In this report, 241 vulnerabilities have been publicly disclosed. Security patches for 91 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 150 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
SolidWP Patches Multiple Plugin Vulnerabilities
On April 29, SolidWP released important security updates across several plugins, including Solid Mail, Solid Performance, Solid Security, and Solid Backups Legacy. These address an unauthenticated XSS (CVE-2025-1123), a serialized injection risk, and a telemetry privilege issue. Users are strongly urged to update immediately.
Read the full advisory and update instructions.
WordPress Core
WordPress 6.8 “Cecil” is here! Launched April 15, 2025, it honors jazz legend Cecil Taylor, whose pioneering piano fused chaos and harmony. Explore its bold features with the same experimental spirit.
Plus, WordCamp Europe 2025 lands in Basel, Switzerland, June 5-7! Connect with WordPress enthusiasts, developers, and pros for three days of learning, networking, and collaboration with the global community.
WordPress Plugins — 85 Patched / 137 Unpatched
Advanced Accordion Gutenberg Block
- Plugin Slug:
- advanced-accordion-block
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-2543
Lottie Player- Great Lottie Player Solution
- Plugin Slug:
- embed-lottie-player
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-2579
ACF: Google Font Selector
- Plugin:
- ACF: Google Font Selector
- Plugin Slug:
- acf-google-font-selector-field
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39382
Anything Popup
- Plugin:
- Anything Popup
- Plugin Slug:
- anything-popup
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39397
The Pack Elementor addon
- Plugin:
- The Pack Elementor addon
- Plugin Slug:
- the-pack-addon
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46472
WPMasterToolKit (WPMTK) – All in one plugin
- Plugin Slug:
- wpmastertoolkit
- Installations
- 2,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3300
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light
- Plugin Slug:
- excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
- Installations
- 700+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39378
Capturly
- Plugin:
- Capturly
- Plugin Slug:
- capturly-optimize-your-website
- Installations
- 100+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39379
Checkout Field Visibility for WooCommerce
- Plugin Slug:
- checkout-field-visibility-for-woocommerce
- Installations
- 80+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39391
Product Lister for eBay
- Plugin:
- Product Lister for eBay
- Plugin Slug:
- product-lister-ebay
- Installations
- 70+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39384
FuseDesk
Appsero Helper
- Plugin:
- Appsero Helper
- Plugin Slug:
- appsero-helper
- Installations
- 50+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39377
1 Decembrie 1918
- Plugin:
- 1 Decembrie 1918
- Plugin Slug:
- 1-decembrie-1918
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3870
360 View
- Plugin:
- 360 View
- Plugin Slug:
- 360-view
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46509
Form Builder
- Plugin:
- Form Builder
- Plugin Slug:
- abcsubmit
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-2801
Absolute Links
- Plugin:
- Absolute Links
- Plugin Slug:
- absolute-links
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-43833
Add custom page template
- Plugin:
- Add custom page template
- Plugin Slug:
- add-custom-page-template
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3491
Add Google +1 (Plus one) social share Button
- Plugin:
- Add Google +1 (Plus one) social share Button
- Plugin Slug:
- add-google-plus-one-social-share-button
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3866
Custom Admin-Bar Favorites
- Plugin:
- Custom Admin-Bar Favorites
- Plugin Slug:
- admin-bookmarks
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3868
Advanced lazy load
- Plugin:
- Advanced lazy load
- Plugin Slug:
- advanced-lazy-load
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46508
All in One Time Clock Lite
- Plugin:
- All in One Time Clock Lite
- Plugin Slug:
- aio-time-clock-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46513
Ajax Comment Form CST
- Plugin:
- Ajax Comment Form CST
- Plugin Slug:
- ajax-comment-form-cst
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3867
Configurator Theme Core
- Plugin:
- Configurator Theme Core
- Plugin Slug:
- amz-configurator-core
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3101
Animate
- Plugin:
- Animate
- Plugin Slug:
- animate
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46443
Author Box After Posts
- Plugin:
- Author Box After Posts
- Plugin Slug:
- author-box-after-posts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46263
Author Box Plugin With Different Description
- Plugin:
- Author Box Plugin With Different Description
- Plugin Slug:
- author-box-with-different-description
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39371
Availability Calendar
