In this report, 190 vulnerabilities have been publicly disclosed. Security patches for 96 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 94 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.9.1 was released on February 3, 2026, as a short-cycle maintenance update, addressing 49 bugs across WordPress Core and the Block Editor, including fixes affecting the editor, mail functionality, and classic themes. Sites with automatic background updates may already be updated. We recommend reviewing the details and updating as part of your regular maintenance cycle.
The next major WordPress release, version 7.0, is scheduled for April 9, 2026, during WordCamp Asia.
WordPress Plugins — 83 Patched / 75 Unpatched
Persian WooCommerce SMS
- Plugin Slug:
- persian-woocommerce-sms
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22352
Link Whisper Free
- Plugin:
- Link Whisper Free
- Plugin Slug:
- link-whisper
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22357
Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder
- Plugin Slug:
- real3d-flipbook-lite
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2026-25423
WP FullCalendar
- Plugin:
- WP FullCalendar
- Plugin Slug:
- wp-fullcalendar
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22351
Chatbot for WordPress by Collect.chat ??
- Plugin Slug:
- collectchat
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0736
Image Gallery
- Plugin:
- Image Gallery
- Plugin Slug:
- new-image-gallery
- Installations
- 4,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22345
Banner Management, Product Slider, Product Carousel for WooCommerce
- Plugin Slug:
- banner-management-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22354
Cliengo – Chatbot
- Plugin:
- Cliengo – Chatbot
- Plugin Slug:
- cliengo
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-69388
Responsive Slideshow
- Plugin:
- Responsive Slideshow
- Plugin Slug:
- slider-responsive-slideshow
- Installations
- 2,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22346
OpenPix for WooCommerce
- Plugin:
- OpenPix for WooCommerce
- Plugin Slug:
- openpix-for-woocommerce
- Installations
- 700+
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15400
WooODT Lite – Delivery & pickup date time location for WooCommerce
- Plugin Slug:
- byconsole-woo-order-delivery-time
- Installations
- 600+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69401
iMoney
- Plugin:
- iMoney
- Plugin Slug:
- imoney
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69392
Magic Login Mail or QR Code
- Plugin:
- Magic Login Mail or QR Code
- Plugin Slug:
- magic-login-mail
- Installations
- 100+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-2144
RVCFDI para Woocommerce
- Plugin:
- RVCFDI para Woocommerce
- Plugin Slug:
- rvcfdi-para-woocommerce
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69386
Visitor Maps Extended Referer Field
- Plugin Slug:
- visitor-maps-extended-referer-field
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69389
Simple Retail Menus
- Plugin:
- Simple Retail Menus
- Plugin Slug:
- simple-retail-menus
- Installations
- 90+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69387
Business Template Blocks for WPBakery (Visual Composer) Page Builder
- Plugin Slug:
- templates-and-addons-for-wpbakery-page-builder
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69390
WPshop 2 – E-Commerce
- Plugin:
- WPshop 2 – E-Commerce
- Plugin Slug:
- wpshop
- Installations
- 70+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69383
OpenPOS Lite – Point of Sale for WooCommerce
- Plugin Slug:
- wpos-lite-version
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1826
Microtango
- Plugin:
- Microtango
- Plugin Slug:
- microtango
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1821
Press3D
Allow HTML in Category Descriptions
- Plugin:
- Allow HTML in Category Descriptions
- Plugin Slug:
- allow-html-in-category-descriptions
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0693
AMP Enhancer – Compatibility Layer for Official AMP Plugin
- Plugin:
- AMP Enhancer – Compatibility Layer for Official AMP Plugin
- Plugin Slug:
- amp-enhancer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-2027
Best-wp-google-map
- Plugin:
- Best-wp-google-map
- Plugin Slug:
- best-wp-google-map
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1096
BlueSnap Payment Gateway for WooCommerce
- Plugin:
- BlueSnap Payment Gateway for WooCommerce
- Plugin Slug:
- bluesnap-payment-gateway-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-0692
Bookr
- Plugin:
- Bookr
- Plugin Slug:
- bookr
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1932
Bravis Addons
- Plugin:
- Bravis Addons
- Plugin Slug:
- bravis-addons
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-69403
CallbackKiller service widget
