Slug:
wp01
Vulnerability:
Arbitrary File Download
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30567
The vulnerability has not been patched. You should deactivate the plugin.

WordPres ????

Plugin:
WordPres ????
Plugin Slug:
wp2wb
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30555
The vulnerability has not been patched. You should deactivate the plugin.

WP Event Ticketing

Plugin:
WP Event Ticketing
Plugin Slug:
wpeventticketing
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-28899
The vulnerability has not been patched. You should deactivate the plugin.

XV Random Quotes

Plugin:
XV Random Quotes
Plugin Slug:
xv-random-quotes
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-30971
The vulnerability has not been patched. You should deactivate the plugin.

YouTube SimpleGallery

Plugin:
YouTube SimpleGallery
Plugin Slug:
youtube-simplegallery
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31453
The vulnerability has not been patched. You should deactivate the plugin.

Yummly Rich Recipes

Plugin:
Yummly Rich Recipes
Plugin Slug:
yummly-rich-recipes
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-30549
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Importer

Plugin:
WordPress Importer
Plugin Slug:
wordpress-importer
Installations
3,000,000+
Vulnerability:
PHP Object Injection
Patched in Version:
0.8.4
Severity Score:
High
CVE:
2024-13889
The vulnerability has been patched, so you should update to version 0.8.4.

ElementsKit Elementor Addons and Templates

Plugin:
ElementsKit Elementor Addons and Templates
Plugin Slug:
elementskit-lite
Installations
1,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.4.8
Severity Score:
Medium
CVE:
2024-11180
The vulnerability has been patched, so you should update to version 3.4.8.

Spectra Gutenberg Blocks – Website Builder for the Block Editor

Plugin:
Spectra Gutenberg Blocks – Website Builder for the Block Editor
Plugin Slug:
ultimate-addons-for-gutenberg
Installations
1,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.19.1
Severity Score:
Medium
CVE:
2025-1784
The vulnerability has been patched, so you should update to version 2.19.1.

TablePress – Tables in WordPress made easy

Plugin:
TablePress – Tables in WordPress made easy
Plugin Slug:
tablepress
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1
Severity Score:
Medium
CVE:
2025-2685
The vulnerability has been patched, so you should update to version 3.1.

Happy Addons for Elementor

Plugin:
Happy Addons for Elementor
Plugin Slug:
happy-elementor-addons
Installations
400,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.16.3
Severity Score:
Medium
CVE:
2025-30766
The vulnerability has been patched, so you should update to version 3.16.3.

Translate Multilingual sites – TranslatePress

Plugin:
Translate Multilingual sites – TranslatePress
Plugin Slug:
translatepress-multilingual
Installations
300,000+
Vulnerability:
PHP Object Injection
Patched in Version:
2.9.7
Severity Score:
High
CVE:
2025-30773
The vulnerability has been patched, so you should update to version 2.9.7.

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Plugin:
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:
photo-gallery
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.34
Severity Score:
High
CVE:
2025-0613
The vulnerability has been patched, so you should update to version 1.8.34.

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Plugin:
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:
photo-gallery
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.33
Severity Score:
Medium
CVE:
2024-13124
The vulnerability has been patched, so you should update to version 1.8.33.

GiveWP – Donation Plugin and Fundraising Platform

Plugin:
GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:
give
Installations
100,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.22.2
Severity Score:
Medium
CVE:
2025-2331
The vulnerability has been patched, so you should update to version 3.22.2.

Pods – Custom Content Types and Fields

Plugin:
Pods – Custom Content Types and Fields
Plugin Slug:
pods
Installations
100,000+
Vulnerability:
SQL Injection
Patched in Version:
3.2.8.2
Severity Score:
High
CVE:
2025-1446
The vulnerability has been patched, so you should update to version 3.2.8.2.

SEO Plugin by Squirrly SEO

Plugin:
SEO Plugin by Squirrly SEO
Plugin Slug:
squirrly-seo
Installations
100,000+
Vulnerability:
SQL Injection
Patched in Version:
12.4.06
Severity Score:
High
CVE:
2025-22783
The vulnerability has been patched, so you should update to version 12.4.06.

Event Tickets and Registration

Plugin:
Event Tickets and Registration
Plugin Slug:
event-tickets
Installations
90,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.20.1
Severity Score:
High
CVE:
2025-30794
The vulnerability has been patched, so you should update to version 5.20.1.

Kubio AI Page Builder

Plugin:
Kubio AI Page Builder
Plugin Slug:
kubio
Installations
90,000+
Vulnerability:
Local File Inclusion
Patched in Version:
2.5.2
Severity Score:
Critical
CVE:
2025-2294
The vulnerability has been patched, so you should update to version 2.5.2.

LearnPress – WordPress LMS Plugin

Plugin:
LearnPress – WordPress LMS Plugin
Plugin Slug:
learnpress
Installations
90,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.2.7.6
Severity Score:
Medium
CVE:
2025-22739
The vulnerability has been patched, so you should update to version 4.2.7.6.

Nested Pages

Plugin:
Nested Pages
Plugin Slug:
wp-nested-pages
Installations
90,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.13
Severity Score:
Medium
CVE:
2025-0718
The vulnerability has been patched, so you should update to version 3.2.13.

Booking for Appointments and Events Calendar – Amelia

Plugin:
Booking for Appointments and Events Calendar – Amelia
Plugin Slug:
ameliabooking
Installations
80,000+
Vulnerability:
Full Path Disclosure (FPD)
Patched in Version:
1.2.20
Severity Score:
Medium
CVE:
2025-2578
The vulnerability has been patched, so you should update to version 1.2.20.

Advanced Woo Search

Plugin:
Advanced Woo Search
Plugin Slug:
advanced-woo-search
Installations
70,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.29
Severity Score:
Medium
CVE:
2025-2302
The vulnerability has been patched, so you should update to version 3.29.

Media Library Assistant

Plugin:
Media Library Assistant
Plugin Slug:
media-library-assistant
Installations
70,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.25
Severity Score:
Medium
CVE:
2025-31627
The vulnerability has been patched, so you should update to version 3.25.

Drag and Drop Multiple File Upload for Contact Form 7

Plugin:
Drag and Drop Multiple File Upload for Contact Form 7
Plugin Slug:
drag-and-drop-multiple-file-upload-contact-form-7
Installations
60,000+
Vulnerability:
PHP Object Injection
Patched in Version:
1.3.8.8
Severity Score:
Critical
CVE:
2025-2485
The vulnerability has been patched, so you should update to version 1.3.8.8.

Drag and Drop Multiple File Upload for Contact Form 7

Plugin:
Drag and Drop Multiple File Upload for Contact Form 7
Plugin Slug:
drag-and-drop-multiple-file-upload-contact-form-7
Installations
60,000+
Vulnerability:
Arbitrary File Deletion
Patched in Version:
1.3.8.8
Severity Score:
High
CVE:
2025-2328
The vulnerability has been patched, so you should update to version 1.3.8.8.

Ultimate Dashboard – Custom WordPress Dashboard

Plugin:
Ultimate Dashboard – Custom WordPress Dashboard
Plugin Slug:
ultimate-dashboard
Installations
60,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.8.8
Severity Score:
Medium
CVE:
2025-2276
The vulnerability has been patched, so you should update to version 3.8.8.

Export and Import Users and Customers

Plugin:
Export and Import Users and Customers
Plugin Slug:
users-customers-import-export-for-wp-woocommerce
Installations
60,000+
Vulnerability:
Arbitrary File Download
Patched in Version:
2.6.3
Severity Score:
Low
CVE:
2025-1973
The vulnerability has been patched, so you should update to version 2.6.3.