- Plugin:
- Availability Calendar
- Plugin Slug:
- availability
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46528
Awesome Wp Image Gallery
- Plugin:
- Awesome Wp Image Gallery
- Plugin Slug:
- awesome-wp-image-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46476
BBCode Deluxe
- Plugin:
- BBCode Deluxe
- Plugin Slug:
- bbcode-deluxe
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46479
Best Posts Summary
- Plugin:
- Best Posts Summary
- Plugin Slug:
- best-posts-summary
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39374
Blog Manager WP
- Plugin:
- Blog Manager WP
- Plugin Slug:
- blog-manager-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46517
Buddypress Force Password Change
- Plugin:
- Buddypress Force Password Change
- Plugin Slug:
- buddy-press-force-password-change
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-3793
Business Contact Widget
- Plugin:
- Business Contact Widget
- Plugin Slug:
- business-contact-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46529
Call Now PHT Blog
- Plugin:
- Call Now PHT Blog
- Plugin Slug:
- call-now-coccoc-pht-blog
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46492
Car Park Booking System for WordPress
- Plugin:
- Car Park Booking System for WordPress
- Plugin Slug:
- car-park-booking-system-for-wordpress
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39376
Carousel-of-post-images
- Plugin:
- Carousel-of-post-images
- Plugin Slug:
- carousel-of-post-images
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46536
Contact Form 7 Calendar
- Plugin:
- Contact Form 7 Calendar
- Plugin Slug:
- cf7-calendar
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46510
CheckBot
- Plugin:
- CheckBot
- Plugin Slug:
- checkbot
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-43840
Confirm User Registration
- Plugin:
- Confirm User Registration
- Plugin Slug:
- confirm-user-registration
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46459
COVID-19 (Coronavirus) Update Your Customers
- Plugin:
- COVID-19 (Coronavirus) Update Your Customers
- Plugin Slug:
- covid-19-alert
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46523
Custom Functions Plugin
- Plugin:
- Custom Functions Plugin
- Plugin Slug:
- custom-functions
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46512
WP Custom Post Popup
- Plugin:
- WP Custom Post Popup
- Plugin Slug:
- custom-post-popup
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46471
LSD Custom taxonomy and category meta
- Plugin:
- LSD Custom taxonomy and category meta
- Plugin Slug:
- custom-taxonomy-category-and-term-fields
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46502
Document Management System
- Plugin:
- Document Management System
- Plugin Slug:
- dms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46448
Drop Caps
- Plugin:
- Drop Caps
- Plugin Slug:
- drop-caps
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46495
Dropdown Content
- Plugin:
- Dropdown Content
- Plugin Slug:
- dropdown-content
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46478
Easy Child Theme Creator
- Plugin:
- Easy Child Theme Creator
- Plugin Slug:
- easy-child-theme-creator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39375
Enhanced Paypal Shortcodes
- Plugin:
- Enhanced Paypal Shortcodes
- Plugin Slug:
- enhanced-paypal-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46543
External Markdown
- Plugin:
- External Markdown
- Plugin Slug:
- external-markdown
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46445
FAT Services Booking
- Plugin:
- FAT Services Booking
- Plugin Slug:
- fat-services-booking
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39355
Flickr Shortcode Importer
- Plugin:
- Flickr Shortcode Importer
- Plugin Slug:
- flickr-shortcode-importer
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46481
Floating Social Bar
- Plugin:
- Floating Social Bar
- Plugin Slug:
- floating-social-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46451
Flynax Bridge
- Plugin:
- Flynax Bridge
- Plugin Slug:
- flynax-bridge
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-3603
Flynax Bridge
- Plugin:
- Flynax Bridge
- Plugin Slug:
- flynax-bridge
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-3604
Foodbakery Sticky Cart
- Plugin:
- Foodbakery Sticky Cart
- Plugin Slug:
- foodbakery-sticky-cart
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39356
Front End Users
- Plugin:
- Front End Users
- Plugin Slug:
- front-end-only-users
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13569
Frontend Login and Registration Blocks
- Plugin:
- Frontend Login and Registration Blocks
- Plugin Slug:
- frontend-login-and-registration-blocks
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3607
GNA Search Shortcode
- Plugin:
- GNA Search Shortcode
- Plugin Slug:
- gna-search-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46540
Peadig’s Google +1 Button
- Plugin:
- Peadig’s Google +1 Button
- Plugin Slug:
- google-1
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46483
Google News
- Plugin:
- Google News
- Plugin Slug:
- google-news
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46452
Grand Conference
- Plugin:
- Grand Conference
- Plugin Slug:
- grandconference
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39354
Tabs
- Plugin:
- Tabs
- Plugin Slug:
- gt-tabs
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46522
GTDB Guitar Tuners
- Plugin:
- GTDB Guitar Tuners
- Plugin Slug:
- guitar-tuner
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46438
Hacklog Remote Attachment
- Plugin:
- Hacklog Remote Attachment
- Plugin Slug:
- hacklog-remote-attachment
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46530
Smart Hashtags [#hashtagger]
- Plugin:
- Smart Hashtags [#hashtagger]
- Plugin Slug:
- hashtagger
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46470
Hospital Management System
- Plugin:
- Hospital Management System
- Plugin Slug:
- hospital-management
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39380
Hospital Management System
- Plugin:
- Hospital Management System
- Plugin Slug:
- hospital-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39386
Hospital Management System
- Plugin:
- Hospital Management System
- Plugin Slug:
- hospital-management
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39393
Hospital Management System
- Plugin:
- Hospital Management System
- Plugin Slug:
- hospital-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39357
iCafe Library
- Plugin:
- iCafe Library
- Plugin Slug:
- icafe-library
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39370
Image Style Hover
- Plugin:
- Image Style Hover
- Plugin Slug:
- image-content-show-hover
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46534
Image Hover Effects For WPBakery Page Builder
- Plugin:
- Image Hover Effects For WPBakery Page Builder
- Plugin Slug:
- image-hover-effects-for-visual-composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46484
Inline Text Popup
- Plugin:
- Inline Text Popup
- Plugin Slug:
- inline-text-popup
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46538
Integração entre Eduzz e Woocommerce
- Plugin:
- Integração entre Eduzz e Woocommerce
- Plugin Slug:
- integracao-entre-eduzz-e-wc-powers
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3906
Landing pages and Domain aliases for WordPress
- Plugin:
- Landing pages and Domain aliases for WordPress
- Plugin Slug:
- landing-pages-and-domain-aliases
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46533
Libro de Reclamaciones
- Plugin:
- Libro de Reclamaciones
- Plugin Slug:
- libro-de-reclamaciones
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46446
License For Envato
- Plugin:
- License For Envato
- Plugin Slug:
- license-envato
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39399
Mad Mimi for WordPress
- Plugin:
- Mad Mimi for WordPress
- Plugin Slug:
- mad-mimi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46262
Milat jQuery Automatic Popup
- Plugin:
- Milat jQuery Automatic Popup
- Plugin Slug:
- milat-jquery-automatic-popup
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46514
Mini twitter feed
- Plugin:
- Mini twitter feed
- Plugin Slug:
- mini-twitter-feed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46496
Mixcloud Embed
- Plugin:
- Mixcloud Embed
- Plugin Slug:
- mixcloud-embed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46501
Modern Polls
- Plugin:
- Modern Polls
- Plugin Slug:
- modern-polls
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46466
Custom Login and Registration
- Plugin:
- Custom Login and Registration
- Plugin Slug:
- ms-registration
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46535
Multi-Column Taxonomy List
- Plugin:
- Multi-Column Taxonomy List
- Plugin Slug:
- multi-column-taxonomy-list
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46491
My Custom Widgets
- Plugin:
- My Custom Widgets
- Plugin Slug:
- mycustomwidget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46526
Navegg Analytics
- Plugin:
- Navegg Analytics
- Plugin Slug:
- navegg
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46497
Nepali Post Date
- Plugin:
- Nepali Post Date
- Plugin Slug:
- nepali-post-date
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46480
occupancyplan
- Plugin:
- occupancyplan
- Plugin Slug:
- occupancyplan
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46450
PayPal Express Checkout
- Plugin:
- PayPal Express Checkout
- Plugin Slug:
- paypal-express-checkout
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46499
Peekaboo
- Plugin:
- Peekaboo
- Plugin Slug:
- peekaboo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46505
Plugin Central
- Plugin:
- Plugin Central
- Plugin Slug:
- plugin-central
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46439
Posts for Page
- Plugin:
- Posts for Page
- Plugin Slug:
- posts-for-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39369
Print Science Designer
- Plugin:
- Print Science Designer
- Plugin Slug:
- print-science-designer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46465
RAphicon
- Plugin:
- RAphicon
- Plugin Slug:
- raphicon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46467
Related Posts via Taxonomies
- Plugin:
- Related Posts via Taxonomies
- Plugin Slug:
- related-posts-via-taxonomies
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46520
Loan Calculator
- Plugin:
- Loan Calculator
- Plugin Slug:
- repayment-calculator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46442
Revy
- Plugin:
- Revy
- Plugin Slug:
- revy
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32924
SUMO Reward Points
- Plugin:
- SUMO Reward Points
- Plugin Slug:
- rewardsystem
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32925
RRSSB
- Plugin:
- RRSSB
- Plugin Slug:
- rrssb
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46461
SCSS-Library
- Plugin:
- SCSS-Library
- Plugin Slug:
- scss-library
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46436
Send From
- Plugin:
- Send From
- Plugin Slug:
- send-from
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46469
SEUR Oficial
- Plugin:
- SEUR Oficial
- Plugin Slug:
- seur
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46474
Simple Google Photos Grid
- Plugin:
- Simple Google Photos Grid
- Plugin Slug:
- simple-google-photos-grid
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46503
Social Counter
- Plugin:
- Social Counter
- Plugin Slug:
- social-counter
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46473
Tayori Form
- Plugin:
- Tayori Form
- Plugin Slug:
- tayori
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46437
Time Based Greeting
- Plugin:
- Time Based Greeting
- Plugin Slug:
- time-based-greeting
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46435
Twitter Card Generator
- Plugin:
- Twitter Card Generator
- Plugin Slug:
- twitter-card-generator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46516
Unsafe Mimetypes
- Plugin:
- Unsafe Mimetypes
- Plugin Slug:
- unsafe-mimetypes
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46507
Vasaio QR Code
- Plugin:
- Vasaio QR Code
- Plugin Slug:
- vasaio-qr-code
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46504
WP Vegas
- Plugin:
- WP Vegas
- Plugin Slug:
- vegas-fullscreen-background-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-43841
Verification SMS with TargetSMS
- Plugin:
- Verification SMS with TargetSMS
- Plugin Slug:
- verification-sms-targetsms
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-3776
Bulk Assign Linked Products For WooCommerce
- Plugin:
- Bulk Assign Linked Products For WooCommerce
- Plugin Slug:
- wc-bulk-assign-linked-products
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46489
WP AVCL Automation Helper (formerly WPFlyLeads)
- Plugin:
- WP AVCL Automation Helper (formerly WPFlyLeads)
- Plugin Slug:
- woozap
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46531
Plugin Upgrade Time Out
- Plugin:
- Plugin Upgrade Time Out
- Plugin Slug:
- wordpressplugin-upgrade-time-out-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-8243
WoWHead Tooltips
- Plugin:
- WoWHead Tooltips
- Plugin Slug:
- wowhead-tooltips
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46449
WP Cookie Consent
- Plugin:
- WP Cookie Consent
- Plugin Slug:
- wp-cookie-consent
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46525
Wp Custom CMS Block
- Plugin:
- Wp Custom CMS Block
- Plugin Slug:
- wp-custom-cms-block
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46457
WP Customize Login Page
- Plugin:
- WP Customize Login Page
- Plugin Slug:
- wp-customize-login-page
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46485
WP Customize Login Page
- Plugin:
- WP Customize Login Page
- Plugin Slug:
- wp-customize-login-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46477
wp-cyr-cho
- Plugin:
- wp-cyr-cho
- Plugin Slug:
- wp-cyr-cho
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-43835
Easy Guide
- Plugin:
- Easy Guide
- Plugin Slug:
- wp-easy-guide
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-46460
WP Filter Post Category
- Plugin:
- WP Filter Post Category
- Plugin Slug:
- wp-filter-post-categories
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46524
FoodBakery
- Plugin:
- FoodBakery
- Plugin Slug:
- wp-foodbakery
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32927
WP HRM LITE
- Plugin:
- WP HRM LITE
- Plugin Slug:
- wp-hrm-lite-human-resource-management-system
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-46455
JobSearch
- Plugin:
- JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11917
Meta Keywords & Description
- Plugin:
- Meta Keywords & Description
- Plugin Slug:
- wp-meta-keywords-meta-description
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46454
WP Quiz
- Plugin:
- WP Quiz
- Plugin Slug:
- wp-quiz
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46482
WP-reCAPTCHA-bp
- Plugin:
- WP-reCAPTCHA-bp
- Plugin Slug:
- wp-recaptcha-bp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46541
Tooltip
- Plugin:
- Tooltip