- Plugin:
- CallbackKiller service widget
- Plugin Slug:
- callbackkiller-service-widget
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1944
Category Image
- Plugin:
- Category Image
- Plugin Slug:
- category-image
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0815
Citations tools
- Plugin:
- Citations tools
- Plugin Slug:
- citations-tools
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1912
Cnvrse
- Plugin:
- Cnvrse
- Plugin Slug:
- cnvrse
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69394
Easy Voice Mail
- Plugin:
- Easy Voice Mail
- Plugin Slug:
- easy-voice-mail
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1164
IDE Micro code-editor
- Plugin:
- IDE Micro code-editor
- Plugin Slug:
- flask-micro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1827
Flexi Product Slider and Grid for WooCommerce
- Plugin:
- Flexi Product Slider and Grid for WooCommerce
- Plugin Slug:
- flexi-product-slider-grid
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-1988
HTML Shortcodes
- Plugin:
- HTML Shortcodes
- Plugin Slug:
- html-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1809
Invoct – PDF Invoices & Billing for WooCommerce
- Plugin Slug:
- kirilkirkov-pdf-invoice-manager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1748
Link Hopper
- Plugin:
- Link Hopper
- Plugin Slug:
- link-hopper
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15483
BuddyHolis ListSearch
- Plugin:
- BuddyHolis ListSearch
- Plugin Slug:
- listsearch
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1853
MDirector Newsletter
- Plugin:
- MDirector Newsletter
- Plugin Slug:
- mdirector-newsletter
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14852
midi-Synth
- Plugin:
- midi-Synth
- Plugin Slug:
- midi-synth
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-1306
MMA Call Tracking
- Plugin:
- MMA Call Tracking
- Plugin Slug:
- mma-call-tracking
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1215
MailChimp Campaigns
- Plugin:
- MailChimp Campaigns
- Plugin Slug:
- olalaweb-mailchimp-campaign-manager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1303
Payment Page
- Plugin:
- Payment Page
- Plugin Slug:
- payment-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0751
Percent to Infograph
- Plugin:
- Percent to Infograph
- Plugin Slug:
- percent-to-infograph
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1939
personal-authors-category
- Plugin:
- personal-authors-category
- Plugin Slug:
- personal-authors-category
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-1754
PhotoStack Gallery
- Plugin:
- PhotoStack Gallery
- Plugin Slug:
- photostack-gallery
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-2024
Post Slides
- Plugin:
- Post Slides
- Plugin Slug:
- post-slides
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-15491
Prime Listing Manager
- Plugin:
- Prime Listing Manager
- Plugin Slug:
- prime-listing-manager
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-14892
QuestionPro Surveys
- Plugin:
- QuestionPro Surveys
- Plugin Slug:
- questionpro-surveys
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1901
Ravelry Designs Widget
- Plugin:
- Ravelry Designs Widget
- Plugin Slug:
- ravelry-designs-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1903
Scheduler Widget
- Plugin:
- Scheduler Widget
- Plugin Slug:
- scheduler-widget
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1987
SEATT: Simple Event Attendance
- Plugin:
- SEATT: Simple Event Attendance
- Plugin Slug:
- simple-event-attendance
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1983
Simple Plyr
- Plugin:
- Simple Plyr
- Plugin Slug:
- simple-plyr
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1915
Simple Wp colorfull Accordion
- Plugin:
- Simple Wp colorfull Accordion
- Plugin Slug:
- simple-wp-colorfull-accordion
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1904
Slideshow Wp
- Plugin:
- Slideshow Wp
- Plugin Slug:
- slideshow-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1885
Smart Forms
- Plugin:
- Smart Forms
- Plugin Slug:
- smart-forms
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-2022
Sphere Manager
- Plugin:
- Sphere Manager
- Plugin Slug:
- sphere-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1905
Sudoku Shortcode
- Plugin:
- Sudoku Shortcode
- Plugin Slug:
- sudoku-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
Themesflat Elementor
- Plugin:
- Themesflat Elementor
- Plugin Slug:
- themesflat-elementor
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-69382
Timeline Event History
- Plugin:
- Timeline Event History
- Plugin Slug:
- timeline-event-history
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69384
Twitter posts to Blog
- Plugin:
- Twitter posts to Blog
- Plugin Slug:
- twitter-posts-to-blog
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1786