Export and Import Users and Customers

Plugin:
Export and Import Users and Customers
Plugin Slug:
users-customers-import-export-for-wp-woocommerce
Installations
60,000+
Vulnerability:
PHP Object Injection
Patched in Version:
2.6.3
Severity Score:
High
CVE:
2025-1971
The vulnerability has been patched, so you should update to version 2.6.3.

Export and Import Users and Customers

Plugin:
Export and Import Users and Customers
Plugin Slug:
users-customers-import-export-for-wp-woocommerce
Installations
60,000+
Vulnerability:
Arbitrary File Deletion
Patched in Version:
2.6.3
Severity Score:
Low
CVE:
2025-1972
The vulnerability has been patched, so you should update to version 2.6.3.

Export and Import Users and Customers

Plugin:
Export and Import Users and Customers
Plugin Slug:
users-customers-import-export-for-wp-woocommerce
Installations
60,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
2.6.3
Severity Score:
Medium
CVE:
2025-1970
The vulnerability has been patched, so you should update to version 2.6.3.

Advanced iFrame

Plugin:
Advanced iFrame
Plugin Slug:
advanced-iframe
Installations
50,000+
Vulnerability:
Broken Access Control
Patched in Version:
2025.0
Severity Score:
Medium
CVE:
2025-1440
The vulnerability has been patched, so you should update to version 2025.0.

Advanced iFrame

Plugin:
Advanced iFrame
Plugin Slug:
advanced-iframe
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2025.0
Severity Score:
Medium
CVE:
2025-1437
The vulnerability has been patched, so you should update to version 2025.0.

Structured Content (JSON-LD) #wpsc

Plugin:
Structured Content (JSON-LD) #wpsc
Plugin Slug:
structured-content
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.4
Severity Score:
Medium
CVE:
2025-30918
The vulnerability has been patched, so you should update to version 1.6.4.

Ultimate Blocks – WordPress Blocks Plugin

Plugin:
Ultimate Blocks – WordPress Blocks Plugin
Plugin Slug:
ultimate-blocks
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.8
Severity Score:
Medium
CVE:
2025-31077
The vulnerability has been patched, so you should update to version 3.2.8.

Zapier for WordPress

Plugin:
Zapier for WordPress
Plugin Slug:
zapier
Installations
50,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
1.5.2
Severity Score:
Medium
CVE:
2024-13411
The vulnerability has been patched, so you should update to version 1.5.2.

Greenshift – animation and page builder blocks

Plugin:
Greenshift – animation and page builder blocks
Plugin Slug:
greenshift-animation-and-page-builder-blocks
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
11.1
Severity Score:
Medium
CVE:
2025-30873
The vulnerability has been patched, so you should update to version 11.1.

Contact Form & SMTP Plugin for WordPress by PirateForms

Plugin:
Contact Form & SMTP Plugin for WordPress by PirateForms
Plugin Slug:
pirate-forms
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.0
Severity Score:
Medium
CVE:
2024-11272
The vulnerability has been patched, so you should update to version 2.6.0.

SecuPress Free — WordPress Security

Plugin:
SecuPress Free — WordPress Security
Plugin Slug:
secupress
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.5.4
Severity Score:
Medium
CVE:
2025-30907
The vulnerability has been patched, so you should update to version 2.2.5.4.

Booster for WooCommerce

Plugin:
Booster for WooCommerce
Plugin Slug:
woocommerce-jetpack
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.2.6
Severity Score:
High
CVE:
2024-12278
The vulnerability has been patched, so you should update to version 7.2.6.

Cost Calculator Builder

Plugin:
Cost Calculator Builder
Plugin Slug:
cost-calculator-builder
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.66
Severity Score:
Medium
CVE:
2025-31414
The vulnerability has been patched, so you should update to version 3.2.66.

Float menu – awesome floating side menu

Plugin:
Float menu – awesome floating side menu
Plugin Slug:
float-menu
Installations
30,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
6.1.3
Severity Score:
Medium
CVE:
2025-30912
The vulnerability has been patched, so you should update to version 6.1.3.

LeadConnector

Plugin:
LeadConnector
Plugin Slug:
leadconnector
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.3
Severity Score:
Medium
CVE:
2025-30893
The vulnerability has been patched, so you should update to version 3.0.3.

Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads

Plugin:
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads
Plugin Slug:
quick-adsense-reloaded
Installations
30,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.0.88
Severity Score:
High
CVE:
2025-30855
The vulnerability has been patched, so you should update to version 2.0.88.

Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads

Plugin:
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads
Plugin Slug:
quick-adsense-reloaded
Installations
30,000+
Vulnerability:
SQL Injection
Patched in Version:
2.0.88
Severity Score:
Critical
CVE:
2025-30876
The vulnerability has been patched, so you should update to version 2.0.88.

RomethemeKit For Elementor

Plugin:
RomethemeKit For Elementor
Plugin Slug:
rometheme-for-elementor
Installations
30,000+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
1.5.5
Severity Score:
Critical
CVE:
2025-30911
The vulnerability has been patched, so you should update to version 1.5.5.

WP Google Review Slider

Plugin:
WP Google Review Slider
Plugin Slug:
wp-google-places-review-slider
Installations
30,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
16.1
Severity Score:
High
CVE:
2025-30783
The vulnerability has been patched, so you should update to version 16.1.

Gum Elementor Addon

Plugin:
Gum Elementor Addon
Plugin Slug:
gum-elementor-addon
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.11
Severity Score:
Medium
CVE:
2025-30800
The vulnerability has been patched, so you should update to version 1.3.11.

InstaWP Connect – 1-click WP Staging & Migration

Plugin:
InstaWP Connect – 1-click WP Staging & Migration
Plugin Slug:
instawp-connect
Installations
20,000+
Vulnerability:
Local File Inclusion
Patched in Version:
0.1.0.83
Severity Score:
High
CVE:
2025-31387
The vulnerability has been patched, so you should update to version 0.1.0.83.

?????? ??? ? ??? ??????? (??? ?????? ? ??????? ??? ??????)

Plugin:
?????? ??? ? ??? ??????? (??? ?????? ? ??????? ??? ??????)
Plugin Slug:
persian-woocommerce-shipping
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.2.4
Severity Score:
Medium
CVE:
2025-30898
The vulnerability has been patched, so you should update to version 4.2.4.

Quiz Maker

Plugin:
Quiz Maker
Plugin Slug:
quiz-maker
Installations
20,000+
Vulnerability:
SQL Injection
Patched in Version:
6.6.8.8
Severity Score:
High
CVE:
2025-30774
The vulnerability has been patched, so you should update to version 6.6.8.8.

Slider by 10Web – Responsive Image Slider

Plugin:
Slider by 10Web – Responsive Image Slider
Plugin Slug:
slider-wd
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.62
Severity Score:
Medium
CVE:
2024-10566
The vulnerability has been patched, so you should update to version 1.2.62.

Slider by 10Web – Responsive Image Slider

Plugin:
Slider by 10Web – Responsive Image Slider
Plugin Slug:
slider-wd
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.62
Severity Score:
Medium
CVE:
2024-10565
The vulnerability has been patched, so you should update to version 1.2.62.

SyntaxHighlighter Evolved

Plugin:
SyntaxHighlighter Evolved
Plugin Slug:
syntaxhighlighter
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.7.2
Severity Score:
Medium
CVE:
2025-30903
The vulnerability has been patched, so you should update to version 3.7.2.