- Plugin Slug:
- wp-tooltip
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46532
WordPress Events Calendar Registration & Tickets
- Plugin:
- WordPress Events Calendar Registration & Tickets
- Plugin Slug:
- wpeventplus
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39372
WPVN
- Plugin:
- WPVN
- Plugin Slug:
- wpvn-username-changer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46462
WpZon – Amazon Affiliate Plugin
- Plugin:
- WpZon – Amazon Affiliate Plugin
- Plugin Slug:
- wpzon
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46506
WS Force Login Page
- Plugin:
- WS Force Login Page
- Plugin Slug:
- ws-force-login-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46521
Woocommerce Automatic Order Printing
- Plugin:
- Woocommerce Automatic Order Printing
- Plugin Slug:
- xc-woo-google-cloud-print
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-1284
Xpert Tab
- Plugin:
- Xpert Tab
- Plugin Slug:
- xpert-tab
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46542
Zalo Official Live Chat
- Plugin:
- Zalo Official Live Chat
- Plugin Slug:
- zalo-official-live-chat
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46498
Zoho Creator Forms
- Plugin:
- Zoho Creator Forms
- Plugin Slug:
- zohocreator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46453
Ocean Extra
- Plugin:
- Ocean Extra
- Plugin Slug:
- ocean-extra
- Installations
- 600,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2025-3472
Ocean Extra
- Plugin:
- Ocean Extra
- Plugin Slug:
- ocean-extra
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2025-3457
Admin and Site Enhancements (ASE)
- Plugin Slug:
- admin-site-enhancements
- Installations
- 100,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 7.6.10
- Severity Score:
- Medium
- CVE:
- 2024-13688
Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.10.30
- Severity Score:
- Medium
- CVE:
- 2025-1458
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2025-3775
Jupiter X Core
- Plugin:
- Jupiter X Core
- Plugin Slug:
- jupiterx-core
- Installations
- 90,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.8.12
- Severity Score:
- Critical
- CVE:
- 2025-2105
Icegram Express – email subscribers, optin forms, newsletters and marketing automation for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.7.50
- Severity Score:
- Medium
- CVE:
- 2025-0671
User Registration & Membership – Custom Registration Form, Login Form, and User Profile
- Plugin Slug:
- user-registration
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.0
- Severity Score:
- High
- CVE:
- 2025-39400
Category Posts Widget
- Plugin:
- Category Posts Widget
- Plugin Slug:
- category-posts
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.20
- Severity Score:
- Medium
- CVE:
- 2025-1453
Greenshift – animation and page builder blocks
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 50,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.4.6
- Severity Score:
- High
- CVE:
- 2025-3616
WordPress Tag, Category, and Taxonomy Manager – AI Autotagger
- Plugin Slug:
- simple-tags
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.30.0
- Severity Score:
- Medium
- CVE:
- 2025-0627
Visual Composer Website Builder
- Plugin:
- Visual Composer Website Builder
- Plugin Slug:
- visualcomposer
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 45.11.0
- Severity Score:
- Medium
- CVE:
- 2025-46254
WP Import Export Lite
- Plugin:
- WP Import Export Lite
- Plugin Slug:
- wp-import-export-lite
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.28
- Severity Score:
- Medium
- CVE:
- 2025-2839
Contact Form & SMTP Plugin for WordPress by PirateForms
- Plugin Slug:
- pirate-forms
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.0
- Severity Score:
- Medium
- CVE:
- 2024-11273
SecuPress Free — WordPress Security
- Plugin Slug:
- secupress
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.10
- Severity Score:
- Medium
- CVE:
- 2025-3452
Gutenverse – Ultimate Block Addons and Page Builder for Site Editor
- Plugin Slug:
- gutenverse
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.0
- Severity Score:
- Medium
- CVE:
- 2025-2893
Social Slider Feed
- Plugin:
- Social Slider Feed
- Plugin Slug:
- instagram-slider-widget
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.9
- Severity Score:
- Medium
- CVE:
- 2025-0717
PowerPress Podcasting plugin by Blubrry
- Plugin Slug:
- powerpress
- Installations
- 30,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 11.12.6
- Severity Score:
- Critical
- CVE:
- 2025-46264
UiCore Elements – Free Elementor widgets and templates
- Plugin Slug:
- uicore-elements
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2025-1054
Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
- Plugin Slug:
- icegram
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.32
- Severity Score:
- Medium
- CVE:
- 2024-13486
Seriously Simple Podcasting
- Plugin:
- Seriously Simple Podcasting
- Plugin Slug:
- seriously-simple-podcasting
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.0
