WordPress Vulnerability Report — April 9, 2025

Since last week, 612 new vulnerabilities emerged in the WordPress ecosystem, including 583 plugins and 29 themes. 504 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Apr 9, 2025

Filed Under:WordPress Security

Reading Time:109 min.

In this report, 612 vulnerabilities have been publicly disclosed. Security patches for 108 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 504 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 103 Patched / 480 Unpatched

2.1 CMP – Coming Soon & Maintenance Plugin by NiteoThemes
2.2 Colibri Page Builder
2.3 ShareThis Dashboard for Google Analytics
2.4 Tutor LMS – eLearning and online course solution
2.5 Brizy – Page Builder
2.6 WP ULike – All-in-One Engagement Toolkit
2.7 ActiveCampaign – Forms, Site Tracking, Live Chat
2.8 DethemeKit for Elementor
2.9 Piotnet Addons For Elementor
2.10 Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery
2.11 Themesflat Addons For Elementor
2.12 Booster for WooCommerce
2.13 Advanced WordPress Backgrounds
2.14 WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
2.15 Ecwid by Lightspeed Ecommerce Shopping Cart
2.16 Read More & Accordion
2.17 Easy Google Maps
2.18 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
2.19 Secure Copy Content Protection and Content Locking
2.20 140+ Widgets | Xpro Addons For Elementor – FREE
2.21 Advanced Woo Labels – Product Labels for WooCommerce
2.22 Asgaros Forum
2.23 Flo Forms – Easy Drag & Drop Form Builder
2.24 LA-Studio Element Kit for Elementor
2.25 MasterStudy LMS WordPress Plugin – for Online Courses and Education
2.26 MasterStudy LMS WordPress Plugin – for Online Courses and Education
2.27 Motors – Car Dealership & Classified Listings Plugin
2.28 Motors – Car Dealership & Classified Listings Plugin
2.29 OSM – OpenStreetMap
2.30 s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
2.31 URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress
2.32 WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
2.33 WP-LESS
2.34 WPCargo Track & Trace
2.35 Xpro Theme Builder For Elementor – FREE
2.36 YaMaps for WordPress Plugin
2.37 WP Mobile Bottom Menu
2.38 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
2.39 Gutenify – Visual Site Builder Blocks & Site Templates.
2.40 IMPress for IDX Broker
2.41 WordPress Header Builder Plugin – Pearl
2.42 WordPress Header Builder Plugin – Pearl
2.43 EventON – Events Calendar
2.44 Sliced Invoices – WordPress Invoice Plugin
2.45 Specia Companion
2.46 Survey Maker
2.47 VK Filter Search
2.48 Directorist AddonsKit for Elementor
2.49 aThemes Addons for Elementor
2.50 Fusion Page Builder
2.51 Hyperlink Group Block
2.52 Flag Icons
2.53 Privyr CRM – Instant Lead Alerts for Contact Forms
2.54 Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
2.55 Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
2.56 Popular Brand Icons – Simple Icons
2.57 Split Test For Elementor
2.58 Split Test For Elementor
2.59 Widgetize Pages Light
2.60 Zoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automation
2.61 EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin
2.62 Fonto – Custom Web Fonts Manager
2.63 Libro de Reclamaciones y Quejas
2.64 News Kit Elementor Addons
2.65 Piotnet Forms
2.66 Piotnet Forms
2.67 Piotnet Forms
2.68 Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider
2.69 Social Share Buttons & Analytics Plugin – GetSocial.io
2.70 WebberZone Snippetz – Header, Body and Footer manager
2.71 Ai Image Alt Text Generator for WP
2.72 Ai Image Alt Text Generator for WP
2.73 Beam me up Scotty – Back to Top Button
2.74 Beds24 Online Booking
2.75 Bulk NoIndex & NoFollow Toolkit
2.76 Category Icon
2.77 Docxpresso
2.78 Gallery – Photo Albums Plugin
2.79 ELEX WooCommerce Request a Quote
2.80 Online Booking & Scheduling Calendar for WordPress by vcita
2.81 MX Time Zone Clocks
2.82 Safe Ai Malware Protection for WP
2.83 SrbTransLatin – Serbian Latinisation
2.84 Timeline Event History
2.85 Tockify Events Calendar
2.86 Directory Listings WordPress plugin – uListing
2.87 WP Modal Popup with Cookie Integration
2.88 WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce
2.89 WordPress Simple HTML Sitemap
2.90 WPoperation Elementor Addons
2.91 Black Widgets For Elementor
2.92 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
2.93 BuddyPress Members Only
2.94 Cal.com
2.95 CLP – Custom Login Page by NiteoThemes
2.96 Contact Form Builder by vcita
2.97 Cryptocurrency Widgets Pack
2.98 DirectoryPress – Business Directory And Classified Ad Listing
2.99 Astra Security Suite – Firewall & Malware Scan
2.100 Gutena Kit – Gutenberg Blocks and Templates
2.101 JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin
2.102 Nova Blocks by Pixelgrade
2.103 onOffice for WP-Websites
2.104 PDF Generator Addon for Elementor Page Builder
2.105 RestroPress – Online Food Ordering System
2.106 Table Block by RioVizual – Comparison Table, Pricing Table, and Pros & Cons Box for Gutenberg
2.107 Sequential Order Numbers for WooCommerce
2.108 Sidebar Manager Light
2.109 Simple Sticky Add To Cart For WooCommerce
2.110 Swiss Toolkit For WP
2.111 Swiss Toolkit For WP
2.112 Table Block by Tableberg – Best WordPress Table Plugin
2.113 Video Playlist For YouTube
2.114 Price by Quantity & Bulk Quantity Discounts for WooCommerce
2.115 WordPress Webinar Plugin – WebinarPress
2.116 WordPress Webinar Plugin – WebinarPress
2.117 WP AdCenter – Ad Manager & Adsense Ads
2.118 mb.YTPlayer for background videos
2.119 Follow Us Badges
2.120 B Blocks – The ultimate block collection
2.121 ContentBot AI Writer (ChatGPT, GPT4)
2.122 FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor
2.123 Post Custom Templates Lite
2.124 Real Estate Manager – Property Listing and Agent Management
2.125 Rollbar
2.126 Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
2.127 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)
2.128 404 Image Redirection (Replace Broken Images)
2.129 Doppler Forms
2.130 JS Job Manager
2.131 JS Job Manager
2.132 JS Job Manager
2.133 Product Notices for WooCommerce
2.134 Query Wrangler
2.135 Revive.so – Bulk Rewrite and Republish Blog Posts
2.136 SheetDB – get your Google Spreadsheet data
2.137 TailPress – Tailwind for WordPress
2.138 TuriTop Booking System
2.139 Widget Manager Light
2.140 AI Content Creator – Easy ChatGPT powered article generator
2.141 Group Chat & Video Chat by AtomChat
2.142 Group Chat & Video Chat by AtomChat
2.143 Broadstreet
2.144 Broadstreet
2.145 Easy!Appointments
2.146 Magical Blocks – Premium Gutenberg Blocks
2.147 Accessibility Suite by Ability, Inc
2.148 QR Code Tag for WC order emails, POS receipt emails, PDF invoices, PDF packing slips, Blog posts, Custom post types and Pages (from goaskle.com)
2.149 SCSS WP Editor
2.150 Simple Owl Carousel
2.151 Slider Path for Elementor
2.152 SnapWidget Social Photo Feed Widget
2.153 StaticPress
2.154 Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets™
2.155 WP Plugin Info Card
2.156 SMS Abandoned Cart Recovery ? CartBoss
2.157 Custom Database Applications by Caspio
2.158 Daisycon prijsvergelijkers
2.159 Embed Chessboard
2.160 Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more
2.161 FPW Category Thumbnails
2.162 Google SEO Pressor for Rich snippets
2.163 Google SEO Pressor for Rich snippets
2.164 History Log by click5
2.165 Integration of Zoho CRM and Contact Form 7
2.166 Contact Form, Drag and Drop Form Builder Plugin – Live Forms
2.167 My auctions allegro
2.168 OwnerRez
2.169 Behance Portfolio Manager
2.170 Behance Portfolio Manager
2.171 Publitio
2.172 Publitio
2.173 Publitio
2.174 Question Answer
2.175 Sheet2Site
2.176 Showeblogin Social Plugin
2.177 Simple Post Expiration
2.178 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
2.179 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
2.180 TextMe SMS
2.181 UPC/EAN/GTIN Code Generator
2.182 Uptime Robot Plugin for WordPress
2.183 Uptime Robot Plugin for WordPress
2.184 Uptime Robot Plugin for WordPress
2.185 Woocommerce Role Pricing
2.186 WP Link Preview
2.187 WP Proposals
2.188 1 Click WordPress Migration Plugin – 100% FREE for a limited time
2.189 ACME Divi Modules
2.190 Advanced Speed Increaser
2.191 WordPress Appointment Booking and Online Scheduling Plugin by Appointy
2.192 Cache control by Cacholong
2.193 Cache control by Cacholong
2.194 CF7 Spreadsheets
2.195 CF7 Spreadsheets
2.196 Checklist
2.197 Official CleverReach® Plugin for WooCommerce
2.198 Display product variations dropdown on shop page
2.199 Twice Commerce – Easy Rental Booking System
2.200 Freetobook Responsive Widget
2.201 FunnelCockpit
2.202 Job Board Manager
2.203 Leartes TRY Exchange Rates
2.204 Social Intents – Live Chat and ChatGPT Chatbots
2.205 m1.DownloadList
2.206 Ni WooCommerce Cost Of Goods
2.207 Ni WooCommerce Cost Of Goods
2.208 RDP Wiki Embed
2.209 Theme Duplicator
2.210 VG WooCarousel
2.211 Webling
2.212 Wishlist
2.213 WP Clone any post type
2.214 WP Clone any post type
2.215 Administrator Z
2.216 Administrator Z
2.217 Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
2.218 Appointify
2.219 Auto scroll for reading
2.220 Breaking News WP
2.221 Breaking News WP
2.222 Chamber Dashboard Business Directory
2.223 CRM WordPress Plugin – RepairBuddy
2.224 Dima Take Action
2.225 Pin Generator
2.226 Planyo online reservation system
2.227 RSVPMaker
2.228 Spider Elements – Crafted UX First Addons for Elementor
2.229 Spider Elements – Crafted UX First Addons for Elementor
2.230 TZ Plus Gallery
2.231 Woocommerce Advanced Product Organizer – Dynamic Sorting & Reordering
2.232 Advanced WooCommerce Product Sales Reporting – Statistics & Forecast
2.233 WP AutoKeyword
2.234 WP AutoKeyword
2.235 WP w3all phpBB
2.236 BWD Elementor Addons (2500+ presets, Meet The Team, Lottie, Lord Icon, Masking, Woocommerce, Theme Builder, Products, Blogs, CV, Contact Form 7 Styler, Header, Slider, Hero Section)
2.237 Contact Form vCard Generator
2.238 ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons)
2.239 Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages
2.240 Labinator Content Types Duplicator
2.241 Musician’s Pack for Elementor – Music Website Widgets & Templates
2.242 PhotoShelter for Photographers Blog Feed Plugin
2.243 TableOn – WordPress Posts Table Filterable
2.244 Silvasoft boekhouden
2.245 SimplyRETS Real Estate IDX
2.246 Viral Loops WP Integration
2.247 ACF City Selector
2.248 Auto Post After Image Upload
2.249 Connector to CiviCRM with CiviMcRestFace
2.250 Footer Contacts Bar
2.251 Export All Post Meta
2.252 Fonts Manager | Custom Fonts
2.253 Leadfox for WordPress
2.254 News Element Elementor Blog Magazine
2.255 Ni WooCommerce Product Enquiry
2.256 PeproDev CF7 Database
2.257 Send E-mail
2.258 Shiptimize for WooCommerce
2.259 SMM API
2.260 SwiftXR (3D/AR/VR) Viewer
2.261 Variable Inspector
2.262 Welcome Popup
2.263 Gift Cards for WooCommerce
2.264 WP Copy Media URL
2.265 5sterrenspecialist
2.266 AdMail – Multilingual Back in-Stock Notifier for WooCommerce
2.267 Related Posts Widget with Thumbnails