Import Export Suite for CSV and XML Datafeed

Plugin:
Import Export Suite for CSV and XML Datafeed
Plugin Slug:
wp-ultimate-csv-importer
Installations
20,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
7.19.1
Severity Score:
High
CVE:
2025-2008
The vulnerability has been patched, so you should update to version 7.19.1.

Import Export Suite for CSV and XML Datafeed

Plugin:
Import Export Suite for CSV and XML Datafeed
Plugin Slug:
wp-ultimate-csv-importer
Installations
20,000+
Vulnerability:
Arbitrary File Deletion
Patched in Version:
7.19.1
Severity Score:
High
CVE:
2025-2007
The vulnerability has been patched, so you should update to version 7.19.1.

Product Labels For Woocommerce (Sale Badges)

Plugin:
Product Labels For Woocommerce (Sale Badges)
Plugin Slug:
aco-product-labels-for-woocommerce
Installations
10,000+
Vulnerability:
SQL Injection
Patched in Version:
1.5.9
Severity Score:
High
CVE:
2024-12109
The vulnerability has been patched, so you should update to version 1.5.9.

Product Labels For Woocommerce (Sale Badges)

Plugin:
Product Labels For Woocommerce (Sale Badges)
Plugin Slug:
aco-product-labels-for-woocommerce
Installations
10,000+
Vulnerability:
SQL Injection
Patched in Version:
1.5.11
Severity Score:
High
CVE:
2024-10638
The vulnerability has been patched, so you should update to version 1.5.11.

AFI – The Easiest Integration Plugin

Plugin:
AFI – The Easiest Integration Plugin
Plugin Slug:
advanced-form-integration
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.100.0
Severity Score:
Medium
CVE:
2024-13122
The vulnerability has been patched, so you should update to version 1.100.0.

Favorites

Plugin:
Favorites
Plugin Slug:
favorites
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.5
Severity Score:
Medium
CVE:
2025-1452
The vulnerability has been patched, so you should update to version 2.3.5.

Social Reviews & Recommendations

Plugin:
Social Reviews & Recommendations
Plugin Slug:
fb-reviews-widget
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.4
Severity Score:
Medium
CVE:
2025-30883
The vulnerability has been patched, so you should update to version 2.4.

Job Postings

Plugin:
Job Postings
Plugin Slug:
job-postings
Installations
10,000+
Vulnerability:
Arbitrary File Download
Patched in Version:
2.7.12
Severity Score:
Medium
CVE:
2025-1310
The vulnerability has been patched, so you should update to version 2.7.12.

Job Postings

Plugin:
Job Postings
Plugin Slug:
job-postings
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.11
Severity Score:
Medium
CVE:
2024-10105
The vulnerability has been patched, so you should update to version 2.7.11.

Sensei LMS – Online Courses, Quizzes, & Learning

Plugin:
Sensei LMS – Online Courses, Quizzes, & Learning
Plugin Slug:
sensei-lms
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.24.5
Severity Score:
Medium
CVE:
2025-22740
The vulnerability has been patched, so you should update to version 4.24.5.

WP Date and Time Shortcode

Plugin:
WP Date and Time Shortcode
Plugin Slug:
wp-date-and-time-shortcode
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.8
Severity Score:
Medium
CVE:
2025-31590
The vulnerability has been patched, so you should update to version 2.6.8.

WP Tabs – Responsive Tabs and Custom Product Tabs

Plugin:
WP Tabs – Responsive Tabs and Custom Product Tabs
Plugin Slug:
wp-expand-tabs-free
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.7
Severity Score:
Medium
CVE:
2024-11503
The vulnerability has been patched, so you should update to version 2.2.7.

?=== Export All Posts, Products, Orders, Refunds & Users

Plugin:
?=== Export All Posts, Products, Orders, Refunds & Users
Plugin Slug:
wp-ultimate-exporter
Installations
10,000+
Vulnerability:
PHP Object Injection
Patched in Version:
2.14
Severity Score:
Critical
CVE:
2025-2332
The vulnerability has been patched, so you should update to version 2.14.

Essential Real Estate

Plugin:
Essential Real Estate
Plugin Slug:
essential-real-estate
Installations
9,000+
Vulnerability:
Local File Inclusion
Patched in Version:
5.2.1
Severity Score:
High
CVE:
2025-30849
The vulnerability has been patched, so you should update to version 5.2.1.

WP Compress – Instant Performance & Speed Optimization

Plugin:
WP Compress – Instant Performance & Speed Optimization
Plugin Slug:
wp-compress-image-optimizer
Installations
9,000+
Vulnerability:
Broken Access Control
Patched in Version:
6.30.16
Severity Score:
High
CVE:
2025-2110
The vulnerability has been patched, so you should update to version 6.30.16.

WP Compress – Instant Performance & Speed Optimization

Plugin:
WP Compress – Instant Performance & Speed Optimization
Plugin Slug:
wp-compress-image-optimizer
Installations
9,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
6.30.16
Severity Score:
Medium
CVE:
2025-2109
The vulnerability has been patched, so you should update to version 6.30.16.

Awesome Support – WordPress HelpDesk & Support Plugin

Plugin:
Awesome Support – WordPress HelpDesk & Support Plugin
Plugin Slug:
awesome-support
Installations
8,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
6.3.2
Severity Score:
High
CVE:
2024-13567
The vulnerability has been patched, so you should update to version 6.3.2.

Cozy Blocks – Page Builder for Gutenberg & Site Editor with Post Blocks, WooCommerce Blocks, Magazine Blocks & WordPress Gutenberg Blocks

Plugin:
Cozy Blocks – Page Builder for Gutenberg & Site Editor with Post Blocks, WooCommerce Blocks, Magazine Blocks & WordPress Gutenberg Blocks
Plugin Slug:
cozy-addons
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.7
Severity Score:
Medium
CVE:
2025-30838
The vulnerability has been patched, so you should update to version 2.1.7.

JS Help Desk – The Ultimate Help Desk & Support Plugin

Plugin:
JS Help Desk – The Ultimate Help Desk & Support Plugin
Plugin Slug:
js-support-ticket
Installations
7,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.9.3
Severity Score:
High
CVE:
2025-30880
The vulnerability has been patched, so you should update to version 2.9.3.

JS Help Desk – The Ultimate Help Desk & Support Plugin

Plugin:
JS Help Desk – The Ultimate Help Desk & Support Plugin
Plugin Slug:
js-support-ticket
Installations
7,000+
Vulnerability:
Arbitrary File Download
Patched in Version:
2.9.2
Severity Score:
High
CVE:
2025-30882
The vulnerability has been patched, so you should update to version 2.9.2.

JS Help Desk – The Ultimate Help Desk & Support Plugin

Plugin:
JS Help Desk – The Ultimate Help Desk & Support Plugin
Plugin Slug:
js-support-ticket
Installations
7,000+
Vulnerability:
Arbitrary File Deletion
Patched in Version:
2.9.3
Severity Score:
High
CVE:
2025-30878
The vulnerability has been patched, so you should update to version 2.9.3.

Shipmondo – A complete shipping solution for WooCommerce

Plugin:
Shipmondo – A complete shipping solution for WooCommerce
Plugin Slug:
pakkelabels-for-woocommerce
Installations
7,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
5.0.4
Severity Score:
Medium
CVE:
2025-27001
The vulnerability has been patched, so you should update to version 5.0.4.

Quiz Cat – WordPress Quiz Plugin

Plugin:
Quiz Cat – WordPress Quiz Plugin
Plugin Slug:
quiz-cat
Installations
6,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.0.9
Severity Score:
Low
CVE:
2025-30877
The vulnerability has been patched, so you should update to version 3.0.9.