- Severity Score:
- Medium
- CVE:
- 2025-46261
AFI – The Easiest Integration Plugin
- Plugin Slug:
- advanced-form-integration
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.100.0
- Severity Score:
- Medium
- CVE:
- 2024-13123
Alt Text AI – Automatically generate image alt text for SEO and accessibility
- Plugin Slug:
- alttext-ai
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.94
- Severity Score:
- Medium
- CVE:
- 2025-46232
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor
- Plugin Slug:
- gutenkit-blocks-addon
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.3
- Severity Score:
- Medium
- CVE:
- 2025-46253
HTML Forms – Simple WordPress Forms Plugin
- Plugin Slug:
- html-forms
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- CVE:
- 2025-46236
Link Library
- Plugin:
- Link Library
- Plugin Slug:
- link-library
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.8.1
- Severity Score:
- Medium
- CVE:
- 2025-46237
Mang Board WP
- Plugin:
- Mang Board WP
- Plugin Slug:
- mangboard
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.7
- Severity Score:
- Medium
- CVE:
- 2025-3435
Prevent Direct Access – Protect WordPress Files
- Plugin Slug:
- prevent-direct-access
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.8.8.1
- Severity Score:
- Medium
- CVE:
- 2025-3923
Prevent Direct Access – Protect WordPress Files
- Plugin Slug:
- prevent-direct-access
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.8.3
- Severity Score:
- Medium
- CVE:
- 2025-3861
WordPress Simple Shopping Cart
- Plugin:
- WordPress Simple Shopping Cart
- Plugin Slug:
- wordpress-simple-paypal-shopping-cart
- Installations
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 5.1.3
- Severity Score:
- Medium
- CVE:
- 2025-3530
WordPress Simple Shopping Cart
- Plugin:
- WordPress Simple Shopping Cart
- Plugin Slug:
- wordpress-simple-paypal-shopping-cart
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.1.3
- Severity Score:
- Medium
- CVE:
- 2025-3529
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
- Plugin Slug:
- bit-form
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.18.4
- Severity Score:
- Medium
- CVE:
- 2025-2580
WS Form LITE – Drag & Drop Contact Form Builder for WordPress
- Plugin Slug:
- ws-form
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.10.36
- Severity Score:
- Medium
- CVE:
- 2025-3912
Theme Switcha – Easily Switch Themes for Development and Testing
- Plugin Slug:
- theme-switcha
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.1
- Severity Score:
- Medium
- CVE:
- 2025-46239
Custom Related Posts
- Plugin:
- Custom Related Posts
- Plugin Slug:
- custom-related-posts
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.5
- Severity Score:
- Medium
- CVE:
- 2025-46227
Upsell Funnel Builder for WooCommerce
- Plugin Slug:
- upsell-order-bump-offer-for-woocommerce
- Installations
- 4,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 3.0.1
- Severity Score:
- Medium
- CVE:
- 2025-3743
Watu Quiz
- Plugin:
- Watu Quiz
- Plugin Slug:
- watu
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.4.4
- Severity Score:
- High
- CVE:
- 2025-46242
affiliate-toolkit – WP Affiliate Plugin with Amazon
- Plugin Slug:
- affiliate-toolkit-starter
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.7.4
- Severity Score:
- Medium
- CVE:
- 2025-46231
Message Filter for Contact Form 7
- Plugin Slug:
- cf7-message-filter
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.6.33
- Severity Score:
- High
- CVE:
- 2025-46252
SKT Blocks – Gutenberg based Page Builder
- Plugin Slug:
- skt-blocks
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1
- Severity Score:
- Medium
- CVE:
- 2025-46235
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)
- Plugin Slug:
- sky-elementor-addons
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.3
- Severity Score:
- Medium
- CVE:
- 2025-46260
WP-Recall – Registration, Profile, Commerce & More
- Plugin Slug:
- wp-recall
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 16.26.12
- Severity Score:
- Medium
- CVE:
- 2024-9771
Appointment Booking Calendar
- Plugin:
- Appointment Booking Calendar
- Plugin Slug:
- appointment-booking-calendar
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.93
- Severity Score:
- Medium
- CVE:
- 2025-46247
Appointment Booking Calendar
- Plugin:
- Appointment Booking Calendar
- Plugin Slug:
- appointment-booking-calendar
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.93
- Severity Score:
- High
- CVE:
- 2025-46241
Event post
- Plugin:
- Event post
- Plugin Slug:
- event-post
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.10.0
- Severity Score:
- Medium
- CVE:
- 2025-46228
Fable Extra
- Plugin:
- Fable Extra
- Plugin Slug:
- fable-extra
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.0.7
- Severity Score:
- Critical
- CVE:
- 2025-46539
Fable Extra
- Plugin:
- Fable Extra
- Plugin Slug:
- fable-extra
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.0.7
- Severity Score:
- Critical
- CVE:
- 2025-46468
Fable Extra