2.268 Agency Toolkit
2.269 Apimo Connector
2.270 Author Bio Shortcode
2.271 CBX Poll
2.272 Clockinator Lite
2.273 Content Manager Light
2.274 ContentMX Content Publisher
2.275 Course Booking System
2.276 Custom Content Scrollbar
2.277 DobsonDev Shortcodes
2.278 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking
2.279 WordPress Testimonials Slider
2.280 WordPress Testimonials Slider
2.281 WordPress Testimonials Slider
2.282 Footnotes for WordPress
2.283 Free Woocommerce Product Table View – Woo Table Pro
2.284 Free Woocommerce Product Table View – Woo Table Pro
2.285 Video & Photo Gallery for Ultimate Member
2.286 GB Gallery Slideshow
2.287 GDPR Cookie Notice
2.288 JobBoard Job listing plugin
2.289 JobBoard Job listing plugin
2.290 Local Magic
2.291 Opal Portfolio
2.292 OpenAI Tools for WordPress & WooCommerce
2.293 Pay with Contact Form 7
2.294 Payday
2.295 Popping Content Light
2.296 QR Master
2.297 Review Manager
2.298 Rio Video Gallery
2.299 Ship Per Product
2.300 Simple-Audioplayer
2.301 Simple Website Logo
2.302 SP Blog Designer
2.303 StaffList
2.304 StaffList
2.305 Team Members for Elementor Page Builder
2.306 The Logo Slider
2.307 Ultimate Live Cricket WordPress Lite
2.308 LeadLab by wiredminds
2.309 WooTumblog
2.310 WP Video Playlist
2.311 WP Sitemap
2.312 AB Google Map Travel (AB-MAP)
2.313 WordPress Adverts Plugin – Adverts Click Tracker
2.314 Clients
2.315 CookieHint WP
2.316 CoverManager
2.317 Minimalistic Event Manager
2.318 AI Search Bar
2.319 WR Price List Manager For Woocommerce
2.320 Advanced Typekit
2.321 byBrick Accordion
2.322 CM Registration – Tailored tool for seamless login and invitation-based registrations
2.323 Subscription Form for Feedblitz
2.324 LeadQuizzes
2.325 SWM – Shopify to WooCommerce Migration
2.326 News, Magazine and Blog Elements
2.327 OpenMenu – The official plugin for OpenMenu
2.328 wordpress related Posts with thumbnails
2.329 ShopCred – WooCommerce Builder with Products Grid & Carousel Block
2.330 Terms Before Download
2.331 Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More
2.332 Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More
2.333 Varnish WordPress
2.334 6Storage Rentals
2.335 Append Content
2.336 Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
2.337 Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
2.338 Hypotext
2.339 Marketer Addons
2.340 PostmarkApp Email Integrator
2.341 PostmarkApp Email Integrator
2.342 Radius Blocks – WordPress Gutenberg Blocks
2.343 Rich Text Editor
2.344 Rich Text Editor
2.345 AI Content Writer, Autoblogging, Youtube Subtitle to Article – SEO Help
2.346 Simple Contact Forms
2.347 Actionwear products sync
2.348 Boo Recipes
2.349 Catch Dark Mode
2.350 Easy Magazine
2.351 Infusionsoft Web Form JavaScript
2.352 pCloud Backup
2.353 Processing Projects
2.354 Sprout Clients – CRM and Lead Management
2.355 Turbo Addons Elementor
2.356 Useinfluence
2.357 WPBookit
2.358 WP Genealogy – Your Family History Website
2.359 Bulk Fields Editor
2.360 Chat by Chatwee
2.361 Easy WP Optimizer – Optimize DB & WordPress
2.362 Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme
2.363 Lightweight and Responsive Youtube Embed
2.364 Lightweight and Responsive Youtube Embed
2.365 Shopper Approved Reviews
2.366 WP Chrono
2.367 BlockWheels
2.368 Client Showcase
2.369 DesignO
2.370 Posts Footer Manager
2.371 Welcome Bar
2.372 Sparkle Elementor Kit
2.373 Simple Fixed Notice
2.374 Donate Me
2.375 Design Blocks – Gutenberg Blocks collection
2.376 ShipDepot for WooCommerce
2.377 Smartarget Popup
2.378 Turisbook Booking System
2.379 AIO Performance Profiler, Monitor, Optimize, Compress & Debug
2.380 Ethiopian Calendar
2.381 Eventbee RSVP Widget
2.382 HMH Footer Builder For Elementor
2.383 Just Post Preview Widget
2.384 Nearby Locations
2.385 Nemesis All-in-One | Newspaper Builder Elementor Extention
2.386 Support Helpdesk Ticket System Lite
2.387 WPSHARE247 Elementor Addons
2.388 1-Click Backup & Restore Database
2.389 AAWP Obfuscator
2.390 ABC Notation
2.391 Advanced Advertising System
2.392 Advanced Search by My Solr Server
2.393 AI Content Pipelines
2.394 Apptivo Business Site CRM
2.395 Arkhe Blocks
2.396 Arrow Custom Feed for Twitter
2.397 Awesome Logos
2.398 Booking Calendar and Notification
2.399 Booking Calendar and Notification
2.400 WordPress Booking plugin for Appointment Calendar and Woocommcerce Booking – Bookingor
2.401 BookingPress
2.402 Botnet Attack Blocker
2.403 CGM Event Calendar
2.404 Clearbit Reveal
2.405 Delete Post Revision
2.406 Demo Awesome
2.407 DigiWidgets Image Editor
2.408 Multi Days Events and Multi Events in One Day Calendar
2.409 DyaPress ERP/CRM
2.410 ZoomSounds
2.411 ZoomSounds
2.412 ZoomSounds
2.413 Easy Contact
2.414 Easy Query – WP Query Builder
2.415 Ebook Downloader
2.416 Ebook Downloader
2.417 Emma for WordPress
2.418 Exit Popup Free
2.419 Extensions for Elementor
2.420 ez Form Calculator – WordPress plugin
2.421 Fami WooCommerce Compare
2.422 Flickr Photostream
2.423 Frizzly
2.424 Front End Users
2.425 Front End Users
2.426 GetBookingsWP
2.427 Salesmate Add-On for Gravity Forms
2.428 Salesmate Add-On for Gravity Forms
2.429 Gift Certificate Creator
2.430 Global Gallery
2.431 GNUCommerce
2.432 Gosign – Posts Slider Block
2.433 include-file
2.434 Jetpack Feedback Exporter
2.435 JSON Structuring Markup
2.436 KB Support
2.437 Search engine keywords highlighter
2.438 Lafka Plugin
2.439 Latest Custom Post Type Updates
2.440 Lexicata
2.441 Limit Max IPs Per User
2.442 MediaView
2.443 Melhor Envio
2.444 mFolio Lite
2.445 MyBookProgress by Stormhill Media
2.446 MyBookProgress by Stormhill Media
2.447 NanoSupport
2.448 NanoSupport
2.449 Pages Order
2.450 Posten – Gutenberg Post Block
2.451 Blubrry PowerPress Podcasting plugin MultiSite add-on
2.452 RJ Quickcharts
2.453 Maps
2.454 SEO Tools
2.455 Sequel
2.456 Simple Map No Api
2.457 Simple WP Events
2.458 Simple:Press
2.459 Smart Icons For WordPress
2.460 Social Share And Social Locker
2.461 Social Share And Social Locker
2.462 Team Builder
2.463 Team Rosters
2.464 Trackserver
2.465 Video Url
2.466 Videos
2.467 Digihood HTML Sitemap
2.468 WP Bookmarks
2.469 WP Church Donation
2.470 WP Crowdfunding
2.471 WordPress Galleria
2.472 WP_Identicon
2.473 WP Profitshare
2.474 Advanced All in One Admin Search by WP Spotlight
2.475 wp Time Machine
2.476 WP User Profiles
2.477 WP Cleaner
2.478 Wptobe-signinup
2.479 XV Random Quotes
2.480 XV Random Quotes
2.481 Enable Media Replace
2.482 Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
2.483 Unlimited Elements For Elementor
2.484 Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links
2.485 Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.486 Lightbox & Modal Popup WordPress Plugin – FooBox
2.487 LuckyWP Table of Contents
2.488 Modula Image Gallery
2.489 PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
2.490 Media Library Assistant
2.491 User Registration & Membership – Custom Registration Form, Login Form, and User Profile
2.492 Product Filter by WBW
2.493 Calculated Fields Form
2.494 Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website
2.495 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
2.496 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
2.497 MapPress Maps for WordPress
2.498 Booster for WooCommerce
2.499 Booster for WooCommerce
2.500 WPFront User Role Editor
2.501 Blog Grid & Post Grid – Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer Pack
2.502 GTM Kit – Google Tag Manager & GA4 integration
2.503 Secure Copy Content Protection and Content Locking
2.504 User Submitted Posts – Enable Users to Submit Posts from the Front End
2.505 Import Export Suite for CSV and XML Datafeed
2.506 Import Export Suite for CSV and XML Datafeed
2.507 wpForo Forum
2.508 Countdown, Coming Soon, Maintenance – Countdown & Clock
2.509 Countdown, Coming Soon, Maintenance – Countdown & Clock
2.510 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
2.511 HTML Forms – Simple WordPress Forms Plugin
2.512 Link Library
2.513 Motors – Car Dealership & Classified Listings Plugin
2.514 Motors – Car Dealership & Classified Listings Plugin
2.515 Motors – Car Dealership & Classified Listings Plugin
2.516 ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
2.517 WP Date and Time Shortcode
2.518 Automatic Featured Images from Videos
2.519 Awesome Support – WordPress HelpDesk & Support Plugin
2.520 Cue by AudioTheme.com
2.521 Insert Headers and Footers Code – HT Script
2.522 Drag and Drop Multiple File Upload for WooCommerce
2.523 MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy
2.524 SMS Alert Order Notifications – WooCommerce
2.525 Watu Quiz
2.526 Lana Downloads Manager
2.527 Beds24 Online Booking
2.528 WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
2.529 teachPress
2.530 Product Table by WBW
2.531 CM Header and Footer – Add custom scripts and styles to your header and footer with ease
2.532 Social proof testimonials and reviews by Repuso
2.533 WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
2.534 YayExtra – WooCommerce Extra Product Options
2.535 3DPrint Lite
2.536 Ultra Addons Lite for Elementor
2.537 xili-language
2.538 Feedbucket – Website Feedback Tool
2.539 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
2.540 Printus – Automatic Printing Plugin for WooCommerce – Print WooCommerce Orders, PDF Invoices, Packaging Slips & More
2.541 WPC Smart Linked Products – Upsells & Cross-sells for WooCommerce
2.542 Maps for WP
2.543 Theater for WordPress
2.544 Snow Storm
2.545 Testimonial – Testimonial Slider, Reviews Slider, Testimonial By AI
2.546 Web Directory Free
2.547 WordPress Access Areas
2.548 Post to Social Media – WordPress to Hootsuite
2.549 Team Circle Image Slider With Lightbox
2.550 DeBounce Email Validator
2.551 Plugin Oficial – Getnet para WooCommerce
2.552 Order Splitter for WooCommerce
2.553 CardGate Payments for WooCommerce
2.554 Falling Things
2.555 Search, Filters & Merchandising for WooCommerce
2.556 Mobile App Canvas – Convert your Website Into an App for iOS and Android
2.557 Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
2.558 Next-Cart Store to WooCommerce Migration
2.559 Oracle Cards Lite
2.560 Perfect Font Awesome Integration
2.561 Residential Address Detection
2.562 Total processing card payments for WooCommerce
2.563 Big Boom Directory
2.564 GreenPay(tm) by Green.Money
2.565 WordPress Internal Link Optimiser
2.566 Shopper – Affiliate Link Management, 25000+ Brand Partnerships & Creative Product Displays
2.567 Material Dashboard
2.568 Norse Rune Oracle Plugin
2.569 Small Package Quotes – Worldwide Express Edition
2.570 Small Package Quotes – Worldwide Express Edition
2.571 Awesome Event Booking
2.572 Accept SagePay Payments Using Contact Form 7
2.573 coreActivity: Activity Logging for WordPress
2.574 Bridge Core
2.575 Contempo Real Estate Core
2.576 Fusion Builder
2.577 tagDiv Composer
2.578 User Registration & Membership Pro
2.579 Vehica Core
2.580 Vitepos
2.581 Woffice Core
2.582 Woffice Core
2.583 WP RealEstate