Audio Album

Plugin:
Audio Album
Plugin Slug:
audio-album
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.1
Severity Score:
Medium
CVE:
2025-30780
The vulnerability has been patched, so you should update to version 1.5.1.

Doneren met Mollie

Plugin:
Doneren met Mollie
Plugin Slug:
doneren-met-mollie
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.10.8
Severity Score:
Medium
CVE:
2025-30779
The vulnerability has been patched, so you should update to version 2.10.8.

Inline Image Upload for BBPress

Plugin:
Inline Image Upload for BBPress
Plugin Slug:
image-upload-for-bbpress
Installations
4,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
1.1.20
Severity Score:
High
CVE:
2025-2006
The vulnerability has been patched, so you should update to version 1.1.20.

WP Posts Carousel

Plugin:
WP Posts Carousel
Plugin Slug:
wp-posts-carousel
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.9
Severity Score:
Medium
CVE:
2025-31094
The vulnerability has been patched, so you should update to version 1.3.9.

WP Posts Carousel

Plugin:
WP Posts Carousel
Plugin Slug:
wp-posts-carousel
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.8
Severity Score:
Medium
CVE:
2025-30920
The vulnerability has been patched, so you should update to version 1.3.8.

Chartify – WordPress Chart Plugin

Plugin:
Chartify – WordPress Chart Plugin
Plugin Slug:
chart-builder
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1.9
Severity Score:
Medium
CVE:
2025-30904
The vulnerability has been patched, so you should update to version 3.1.9.

Restaurant Menu and Food Ordering

Plugin:
Restaurant Menu and Food Ordering
Plugin Slug:
mp-restaurant-menu
Installations
3,000+
Vulnerability:
Local File Inclusion
Patched in Version:
2.4.5
Severity Score:
High
CVE:
2025-30846
The vulnerability has been patched, so you should update to version 2.4.5.

Newsletters

Plugin:
Newsletters
Plugin Slug:
newsletters-lite
Installations
3,000+
Vulnerability:
SQL Injection
Patched in Version:
4.9.9.8
Severity Score:
High
CVE:
2025-30921
The vulnerability has been patched, so you should update to version 4.9.9.8.

Newsletters

Plugin:
Newsletters
Plugin Slug:
newsletters-lite
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.9.9.8
Severity Score:
High
CVE:
2025-2009
The vulnerability has been patched, so you should update to version 4.9.9.8.

Themify Event Post

Plugin:
Themify Event Post
Plugin Slug:
themify-event-post
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.3
Severity Score:
Medium
CVE:
2025-30832
The vulnerability has been patched, so you should update to version 1.3.3.

Themify Event Post

Plugin:
Themify Event Post
Plugin Slug:
themify-event-post
Installations
3,000+
Vulnerability:
Local File Inclusion
Patched in Version:
1.3.3
Severity Score:
High
CVE:
2025-30831
The vulnerability has been patched, so you should update to version 1.3.3.

Tickera – WordPress Event Ticketing

Plugin:
Tickera – WordPress Event Ticketing
Plugin Slug:
tickera-event-ticketing-system
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.5.5.3
Severity Score:
Medium
CVE:
2025-30851
The vulnerability has been patched, so you should update to version 3.5.5.3.

Vimeotheque: Vimeo WordPress Plugin

Plugin:
Vimeotheque: Vimeo WordPress Plugin
Plugin Slug:
codeflavors-vimeo-video-post-lite
Installations
2,000+
Vulnerability:
SQL Injection
Patched in Version:
2.3.4.3
Severity Score:
High
CVE:
2025-30806
The vulnerability has been patched, so you should update to version 2.3.4.3.

Sitekit

Plugin:
Sitekit
Plugin Slug:
sitekit
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.9
Severity Score:
Medium
CVE:
2025-30776
The vulnerability has been patched, so you should update to version 1.9.

Vitepos – Point of sale (POS) plugin for WooCommerce

Plugin:
Vitepos – Point of sale (POS) plugin for WooCommerce
Plugin Slug:
vitepos-lite
Installations
2,000+
Vulnerability:
Broken Authentication
Patched in Version:
3.1.5
Severity Score:
High
CVE:
2025-22277
The vulnerability has been patched, so you should update to version 3.1.5.

WP-Recall – Registration, Profile, Commerce & More

Plugin:
WP-Recall – Registration, Profile, Commerce & More
Plugin Slug:
wp-recall
Installations
2,000+
Vulnerability:
SQL Injection
Patched in Version:
16.26.12
Severity Score:
High
CVE:
2024-9770
The vulnerability has been patched, so you should update to version 16.26.12.

Currency Switcher for WooCommerce

Plugin:
Currency Switcher for WooCommerce
Plugin Slug:
currency-switcher-for-woocommerce
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
0.0.8
Severity Score:
High
CVE:
2025-30857
The vulnerability has been patched, so you should update to version 0.0.8.

Custom Field For WP Job Manager

Plugin:
Custom Field For WP Job Manager
Plugin Slug:
custom-field-for-wp-job-manager
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.5
Severity Score:
Medium
CVE:
2025-30856
The vulnerability has been patched, so you should update to version 1.5.

Dr. Flex

Plugin:
Dr. Flex
Plugin Slug:
dr-flex
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.1
Severity Score:
Medium
CVE:
2025-30850
The vulnerability has been patched, so you should update to version 2.0.1.

Dropdown multisite selector

Plugin:
Dropdown multisite selector
Plugin Slug:
dropdown-multisite-selector
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
0.9.4
Severity Score:
Medium
CVE:
2025-31090
The vulnerability has been patched, so you should update to version 0.9.4.

Event post

Plugin:
Event post
Plugin Slug:
event-post
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.9.10
Severity Score:
Medium
CVE:
2025-2167
The vulnerability has been patched, so you should update to version 5.9.10.

Event Tickets with Ticket Scanner

Plugin:
Event Tickets with Ticket Scanner
Plugin Slug:
event-tickets-with-ticket-scanner
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.5.4
Severity Score:
Medium
CVE:
2025-1762
The vulnerability has been patched, so you should update to version 2.5.4.

Flexible Cookies

Plugin:
Flexible Cookies
Plugin Slug:
flexible-cookies
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.9
Severity Score:
Medium
CVE:
2025-30805
The vulnerability has been patched, so you should update to version 1.1.9.

WP Fast Total Search – The Power of Indexed Search

Plugin:
WP Fast Total Search – The Power of Indexed Search
Plugin Slug:
fulltext-search
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.79.264
Severity Score:
Medium
CVE:
2025-30894
The vulnerability has been patched, so you should update to version 1.79.264.

Just Writing Statistics

Plugin:
Just Writing Statistics
Plugin Slug:
just-writing-statistics
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.4
Severity Score:
Medium
CVE:
2025-30803
The vulnerability has been patched, so you should update to version 5.4.

Novelist

Plugin:
Novelist
Plugin Slug:
novelist
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.4
Severity Score:
Medium
CVE:
2025-30847
The vulnerability has been patched, so you should update to version 1.2.4.

Off-Canvas Sidebars & Menus (Slidebars)

Plugin:
Off-Canvas Sidebars & Menus (Slidebars)
Plugin Slug:
off-canvas-sidebars
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
0.5.8.4
Severity Score:
Medium
CVE:
2025-30860
The vulnerability has been patched, so you should update to version 0.5.8.4.

Quotes llama

Plugin:
Quotes llama
Plugin Slug:
quotes-llama
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1.1
Severity Score:
Medium
CVE:
2025-30786
The vulnerability has been patched, so you should update to version 3.1.1.