ZoomifyWP Free
- Plugin:
- ZoomifyWP Free
- Plugin Slug:
- tz-zoomifywp-free
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1187
UpMenu
- Plugin:
- UpMenu
- Plugin Slug:
- upmenu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1910
User Language Switch
- Plugin:
- User Language Switch
- Plugin Slug:
- user-language-switch
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0735
User Language Switch
- Plugin:
- User Language Switch
- Plugin Slug:
- user-language-switch
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0745
Videospirecore Theme
- Plugin:
- Videospirecore Theme
- Plugin Slug:
- videospirecore
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-15096
WaMate Confirm
- Plugin:
- WaMate Confirm
- Plugin Slug:
- wamate-confirm
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1833
WDES Responsive Popup
- Plugin:
- WDES Responsive Popup
- Plugin Slug:
- wdes-responsive-popup
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1804
WooCommerce Bulk Product Editor
- Plugin:
- WooCommerce Bulk Product Editor
- Plugin Slug:
- woocommerce-quick-product-editor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69381
WP eCommerce
- Plugin:
- WP eCommerce
- Plugin Slug:
- wp-e-commerce
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-1235
WP Quick Contact Us
- Plugin:
- WP Quick Contact Us
- Plugin Slug:
- wp-quick-contact-us
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1394
WP Server Log Viewer
- Plugin:
- WP Server Log Viewer
- Plugin Slug:
- wp-server-log-viewer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2019-25315
Upload Files Anywhere
- Plugin:
- Upload Files Anywhere
- Plugin Slug:
- wp-upload-files-anywhere
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69380
Upload Files Anywhere
- Plugin:
- Upload Files Anywhere
- Plugin Slug:
- wp-upload-files-anywhere
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69379
WPlyr Media Block
- Plugin:
- WPlyr Media Block
- Plugin Slug:
- wplyr-media-block
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0724
Yoast Duplicate Post
- Plugin:
- Yoast Duplicate Post
- Plugin Slug:
- duplicate-post
- Installations
- 4,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.4
- Severity Score:
- Medium
- CVE:
- 2019-25314
Essential Addons for Elementor – Popular Elementor Templates & Widgets
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.10
- Severity Score:
- Medium
- CVE:
- 2026-1512
Migration, Backup, Staging – WPvivid Backup & Migration
- Plugin Slug:
- wpvivid-backuprestore
- Installations
- 900,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 0.9.124
- Severity Score:
- Critical
- CVE:
- 2026-1357
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
- Plugin Slug:
- fluentform
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.1.15
- Severity Score:
- Medium
- CVE:
- 2026-0996
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.50.3
- Severity Score:
- Medium
- CVE:
- 2026-2002
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
- Plugin Slug:
- kadence-blocks
- Installations
- 600,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.0
- Severity Score:
- Medium
Ninja Forms – The Contact Form Builder That Grows With You
- Plugin Slug:
- ninja-forms
- Installations
- 600,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.14.1
- Severity Score:
- High
- CVE:
- 2026-2268
Converter for Media – Optimize images | Convert WebP & AVIF
- Plugin Slug:
- webp-converter-for-media
- Installations
- 500,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 6.5.2
- Severity Score:
- High
- CVE:
- 2026-1356
SureForms – Contact Form, Payment Form & Other Custom Form Builder
- Plugin Slug:
- sureforms
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.2
- Severity Score:
- High
Backup Migration
- Plugin:
- Backup Migration
- Plugin Slug:
- backup-backup
- Installations
- 100,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.4.0
- Severity Score:
- High
- CVE:
- 2023-7002
Beaver Builder Page Builder – Drag and Drop Website Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.0.6
- Severity Score:
- Medium
- CVE:
- 2026-1231
Gallery by FooGallery
- Plugin:
- Gallery by FooGallery
- Plugin Slug:
- foogallery
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.10
- Severity Score:
- Medium
- CVE:
- 2025-15524
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.2.6
- Severity Score:
- Medium
- CVE:
- 2025-14873
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.2.7
- Severity Score:
- Medium
- CVE:
- 2026-1537
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.6
- Severity Score:
- High
- CVE:
- 2026-0617
Modula Image Gallery – Photo Grid & Video Gallery
- Plugin Slug:
- modula-best-grid-gallery
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.13.7
- Severity Score:
- Medium
- CVE:
- 2026-1254
Mollie Payments for WooCommerce
- Plugin:
- Mollie Payments for WooCommerce
- Plugin Slug:
- mollie-payments-for-woocommerce
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.1.2
- Severity Score:
- High
- CVE:
- 2025-68501
Customer Reviews for WooCommerce
- Plugin:
- Customer Reviews for WooCommerce
- Plugin Slug:
- customer-reviews-woocommerce
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.98.0
- Severity Score:
- High
- CVE:
- 2026-1316
SlimStat Analytics
- Plugin:
- SlimStat Analytics
- Plugin Slug:
- wp-slimstat
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.3.2
- Severity Score:
- High
- CVE:
- 2025-13431
Auto Featured Image (Auto Post Thumbnail)
- Plugin Slug:
- auto-post-thumbnail
- Installations
- 50,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.2.0
- Severity Score:
- Medium
- CVE:
- 2023-7073
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
- Plugin:
- Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
- Plugin Slug:
- popup-builder-block
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2025-14895
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.9
- Severity Score:
- Medium
- CVE:
- 2023-6733
Calculated Fields Form
- Plugin:
- Calculated Fields Form
- Plugin Slug:
- calculated-fields-form
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.4.4.2
- Severity Score:
- Medium
- CVE:
- 2026-25368
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress
- Plugin Slug:
- easy-facebook-likebox
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.5.3
- Severity Score:
- Medium
- CVE:
- 2023-6883
Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations
- Plugin:
- Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations
- Plugin Slug:
- master-addons
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6.2
- Severity Score:
- High
- CVE:
- 2024-5542
WP Last Modified Info
- Plugin:
- WP Last Modified Info
- Plugin Slug:
- wp-last-modified-info
- Installations
- 30,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.9.6
- Severity Score:
- Medium
- CVE:
- 2025-14608
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation
- Plugin Slug:
- zero-bs-crm
- Installations
- 30,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 6.7.1
- Severity Score:
- High
- CVE:
- 2026-22356
Alt Text AI – Automatically generate image alt text for SEO and accessibility
- Plugin Slug:
- alttext-ai
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.10.18
- Severity Score:
- Medium
- CVE:
- 2026-25348
Custom Block Builder – Lazy Blocks
- Plugin Slug:
- lazy-blocks
- Installations
- 20,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 4.2.1
- Severity Score:
- High
- CVE:
- 2026-1560
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
- Plugin Slug:
- mp3-music-player-by-sonaar
- Installations
- 20,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 5.11
- Severity Score:
- Medium
- CVE:
- 2026-1249
New User Approve
- Plugin:
- New User Approve
- Plugin Slug:
- new-user-approve
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.1
- Severity Score:
- High
- CVE:
- 2025-69063
Secure Copy Content Protection and Content Locking
- Plugin Slug:
- secure-copy-content-protection
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.9
- Severity Score:
- High
- CVE:
- 2026-1320
The Events Calendar Shortcode & Block
- Plugin Slug:
- the-events-calendar-shortcode
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2026-1922
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
- Plugin:
- WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
- Plugin Slug:
- wc-frontend-manager
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.7.25
- Severity Score:
- High
- CVE:
- 2026-0845
WCFM Marketplace – Multivendor Marketplace for WooCommerce
- Plugin Slug:
- wc-multivendor-marketplace
- Installations
- 20,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.7.1
- Severity Score:
- Medium
- CVE:
- 2026-1722
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations
- 20,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.4.14
- Severity Score:
- High
- CVE:
- 2026-0910
WPZOOM Addons for Elementor – Starter Templates & Widgets
- Plugin Slug:
- wpzoom-elementor-addons
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2026-2295
Passster – Password Protect Pages and Content
- Plugin Slug:
- content-protector
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.26
- Severity Score:
- Medium
- CVE:
- 2026-25036
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.12
- Severity Score:
- Medium
- CVE:
- 2026-0559
Media Library Folders
- Plugin:
- Media Library Folders
- Plugin Slug:
- media-library-plus
- Installations
- 10,000+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 8.3.7
- Severity Score:
- Medium
- CVE:
- 2026-2312
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program.
- Plugin Slug:
- mycred
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.7.4
- Severity Score:
- Medium
- CVE:
- 2026-0550
Open User Map
- Plugin:
- Open User Map
- Plugin Slug:
- open-user-map
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.4.17
- Severity Score:
- Medium
- CVE:
- 2025-68002
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin:
- Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin Slug:
- paid-member-subscriptions
- Installations
- 10,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.16.9
- Severity Score:
- Medium
- CVE:
- 2025-68514
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace
- Plugin Slug:
- wc-multivendor-membership
- Installations
- 10,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.11.9
- Severity Score:
- Medium
- CVE:
- 2025-15147
WP Data Access – No-Code App Builder with Tables, Forms, Charts & Maps
- Plugin Slug:
- wp-data-access
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.64
- Severity Score:
- Medium
- CVE:
- 2026-0557
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.0.7.2
- Severity Score:
- Medium
- CVE:
- 2026-0929
JS Help Desk – AI-Powered Support & Ticketing System
- Plugin Slug:
- js-support-ticket
- Installations
- 8,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.0.2
- Severity Score:
- High
- CVE:
- 2026-24959
NEX-Forms – Ultimate Forms Plugin for WordPress
- Plugin Slug:
- nex-forms-express-wp-form-builder
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.8
- Severity Score:
- High
- CVE:
- 2025-69326
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.8.5
- Severity Score:
- Medium
- CVE:
- 2026-1657
Download Manager Addons for Elementor
- Plugin Slug:
- wpdm-elementor
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.0.0
- Severity Score:
- Critical
- CVE:
- 2026-24956
YayCurrency – WooCommerce Multi-Currency Switcher
- Plugin Slug:
- yaycurrency
- Installations
- 7,000+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 3.3.1
- Severity Score:
- High
- CVE:
- 2025-67994
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
- Plugin Slug:
- mail-mint
- Installations
- 6,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.19.3
- Severity Score:
- High
- CVE:
- 2026-1258
FastDup – Fastest WordPress Migration & Duplicator
- Plugin Slug:
- fastdup
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.2
- Severity Score:
- High
- CVE:
- 2026-1104
Simple File List
- Plugin:
- Simple File List
- Plugin Slug:
- simple-file-list
- Installations
- 5,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 6.1.16
- Severity Score:
- Medium
- CVE:
- 2026-24953
Name Directory
- Plugin:
- Name Directory
- Plugin Slug:
- name-directory
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.32.1
- Severity Score:
- High
- CVE:
- 2026-1866
Paytium: Mollie payment forms & donations
- Plugin Slug:
- paytium
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4
- Severity Score:
- Medium
- CVE:
- 2023-7287
Paytium: Mollie payment forms & donations
- Plugin Slug:
- paytium
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4
- Severity Score:
- Medium
- CVE:
- 2023-7288
Paytium: Mollie payment forms & donations
- Plugin Slug:
- paytium
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4
- Severity Score:
- Medium
- CVE:
- 2023-7289
Paytium: Mollie payment forms & donations
- Plugin Slug:
- paytium
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4
- Severity Score:
- Medium
- CVE:
- 2023-7290
Paytium: Mollie payment forms & donations
- Plugin Slug:
- paytium
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4
- Severity Score:
- Medium
- CVE:
- 2023-7292
Paytium: Mollie payment forms & donations
- Plugin Slug:
- paytium
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4
- Severity Score:
- Medium
- CVE:
- 2023-7293
Accordion and Accordion Slider
- Plugin:
- Accordion and Accordion Slider
- Plugin Slug:
- accordion-and-accordion-slider
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.6
- Severity Score:
- Medium
- CVE:
- 2026-0727
Easy Form Builder by WhiteStudio — Drag & Drop Form Builder
- Plugin Slug:
- easy-form-builder
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.4
- Severity Score:
- Medium
- CVE:
- 2025-14067
Modal Popup Box: A Flexible Pop Up Box Builder
