In this report, 345 vulnerabilities have been publicly disclosed. Security patches for 148 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 197 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.
WordPress Plugins — 146 Patched / 195 Unpatched
Shortcodes and extra features for Phlox theme
- Plugin Slug:
- auxin-elements
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-50500
Meta Tag Manager
- Plugin:
- Meta Tag Manager
- Plugin Slug:
- meta-tag-manager
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22260
Dynamic Conditions
- Plugin:
- Dynamic Conditions
- Plugin Slug:
- dynamicconditions
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22642
Hide Shipping Method For WooCommerce
- Plugin Slug:
- hide-shipping-method-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22694
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
- Plugin Slug:
- wedevs-project-manager
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22649
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
- Plugin:
- Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
- Plugin Slug:
- youzify
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13368
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
- Plugin:
- Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
- Plugin Slug:
- youzify
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12113
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
- Plugin Slug:
- borderless
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10867
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
- Plugin Slug:
- borderless
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11583
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
- Plugin Slug:
- borderless
- Installations
- 7,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-11600
WP Travel – Ultimate Travel Booking System, Tour Management Engine
- Plugin Slug:
- wp-travel
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22691
Payment Forms for Paystack
- Plugin:
- Payment Forms for Paystack
- Plugin Slug:
- payment-forms-for-paystack
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22652
Eventer
- Plugin:
- Eventer
- Plugin Slug:
- eventer
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11133
Eventer
- Plugin:
- Eventer
- Plugin Slug:
- eventer
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11133
Eventer
- Plugin:
- Eventer
- Plugin Slug:
- eventer
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11133
Blog, Posts and Category Filter for Elementor
- Plugin Slug:
- blog-posts-and-category-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22648
Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents
- Plugin Slug:
- document
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22696
Nirweb support
- Plugin:
- Nirweb support
- Plugin Slug:
- nirweb-support
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22695
Scroll Styler
- Plugin:
- Scroll Styler
- Plugin Slug:
- scroll-styler
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23990
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce
- Plugin Slug:
- vayu-blocks
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22644
Broadstreet
- Plugin:
- Broadstreet
- Plugin Slug:
- broadstreet
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11825
Job Board Manager
- Plugin:
- Job Board Manager
- Plugin Slug:
- job-board-manager
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22679
Paytm Payment Donation
- Plugin:
- Paytm Payment Donation
- Plugin Slug:
- paytm-donation
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22640
Designer – Elementor Addons
- Plugin:
- Designer – Elementor Addons
- Plugin Slug:
- designer
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-23987
Internal Link Builder
- Plugin:
- Internal Link Builder
- Plugin Slug:
- internal-link-builder
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23989
Music Press Pro
- Plugin:
- Music Press Pro
- Plugin Slug:
- music-press-pro
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22653
Image Rotator
- Plugin:
- Image Rotator
- Plugin Slug:
- appten-image-rotator
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25073
All push notification for WP
- Plugin:
- All push notification for WP
- Plugin Slug:
- all-push-notification
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25073
Linear
- Plugin:
- Linear
- Plugin Slug:
- linear
- Installations
- 60+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13709
CWD – Stealth Links
- Plugin:
- CWD – Stealth Links
- Plugin Slug:
- cwd-stealth-links
- Installations
- 50+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-22655
HT Event – WordPress Event Manager Plugin for Elementor
- Plugin Slug:
- ht-event
- Installations
- 50+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13216
Print PDF Generator and Publisher
- Plugin Slug:
- nopeamedia
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22637
AIO Performance Profiler, Monitor, Optimize, Compress & Debug
- Plugin Slug:
- all-in-one-performance-accelerator
- Installations
- 20+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22647
Appointment Buddy Widget By Accrete
- Plugin Slug:
- appointment-buddy-online-appointment-booking-by-accrete
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25081
Notification Bar – Top Bar – Easy Sticky Notification Bar | FM Notification Bar
- Plugin Slug:
- fm-notification-bar
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22641
ABC Notation
- Plugin:
- ABC Notation
- Plugin Slug:
- abc-notation
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13550
Altra Side Menu
- Plugin:
- Altra Side Menu
- Plugin Slug:
- altra-side-menu
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12774
Altra Side Menu
- Plugin:
- Altra Side Menu
- Plugin Slug:
- altra-side-menu
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12773
AnimateGL – Advanced Animation Plugin for WordPress
- Plugin:
- AnimateGL – Advanced Animation Plugin for WordPress
- Plugin Slug:
- animategl
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12620
Ask Me Anything (Anonymously)
- Plugin:
- Ask Me Anything (Anonymously)
- Plugin Slug:
- ask-me-anything-anonymously
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12512
Auto SEO
- Plugin:
- Auto SEO
- Plugin Slug:
- auto-seo
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25147
BookPress – For Book Authors
- Plugin:
- BookPress – For Book Authors
- Plugin Slug:
- book-press
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25167
BookPress – For Book Authors
- Plugin:
- BookPress – For Book Authors
- Plugin Slug:
- book-press
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25168
Breaking News Ticker
- Plugin:
- Breaking News Ticker
- Plugin Slug:
- breaking-news-ticker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25094
brodos.net Onlineshop Plugin
- Plugin:
- brodos.net Onlineshop Plugin
- Plugin Slug:
- brodos-net-onlineshop
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12529
Bulk Me Now!
- Plugin:
- Bulk Me Now!
- Plugin Slug:
- bulk-me-now
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12709
Bulk Me Now!
- Plugin:
- Bulk Me Now!
- Plugin Slug:
- bulk-me-now
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12708
Bulk Me Now!
- Plugin:
- Bulk Me Now!