3. WordPress Themes — 5 Patched / 24 Unpatched

3.1 Glossy Blog
3.2 Home Services
3.3 Simplish
3.4 Tainá
3.5 Bloggie
3.6 Themify Edmin
3.7 Themify Edmin
3.8 Themify Folo
3.9 Themify Folo
3.10 Gravel
3.11 Themify Newsy
3.12 Themify Newsy
3.13 Photobox
3.14 Photobox
3.15 Rezo
3.16 Rezo
3.17 Shopo
3.18 Themify Sidepane WordPress Theme
3.19 Themify Sidepane WordPress Theme
3.20 Slide
3.21 Slide
3.22 Tiger
3.23 Tiger
3.24 Wigi
3.25 Real Estate 7
3.26 Streamit
3.27 Streamit
3.28 Streamit
3.29 Woffice

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

The third release candidate (“RC3”) for WordPress 6.8 is ready for download and testing. This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended that you evaluate RC3 on a test server and site.

WordPress Plugins — 103 Patched / 480 Unpatched

Plugin:: CMP – Coming Soon & Maintenance Plugin by NiteoThemes
Plugin Slug:: cmp-coming-soon-maintenance
Installations: 200,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32118

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32185

Plugin:: ShareThis Dashboard for Google Analytics
Plugin Slug:: googleanalytics
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32282

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32230

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32198

Plugin:: WP ULike – All-in-One Engagement Toolkit
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Content Spoofing
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32259

Plugin:: ActiveCampaign – Forms, Site Tracking, Live Chat
Plugin Slug:: activecampaign-subscription-forms
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32136

Plugin:: DethemeKit for Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32260

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32197

Plugin:: Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery
Plugin Slug:: simply-gallery-block
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32176

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31567

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12278

Plugin:: Advanced WordPress Backgrounds
Plugin Slug:: advanced-backgrounds
Installations: 30,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32200

Plugin:: WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
Plugin Slug:: wp-event-manager
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32225

Plugin:: Ecwid by Lightspeed Ecommerce Shopping Cart
Plugin Slug:: ecwid-shopping-cart
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32195

Plugin:: Read More & Accordion
Plugin Slug:: expand-maker
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-0810

Plugin:: Easy Google Maps
Plugin Slug:: google-maps-easy
Installations: 20,000+
Vulnerability:: XML External Entity (XXE)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32138

Plugin:: MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32235

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32133

Plugin:: 140+ Widgets | Xpro Addons For Elementor – FREE
Plugin Slug:: xpro-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32163

Plugin:: Advanced Woo Labels – Product Labels for WooCommerce
Plugin Slug:: advanced-woo-labels
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32188

Plugin:: Asgaros Forum
Plugin Slug:: asgaros-forum
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32227

Plugin:: Flo Forms – Easy Drag & Drop Form Builder
Plugin Slug:: flo-forms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32213

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32194

Plugin:: MasterStudy LMS WordPress Plugin – for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32237

Plugin:: MasterStudy LMS WordPress Plugin – for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32141

Plugin:: Motors – Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32170

Plugin:: Motors – Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32142

Plugin:: OSM – OpenStreetMap
Plugin Slug:: osm
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31557

Plugin:: s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32137

Plugin:: URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress
Plugin Slug:: url-shortify
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32134

Plugin:: WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
Plugin Slug:: wdesignkit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12189

Plugin:: WP-LESS
Plugin Slug:: wp-less
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31550

Plugin:: WPCargo Track & Trace
Plugin Slug:: wpcargo
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31609

Plugin:: Xpro Theme Builder For Elementor – FREE
Plugin Slug:: xpro-theme-builder
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32201

Plugin:: YaMaps for WordPress Plugin
Plugin Slug:: yamaps
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32172

Plugin:: WP Mobile Bottom Menu
Plugin Slug:: mobile-bottom-menu-for-wp
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31525

Plugin:: WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32280

Plugin:: Gutenify – Visual Site Builder Blocks & Site Templates.
Plugin Slug:: gutenify
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32168

Plugin:: IMPress for IDX Broker
Plugin Slug:: idx-broker-platinum
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31556

Plugin:: WordPress Header Builder Plugin – Pearl
Plugin Slug:: pearl-header-builder
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31881

Plugin:: WordPress Header Builder Plugin – Pearl
Plugin Slug:: pearl-header-builder
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31880

Plugin:: EventON – Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32160

Plugin:: Sliced Invoices – WordPress Invoice Plugin
Plugin Slug:: sliced-invoices
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31628

Plugin:: Specia Companion
Plugin Slug:: specia-companion
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32212

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32275

Plugin:: VK Filter Search
Plugin Slug:: vk-filter-search
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32175

Plugin:: Directorist AddonsKit for Elementor
Plugin Slug:: addonskit-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31857

Plugin:: aThemes Addons for Elementor
Plugin Slug:: athemes-addons-for-elementor-lite
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32158

Plugin:: Fusion Page Builder
Plugin Slug:: fusion
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31549

Plugin:: Hyperlink Group Block
Plugin Slug:: hyperlink-group-block
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31885

Plugin:: Flag Icons
Plugin Slug:: language-icons-flags-switcher
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31575

Plugin:: Privyr CRM – Instant Lead Alerts for Contact Forms
Plugin Slug:: privy-crm-integration
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32224

Plugin:: Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
Plugin Slug:: salon-booking-system
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32220

Plugin:: Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
Plugin Slug:: salon-booking-system
Installations: 4,000+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31560

Plugin:: Popular Brand Icons – Simple Icons
Plugin Slug:: simple-icons
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31786

Plugin:: Split Test For Elementor
Plugin Slug:: split-test-for-elementor
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32204

Plugin:: Split Test For Elementor
Plugin Slug:: split-test-for-elementor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32135

Plugin:: Widgetize Pages Light
Plugin Slug:: widgetize-pages-light
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32117

Plugin:: Zoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automation
Plugin Slug:: zoho-flow
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31408

Plugin:: EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin
Plugin Slug:: eazydocs
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32221

Plugin:: Fonto – Custom Web Fonts Manager
Plugin Slug:: fonto
Installations: 3,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31827

Plugin:: Libro de Reclamaciones y Quejas
Plugin Slug:: libro-de-reclamaciones-y-quejas
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32113

Plugin:: News Kit Elementor Addons
Plugin Slug:: news-kit-elementor-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32196

Plugin:: Piotnet Forms
Plugin Slug:: piotnetforms
Installations: 3,000+
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2025-32205

Plugin:: Piotnet Forms
Plugin Slug:: piotnetforms
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31793

Plugin:: Piotnet Forms
Plugin Slug:: piotnetforms
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31792

Plugin:: Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider
Plugin Slug:: sliderspack-all-in-one-image-sliders
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32152

Plugin:: Social Share Buttons & Analytics Plugin – GetSocial.io
Plugin Slug:: wp-share-buttons-analytics-by-getsocial
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32239

Plugin:: WebberZone Snippetz – Header, Body and Footer manager
Plugin Slug:: add-to-all
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31874

Plugin:: Ai Image Alt Text Generator for WP
Plugin Slug:: ai-image-alt-text-generator-for-wp
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32228

Plugin:: Ai Image Alt Text Generator for WP
Plugin Slug:: ai-image-alt-text-generator-for-wp
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32217

Plugin:: Beam me up Scotty – Back to Top Button
Plugin Slug:: beam-me-up-scotty
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31864

Plugin:: Beds24 Online Booking
Plugin Slug:: beds24-online-booking
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32155

Plugin:: Bulk NoIndex & NoFollow Toolkit
Plugin Slug:: bulk-noindex-nofollow-toolkit-by-mad-fish
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31537

Plugin:: Category Icon
Plugin Slug:: category-icon
Installations: 2,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31825

Plugin:: Docxpresso
Plugin Slug:: docxpresso
Installations: 2,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31554

Plugin:: Gallery – Photo Albums Plugin
Plugin Slug:: easy-media-gallery
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31586

Plugin:: ELEX WooCommerce Request a Quote
Plugin Slug:: elex-request-a-quote
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31406

Plugin:: Online Booking & Scheduling Calendar for WordPress by vcita
Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32238

Plugin:: MX Time Zone Clocks
Plugin Slug:: mx-time-zone-clocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31801

Plugin:: Safe Ai Malware Protection for WP
Plugin Slug:: safe-ai-malware-protection-for-wp
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31545

Plugin:: SrbTransLatin – Serbian Latinisation
Plugin Slug:: srbtranslatin
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31421

Plugin:: Timeline Event History
Plugin Slug:: timeline-event-history
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31595

Plugin:: Tockify Events Calendar
Plugin Slug:: tockify-events-calendar
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32174

Plugin:: Directory Listings WordPress plugin – uListing
Plugin Slug:: ulisting
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32122

Plugin:: WP Modal Popup with Cookie Integration
Plugin Slug:: wp-modal-popup-with-cookie-integration
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31772

Plugin:: WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce
Plugin Slug:: wp-optin-wheel
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31824

Plugin:: WordPress Simple HTML Sitemap
Plugin Slug:: wp-simple-html-sitemap
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31822

Plugin:: WPoperation Elementor Addons
Plugin Slug:: wpop-elementor-addons
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31823

Plugin:: Black Widgets For Elementor
Plugin Slug:: black-widgets
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31869

