WordPress Vulnerability Report — February 4, 2026

Since last week, 661 new vulnerabilities have emerged in the WordPress ecosystem, including 638 plugins and 23 themes. Of those, 164 remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Feb 4, 2026

Filed Under:WordPress Vulnerability Report

Reading Time:121 min.

In this report, 661 vulnerabilities have been publicly disclosed. Security patches for 497 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Currently, 164 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 488 Patched / 150 Unpatched

2.1 WP Shortcodes Plugin — Shortcodes Ultimate
2.2 Master Slider – Responsive Touch Slider
2.3 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
2.4 Piotnet Addons For Elementor
2.5 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
2.6 Kama Thumbnail
2.7 Leadpages
2.8 Shiprocket
2.9 NextMove Lite – Thank You Page for WooCommerce
2.10 CLP Varnish Cache
2.11 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent
2.12 WP FullCalendar
2.13 WP Subscribe
2.14 Travelpayouts
2.15 TelSender – ?ontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot
2.16 ?????? ????? ???? ?? ???? ?? ?? ??
2.17 Translate WordPress Websites Globally with ConveyThis Translate
2.18 Frontend File Manager Plugin
2.19 Nova Blocks by Pixelgrade
2.20 Email Inquiry & Cart Options for WooCommerce
2.21 Generic Elements
2.22 Quick Restaurant Reservations
2.23 Easy Hotel Booking – Powerful Hotel Booking
2.24 SurveyJS: Drag & Drop Form Builder
2.25 SurveyJS: Drag & Drop Form Builder
2.26 SurveyJS: Drag & Drop Form Builder
2.27 Sendy
2.28 Asynchronous Javascript
2.29 eDS Responsive Menu
2.30 FeedWordPress Advanced Filters
2.31 Membee Login
2.32 Widget Logic Visual
2.33 ID Arrays
2.34 iSape
2.35 JobBoard Job listing plugin
2.36 Mopinion Feedback Form
2.37 LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart
2.38 JavaScript Notifier
2.39 Simple Archive Generator
2.40 Aardvark Plugin
2.41 ABC Notation
2.42 AhaChat Messenger Marketing
2.43 AhaChat Messenger Marketing
2.44 AHAthat
2.45 Allmart
2.46 Anber Elementor Addon
2.47 Aoa Downloadable
2.48 Aoa Downloadable
2.49 Ads Pro
2.50 Ads Pro
2.51 Ads Pro
2.52 ArielBrailovsky-ViralAd
2.53 Auto Thickbox
2.54 Bitcoin Donate Button
2.55 BlockArt Blocks
2.56 BlossomThemes Social Feed
2.57 Booked
2.58 Business Card
2.59 Business Card
2.60 Business Card
2.61 Buttons Shortcode and Widget
2.62 Change WP URL
2.63 cits-support-svg-webp-media-upload
2.64 Accessiy by CodeConfig Widget for ADA, EAA & WCAG Compliance
2.65 Crete Core
2.66 CRM Memberships
2.67 CRM Memberships
2.68 DesignThemes Core Features
2.69 Pixter Right Click Protect Images for WordPress
2.70 Dyn Business Panel
2.71 Easy Jump Links Menus
2.72 Electio Core
2.73 Elegant Addons for elementor
2.74 Emerce Core
2.75 Eyewear prescription form
2.76 Feedback Modal for Website
2.77 Fintelligence Calculator
2.78 Font Farsi
2.79 Frontend Checklist
2.80 GoZen Forms
2.81 Hide Categories Or Products On Shop Page
2.82 HL Twitter
2.83 Image Hover Effects – Caption Hover with Carousel
2.84 Image Optimizer by wps.sk
2.85 imwptip
2.86 Likes and Dislikes
2.87 Internal Link Builder
2.88 Joy Of Text Lite
2.89 JustClick registration plugin
2.90 Kalrav AI Agent
2.91 KiotViet Sync
2.92 Kona Gallery Block
2.93 Light Poll
2.94 Login Logout Register Menu
2.95 Marketplace Items
2.96 Medinik Core
2.97 Meta-box GalleryMeta
2.98 Meta-box GalleryMeta
2.99 Search Atlas SEO
2.100 ModelTheme Framework
2.101 Takeads
2.102 Nestbyte Core
2.103 Newsletter Popup
2.104 Newsletter Popup
2.105 Newsletter Popup
2.106 Norby AI
2.107 PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
2.108 Pet Manager
2.109 Image License and Protection
2.110 Postalicious
2.111 Premmerce Brands for WooCommerce
2.112 Recooty
2.113 Responsive Header
2.114 Rupantorpay
2.115 Saasplate Core
2.116 SendPress Newsletters
2.117 SendPress Newsletters
2.118 SEO Links Interlinking
2.119 Sermon Manager
2.120 Smart PopUp Blaster
2.121 Solidres – Hotel booking plugin
2.122 SP Project & Document Manager
2.123 SSP Debug
2.124 SVS Pricing Tables
2.125 Testimonials Widget
2.126 Top Comments
2.127 Translate This gTranslate Shortcode
2.128 Quantic Social Image Hover
2.129 Twitter Bootstrap Collapse aka Accordian Shortcode
2.130 Uroan Core
2.131 Vzaar Media Management
2.132 Widget4Call
2.133 Woodly Core
2.134 WoWPth
2.135 WordPress Auction Plugin
2.136 WP Easy FAQs
2.137 WP Featherlight
2.138 WP Google Ad Manager
2.139 WP Logs Book
2.140 WP MultiTasking
2.141 WP MultiTasking
2.142 WP MultiTasking
2.143 WP MultiTasking
2.144 WP MultiTasking
2.145 WP Online Users Stats
2.146 WP Prayer
2.147 WP Prayer
2.148 WP-Revive Adserver
2.149 WordPress Survey & Poll
2.150 YouTube Embed, Playlist and Popup by WpDevArt
2.151 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
2.152 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.153 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.154 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.155 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.156 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.157 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.158 Essential Addons for Elementor – Popular Elementor Templates & Widgets
2.159 ElementsKit Elementor Addons and Templates
2.160 Spectra Gutenberg Blocks – Website Builder for the Block Editor
2.161 Spectra Gutenberg Blocks – Website Builder for the Block Editor
2.162 Cookie Notice & Compliance for GDPR / CCPA
2.163 Migration, Backup, Staging – WPvivid Backup & Migration
2.164 Premium Addons for Elementor – Powerful Elementor Templates & Widgets
2.165 Premium Addons for Elementor – Powerful Elementor Templates & Widgets
2.166 Premium Addons for Elementor – Powerful Elementor Templates & Widgets
2.167 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
2.168 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
2.169 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
2.170 Ninja Forms – The Contact Form Builder That Grows With You
2.171 Ninja Forms – The Contact Form Builder That Grows With You
2.172 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.173 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.174 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.175 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.176 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.177 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.178 Royal Addons for Elementor – Addons and Templates Kit for Elementor
2.179 Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more
2.180 Gutenberg Blocks with AI by Kadence WP – Page Builder Features
2.181 Gutenberg Blocks with AI by Kadence WP – Page Builder Features
2.182 Gutenberg Blocks with AI by Kadence WP – Page Builder Features
2.183 Ocean Extra
2.184 Happy Addons for Elementor
2.185 Happy Addons for Elementor
2.186 Happy Addons for Elementor
2.187 Happy Addons for Elementor
2.188 Happy Addons for Elementor
2.189 Happy Addons for Elementor
2.190 Happy Addons for Elementor
2.191 Happy Addons for Elementor
2.192 Happy Addons for Elementor
2.193 Happy Addons for Elementor
2.194 Happy Addons for Elementor
2.195 Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
2.196 Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
2.197 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
2.198 Page Builder: Pagelayer – Drag and Drop website builder
2.199 WP Shortcodes Plugin — Shortcodes Ultimate
2.200 SureForms – Contact Form, Payment Form & Other Custom Form Builder
2.201 SureForms – Contact Form, Payment Form & Other Custom Form Builder
2.202 GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
2.203 GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
2.204 GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
2.205 GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
2.206 Unlimited Elements For Elementor
2.207 Unlimited Elements For Elementor
2.208 Unlimited Elements For Elementor
2.209 WP Go Maps (formerly WP Google Maps)
2.210 Advanced Google reCAPTCHA
2.211 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
2.212 FileOrganizer – WordPress File Manager
2.213 Jetpack Boost – Website Speed, Performance and Critical CSS
2.214 Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.215 Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
2.216 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
2.217 Redirection for Contact Form 7
2.218 Ivory Search – WordPress Search Plugin
2.219 AI Engine – The Chatbot and AI Framework for WordPress
2.220 Element Pack Addons for Elementor
2.221 Element Pack Addons for Elementor
2.222 Element Pack Addons for Elementor
2.223 Element Pack Addons for Elementor
2.224 Element Pack Addons for Elementor
2.225 Prime Slider – Addons for Elementor
2.226 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
2.227 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
2.228 EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
2.229 Lightbox & Modal Popup WordPress Plugin – FooBox
2.230 Gallery by FooGallery
2.231 GiveWP – Donation Plugin and Fundraising Platform
2.232 GiveWP – Donation Plugin and Fundraising Platform
2.233 WP Ghost (Hide My WP Ghost) – Security & Firewall
2.234 Modula Image Gallery – Photo Grid & Video Gallery
2.235 The Ultimate Video Player For WordPress – by Presto Player
2.236 Relevanssi – A Better Search
2.237 Relevanssi – A Better Search
2.238 Responsive Lightbox & Gallery
2.239 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.240 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.241 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.242 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.243 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.244 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.245 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.246 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.247 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
2.248 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
2.249 Tutor LMS – eLearning and online course solution
2.250 Tutor LMS – eLearning and online course solution
2.251 VK All in One Expansion Unit
2.252 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
2.253 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
2.254 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
2.255 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.256 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.257 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.258 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.259 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.260 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.261 Addon Elements for Elementor (formerly Elementor Addon Elements)
2.262 Booking for Appointments and Events Calendar – Amelia
2.263 Shortcodes and extra features for Phlox theme
2.264 Shortcodes and extra features for Phlox theme
2.265 Shortcodes and extra features for Phlox theme
2.266 Shortcodes and extra features for Phlox theme
2.267 Shortcodes and extra features for Phlox theme
2.268 Shortcodes and extra features for Phlox theme
2.269 Shortcodes and extra features for Phlox theme
2.270 Shortcodes and extra features for Phlox theme
2.271 Shortcodes and extra features for Phlox theme
2.272 Colibri Page Builder
2.273 Colibri Page Builder
2.274 JetFormBuilder — Dynamic Blocks Form Builder
2.275 Custom Login Page Customizer
2.276 Product Import Export for WooCommerce – Import Export Product CSV Suite
2.277 Hustle – Email Marketing, Lead Generation, Optins, Popups
2.278 HT Mega – Absolute Addons For Elementor
2.279 HT Mega – Absolute Addons For Elementor
2.280 HT Mega – Absolute Addons For Elementor
2.281 HT Mega – Absolute Addons For Elementor
2.282 Import and export users and customers
2.283 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery
2.284 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
2.285 MaxButtons – Create buttons
2.286 SlimStat Analytics
2.287 Advanced Contact form 7 DB
2.288 Brizy – Page Builder
2.289 Brizy – Page Builder
2.290 Database for Contact Form 7, WPforms, Elementor forms
2.291 Database for Contact Form 7, WPforms, Elementor forms
2.292 Featured Image from URL (FIFU)
2.293 Featured Image from URL (FIFU)
2.294 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters
2.295 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters
2.296 WP ULike – Engagement Analytics & Interactive Buttons to Understand Your Audience
2.297 Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
2.298 Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
2.299 Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
2.300 Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
2.301 Exclusive Addons for Elementor
2.302 Exclusive Addons for Elementor
2.303 Master Slider – Responsive Touch Slider
2.304 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
2.305 Qi Blocks
2.306 Qi Blocks
2.307 Ultimate Dashboard – Custom WordPress Dashboard
2.308 Ultimate Dashboard – Custom WordPress Dashboard
2.309 Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme
2.310 Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
2.311 Bold Page Builder
2.312 Bold Page Builder
2.313 Bold Page Builder
2.314 Booking Calendar
2.315 Booking Calendar
2.316 Booking Calendar
2.317 Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
2.318 Getwid – Gutenberg Blocks
2.319 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
2.320 Search Exclude
2.321 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
2.322 Sina Extension for Elementor
2.323 Themesflat Addons For Elementor
2.324 Themesflat Addons For Elementor
2.325 Themesflat Addons For Elementor
2.326 Themesflat Addons For Elementor
2.327 Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
2.328 Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
2.329 Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
2.330 Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
2.331 Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
2.332 WP Recipe Maker
2.333 Livemesh Addons by Elementor
2.334 Livemesh Addons by Elementor
2.335 Livemesh Addons by Elementor
2.336 Livemesh Addons by Elementor
2.337 Livemesh Addons by Elementor
2.338 Livemesh Addons by Elementor
2.339 Livemesh Addons by Elementor
2.340 Advanced iFrame
2.341 Ajax Load More – Infinite Scroll, Load More, & Lazy Load
2.342 Calculated Fields Form
2.343 Carousel Slider
2.344 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
2.345 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.346 FunnelKit – Funnel Builder for WooCommerce Checkout
2.347 Genesis Blocks
2.348 Genesis Blocks
2.349 Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
2.350 Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
2.351 Robo Gallery – Photo & Image Slider
2.352 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
2.353 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
2.354 YITH WooCommerce Ajax Search
2.355 Ditty – Responsive News Tickers, Sliders, and Lists
2.356 Piotnet Addons For Elementor
2.357 Post Grid
2.358 Post Grid
2.359 SEO Plugin by Squirrly SEO
2.360 Stop Spammers Classic
2.361 Stratum Widgets for Elementor
2.362 ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
2.363 Tutor LMS Elementor Addons
2.364 WP Video Lightbox
2.365 Xpro Addons — 140+ Widgets for Elementor
2.366 Image Photo Gallery Final Tiles Grid
2.367 Icegram Engage – Popups, Optins, CTAs & lot more…
2.368 New User Approve
2.369 Secure Copy Content Protection and Content Locking
2.370 Snow Monkey Forms
2.371 Ultimate Addons for Beaver Builder – Lite
2.372 Ultimate Addons for Beaver Builder – Lite
2.373 Ultimate Addons for Beaver Builder – Lite
2.374 Ultimate Addons for Beaver Builder – Lite
2.375 Welcart e-Commerce
2.376 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
2.377 Appointment Hour Booking – Booking Calendar
2.378 Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder
2.379 BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor
2.380 Bold Timeline Lite
2.381 Passster – Password Protect Pages and Content
2.382 Crelly Slider
2.383 Content Blocks (Custom Post Widget)
2.384 Content Blocks (Custom Post Widget)
2.385 WP Customer Area
2.386 Document Embedder – Embed PDFs, Word, Excel, and Other Files
2.387 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
2.388 Maps Plugin using Google Maps for WordPress – WP Google Map
2.389 AIP – AI Chatbots, Content Writer & Forms (formerly AI Power)
2.390 LA-Studio Element Kit for Elementor
2.391 LA-Studio Element Kit for Elementor
2.392 Motors – Car Dealership & Classified Listings Plugin
2.393 Child Theme Creator by Orbisius
2.394 Order Minimum/Maximum Amount Limits for WooCommerce
2.395 OSM – OpenStreetMap
2.396 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
2.397 Recipe Card Blocks Lite
2.398 SupportCandy – Helpdesk & Customer Support Ticket System
2.399 SupportCandy – Helpdesk & Customer Support Ticket System
2.400 Testimonial Carousel For Elementor
2.401 User Submitted Posts – Enable Users to Submit Posts from the Front End
2.402 Countdown Timer – Widget Countdown
2.403 Simple Shopping Cart
2.404 Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
2.405 Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages
2.406 WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress
2.407 Backup, Restore and Migrate your sites with XCloner
2.408 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
2.409 Prisna GWT – Google Website Translator
2.410 Qubely – Advanced Gutenberg Blocks
2.411 Nexter Gutenberg Blocks – Website Builder & 1000+ Starter Templates
2.412 Ultimate Coming Soon & Maintenance
2.413 Ultimate Coming Soon & Maintenance
2.414 VikBooking Hotel Booking Engine & PMS
2.415 NEX-Forms – Ultimate Forms Plugin for WordPress
2.416 WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
2.417 WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer
2.418 EventPrime – Events Calendar, Bookings and Tickets
2.419 EventPrime – Events Calendar, Bookings and Tickets
2.420 EventPrime – Events Calendar, Bookings and Tickets
2.421 bSlider – Create Responsive Image, Post, Product, and Video Sliders
2.422 EventON – Events Calendar
2.423 EventON – Events Calendar
2.424 EventON – Events Calendar
2.425 EventON – Events Calendar
2.426 EventON – Events Calendar
2.427 Hunk Companion
2.428 Pearl – Header Builder
2.429 ProfileGrid – User Profiles, Groups and Communities
2.430 ProfileGrid – User Profiles, Groups and Communities
2.431 Survey Maker
2.432 Booking Calendar | Appointment Booking | Bookit
2.433 Easy Image Gallery
2.434 SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
2.435 SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
2.436 Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor
2.437 Return Refund and Exchange For WooCommerce
2.438 CubeWP Framework
2.439 CubeWP Framework
2.440 CubeWP Framework
2.441 ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)
2.442 FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler
2.443 HelloAsso
2.444 MediaPress
2.445 TS Poll – Survey, Versus Poll, Image Poll, Video Poll
2.446 Spexo Addons for Elementor – Free Addons, Widgets and Templates for Elementor
2.447 WPZOOM Addons for Beaver Builder
2.448 WPZOOM Addons for Beaver Builder
2.449 WPZOOM Addons for Beaver Builder
2.450 WPZOOM Addons for Beaver Builder
2.451 AVIF Uploader
2.452 MultiVendorX – WooCommerce Multivendor Marketplace Solutions
2.453 Gallery PhotoBlocks
2.454 Tickera – Sell Tickets & Manage Events
2.455 WP-DownloadManager
2.456 WP-WebAuthn
2.457 WPB Addons for Elementor – News Ticker, Timeline, Team, Services, Testimonials, and Much More
2.458 WP Directory Kit
2.459 Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin
2.460 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
2.461 KiviCare – Clinic & Patient Management System (EHR)
2.462 Markup Markdown
2.463 Melapress Login Security
2.464 RSS Feed Widget
2.465 WPBITS Addons For Elementor Page Builder
2.466 WPBITS Addons For Elementor Page Builder
2.467 Visual Feedback, Review & AI Collaboration Tool For WordPress – Atarim
2.468 Categorify – WordPress Media Library Category & File Manager
2.469 Categorify – WordPress Media Library Category & File Manager
2.470 Categorify – WordPress Media Library Category & File Manager
2.471 Categorify – WordPress Media Library Category & File Manager
2.472 Categorify – WordPress Media Library Category & File Manager
2.473 Categorify – WordPress Media Library Category & File Manager
2.474 Categorify – WordPress Media Library Category & File Manager
2.475 Geo Controller
2.476 Smart Online Order for Clover
2.477 Web3 Crypto Payments by DePay for WooCommerce
2.478 Double the Donation – A workplace giving tool
2.479 Educare – Students & Result Management System
2.480 Enter Addons – Ultimate Template Builder for Elementor
2.481 Enter Addons – Ultimate Template Builder for Elementor
2.482 Enter Addons – Ultimate Template Builder for Elementor
2.483 EPROLO-Dropshipping
2.484 Flamix: Bitrix24 and Contact Form 7 integrations
2.485 Friendly Functions for Welcart
2.486 Mizan Demo Importer
2.487 Nelio Popups
2.488 Frontend File Manager Plugin
2.489 PDF Generator Addon for Elementor Page Builder
2.490 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget
2.491 Private Google Calendars
2.492 Save as PDF Plugin by PDFCrowd
2.493 Simple Popup Plugin
2.494 Squelch Tabs and Accordions Shortcodes
2.495 Subscriptions & Memberships for PayPal
2.496 Sunshine Photo Cart: Free Client Photo Galleries for Photographers
2.497 Tainacan
2.498 Tutor LMS – Migration Tool
2.499 WC Builder – WooCommerce Page Builder for WPBakery
2.500 WishSuite – Wishlist for WooCommerce
2.501 Easy 3D Viewer
2.502 WP Sync for Notion – Notion to WordPress
2.503 Zephyr Project Manager
2.504 CBX Map for Google Map & OpenStreetMap
2.505 ContentStudio
2.506 Ebook Store
2.507 Omnipress
2.508 3DPrint Lite
2.509 3DPrint Lite
2.510 3DPrint Lite
2.511 Frontis Blocks — Block Library for the Block Editor
2.512 RapidLoad AI – Optimize Web Vitals Automatically
2.513 Confetti Fall Animation
2.514 Frontend Dashboard
2.515 Simplebooklet PDF Viewer and Embedder
2.516 eMagicOne Store Manager for WooCommerce
2.517 aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory
2.518 Polls CP
2.519 Dynamic AJAX Product Filters for WooCommerce
2.520 Easy Replace Image
2.521 EZ SQL Reports Shortcode Widget and DB Backup
2.522 g-FFL Cockpit
2.523 Simple calendar for Elementor
2.524 SurveyJS: Drag & Drop Form Builder
2.525 VidShop – Shoppable Videos for WooCommerce
2.526 CYAN Backup
2.527 DeBounce Email Validator
2.528 ELEX WordPress HelpDesk & Customer Ticketing System
2.529 ELEX WordPress HelpDesk & Customer Ticketing System
2.530 ELEX WordPress HelpDesk & Customer Ticketing System
2.531 ELEX WordPress HelpDesk & Customer Ticketing System
2.532 TableOn – WordPress Posts Table Filterable
2.533 Photo Contest | Competition | Video Contest
2.534 Webcake – Landing Page Builder
2.535 Accept Stripe Payments Using Contact Form 7
2.536 Autoship Cloud for WooCommerce Subscription Products
2.537 Site.pro for WooCommerce
2.538 NinjaTeam Header Footer Custom Code
2.539 Link Invoice Payment for WooCommerce
2.540 Premmerce Wishlist for WooCommerce
2.541 Simple User Registration
2.542 Zigaform – Price Calculator & Cost Estimation Form Builder Lite
2.543 Run Contests, Raffles, and Giveaways with ContestsWP
2.544 Course Booking System
2.545 IDonate – Blood Donation, Request And Donor Management System
2.546 Interactions – Create Interactive Experiences in the Block Editor
2.547 Feedify – Web Push Notifications
2.548 Chatbot with ChatGPT WordPress
2.549 Uptodown APK Download Widget
2.550 WP To Do
2.551 WP To Do
2.552 WP To Do
2.553 Pdf & Print to Post – Custom Post Type and Pages
2.554 Ganohrs Toggle Shortcode
2.555 Linear
2.556 TableMaster for Elementor – Advanced Responsive Tables for Elementor
2.557 GeoDataSource Country Region DropDown
2.558 Zigaform – Form Builder Lite
2.559 Target Video Easy Publish
2.560 IRM Newsroom
2.561 IRM Newsroom
2.562 Sertifier Certificate & Badge Maker for WordPress – Tutor LMS
2.563 Binary MLM Plan
2.564 ConvertForce Popup Builder
2.565 Bread & Butter: Content Gating for Verified Leads
2.566 Community Events
2.567 Forms Bridge – Infinite integrations
2.568 Magic Buttons for Elementor
2.569 EKC Tournament Manager
2.570 Ultimate Classified Listings
2.571 Buy Now Plus — Payments with Stripe
2.572 coreActivity: Activity Logging for WordPress
2.573 HAPPY – Helpdesk Support Ticket System
2.574 Simple Folio
2.575 WPBookit
2.576 ARMember Premium
2.577 Beaver Builder Plugin (Starter Version)
2.578 BM Content Builder
2.579 bodi0’s Easy Cache
2.580 Bridge Core
2.581 Buddyboss Platform
2.582 Divi Builder
2.583 Elementor Pro
2.584 EventON
2.585 EventON
2.586 EventON
2.587 EventON
2.588 EventON
2.589 Favicon Generator
2.590 Gyan Elements
2.591 WPGYM
2.592 WPBakery Page Builder
2.593 WPBakery Page Builder
2.594 WPBakery Page Builder
2.595 MelaPress Login Security Premium
2.596 Memberlite Shortcodes
2.597 ModelTheme Addons for WPBakery and Elementor
2.598 Paid Memberships Pro
2.599 Community by PeepSo
2.600 Community by PeepSo
2.601 Porto Theme – Functionality
2.602 Prague
2.603 Premium Addons PRO
2.604 Premium Addons PRO
2.605 Premium Addons PRO
2.606 Premium Addons PRO
2.607 Premium Addons PRO
2.608 Relevanssi Premium
2.609 Relevanssi Premium
2.610 Slider Revolution
2.611 Slider Revolution
2.612 Salient Core
2.613 Salient Shortcodes
2.614 Salient Shortcodes
2.615 Schedula – Smart Appointment Booking
2.616 Service Finder Booking
2.617 Service Finder Booking
2.618 Simple Locator
2.619 The Grid
2.620 Ultimate Addons for WPBakery Page Builder
2.621 Ultimate Addons for WPBakery Page Builder
2.622 Ultimate Addons for WPBakery Page Builder
2.623 Ultimate Addons for WPBakery Page Builder
2.624 Web to SugarCRM Lead
2.625 WooCommerce Social Login
2.626 WooCommerce Social Login
2.627 WooCommerce Social Login
2.628 WooCommerce Customers Manager
2.629 WooCommerce PDF Vouchers
2.630 Affiliate Manager
2.631 Affiliate Manager
2.632 Affiliate Manager
2.633 Affiliate Manager
2.634 WP eStore
2.635 WP eStore
2.636 WP eStore
2.637 WP eStore
2.638 WP eMember

3. WordPress Themes — 9 Patched / 14 Unpatched

3.1 Oxygen
3.2 Aardvark
3.3 Capella
3.4 Cas
3.5 Cas
3.6 Gauge
3.7 KindlyCare
3.8 Outdoor
3.9 Oyster – Photography WordPress Theme
3.10 PhotoMe
3.11 SOHO – Photography WordPress Theme
3.12 The Wound
3.13 WPJobster
3.14 WPJobster
3.15 OceanWP
3.16 Divi
3.17 Himer
3.18 Himer
3.19 Himer
3.20 Himer
3.21 Jobify
3.22 Konte
3.23 Travel Tour

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.9.1 was released on February 3, 2026, as a short-cycle maintenance update, addressing 49 bugs across WordPress Core and the Block Editor, including fixes affecting the editor, mail functionality, and classic themes. Sites with automatic background updates may already be updated. We recommend reviewing the details and updating as part of your regular maintenance cycle.

The next major WordPress release, version 7.0, is scheduled for April 9, 2026, during WordCamp Asia.

WordPress Plugins — 488 Patched / 150 Unpatched

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Master Slider – Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13757

Plugin:: Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13650

Plugin:: Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
Plugin Slug:: directorist
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68069

Plugin:: Kama Thumbnail
Plugin Slug:: kama-thumbnail
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24521

Plugin:: Leadpages
Plugin Slug:: leadpages
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68050

Plugin:: Shiprocket
Plugin Slug:: shiprocket
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68051

Plugin:: NextMove Lite – Thank You Page for WooCommerce
Plugin Slug:: woo-thank-you-page-nextmove-lite
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68048

Plugin:: CLP Varnish Cache
Plugin Slug:: clp-varnish-cache
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24525

Plugin:: Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent
Plugin Slug:: tablesome
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24524

Plugin:: WP FullCalendar
Plugin Slug:: wp-fullcalendar
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24523

Plugin:: WP Subscribe
Plugin Slug:: wp-subscribe
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24522

Plugin:: Travelpayouts
Plugin Slug:: travelpayouts
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68042

Plugin:: TelSender – ?ontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot
Plugin Slug:: telsender
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: ?????? ????? ???? ?? ???? ?? ?? ??
Plugin Slug:: farazsms
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68031

Plugin:: Translate WordPress Websites Globally with ConveyThis Translate
Plugin Slug:: conveythis-translate
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68021

Plugin:: Frontend File Manager Plugin
Plugin Slug:: nmedia-user-file-uploader
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1280

Plugin:: Nova Blocks by Pixelgrade
Plugin Slug:: nova-blocks
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24528

Plugin:: Email Inquiry & Cart Options for WooCommerce
Plugin Slug:: woocommerce-email-inquiry-cart-options
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24526

Plugin:: Generic Elements
Plugin Slug:: generic-elements-for-elementor
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9080

Plugin:: Quick Restaurant Reservations
Plugin Slug:: quick-restaurant-reservations
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24529

Plugin:: Easy Hotel Booking – Powerful Hotel Booking
Plugin Slug:: easy-hotel
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68005

Plugin:: SurveyJS: Drag & Drop Form Builder
Plugin Slug:: surveyjs
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13139

Plugin:: SurveyJS: Drag & Drop Form Builder
Plugin Slug:: surveyjs
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13194

Plugin:: SurveyJS: Drag & Drop Form Builder
Plugin Slug:: surveyjs
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13205

Plugin:: Sendy
Plugin Slug:: sendy
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68564

Plugin:: Asynchronous Javascript
Plugin Slug:: asynchronous-javascript
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68846

Plugin:: eDS Responsive Menu
Plugin Slug:: eds-responsive-menu
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68845

Plugin:: FeedWordPress Advanced Filters
Plugin Slug:: faf
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68843

Plugin:: Membee Login
Plugin Slug:: membees-member-login-widget
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68844

Plugin:: Widget Logic Visual
Plugin Slug:: widget-logic-visual
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68842

Plugin:: ID Arrays
Plugin Slug:: id-arrays
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68854

Plugin:: iSape
Plugin Slug:: isape
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68847

Plugin:: JobBoard Job listing plugin
Plugin Slug:: job-board-light
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68855

Plugin:: Mopinion Feedback Form
Plugin Slug:: mopinion-feedback-form
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68856

Plugin:: LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart
Plugin Slug:: lazytasks-project-task-management
Installations: 80+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-12963

Plugin:: JavaScript Notifier
Plugin Slug:: javascript-notifier
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1191

Plugin:: Simple Archive Generator
Plugin Slug:: simple-archive-generator
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68880

Plugin:: Aardvark Plugin
Plugin Slug:: aardvark-plugin
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69297

Plugin:: ABC Notation
Plugin Slug:: abc-notation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13551

Plugin:: AhaChat Messenger Marketing
Plugin Slug:: ahachat-messenger-marketing
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68895

Plugin:: AhaChat Messenger Marketing
Plugin Slug:: ahachat-messenger-marketing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-14316

Plugin:: AHAthat
Plugin Slug:: ahathat
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11269

Plugin:: Allmart
Plugin Slug:: allmart-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69304

Plugin:: Anber Elementor Addon
Plugin Slug:: anber-elementor-addon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7439

Plugin:: Aoa Downloadable
Plugin Slug:: aoa-downloadable
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13617

Plugin:: Aoa Downloadable
Plugin Slug:: aoa-downloadable
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13618

Plugin:: Ads Pro
Plugin Slug:: ap-plugin-scripteo
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-4381

Plugin:: Ads Pro
Plugin Slug:: ap-plugin-scripteo
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-5339

Plugin:: Ads Pro
Plugin Slug:: ap-plugin-scripteo
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-7402

Plugin:: ArielBrailovsky-ViralAd
Plugin Slug:: arielbrailovsky-viralad
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-2106

Plugin:: Auto Thickbox
Plugin Slug:: auto-thickbox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2537

Plugin:: Bitcoin Donate Button
Plugin Slug:: bitcoin-donate-button
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1380

Plugin:: BlockArt Blocks
Plugin Slug:: blockart-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14283

Plugin:: BlossomThemes Social Feed
Plugin Slug:: blossomthemes-instagram-feed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Booked
Plugin Slug:: booked
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-22341

Plugin:: Business Card
Plugin Slug:: business-card-by-esterox-100
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4531

Plugin:: Business Card
Plugin Slug:: business-card-by-esterox-100
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4531

Plugin:: Business Card
Plugin Slug:: business-card-by-esterox-100
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4532

Plugin:: Buttons Shortcode and Widget
Plugin Slug:: buttons-shortcode-and-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0711

Plugin:: Change WP URL
Plugin Slug:: change-wp-url
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1398

Plugin:: cits-support-svg-webp-media-upload
Plugin Slug:: cits-support-svg-webp-media-upload
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0807

Plugin:: Accessiy by CodeConfig Widget for ADA, EAA & WCAG Compliance
Plugin Slug:: codeconfig-accessibility
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13309

Plugin:: Crete Core
Plugin Slug:: crete-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69305

Plugin:: CRM Memberships
Plugin Slug:: crm-memberships
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13312

Plugin:: CRM Memberships
Plugin Slug:: crm-memberships
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-13313

Plugin:: DesignThemes Core Features
Plugin Slug:: designthemes-core-features
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69302

Plugin:: Pixter Right Click Protect Images for WordPress
Plugin Slug:: disable-right-click-powered-by-pixterme
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-8047

Plugin:: Dyn Business Panel
Plugin Slug:: dyn-business-panel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13056

Plugin:: Easy Jump Links Menus
Plugin Slug:: easy-jump-links-menus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13860

Plugin:: Electio Core
Plugin Slug:: electio-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69306

Plugin:: Elegant Addons for elementor
Plugin Slug:: elegant-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5092

Plugin:: Emerce Core
Plugin Slug:: emerce-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69366

Plugin:: Eyewear prescription form
Plugin Slug:: eyewear-prescription-form
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14365

Plugin:: Feedback Modal for Website
Plugin Slug:: feedback-modal-for-website
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13528

Plugin:: Fintelligence Calculator
Plugin Slug:: fintelligence-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9859

Plugin:: Font Farsi
Plugin Slug:: font-farsi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2657

Plugin:: Frontend Checklist
Plugin Slug:: frontend-checklist
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4959

Plugin:: GoZen Forms
Plugin Slug:: gozen-forms
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-6783

Plugin:: Hide Categories Or Products On Shop Page
Plugin Slug:: hide-categories-or-products-on-shop-page
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12128

Plugin:: HL Twitter
Plugin Slug:: hl-twitter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3631

Plugin:: Image Hover Effects – Caption Hover with Carousel
Plugin Slug:: image-hover-effects-with-carousel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5001

Plugin:: Image Optimizer by wps.sk
Plugin Slug:: image-optimizer-wpssk
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12190

Plugin:: imwptip
Plugin Slug:: imwptip
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1377

Plugin:: Likes and Dislikes
Plugin Slug:: inprosysmedia-likes-dislikes-post
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-4840

Plugin:: Internal Link Builder
Plugin Slug:: internal-link-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14725

Plugin:: Joy Of Text Lite
Plugin Slug:: joy-of-text
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7984

Plugin:: JustClick registration plugin
Plugin Slug:: justclick-subscriber
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-13676

Plugin:: Kalrav AI Agent
Plugin Slug:: kalrav-ai-agent
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-13374

Plugin:: KiotViet Sync
Plugin Slug:: kiotvietsync
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12675

Plugin:: Kona Gallery Block
Plugin Slug:: kona-instagram-feed-for-gutenberg
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13400

Plugin:: Light Poll
Plugin Slug:: light-poll
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6496

Plugin:: Login Logout Register Menu
Plugin Slug:: login-logout-register-menu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3726

Plugin:: Marketplace Items
Plugin Slug:: marketplace-items
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12439

Plugin:: Medinik Core
Plugin Slug:: medinik-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69307

Plugin:: Meta-box GalleryMeta
Plugin Slug:: meta-box-gallerymeta
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2026-0687

Plugin:: Meta-box GalleryMeta
Plugin Slug:: meta-box-gallerymeta
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1302

Plugin:: Search Atlas SEO
Plugin Slug:: metasync
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-14386

Plugin:: ModelTheme Framework
Plugin Slug:: modeltheme-framework
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69303

Plugin:: Takeads
Plugin Slug:: monetize-link
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12370

Plugin:: Nestbyte Core
Plugin Slug:: nestbyte-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69308

Plugin:: Newsletter Popup
Plugin Slug:: newsletter-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3641

Plugin:: Newsletter Popup
Plugin Slug:: newsletter-popup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3642

Plugin:: Newsletter Popup
Plugin Slug:: newsletter-popup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3643

Plugin:: Norby AI
Plugin Slug:: norby-ai
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13362

Plugin:: PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
Plugin Slug:: paypal-pay-buy-donation-and-cart-buttons-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5447

Plugin:: Pet Manager
Plugin Slug:: pet-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3918

Plugin:: Image License and Protection
Plugin Slug:: pixter-image-digital-license
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-8047

Plugin:: Postalicious
Plugin Slug:: postalicious
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1266

Plugin:: Premmerce Brands for WooCommerce
Plugin Slug:: premmerce-woocommerce-brands
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12783

Plugin:: Recooty
Plugin Slug:: recooty
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14616

Plugin:: Responsive Header
Plugin Slug:: responsive-header
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1300

Plugin:: Rupantorpay
Plugin Slug:: rupantorpay
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15511

Plugin:: Saasplate Core
Plugin Slug:: saasplate-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69309

Plugin:: SendPress Newsletters
Plugin Slug:: sendpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1588

Plugin:: SendPress Newsletters
Plugin Slug:: sendpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1589

Plugin:: SEO Links Interlinking
Plugin Slug:: seo-links-interlinking
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-14063

Plugin:: Sermon Manager
Plugin Slug:: sermon-manager-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12368

Plugin:: Smart PopUp Blaster
Plugin Slug:: smart-popup-blaster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12458

Plugin:: Solidres – Hotel booking plugin
Plugin Slug:: solidres
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13329

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3749

Plugin:: SSP Debug
Plugin Slug:: ssp-debugging
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13494

Plugin:: SVS Pricing Tables
Plugin Slug:: svs-pricing-tables
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2960

Plugin:: Testimonials Widget
Plugin Slug:: testimonials-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4705

Plugin:: Top Comments
Plugin Slug:: top-comments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12874

Plugin:: Translate This gTranslate Shortcode
Plugin Slug:: translate-this-google-translate-web-element-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8719

Plugin:: Quantic Social Image Hover
Plugin Slug:: tw-image-hover-share
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13360

Plugin:: Twitter Bootstrap Collapse aka Accordian Shortcode
Plugin Slug:: twitter-bootstrap-collapse-aka-accordian-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12722

Plugin:: Uroan Core
Plugin Slug:: uroan-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69365

Plugin:: Vzaar Media Management
Plugin Slug:: vzaar-media-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1391

Plugin:: Widget4Call
Plugin Slug:: widget4call
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13099

Plugin:: Woodly Core
Plugin Slug:: woodly-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69310

Plugin:: WoWPth
Plugin Slug:: wowpth
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1487

Plugin:: WordPress Auction Plugin
Plugin Slug:: wp-auctions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8857

Plugin:: WP Easy FAQs
Plugin Slug:: wp-easy-faqs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8686

Plugin:: WP Featherlight
Plugin Slug:: wp-featherlight
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5667

Plugin:: WP Google Ad Manager
Plugin Slug:: wp-google-ad-manager-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1399

Plugin:: WP Logs Book
Plugin Slug:: wp-logs-book
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4475

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6852

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6853

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6855

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6857

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6860

Plugin:: WP Online Users Stats
Plugin Slug:: wp-online-users-stats
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-4964

Plugin:: WP Prayer
Plugin Slug:: wp-prayer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3406

Plugin:: WP Prayer
Plugin Slug:: wp-prayer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3407

Plugin:: WP-Revive Adserver
Plugin Slug:: wp-revive-adserver
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12461

Plugin:: WordPress Survey & Poll
Plugin Slug:: wp-survey-and-poll
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12528

Plugin:: YouTube Embed, Playlist and Popup by WpDevArt
Plugin Slug:: youtube-video-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2537

Plugin:: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
Plugin Slug:: all-in-one-seo-pack
Installations: 3,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.1.1
Severity Score:: Medium
CVE:: 2024-3368

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.5
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.12
Severity Score:: Medium
CVE:: 2024-2650

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.16
Severity Score:: Medium
CVE:: 2024-3728

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.20
Severity Score:: Medium
CVE:: 2024-4448

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.20
Severity Score:: Medium
CVE:: 2024-4449

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-8742

Plugin:: Essential Addons for Elementor – Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.13
Severity Score:: Medium
CVE:: 2024-9993

Plugin:: ElementsKit Elementor Addons and Templates
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.3
Severity Score:: Medium
CVE:: 2025-3614

Plugin:: Spectra Gutenberg Blocks – Website Builder for the Block Editor
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.19.18
Severity Score:: Medium
CVE:: 2026-0950

Plugin:: Spectra Gutenberg Blocks – Website Builder for the Block Editor
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.9
Severity Score:: Medium
CVE:: 2024-1815

Plugin:: Cookie Notice & Compliance for GDPR / CCPA
Plugin Slug:: cookie-notice
Installations: 900,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.9
Severity Score:: Medium
CVE:: 2025-11186

Plugin:: Migration, Backup, Staging – WPvivid Backup & Migration
Plugin Slug:: wpvivid-backuprestore
Installations: 800,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.9.121
Severity Score:: Low
CVE:: 2025-12654

Plugin:: Premium Addons for Elementor – Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.29
Severity Score:: Medium
CVE:: 2024-3647

Plugin:: Premium Addons for Elementor – Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.32
Severity Score:: Medium
CVE:: 2024-4376

Plugin:: Premium Addons for Elementor – Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.32
Severity Score:: Medium
CVE:: 2024-4379

Plugin:: Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-6518

Plugin:: Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-6521

Plugin:: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Plugin Slug:: metform
Installations: 600,000+
Vulnerability:: Broken Authentication
Patched in Version:: 4.1.1
Severity Score:: Low
CVE:: 2026-0633

Plugin:: Ninja Forms – The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.1
Severity Score:: Medium
CVE:: 2025-2560

Plugin:: Ninja Forms – The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.1
Severity Score:: Medium
CVE:: 2025-2561

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-2798

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-2799

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-3889

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.976
Severity Score:: Medium
CVE:: 2024-4087

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-9059

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-9668

Plugin:: Royal Addons for Elementor – Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1013
Severity Score:: Medium
CVE:: 2025-1455

Plugin:: Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more
Plugin Slug:: easy-wp-smtp
Installations: 500,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.1
Severity Score:: Low
CVE:: 2024-3073

Plugin:: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.38
Severity Score:: Medium
CVE:: 2024-4208

Plugin:: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.37
Severity Score:: Medium
CVE:: 2024-4209

Plugin:: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.54
Severity Score:: Medium
CVE:: 2024-12581

Plugin:: Ocean Extra
Plugin Slug:: ocean-extra
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-3458

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.20.8
Severity Score:: Medium
CVE:: 2026-1210

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.4
Severity Score:: Medium
CVE:: 2024-1498

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.3
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2786

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2787

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2788

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2789

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-3724

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.8
Severity Score:: Medium
CVE:: 2024-4391

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.0
Severity Score:: Medium
CVE:: 2024-5041

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.9
Severity Score:: Medium
CVE:: 2024-5088

Plugin:: Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-3161

Plugin:: Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-3162

Plugin:: Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
Plugin Slug:: nextgen-gallery
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.59.12
Severity Score:: Medium
CVE:: 2025-2537

Plugin:: Page Builder: Pagelayer – Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.8
Severity Score:: Medium
CVE:: 2024-8426

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 400,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.4.6
Severity Score:: Medium
CVE:: 2025-12800

Plugin:: SureForms – Contact Form, Payment Form & Other Custom Form Builder
Plugin Slug:: sureforms
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: High
CVE:: 2025-14855

Plugin:: SureForms – Contact Form, Payment Form & Other Custom Form Builder
Plugin Slug:: sureforms
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2025-3514

Plugin:: GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.7
Severity Score:: Medium
CVE:: 2025-1619

Plugin:: GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.7
Severity Score:: Medium
CVE:: 2025-1620

Plugin:: GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.7
Severity Score:: Medium
CVE:: 2025-1621

Plugin:: GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.9
Severity Score:: Medium
CVE:: 2025-1624

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.136
Severity Score:: Medium
CVE:: 2024-13153

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2025-14274

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.113
Severity Score:: Medium
CVE:: 2024-6170

Plugin:: WP Go Maps (formerly WP Google Maps)
Plugin Slug:: wp-google-maps
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.0.05
Severity Score:: Medium
CVE:: 2026-0593

Plugin:: Advanced Google reCAPTCHA
Plugin Slug:: advanced-google-recaptcha
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.30
Severity Score:: High
CVE:: 2025-2074

Plugin:: Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
Plugin Slug:: essential-blocks
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.4
Severity Score:: Medium
CVE:: 2024-2255

Plugin:: FileOrganizer – WordPress File Manager
Plugin Slug:: fileorganizer
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.8
Severity Score:: High
CVE:: 2024-5599

Plugin:: Jetpack Boost – Website Speed, Performance and Critical CSS
Plugin Slug:: jetpack-boost
Installations: 200,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.4.7
Severity Score:: Medium
CVE:: 2024-6584

Plugin:: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.31
Severity Score:: Medium
CVE:: 2024-10704

Plugin:: Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
Plugin Slug:: supreme-modules-for-divi
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.53
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.1
Severity Score:: Medium
CVE:: 2025-13220

Plugin:: Redirection for Contact Form 7
Plugin Slug:: wpcf7-redirect
Installations: 200,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.2.8
Severity Score:: High
CVE:: 2025-14800

Plugin:: Ivory Search – WordPress Search Plugin
Plugin Slug:: add-search-to-menu
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.14
Severity Score:: Medium
CVE:: 2026-1053

Plugin:: AI Engine – The Chatbot and AI Framework for WordPress
Plugin Slug:: ai-engine
Installations: 100,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2026-0746

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-1426

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-1429

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.12
Severity Score:: Medium
CVE:: 2024-5554

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.3
Severity Score:: Medium
CVE:: 2024-9867

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.3
Severity Score:: Medium
CVE:: 2024-10980

Plugin:: Prime Slider – Addons for Elementor
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.2
Severity Score:: Medium
CVE:: 2024-3997

Plugin:: EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.11
Severity Score:: Medium
CVE:: 2024-1565

Plugin:: EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.13
Severity Score:: Medium
CVE:: 2024-2688

Plugin:: EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.15
Severity Score:: Medium
CVE:: 2024-3245

Plugin:: Lightbox & Modal Popup WordPress Plugin – FooBox
Plugin Slug:: foobox-image-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.35
Severity Score:: Medium
CVE:: 2025-5537

Plugin:: Gallery by FooGallery
Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.15
Severity Score:: Medium
CVE:: 2024-2081

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.14.2
Severity Score:: Critical
CVE:: 2024-5932

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.6.1
Severity Score:: High
CVE:: 2025-8620

Plugin:: WP Ghost (Hide My WP Ghost) – Security & Firewall
Plugin Slug:: hide-my-wp
Installations: 100,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 5.4.02
Severity Score:: High
CVE:: 2025-2056

Plugin:: Modula Image Gallery – Photo Grid & Video Gallery
Plugin Slug:: modula-best-grid-gallery
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.13.4
Severity Score:: Medium
CVE:: 2025-13891

Plugin:: The Ultimate Video Player For WordPress – by Presto Player
Plugin Slug:: presto-player
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2024-2428

Plugin:: Relevanssi – A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.22.1
Severity Score:: Medium
CVE:: CVE-2024-1380

Plugin:: Relevanssi – A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.26.0
Severity Score:: Medium
CVE:: 2025-14719

Plugin:: Responsive Lightbox & Gallery
Plugin Slug:: responsive-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.8
Severity Score:: Medium
CVE:: 2024-5667

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.4.2
Severity Score:: High
CVE:: 2024-2210

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.5
Severity Score:: Medium
CVE:: 2024-2784

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-2785

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-3197

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-3199

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.3
Severity Score:: Medium
CVE:: 2024-4484

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.3
Severity Score:: Medium
CVE:: 2024-4485

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-6575

Plugin:: The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-5583

Plugin:: Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
Plugin Slug:: themeisle-companion
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.31
Severity Score:: Medium
CVE:: 2024-1497

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.9.6
Severity Score:: Medium
CVE:: 2026-1371

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.4
Severity Score:: Medium
CVE:: 2025-13935

Plugin:: VK All in One Expansion Unit
Plugin Slug:: vk-all-in-one-expansion-unit
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.112.2
Severity Score:: Medium
CVE:: 2025-11267

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.15
Severity Score:: Medium
CVE:: 2024-10518

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.20
Severity Score:: Medium
CVE:: 2024-13120

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.20
Severity Score:: Medium
CVE:: 2024-13121

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13
Severity Score:: Medium
CVE:: 2024-1391

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13
Severity Score:: Medium
CVE:: 2024-1392

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.3
Severity Score:: Medium
CVE:: 2024-2091

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.4
Severity Score:: Medium
CVE:: 2024-2092

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.6
Severity Score:: Medium
CVE:: 2024-4570

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.6
Severity Score:: Medium
CVE:: 2024-4401

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.7
Severity Score:: Medium
CVE:: 2024-7122

Plugin:: Booking for Appointments and Events Calendar – Amelia
Plugin Slug:: ameliabooking
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2025-14720

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.17.3
Severity Score:: Medium
CVE:: 2024-12588

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1348

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1357

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1396

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1533

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-3341

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.17.1
Severity Score:: Medium
CVE:: 2024-9545

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.17.14
Severity Score:: Medium
CVE:: 2025-12379

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.17.14
Severity Score:: Medium
CVE:: 2025-13215

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.274
Severity Score:: Medium
CVE:: 2024-3337

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.277
Severity Score:: Medium
CVE:: 2024-4451

Plugin:: JetFormBuilder — Dynamic Blocks Form Builder
Plugin Slug:: jetformbuilder
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2025-11991

Plugin:: Custom Login Page Customizer
Plugin Slug:: login-customizer
Installations: 90,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.5.4
Severity Score:: Critical
CVE:: 2025-14975

Plugin:: Product Import Export for WooCommerce – Import Export Product CSV Suite
Plugin Slug:: product-import-export-for-woo
Installations: 90,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.5.1
Severity Score:: Low
CVE:: 2025-1911

Plugin:: Hustle – Email Marketing, Lead Generation, Optins, Popups
Plugin Slug:: wordpress-popup
Installations: 90,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.8.9.3
Severity Score:: High
CVE:: 2026-0911

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2024-2084

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-3308

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-3989

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.6
Severity Score:: Medium
CVE:: 2024-5173

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.7
Severity Score:: Medium
CVE:: 2024-4734

Plugin:: 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery
Plugin Slug:: interactive-3d-flipbook-powered-physics-engine
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.16.16
Severity Score:: Medium
CVE:: 2025-5289

Plugin:: LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
Plugin Slug:: learnpress
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.7.2
Severity Score:: Medium
CVE:: 2024-9881

Plugin:: MaxButtons – Create buttons
Plugin Slug:: maxbuttons
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.8.1
Severity Score:: Medium
CVE:: 2024-8968

Plugin:: SlimStat Analytics
Plugin Slug:: wp-slimstat
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.3
Severity Score:: High
CVE:: 2025-69323

Plugin:: Advanced Contact form 7 DB
Plugin Slug:: advanced-cf7-db
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.3
Severity Score:: Medium
CVE:: 2024-3723

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.41
Severity Score:: Medium
CVE:: 2024-1293

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.42
Severity Score:: Medium
CVE:: 2024-1940

Plugin:: Database for Contact Form 7, WPforms, Elementor forms
Plugin Slug:: contact-form-entries
Installations: 70,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.4.4
Severity Score:: High
CVE:: 2025-7384

Plugin:: Database for Contact Form 7, WPforms, Elementor forms
Plugin Slug:: contact-form-entries
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.6
Severity Score:: Medium
CVE:: 2026-0825

Plugin:: Featured Image from URL (FIFU)
Plugin Slug:: featured-image-from-url
Installations: 70,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.2.8
Severity Score:: High
CVE:: 2025-10036

Plugin:: Featured Image from URL (FIFU)
Plugin Slug:: featured-image-from-url
Installations: 70,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2025-13393

Plugin:: WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters
Plugin Slug:: wp-google-map-plugin
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.2
Severity Score:: Medium
CVE:: 2025-3503

Plugin:: WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters
Plugin Slug:: wp-google-map-plugin
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.2
Severity Score:: Medium
CVE:: 2025-3504

Plugin:: WP ULike – Engagement Analytics & Interactive Buttons to Understand Your Audience
Plugin Slug:: wp-ulike
Installations: 70,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.0.0
Severity Score:: Medium
CVE:: 2026-0909

Plugin:: Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.18
Severity Score:: Medium
CVE:: 2024-3626

Plugin:: Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.45
Severity Score:: Medium
CVE:: 2024-12566

Plugin:: Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.45
Severity Score:: Medium
CVE:: 2024-12567

Plugin:: Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.45
Severity Score:: Medium
CVE:: 2024-12568

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.3
Severity Score:: Medium
CVE:: 2024-2503

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.5
Severity Score:: Medium
CVE:: 2024-3985

Plugin:: Master Slider – Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.10.0
Severity Score:: Medium
CVE:: 2024-6490

Plugin:: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Plugin Slug:: post-and-page-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.7
Severity Score:: Medium
CVE:: 2024-6848

Plugin:: Qi Blocks
Plugin Slug:: qi-blocks
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2025-1626

Plugin:: Qi Blocks
Plugin Slug:: qi-blocks
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2025-1627

Plugin:: Ultimate Dashboard – Custom WordPress Dashboard
Plugin Slug:: ultimate-dashboard
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.6
Severity Score:: Medium
CVE:: 2025-1524

Plugin:: Ultimate Dashboard – Custom WordPress Dashboard
Plugin Slug:: ultimate-dashboard
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.6
Severity Score:: Medium
CVE:: 2025-1525

Plugin:: Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme
Plugin Slug:: addons-for-divi
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.6
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
Plugin Slug:: ays-popup-box
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.1.2
Severity Score:: Medium
CVE:: 2026-1165

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium
CVE:: 2024-3266

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.6
Severity Score:: Medium
CVE:: 2025-3715

Plugin:: Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.14.7
Severity Score:: Medium
CVE:: 2025-12804

Plugin:: Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.14.14
Severity Score:: Medium
CVE:: 2026-1431

Plugin:: Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.5
Severity Score:: Medium
CVE:: 2024-10893

Plugin:: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2024-13338

Plugin:: Getwid – Gutenberg Blocks
Plugin Slug:: getwid
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.11
Severity Score:: Medium
CVE:: 2024-6489

Plugin:: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.11.9
Severity Score:: Critical
CVE:: 2024-6695

Plugin:: Search Exclude
Plugin Slug:: search-exclude
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2025-2821

Plugin:: Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
Plugin Slug:: simple-tags
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.41.0
Severity Score:: High
CVE:: 2025-13922

Plugin:: Sina Extension for Elementor
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2024-4333

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-2922

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4458

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4459

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4212

Plugin:: Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-4268

Plugin:: Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.8
Severity Score:: Medium
CVE:: 2025-1312

Plugin:: Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.8
Severity Score:: Medium
CVE:: 2025-1703

Plugin:: Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.4
Severity Score:: Medium
CVE:: 2025-2918

Plugin:: Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-6362

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.3.0
Severity Score:: Medium
CVE:: 2026-24357

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1458

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1461

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1464

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1465

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1466

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.4
Severity Score:: Medium
CVE:: 2024-2926

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.4
Severity Score:: Medium
CVE:: 2024-3639

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2025.0
Severity Score:: Medium
CVE:: 2025-1439

Plugin:: Ajax Load More – Infinite Scroll, Load More, & Lazy Load
Plugin Slug:: ajax-load-more
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.8.2
Severity Score:: Medium
CVE:: 2025-15525

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.62
Severity Score:: Medium
CVE:: 2024-13381

Plugin:: Carousel Slider
Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.15
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-6691

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.31
Severity Score:: Medium
CVE:: 2024-10562

Plugin:: FunnelKit – Funnel Builder for WooCommerce Checkout
Plugin Slug:: funnel-builder
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.1.3
Severity Score:: Medium
CVE:: 2025-12878

Plugin:: Genesis Blocks
Plugin Slug:: genesis-blocks
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-2761

Plugin:: Genesis Blocks
Plugin Slug:: genesis-blocks
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2024-3901

Plugin:: Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 9.0.2
Severity Score:: High
CVE:: 2024-5606

Plugin:: Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 10.3.2
Severity Score:: High
CVE:: 2025-67987

Plugin:: Robo Gallery – Photo & Image Slider
Plugin Slug:: robo-gallery
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.23
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.3
Severity Score:: High
CVE:: 2024-5326

Plugin:: Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-3239

Plugin:: YITH WooCommerce Ajax Search
Plugin Slug:: yith-woocommerce-ajax-search
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.1
Severity Score:: Medium
CVE:: 2024-7846

Plugin:: Ditty – Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.46
Severity Score:: Medium
CVE:: 2024-6715

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.29
Severity Score:: Medium
CVE:: 2024-4262

Plugin:: Post Grid
Plugin Slug:: post-grid
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-1988

Plugin:: Post Grid
Plugin Slug:: post-grid
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-4042

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 12.3.20
Severity Score:: High
CVE:: 2024-6497

Plugin:: Stop Spammers Classic
Plugin Slug:: stop-spammer-registrations-plugin
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2026.2
Severity Score:: Medium
CVE:: 2025-14795

Plugin:: Stratum Widgets for Elementor
Plugin Slug:: stratum
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.1
Severity Score:: Medium
CVE:: 2025-7845

Plugin:: ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
Plugin Slug:: thirstyaffiliates
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.11.10
Severity Score:: Medium
CVE:: 2026-25024

Plugin:: Tutor LMS Elementor Addons
Plugin Slug:: tutor-lms-elementor-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-5576

Plugin:: WP Video Lightbox
Plugin Slug:: wp-video-lightbox
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.12
Severity Score:: Medium
CVE:: 2025-2540

Plugin:: Xpro Addons — 140+ Widgets for Elementor
Plugin Slug:: xpro-elementor-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.8
Severity Score:: Medium
CVE:: 2025-2108

Plugin:: Image Photo Gallery Final Tiles Grid
Plugin Slug:: final-tiles-grid-gallery-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.9
Severity Score:: Medium
CVE:: 2025-13693

Plugin:: Icegram Engage – Popups, Optins, CTAs & lot more…
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.32
Severity Score:: Medium
CVE:: 2024-13482

Plugin:: New User Approve
Plugin Slug:: new-user-approve
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.3
Severity Score:: High
CVE:: 2026-0832

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.7
Severity Score:: Medium
CVE:: 2024-6889

Plugin:: Snow Monkey Forms
Plugin Slug:: snow-monkey-forms
Installations: 20,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 12.0.4
Severity Score:: High
CVE:: 2026-1056

Plugin:: Ultimate Addons for Beaver Builder – Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2140

Plugin:: Ultimate Addons for Beaver Builder – Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2142

Plugin:: Ultimate Addons for Beaver Builder – Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2143

Plugin:: Ultimate Addons for Beaver Builder – Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2144

Plugin:: Welcart e-Commerce
Plugin Slug:: usc-e-shop
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.21
Severity Score:: Medium
CVE:: 2025-9367

Plugin:: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
Plugin Slug:: userswp
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.54
Severity Score:: Medium
CVE:: 2026-25015

Plugin:: Appointment Hour Booking – Booking Calendar
Plugin Slug:: appointment-hour-booking
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.61
Severity Score:: Medium
CVE:: 2026-1083

Plugin:: Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder
Plugin Slug:: bit-form
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.13.10
Severity Score:: High
CVE:: 2024-7780

Plugin:: BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor
Plugin Slug:: blockspare
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2024-8325

Plugin:: Bold Timeline Lite
Plugin Slug:: bold-timeline-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2025-14032

Plugin:: Passster – Password Protect Pages and Content
Plugin Slug:: content-protector
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.25
Severity Score:: Medium
CVE:: 2025-14865

Plugin:: Crelly Slider
Plugin Slug:: crelly-slider
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.7
Severity Score:: Medium
CVE:: 2024-13116

Plugin:: Content Blocks (Custom Post Widget)
Plugin Slug:: custom-post-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2024-3565

Plugin:: Content Blocks (Custom Post Widget)
Plugin Slug:: custom-post-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2024-6432

Plugin:: WP Customer Area
Plugin Slug:: customer-area
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.2.5
Severity Score:: Medium
CVE:: 2024-12436

Plugin:: Document Embedder – Embed PDFs, Word, Excel, and Other Files
Plugin Slug:: document-emberdder
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.0.5
Severity Score:: Medium
CVE:: 2026-1389

Plugin:: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Content Injection
Patched in Version:: 7.2.2
Severity Score:: Medium
CVE:: 2024-13499

Plugin:: Maps Plugin using Google Maps for WordPress – WP Google Map
Plugin Slug:: gmap-embed
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.4
Severity Score:: Medium
CVE:: 2024-13306

Plugin:: AIP – AI Chatbots, Content Writer & Forms (formerly AI Power)
Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.8.97
Severity Score:: High
CVE:: 2025-0428

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.9
Severity Score:: High
CVE:: 2024-5349

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2025-3106

Plugin:: Motors – Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.58
Severity Score:: Medium
CVE:: 2024-13737

Plugin:: Child Theme Creator by Orbisius
Plugin Slug:: orbisius-child-theme-creator
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-12263

Plugin:: Order Minimum/Maximum Amount Limits for WooCommerce
Plugin Slug:: order-minimum-amount-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.9
Severity Score:: Medium
CVE:: 2026-1381

Plugin:: OSM – OpenStreetMap
Plugin Slug:: osm
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-3603

Plugin:: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.11.2
Severity Score:: Medium
CVE:: 2024-1389

Plugin:: Recipe Card Blocks Lite
Plugin Slug:: recipe-card-blocks-by-wpzoom
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.13
Severity Score:: High
CVE:: 2025-14973

Plugin:: SupportCandy – Helpdesk & Customer Support Ticket System
Plugin Slug:: supportcandy
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.4.5
Severity Score:: Medium
CVE:: 2026-1251

Plugin:: SupportCandy – Helpdesk & Customer Support Ticket System
Plugin Slug:: supportcandy
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.5
Severity Score:: High
CVE:: 2026-0683

Plugin:: Testimonial Carousel For Elementor
Plugin Slug:: testimonials-carousel-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.2.0
Severity Score:: Medium
CVE:: 2024-4698

Plugin:: User Submitted Posts – Enable Users to Submit Posts from the Front End
Plugin Slug:: user-submitted-posts
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20260110
Severity Score:: High
CVE:: 2026-0800

Plugin:: Countdown Timer – Widget Countdown
Plugin Slug:: widget-countdown
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.8
Severity Score:: Medium
CVE:: 2025-14555

Plugin:: Simple Shopping Cart
Plugin Slug:: wordpress-simple-paypal-shopping-cart
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.1.4
Severity Score:: Medium
CVE:: 2025-3889

Plugin:: Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.9
Severity Score:: High
CVE:: 2024-7149

Plugin:: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages
Plugin Slug:: wplegalpages
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.5
Severity Score:: High
CVE:: 2025-67974

Plugin:: WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress
Plugin Slug:: wpvr
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.33
Severity Score:: Medium
CVE:: 2025-6350

Plugin:: Backup, Restore and Migrate your sites with XCloner
Plugin Slug:: xcloner-backup-and-restore
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.8.3
Severity Score:: Medium
CVE:: 2025-11759

Plugin:: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.0.7.5
Severity Score:: Medium
CVE:: 2026-1054

Plugin:: Prisna GWT – Google Website Translator
Plugin Slug:: google-website-translator
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.14
Severity Score:: Medium
CVE:: 2024-12680

Plugin:: Qubely – Advanced Gutenberg Blocks
Plugin Slug:: qubely
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.13
Severity Score:: Medium
CVE:: 2024-9601

Plugin:: Nexter Gutenberg Blocks – Website Builder & 1000+ Starter Templates
Plugin Slug:: the-plus-addons-for-block-editor
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.6.4
Severity Score:: Medium
CVE:: 2026-24377

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-9705

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-9706

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2024-2749

Plugin:: NEX-Forms – Ultimate Forms Plugin for WordPress
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.1.9
Severity Score:: Medium
CVE:: 2025-15510

Plugin:: WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-13429

Plugin:: WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer
Plugin Slug:: adminify
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.7.8
Severity Score:: Medium
CVE:: 2026-1060

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium
CVE:: 2024-1321

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.2.8.0
Severity Score:: Medium
CVE:: 2025-14507

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.8.1
Severity Score:: Medium
CVE:: 2026-24380

Plugin:: bSlider – Create Responsive Image, Post, Product, and Video Sliders
Plugin Slug:: b-slider
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2026-24383

Plugin:: EventON – Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.8
Severity Score:: High
CVE:: 2024-0233

Plugin:: EventON – Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.8
Severity Score:: Medium
CVE:: 2024-0235

Plugin:: EventON – Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.8
Severity Score:: Medium
CVE:: 2024-0236

Plugin:: EventON – Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.9
Severity Score:: Medium
CVE:: 2024-0237

Plugin:: EventON – Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.8
Severity Score:: High
CVE:: 2024-0238

Plugin:: Hunk Companion
Plugin Slug:: hunk-companion
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.0
Severity Score:: Critical
CVE:: 2024-11972

Plugin:: Pearl – Header Builder
Plugin Slug:: pearl-header-builder
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2024-12206

Plugin:: ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 6,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.9.4.6
Severity Score:: High
CVE:: 2025-0724

Plugin:: ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.4.5
Severity Score:: Medium
CVE:: 2025-1408

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.9.5
Severity Score:: Medium
CVE:: 2025-12892

Plugin:: Booking Calendar | Appointment Booking | Bookit
Plugin Slug:: bookit
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2025-12841

Plugin:: Easy Image Gallery
Plugin Slug:: easy-image-gallery
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2025-2540

Plugin:: SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
Plugin Slug:: slingblocks
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2024-13675

Plugin:: SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
Plugin Slug:: slingblocks
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.0
Severity Score:: Medium
CVE:: 2025-8607

Plugin:: Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor
Plugin Slug:: ultimate-store-kit
Installations: 5,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.0.0
Severity Score:: Critical
CVE:: 2024-5335

Plugin:: Return Refund and Exchange For WooCommerce
Plugin Slug:: woo-refund-and-exchange-lite
Installations: 5,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.5.6
Severity Score:: Medium
CVE:: 2025-12086

Plugin:: CubeWP Framework
Plugin Slug:: cubewp-framework
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.28
Severity Score:: Medium
CVE:: 2025-12129

Plugin:: CubeWP Framework
Plugin Slug:: cubewp-framework
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.28
Severity Score:: Medium
CVE:: 2025-6461

Plugin:: CubeWP Framework
Plugin Slug:: cubewp-framework
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.27
Severity Score:: Medium
CVE:: 2025-8615

Plugin:: ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)
Plugin Slug:: elex-bulk-edit-products-prices-attributes-for-woocommerce-basic
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2025-3280

Plugin:: FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler
Plugin Slug:: fluent-cart
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2025-67971

Plugin:: HelloAsso
Plugin Slug:: helloasso
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.11
Severity Score:: Medium
CVE:: 2024-7605

Plugin:: MediaPress
Plugin Slug:: mediapress
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2025-14552

Plugin:: TS Poll – Survey, Versus Poll, Image Poll, Video Poll
Plugin Slug:: poll-wp
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.0
Severity Score:: High
CVE:: 2024-8625

Plugin:: Spexo Addons for Elementor – Free Addons, Widgets and Templates for Elementor
Plugin Slug:: sastra-essential-addons-for-elementor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.24
Severity Score:: Medium
CVE:: 2025-8208

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2181

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2185

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2186

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2187

Plugin:: AVIF Uploader
Plugin Slug:: avif-support
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-9238

Plugin:: MultiVendorX – WooCommerce Multivendor Marketplace Solutions
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.23
Severity Score:: Medium
CVE:: 2025-4101

Plugin:: Gallery PhotoBlocks
Plugin Slug:: photoblocks-grid-gallery
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2026-24389

Plugin:: Tickera – Sell Tickets & Manage Events
Plugin Slug:: tickera-event-ticketing-system
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.5.4.9
Severity Score:: Medium
CVE:: 2024-12578

Plugin:: WP-DownloadManager
Plugin Slug:: wp-downloadmanager
Installations: 3,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.68.11
Severity Score:: Medium
CVE:: 2025-4799

Plugin:: WP-WebAuthn
Plugin Slug:: wp-webauthn
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-9023

Plugin:: WPB Addons for Elementor – News Ticker, Timeline, Team, Services, Testimonials, and Much More
Plugin Slug:: wpb-elementor-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2024-3063

Plugin:: WP Directory Kit
Plugin Slug:: wpdirectorykit
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2025-13920

Plugin:: Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin
Plugin Slug:: frontend-post-submission-manager-lite
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2025-14080

Plugin:: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
Plugin Slug:: funnelforms-free
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4.1
Severity Score:: Medium
CVE:: 2024-5857

Plugin:: KiviCare – Clinic & Patient Management System (EHR)
Plugin Slug:: kivicare-clinic-management-system
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.0.0
Severity Score:: High
CVE:: 2026-25022

Plugin:: Markup Markdown
Plugin Slug:: markup-markdown
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.20.10
Severity Score:: Medium
CVE:: 2025-9541

Plugin:: Melapress Login Security
Plugin Slug:: melapress-login-security
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2025-2876

Plugin:: RSS Feed Widget
Plugin Slug:: rss-feed-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2024-9836

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2024-2129

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2025-9082

Plugin:: Visual Feedback, Review & AI Collaboration Tool For WordPress – Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.2
Severity Score:: Medium
CVE:: 2026-25019

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1650

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1652

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1653

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1907

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1909

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1910

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1912

Plugin:: Geo Controller
Plugin Slug:: cf-geoplugin
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 8.7.0
Severity Score:: Medium
CVE:: 2024-7381

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.7
Severity Score:: Medium
CVE:: 2024-7030

Plugin:: Web3 Crypto Payments by DePay for WooCommerce
Plugin Slug:: depay-payments-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.18
Severity Score:: Medium
CVE:: 2024-12265

Plugin:: Double the Donation – A workplace giving tool
Plugin Slug:: double-the-donation
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.0
Severity Score:: Medium
CVE:: 2025-12020

Plugin:: Educare – Students & Result Management System
Plugin Slug:: educare
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2025-67978

Plugin:: Enter Addons – Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.3
Severity Score:: Medium
CVE:: 2026-25014

Plugin:: Enter Addons – Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-3680

Plugin:: Enter Addons – Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-7611

Plugin:: EPROLO-Dropshipping
Plugin Slug:: eprolo-dropshipping
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2025-12133

Plugin:: Flamix: Bitrix24 and Contact Form 7 integrations
Plugin Slug:: flamix-bitrix24-and-contact-forms-7-integrations
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-6568

Plugin:: Friendly Functions for Welcart
Plugin Slug:: friendly-functions-for-welcart
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2026-1208

Plugin:: Mizan Demo Importer
Plugin Slug:: mizan-demo-importer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.1.4
Severity Score:: Medium
CVE:: 2026-25021

Plugin:: Nelio Popups
Plugin Slug:: nelio-popups
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2026-25016

Plugin:: Frontend File Manager Plugin
Plugin Slug:: nmedia-user-file-uploader
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 23.5
Severity Score:: High
CVE:: 2025-14804

Plugin:: PDF Generator Addon for Elementor Page Builder
Plugin Slug:: pdf-generator-addon-for-elementor-page-builder
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.0.1
Severity Score:: High
CVE:: 2024-9935

Plugin:: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget
Plugin Slug:: post-grid-carousel-ultimate
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7
Severity Score:: High
CVE:: 2024-13408

Plugin:: Private Google Calendars
Plugin Slug:: private-google-calendars
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 20251128
Severity Score:: Medium
CVE:: 2025-12526

Plugin:: Save as PDF Plugin by PDFCrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.6
Severity Score:: High
CVE:: 2026-0862

Plugin:: Simple Popup Plugin
Plugin Slug:: simple-popup-plugin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6
Severity Score:: Medium
CVE:: 2024-8547

Plugin:: Squelch Tabs and Accordions Shortcodes
Plugin Slug:: squelch-tabs-and-accordions-shortcodes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.4.4
Severity Score:: Medium
CVE:: 2024-2499

Plugin:: Subscriptions & Memberships for PayPal
Plugin Slug:: subscriptions-memberships-for-paypal
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.8
Severity Score:: Medium
CVE:: 2025-12752

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.7.1
Severity Score:: Medium
CVE:: 2025-67973

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2025-14043

Plugin:: Tutor LMS – Migration Tool
Plugin Slug:: tutor-lms-migration-tool
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-1804

Plugin:: WC Builder – WooCommerce Page Builder for WPBakery
Plugin Slug:: wc-builder
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2025-14054

Plugin:: WishSuite – Wishlist for WooCommerce
Plugin Slug:: wishsuite
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2025-13838

Plugin:: Easy 3D Viewer
Plugin Slug:: woo-3d-viewer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.6.7
Severity Score:: Medium
CVE:: 2025-2540

Plugin:: WP Sync for Notion – Notion to WordPress
Plugin Slug:: wp-sync-for-notion
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2026-25020

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.102
Severity Score:: High
CVE:: 2024-7624

Plugin:: CBX Map for Google Map & OpenStreetMap
Plugin Slug:: cbxgooglemap
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2025-9123

Plugin:: ContentStudio
Plugin Slug:: contentstudio
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2025-13144

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8015
Severity Score:: High
CVE:: 2025-8113

Plugin:: Omnipress
Plugin Slug:: omnipress
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.6
Severity Score:: Medium
CVE:: 2025-12163

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3.7
Severity Score:: High
CVE:: 2025-3427

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3.7
Severity Score:: High
CVE:: 2025-3428

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3.7
Severity Score:: High
CVE:: 2025-3429

Plugin:: Frontis Blocks — Block Library for the Block Editor
Plugin Slug:: frontis-blocks
Installations: 800+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.1.7
Severity Score:: High
CVE:: 2026-0807

Plugin:: RapidLoad AI – Optimize Web Vitals Automatically
Plugin Slug:: unusedcss
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2024-13651

Plugin:: Confetti Fall Animation
Plugin Slug:: confetti-fall-animation
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-8919

Plugin:: Frontend Dashboard
Plugin Slug:: frontend-dashboard
Installations: 600+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.2.8
Severity Score:: High
CVE:: 2025-4473

Plugin:: Simplebooklet PDF Viewer and Embedder
Plugin Slug:: simplebooklet
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-13588

Plugin:: eMagicOne Store Manager for WooCommerce
Plugin Slug:: store-manager-connector
Installations: 600+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.0
Severity Score:: Critical
CVE:: 2025-5058

Plugin:: aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory
Plugin Slug:: adirectory
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.4
Severity Score:: Medium
CVE:: 2025-67975

Plugin:: Polls CP
Plugin Slug:: cp-polls
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.77
Severity Score:: Medium
CVE:: 2024-8854

Plugin:: Dynamic AJAX Product Filters for WooCommerce
Plugin Slug:: dynamic-ajax-product-filters-for-woocommerce
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2025-6255

Plugin:: Easy Replace Image
Plugin Slug:: easy-replace-image
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.3
Severity Score:: Medium
CVE:: 2026-1298

Plugin:: EZ SQL Reports Shortcode Widget and DB Backup
Plugin Slug:: elisqlreports
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.25.25
Severity Score:: Medium
CVE:: 2025-6462

Plugin:: g-FFL Cockpit
Plugin Slug:: g-ffl-cockpit
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2025-12721

Plugin:: Simple calendar for Elementor
Plugin Slug:: simple-calendar-for-elementor
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.7
Severity Score:: Medium
CVE:: 2026-1310

Plugin:: SurveyJS: Drag & Drop Form Builder
Plugin Slug:: surveyjs
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.20.27
Severity Score:: Medium
CVE:: 2025-13140

Plugin:: VidShop – Shoppable Videos for WooCommerce
Plugin Slug:: vidshop-for-woocommerce
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.5
Severity Score:: Critical
CVE:: 2026-0702

Plugin:: CYAN Backup
Plugin Slug:: cyan-backup
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-9663

Plugin:: DeBounce Email Validator
Plugin Slug:: debounce-io-email-validator
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.8.1
Severity Score:: High
CVE:: 2024-13339

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2025-12022

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2025-12023

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2025-12085

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2025-68837

Plugin:: TableOn – WordPress Posts Table Filterable
Plugin Slug:: posts-table-filterable
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.4.2
Severity Score:: Medium
CVE:: 2025-5143

Plugin:: Photo Contest | Competition | Video Contest
Plugin Slug:: totalcontest-lite
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.0
Severity Score:: High
CVE:: 2024-13822

Plugin:: Webcake – Landing Page Builder
Plugin Slug:: webcake
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2025-12165

Plugin:: Accept Stripe Payments Using Contact Form 7
Plugin Slug:: accept-stripe-payments-using-contact-form-7
Installations: 200+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6
Severity Score:: Medium
CVE:: 2024-12255

Plugin:: Autoship Cloud for WooCommerce Subscription Products
Plugin Slug:: autoship-cloud
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1
Severity Score:: Medium
CVE:: 2024-13461

Plugin:: Site.pro for WooCommerce
Plugin Slug:: b1-accounting
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.57
Severity Score:: High
CVE:: 2025-6717

Plugin:: NinjaTeam Header Footer Custom Code
Plugin Slug:: header-footer-code
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2024-6617

Plugin:: Link Invoice Payment for WooCommerce
Plugin Slug:: invoice-payment-for-woocommerce
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.1
Severity Score:: Medium
CVE:: 2025-14971

Plugin:: Premmerce Wishlist for WooCommerce
Plugin Slug:: premmerce-woocommerce-wishlist
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.11
Severity Score:: Medium
CVE:: 2025-13440

Plugin:: Simple User Registration
Plugin Slug:: wp-registration
Installations: 200+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.4
Severity Score:: Critical
CVE:: 2025-4334

Plugin:: Zigaform – Price Calculator & Cost Estimation Form Builder Lite
Plugin Slug:: zigaform-calculator-cost-estimation-form-builder-lite
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.8
Severity Score:: Medium
CVE:: 2024-13587

Plugin:: Run Contests, Raffles, and Giveaways with ContestsWP
Plugin Slug:: contest-code-checker
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2026-25023

Plugin:: Course Booking System
Plugin Slug:: course-booking-system
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.6
Severity Score:: Medium
CVE:: 2025-12042

Plugin:: IDonate – Blood Donation, Request And Donor Management System
Plugin Slug:: idonate
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.10
Severity Score:: Medium
CVE:: 2025-4523

Plugin:: Interactions – Create Interactive Experiences in the Block Editor
Plugin Slug:: interactions
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2025-12709

Plugin:: Feedify – Web Push Notifications
Plugin Slug:: push-notification-by-feedify
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.6
Severity Score:: High
CVE:: 2024-13874

Plugin:: Chatbot with ChatGPT WordPress
Plugin Slug:: smartsearchwp
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2024-6846

Plugin:: Uptodown APK Download Widget
Plugin Slug:: uptodown-apk-download-widget
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.1.11
Severity Score:: Medium
CVE:: 2024-12453

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3944

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3945

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3947

Plugin:: Pdf & Print to Post – Custom Post Type and Pages
Plugin Slug:: post-to-pdf
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2024-12446

Plugin:: Ganohrs Toggle Shortcode
Plugin Slug:: ganohrs-toggle-shortcode
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.2.5
Severity Score:: Medium
CVE:: 2024-12459

Plugin:: Linear
Plugin Slug:: linear
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2024-12496

Plugin:: TableMaster for Elementor – Advanced Responsive Tables for Elementor
Plugin Slug:: tablemaster-for-elementor
Installations: 80+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2025-14610

Plugin:: GeoDataSource Country Region DropDown
Plugin Slug:: geodatasource-country-region-dropdown
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2024-12474

Plugin:: Zigaform – Form Builder Lite
Plugin Slug:: zigaform-form-builder-lite
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.8
Severity Score:: Medium
CVE:: 2024-13573

Plugin:: Target Video Easy Publish
Plugin Slug:: brid-video-easy-publish
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.9
Severity Score:: Medium
CVE:: 2025-8072

Plugin:: IRM Newsroom
Plugin Slug:: irm-newsroom
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.20
Severity Score:: Medium
CVE:: 2025-4584

Plugin:: IRM Newsroom
Plugin Slug:: irm-newsroom
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.20
Severity Score:: Medium
CVE:: 2025-4586

Plugin:: Sertifier Certificate & Badge Maker for WordPress – Tutor LMS
Plugin Slug:: sertifier-certificates-open-badges
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.20
Severity Score:: Medium
CVE:: 2025-7841

Plugin:: Binary MLM Plan
Plugin Slug:: binary-mlm-plan
Installations: 50+
Vulnerability:: Privilege Escalation
Patched in Version:: 5.0
Severity Score:: Medium
CVE:: 2025-10038

Plugin:: ConvertForce Popup Builder
Plugin Slug:: convertforce-popup-builder
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.0.8
Severity Score:: Medium
CVE:: 2025-14506

Plugin:: Bread & Butter: Content Gating for Verified Leads
Plugin Slug:: bread-butter
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.0.1398
Severity Score:: Critical
CVE:: 2025-12189

Plugin:: Community Events
Plugin Slug:: community-events
Installations: 30+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.2
Severity Score:: Critical
CVE:: 2025-10586

Plugin:: Forms Bridge – Infinite integrations
Plugin Slug:: forms-bridge
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.0
Severity Score:: Medium
CVE:: 2026-1244

Plugin:: Magic Buttons for Elementor
Plugin Slug:: magic-buttons-for-elementor
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2025-6686

Plugin:: EKC Tournament Manager
Plugin Slug:: ekc-tournament-manager
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-9711

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Installations: 20+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7
Severity Score:: High
CVE:: 2025-9874

Plugin:: Buy Now Plus — Payments with Stripe
Plugin Slug:: buy-now-plus
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2026-1295

Plugin:: coreActivity: Activity Logging for WordPress
Plugin Slug:: coreactivity
Installations: 10+
Vulnerability:: Content Spoofing
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-0868

Plugin:: HAPPY – Helpdesk Support Ticket System
Plugin Slug:: happy-helpdesk-support-ticket-system
Installations: 10+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.9
Severity Score:: High
CVE:: 2025-67977

Plugin:: Simple Folio
Plugin Slug:: simple-folio
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2025-14039

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 10+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.0.3
Severity Score:: Critical
CVE:: 2025-3811

Plugin:: ARMember Premium
Plugin Slug:: armember
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.7.1
Severity Score:: Medium
CVE:: 2024-5596

Plugin:: Beaver Builder Plugin (Starter Version)
Plugin Slug:: bb-plugin
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.9.1.1
Severity Score:: High
CVE:: 2025-4102

Plugin:: BM Content Builder
Plugin Slug:: bm-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.16.3
Severity Score:: Medium
CVE:: 2025-1777

Plugin:: bodi0’s Easy Cache
Plugin Slug:: bodi0s-easy-cache
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9
Severity Score:: Medium
CVE:: 2024-12628

Plugin:: Bridge Core
Plugin Slug:: bridge-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3
Severity Score:: Medium
CVE:: 2024-9292

Plugin:: Buddyboss Platform
Plugin Slug:: buddyboss-platform
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.6.0
Severity Score:: Medium
CVE:: 2024-4886

Plugin:: Divi Builder
Plugin Slug:: divi-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.27.2
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Elementor Pro
Plugin Slug:: elementor-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.29.1
Severity Score:: Medium
CVE:: 2025-3076

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.5
Severity Score:: High
CVE:: 2024-0233

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.5.5
Severity Score:: Medium
CVE:: 2024-0235

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.5
Severity Score:: Medium
CVE:: 2024-0236

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.9
Severity Score:: Medium
CVE:: 2024-0237

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.6
Severity Score:: High
CVE:: 2024-0238

Plugin:: Favicon Generator
Plugin Slug:: favicon-generator
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.1
Severity Score:: High
CVE:: 2024-7864

Plugin:: Gyan Elements
Plugin Slug:: gyan-elements
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.2
Severity Score:: High
CVE:: 2026-23978

Plugin:: WPGYM
Plugin Slug:: gym-management
Vulnerability:: SQL Injection
Patched in Version:: 67.8.0
Severity Score:: Critical
CVE:: 2025-7442

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1841

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1842

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7
Severity Score:: Medium
CVE:: 2024-5265

Plugin:: MelaPress Login Security Premium
Plugin Slug:: melapress-login-security-premium
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2025-2876

Plugin:: Memberlite Shortcodes
Plugin Slug:: memberlite-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.1
Severity Score:: Medium
CVE:: 2025-10125

Plugin:: ModelTheme Addons for WPBakery and Elementor
Plugin Slug:: modeltheme-addons-for-wpbakery
Vulnerability:: PHP Object Injection
Patched in Version:: 1.5.6
Severity Score:: High
CVE:: 2025-68531

Plugin:: Paid Memberships Pro
Plugin Slug:: paid-memberships-pro
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.9
Severity Score:: Medium
CVE:: 2024-1279

Plugin:: Community by PeepSo
Plugin Slug:: peepso-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.6.0
Severity Score:: Medium
CVE:: 2024-7655

Plugin:: Community by PeepSo
Plugin Slug:: peepso-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.3.1.2
Severity Score:: High
CVE:: 2024-0187

Plugin:: Porto Theme – Functionality
Plugin Slug:: porto-functionality
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1.0
Severity Score:: High
CVE:: 2024-3809

Plugin:: Prague
Plugin Slug:: prague-plugins
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.9
Severity Score:: High
CVE:: 2025-67972

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-1997

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2000

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2237

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2238

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2239

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: Broken Access Control
Patched in Version:: 2.25.1
Severity Score:: Medium
CVE:: 2024-1380

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: SQL Injection
Patched in Version:: 2.29.0
Severity Score:: High
CVE:: 2025-14719

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.11
Severity Score:: Medium
CVE:: 2024-4581

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.11
Severity Score:: Medium
CVE:: 2024-4637

Plugin:: Salient Core
Plugin Slug:: salient-core
Vulnerability:: Local File Inclusion
Patched in Version:: 2.0.8
Severity Score:: High
CVE:: 2024-3812

Plugin:: Salient Shortcodes
Plugin Slug:: salient-shortcodes
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2024-3810

Plugin:: Salient Shortcodes
Plugin Slug:: salient-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-3811

Plugin:: Schedula – Smart Appointment Booking
Plugin Slug:: schedula-smart-appointment-booking
Vulnerability:: Broken Access Control
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2025-67970

Plugin:: Service Finder Booking
Plugin Slug:: sf-booking
Vulnerability:: Privilege Escalation
Patched in Version:: 6.1
Severity Score:: High
CVE:: 2025-5949

Plugin:: Service Finder Booking
Plugin Slug:: sf-booking
Vulnerability:: Privilege Escalation
Patched in Version:: 6.1
Severity Score:: High
CVE:: 2025-6574

Plugin:: Simple Locator
Plugin Slug:: simple-locator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.4
Severity Score:: Medium
CVE:: 2024-12501

Plugin:: The Grid
Plugin Slug:: the-grid
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2026-24368

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5252

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5253

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5254

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5255

Plugin:: Web to SugarCRM Lead
Plugin Slug:: web-to-sugarcrm-lead
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.1
Severity Score:: Medium
CVE:: 2025-13361

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Broken Authentication
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-6635

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Privilege Escalation
Patched in Version:: 2.7.4
Severity Score:: Critical
CVE:: 2024-6636

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Privilege Escalation
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-6637

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 30.1
Severity Score:: Medium
CVE:: 2024-3983

Plugin:: WooCommerce PDF Vouchers
Plugin Slug:: woocommerce-pdf-vouchers
Vulnerability:: Broken Authentication
Patched in Version:: 4.9.4
Severity Score:: High
CVE:: 2024-7027

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5281

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5282

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5283

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5286

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6073

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6074

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6076

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.6
Severity Score:: High
CVE:: 2024-6134

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.6
Severity Score:: High
CVE:: 2024-5075

WordPress Themes — 9 Patched / 14 Unpatched

Theme:: Oxygen
Theme Slug:: oxygen
Downloads: 403,132
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69299

Theme:: Aardvark
Theme Slug:: aardvark
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69296

Theme:: Capella
Theme Slug:: capella
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69370

Theme:: Cas
Theme Slug:: cas
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4388

Theme:: Cas
Theme Slug:: cas
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4399

Theme:: Gauge
Theme Slug:: gauge
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69298

Theme:: KindlyCare
Theme Slug:: kindlycare
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69371

Theme:: Outdoor
Theme Slug:: outdoor
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-10743

Theme:: Oyster – Photography WordPress Theme
Theme Slug:: oyster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69367

Theme:: PhotoMe
Theme Slug:: photome
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69301

Theme:: SOHO – Photography WordPress Theme
Theme Slug:: soho
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69368

Theme:: The Wound
Theme Slug:: the-wound
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2558

Theme:: WPJobster
Theme Slug:: wpjobster
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22340

Theme:: WPJobster
Theme Slug:: wpjobster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22339

Theme:: OceanWP
Theme Slug:: oceanwp
Downloads: 9,187,846
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: Medium
CVE:: 2024-5647

Theme:: Divi
Theme Slug:: divi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.27.2
Severity Score:: Medium
CVE:: 2024-5647

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-2040

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: CVE-2024-2231

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-2232

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-2235

Theme:: Jobify
Theme Slug:: jobify
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.8
Severity Score:: Medium
CVE:: 2024-13698

Theme:: Konte
Theme Slug:: konte
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-67547

Theme:: Travel Tour
Theme Slug:: traveltour
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.4
Severity Score:: High
CVE:: 2024-11846

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 488 Patched / 150 Unpatched