- Plugin Slug:
- bulk-me-now
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12638
CanvasFlow
- Plugin:
- CanvasFlow
- Plugin Slug:
- canvasflow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12275
Child Themes Helper
- Plugin:
- Child Themes Helper
- Plugin Slug:
- child-themes-helper
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25093
Competition Form
- Plugin:
- Competition Form
- Plugin Slug:
- competition-form
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12749
Connections
- Plugin:
- Connections
- Plugin Slug:
- connections1
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12885
Custom Comment Notifications
- Plugin:
- Custom Comment Notifications
- Plugin Slug:
- custom-comment-notifications
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25154
A5 Custom Login Page
- Plugin:
- A5 Custom Login Page
- Plugin Slug:
- custom-login-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13226
Custom Links On Admin Dashboard Toolbar
- Plugin:
- Custom Links On Admin Dashboard Toolbar
- Plugin Slug:
- customize-wpadmin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25135
Delete Comments By Status
- Plugin:
- Delete Comments By Status
- Plugin Slug:
- delete-comments-by-status
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25097
Dental Optimizer Patient Generator App
- Plugin:
- Dental Optimizer Patient Generator App
- Plugin Slug:
- dental-optimizer-patient-generator-app
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13052
Dyn Business Panel
- Plugin:
- Dyn Business Panel
- Plugin Slug:
- dyn-business-panel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13057
Dyn Business Panel
- Plugin:
- Dyn Business Panel
- Plugin Slug:
- dyn-business-panel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13055
Easy Chart Builder for WordPress
- Plugin:
- Easy Chart Builder for WordPress
- Plugin Slug:
- easy-chart-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25077
Easy Related Posts
- Plugin:
- Easy Related Posts
- Plugin Slug:
- easy-related-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25123
Easy WP Tiles
- Plugin:
- Easy WP Tiles
- Plugin Slug:
- easy-wp-tiles
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25073
ECPay Ecommerce for WooCommerce
- Plugin:
- ECPay Ecommerce for WooCommerce
- Plugin Slug:
- ecpay-ecommerce-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13652
ECT Home Page Products
- Plugin:
- ECT Home Page Products
- Plugin Slug:
- ect-homepage-products
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13225
Embed RSS
- Plugin:
- Embed RSS
- Plugin Slug:
- embed-rss
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25081
Embed Swagger UI
- Plugin:
- Embed Swagger UI
- Plugin Slug:
- embed-swagger-ui
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13700
Etsy Importer
- Plugin:
- Etsy Importer
- Plugin Slug:
- etsy-importer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12817
External Video For Everybody
- Plugin:
- External Video For Everybody
- Plugin Slug:
- external-video-for-everybody
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25097
Facilita Form Tracker
- Plugin:
- Facilita Form Tracker
- Plugin Slug:
- facilita-form-tracker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25128
Fami Sales Popup
- Plugin:
- Fami Sales Popup
- Plugin Slug:
- fami-sales-popup
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25141
Fantastic Elasticsearch
- Plugin:
- Fantastic Elasticsearch
- Plugin Slug:
- fantastic-elasticsearch
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13221
Fare Calculator
- Plugin:
- Fare Calculator
- Plugin Slug:
- fare-calculator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23982
Status Updater
- Plugin:
- Status Updater
- Plugin Slug:
- fb-status-updater
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25111
FlashCounter
- Plugin:
- FlashCounter
- Plugin Slug:
- flashcounter
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23978
Post Title (TypeWriter)
- Plugin:
- Post Title (TypeWriter)
- Plugin Slug:
- flashnews-typewriter-pearlbells
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-56012
FlexIDX Home Search
- Plugin:
- FlexIDX Home Search
- Plugin Slug:
- flexidx-home-search
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25082
Forge – Front-End Page Builder
- Plugin:
- Forge – Front-End Page Builder
- Plugin Slug:
- forge
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22703
Frictionless
- Plugin:
- Frictionless
- Plugin Slug:
- frictionless
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13396
Full Circle
- Plugin:
- Full Circle
- Plugin Slug:
- full-circle
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23980
Fyrebox Quizzes
- Plugin:
- Fyrebox Quizzes
- Plugin Slug:
- fyrebox-shortcode
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25125
GlobalQuran
- Plugin:
- GlobalQuran
- Plugin Slug:
- globalquran
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25143
URL-Preview-Box
- Plugin:
- URL-Preview-Box
- Plugin Slug:
- good-url-preview-box
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25104
Google Earth Embed
- Plugin:
- Google Earth Embed
- Plugin Slug:
- google-earth-tours
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25078
WordPress Google Map Professional
- Plugin:
- WordPress Google Map Professional
- Plugin Slug:
- google-map-professional
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13220
Graceful Email Obfuscation
- Plugin:
- Graceful Email Obfuscation
- Plugin Slug:
- graceful-email-obfuscation
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25076
HTML5 chat
- Plugin:
- HTML5 chat
- Plugin Slug:
- html5-chat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12451
Plugin A/B Image Optimizer
- Plugin:
- Plugin A/B Image Optimizer
- Plugin Slug:
- images-optimizer
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25163
Implied Cookie Consent
- Plugin:
- Implied Cookie Consent
- Plugin Slug:
- implied-cookie-consent
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25097
Indeed API
- Plugin:
- Indeed API
- Plugin Slug:
- indeed-api
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25103
Infusionsoft Analytics
- Plugin:
- Infusionsoft Analytics
- Plugin Slug:
- infusionsoft-web-tracker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25145
InLocation
- Plugin:
- InLocation
- Plugin Slug:
- inlocation
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25166
Issuu Panel
- Plugin:
- Issuu Panel
- Plugin Slug:
- issuu-panel
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23976
WP Vehicle Manager
- Plugin:
- WP Vehicle Manager
- Plugin Slug:
- js-vehicle-manager
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25081
Event Kikfyre
- Plugin:
- Event Kikfyre
- Plugin Slug:
- kikfyre-events-calendar-tickets
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25110
Kona Gallery Block
- Plugin:
- Kona Gallery Block
- Plugin Slug:
- kona-instagram-feed-for-gutenberg
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25080
Contact Form and Calls To Action by vcita
- Plugin:
- Contact Form and Calls To Action by vcita
- Plugin Slug:
- lead-capturing-call-to-actions-by-vcita
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13717
Like dislike plus counter
- Plugin:
- Like dislike plus counter
- Plugin Slug:
- like-dislike-plus-counter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25073
Link to URL / Post
- Plugin:
- Link to URL / Post
- Plugin Slug:
- link-to-url-post
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25116
Links in Captions
- Plugin:
- Links in Captions
- Plugin Slug:
- links-in-captions
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25098
Live2DWebCanvas
- Plugin:
- Live2DWebCanvas
- Plugin Slug:
- live-2d
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13767
Login-box
- Plugin:
- Login-box
- Plugin Slug:
- login-box
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25149
MagicForm
- Plugin:
- MagicForm
- Plugin Slug:
- magicform
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-0939
Masy Gallery
- Plugin:
- Masy Gallery
- Plugin Slug:
- masy-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13586
Munk Sites
- Plugin:
- Munk Sites
- Plugin Slug:
- munk-sites
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-25101
Music Sheet Viewer
- Plugin:
- Music Sheet Viewer
- Plugin Slug:
- music-sheet-viewer
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25155
Music Sheet Viewer
- Plugin:
- Music Sheet Viewer
- Plugin Slug:
- music-sheet-viewer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13670
NextGen Cooliris Gallery
- Plugin:
- NextGen Cooliris Gallery
- Plugin Slug:
- nextgen-cooliris-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25091
Ni Sales Commission For WooCommerce
- Plugin:
- Ni Sales Commission For WooCommerce
- Plugin Slug:
- ni-woo-sales-commission
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13424
NOTICE BOARD BY TOWKIR
- Plugin:
- NOTICE BOARD BY TOWKIR
- Plugin Slug:
- notice-board-by-towkir
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12816
WordPress SEO Friendly Accordion FAQ
- Plugin:
- WordPress SEO Friendly Accordion FAQ
- Plugin Slug:
- notice-faq
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13458
OneStore Sites
- Plugin:
- OneStore Sites
- Plugin Slug:
- onestore-sites
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-25107
On Page SEO + Whatsapp Chat Button
- Plugin:
- On Page SEO + Whatsapp Chat Button
- Plugin Slug:
- ops-robots-txt
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25138
Optimate Ads
- Plugin:
- Optimate Ads
- Plugin Slug:
- optimate-ads
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25136
Link Fixer
- Plugin:
- Link Fixer
- Plugin Slug:
- permalink-finder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-0809
Policy Genius
- Plugin:
- Policy Genius
- Plugin Slug:
- policy-genius
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13219
Pop Up
- Plugin:
- Pop Up
- Plugin Slug:
- popup-seo-optimized
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25105
Post Carousel Slider
- Plugin:
- Post Carousel Slider
- Plugin Slug:
- post-carousel-slider
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23977
Power Ups for Elementor
- Plugin:
- Power Ups for Elementor
- Plugin Slug:
- power-ups-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13548
Quote Comments
- Plugin:
- Quote Comments
- Plugin Slug:
- quote-comments
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25156
Read More Copy Link
- Plugin:
- Read More Copy Link
- Plugin Slug:
- read-more-copy-link
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25148
Responsive iframe
- Plugin:
- Responsive iframe
- Plugin Slug:
- responsive-iframe
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12768
ReverbNation Widgets
- Plugin:
- ReverbNation Widgets
- Plugin Slug:
- reverbnation-widgets
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25095
Royal Core
- Plugin:
- Royal Core
- Plugin Slug:
- royal-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12129
RSS in Page
- Plugin:
- RSS in Page
- Plugin Slug:
- rss-in-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25096
Safe Ai Malware Protection for WP
- Plugin:
- Safe Ai Malware Protection for WP
- Plugin Slug:
- safe-ai-malware-protection-for-wp
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12269
Social Share Buttons for WordPress
- Plugin:
- Social Share Buttons for WordPress
- Plugin Slug:
- share-buttons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12807
Social Share Buttons for WordPress
- Plugin:
- Social Share Buttons for WordPress
- Plugin Slug:
- share-buttons
- Vulnerability:
- Path Traversal
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13117
Show notice or message on admin area
- Plugin:
- Show notice or message on admin area
- Plugin Slug:
- show-notice-or-message-on-admin-area
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25075
Simple Auto Tag
- Plugin:
- Simple Auto Tag
- Plugin Slug:
- simple-auto-tag
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25153
Simple Select All Text Box
- Plugin:
- Simple Select All Text Box
- Plugin Slug:
- simple-select-all-text-box
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25079
Simple User Profile
- Plugin:
- Simple User Profile
- Plugin Slug:
- simple-user-profile
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25140
Single-user-chat
- Plugin:
- Single-user-chat
- Plugin Slug:
- single-user-chat
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13646
Slide Banners
- Plugin:
- Slide Banners
- Plugin Slug:
- slide-banners
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25120
SlideDeck 1 Lite Content Slider
- Plugin:
- SlideDeck 1 Lite Content Slider
- Plugin Slug:
- slidedeck-lite-for-wordpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13224
Smart Countdown FX
- Plugin:
- Smart Countdown FX
- Plugin Slug:
- smart-countdown-fx
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25117
Smart DoFollow
- Plugin:
- Smart DoFollow
- Plugin Slug:
- smart-dofollow
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25152
Social Links
- Plugin:
- Social Links
- Plugin Slug:
- social-links
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25128
Social Links
- Plugin:
- Social Links
- Plugin Slug:
- social-links
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25098
Songkick Concerts and Festivals
- Plugin:
- Songkick Concerts and Festivals
- Plugin Slug:
- songkick-concerts-and-festivals
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25146
Sports Rankings and Lists
- Plugin:
- Sports Rankings and Lists
- Plugin Slug:
- sports-rankings-lists
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25148
StageShow
- Plugin:
- StageShow
- Plugin Slug:
- stageshow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13705
Starter Templates by FancyWP
- Plugin:
- Starter Templates by FancyWP
- Plugin Slug:
- starter-templates
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-25106
Starter Templates by FancyWP
- Plugin:
- Starter Templates by FancyWP
- Plugin Slug:
- starter-templates
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
Stockdio Historical Chart
- Plugin:
- Stockdio Historical Chart
- Plugin Slug:
- stockdio-historical-chart
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13349
Style Tweaker
- Plugin:
- Style Tweaker
- Plugin Slug:
- style-tweaker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25160
System Dashboard
- Plugin:
- System Dashboard
- Plugin Slug:
- system-dashboard
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12299
Tabulate
- Plugin:
- Tabulate
- Plugin Slug:
- tabulate
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13223
Theasys
- Plugin:
- Theasys
- Plugin Slug:
- theasys
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25144
Theme Options Z
- Plugin:
- Theme Options Z
- Plugin Slug:
- theme-options-z
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25111
Traveler Code
- Plugin:
- Traveler Code
- Plugin Slug:
- traveler-code
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22700
Traveler Code
- Plugin:
- Traveler Code
- Plugin Slug:
- traveler-code
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-22699
Traveler Layout Essential For Elementor
- Plugin:
- Traveler Layout Essential For Elementor
- Plugin Slug:
- traveler-layout-essential-for-elementor
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22701
Typer Core
- Plugin:
- Typer Core
- Plugin Slug:
- typer-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12102
uListing
- Plugin:
- uListing
- Plugin Slug:
- ulisting
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-25146
uListing
- Plugin:
- uListing
- Plugin Slug:
- ulisting
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25151
User Messages
- Plugin:
- User Messages
- Plugin Slug:
- user-messages
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13222
User Role
- Plugin:
- User Role
- Plugin Slug:
- user-roles
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25073
Media Manager for UserPro
- Plugin:
- Media Manager for UserPro
- Plugin Slug:
- userpro-mediamanager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12821
Media Manager for UserPro
- Plugin:
- Media Manager for UserPro
- Plugin Slug:
- userpro-mediamanager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-12822
Vignette Ads
- Plugin:
- Vignette Ads
- Plugin Slug:
- vignete-ads
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25071
VR-Frases
- Plugin:
- VR-Frases
- Plugin Slug:
- vr-frases
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22636
VR-Frases
- Plugin:
- VR-Frases
- Plugin Slug:
- vr-frases
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-0860
VR-Frases
- Plugin:
- VR-Frases
- Plugin Slug:
- vr-frases
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-0861
WE – Testimonial Slider
- Plugin:
- WE – Testimonial Slider
- Plugin Slug:
- we-testimonial-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13460
WizShop
- Plugin:
- WizShop
- Plugin Slug:
- wizshop
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25111
Wonder FontAwesome
- Plugin:
- Wonder FontAwesome
- Plugin Slug:
- wonder-fontawesome
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13512
Woocommerce osCommerce Sync
- Plugin:
- Woocommerce osCommerce Sync
- Plugin Slug:
- woo-oscommerce-sync
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25073
WordPress Signature
- Plugin:
- WordPress Signature
- Plugin Slug:
- wordpress-signature
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22704
WP Admin Custom Page
- Plugin:
- WP Admin Custom Page
- Plugin Slug:
- wp-admin-custom-page
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25072
WP Contact Form7 Email Spam Blocker
- Plugin:
- WP Contact Form7 Email Spam Blocker
- Plugin Slug:
- wp-contact-form7-email-spam-blocker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13467
WP Custom Post RSS Feed
- Plugin:
- WP Custom Post RSS Feed
- Plugin Slug:
- wp-custom-post-rss-feed
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25139
WP Dispensary
- Plugin:
- WP Dispensary
- Plugin Slug:
- wp-dispensary
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12444
WP Email Newsletter
- Plugin:
- WP Email Newsletter
- Plugin Slug:
- wp-email-newsletter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13098
WP Finance
- Plugin:
- WP Finance
- Plugin Slug:
- wp-finance
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13097
WP Finance
- Plugin:
- WP Finance
- Plugin Slug:
- wp-finance
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13096
WP Find Your Nearest
- Plugin:
- WP Find Your Nearest
- Plugin Slug:
- wp-find-your-nearest
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25143
WP Frontend Submit
- Plugin:
- WP Frontend Submit
- Plugin Slug:
- wp-frontend-submit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25103
WP Image Uploader
- Plugin:
- WP Image Uploader
- Plugin Slug:
- wp-image-uploader
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13706
WP Image Uploader
- Plugin:
- WP Image Uploader
- Plugin Slug:
- wp-image-uploader
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13720
WP Image Uploader
- Plugin:
- WP Image Uploader
- Plugin Slug:
- wp-image-uploader
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13707
WP Keyword Monitor
- Plugin:
- WP Keyword Monitor
- Plugin Slug:
- wp-keyword-monitor
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25088
WP MediaTagger
- Plugin:
- WP MediaTagger
- Plugin Slug:
- wp-mediatagger
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13112
WP MediaTagger
- Plugin:
- WP MediaTagger
- Plugin Slug:
- wp-mediatagger
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13101
WP SimpleWeather
- Plugin:
- WP SimpleWeather
- Plugin Slug:
- wp-simpleweather
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25085
WP Social Stream
- Plugin:
- WP Social Stream
- Plugin Slug:
- wp-social-stream
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25074
WP Spell Check
- Plugin:
- WP Spell Check
- Plugin Slug:
- wp-spell-check
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-25111
WordPress Survey & Poll
- Plugin:
- WordPress Survey & Poll
- Plugin Slug:
- wp-survey-and-poll
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13596
WP Triggers Lite
- Plugin:
- WP Triggers Lite
- Plugin Slug:
- wp-triggers-lite
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13095
WP Triggers Lite
- Plugin:
- WP Triggers Lite
- Plugin Slug:
- wp-triggers-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13094
WP doodlez
- Plugin:
- WP doodlez
- Plugin Slug:
- wpdoodlez
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25159
Top Bar – PopUps – by WPOptin
- Plugin:
- Top Bar – PopUps – by WPOptin
- Plugin Slug:
- wpoptin
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25073
WPRadio
- Plugin:
- WPRadio
- Plugin Slug:
- wpradio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13397
Zalomení
- Plugin:
- Zalomení
- Plugin Slug:
- zalomeni
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12872
ZMSEO
- Plugin:
- ZMSEO
- Plugin Slug:
- zmseo
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25126
zStore Manager Basic
- Plugin:
- zStore Manager Basic
- Plugin Slug:
- zstore-manager-basic
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13715
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
- Plugin Slug:
- wpforms-lite
- Installations
- 6,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.3.2
- Severity Score:
- Medium
- CVE:
- 2024-13403
Ninja Forms – The Contact Form Builder That Grows With You
- Plugin Slug:
- ninja-forms
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.25
- Severity Score:
- Medium
- CVE:
- 2024-13470
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.38.3
- Severity Score:
- High
- CVE:
- 2025-0470
Orbit Fox by ThemeIsle
- Plugin:
- Orbit Fox by ThemeIsle
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.45
- Severity Score:
- Medium
- CVE:
- 2025-22659
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.2.0
- Severity Score:
- Medium
- CVE:
- 2024-11829
Tracking Code Manager
- Plugin:
- Tracking Code Manager
- Plugin Slug:
- tracking-code-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.0
- Severity Score:
- Medium
- CVE:
- 2024-10309
Import any XML, CSV or Excel File to WordPress
- Plugin Slug:
- wp-all-import
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.0
- Severity Score:
- Medium
- CVE:
- 2024-9661
Import any XML, CSV or Excel File to WordPress
- Plugin Slug:
- wp-all-import
- Installations
- 100,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.8.0
- Severity Score:
- High
- CVE:
- 2024-9664
Event Tickets and Registration
- Plugin:
- Event Tickets and Registration
- Plugin Slug:
- event-tickets
- Installations
- 90,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.18.1.1
- Severity Score:
- Medium
- CVE:
- 2024-13457
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.7
- Severity Score:
- Medium
- CVE:
- 2024-12597
Jupiter X Core
- Plugin:
- Jupiter X Core
- Plugin Slug:
- jupiterx-core
- Installations
- 90,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.8.8
- Severity Score:
- High
- CVE:
- 2025-0366
Jupiter X Core
- Plugin:
- Jupiter X Core
- Plugin Slug:
- jupiterx-core
- Installations
- 90,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 4.8.8
- Severity Score:
- Medium
- CVE:
- 2025-0365
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.7.5.1
- Severity Score:
- Medium
- CVE:
- 2024-13599
Import and export users and customers
- Plugin Slug:
- import-users-from-csv-with-meta
- Installations
- 80,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.27.13
- Severity Score:
- Medium
- CVE:
- 2025-24689
Ninja Tables – Easy Data Table Builder
- Plugin Slug:
- ninja-tables
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.17
- Severity Score:
- Medium
- CVE:
- 2024-12772
Drag and Drop Multiple File Upload for Contact Form 7
- Plugin Slug:
- drag-and-drop-multiple-file-upload-contact-form-7
- Installations
- 60,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.3.8.6
- Severity Score:
- Medium
- CVE:
- 2024-12267
Divi Torque Lite
- Plugin:
- Divi Torque Lite
- Plugin Slug:
- addons-for-divi
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.1
- Severity Score:
- Medium
- CVE:
- 2025-0353
Better Find and Replace
- Plugin:
- Better Find and Replace
- Plugin Slug:
- real-time-auto-find-and-replace
- Installations
- 50,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.6.8
- Severity Score:
- High
- CVE:
- 2025-24734
CF7 Google Sheets Connector
- Plugin:
- CF7 Google Sheets Connector
- Plugin Slug:
- cf7-google-sheets-connector
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.18
- Severity Score:
- Medium
- CVE:
- 2025-22686
NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar
- Plugin Slug:
- notificationx
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.0
- Severity Score:
- Medium
- CVE:
- 2025-22683
Contact Form & SMTP Plugin for WordPress by PirateForms
- Plugin Slug:
- pirate-forms
- Installations
- 40,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 2.6.1
- Severity Score:
- High
- CVE:
- 2024-13453
Gwolle Guestbook
- Plugin:
- Gwolle Guestbook
- Plugin Slug:
- gwolle-gb
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.2
- Severity Score:
- High
- CVE:
- 2025-24710
Stratum – Elementor Widgets
- Plugin:
- Stratum – Elementor Widgets
- Plugin Slug:
- stratum
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.0
- Severity Score:
- Medium
- CVE:
- 2024-13642
Divi Carousel Maker
- Plugin:
- Divi Carousel Maker
- Plugin Slug:
- wow-carousel-for-divi-lite
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2025-0350
DSGVO All in one for WP
- Plugin:
- DSGVO All in one for WP
- Plugin Slug:
- dsgvo-all-in-one-for-wp
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.7
- Severity Score:
- Medium
- CVE:
- 2024-13356
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
- Plugin Slug:
- gt3-photo-video-gallery
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.7.25
- Severity Score:
- High
- CVE:
- 2025-24707
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
- Plugin Slug:
- mp3-music-player-by-sonaar
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.4
- Severity Score:
- Medium
- CVE:
- 2024-13157
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
- Plugin Slug:
- bp-better-messages
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.0
- Severity Score:
- Medium
- CVE:
- 2024-13612
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.0.3.4
- Severity Score:
- High
- CVE:
- 2025-24686
WP Customer Area
- Plugin:
- WP Customer Area
- Plugin Slug:
- customer-area
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.2.5
- Severity Score:
- Medium
- CVE:
- 2024-12280
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
- Plugin Slug:
- directorist
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 8.1
- Severity Score:
- Medium
- CVE:
- 2024-12041
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory
- Plugin Slug:
- ean-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.4.0
- Severity Score:
- Medium
- CVE:
- 2025-22673
Membership Plugin – Restrict Content
- Plugin Slug:
- restrict-content
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.14
- Severity Score:
- Medium
- CVE:
- 2024-11090
WooCommerce Product Table Lite
- Plugin:
- WooCommerce Product Table Lite
- Plugin Slug:
- wc-product-table-lite
- Installations
- 10,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 3.9.5
- Severity Score:
- High
- CVE:
- 2024-13472
WS Form LITE – Drag & Drop Contact Form Builder for WordPress
- Plugin Slug:
- ws-form
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.10.14
- Severity Score:
- High
- CVE:
- 2024-13509
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
- Plugin Slug:
- bit-form
- Installations
- 8,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.17.5
- Severity Score:
- Low
- CVE:
- 2024-13450
MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics
- Plugin:
- MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics
- Plugin Slug:
- makewebbetter-hubspot-for-woocommerce
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.0
- Severity Score:
- High
- CVE:
- 2024-10591
VikBooking Hotel Booking Engine & PMS
- Plugin Slug:
- vikbooking
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.3
- Severity Score:
- Medium
- CVE:
- 2025-22670
VikBooking Hotel Booking Engine & PMS
- Plugin Slug:
- vikbooking
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.3
- Severity Score:
- High
- CVE:
- 2024-11641
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-13372
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-13425
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-13371
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-13428
JS Help Desk – The Ultimate Help Desk & Support Plugin
- Plugin Slug:
- js-support-ticket
- Installations
- 6,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.8.9
- Severity Score:
- Medium
- CVE:
- 2024-13607
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
- Plugin:
- WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
- Plugin Slug:
- smart-wishlist-for-more-convert
- Installations
- 6,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.8.8
- Severity Score:
- Medium
- CVE:
- 2024-13694
Survey Maker
- Plugin:
- Survey Maker
- Plugin Slug:
- survey-maker
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.3.6
- Severity Score:
- Medium
- CVE:
- 2025-22664
Survey Maker
- Plugin:
- Survey Maker
- Plugin Slug:
- survey-maker
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.3.4
- Severity Score:
- Medium
- CVE:
- 2024-13505
B Slider- Gutenberg Slider Block for WP
- Plugin Slug:
- b-slider
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.24
- Severity Score:
- Medium
- CVE:
- 2024-13514
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution
- Plugin Slug:
- dc-woocommerce-multi-vendor
- Installations
- 5,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.2.15
- Severity Score:
- High
- CVE:
- 2025-0493
Product Blocks for WooCommerce
- Plugin:
- Product Blocks for WooCommerce
- Plugin Slug:
- product-blocks-for-woocommerce
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0
- Severity Score:
- Medium
- CVE:
- 2025-22674
Custom Product Tabs Lite for WooCommerce
- Plugin Slug:
- woocommerce-custom-product-tabs-lite
- Installations
- 5,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.9.1
- Severity Score:
- High
- CVE:
- 2024-12600
All Bootstrap Blocks
- Plugin:
- All Bootstrap Blocks
- Plugin Slug:
- all-bootstrap-blocks
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.27
- Severity Score:
- Medium
- CVE:
- 2024-13549
Custom Related Posts
- Plugin:
- Custom Related Posts
- Plugin Slug:
- custom-related-posts
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.4
- Severity Score:
- Medium
- CVE:
- 2024-12825
Import WP – Export and Import CSV and XML files to WordPress
- Plugin Slug:
- jc-importer
- Installations
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.14.6
- Severity Score:
- High
- CVE:
- 2024-13562
Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out
- Plugin Slug:
- login-page-styler
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.1.2
- Severity Score:
- Medium
- CVE:
- 2024-13530
Responsive Blocks – WordPress Gutenberg Blocks
- Plugin Slug:
- responsive-block-editor-addons
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.0
- Severity Score:
- Medium
- CVE:
- 2025-22697
Responsive Blocks – WordPress Gutenberg Blocks
- Plugin Slug:
- responsive-block-editor-addons
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.0
- Severity Score:
- Medium
- CVE:
- 2024-13732
aThemes Addons for Elementor
- Plugin:
- aThemes Addons for Elementor
- Plugin Slug:
- athemes-addons-for-elementor-lite
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.9
- Severity Score:
- Medium
- CVE:
- 2025-22646
aThemes Addons for Elementor
- Plugin:
- aThemes Addons for Elementor
- Plugin Slug:
- athemes-addons-for-elementor-lite
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.13
- Severity Score:
- Medium
- CVE:
- 2024-13547
Automatically Hierarchic Categories in Menu
- Plugin Slug:
- automatically-hierarchic-categories-in-menu
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.8
- Severity Score:
- Medium
- CVE:
- 2024-13466
Multiple Page Generator Plugin – MPG
- Plugin Slug:
- multiple-pages-generator-by-porthas
- Installations
- 3,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.0.6
- Severity Score:
- Medium
- CVE:
- 2024-10705
Shared Files – Frontend File Upload Form & Secure File Sharing
- Plugin Slug:
- shared-files
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.43
- Severity Score:
- High
- CVE:
- 2024-13504
Food Menu – Restaurant Menu & Online Ordering for WooCommerce
- Plugin Slug:
- tlp-food-menu
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.2.0
- Severity Score:
- Medium
- CVE:
- 2024-13415
Eventer
- Plugin:
- Eventer
- Plugin Slug:
- eventer
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.9.9
- Severity Score:
- Critical
- CVE:
- 2024-11135
Medical Addon for Elementor
- Plugin:
- Medical Addon for Elementor
- Plugin Slug:
- medical-addon-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.6.3
- Severity Score:
- Medium
- CVE:
- 2024-12046
Order Export for WooCommerce
- Plugin:
- Order Export for WooCommerce
- Plugin Slug:
- order-export-and-more-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.25
- Severity Score:
- Medium
- CVE:
- 2024-13623
Plethora Plugins Tabs + Accordions
- Plugin Slug:
- plethora-tabs-accordions
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2
- Severity Score:
- Medium
- CVE:
- 2024-13721
SendPulse Email Marketing Newsletter
- Plugin Slug:
- sendpulse-email-marketing-newsletter
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.6
- Severity Score:
- Medium
- CVE:
- 2025-22662
Ai Image Alt Text Generator for WP
- Plugin Slug:
- ai-image-alt-text-generator-for-wp
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.7
- Severity Score:
- High
- CVE:
- 2024-12177
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
- Plugin Slug:
- buddyforms
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.14
- Severity Score:
- Medium
- CVE:
- 2024-12037
WordPress Contact Forms by Cimatti
- Plugin Slug:
- contact-forms
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.5
- Severity Score:
- Medium
- CVE:
- 2024-12184
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons
- Plugin Slug:
- contest-gallery
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 25.1.2
- Severity Score:
- High
- CVE:
- 2025-22693
CP Contact Form with PayPal
- Plugin:
- CP Contact Form with PayPal
- Plugin Slug:
- cp-contact-form-with-paypal
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.53
- Severity Score:
- Medium
- CVE:
- 2024-13758
Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later
- Plugin Slug:
- flexible-wishlist
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.26
- Severity Score:
- High
- CVE:
- 2024-13696
Flexmls® IDX Plugin
- Plugin:
- Flexmls® IDX Plugin
- Plugin Slug:
- flexmls-idx
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.14.27
- Severity Score:
- Medium
- CVE:
- 2024-10552
GoHero Store Customizer for WooCommerce
- Plugin Slug:
- personalize-woocommerce-cart-page
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0
- Severity Score:
- Medium
- CVE:
- 2024-12826
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget
- Plugin Slug:
- post-grid-carousel-ultimate
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.7
- Severity Score:
- Medium
- CVE:
- 2025-24782
RapidLoad – Optimize Web Vitals Automatically
- Plugin Slug:
- unusedcss
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.5
- Severity Score:
- Medium
- CVE:
- 2025-22665
W2S – Migrate WooCommerce to Shopify
- Plugin Slug:
- w2s-migrate-woo-to-shopify
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-12861
iControlWP
- Plugin:
- iControlWP
- Plugin Slug:
- worpit-admin-dashboard-plugin
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.5.0
- Severity Score:
- Critical
- CVE:
- 2024-13742
AI Infographic Maker
- Plugin:
- AI Infographic Maker
- Plugin Slug:
- infographic-and-list-builder-ilist
- Installations
- 900+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 5.0.0
- Severity Score:
- Medium
- CVE:
- 2024-12415
Include Mastodon Feed
- Plugin:
- Include Mastodon Feed
- Plugin Slug:
- include-mastodon-feed
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.10
- Severity Score:
- Medium
- CVE:
- 2025-22660
WP Sessions Time Monitoring Full Automatic
- Plugin Slug:
- activitytime
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.2
- Severity Score:
- High
- CVE:
- 2025-24718
Product Table For WooCommerce
- Plugin:
- Product Table For WooCommerce
- Plugin Slug:
- product-table-for-woocommerce
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.4
- Severity Score:
- Medium
- CVE:
- 2025-22638
ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
- Plugin:
- ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
- Plugin Slug:
- clickwhale
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2025-0804
Simple:Press Forum
- Plugin:
- Simple:Press Forum
- Plugin Slug:
- simplepress
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.10.12
- Severity Score:
- High
- CVE:
- 2024-12409
WP DataTable
- Plugin:
- WP DataTable
- Plugin Slug:
- wp-datatable
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.2.7
- Severity Score:
- Medium
- CVE:
- 2024-13566
Alert Box Block – Display notice/alerts in the front end.
- Plugin Slug:
- alert-box-block
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2025-22675
ELEX WordPress HelpDesk & Customer Ticketing System
- Plugin Slug:
- elex-helpdesk-customer-support-ticket-system
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.7
- Severity Score:
- High
- CVE:
- 2024-12171
Hesabfa Accounting
- Plugin:
- Hesabfa Accounting
- Plugin Slug:
- hesabfa-accounting
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.3
- Severity Score:
- High
- CVE:
- 2025-22682
SeatReg
- Plugin:
- SeatReg
- Plugin Slug:
- seatreg
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.56.1
- Severity Score:
- Medium
- CVE:
- 2024-13463
Site Search 360
- Plugin:
- Site Search 360
- Plugin Slug:
- site-search-360
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
- 2024-11780
Uix Shortcodes
- Plugin:
- Uix Shortcodes
- Plugin Slug:
- uix-shortcodes
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.4
- Severity Score:
- Medium
- CVE:
- 2025-22677
WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
- Plugin Slug:
- cf7-dynamics-crm
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.7
- Severity Score:
- High
- CVE:
- 2025-24708
Disable Elementor Editor Translation
- Plugin Slug:
- disable-elementor-editor-translation
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.3
- Severity Score:
- Medium
- CVE:
- 2025-22671
OPSI Israel Domestic Shipments
- Plugin:
- OPSI Israel Domestic Shipments
- Plugin Slug:
- woo-ups-pickup
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.6
- Severity Score:
- High
- CVE:
- 2024-13100
Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets
- Plugin Slug:
- wpsyncsheets-woocommerce
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9
- Severity Score:
- Medium
- CVE:
- 2025-22667
Alex Reservations: Smart Restaurant Booking
- Plugin Slug:
- alex-reservations
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6
- Severity Score:
- Medium
- CVE:
- 2024-13380
Listings for Appfolio
- Plugin:
- Listings for Appfolio
- Plugin Slug:
- listings-for-appfolio
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.1
- Severity Score:
- High
- CVE:
- 2025-22658
Tags to Keywords
- Plugin:
- Tags to Keywords
- Plugin Slug:
- tags-to-meta-keywords
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.2
- Severity Score:
- High
- CVE:
- 2025-22685
WP BASE Booking of Appointments, Services and Events
- Plugin Slug:
- wp-base-booking-of-appointments-services-and-events
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.0
- Severity Score:
- High
- CVE:
- 2025-22684
Awesome Responsive Photo Gallery – Image & Video Lightbox Gallery
- Plugin Slug:
- awesome-responsive-photo-gallery
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2
- Severity Score:
- Medium
- CVE:
- 2025-24697
Target Video Easy Publish
- Plugin:
- Target Video Easy Publish
- Plugin Slug:
- brid-video-easy-publish
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.4
- Severity Score:
- Medium
- CVE:
- 2024-13561
Target Video Easy Publish
- Plugin:
- Target Video Easy Publish
- Plugin Slug:
- brid-video-easy-publish
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.4
- Severity Score:
- High
- CVE:
- 2024-12076
Clinked Client Portal
- Plugin:
- Clinked Client Portal
- Plugin Slug:
- clinked-client-portal
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.10
- Severity Score:
- Medium
- CVE:
- 2024-12524
DigiTimber cPanel Integration
- Plugin:
- DigiTimber cPanel Integration
- Plugin Slug:
- digitimber-cpanel-integration
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.8
- Severity Score:
- High
- CVE:
- 2025-22690
Video & Photo Gallery for Ultimate Member
- Plugin Slug:
- gallery-for-ultimate-member
- Installations
- 100+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2025-22672
Media Downloader
- Plugin:
- Media Downloader
- Plugin Slug:
- media-downloader
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.4.7.6
- Severity Score:
- High
- CVE:
- 2025-24684
Morkva UA Shipping
- Plugin:
- Morkva UA Shipping
- Plugin Slug:
- morkva-ua-shipping
- Installations
- 100+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.0.20
- Severity Score:
- High
- CVE:
- 2025-24685
Content Cloner
- Plugin:
- Content Cloner
- Plugin Slug:
- super-seo-content-cloner
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2025-22681
Unlimited Page Sidebars
- Plugin:
- Unlimited Page Sidebars
- Plugin Slug:
- unlimited-page-sidebars
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 0.2.7
- Severity Score:
- High
- CVE:
- 2025-22688
WC Affiliate – A Complete WooCommerce Affiliate Plugin
- Plugin Slug:
- wc-affiliate
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4
- Severity Score:
- High
- CVE:
- 2024-12321
WC Affiliate – A Complete WooCommerce Affiliate Plugin
- Plugin Slug:
- wc-affiliate
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5
- Severity Score:
- High
- CVE:
- 2024-12334
WP Post List Table
- Plugin:
- WP Post List Table
- Plugin Slug:
- wp-post-list-table
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.4
- Severity Score:
- Medium
- CVE:
- 2024-13664
Table Editor
- Plugin:
- Table Editor
- Plugin Slug:
- wp-table-editor
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.0
- Severity Score:
- Medium
- CVE:
- 2024-13661
Dynamic URL SEO
- Plugin:
- Dynamic URL SEO
- Plugin Slug:
- dynamic-url-seo
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2
- Severity Score:
- High
- CVE:
- 2025-23984
Dynamic URL SEO
- Plugin:
- Dynamic URL SEO
- Plugin Slug:
- dynamic-url-seo
- Installations
- 80+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2
- Severity Score:
- Medium
- CVE:
- 2025-23985
EthereumICO
- Plugin:
- EthereumICO
- Plugin Slug:
- ethereumico
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2024-12921
MailUp Auto Subscription