SearchIQ – The Search Solution

Plugin:
SearchIQ – The Search Solution
Plugin Slug:
searchiq
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.8
Severity Score:
Medium
CVE:
2025-30867
The vulnerability has been patched, so you should update to version 4.8.

SKT Addons for Elementor

Plugin:
SKT Addons for Elementor
Plugin Slug:
skt-addons-for-elementor
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6
Severity Score:
Medium
CVE:
2025-30812
The vulnerability has been patched, so you should update to version 3.6.

SKU Generator for WooCommerce

Plugin:
SKU Generator for WooCommerce
Plugin Slug:
sku-for-woocommerce
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.3
Severity Score:
High
CVE:
2025-30917
The vulnerability has been patched, so you should update to version 1.6.3.

WishSuite – Wishlist for WooCommerce

Plugin:
WishSuite – Wishlist for WooCommerce
Plugin Slug:
wishsuite
Installations
1,000+
Vulnerability:
Local File Inclusion
Patched in Version:
1.4.5
Severity Score:
High
CVE:
2025-30820
The vulnerability has been patched, so you should update to version 1.4.5.

WP Docs

Plugin:
WP Docs
Plugin Slug:
wp-docs
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.2.7
Severity Score:
Medium
CVE:
2025-31417
The vulnerability has been patched, so you should update to version 2.2.7.

The Ultimate WordPress Toolkit – WP Extended

Plugin:
The Ultimate WordPress Toolkit – WP Extended
Plugin Slug:
wpextended
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.15
Severity Score:
High
CVE:
2025-30796
The vulnerability has been patched, so you should update to version 3.0.15.

YayExtra – WooCommerce Extra Product Options

Plugin:
YayExtra – WooCommerce Extra Product Options
Plugin Slug:
yayextra
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.5.3
Severity Score:
High
CVE:
2025-31415
The vulnerability has been patched, so you should update to version 1.5.3.

3DPrint Lite

Plugin:
3DPrint Lite
Plugin Slug:
3dprint-lite
Installations
900+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.1.3.6
Severity Score:
Medium
CVE:
2025-30865
The vulnerability has been patched, so you should update to version 2.1.3.6.

Exchange Rates

Plugin:
Exchange Rates
Plugin Slug:
exchange-rates
Installations
900+
Vulnerability:
Broken Access Control
Patched in Version:
1.2.3
Severity Score:
Medium
CVE:
2025-30864
The vulnerability has been patched, so you should update to version 1.2.3.

Football Pool

Plugin:
Football Pool
Plugin Slug:
football-pool
Installations
900+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.12.3
Severity Score:
Medium
CVE:
2025-30764
The vulnerability has been patched, so you should update to version 2.12.3.

RPS Include Content

Plugin:
RPS Include Content
Plugin Slug:
rps-include-content
Installations
900+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.2
Severity Score:
Medium
CVE:
2025-31093
The vulnerability has been patched, so you should update to version 1.2.2.

Serial Codes Generator and Validator with WooCommerce Support

Plugin:
Serial Codes Generator and Validator with WooCommerce Support
Plugin Slug:
serial-codes-generator-and-validator
Installations
900+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.7.8
Severity Score:
Medium
CVE:
2025-30854
The vulnerability has been patched, so you should update to version 2.7.8.

Usermaven

Plugin:
Usermaven
Plugin Slug:
usermaven
Installations
900+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.2
Severity Score:
Medium
CVE:
2025-31079
The vulnerability has been patched, so you should update to version 1.2.2.

One to one user Chat by WPGuppy

Plugin:
One to one user Chat by WPGuppy
Plugin Slug:
wpguppy-lite
Installations
900+
Vulnerability:
SQL Injection
Patched in Version:
1.1.4
Severity Score:
High
CVE:
2025-30775
The vulnerability has been patched, so you should update to version 1.1.4.

Leaky Paywall

Plugin:
Leaky Paywall
Plugin Slug:
leaky-paywall
Installations
800+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.21.8
Severity Score:
Medium
CVE:
2025-31083
The vulnerability has been patched, so you should update to version 4.21.8.

Login Widget for Ultimate Member

Plugin:
Login Widget for Ultimate Member
Plugin Slug:
login-widget-for-ultimate-member
Installations
800+
Vulnerability:
Local File Inclusion
Patched in Version:
1.1.3
Severity Score:
High
CVE:
2025-30890
The vulnerability has been patched, so you should update to version 1.1.3.

Terms & Conditions Per Product

Plugin:
Terms & Conditions Per Product
Plugin Slug:
terms-and-conditions-per-product
Installations
800+
Vulnerability:
Broken Access Control
Patched in Version:
1.2.16
Severity Score:
Medium
CVE:
2025-30866
The vulnerability has been patched, so you should update to version 1.2.16.

TWB Woocommerce Reviews

Plugin:
TWB Woocommerce Reviews
Plugin Slug:
twb-woocommerce-reviews
Installations
800+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.7.8
Severity Score:
Medium
CVE:
2025-30801
The vulnerability has been patched, so you should update to version 1.7.8.

ValidateCertify Free

Plugin:
ValidateCertify Free
Plugin Slug:
validar-certificados-de-cursos
Installations
800+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.6.2
Severity Score:
Medium
CVE:
2025-30811
The vulnerability has been patched, so you should update to version 1.6.2.

WooCommerce Fattureincloud

Plugin:
WooCommerce Fattureincloud
Plugin Slug:
woo-fattureincloud
Installations
800+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.8
Severity Score:
High
CVE:
2025-30837
The vulnerability has been patched, so you should update to version 2.6.8.

WP Cassify

Plugin:
WP Cassify
Plugin Slug:
wp-cassify
Installations
800+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.6
Severity Score:
Medium
CVE:
2025-30771
The vulnerability has been patched, so you should update to version 2.3.6.

WP Compress for MainWP

Plugin:
WP Compress for MainWP
Plugin Slug:
wp-compress-mainwp
Installations
800+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
6.30.06
Severity Score:
Medium
CVE:
2025-31076
The vulnerability has been patched, so you should update to version 6.30.06.

Better Section Navigation

Plugin:
Better Section Navigation
Plugin Slug:
better-section-navigation
Installations
700+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.7.0
Severity Score:
Medium
CVE:
2025-31465
The vulnerability has been patched, so you should update to version 1.7.0.

Custom Fields Account Registration For Woocommerce

Plugin:
Custom Fields Account Registration For Woocommerce
Plugin Slug:
custom-fields-account-registration-for-woocommerce
Installations
700+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2
Severity Score:
Medium
CVE:
2025-30888
The vulnerability has been patched, so you should update to version 1.2.

Houzez Property Feed

Plugin:
Houzez Property Feed
Plugin Slug:
houzez-property-feed
Installations
700+
Vulnerability:
Arbitrary File Download
Patched in Version:
2.5.5
Severity Score:
High
CVE:
2025-30793
The vulnerability has been patched, so you should update to version 2.5.5.
Plugin:
Custom Login Logo
Plugin Slug:
ideal-wp-login-logo-changer
Installations
700+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.8
Severity Score:
Medium
CVE:
2025-30822
The vulnerability has been patched, so you should update to version 1.1.8.

Our Team Members – Team Members WordPress Plugin

Plugin:
Our Team Members – Team Members WordPress Plugin
Plugin Slug:
our-team-members
Installations
700+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.3
Severity Score:
Medium
CVE:
2025-30802
The vulnerability has been patched, so you should update to version 2.3.