- Plugin Slug:
- modal-popup-box
- Installations
- 2,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.6.2
- Severity Score:
- High
- CVE:
- 2025-68526
Visual Feedback, Review & AI Collaboration Tool For WordPress – Atarim
- Plugin Slug:
- atarim-visual-collaboration
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.2
- Severity Score:
- Medium
- CVE:
- 2025-67993
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
- Plugin Slug:
- booking-and-rental-manager-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.6.0
- Severity Score:
- High
- CVE:
- 2025-69328
PDF for Elementor Forms + Drag And Drop Template Builder
- Plugin Slug:
- pdf-for-elementor-forms
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.5.0
- Severity Score:
- Medium
- CVE:
- 2026-22350
PDF for WPForms + Drag and Drop Template Builder
- Plugin Slug:
- pdf-for-wpforms
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.1
- Severity Score:
- Medium
- CVE:
- 2025-68534
Lucky Wheel Giveaway
- Plugin:
- Lucky Wheel Giveaway
- Plugin Slug:
- wp-lucky-wheel
- Installations
- 600+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.0.23
- Severity Score:
- Critical
- CVE:
- 2025-14541
Primer MyData for Woocommerce
- Plugin:
- Primer MyData for Woocommerce
- Plugin Slug:
- primer-mydata
- Installations
- 100+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 4.2.9
- Severity Score:
- Medium
- CVE:
- 2025-69325
Activity Log for WordPress
- Plugin:
- Activity Log for WordPress
- Plugin Slug:
- winterlock
- Installations
- 70+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.9
- Severity Score:
- Medium
- CVE:
- 2026-1671
Orbisius Random Name Generator
- Plugin:
- Orbisius Random Name Generator
- Plugin Slug:
- orbisius-random-name-generator
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.3
- Severity Score:
- Medium
- CVE:
- 2026-1893
Tune Library
- Plugin:
- Tune Library
- Plugin Slug:
- tune-library
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.4
- Severity Score:
- Medium
- CVE:
- 2026-1401
BFG Tools – Extension Zipper
- Plugin:
- BFG Tools – Extension Zipper
- Plugin Slug:
- bfg-tools-extension-zipper
- Vulnerability:
- Path Traversal
- Patched in Version:
- 1.0.8
- Severity Score:
- Medium
- CVE:
- 2025-13681
Fluent Forms Pro Add On Pack
- Plugin:
- Fluent Forms Pro Add On Pack
- Plugin Slug:
- fluentformpro
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 6.1.13
- Severity Score:
- Medium
- CVE:
- 2026-0632
JetEngine
- Plugin:
- JetEngine
- Plugin Slug:
- jet-engine
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.1
- Severity Score:
- High
- CVE:
- 2025-68495
Miraculous Elementor
- Plugin:
- Miraculous Elementor
- Plugin Slug:
- miraculous-el
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 2.0.8
- Severity Score:
- High
- CVE:
- 2025-67998
StickEasy Protected Contact Form
- Plugin:
- StickEasy Protected Contact Form
- Plugin Slug:
- stickeasy-protected-contact-form
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2025-13973
Truelysell Core
- Plugin:
- Truelysell Core
- Plugin Slug:
- truelysell-core
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.8.8
- Severity Score:
- Critical
- CVE:
- 2025-8572
Uni CPO (Premium)
- Plugin:
- Uni CPO (Premium)
- Plugin Slug:
- uni-woo-custom-product-options-premium
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.61
- Severity Score:
- Medium
- CVE:
- 2025-13391
Whizz Plugins
- Plugin:
- Whizz Plugins
- Plugin Slug:
- whizz-plugins
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.0
- Severity Score:
- High
- CVE:
- 2026-24955
WooCommerce Coming Soon Product with Countdown
- Plugin:
- WooCommerce Coming Soon Product with Countdown
- Plugin Slug:
- woo-coming-soon-product
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.1
- Severity Score:
- High
- CVE:
- 2025-68552
User Extra Fields
- Plugin:
- User Extra Fields
- Plugin Slug:
- wp-user-extra-fields
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 16.9
- Severity Score:
- High
- CVE:
- 2025-67991
WordPress Themes — 13 Patched / 19 Unpatched
Diamond
- Theme:
- Diamond
- Theme Slug:
- diamond
- Downloads
- 37,609
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69391
WordPress Dating Theme
- Theme:
- WordPress Dating Theme
- Theme Slug:
- DA10
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22343
Belletrist
- Theme:
- Belletrist
- Theme Slug:
- belletrist
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69410
Cartify – WooCommerce Gutenberg WordPress Theme
- Theme:
- Cartify – WooCommerce Gutenberg WordPress Theme
- Theme Slug:
- cartify
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-69385
Cobble
- Theme:
- Cobble
- Theme Slug:
- cobble
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69399
Extreme Store
- Theme:
- Extreme Store
- Theme Slug:
- extremestore
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-69404
Exzo
- Theme:
- Exzo
- Theme Slug:
- exzo
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69393
FiveStar
- Theme:
- FiveStar
- Theme Slug:
- fivestar
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22344
FreightCo
- Theme:
- FreightCo
- Theme Slug:
- freightco
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69406
Gable
- Theme:
- Gable
- Theme Slug:
- gable
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69395
HealthFirst
- Theme:
- HealthFirst
- Theme Slug:
- healthfirst
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69408
Lorem Ipsum | Books & Media Store
- Theme:
- Lorem Ipsum | Books & Media Store
- Theme Slug:
- lorem-ipsum-books-media-store
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-69405
PJ | Life & Business Coaching
- Theme:
- PJ | Life & Business Coaching
- Theme Slug:
- pj
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69409
Plank
- Theme:
- Plank
- Theme Slug:
- plank
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69398
R&F
- Theme:
- R&F
- Theme Slug:
- rf
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69402
Splendour
- Theme:
- Splendour
- Theme Slug:
- splendour
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69396
Struktur
- Theme:
- Struktur
- Theme Slug:
- struktur
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69407
Tint
- Theme:
- Tint
- Theme Slug:
- tint
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69397
Yokoo
- Theme:
- Yokoo
- Theme Slug:
- yokoo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69400
AdForest
- Theme:
- AdForest
- Theme Slug:
- adforest
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 6.0.13
- Severity Score:
- Critical
- CVE:
- 2026-1729
Diza
- Theme:
- Diza
- Theme Slug:
- diza
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.16
- Severity Score:
- High
- CVE:
- 2025-68543
Fana
- Theme:
- Fana
- Theme Slug:
- fana
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.1.36
- Severity Score:
- High
- CVE:
- 2025-68539
Ippsum
- Theme:
- Ippsum
- Theme Slug:
- ippsum
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.2.1
- Severity Score:
- Critical
- CVE:
- 2025-68541
Nestin
- Theme:
- Nestin
- Theme Slug:
- nestin
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.2.6
- Severity Score:
- Critical
- CVE:
- 2025-67996
Nika
- Theme:
- Nika
- Theme Slug:
- nika
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.2.15
- Severity Score:
- High
- CVE:
- 2025-68545
CitiLights
- Theme:
- CitiLights
- Theme Slug:
- noo-citilights
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.2
- Severity Score:
- Medium
- CVE:
- 2026-25367
PatioTime
- Theme:
- PatioTime
- Theme Slug:
- patiotime
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.1
- Severity Score:
- Critical
- CVE:
- 2025-67995
PatioTime
- Theme:
- PatioTime
- Theme Slug:
- patiotime
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.1
- Severity Score:
- High
- CVE:
- 2025-67992
Prestige
- Theme:
- Prestige
- Theme Slug:
- prestige
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.1
- Severity Score:
- High
- CVE:
- 2025-69330
Prestige
- Theme:
- Prestige
- Theme Slug:
- prestige
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.4.1
- Severity Score:
- Critical
- CVE:
- 2025-69329
Travelicious
- Theme:
- Travelicious
- Theme Slug:
- travelicious
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.6.7
- Severity Score:
- Critical
- CVE:
- 2025-67997
Zota
- Theme:
- Zota
- Theme Slug:
- zota
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.15
- Severity Score:
- High
- CVE:
- 2025-68536
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