Plugin:: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32151

Plugin:: BuddyPress Members Only
Plugin Slug:: buddypress-members-only
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31812

Plugin:: Cal.com
Plugin Slug:: cal-com
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31604

Plugin:: CLP – Custom Login Page by NiteoThemes
Plugin Slug:: clp-custom-login-page
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31769

Plugin:: Contact Form Builder by vcita
Plugin Slug:: contact-form-with-a-meeting-scheduler-by-vcita
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32199

Plugin:: Cryptocurrency Widgets Pack
Plugin Slug:: cryptocurrency-widgets-pack
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31539

Plugin:: DirectoryPress – Business Directory And Classified Ad Listing
Plugin Slug:: directorypress
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32249

Plugin:: Astra Security Suite – Firewall & Malware Scan
Plugin Slug:: getastra
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31774

Plugin:: Gutena Kit – Gutenberg Blocks and Templates
Plugin Slug:: gutena-kit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31805

Plugin:: JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin
Plugin Slug:: jobwp
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32265

Plugin:: Nova Blocks by Pixelgrade
Plugin Slug:: nova-blocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31819

Plugin:: onOffice for WP-Websites
Plugin Slug:: onoffice-for-wp-websites
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32127

Plugin:: PDF Generator Addon for Elementor Page Builder
Plugin Slug:: pdf-generator-addon-for-elementor-page-builder
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31850

Plugin:: RestroPress – Online Food Ordering System
Plugin Slug:: restropress
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31877

Plugin:: Table Block by RioVizual – Comparison Table, Pricing Table, and Pros & Cons Box for Gutenberg
Plugin Slug:: riovizual
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32278

Plugin:: Sequential Order Numbers for WooCommerce
Plugin Slug:: sequential-order-numbers-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32263

Plugin:: Sidebar Manager Light
Plugin Slug:: sidebar-manager-light
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32112

Plugin:: Simple Sticky Add To Cart For WooCommerce
Plugin Slug:: sticky-add-to-cart-woo
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31854

Plugin:: Swiss Toolkit For WP
Plugin Slug:: swiss-toolkit-for-wp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31546

Plugin:: Swiss Toolkit For WP
Plugin Slug:: swiss-toolkit-for-wp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31544

Plugin:: Table Block by Tableberg – Best WordPress Table Plugin
Plugin Slug:: tableberg
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32171

Plugin:: Video Playlist For YouTube
Plugin Slug:: video-playlist-for-youtube
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32183

Plugin:: Price by Quantity & Bulk Quantity Discounts for WooCommerce
Plugin Slug:: wholesale-pricing-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31598

Plugin:: WordPress Webinar Plugin – WebinarPress
Plugin Slug:: wp-webinarsystem
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31883

Plugin:: WordPress Webinar Plugin – WebinarPress
Plugin Slug:: wp-webinarsystem
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31882

Plugin:: WP AdCenter – Ad Manager & Adsense Ads
Plugin Slug:: wpadcenter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31860

Plugin:: mb.YTPlayer for background videos
Plugin Slug:: wpmbytplayer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31782

Plugin:: Follow Us Badges
Plugin Slug:: wpsite-follow-us-badges
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31804

Plugin:: B Blocks – The ultimate block collection
Plugin Slug:: b-blocks
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32173

Plugin:: ContentBot AI Writer (ChatGPT, GPT4)
Plugin Slug:: content-bot
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31818

Plugin:: FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor
Plugin Slug:: post-block
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31875

Plugin:: Post Custom Templates Lite
Plugin Slug:: post-custom-templates-lite
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31767

Plugin:: Real Estate Manager – Property Listing and Agent Management
Plugin Slug:: real-estate-manager
Installations: 900+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32150

Plugin:: Rollbar
Plugin Slug:: rollbar
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32250

Plugin:: Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
Plugin Slug:: ultimate-store-kit
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32184

Plugin:: UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)
Plugin Slug:: ultraaddons-elementor-lite
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32264

Plugin:: 404 Image Redirection (Replace Broken Images)
Plugin Slug:: broken-images-redirection
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32266

Plugin:: Doppler Forms
Plugin Slug:: doppler-form
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32165

Plugin:: JS Job Manager
Plugin Slug:: js-jobs
Installations: 800+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32146

Plugin:: JS Job Manager
Plugin Slug:: js-jobs
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31868

Plugin:: JS Job Manager
Plugin Slug:: js-jobs
Installations: 800+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31867

Plugin:: Product Notices for WooCommerce
Plugin Slug:: product-notices-for-woocommerce
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31807

Plugin:: Query Wrangler
Plugin Slug:: query-wrangler
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31779

Plugin:: Revive.so – Bulk Rewrite and Republish Blog Posts
Plugin Slug:: revive-so
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32233

Plugin:: SheetDB – get your Google Spreadsheet data
Plugin Slug:: sheetdb
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31873

Plugin:: TailPress – Tailwind for WordPress
Plugin Slug:: tailpress
Installations: 800+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31558

Plugin:: TuriTop Booking System
Plugin Slug:: turitop-booking-system
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31541

Plugin:: Widget Manager Light
Plugin Slug:: widget-manager-light
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31768

Plugin:: AI Content Creator – Easy ChatGPT powered article generator
Plugin Slug:: ai-content-creator
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32247

Plugin:: Group Chat & Video Chat by AtomChat
Plugin Slug:: atomchat
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31831

Plugin:: Group Chat & Video Chat by AtomChat
Plugin Slug:: atomchat
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31532

Plugin:: Broadstreet
Plugin Slug:: broadstreet
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32211

Plugin:: Broadstreet
Plugin Slug:: broadstreet
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32270

Plugin:: Easy!Appointments
Plugin Slug:: easyappointments
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31828

Plugin:: Magical Blocks – Premium Gutenberg Blocks
Plugin Slug:: magical-blocks
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31844

Plugin:: Accessibility Suite by Ability, Inc
Plugin Slug:: online-accessibility
Installations: 700+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32215

Plugin:: QR Code Tag for WC order emails, POS receipt emails, PDF invoices, PDF packing slips, Blog posts, Custom post types and Pages (from goaskle.com)
Plugin Slug:: qr-code-tag-for-wc-from-goaskle-com
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32268

Plugin:: SCSS WP Editor
Plugin Slug:: scss-wp-editor
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31808

Plugin:: Simple Owl Carousel
Plugin Slug:: simple-owl-carousel
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31535

Plugin:: Slider Path for Elementor
Plugin Slug:: slider-path
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31529

Plugin:: SnapWidget Social Photo Feed Widget
Plugin Slug:: snapwidget-wp-instagram-widget
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31760

Plugin:: StaticPress
Plugin Slug:: staticpress
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31528

Plugin:: Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets™
Plugin Slug:: sync-wc-google
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31852

Plugin:: WP Plugin Info Card
Plugin Slug:: wp-plugin-info-card
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31835

Plugin:: SMS Abandoned Cart Recovery ? CartBoss
Plugin Slug:: cartboss
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31865

Plugin:: Custom Database Applications by Caspio
Plugin Slug:: custom-database-applications-by-caspio
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31559

Plugin:: Daisycon prijsvergelijkers
Plugin Slug:: daisycon
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32148

Plugin:: Embed Chessboard
Plugin Slug:: embed-chessboard
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32177

Plugin:: Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more
Plugin Slug:: embed-extended
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31784

Plugin:: FPW Category Thumbnails
Plugin Slug:: fpw-category-thumbnails
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31841

Plugin:: Google SEO Pressor for Rich snippets
Plugin Slug:: google-seo-author-snippets
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31775

Plugin:: Google SEO Pressor for Rich snippets
Plugin Slug:: google-seo-author-snippets
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31530

Plugin:: History Log by click5
Plugin Slug:: history-log-by-click5
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31531

Plugin:: Integration of Zoho CRM and Contact Form 7
Plugin Slug:: integration-of-zoho-crm-and-contact-form-7
Installations: 600+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31821

Plugin:: Contact Form, Drag and Drop Form Builder Plugin – Live Forms
Plugin Slug:: liveforms
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32279

Plugin:: My auctions allegro
Plugin Slug:: my-auctions-allegro-free-edition
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31542

Plugin:: OwnerRez
Plugin Slug:: ownerrez
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31814

Plugin:: Behance Portfolio Manager
Plugin Slug:: portfolio-manager-powered-by-behance
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32124

Plugin:: Behance Portfolio Manager
Plugin Slug:: portfolio-manager-powered-by-behance
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31526

Plugin:: Publitio
Plugin Slug:: publitio
Installations: 600+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31800

Plugin:: Publitio
Plugin Slug:: publitio
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31799

Plugin:: Publitio
Plugin Slug:: publitio
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31798

Plugin:: Question Answer
Plugin Slug:: question-answer
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31810

Plugin:: Sheet2Site
Plugin Slug:: sheet2site
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31762

Plugin:: Showeblogin Social Plugin
Plugin Slug:: showeblogin-facebook-page-like-box
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32169

Plugin:: Simple Post Expiration
Plugin Slug:: simple-post-expiration
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31734

Plugin:: SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
Plugin Slug:: surveyjs
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32256

Plugin:: SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
Plugin Slug:: surveyjs
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32167

Plugin:: TextMe SMS
Plugin Slug:: textme-sms-integration
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31789

Plugin:: UPC/EAN/GTIN Code Generator
Plugin Slug:: upc-ean-barcode-generator
Installations: 600+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31878

Plugin:: Uptime Robot Plugin for WordPress
Plugin Slug:: uptime-robot-monitor
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31776

Plugin:: Uptime Robot Plugin for WordPress
Plugin Slug:: uptime-robot-monitor
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31562

Plugin:: Uptime Robot Plugin for WordPress
Plugin Slug:: uptime-robot-monitor
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31547

Plugin:: Woocommerce Role Pricing
Plugin Slug:: woocommerce-role-pricing
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32271

Plugin:: WP Link Preview
Plugin Slug:: wp-link-preview
Installations: 600+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31527

Plugin:: WP Proposals
Plugin Slug:: wp-proposals
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31837

Plugin:: 1 Click WordPress Migration Plugin – 100% FREE for a limited time
Plugin Slug:: 1-click-migration
Installations: 500+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32257

Plugin:: ACME Divi Modules
Plugin Slug:: acme-divi-modules
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31540

Plugin:: Advanced Speed Increaser
Plugin Slug:: advanced-speed-increaser
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31753

Plugin:: WordPress Appointment Booking and Online Scheduling Plugin by Appointy
Plugin Slug:: appointy-appointment-scheduler
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31601

Plugin:: Cache control by Cacholong
Plugin Slug:: cache-control-by-cacholong
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31764

Plugin:: Cache control by Cacholong
Plugin Slug:: cache-control-by-cacholong
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31763

Plugin:: CF7 Spreadsheets
Plugin Slug:: cf7-spreadsheets
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31536

Plugin:: CF7 Spreadsheets
Plugin Slug:: cf7-spreadsheets
Installations: 500+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31603

Plugin:: Checklist
Plugin Slug:: checklist
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31538

Plugin:: Official CleverReach® Plugin for WooCommerce
Plugin Slug:: cleverreach-wc
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32241

Plugin:: Display product variations dropdown on shop page
Plugin Slug:: display-product-variations-dropdown-on-shop-page
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32226