PDF for WPForms + Drag and Drop Template Builder

Plugin:
PDF for WPForms + Drag and Drop Template Builder
Plugin Slug:
pdf-for-wpforms
Installations
700+
Vulnerability:
Broken Access Control
Patched in Version:
5.3.1
Severity Score:
Medium
CVE:
2025-30767
The vulnerability has been patched, so you should update to version 5.3.1.

wordpress publish post email notification

Plugin:
wordpress publish post email notification
Plugin Slug:
publish-post-email-notification
Installations
700+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.2.4
Severity Score:
Medium
CVE:
2025-30816
The vulnerability has been patched, so you should update to version 1.0.2.4.

Stock Sync for WooCommerce with Google Sheets | WooCommerce Bulk Edit, Stock Management, Inventory Management System & more – FlexStock

Plugin:
Stock Sync for WooCommerce with Google Sheets | WooCommerce Bulk Edit, Stock Management, Inventory Management System & more – FlexStock
Plugin Slug:
stock-sync-with-google-sheet-for-woocommerce
Installations
700+
Vulnerability:
SQL Injection
Patched in Version:
3.13.2
Severity Score:
High
CVE:
2025-30765
The vulnerability has been patched, so you should update to version 3.13.2.

Product Author for WooCommerce

Plugin:
Product Author for WooCommerce
Plugin Slug:
wc-product-author
Installations
700+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.8
Severity Score:
Medium
CVE:
2025-30872
The vulnerability has been patched, so you should update to version 1.0.8.

wpShopGermany IT-RECHT KANZLEI

Plugin:
wpShopGermany IT-RECHT KANZLEI
Plugin Slug:
wpshopgermany-it-recht-kanzlei
Installations
700+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.1
Severity Score:
Medium
CVE:
2025-30804
The vulnerability has been patched, so you should update to version 2.1.

Anthologize

Plugin:
Anthologize
Plugin Slug:
anthologize
Installations
600+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
0.8.3
Severity Score:
Medium
CVE:
2025-30823
The vulnerability has been patched, so you should update to version 0.8.3.

Digital License Manager

Plugin:
Digital License Manager
Plugin Slug:
digital-license-manager
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.7.4
Severity Score:
High
CVE:
2025-2635
The vulnerability has been patched, so you should update to version 1.7.4.

FormLift for Infusionsoft Web Forms

Plugin:
FormLift for Infusionsoft Web Forms
Plugin Slug:
formlift
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.5.20
Severity Score:
Medium
CVE:
2025-31434
The vulnerability has been patched, so you should update to version 7.5.20.

SNORDIAN’s H5PxAPIkatchu

Plugin:
SNORDIAN’s H5PxAPIkatchu
Plugin Slug:
h5pxapikatchu
Installations
600+
Vulnerability:
Broken Access Control
Patched in Version:
0.4.15
Severity Score:
Medium
CVE:
2025-30821
The vulnerability has been patched, so you should update to version 0.4.15.

Cool Author Box – For Widget and Post Content

Plugin:
Cool Author Box – For Widget and Post Content
Plugin Slug:
hm-cool-author-box-widget
Installations
600+
Vulnerability:
Broken Access Control
Patched in Version:
3.0.0
Severity Score:
Medium
CVE:
2025-30830
The vulnerability has been patched, so you should update to version 3.0.0.

IP Locator

Plugin:
IP Locator
Plugin Slug:
ip-locator
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.2.0
Severity Score:
Medium
CVE:
2025-30826
The vulnerability has been patched, so you should update to version 4.2.0.

jAlbum Bridge

Plugin:
jAlbum Bridge
Plugin Slug:
jalbum-bridge
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.18
Severity Score:
Medium
CVE:
2025-30818
The vulnerability has been patched, so you should update to version 2.0.18.

jAlbum Bridge

Plugin:
jAlbum Bridge
Plugin Slug:
jalbum-bridge
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.19
Severity Score:
Medium
CVE:
2025-30768
The vulnerability has been patched, so you should update to version 2.0.19.

Listamester

Plugin:
Listamester
Plugin Slug:
listamester
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.6
Severity Score:
Medium
CVE:
2025-30813
The vulnerability has been patched, so you should update to version 2.3.6.

Simplebooklet PDF Viewer and Embedder

Plugin:
Simplebooklet PDF Viewer and Embedder
Plugin Slug:
simplebooklet
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.3
Severity Score:
Medium
CVE:
2025-30922
The vulnerability has been patched, so you should update to version 1.1.3.

Verge3D Publishing and E-Commerce

Plugin:
Verge3D Publishing and E-Commerce
Plugin Slug:
verge3d
Installations
600+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.8.3
Severity Score:
Medium
CVE:
2025-30833
The vulnerability has been patched, so you should update to version 4.8.3.

Textmetrics

Plugin:
Textmetrics
Plugin Slug:
webtexttool
Installations
600+
Vulnerability:
Broken Access Control
Patched in Version:
3.6.2
Severity Score:
Medium
CVE:
2025-30824
The vulnerability has been patched, so you should update to version 3.6.2.

Lead Form Data Collection to CRM

Plugin:
Lead Form Data Collection to CRM
Plugin Slug:
wp-leads-builder-any-crm
Installations
600+
Vulnerability:
SQL Injection
Patched in Version:
3.1
Severity Score:
High
CVE:
2025-30810
The vulnerability has been patched, so you should update to version 3.1.

Zoho Billing – Embed Payment Form

Plugin:
Zoho Billing – Embed Payment Form
Plugin Slug:
zoho-subscriptions
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.1
Severity Score:
Medium
CVE:
2025-30900
The vulnerability has been patched, so you should update to version 4.1.

Accounting for WooCommerce

Plugin:
Accounting for WooCommerce
Plugin Slug:
accounting-for-woocommerce
Installations
500+
Vulnerability:
Local File Inclusion
Patched in Version:
1.6.9
Severity Score:
High
CVE:
2025-30835
The vulnerability has been patched, so you should update to version 1.6.9.

Christmas Panda

Plugin:
Christmas Panda
Plugin Slug:
christmas-panda
Installations
500+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.0
Severity Score:
Medium
CVE:
2025-30842
The vulnerability has been patched, so you should update to version 1.1.0.

Comment Approved Notifier Extended

Plugin:
Comment Approved Notifier Extended
Plugin Slug:
comment-approved-notifier-extended
Installations
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.3
Severity Score:
Medium
CVE:
2025-30792
The vulnerability has been patched, so you should update to version 5.3.

EZ SQL Reports Shortcode Widget and DB Backup

Plugin:
EZ SQL Reports Shortcode Widget and DB Backup
Plugin Slug:
elisqlreports
Installations
500+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
5.25.10
Severity Score:
High
CVE:
2025-30788
The vulnerability has been patched, so you should update to version 5.25.10.

EZ SQL Reports Shortcode Widget and DB Backup

Plugin:
EZ SQL Reports Shortcode Widget and DB Backup
Plugin Slug:
elisqlreports
Installations
500+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
5.25.10
Severity Score:
High
CVE:
2025-30787
The vulnerability has been patched, so you should update to version 5.25.10.

Gallery for Social Photo

Plugin:
Gallery for Social Photo
Plugin Slug:
feed-instagram-lite
Installations
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.0.37
Severity Score:
Medium
CVE:
2025-26742
The vulnerability has been patched, so you should update to version 1.0.0.37.

Hesabfa Accounting

Plugin:
Hesabfa Accounting
Plugin Slug:
hesabfa-accounting
Installations
500+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.2.0
Severity Score:
Medium
CVE:
2025-30815
The vulnerability has been patched, so you should update to version 2.2.0.

Slider by BestWebSoft

Plugin:
Slider by BestWebSoft
Plugin Slug:
slider-bws
Installations
500+
Vulnerability:
SQL Injection
Patched in Version:
1.1.1
Severity Score:
High
CVE:
2025-31099
The vulnerability has been patched, so you should update to version 1.1.1.