- Plugin:
- Fable Extra
- Plugin Slug:
- fable-extra
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
- 2025-46447
List Last Changes
- Plugin:
- List Last Changes
- Plugin Slug:
- list-last-changes
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- CVE:
- 2025-46238
Simple Download Counter
- Plugin:
- Simple Download Counter
- Plugin Slug:
- simple-download-counter
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2025-46240
Image Optimizer, Resizer and CDN – Sirv
- Plugin Slug:
- sirv
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.5.4
- Severity Score:
- Medium
- CVE:
- 2025-46233
Smart Maintenance Mode
- Plugin:
- Smart Maintenance Mode
- Plugin Slug:
- smart-maintenance-mode
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.2
- Severity Score:
- Medium
- CVE:
- 2024-12683
My Tickets – Accessible Event Ticketing
- Plugin Slug:
- my-tickets
- Installations
- 900+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.0.17
- Severity Score:
- High
- CVE:
- 2025-3761
MPL-Publisher — Ebook & Audiobook Creator
- Plugin Slug:
- mpl-publisher
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.18.1
- Severity Score:
- Medium
- CVE:
- 2025-46226
Frontend Dashboard
- Plugin:
- Frontend Dashboard
- Plugin Slug:
- frontend-dashboard
- Installations
- 700+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.2.6
- Severity Score:
- Critical
- CVE:
- 2025-46248
Media Library Downloader
- Plugin:
- Media Library Downloader
- Plugin Slug:
- media-library-downloader
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2025-46519
Popup Builder
- Plugin:
- Popup Builder
- Plugin Slug:
- easy-notify-lite
- Installations
- 600+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.1.37
- Severity Score:
- High
- CVE:
- 2025-46230
VikRestaurants Table Reservations and Take-Away
- Plugin Slug:
- vikrestaurants
- Installations
- 600+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4
- Severity Score:
- High
- CVE:
- 2025-46251
Textmetrics
- Plugin:
- Textmetrics
- Plugin Slug:
- webtexttool
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.3
- Severity Score:
- Medium
- CVE:
- 2025-46229
CM Answers – Easy-to-use forum to grow your WP community
- Plugin Slug:
- cm-answers
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.3.4
- Severity Score:
- Medium
- CVE:
- 2025-46246
Crossword Compiler Puzzles
- Plugin:
- Crossword Compiler Puzzles
- Plugin Slug:
- crossword-compiler-puzzles
- Installations
- 400+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 5.3
- Severity Score:
- Critical
- CVE:
- 2025-46490
Advanced Linked Variations for Woocommerce
- Plugin Slug:
- linked-variation
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.4
- Severity Score:
- Medium
- CVE:
- 2025-46244
Simple calendar for Elementor
- Plugin:
- Simple calendar for Elementor
- Plugin Slug:
- simple-calendar-for-elementor
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.5
- Severity Score:
- Medium
- CVE:
- 2025-46249
Tax Switch for WooCommerce
- Plugin:
- Tax Switch for WooCommerce
- Plugin Slug:
- tax-switch-for-woocommerce
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.3
- Severity Score:
- Medium
- CVE:
- 2025-3814
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
- Plugin Slug:
- v-form
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.15
- Severity Score:
- Medium
- CVE:
- 2025-46250
CM Ad Changer – A simple tool to control and optimize your site’s banners
- Plugin Slug:
- cm-ad-changer
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.6
- Severity Score:
- Medium
- CVE:
- 2025-46245
Mailing Group Listserv
- Plugin:
- Mailing Group Listserv
- Plugin Slug:
- wp-mailing-group
- Installations
- 200+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.0.5
- Severity Score:
- High
- CVE:
- 2025-46463
Able Player, accessible HTML5 media player
- Plugin Slug:
- ableplayer
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- CVE:
- 2025-46475
Recover abandoned cart for WooCommerce
- Plugin Slug:
- recover-wc-abandoned-cart
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.3
- Severity Score:
- Medium
- CVE:
- 2025-46243
Breeze Display
- Plugin:
- Breeze Display
- Plugin Slug:
- wt-display-breeze
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.4
- Severity Score:
- Medium
- CVE:
- 2025-3749
Control Listings – Classifieds Ads Directory Portal Manager
- Plugin Slug:
- control-listings
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.5
- Severity Score:
- High
- CVE:
- 2025-46234
Aeropage Sync for Airtable
- Plugin:
- Aeropage Sync for Airtable
- Plugin Slug:
- aeropage-sync-for-airtable
- Installations
- 70+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.0
- Severity Score:
- Medium
- CVE:
- 2025-3915
Aeropage Sync for Airtable
- Plugin:
- Aeropage Sync for Airtable
- Plugin Slug:
- aeropage-sync-for-airtable
- Installations
- 70+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.3.0
- Severity Score:
- High
- CVE:
- 2025-3914
AnalyticsWP
- Plugin:
- AnalyticsWP
- Plugin Slug:
- analyticswp
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.1.5
- Severity Score:
- Critical
- CVE:
- 2025-39389
Anps Theme
- Plugin:
- Anps Theme
- Plugin Slug:
- anps_theme_plugin
- Vulnerability:
- Content Injection
- Patched in Version:
- 1.1.2
- Severity Score:
- Medium
- CVE:
- 2024-13812
BeerXML Shortcode
- Plugin:
- BeerXML Shortcode
- Plugin Slug:
- beerxml-shortcode
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 0.8
- Severity Score:
- Medium
- CVE:
- 2025-46511
BM Content Builder
- Plugin:
- BM Content Builder
- Plugin Slug:
- bm-builder
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.16.3
- Severity Score:
- High
- CVE:
- 2025-1279
cookieBAR
- Plugin:
- cookieBAR
- Plugin Slug:
- cookiebar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.10.1
- Severity Score:
- Medium
- CVE:
- 2025-43834
Mayosis Core
- Plugin:
- Mayosis Core
- Plugin Slug:
- mayosis-core
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 5.4.2
- Severity Score:
- High
- CVE:
- 2025-1565
Memberpress
- Plugin:
- Memberpress
- Plugin Slug:
- memberpress
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.12.0
- Severity Score:
- Medium
- CVE:
- 2024-11299
Order Delivery Date for WP e-Commerce
- Plugin:
- Order Delivery Date for WP e-Commerce
- Plugin Slug:
- order-delivery-date
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 12.3.1
- Severity Score:
- Critical
- CVE:
- 2025-2907
Post in page for Elementor
- Plugin:
- Post in page for Elementor
- Plugin Slug:
- post-in-page-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2025-46225
Service Finder Booking
- Plugin:
- Service Finder Booking
- Plugin Slug:
- sf-booking
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 6.0
- Severity Score:
- Critical
- CVE:
- 2025-2470
eForm – WordPress Form Builder
- Plugin:
- eForm – WordPress Form Builder
- Plugin Slug:
- wp-fsqm-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.19
- Severity Score:
- High
- CVE:
- 2025-1294
Xpro Elementor Addons – Pro
- Plugin:
- Xpro Elementor Addons – Pro
- Plugin Slug:
- xpro-elementor-addons-pro
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.4.10
- Severity Score:
- High
- CVE:
- 2024-13808
WordPress Themes — 6 Patched / 13 Unpatched
Arrival
- Theme:
- Arrival
- Theme Slug:
- arrival
- Downloads
- 126,548
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32921
CWW Portfolio
- Theme:
- CWW Portfolio
- Theme Slug:
- cww-portfolio
- Downloads
- 85,776
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39359
Grace Mag
- Theme:
- Grace Mag
- Theme Slug:
- grace-mag
- Downloads
- 70,110
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39360
Opstore
- Theme:
- Opstore
- Theme Slug:
- opstore
- Downloads
- 82,188
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39387
Xews Lite
- Theme:
- Xews Lite
- Theme Slug:
- xews-lite
- Downloads
- 14,655
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39383
Altair
- Theme:
- Altair
- Theme Slug:
- altair
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32928
Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue
- Theme:
- Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue
- Theme Slug:
- bellevuex
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39398
CiyaShop
- Theme:
- CiyaShop
- Theme Slug:
- ciyashop
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39349
Grand Restaurant WordPress
- Theme:
- Grand Restaurant WordPress
- Theme Slug:
- grandrestaurant
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39348
Grand Restaurant WordPress
- Theme:
- Grand Restaurant WordPress
- Theme Slug:
- grandrestaurant
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39352
Grand Restaurant WordPress
- Theme:
- Grand Restaurant WordPress
- Theme Slug:
- grandrestaurant
- Vulnerability:
- Path Traversal
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32926
JNews
- Theme:
- JNews
- Theme Slug:
- jnews
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39373
Reales WP
- Theme:
- Reales WP
- Theme Slug:
- reales-wp-real-estate-wordpress-theme
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13307
EduMall
- Theme:
- EduMall
- Theme Slug:
- edumall
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.3.0
- Severity Score:
- High
- CVE:
- 2025-2101
Kleo
- Theme:
- Kleo
- Theme Slug:
- kleo
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.4.4
- Severity Score:
- Medium
- CVE:
- 2025-39367
Vikinger
- Theme:
- Vikinger
- Theme Slug:
- vikinger
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.9.31
- Severity Score:
- High
- CVE:
- 2025-2238
wProject
- Theme:
- wProject
- Theme Slug:
- wproject
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 5.8.0
- Severity Score:
- High
- CVE:
- 2025-39366
wProject
- Theme:
- wProject
- Theme Slug:
- wproject
- Vulnerability:
- Settings Change
- Patched in Version:
- 5.8.0
- Severity Score:
- High
- CVE:
- 2025-39350
wProject
- Theme:
- wProject
- Theme Slug:
- wproject
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.8.0
- Severity Score:
- High
- CVE:
- 2025-39365
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