Plugin:: Twice Commerce – Easy Rental Booking System
Plugin Slug:: embed-rentle
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31543

Plugin:: Freetobook Responsive Widget
Plugin Slug:: freetobook-responsive-widget
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32273

Plugin:: FunnelCockpit
Plugin Slug:: funnelcockpit
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32132

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31862

Plugin:: Leartes TRY Exchange Rates
Plugin Slug:: leartes-try-exchange-rates
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31783

Plugin:: Social Intents – Live Chat and ChatGPT Chatbots
Plugin Slug:: live-chat-support-by-social-intents
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32131

Plugin:: m1.DownloadList
Plugin Slug:: m1downloadlist
Installations: 500+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32164

Plugin:: Ni WooCommerce Cost Of Goods
Plugin Slug:: ni-woocommerce-cost-of-goods
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32207

Plugin:: Ni WooCommerce Cost Of Goods
Plugin Slug:: ni-woocommerce-cost-of-goods
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31826

Plugin:: RDP Wiki Embed
Plugin Slug:: rdp-wiki-embed
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32262

Plugin:: Theme Duplicator
Plugin Slug:: theme-duplicator
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31845

Plugin:: VG WooCarousel
Plugin Slug:: vg-woocarousel
Installations: 500+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32153

Plugin:: Webling
Plugin Slug:: webling
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31806

Plugin:: Wishlist
Plugin Slug:: wishlist
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32272

Plugin:: WP Clone any post type
Plugin Slug:: wp-clone-any-post-type
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31872

Plugin:: WP Clone any post type
Plugin Slug:: wp-clone-any-post-type
Installations: 500+
Vulnerability:: Unvalidated Redirects and Forwards
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31871

Plugin:: Administrator Z
Plugin Slug:: administrator-z
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32276

Plugin:: Administrator Z
Plugin Slug:: administrator-z
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32187

Plugin:: Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Plugin Slug:: ai-auto-tool
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31564

Plugin:: Appointify
Plugin Slug:: appointify
Installations: 400+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31577

Plugin:: Auto scroll for reading
Plugin Slug:: auto-scroll-for-reading
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31594

Plugin:: Breaking News WP
Plugin Slug:: breaking-news-wp
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31751

Plugin:: Breaking News WP
Plugin Slug:: breaking-news-wp
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31750

Plugin:: Chamber Dashboard Business Directory
Plugin Slug:: chamber-dashboard-business-directory
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32162

Plugin:: CRM WordPress Plugin – RepairBuddy
Plugin Slug:: computer-repair-shop
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32277

Plugin:: Dima Take Action
Plugin Slug:: dima-take-action
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31742

Plugin:: Pin Generator
Plugin Slug:: pin-generator
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31791

Plugin:: Planyo online reservation system
Plugin Slug:: planyo-online-reservation-system
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31811

Plugin:: RSVPMaker
Plugin Slug:: rsvpmaker
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31552

Plugin:: Spider Elements – Crafted UX First Addons for Elementor
Plugin Slug:: spider-elements
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32216

Plugin:: Spider Elements – Crafted UX First Addons for Elementor
Plugin Slug:: spider-elements
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32182

Plugin:: TZ Plus Gallery
Plugin Slug:: tz-plus-gallery
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31756

Plugin:: Woocommerce Advanced Product Organizer – Dynamic Sorting & Reordering
Plugin Slug:: vagonic-sortable
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32236

Plugin:: Advanced WooCommerce Product Sales Reporting – Statistics & Forecast
Plugin Slug:: webd-woocommerce-advanced-reporting-statistics
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31553

Plugin:: WP AutoKeyword
Plugin Slug:: wp-autokeyword
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31870

Plugin:: WP AutoKeyword
Plugin Slug:: wp-autokeyword
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31579

Plugin:: WP w3all phpBB
Plugin Slug:: wp-w3all-phpbb-integration
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32274

Plugin:: BWD Elementor Addons (2500+ presets, Meet The Team, Lottie, Lord Icon, Masking, Woocommerce, Theme Builder, Products, Blogs, CV, Contact Form 7 Styler, Header, Slider, Hero Section)
Plugin Slug:: bwd-elementor-addons
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32189

Plugin:: Contact Form vCard Generator
Plugin Slug:: contact-form-vcard-generator
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31582

Plugin:: ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons)
Plugin Slug:: css-for-elementor
Installations: 300+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31796

Plugin:: Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages
Plugin Slug:: embedding-barcodes-into-product-pages-and-orders
Installations: 300+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31879

Plugin:: Labinator Content Types Duplicator
Plugin Slug:: labinator-content-types-duplicator
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31809

Plugin:: Musician’s Pack for Elementor – Music Website Widgets & Templates
Plugin Slug:: music-pack-for-elementor
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32190

Plugin:: PhotoShelter for Photographers Blog Feed Plugin
Plugin Slug:: photoshelter-official-plugin
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31766

Plugin:: TableOn – WordPress Posts Table Filterable
Plugin Slug:: posts-table-filterable
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32218

Plugin:: Silvasoft boekhouden
Plugin Slug:: silvasoft-boekhouden
Installations: 300+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32125

Plugin:: SimplyRETS Real Estate IDX
Plugin Slug:: simply-rets
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31011

Plugin:: Viral Loops WP Integration
Plugin Slug:: viral-loops-wp-integration
Installations: 300+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31842

Plugin:: ACF City Selector
Plugin Slug:: acf-city-selector
Installations: 200+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31832

Plugin:: Auto Post After Image Upload
Plugin Slug:: auto-post-after-image-upload
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31611

Plugin:: Connector to CiviCRM with CiviMcRestFace
Plugin Slug:: connector-civicrm-mcrestface
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31618

Plugin:: Footer Contacts Bar
Plugin Slug:: dn-footer-contacts
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31839

Plugin:: Export All Post Meta
Plugin Slug:: export-all-post-meta
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31856

Plugin:: Fonts Manager | Custom Fonts
Plugin Slug:: fonts-manager-custom-fonts
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31578

Plugin:: Leadfox for WordPress
Plugin Slug:: leadfox
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31585

Plugin:: News Element Elementor Blog Magazine
Plugin Slug:: news-element
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32191

Plugin:: Ni WooCommerce Product Enquiry
Plugin Slug:: ni-woocommerce-product-enquiry
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31580

Plugin:: PeproDev CF7 Database
Plugin Slug:: pepro-cf7-database
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31573

Plugin:: Send E-mail
Plugin Slug:: send-e-mail
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31592

Plugin:: Shiptimize for WooCommerce
Plugin Slug:: shiptimize-for-woocommerce
Installations: 200+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31802

Plugin:: SMM API
Plugin Slug:: smm-api
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31855

Plugin:: SwiftXR (3D/AR/VR) Viewer
Plugin Slug:: swiftxr-3darvr-viewer
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32248

Plugin:: Variable Inspector
Plugin Slug:: variable-inspector
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32229

Plugin:: Welcome Popup
Plugin Slug:: welcome-popup
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31605

Plugin:: Gift Cards for WooCommerce
Plugin Slug:: woo-giftcards
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31781

Plugin:: WP Copy Media URL
Plugin Slug:: wp-copy-media-url
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31583

Plugin:: 5sterrenspecialist
Plugin Slug:: 5-sterrenspecialist
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32114

Plugin:: AdMail – Multilingual Back in-Stock Notifier for WooCommerce
Plugin Slug:: admail
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32234

Plugin:: Related Posts Widget with Thumbnails
Plugin Slug:: advanced-css3-related-posts-widget
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31570

Plugin:: Agency Toolkit
Plugin Slug:: agency-toolkit
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31863

Plugin:: Apimo Connector
Plugin Slug:: apimo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31602

Plugin:: Author Bio Shortcode
Plugin Slug:: author-bio-shortcode
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31731

Plugin:: CBX Poll
Plugin Slug:: cbxpoll
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31612

Plugin:: Clockinator Lite
Plugin Slug:: clockify-lite
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31777

Plugin:: Content Manager Light
Plugin Slug:: content-manager-light
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31770

Plugin:: ContentMX Content Publisher
Plugin Slug:: contentmx-content-publisher
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31555

Plugin:: Course Booking System
Plugin Slug:: course-booking-system
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32253

Plugin:: Custom Content Scrollbar
Plugin Slug:: custom-content-scrollbar
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31574

Plugin:: DobsonDev Shortcodes
Plugin Slug:: dobsondev-shortcodes
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31754

Plugin:: Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking
Plugin Slug:: easync-booking
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32219

Plugin:: WordPress Testimonials Slider
Plugin Slug:: elfsight-testimonials-slider
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31588

Plugin:: WordPress Testimonials Slider
Plugin Slug:: elfsight-testimonials-slider
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31587

Plugin:: WordPress Testimonials Slider
Plugin Slug:: elfsight-testimonials-slider
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31584

Plugin:: Footnotes for WordPress
Plugin Slug:: footnotes-for-wordpress
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31735

Plugin:: Free Woocommerce Product Table View – Woo Table Pro
Plugin Slug:: free-product-table-for-woocommerce
Installations: 100+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31758

Plugin:: Free Woocommerce Product Table View – Woo Table Pro
Plugin Slug:: free-product-table-for-woocommerce
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31757

Plugin:: Video & Photo Gallery for Ultimate Member
Plugin Slug:: gallery-for-ultimate-member
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32121

Plugin:: GB Gallery Slideshow
Plugin Slug:: gb-gallery-slideshow
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31732

Plugin:: GDPR Cookie Notice
Plugin Slug:: gdpr-cookie-notice
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31765

Plugin:: JobBoard Job listing plugin
Plugin Slug:: job-board-light
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31834

Plugin:: JobBoard Job listing plugin
Plugin Slug:: job-board-light
Installations: 100+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31833

Plugin:: Local Magic
Plugin Slug:: local-magic
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31858

Plugin:: Opal Portfolio
Plugin Slug:: opal-portfolios
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31748

Plugin:: OpenAI Tools for WordPress & WooCommerce
Plugin Slug:: openai-tools-for-wp-wc
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31843

Plugin:: Pay with Contact Form 7
Plugin Slug:: pay-with-contact-form-7
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32126

Plugin:: Payday
Plugin Slug:: payday
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31876

Plugin:: Popping Content Light
Plugin Slug:: popping-content-light
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32115

Plugin:: QR Master
Plugin Slug:: qr-master
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32116

Plugin:: Review Manager
Plugin Slug:: review-manager
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31836

Plugin:: Rio Video Gallery
Plugin Slug:: rio-video-gallery
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31566

Plugin:: Ship Per Product
Plugin Slug:: ship-per-product
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31773

Plugin:: Simple-Audioplayer
Plugin Slug:: simple-audioplayer
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31607

Plugin:: Simple Website Logo
Plugin Slug:: simple-website-logo
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32258

Plugin:: SP Blog Designer
Plugin Slug:: sp-blog-designer
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31606

Plugin:: StaffList
Plugin Slug:: stafflist
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32255

Plugin:: StaffList
Plugin Slug:: stafflist
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32232

Plugin:: Team Members for Elementor Page Builder
Plugin Slug:: team-members-for-elementor
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31771

Plugin:: The Logo Slider
Plugin Slug:: the-logo-slider
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31571

Plugin:: Ultimate Live Cricket WordPress Lite
Plugin Slug:: ultimate-live-cricket-lite
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31597