Chatbox Manager

Plugin:
Chatbox Manager
Plugin Slug:
wa-chatbox-manager
Installations
500+
Vulnerability:
Broken Access Control
Patched in Version:
1.2.3
Severity Score:
Medium
CVE:
2025-30790
The vulnerability has been patched, so you should update to version 1.2.3.

Web Directory Free

Plugin:
Web Directory Free
Plugin Slug:
web-directory-free
Installations
500+
Vulnerability:
SQL Injection
Patched in Version:
1.7.7
Severity Score:
Critical
CVE:
2025-28904
The vulnerability has been patched, so you should update to version 1.7.7.

WordPress WP-Advanced-Search

Plugin:
WordPress WP-Advanced-Search
Plugin Slug:
wp-advanced-search
Installations
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.3.9.3
Severity Score:
Medium
CVE:
2024-10554
The vulnerability has been patched, so you should update to version 3.3.9.3.

Z Companion

Plugin:
Z Companion
Plugin Slug:
z-companion
Installations
500+
Vulnerability:
Broken Access Control
Patched in Version:
1.1.0
Severity Score:
Medium
CVE:
2025-30817
The vulnerability has been patched, so you should update to version 1.1.0.

Administrator Z

Plugin:
Administrator Z
Plugin Slug:
administrator-z
Installations
400+
Vulnerability:
Broken Access Control
Patched in Version:
2025.03.27
Severity Score:
High
CVE:
2025-2815
The vulnerability has been patched, so you should update to version 2025.03.27.

Store Locator Widget

Plugin:
Store Locator Widget
Plugin Slug:
store-locator-widget
Installations
400+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2025r3
Severity Score:
High
CVE:
2025-30919
The vulnerability has been patched, so you should update to version 2025r3.

Support Genix – Helpdesk & Customer Support Ticket System

Plugin:
Support Genix – Helpdesk & Customer Support Ticket System
Plugin Slug:
support-genix-lite
Installations
400+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
1.4.12
Severity Score:
Medium
CVE:
2025-30777
The vulnerability has been patched, so you should update to version 1.4.12.

WIP WooCarousel Lite

Plugin:
WIP WooCarousel Lite
Plugin Slug:
wip-woocarousel-lite
Installations
400+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.8
Severity Score:
High
CVE:
2025-30769
The vulnerability has been patched, so you should update to version 1.1.8.

About Author

Plugin:
About Author
Plugin Slug:
about-author
Installations
300+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.3
Severity Score:
High
CVE:
2025-30808
The vulnerability has been patched, so you should update to version 1.6.3.

Better WishList API

Plugin:
Better WishList API
Plugin Slug:
better-wlm-api
Installations
300+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.5
Severity Score:
High
CVE:
2025-30798
The vulnerability has been patched, so you should update to version 1.1.5.

Gift Message for WooCommerce

Plugin:
Gift Message for WooCommerce
Plugin Slug:
gift-message-for-woocommerce
Installations
300+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.7.9
Severity Score:
Medium
CVE:
2025-30923
The vulnerability has been patched, so you should update to version 1.7.9.

Multiple Shipping And Billing Address For Woocommerce

Plugin:
Multiple Shipping And Billing Address For Woocommerce
Plugin Slug:
different-shipping-and-billing-address-for-woocommerce
Installations
200+
Vulnerability:
PHP Object Injection
Patched in Version:
1.6
Severity Score:
Critical
CVE:
2025-31087
The vulnerability has been patched, so you should update to version 1.6.

Image Wall

Plugin:
Image Wall
Plugin Slug:
image-wall
Installations
200+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1
Severity Score:
High
CVE:
2025-30869
The vulnerability has been patched, so you should update to version 3.1.

Next-Cart Store to WooCommerce Migration

Plugin:
Next-Cart Store to WooCommerce Migration
Plugin Slug:
nextcart-woocommerce-migration
Installations
200+
Vulnerability:
SQL Injection
Patched in Version:
3.9.5
Severity Score:
Critical
CVE:
2025-30807
The vulnerability has been patched, so you should update to version 3.9.5.

Cart tracking for WooCommerce

Plugin:
Cart tracking for WooCommerce
Plugin Slug:
cart-tracking-for-woocommerce
Installations
100+
Vulnerability:
SQL Injection
Patched in Version:
1.0.17
Severity Score:
High
CVE:
2025-30791
The vulnerability has been patched, so you should update to version 1.0.17.

CRM and Lead Management by vcita

Plugin:
CRM and Lead Management by vcita
Plugin Slug:
crm-customer-relationship-management-by-vcita
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.5
Severity Score:
Medium
CVE:
2024-13702
The vulnerability has been patched, so you should update to version 2.7.5.

DICOM Support

Plugin:
DICOM Support
Plugin Slug:
dicom-support
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
0.10.7
Severity Score:
Medium
CVE:
2024-12623
The vulnerability has been patched, so you should update to version 0.10.7.

Primer MyData for Woocommerce

Plugin:
Primer MyData for Woocommerce
Plugin Slug:
primer-mydata
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.2.4
Severity Score:
High
CVE:
2025-30924
The vulnerability has been patched, so you should update to version 4.2.4.

xili-dictionary

Plugin:
xili-dictionary
Plugin Slug:
xili-dictionary
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.12.5.1
Severity Score:
High
CVE:
2025-30840
The vulnerability has been patched, so you should update to version 2.12.5.1.

MDJM Event Management

Plugin:
MDJM Event Management
Plugin Slug:
mobile-dj-manager
Installations
90+
Vulnerability:
PHP Object Injection
Patched in Version:
1.7.5.3
Severity Score:
High
CVE:
2025-31074
The vulnerability has been patched, so you should update to version 1.7.5.3.

WPC Smart Upsell Funnel for WooCommerce

Plugin:
WPC Smart Upsell Funnel for WooCommerce
Plugin Slug:
wpc-smart-upsell-funnel
Installations
90+
Vulnerability:
Privilege Escalation
Patched in Version:
3.0.5
Severity Score:
High
CVE:
2025-30772
The vulnerability has been patched, so you should update to version 3.0.5.

Material Dashboard

Plugin:
Material Dashboard
Plugin Slug:
material-dashboard
Installations
80+
Vulnerability:
Privilege Escalation
Patched in Version:
1.4.6
Severity Score:
Critical
CVE:
2025-31095
The vulnerability has been patched, so you should update to version 1.4.6.

Hostel

Plugin:
Hostel
Plugin Slug:
hostel
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.5.6
Severity Score:
High
CVE:
2025-31102
The vulnerability has been patched, so you should update to version 1.1.5.6.

Hostel

Plugin:
Hostel
Plugin Slug:
hostel
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.5.5
Severity Score:
High
CVE:
2025-30848
The vulnerability has been patched, so you should update to version 1.1.5.5.

AEC Kiosque

Plugin:
AEC Kiosque
Plugin Slug:
aec-kiosque
Installations
40+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.9.4
Severity Score:
High
CVE:
2025-30902
The vulnerability has been patched, so you should update to version 1.9.4.

BizCalendar Web

Plugin:
BizCalendar Web
Plugin Slug:
bizcalendar-web
Installations
30+
Vulnerability:
SQL Injection
Patched in Version:
1.1.0.35
Severity Score:
High
CVE:
2025-30843
The vulnerability has been patched, so you should update to version 1.1.0.35.

EO4WP: EmailOctopus for WordPress

Plugin:
EO4WP: EmailOctopus for WordPress
Plugin Slug:
fw-integration-for-emailoctopus
Installations
30+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.8.5
Severity Score:
Medium
CVE:
2025-30763
The vulnerability has been patched, so you should update to version 1.0.8.5.