- Plugin:
- MailUp Auto Subscription
- Plugin Slug:
- mailup-auto-subscribtion
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.0
- Severity Score:
- High
- CVE:
- 2024-13521
WPBookit
Infility Global
- Plugin:
- Infility Global
- Plugin Slug:
- infility-global
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.9
- Severity Score:
- High
- CVE:
- 2024-12723
Philantro – Donations and Donor Management
- Plugin Slug:
- philantro
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4
- Severity Score:
- Medium
- CVE:
- 2024-13527
Bilingual Linker
- Plugin:
- Bilingual Linker
- Plugin Slug:
- bilingual-linker
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.1
- Severity Score:
- Medium
- CVE:
- 2024-13441
Ticketmeo – Sell Tickets – Event Ticketing
- Plugin Slug:
- ploxel
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.0
- Severity Score:
- Medium
- CVE:
- 2025-0507
ShopSite
- Plugin:
- ShopSite
- Plugin Slug:
- shopsite-plugin
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.11
- Severity Score:
- High
- CVE:
- 2024-13510
eHive Objects Image Grid
- Plugin:
- eHive Objects Image Grid
- Plugin Slug:
- ehive-objects-image-grid
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2024-13662
Awesome Event Booking
- Plugin:
- Awesome Event Booking
- Plugin Slug:
- awesome-event-booking
- Installations
- 40+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.5
- Severity Score:
- Medium
- CVE:
- 2025-22668
Awesome Event Booking
- Plugin:
- Awesome Event Booking
- Plugin Slug:
- awesome-event-booking
- Installations
- 40+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.8.0
- Severity Score:
- Medium
- CVE:
- 2025-22669
Boom Fest
- Plugin:
- Boom Fest
- Plugin Slug:
- boom-fest
- Installations
- 40+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2024-13449
Admin and Site Enhancements (ASE) Pro
- Plugin:
- Admin and Site Enhancements (ASE) Pro
- Plugin Slug:
- admin-site-enhancements-pro
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 7.6.3
- Severity Score:
- High
- CVE:
- 2024-43333
BoomBox Theme Extensions
- Plugin:
- BoomBox Theme Extensions
- Plugin Slug:
- boombox-theme-extensions
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.8.1
- Severity Score:
- High
- CVE:
- 2024-12859
Elementor Pro
- Plugin:
- Elementor Pro
- Plugin Slug:
- elementor-pro
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.25.11
- Severity Score:
- Medium
- CVE:
- 2024-8494
ElementsKit Pro
- Plugin:
- ElementsKit Pro
- Plugin Slug:
- elementskit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.9
- Severity Score:
- Medium
- CVE:
- 2025-0321
Goodlayers Core
- Plugin:
- Goodlayers Core
- Plugin Slug:
- goodlayers-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
- 2024-12163
Oshine Modules
- Plugin:
- Oshine Modules
- Plugin Slug:
- oshine-modules
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.3.8
- Severity Score:
- Medium
- CVE:
- 2024-44055
Tourmaster
- Plugin:
- Tourmaster
- Plugin Slug:
- tourmaster
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.5
- Severity Score:
- High
- CVE:
- 2024-12400
ThemeREX Addons
- Plugin:
- ThemeREX Addons
- Plugin Slug:
- trx_addons
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.34.0
- Severity Score:
- Critical
- CVE:
- 2024-13448
ThemeREX Addons
- Plugin:
- ThemeREX Addons
- Plugin Slug:
- trx_addons
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.34.0
- Severity Score:
- High
- CVE:
- 2025-0682
WooCommerce Customers Manager
- Plugin:
- WooCommerce Customers Manager
- Plugin Slug:
- woocommerce-customers-manager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 31.4
- Severity Score:
- High
- CVE:
- 2024-13343
MultiLoca – WooCommerce Multi Locations Inventory Management
- Plugin:
- MultiLoca – WooCommerce Multi Locations Inventory Management
- Plugin Slug:
- woocommerce-multi-locations-inventory-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.1.12
- Severity Score:
- High
- CVE:
- 2024-13341
WooCommerce Support Ticket System
- Plugin:
- WooCommerce Support Ticket System
- Plugin Slug:
- woocommerce-support-ticket-system
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 17.9
- Severity Score:
- Medium
- CVE:
- 2024-13775
WP ALL Export Pro
- Plugin:
- WP ALL Export Pro
- Plugin Slug:
- wp-all-export-pro
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.9.2
- Severity Score:
- Critical
- CVE:
- 2024-7419
WP ALL Export Pro
- Plugin:
- WP ALL Export Pro
- Plugin Slug:
- wp-all-export-pro
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.9.2
- Severity Score:
- Critical
- CVE:
- 2024-7425
WP All Import Pro
- Plugin:
- WP All Import Pro
- Plugin Slug:
- wp-all-import-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.9.8
- Severity Score:
- Medium
- CVE:
- 2024-9661
WP All Import Pro
- Plugin:
- WP All Import Pro
- Plugin Slug:
- wp-all-import-pro
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.9.8
- Severity Score:
- High
- CVE:
- 2024-9664
WPJobBoard
- Plugin:
- WPJobBoard
- Plugin Slug:
- wpjobboard
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.11.1
- Severity Score:
- High
- CVE:
- 2025-24781
WordPress Themes — 2 Patched / 2 Unpatched
OnePress
- Theme:
- OnePress
- Theme Slug:
- onepress
- Downloads
- 2,352,920
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22643
Storely
- Theme:
- Storely
- Theme Slug:
- storely
- Downloads
- 470,680
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10847
SocialV
- Theme:
- SocialV
- Theme Slug:
- socialv
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.16
- Severity Score:
- Medium
- CVE:
- 2024-13529
Zox News
- Theme:
- Zox News
- Theme Slug:
- zox-news
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.17.0
- Severity Score:
- High
- CVE:
- 2024-11936
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