Plugin:: LeadLab by wiredminds
Plugin Slug:: wiredminds-leadlab
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31568

Plugin:: WooTumblog
Plugin Slug:: woo-tumblog
Installations: 100+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31729

Plugin:: WP Video Playlist
Plugin Slug:: wp-video-playlist
Installations: 100+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31581

Plugin:: WP Sitemap
Plugin Slug:: wpsitemap
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31733

Plugin:: AB Google Map Travel (AB-MAP)
Plugin Slug:: ab-google-map-travel
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31613

Plugin:: WordPress Adverts Plugin – Adverts Click Tracker
Plugin Slug:: adverts-click-tracker
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31848

Plugin:: Clients
Plugin Slug:: clients
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31746

Plugin:: CookieHint WP
Plugin Slug:: cookiehint-wp
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31608

Plugin:: CoverManager
Plugin Slug:: covermanager
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31620

Plugin:: Minimalistic Event Manager
Plugin Slug:: minimalistic-event-manager
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31739

Plugin:: AI Search Bar
Plugin Slug:: open-ai-search-bar
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31563

Plugin:: WR Price List Manager For Woocommerce
Plugin Slug:: wr-price-list-for-woocommerce
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31794

Plugin:: Advanced Typekit
Plugin Slug:: advanced-typekit
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31622

Plugin:: byBrick Accordion
Plugin Slug:: bybrick-accordion
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31621

Plugin:: CM Registration – Tailored tool for seamless login and invitation-based registrations
Plugin Slug:: cm-invitation-codes
Installations: 80+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32210

Plugin:: Subscription Form for Feedblitz
Plugin Slug:: feedblitz-email-subscription
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31745

Plugin:: LeadQuizzes
Plugin Slug:: leadquizzes
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31738

Plugin:: SWM – Shopify to WooCommerce Migration
Plugin Slug:: migrate-shopify-to-woocommerce
Installations: 80+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31795

Plugin:: News, Magazine and Blog Elements
Plugin Slug:: news-magazine-and-blog-elements
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31740

Plugin:: OpenMenu – The official plugin for OpenMenu
Plugin Slug:: open-menu
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31593

Plugin:: wordpress related Posts with thumbnails
Plugin Slug:: related-posts-list-grid-and-slider-all-in-one
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31569

Plugin:: ShopCred – WooCommerce Builder with Products Grid & Carousel Block
Plugin Slug:: shopcred
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31829

Plugin:: Terms Before Download
Plugin Slug:: terms-before-download
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31614

Plugin:: Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More
Plugin Slug:: ultimate-push-notifications
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31548

Plugin:: Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More
Plugin Slug:: ultimate-push-notifications
Installations: 80+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31561

Plugin:: Varnish WordPress
Plugin Slug:: varnish-wp
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31616

Plugin:: 6Storage Rentals
Plugin Slug:: 6storage-rentals
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32178

Plugin:: Append Content
Plugin Slug:: append-content
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31780

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32242

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32208

Plugin:: Hypotext
Plugin Slug:: hypotext
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31761

Plugin:: Marketer Addons
Plugin Slug:: marketer-addons
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31730

Plugin:: PostmarkApp Email Integrator
Plugin Slug:: postmarkapp-email-integrator
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31617

Plugin:: PostmarkApp Email Integrator
Plugin Slug:: postmarkapp-email-integrator
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31576

Plugin:: Radius Blocks – WordPress Gutenberg Blocks
Plugin Slug:: radius-blocks
Installations: 70+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32159

Plugin:: Rich Text Editor
Plugin Slug:: richtexteditor
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31736

Plugin:: Rich Text Editor
Plugin Slug:: richtexteditor
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31623

Plugin:: AI Content Writer, Autoblogging, Youtube Subtitle to Article – SEO Help
Plugin Slug:: seo-help
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32244

Plugin:: Simple Contact Forms
Plugin Slug:: simple-contact-forms
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31615

Plugin:: Actionwear products sync
Plugin Slug:: actionwear-products-sync
Installations: 60+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31619

Plugin:: Boo Recipes
Plugin Slug:: boo-recipes
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31759

Plugin:: Catch Dark Mode
Plugin Slug:: catch-dark-mode
Installations: 60+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32154

Plugin:: Easy Magazine
Plugin Slug:: filtr8-magazine
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31741

Plugin:: Infusionsoft Web Form JavaScript
Plugin Slug:: infusionsoft-web-form-javascript
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31629

Plugin:: pCloud Backup
Plugin Slug:: pcloud-backup
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31755

Plugin:: Processing Projects
Plugin Slug:: processing-projects
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31624

Plugin:: Sprout Clients – CRM and Lead Management
Plugin Slug:: sprout-clients
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31797

Plugin:: Turbo Addons Elementor
Plugin Slug:: turbo-addons-elementor
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32186

Plugin:: Useinfluence
Plugin Slug:: useinfluence
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31625

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32254

Plugin:: WP Genealogy – Your Family History Website
Plugin Slug:: wpgenealogy
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32252

Plugin:: Bulk Fields Editor
Plugin Slug:: bulk-user-editor
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31752

Plugin:: Chat by Chatwee
Plugin Slug:: chatwee
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31596

Plugin:: Easy WP Optimizer – Optimize DB & WordPress
Plugin Slug:: easy-wp-optimizer
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32147

Plugin:: Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme
Plugin Slug:: gp-notification-bar
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31610

Plugin:: Lightweight and Responsive Youtube Embed
Plugin Slug:: lightweight-and-responsive-youtube-embed
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31744

Plugin:: Lightweight and Responsive Youtube Embed
Plugin Slug:: lightweight-and-responsive-youtube-embed
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31743

Plugin:: Shopper Approved Reviews
Plugin Slug:: shopperapproved-reviews
Installations: 50+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3063

Plugin:: WP Chrono
Plugin Slug:: wp-chrono
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31747

Plugin:: BlockWheels
Plugin Slug:: blockwheels
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31817

Plugin:: Client Showcase
Plugin Slug:: client-showcase
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31737

Plugin:: DesignO
Plugin Slug:: designo
Installations: 40+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31600

Plugin:: Posts Footer Manager
Plugin Slug:: intelly-posts-footer-manager
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32130

Plugin:: Welcome Bar
Plugin Slug:: intelly-welcome-bar
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32129

Plugin:: Sparkle Elementor Kit
Plugin Slug:: sparkle-elementor-kit
Installations: 30+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32157

Plugin:: Simple Fixed Notice
Plugin Slug:: dn-cookie-notice
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31840

Plugin:: Donate Me
Plugin Slug:: donate-me
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31778

Plugin:: Design Blocks – Gutenberg Blocks collection
Plugin Slug:: exclusive-blocks
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31815

Plugin:: ShipDepot for WooCommerce
Plugin Slug:: ship-depot
Installations: 20+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31866

Plugin:: Smartarget Popup
Plugin Slug:: smartarget-popup
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31853

Plugin:: Turisbook Booking System
Plugin Slug:: turisbook-booking-system
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31803

Plugin:: AIO Performance Profiler, Monitor, Optimize, Compress & Debug
Plugin Slug:: all-in-one-performance-accelerator
Installations: 10+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31788

Plugin:: Ethiopian Calendar
Plugin Slug:: ethiopian-calendar
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31589

Plugin:: Eventbee RSVP Widget
Plugin Slug:: eventbee-rsvp-widget
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31838

Plugin:: HMH Footer Builder For Elementor
Plugin Slug:: hmh-footer-builder-for-elementor
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31749

Plugin:: Just Post Preview Widget
Plugin Slug:: just-post-preview
Installations: 10+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32156

Plugin:: Nearby Locations
Plugin Slug:: nearby-locations
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32128

Plugin:: Nemesis All-in-One | Newspaper Builder Elementor Extention
Plugin Slug:: nemesis-all-in-one
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31849

Plugin:: Support Helpdesk Ticket System Lite
Plugin Slug:: ticket-help-desk-system-lite
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31626

Plugin:: WPSHARE247 Elementor Addons
Plugin Slug:: wpshare247-elementor-addons
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31813

Plugin:: 1-Click Backup & Restore Database
Plugin Slug:: 1-click-backup-restore-database-by-sunbytes
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32246

Plugin:: AAWP Obfuscator
Plugin Slug:: aawp-obfuscator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3432

Plugin:: ABC Notation
Plugin Slug:: abc-notation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31895

Plugin:: Advanced Advertising System
Plugin Slug:: advanced-advertising-system
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3433

Plugin:: Advanced Search by My Solr Server
Plugin Slug:: advanced-search-by-my-solr-server
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3099

Plugin:: AI Content Pipelines
Plugin Slug:: ai-content-pipelines
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2544

Plugin:: Apptivo Business Site CRM
Plugin Slug:: apptivo-business-site
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31909

Plugin:: Arkhe Blocks
Plugin Slug:: arkhe-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32161

Plugin:: Arrow Custom Feed for Twitter
Plugin Slug:: arrow-twitter-feed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31897

Plugin:: Awesome Logos
Plugin Slug:: awesome-logos
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31899

Plugin:: Booking Calendar and Notification
Plugin Slug:: booking-calendar-and-notification
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31381

Plugin:: Booking Calendar and Notification
Plugin Slug:: booking-calendar-and-notification
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31403

Plugin:: WordPress Booking plugin for Appointment Calendar and Woocommcerce Booking – Bookingor
Plugin Slug:: bookingor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32231

Plugin:: BookingPress
Plugin Slug:: bookingpress-appointment-booking
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31910

Plugin:: Botnet Attack Blocker
Plugin Slug:: botnet-attack-blocker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31893

Plugin:: CGM Event Calendar
Plugin Slug:: cgm-event-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31462

Plugin:: Clearbit Reveal
Plugin Slug:: clearbit
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31785

Plugin:: Delete Post Revision
Plugin Slug:: delete-post-revision
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31454

Plugin:: Demo Awesome
Plugin Slug:: demo-awesome
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13637

Plugin:: DigiWidgets Image Editor
Plugin Slug:: digiwidgets-image-editor
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30580

Plugin:: Multi Days Events and Multi Events in One Day Calendar
Plugin Slug:: dragon-calendar-free-version
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31572

Plugin:: DyaPress ERP/CRM
Plugin Slug:: dyapress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30582

Plugin:: ZoomSounds
Plugin Slug:: dzs-zoomsounds
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3431

Plugin:: ZoomSounds
Plugin Slug:: dzs-zoomsounds
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13776

Plugin:: ZoomSounds
Plugin Slug:: dzs-zoomsounds
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0839

Plugin:: Easy Contact
Plugin Slug:: easy-contact
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30970

Plugin:: Easy Query – WP Query Builder
Plugin Slug:: easy-query
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32120

Plugin:: Ebook Downloader
Plugin Slug:: ebook-downloader
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31904

Plugin:: Ebook Downloader
Plugin Slug:: ebook-downloader
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31894

Plugin:: Emma for WordPress
Plugin Slug:: emma-emarketing-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32166

Plugin:: Exit Popup Free
Plugin Slug:: exit-popup-free
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31591

Plugin:: Extensions for Elementor
Plugin Slug:: extensions-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31889

Plugin:: ez Form Calculator – WordPress plugin
Plugin Slug:: ez-form-calculator-premium
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22282

Plugin:: Fami WooCommerce Compare
Plugin Slug:: fami-woocommerce-compare
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31405

Plugin:: Flickr Photostream
Plugin Slug:: flickr-photostream
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31467

Plugin:: Frizzly
Plugin Slug:: frizzly
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30554

Plugin:: Front End Users
Plugin Slug:: front-end-only-users
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-2005

Plugin:: Front End Users
Plugin Slug:: front-end-only-users
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12410

Plugin:: GetBookingsWP
Plugin Slug:: get-bookings-wp
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31896

Plugin:: Salesmate Add-On for Gravity Forms
Plugin Slug:: gf-salesmate-add-on
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31551

Plugin:: Salesmate Add-On for Gravity Forms
Plugin Slug:: gf-salesmate-add-on
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31533

Plugin:: Gift Certificate Creator
Plugin Slug:: gift-certificate-creator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2483

Plugin:: Global Gallery
Plugin Slug:: global-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22263

Plugin:: GNUCommerce
Plugin Slug:: gnucommerce
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30985

Plugin:: Gosign – Posts Slider Block
Plugin Slug:: gosign-posts-slider-block
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31891

Plugin:: include-file
Plugin Slug:: include-file
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30596

Plugin:: Jetpack Feedback Exporter
Plugin Slug:: jetpack-feedback-exporter
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32251

Plugin:: JSON Structuring Markup
Plugin Slug:: json-structuring-markup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31908

Plugin:: KB Support
Plugin Slug:: kb-support
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13604

Plugin:: Search engine keywords highlighter
Plugin Slug:: keywords-highlight-tool
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31442

Plugin:: Lafka Plugin
Plugin Slug:: lafka-plugin
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1233

Plugin:: Latest Custom Post Type Updates
Plugin Slug:: latest-custom-post-type-updates
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30616

Plugin:: Lexicata
Plugin Slug:: lexicata
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31900

Plugin:: Limit Max IPs Per User
Plugin Slug:: limit-max-ips-per-user
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31455

Plugin:: MediaView
Plugin Slug:: mediaview
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31898

Plugin:: Melhor Envio
Plugin Slug:: melhor-envio-cotacao
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13820

Plugin:: mFolio Lite
Plugin Slug:: mfolio-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31847

Plugin:: MyBookProgress by Stormhill Media
Plugin Slug:: mybookprogress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30982

Plugin:: MyBookProgress by Stormhill Media
Plugin Slug:: mybookprogress
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31887

Plugin:: NanoSupport
Plugin Slug:: nanosupport
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31461

Plugin:: NanoSupport
Plugin Slug:: nanosupport
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31376

Plugin:: Pages Order
Plugin Slug:: pages-order
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31445

Plugin:: Posten – Gutenberg Post Block
Plugin Slug:: posten-post-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31790

Plugin:: Blubrry PowerPress Podcasting plugin MultiSite add-on
Plugin Slug:: powerpress-multisite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31436

Plugin:: RJ Quickcharts
Plugin Slug:: rj-quickcharts
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31024

Plugin:: Maps
Plugin Slug:: robo-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2279

Plugin:: SEO Tools
Plugin Slug:: seo-automatic-seo-tools
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30984

Plugin:: Sequel
Plugin Slug:: sequel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31389

Plugin:: Simple Map No Api
Plugin Slug:: simple-map-no-api
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31890

Plugin:: Simple WP Events
Plugin Slug:: simple-wp-events
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32193

Plugin:: Simple:Press
Plugin Slug:: simplepress
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31386

Plugin:: Smart Icons For WordPress
Plugin Slug:: smartifw
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2513

Plugin:: Social Share And Social Locker
Plugin Slug:: social-share-and-social-locker-arsocial
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31911

Plugin:: Social Share And Social Locker
Plugin Slug:: social-share-and-social-locker-arsocial
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31902

Plugin:: Team Builder
Plugin Slug:: team-display
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31907

Plugin:: Team Rosters
Plugin Slug:: team-rosters
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31905

Plugin:: Trackserver
Plugin Slug:: trackserver
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30961

Plugin:: Video Url
Plugin Slug:: video-sidebar-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3098

Plugin:: Videos
Plugin Slug:: videos
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31384

Plugin:: Digihood HTML Sitemap
Plugin Slug:: wedesin-html-sitemap
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31901

Plugin:: WP Bookmarks
Plugin Slug:: wp-bookmarks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31431

Plugin:: WP Church Donation
Plugin Slug:: wp-church-donation
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31410

Plugin:: WP Crowdfunding
Plugin Slug:: wp-crowdfunding
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31892

Plugin:: WordPress Galleria
Plugin Slug:: wp-galleria
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31441

Plugin:: WP_Identicon
Plugin Slug:: wp-identicon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31468

Plugin:: WP Profitshare
Plugin Slug:: wp-profitshare
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31906

Plugin:: Advanced All in One Admin Search by WP Spotlight
Plugin Slug:: wp-spotlight-search
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32261

Plugin:: wp Time Machine
Plugin Slug:: wp-time-machine
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3097

Plugin:: WP User Profiles
Plugin Slug:: wp-users-profiles
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31524

Plugin:: WP Cleaner
Plugin Slug:: wpcleaner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31446

Plugin:: Wptobe-signinup
Plugin Slug:: wptobe-signinup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30611

Plugin:: XV Random Quotes
Plugin Slug:: xv-random-quotes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31903

Plugin:: XV Random Quotes
Plugin Slug:: xv-random-quotes
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30971

Plugin:: Enable Media Replace
Plugin Slug:: enable-media-replace
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.6
Severity Score:: High
CVE:: 2025-31081

Plugin:: Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
Plugin Slug:: ml-slider
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.95.0
Severity Score:: Medium
CVE:: 2025-1203

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.143
Severity Score:: Medium
CVE:: 2025-1663

Plugin:: Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links
Plugin Slug:: broken-link-checker-seo
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.4
Severity Score:: High
CVE:: 2025-1264

Plugin:: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.34
Severity Score:: High
CVE:: 2025-0613

Plugin:: Lightbox & Modal Popup WordPress Plugin – FooBox
Plugin Slug:: foobox-image-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.34
Severity Score:: Medium
CVE:: 2025-32139

Plugin:: LuckyWP Table of Contents
Plugin Slug:: luckywp-table-of-contents
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.11
Severity Score:: High
CVE:: 2025-2299

Plugin:: Modula Image Gallery
Plugin Slug:: modula-best-grid-gallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.2
Severity Score:: Medium
CVE:: 2024-9416

Plugin:: PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.1
Severity Score:: Medium
CVE:: 2025-1512

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.25
Severity Score:: Medium
CVE:: 2025-31627

Plugin:: User Registration & Membership – Custom Registration Form, Login Form, and User Profile
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Broken Authentication
Patched in Version:: 4.1.3
Severity Score:: Critical
CVE:: 2025-2594

Plugin:: Product Filter by WBW
Plugin Slug:: woo-product-filter
Installations: 60,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.0
Severity Score:: Critical
CVE:: 2025-2317

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.64
Severity Score:: Medium
CVE:: 2024-13382

Plugin:: Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website
Plugin Slug:: simple-banner
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.5
Severity Score:: Medium
CVE:: 2024-13898

Plugin:: Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Plugin Slug:: uncanny-automator
Installations: 50,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.4.0
Severity Score:: High
CVE:: 2025-2075

Plugin:: Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.7
Severity Score:: High
CVE:: 2025-1986

Plugin:: MapPress Maps for WordPress
Plugin Slug:: mappress-google-maps-for-wordpress
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.94.9
Severity Score:: Medium
CVE:: 2025-2055

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.5
Severity Score:: High
CVE:: 2024-13708

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 40,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.2.5
Severity Score:: High
CVE:: 2024-13744

Plugin:: WPFront User Role Editor
Plugin Slug:: wpfront-user-role-editor
Installations: 40,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.2
Severity Score:: High
CVE:: 2025-3064

Plugin:: Blog Grid & Post Grid – Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer Pack
Plugin Slug:: blog-designer-pack
Installations: 30,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.1
Severity Score:: High
CVE:: 2025-31082

Plugin:: GTM Kit – Google Tag Manager & GA4 integration
Plugin Slug:: gtm-kit
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.1
Severity Score:: High
CVE:: 2025-31001

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.5
Severity Score:: High
CVE:: 2025-30905

Plugin:: User Submitted Posts – Enable Users to Submit Posts from the Front End
Plugin Slug:: user-submitted-posts
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20250327
Severity Score:: Medium
CVE:: 2025-2874

Plugin:: Import Export Suite for CSV and XML Datafeed
Plugin Slug:: wp-ultimate-csv-importer
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.19.1
Severity Score:: High
CVE:: 2025-2008

Plugin:: Import Export Suite for CSV and XML Datafeed
Plugin Slug:: wp-ultimate-csv-importer
Installations: 20,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 7.19.1
Severity Score:: High
CVE:: 2025-2007

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.4.4
Severity Score:: High
CVE:: 2025-31420

Plugin:: Countdown, Coming Soon, Maintenance – Countdown & Clock
Plugin Slug:: countdown-builder
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.9.0
Severity Score:: High
CVE:: 2025-2270

Plugin:: Countdown, Coming Soon, Maintenance – Countdown & Clock
Plugin Slug:: countdown-builder
Installations: 10,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.8.9
Severity Score:: Critical
CVE:: 2025-30841

Plugin:: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4.4
Severity Score:: Medium
CVE:: 2025-2836

Plugin:: HTML Forms – Simple WordPress Forms Plugin
Plugin Slug:: html-forms
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.2
Severity Score:: High
CVE:: 2025-31080

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.8
Severity Score:: Medium
CVE:: 2025-2889

Plugin:: Motors – Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.67
Severity Score:: Medium
CVE:: 2025-3437

Plugin:: Motors – Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.65
Severity Score:: High
CVE:: 2025-2807

Plugin:: Motors – Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.64
Severity Score:: Medium
CVE:: 2025-2808

Plugin:: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
Plugin Slug:: shortpixel-adaptive-images
Installations: 10,000+
Vulnerability:: Broken Authentication
Patched in Version:: 3.10.1
Severity Score:: Medium
CVE:: 2025-30853

Plugin:: WP Date and Time Shortcode
Plugin Slug:: wp-date-and-time-shortcode
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.8
Severity Score:: Medium
CVE:: 2025-31590

Plugin:: Automatic Featured Images from Videos
Plugin Slug:: automatic-featured-images-from-videos
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2025-31820

Plugin:: Awesome Support – WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 8,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.3.2
Severity Score:: High
CVE:: 2024-13567

Plugin:: Cue by AudioTheme.com
Plugin Slug:: cue
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2025-31787

Plugin:: Insert Headers and Footers Code – HT Script
Plugin Slug:: insert-headers-and-footers-script
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-2779

Plugin:: Drag and Drop Multiple File Upload for WooCommerce
Plugin Slug:: drag-and-drop-multiple-file-upload-for-woocommerce
Installations: 6,000+
Vulnerability:: Directory Traversal
Patched in Version:: 1.1.5
Severity Score:: Critical
CVE:: 2025-2941

Plugin:: MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.20
Severity Score:: Medium
CVE:: 2025-2789

Plugin:: SMS Alert Order Notifications – WooCommerce
Plugin Slug:: sms-alert
Installations: 5,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.8.0
Severity Score:: Critical
CVE:: 2024-13553

Plugin:: Watu Quiz
Plugin Slug:: watu
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.3
Severity Score:: High
CVE:: 2025-30844

Plugin:: Lana Downloads Manager
Plugin Slug:: lana-downloads-manager
Installations: 3,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.10.0
Severity Score:: Medium
CVE:: 2025-2048

Plugin:: Beds24 Online Booking
Plugin Slug:: beds24-online-booking
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.28
Severity Score:: Medium
CVE:: 2025-31851

Plugin:: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
Plugin Slug:: groundhogg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0
Severity Score:: Medium
CVE:: 2025-1267

Plugin:: teachPress
Plugin Slug:: teachpress
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 9.0.12
Severity Score:: High
CVE:: 2025-32149

Plugin:: Product Table by WBW
Plugin Slug:: woo-product-tables
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.5
Severity Score:: High
CVE:: 2025-31086

Plugin:: CM Header and Footer – Add custom scripts and styles to your header and footer with ease
Plugin Slug:: cm-header-footer-script-loader
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2025-31091

Plugin:: Social proof testimonials and reviews by Repuso
Plugin Slug:: social-testimonials-and-reviews-widget
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.22
Severity Score:: Medium
CVE:: 2025-31886

Plugin:: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Plugin Slug:: tour-booking-manager
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.8.8
Severity Score:: High
CVE:: 2025-30892

Plugin:: YayExtra – WooCommerce Extra Product Options
Plugin Slug:: yayextra
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.3
Severity Score:: High
CVE:: 2025-31415

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 900+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3.7
Severity Score:: High
CVE:: 2025-3430

Plugin:: Ultra Addons Lite for Elementor
Plugin Slug:: ut-elementor-addons-lite
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2025-32192

Plugin:: xili-language
Plugin Slug:: xili-language
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.21.3
Severity Score:: High
CVE:: 2025-31085

Plugin:: Feedbucket – Website Feedback Tool
Plugin Slug:: feedbucket
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2025-31859

Plugin:: WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Plugin Slug:: cf7-zendesk
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2025-32269

Plugin:: Printus – Automatic Printing Plugin for WooCommerce – Print WooCommerce Orders, PDF Invoices, Packaging Slips & More
Plugin Slug:: printus-cloud-printing-for-woocommerce
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2025-31830

Plugin:: WPC Smart Linked Products – Upsells & Cross-sells for WooCommerce
Plugin Slug:: wpc-smart-linked-products
Installations: 700+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.3.6
Severity Score:: High
CVE:: 2025-30825

Plugin:: Maps for WP
Plugin Slug:: maps-for-wp
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2025-32179

Plugin:: Theater for WordPress
Plugin Slug:: theatre
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 0.18.8
Severity Score:: Medium
CVE:: 2025-31846

Plugin:: Snow Storm
Plugin Slug:: snow-storm
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.7
Severity Score:: High
CVE:: 2025-30858

Plugin:: Testimonial – Testimonial Slider, Reviews Slider, Testimonial By AI
Plugin Slug:: testimonial
Installations: 500+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.0.14
Severity Score:: High
CVE:: 2025-30889

Plugin:: Web Directory Free
Plugin Slug:: web-directory-free
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.8
Severity Score:: High
CVE:: 2025-30908

Plugin:: WordPress Access Areas
Plugin Slug:: wp-access-areas
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.20
Severity Score:: High
CVE:: 2025-30913

Plugin:: Post to Social Media – WordPress to Hootsuite
Plugin Slug:: wp-to-hootsuite
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2025-32267

Plugin:: Team Circle Image Slider With Lightbox
Plugin Slug:: circle-image-slider-with-lightbox
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.5
Severity Score:: High
CVE:: 2019-25223

Plugin:: DeBounce Email Validator
Plugin Slug:: debounce-io-email-validator
Installations: 400+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.71
Severity Score:: High
CVE:: 2025-31098

Plugin:: Plugin Oficial – Getnet para WooCommerce
Plugin Slug:: wc-checkout-getnet
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.0
Severity Score:: High
CVE:: 2025-30906

Plugin:: Order Splitter for WooCommerce
Plugin Slug:: woo-order-splitter
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 5.3.1
Severity Score:: High
CVE:: 2025-31089

Plugin:: CardGate Payments for WooCommerce
Plugin Slug:: cardgate
Installations: 300+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.2
Severity Score:: High
CVE:: 2025-32119

Plugin:: Falling Things
Plugin Slug:: falling-things
Installations: 300+
Vulnerability:: SQL Injection
Patched in Version:: 1.09
Severity Score:: High
CVE:: 2025-32203

Plugin:: Search, Filters & Merchandising for WooCommerce
Plugin Slug:: instantsearch-for-woocommerce
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.59
Severity Score:: Medium
CVE:: 2025-32181

Plugin:: Mobile App Canvas – Convert your Website Into an App for iOS and Android
Plugin Slug:: mobile-app
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.3
Severity Score:: Medium
CVE:: 2025-31816

Plugin:: Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
Plugin Slug:: v-form
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.10
Severity Score:: High
CVE:: 2025-30778

Plugin:: Next-Cart Store to WooCommerce Migration
Plugin Slug:: nextcart-woocommerce-migration
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.5
Severity Score:: Critical
CVE:: 2025-30807

Plugin:: Oracle Cards Lite
Plugin Slug:: oracle-cards
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2025-30852

Plugin:: Perfect Font Awesome Integration
Plugin Slug:: perfect-font-awesome-integration
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.1
Severity Score:: Medium
CVE:: 2025-31861

Plugin:: Residential Address Detection
Plugin Slug:: residential-address-detection
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.5
Severity Score:: Medium
CVE:: 2025-30916

Plugin:: Total processing card payments for WooCommerce
Plugin Slug:: totalprocessing-card-payments
Installations: 200+
Vulnerability:: Arbitrary File Download
Patched in Version:: 7.1.6
Severity Score:: Medium
CVE:: 2025-32209

Plugin:: Big Boom Directory
Plugin Slug:: big-boom-directory
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-13673

Plugin:: GreenPay(tm) by Green.Money
Plugin Slug:: green-money-payment-gateway
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.0.10
Severity Score:: Medium
CVE:: 2025-2882

Plugin:: WordPress Internal Link Optimiser
Plugin Slug:: internal-link-finder
Installations: 100+
Vulnerability:: Settings Change
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2025-32243

Plugin:: Shopper – Affiliate Link Management, 25000+ Brand Partnerships & Creative Product Displays
Plugin Slug:: shopper
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.6
Severity Score:: Critical
CVE:: 2025-31534

Plugin:: Material Dashboard
Plugin Slug:: material-dashboard
Installations: 80+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.6
Severity Score:: High
CVE:: 2025-31097

Plugin:: Norse Rune Oracle Plugin
Plugin Slug:: norse-runes-oracle
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2025-31884

Plugin:: Small Package Quotes – Worldwide Express Edition
Plugin Slug:: small-package-quotes-wwe-edition
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.20
Severity Score:: Medium
CVE:: 2025-30915

Plugin:: Small Package Quotes – Worldwide Express Edition
Plugin Slug:: small-package-quotes-wwe-edition
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.19
Severity Score:: High
CVE:: 2025-31078

Plugin:: Awesome Event Booking
Plugin Slug:: awesome-event-booking
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.5
Severity Score:: High
CVE:: 2025-31416

Plugin:: Accept SagePay Payments Using Contact Form 7
Plugin Slug:: accept-sagepay-payments-using-contact-form-7
Installations: 10+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2025-2883

Plugin:: coreActivity: Activity Logging for WordPress
Plugin Slug:: coreactivity
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2025-3436

Plugin:: Bridge Core
Plugin Slug:: bridge-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2025-31409

Plugin:: Contempo Real Estate Core
Plugin Slug:: ct-real-estate-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.4
Severity Score:: Medium
CVE:: 2025-2906

Plugin:: Fusion Builder
Plugin Slug:: fusion-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.15
Severity Score:: Medium
CVE:: 2025-1665

Plugin:: tagDiv Composer
Plugin Slug:: td-composer
Vulnerability:: PHP Object Injection
Patched in Version:: 5.4
Severity Score:: Critical
CVE:: 2024-13645

Plugin:: User Registration & Membership Pro
Plugin Slug:: user-registration-pro
Vulnerability:: Broken Authentication
Patched in Version:: 5.1.3
Severity Score:: Critical
CVE:: 2025-2594

Plugin:: Vehica Core
Plugin Slug:: vehica-core
Vulnerability:: Privilege Escalation
Patched in Version:: 1.0.98
Severity Score:: High
CVE:: 2025-3105

Plugin:: Vitepos
Plugin Slug:: vitepos-lite
Vulnerability:: Broken Authentication
Patched in Version:: 3.1.5
Severity Score:: High
CVE:: 2025-22277

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.4.22
Severity Score:: Medium
CVE:: 2025-2797

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.4.22
Severity Score:: Critical
CVE:: 2025-2780

Plugin:: WP RealEstate
Plugin Slug:: wp-realestate
Vulnerability:: Privilege Escalation
Patched in Version:: 1.6.27
Severity Score:: Critical
CVE:: 2025-2237

WordPress Themes — 5 Patched / 24 Unpatched

Theme:: Glossy Blog
Theme Slug:: glossy-blog
Downloads: 5,059
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26934

Theme:: Home Services
Theme Slug:: home-services
Downloads: 19,959
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26930

Theme:: Simplish
Theme Slug:: simplish
Downloads: 28,664
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22281

Theme:: Tainá
Theme Slug:: taina
Downloads: 1,311
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26919

Theme:: Bloggie
Theme Slug:: bloggie
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Themify Edmin
Theme Slug:: edmin
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Themify Edmin
Theme Slug:: edmin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Themify Folo
Theme Slug:: folo
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Themify Folo
Theme Slug:: folo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Gravel
Theme Slug:: gravel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31418

Theme:: Themify Newsy
Theme Slug:: newsy
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Themify Newsy
Theme Slug:: newsy
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Photobox
Theme Slug:: photobox
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Photobox
Theme Slug:: photobox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Rezo
Theme Slug:: rezo
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Rezo
Theme Slug:: rezo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Shopo
Theme Slug:: shopo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Themify Sidepane WordPress Theme
Theme Slug:: sidepane
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Themify Sidepane WordPress Theme
Theme Slug:: sidepane
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Slide
Theme Slug:: slide
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Slide
Theme Slug:: slide
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Tiger
Theme Slug:: tiger
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31407

Theme:: Tiger
Theme Slug:: tiger
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31027

Theme:: Wigi
Theme Slug:: wigi
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Real Estate 7
Theme Slug:: realestate-7
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.5.5
Severity Score:: High
CVE:: 2025-2891

Theme:: Streamit
Theme Slug:: streamit
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2025-2519

Theme:: Streamit
Theme Slug:: streamit
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.0.2
Severity Score:: Critical
CVE:: 2025-2525

Theme:: Streamit
Theme Slug:: streamit
Vulnerability:: Privilege Escalation
Patched in Version:: 4.0.3
Severity Score:: High
CVE:: 2025-2526

Theme:: Woffice
Theme Slug:: woffice
Vulnerability:: Privilege Escalation
Patched in Version:: 5.4.22
Severity Score:: Critical
CVE:: 2025-2798

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 103 Patched / 480 Unpatched