Your Simple SVG Support

Plugin:
Your Simple SVG Support
Plugin Slug:
your-simple-svg-support
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.2
Severity Score:
Medium
CVE:
2025-2542
The vulnerability has been patched, so you should update to version 1.0.2.

Bitspecter Suite

Plugin:
Bitspecter Suite
Plugin Slug:
bitspecter-suite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.0
Severity Score:
Medium
CVE:
2025-2577
The vulnerability has been patched, so you should update to version 1.1.0.

Booknetic

Plugin:
Booknetic
Plugin Slug:
booknetic
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.1.5
Severity Score:
Medium
CVE:
2024-13146
The vulnerability has been patched, so you should update to version 4.1.5.

Bridge Core

Plugin:
Bridge Core
Plugin Slug:
bridge-core
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.3.1
Severity Score:
Medium
CVE:
2025-31409
The vulnerability has been patched, so you should update to version 3.3.1.

BWL Advanced FAQ Manager

Plugin:
BWL Advanced FAQ Manager
Plugin Slug:
bwl-advanced-faq-manager
Vulnerability:
Broken Access Control
Patched in Version:
2.1.5
Severity Score:
Medium
CVE:
2024-13801
The vulnerability has been patched, so you should update to version 2.1.5.

Fusion Builder

Plugin:
Fusion Builder
Plugin Slug:
fusion-builder
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.11.15
Severity Score:
Medium
CVE:
2025-1665
The vulnerability has been patched, so you should update to version 3.11.15.

JetBlocks For Elementor

Plugin:
JetBlocks For Elementor
Plugin Slug:
jet-blocks
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.16.1
Severity Score:
Medium
CVE:
2025-30987
The vulnerability has been patched, so you should update to version 1.3.16.1.

JetSearch

Plugin:
JetSearch
Plugin Slug:
jet-search
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.5.7.1
Severity Score:
Medium
CVE:
2025-31043
The vulnerability has been patched, so you should update to version 3.5.7.1.

JetSmartFilters

Plugin:
JetSmartFilters
Plugin Slug:
jet-smart-filters
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.4
Severity Score:
Medium
CVE:
2025-30963
The vulnerability has been patched, so you should update to version 3.6.4.

JetWooBuilder

Plugin:
JetWooBuilder
Plugin Slug:
jet-woo-builder
Vulnerability:
Local File Inclusion
Patched in Version:
2.1.18.1
Severity Score:
High
CVE:
2025-31016
The vulnerability has been patched, so you should update to version 2.1.18.1.

JetProductGallery

Plugin:
JetProductGallery
Plugin Slug:
jet-woo-product-gallery
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.22.1
Severity Score:
Medium
CVE:
2025-31412
The vulnerability has been patched, so you should update to version 2.1.22.1.

Smart Maintenance Mode

Plugin:
Smart Maintenance Mode
Plugin Slug:
smart-maintenance-mode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.2
Severity Score:
Medium
CVE:
2024-12682
The vulnerability has been patched, so you should update to version 1.5.2.

tagDiv Composer

Plugin:
tagDiv Composer
Plugin Slug:
td-composer
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
5.4
Severity Score:
High
CVE:
2025-1705
The vulnerability has been patched, so you should update to version 5.4.

tagDiv Composer

Plugin:
tagDiv Composer
Plugin Slug:
td-composer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.4
Severity Score:
High
CVE:
2025-2804
The vulnerability has been patched, so you should update to version 5.4.

Shortcodes by United Themes

Plugin:
Shortcodes by United Themes
Plugin Slug:
ut-shortcodes
Vulnerability:
Content Injection
Patched in Version:
5.1.7
Severity Score:
Medium
CVE:
2024-13557
The vulnerability has been patched, so you should update to version 5.1.7.

WordPress Themes — 4 Patched / 18 Unpatched

AuraMart

Theme:
AuraMart
Theme Slug:
auramart
Downloads
804
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-26922
The vulnerability has not been patched. You should switch themes.

Hester

Theme:
Hester
Theme Slug:
hester
Downloads
7,289
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-26734
The vulnerability has not been patched. You should switch themes.

MorningTime Lite

Theme:
MorningTime Lite
Theme Slug:
morningtime-lite
Downloads
40,088
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-26736
The vulnerability has not been patched. You should switch themes.

StoreBiz

Theme:
StoreBiz
Theme Slug:
storebiz
Downloads
102,376
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-26732
The vulnerability has not been patched. You should switch themes.

Build

Theme:
Build
Theme Slug:
build
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-26869
The vulnerability has not been patched. You should switch themes.

Churel

Theme:
Churel
Theme Slug:
churel
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-31419
The vulnerability has not been patched. You should switch themes.

City Store

Theme:
City Store
Theme Slug:
city-store
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-26737
The vulnerability has not been patched. You should switch themes.

Navigation Tree Elementor

Theme:
Navigation Tree Elementor
Theme Slug:
navigation-tree-elementor
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-30562
The vulnerability has not been patched. You should switch themes.

newseqo

Theme:
newseqo
Theme Slug:
newseqo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-26739
The vulnerability has not been patched. You should switch themes.

RainbowNews

Theme:
RainbowNews
Theme Slug:
rainbownews
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-26747
The vulnerability has not been patched. You should switch themes.

Rapyd Payment Extension for WooCommerce

Theme:
Rapyd Payment Extension for WooCommerce
Theme Slug:
rapyd-payments
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-30618
The vulnerability has not been patched. You should switch themes.

Shopo

Theme:
Shopo
Theme Slug:
shopo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31013
The vulnerability has not been patched. You should switch themes.

Themify Sidepane WordPress Theme

Theme:
Themify Sidepane WordPress Theme
Theme Slug:
sidepane
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-31013
The vulnerability has not been patched. You should switch themes.

Traveler

Theme:
Traveler
Theme Slug:
traveler
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-26956
The vulnerability has not been patched. You should switch themes.

Traveler

Theme:
Traveler
Theme Slug:
traveler
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-26733
The vulnerability has not been patched. You should switch themes.

Traveler

Theme:
Traveler
Theme Slug:
traveler
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-26898
The vulnerability has not been patched. You should switch themes.

Traveler

Theme:
Traveler
Theme Slug:
traveler
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-26873
The vulnerability has not been patched. You should switch themes.

Whitish Lite

Theme:
Whitish Lite
Theme Slug:
whitish-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22278
The vulnerability has not been patched. You should switch themes.

Big Store

Theme:
Big Store
Theme Slug:
big-store
Downloads
135,572
Vulnerability:
Broken Access Control
Patched in Version:
2.0.9
Severity Score:
Medium
CVE:
2025-30881
The vulnerability has been patched, so you should update to version 2.0.9.

Unlimited

Theme:
Unlimited
Theme Slug:
unlimited
Downloads
66,367
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.46
Severity Score:
Medium
CVE:
2025-31073
The vulnerability has been patched, so you should update to version 1.46.

Real Estate 7

Theme:
Real Estate 7
Theme Slug:
realestate-7
Vulnerability:
Arbitrary File Upload
Patched in Version:
3.5.5
Severity Score:
High
CVE:
2025-2891
The vulnerability has been patched, so you should update to version 3.5.5.

WP Weixin

Theme:
WP Weixin
Theme Slug:
wp-weixin
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.17
Severity Score:
Medium
CVE:
2025-30875
The vulnerability has been patched, so you should update to version 1.3.17.

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Avatar photoSarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Author:

Avatar photoSarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles