In this report, 282 vulnerabilities have been publicly disclosed. Security patches for 120 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 162 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.9 “Gene” was released on December 2, 2025, adding Notes for block-level comments, an expanded Command Palette, and the new Abilities API to standardize permissions for future automation. It also includes performance improvements and new blocks and design tools to support faster, more flexible site building.
After any major release, don’t update live sites until you’ve taken backups and tested in a non-production environment.
WordPress Plugins — 106 Patched / 127 Unpatched
Cookies and Content Security Policy
- Plugin Slug:
- cookies-and-content-security-policy
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-63019
Responsive Pricing Table
- Plugin:
- Responsive Pricing Table
- Plugin Slug:
- dk-pricr-responsive-pricing-table
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15058
Responsive Pricing Table
- Plugin:
- Responsive Pricing Table
- Plugin Slug:
- dk-pricr-responsive-pricing-table
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13418
Yoco Payments
- Plugin:
- Yoco Payments
- Plugin Slug:
- yoco-payment-gateway
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13801
Block Slider – Responsive Image Slider, Video Slider & Post Slider
- Plugin Slug:
- block-slider
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22522
Campaign Monitor for WordPress
- Plugin:
- Campaign Monitor for WordPress
- Plugin Slug:
- forms-for-campaign-monitor
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0674
Image Slider Slideshow
- Plugin:
- Image Slider Slideshow
- Plugin Slug:
- image-slider-slideshow
- Installations
- 3,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22489
NextGEN Download Gallery
- Plugin:
- NextGEN Download Gallery
- Plugin Slug:
- nextgen-download-gallery
- Installations
- 3,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0675
aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder
- Plugin:
- aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder
- Plugin Slug:
- ablocks
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12449
Speed Kit
- Plugin:
- Speed Kit
- Plugin Slug:
- baqend
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22487
BD Courier Order Ratio Checker
- Plugin:
- BD Courier Order Ratio Checker
- Plugin Slug:
- bd-courier-order-ratio-checker
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22481
Dashboard Welcome for Beaver Builder
- Plugin Slug:
- dashboard-welcome-for-beaver-builder
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22488
Easy Form Builder by WhiteStudio — Drag & Drop Form Builder
- Plugin Slug:
- easy-form-builder
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22472
GA4WP – Analytics Dashboard for the Website
- Plugin Slug:
- ga-for-wp
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22517
IMGspider – ????????
- Plugin:
- IMGspider – ????????
- Plugin Slug:
- imgspider
- Installations
- 2,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22482
teachPress
- Plugin:
- teachPress
- Plugin Slug:
- teachpress
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22483
Blockons – Gutenberg blocks for WordPress and WooCommerce websites
- Plugin Slug:
- blockons
- Installations
- 800+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14360
X Addons for Elementor
- Plugin:
- X Addons for Elementor
- Plugin Slug:
- x-addons-elementor
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22518
Re Gallery – Responsive Image & Photo Gallery
- Plugin Slug:
- regallery
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22486
HBLPAY Payment Gateway for WooCommerce
- Plugin Slug:
- hblpay-payment-gateway-for-woocommerce
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14875
Page Keys
- Plugin:
- Page Keys
- Plugin Slug:
- page-keys
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-15000
Money Space
- Plugin:
- Money Space
- Plugin Slug:
- money-space
- Installations
- 70+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13371
AI BotKit – AI Chatbot & Live Chat for WordPress (No-Code)
- Plugin Slug:
- ai-botkit-for-lead-generation
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13887
Reviewify — Review Discounts & Photo/Video Reviews for WooCommerce
- Plugin Slug:
- review-for-discount
- Installations
- 40+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14070
FireStorm Professional Real Estate Plugin
- Plugin Slug:
- fs-real-estate-plugin
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22470
1180px Shortcodes
- Plugin:
- 1180px Shortcodes
- Plugin Slug:
- 1180px-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14114
WP Virtual Assistant
- Plugin:
- WP Virtual Assistant
- Plugin Slug:
- VirtualAssistant
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22725
WP Attractive Donations System – Easy Stripe & Paypal donations
- Plugin:
- WP Attractive Donations System – Easy Stripe & Paypal donations
- Plugin Slug:
- WP_AttractiveDonationsSystem
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22715
AA Block country
- Plugin:
- AA Block country
- Plugin Slug:
- aa-block-country
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13694
Accordion Slider PRO
- Plugin:
- Accordion Slider PRO
- Plugin Slug:
- accordion_slider_pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49066
ACF to REST API
- Plugin:
- ACF to REST API
- Plugin Slug:
- acf-to-rest-api
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12030
AD Sliding FAQ
- Plugin:
- AD Sliding FAQ
- Plugin Slug:
- ad-sliding-faq
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14122
AH Shortcodes
- Plugin:
- AH Shortcodes
- Plugin Slug:
- ah-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14109
AS Password Field In Default Registration Form
- Plugin:
- AS Password Field In Default Registration Form
- Plugin Slug:
- as-password-field-in-default-registration-form
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-14996
Autogen Headers Menu
- Plugin:
- Autogen Headers Menu
- Plugin Slug:
- autogen-headers-menu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13704
Awesome Hotel Booking
- Plugin:
- Awesome Hotel Booking
- Plugin Slug:
- awesome-hotel-booking
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14352
WP Page Permalink Extension
- Plugin:
- WP Page Permalink Extension
- Plugin Slug:
- change-wp-page-permalinks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14172
Contact Form vCard Generator
- Plugin:
- Contact Form vCard Generator
- Plugin Slug:
- contact-form-vcard-generator
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13717
Contact Us Simple Form
- Plugin:
- Contact Us Simple Form
- Plugin Slug:
- contact-us-simple-form
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14028
Cool YT Player
- Plugin:
- Cool YT Player
- Plugin Slug:
- cool-yt-player
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13849
CountDown With Image or Video Background
- Plugin:
- CountDown With Image or Video Background
- Plugin Slug:
- countdown-with-background
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27002
Curved Text
- Plugin:
- Curved Text
- Plugin Slug:
- curved-text
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13854
Debt.com Business in a Box
- Plugin:
- Debt.com Business in a Box
- Plugin Slug:
- debtcom-business-in-a-box
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13852
DZS Video Gallery
- Plugin:
- DZS Video Gallery
- Plugin Slug:
- dzs-videogallery
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49049
Easy GitHub Gist Shortcodes
- Plugin:
- Easy GitHub Gist Shortcodes
- Plugin Slug:
- easy-github-gist-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14147
EDD Download Info
- Plugin:
- EDD Download Info
- Plugin Slug:
- edd-download-info
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14121
Email Customizer for WooCommerce
- Plugin:
- Email Customizer for WooCommerce
- Plugin Slug:
- email-customizer-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13974
Entry Views
- Plugin:
- Entry Views
- Plugin Slug:
- entry-views
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13729
Famous – Responsive Image And Video Grid Gallery WordPress Plugin
- Plugin:
- Famous – Responsive Image And Video Grid Gallery WordPress Plugin
- Plugin Slug:
- famous_grid_image_and_video_gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27004
Felan Framework
- Plugin:
- Felan Framework
- Plugin Slug:
- felan-framework
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-23993
Felan Framework
- Plugin:
- Felan Framework
- Plugin Slug:
- felan-framework
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-23504
Flashcard
- Plugin:
- Flashcard
- Plugin Slug:
- flashcard
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14867
ShareThis Dashboard for Google Analytics
- Plugin:
- ShareThis Dashboard for Google Analytics
- Plugin Slug:
- googleanalytics
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12540
Handmade Framework
- Plugin:
- Handmade Framework
- Plugin Slug:
- handmade-framework
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22521
Header and Footer Scripts
- Plugin:
- Header and Footer Scripts
- Plugin Slug:
- header-and-footer-scripts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11453
HelpDesk contact form
- Plugin:
- HelpDesk contact form
- Plugin Slug:
- helpdesk-contact-form
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13657
JNews – Frontend Submit
- Plugin:
- JNews – Frontend Submit
- Plugin Slug:
- jnews-frontend-submit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68904
Latest Tabs
- Plugin:
- Latest Tabs
- Plugin Slug:
- kento-latest-tabs
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14999
Key Figures
- Plugin:
- Key Figures
- Plugin Slug:
- key-figures
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14792
Latest Registered Users
- Plugin:
- Latest Registered Users
- Plugin Slug:
- latest-registered-users
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13493
HTML5 Video Player
- Plugin:
- HTML5 Video Player
- Plugin Slug:
- lbg-vp2-html5-bottom
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27005
HTML5 Video Player with Playlist & Multiple Skins
- Plugin:
- HTML5 Video Player with Playlist & Multiple Skins
- Plugin Slug:
- lbg-vp2-html5-rightside
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32123
Image&Video FullScreen Background
- Plugin:
- Image&Video FullScreen Background
- Plugin Slug:
- lbg_fullscreen_fullwidth_slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47666
Lesson Plan Book
- Plugin:
- Lesson Plan Book
- Plugin Slug:
- lesson-plan-book
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13893
ListingHub
- Plugin:
- ListingHub
- Plugin Slug:
- listinghub
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12551
Magic Responsive Slider and Carousel WordPress
- Plugin:
- Magic Responsive Slider and Carousel WordPress
- Plugin Slug:
- magic_carousel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49043
Magic Slider
- Plugin:
- Magic Slider
- Plugin Slug:
- magic_slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48094
Mamurjor Employee Info
- Plugin:
- Mamurjor Employee Info
- Plugin Slug:
- mamurjor-employee-info
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13990
Menu Card
- Plugin:
- Menu Card
- Plugin Slug:
- menu-card
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13862
MG AdvancedOptions
- Plugin:
- MG AdvancedOptions
- Plugin Slug:
- mg-advancedoptions
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13892
Moosend Landing Pages
- Plugin:
- Moosend Landing Pages
- Plugin Slug:
- moosend-landing-pages
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13496
Mstoic Shortcodes
- Plugin:
- Mstoic Shortcodes
- Plugin Slug:
- mstoic-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14144
MTCaptcha
- Plugin:
- MTCaptcha
- Plugin Slug:
- mtcaptcha
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13520
Multi-column Tag Map
- Plugin:
- Multi-column Tag Map
- Plugin Slug:
- multi-column-tag-map
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14057
My Album Gallery
- Plugin:
- My Album Gallery
- Plugin Slug:
- my-album-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14796
My Album Gallery
- Plugin:
- My Album Gallery
- Plugin Slug:
- my-album-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14453
Nearby Now Reviews
- Plugin:
- Nearby Now Reviews
- Plugin Slug:
- nearby-now-reviews
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13853
Newsletter Email Subscribe
- Plugin:
- Newsletter Email Subscribe
- Plugin Slug:
- newsletter-email-subscribe
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14904
Niche Hero
- Plugin:
- Niche Hero
- Plugin Slug:
- niche-hero
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14145
nK Themes Helper
- Plugin:
- nK Themes Helper
- Plugin Slug:
- nk-themes-helper
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22726
NS Ie Compatibility Fixer
- Plugin:
- NS Ie Compatibility Fixer
- Plugin Slug:
- ns-ie-compatibility-fixer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14845
Optional Email
- Plugin:
- Optional Email
- Plugin Slug:
- optional-email
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-15018
PhotoFade
- Plugin:
- PhotoFade
- Plugin Slug:
- photofade
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13847
Post Like Dislike
- Plugin:
- Post Like Dislike
- Plugin Slug:
- post-like-dislike
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14130
PullQuote
- Plugin:
- PullQuote
- Plugin Slug:
- pullquote
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13903
Pure WC Variation Swatches
- Plugin:
- Pure WC Variation Swatches
- Plugin Slug:
- pure-wc-variations-swatches
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12820
QR Code Tag for WC
- Plugin:
- QR Code Tag for WC
- Plugin Slug:
- qr-code-tag-for-wc-from-goaskle-com
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14626
Quote Comments
- Plugin:
- Quote Comments
- Plugin Slug:
- quote-comments
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14370
Rankology SEO and Analytics Tool
- Plugin:
- Rankology SEO and Analytics Tool
- Plugin Slug:
- rankology-seo-and-analytics-tool
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2025-12958
Real Estate Pro
- Plugin:
- Real Estate Pro
- Plugin Slug:
- real-estate-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13504
REHub Framework
- Plugin:
- REHub Framework
- Plugin Slug:
- rehub-framework
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14358
Shabat Keeper
- Plugin:
- Shabat Keeper
- Plugin Slug:
- shabat-keeper
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13701
Simcast
- Plugin:
- Simcast
- Plugin Slug:
- simcast
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14077
Simple User Meta Editor
- Plugin:
- Simple User Meta Editor
- Plugin Slug:
- simple-user-meta-editor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14888
Smart App Banners
- Plugin:
- Smart App Banners
- Plugin Slug:
- smart-app-banners
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13841
Snillrik Restaurant
- Plugin:
- Snillrik Restaurant
- Plugin Slug:
- snillrik-restaurant-menu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14112
Starred Review
- Plugin:
- Starred Review
- Plugin Slug:
- starred-review
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14118
Sticky Action Buttons
- Plugin:
- Sticky Action Buttons
- Plugin Slug:
- sticky-action-buttons
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14465
STM Gallery 1.9
- Plugin:
- STM Gallery 1.9
- Plugin Slug:
- stm-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13848
Stumble! for WordPress
- Plugin:
- Stumble! for WordPress
- Plugin Slug:
- stumble-for-wordpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14128
Stylish Order Form Builder
- Plugin:
- Stylish Order Form Builder
- Plugin Slug:
- stylish-order-form-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13531
Super Interactive Maps
- Plugin:
- Super Interactive Maps
- Plugin Slug:
- super-interactive-maps
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49045
SVG Map Plugin
- Plugin:
- SVG Map Plugin
- Plugin Slug:
- svg-map-by-saedi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13519
Testimonial Master
- Plugin:
- Testimonial Master
- Plugin Slug:
- testimonial-master
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14127
The Tooltip
- Plugin:
- The Tooltip
- Plugin Slug:
- the-tooltip
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13908
Top Position Google Finance
- Plugin:
- Top Position Google Finance
- Plugin Slug:
- top-position-google-finance
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13895
xPromoter
- Plugin:
- xPromoter
- Plugin Slug:
- top_bar_promoter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49046
twinklesmtp
- Plugin:
- twinklesmtp
- Plugin Slug:
- twinklesmtp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14887
Unify
- Plugin:
- Unify
- Plugin Slug:
- unify
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13529
User Activity Log
- Plugin:
- User Activity Log
- Plugin Slug:
- user-activity-log
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-11877
Viitor Button Shortcodes
- Plugin:
- Viitor Button Shortcodes
- Plugin Slug:
- viitor-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14113
Wish To Go
- Plugin:
- Wish To Go
- Plugin Slug:
- wish-to-go
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14053
Premmerce WooCommerce Customers Manager
- Plugin:
- Premmerce WooCommerce Customers Manager
- Plugin Slug:
- woo-customers-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-13369
Piraeus Bank WooCommerce Payment Gateway
- Plugin:
- Piraeus Bank WooCommerce Payment Gateway
- Plugin Slug:
- woo-payment-gateway-for-piraeus-bank
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14460
WooCommerce Orders & Customers Exporter
- Plugin:
- WooCommerce Orders & Customers Exporter
- Plugin Slug:
- woocommerce-orders-ei
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22713
Woodpecker for WordPress
- Plugin:
- Woodpecker for WordPress
- Plugin Slug:
- woodpecker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13967
Workreap (theme’s plugin)
- Plugin:
- Workreap (theme’s plugin)
- Plugin Slug:
- workreap
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22728
WP Status Notifier
- Plugin:
- WP Status Notifier
- Plugin Slug:
- wp-change-status-notifier
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13521
Client Testimonial Slider
- Plugin:
- Client Testimonial Slider
- Plugin Slug:
- wp-client-testimonial
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13897
WP Enable WebP
- Plugin:
- WP Enable WebP
- Plugin Slug:
- wp-enable-webp
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-15158
WP Js List Pages Shortcodes
- Plugin:
- WP Js List Pages Shortcodes
- Plugin Slug:
- wp-js-list-pages-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14110
WP Lead Capturing Pages
- Plugin:
- WP Lead Capturing Pages
- Plugin Slug:
- wp-lead-capture
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49050
WP Lead Capturing Pages
- Plugin:
- WP Lead Capturing Pages
- Plugin Slug:
- wp-lead-capture
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-49055
WP Recipe Manager
- Plugin:
- WP Recipe Manager
- Plugin Slug:
- wp-recipe-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13667
WP Widget Changer
- Plugin:
- WP Widget Changer
- Plugin Slug:
- wp-widget-changer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14131
WP Popup Magic
- Plugin:
- WP Popup Magic
- Plugin Slug:
- wppopupmagic
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13900
xShare
- Plugin:
- xShare
- Plugin Slug:
- xshare
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-13527
Essential Addons for Elementor – Popular Elementor Templates & Widgets
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.4
- Severity Score:
- Medium
- CVE:
- 2025-69092
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.15.13
- Severity Score:
- Medium
- CVE:
- 2025-69352
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
- Plugin Slug:
- fluentform
- Installations
- 600,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.1.8
- Severity Score:
- Medium
- CVE:
- 2025-13722
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 600,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.49.2
- Severity Score:
- Medium
- CVE:
- 2025-14782
Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.2
- Severity Score:
- Medium
- CVE:
- 2025-14275
Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!
- Plugin:
- Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!
- Plugin Slug:
- templately
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.9
- Severity Score:
- Medium
- CVE:
- 2026-0831
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.3.41
- Severity Score:
- High
- CVE:
- 2025-15364
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 4.13.2
- Severity Score:
- Medium
- CVE:
- 2025-66533
Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories
- Plugin Slug:
- post-expirator
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.4
- Severity Score:
- Medium
- CVE:
- 2025-14718
Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories
- Plugin Slug:
- post-expirator
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.4
- Severity Score:
- Medium
- CVE:
- 2025-69361
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.4
- Severity Score:
- Medium
- CVE:
- 2025-13628
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.4
- Severity Score:
- Medium
- CVE:
- 2025-13934
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.4
- Severity Score:
- Medium
- CVE:
- 2025-13679
AMP for WP – Accelerated Mobile Pages
- Plugin Slug:
- accelerated-mobile-pages
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.11
- Severity Score:
- Medium
- CVE:
- 2026-0627
AMP for WP – Accelerated Mobile Pages
- Plugin Slug:
- accelerated-mobile-pages
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.10
- Severity Score:
- Medium
- CVE:
- 2025-14468
Depicter — Popup & Slider Builder
- Plugin Slug:
- depicter
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.7.0
- Severity Score:
- Medium
- CVE:
- 2025-11370
Depicter — Popup & Slider Builder
- Plugin Slug:
- depicter
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.5
- Severity Score:
- Medium
- CVE:
- 2025-68558
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
- Plugin Slug:
- folders
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.6
- Severity Score:
- Medium
- CVE:
- 2025-12640
Customer Reviews for WooCommerce
- Plugin:
- Customer Reviews for WooCommerce
- Plugin Slug:
- customer-reviews-woocommerce
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.94.0
- Severity Score:
- Medium
- CVE:
- 2025-14891
Jupiter X Core
- Plugin:
- Jupiter X Core
- Plugin Slug:
- jupiterx-core
- Installations
- 80,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.11.0
- Severity Score:
- High
- CVE:
- 2025-50004
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 80,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 4.3.2.2
- Severity Score:
- Medium
- CVE:
- 2025-14802
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.2.1
- Severity Score:
- Medium
- CVE:
- 2025-13964
Ninja Tables – Easy Data Table Builder
- Plugin Slug:
- ninja-tables
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.2.5
- Severity Score:
- High
- CVE:
- 2025-69351
WooCommerce Square
- Plugin:
- WooCommerce Square
- Plugin Slug:
- woocommerce-square
- Installations
- 80,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.1.2
- Severity Score:
- High
- CVE:
- 2025-13457
SlimStat Analytics
- Plugin:
- SlimStat Analytics
- Plugin Slug:
- wp-slimstat
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.4
- Severity Score:
- High
- CVE:
- 2025-15057
SlimStat Analytics
- Plugin:
- SlimStat Analytics
- Plugin Slug:
- wp-slimstat
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.5
- Severity Score:
- High
- CVE:
- 2025-15055
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
- Plugin Slug:
- simply-schedule-appointments
- Installations
- 70,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.6.9.6
- Severity Score:
- Medium
- CVE:
- 2025-11723
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
- Plugin Slug:
- clearfy
- Installations
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.4.1
- Severity Score:
- Medium
- CVE:
- 2025-13749
Drag and Drop Multiple File Upload for Contact Form 7
- Plugin Slug:
- drag-and-drop-multiple-file-upload-contact-form-7
- Installations
- 60,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.3.9.3
- Severity Score:
- Critical
- CVE:
- 2025-14842
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
- Plugin Slug:
- post-and-page-builder
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.27.10
- Severity Score:
- Medium
- CVE:
- 2025-69345
User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
- Plugin Slug:
- user-registration
- Installations
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.4.9
- Severity Score:
- Medium
- CVE:
- 2025-14976
Table Field Add-on for ACF and SCF
- Plugin Slug:
- advanced-custom-fields-table-field
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.31
- Severity Score:
- Medium
- CVE:
- 2025-12067
Blog2Social: Social Media Auto Post & Scheduler
- Plugin Slug:
- blog2social
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 8.7.3
- Severity Score:
- Medium
- CVE:
- 2025-14943
Booking Calendar
- Plugin:
- Booking Calendar
- Plugin Slug:
- booking
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 10.14.11
- Severity Score:
- Medium
- CVE:
- 2025-14146
EmailKit – Email Customizer for WooCommerce & WP
- Plugin Slug:
- emailkit
- Installations
- 50,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
- CVE:
- 2025-14059
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
- Plugin Slug:
- simple-tags
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.42.0
- Severity Score:
- Medium
- CVE:
- 2025-14371
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.5.4.5
- Severity Score:
- Medium
- CVE:
- 2025-12648
WP Table Builder – Drag & Drop Table Builder
- Plugin Slug:
- wp-table-builder
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.20
- Severity Score:
- Medium
- CVE:
- 2025-13753
BetterDocs – Knowledge Base Documentation & FAQ Solution for Elementor & Block Editor
- Plugin Slug:
- betterdocs
- Installations
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.3.4
- Severity Score:
- Medium
- CVE:
- 2025-14980
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
- Plugin:
- Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
- Plugin Slug:
- popup-builder-block
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2025-14441
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
- Plugin Slug:
- quiz-master-next
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 10.3.2
- Severity Score:
- Medium
- CVE:
- 2025-9637
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
- Plugin Slug:
- quiz-master-next
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 10.3.2
- Severity Score:
- Medium
- CVE:
- 2025-9294
BulletProof Security
- Plugin:
- BulletProof Security
- Plugin Slug:
- bulletproof-security
- Installations
- 30,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.0
- Severity Score:
- High
- CVE:
- 2025-67931
Link Whisper Free
- Plugin:
- Link Whisper Free
- Plugin Slug:
- link-whisper
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.8.9
- Severity Score:
- High
- CVE:
- 2025-67927
Docket Cache – Object Cache Accelerator
- Plugin Slug:
- docket-cache
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 24.07.05
- Severity Score:
- Medium
- CVE:
- 2026-22492
Icegram Engage – Popups, Optins, CTAs & lot more…
- Plugin Slug:
- icegram
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.36
- Severity Score:
- Medium
- CVE:
- 2025-68507
Quiz Maker
- Plugin:
- Quiz Maker
- Plugin Slug:
- quiz-maker
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.7.0.89
- Severity Score:
- Medium
- CVE:
- 2025-14579
Brevo for WooCommerce
- Plugin:
- Brevo for WooCommerce
- Plugin Slug:
- woocommerce-sendinblue-newsletter-subscription
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.50
- Severity Score:
- High
- CVE:
- 2025-14436
Frontend Admin by DynamiApps
- Plugin:
- Frontend Admin by DynamiApps
- Plugin Slug:
- acf-frontend-form-element
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.28.24
- Severity Score:
- High
- CVE:
- 2025-14937
Frontend Admin by DynamiApps
- Plugin:
- Frontend Admin by DynamiApps
- Plugin Slug:
- acf-frontend-form-element
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.28.26
- Severity Score:
- Critical
- CVE:
- 2025-14741
Frontend Admin by DynamiApps
- Plugin:
- Frontend Admin by DynamiApps
- Plugin Slug:
- acf-frontend-form-element
- Installations
- 10,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.28.26
- Severity Score:
- Critical
- CVE:
- 2025-14736
AffiliateX – Amazon Affiliate Plugin
- Plugin Slug:
- affiliatex
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2025-69346
Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder
- Plugin Slug:
- bit-form
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.21.7
- Severity Score:
- Medium
- CVE:
- 2025-14901
Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)
- Plugin Slug:
- bulk-image-alt-text-with-yoast
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2025-15019
Demo Importer Plus
- Plugin:
- Demo Importer Plus
- Plugin Slug:
- demo-importer-plus
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.9
- Severity Score:
- Medium
- CVE:
- 2025-69091
Easy Media Download
- Plugin:
- Easy Media Download
- Plugin Slug:
- easy-media-download
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.12
- Severity Score:
- Medium
- CVE:
- 2025-69169
Fluent Support – Helpdesk & Customer Support Ticket System
- Plugin Slug:
- fluent-support
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.10.5
- Severity Score:
- Medium
- CVE:
- 2025-67926
Form Vibes – Database Manager for Forms
- Plugin Slug:
- form-vibes
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5
- Severity Score:
- High
- CVE:
- 2025-13409
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin Slug:
- gamipress
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.6.2
- Severity Score:
- Medium
- CVE:
- 2025-13812
Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor
- Plugin Slug:
- gutenverse-form
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.0
- Severity Score:
- Medium
- CVE:
- 2025-14984
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.7
- Severity Score:
- Medium
- CVE:
- 2025-13766
ShopMagic – email automation
- Plugin:
- ShopMagic – email automation
- Plugin Slug:
- shopmagic-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.7.3
- Severity Score:
- Medium
- CVE:
- 2025-69093
Team – Team Members Showcase Plugin
- Plugin Slug:
- tlp-team
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.0.11
- Severity Score:
- Critical
- CVE:
- 2025-14124
Japanized for WooCommerce
- Plugin:
- Japanized for WooCommerce
- Plugin Slug:
- woocommerce-for-japan
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.0
- Severity Score:
- Medium
- CVE:
- 2025-14886
Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
- Plugin:
- Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
- Plugin Slug:
- wp-event-solution
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.52
- Severity Score:
- High
- CVE:
- 2025-14657
WP Photo Album Plus
- Plugin:
- WP Photo Album Plus
- Plugin Slug:
- wp-photo-album-plus
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.05.009
- Severity Score:
- High
- CVE:
- 2025-14835
Xagio SEO – AI Powered SEO
- Plugin:
- Xagio SEO – AI Powered SEO
- Plugin Slug:
- xagio-seo
- Installations
- 10,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 7.1.0.31
- Severity Score:
- Medium
- CVE:
- 2025-14438
NEX-Forms – Ultimate Forms Plugin for WordPress
- Plugin Slug:
- nex-forms-express-wp-form-builder
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.8
- Severity Score:
- Medium
- CVE:
- 2025-14803
UiChemy — Figma Converter for Elementor, Gutenberg and Bricks
- Plugin Slug:
- uichemy
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.3
- Severity Score:
- Medium
- CVE:
- 2025-69362
MediaPress
- Plugin:
- MediaPress
- Plugin Slug:
- mediapress
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.3
- Severity Score:
- Medium
- CVE:
- 2026-22519
weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot
- Plugin Slug:
- wedocs
- Installations
- 5,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.1.16
- Severity Score:
- Medium
- CVE:
- 2025-14574
BuddyPress Xprofile Custom Field Types
- Plugin Slug:
- bp-xprofile-custom-field-types
- Installations
- 4,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.3.0
- Severity Score:
- High
- CVE:
- 2025-14997
FastDup – Fastest WordPress Migration & Duplicator
- Plugin Slug:
- fastdup
- Installations
- 4,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 2.7.1
- Severity Score:
- Medium
- CVE:
- 2026-0604
FlexTable – Data Table Sync with Google Sheets
- Plugin Slug:
- sheets-to-wp-table-live-sync
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.19.2
- Severity Score:
- Medium
- CVE:
- 2025-9543
Better Business Reviews – Trustpilot WordPress Plugin
- Plugin Slug:
- better-business-reviews
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.1.2
- Severity Score:
- Medium
- CVE:
- 2025-69354
The Events Calendar Countdown Addon
- Plugin Slug:
- countdown-for-the-events-calendar
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.16
- Severity Score:
- Medium
- CVE:
- 2025-69348
Bulk Page Generator – LPagery
- Plugin:
- Bulk Page Generator – LPagery
- Plugin Slug:
- lpagery
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.10
- Severity Score:
- Medium
- CVE:
- 2026-22490
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
- Plugin Slug:
- responsive-addons-for-elementor
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.9
- Severity Score:
- Medium
- CVE:
- 2025-69363
Spiffy Calendar
- Plugin:
- Spiffy Calendar
- Plugin Slug:
- spiffy-calendar
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.8
- Severity Score:
- Medium
- CVE:
- 2025-68523
Tickera – Sell Tickets & Manage Events
- Plugin Slug:
- tickera-event-ticketing-system
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.6.5
- Severity Score:
- Medium
- CVE:
- 2025-69355
RSS Feed Widget
- Plugin:
- RSS Feed Widget
- Plugin Slug:
- rss-feed-widget
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.3
- Severity Score:
- Medium
- CVE:
- 2025-69349
Appointment Booking Calendar – WP Timetics Booking Plugin
- Plugin Slug:
- timetics
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.37
- Severity Score:
- Medium
- CVE:
- 2025-5919
Accordions – Responsive Accordion & FAQ Plugin for WordPress
- Plugin Slug:
- accordions-wp
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.4
- Severity Score:
- Medium
- CVE:
- 2025-69350
CBX Bookmark & Favorite
- Plugin:
- CBX Bookmark & Favorite
- Plugin Slug:
- cbxwpbookmark
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.0.5
- Severity Score:
- High
- CVE:
- 2025-13652
Proxy & VPN Blocker
- Plugin:
- Proxy & VPN Blocker
- Plugin Slug:
- proxy-vpn-blocker
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.4
- Severity Score:
- Medium
- CVE:
- 2025-69353
ForumWP – Forum & Discussion Board
- Plugin Slug:
- forumwp
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
- 2025-13746
Taskbuilder – WordPress Project Management & Task Management
- Plugin Slug:
- taskbuilder
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.0
- Severity Score:
- High
- CVE:
- 2025-67933
IndieWeb
- Plugin:
- IndieWeb
- Plugin Slug:
- indieweb
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.0
- Severity Score:
- Medium
- CVE:
- 2025-14893
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO
- Plugin Slug:
- wp-google-street-view
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.9
- Severity Score:
- Medium
- CVE:
- 2026-0563
Recras
- Plugin:
- Recras
- Plugin Slug:
- recras
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.2
- Severity Score:
- Medium
- CVE:
- 2025-13497
URL Image Importer
- Plugin:
- URL Image Importer
- Plugin Slug:
- url-image-importer
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.8
- Severity Score:
- Medium
- CVE:
- 2025-14120
Guest posting / Frontend Posting / Front Editor – WP Front User Submit
- Plugin Slug:
- front-editor
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.1
- Severity Score:
- Medium
- CVE:
- 2025-13419
miniOrange OTP Verification and SMS Notification for WooCommerce
- Plugin Slug:
- miniorange-sms-order-notification-otp-verification
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.9
- Severity Score:
- Medium
- CVE:
- 2025-14948
ilGhera Support System for WooCommerce
- Plugin Slug:
- wc-support-system
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2025-14034
Creator LMS – The LMS for Creators, Coaches, and Trainers
- Plugin Slug:
- creatorlms
- Installations
- 80+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.13
- Severity Score:
- Medium
- CVE:
- 2025-69359
eHive Search
- Plugin:
- eHive Search
- Plugin Slug:
- ehive-search
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.1
- Severity Score:
- High
- CVE:
- 2025-67930
FS Registration Password
- Plugin:
- FS Registration Password
- Plugin Slug:
- registration-password
- Installations
- 40+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.0.1
- Severity Score:
- Critical
- CVE:
- 2025-15001
iPaymu Payment Gateway for WooCommerce
- Plugin Slug:
- ipaymu-for-woocommerce
- Installations
- 10+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.3
- Severity Score:
- High
- CVE:
- 2026-0656
Page Expire Popup/Redirection for WordPress
- Plugin Slug:
- page-expire-popup
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1
- Severity Score:
- High
- CVE:
- 2025-14153
Automotive Listings
- Plugin:
- Automotive Listings
- Plugin Slug:
- automotive
- Vulnerability:
- SQL Injection
- Patched in Version:
- 18.7
- Severity Score:
- Critical
- CVE:
- 2025-67928
JetEngine
- Plugin:
- JetEngine
- Plugin Slug:
- jet-engine
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.8
- Severity Score:
- High
- CVE:
- 2025-67923
Listeo Core
- Plugin:
- Listeo Core
- Plugin Slug:
- listeo-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.19
- Severity Score:
- High
- CVE:
- 2025-67932
TheGem Theme Elements (for WPBakery)
- Plugin:
- TheGem Theme Elements (for WPBakery)
- Plugin Slug:
- thegem-elements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.11.1
- Severity Score:
- Medium
- CVE:
- 2025-69360
TheGem Theme Elements (for Elementor)
- Plugin:
- TheGem Theme Elements (for Elementor)
- Plugin Slug:
- thegem-elements-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.11.1
- Severity Score:
- Medium
- CVE:
- 2025-69357
TheGem Theme Elements (for Elementor)
- Plugin:
- TheGem Theme Elements (for Elementor)
- Plugin Slug:
- thegem-elements-elementor
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.11.1
- Severity Score:
- High
- CVE:
- 2025-69356
Woffice Core
- Plugin:
- Woffice Core
- Plugin Slug:
- woffice-core
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.4.31
- Severity Score:
- Medium
- CVE:
- 2025-67919
WordPress Themes — 14 Patched / 35 Unpatched
AeroLand
- Theme:
- AeroLand
- Theme Slug:
- aeroland
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14429
Amuli
- Theme:
- Amuli
- Theme Slug:
- amuli
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-50003
Anarkali
- Theme:
- Anarkali
- Theme Slug:
- anarkali
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47474
Athens
- Theme:
- Athens
- Theme Slug:
- athens
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49994
Atlas
- Theme:
- Atlas
- Theme Slug:
- atlas
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22509
AutoParts
- Theme:
- AutoParts
- Theme Slug:
- autoparts
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22331
Barberry
- Theme:
- Barberry
- Theme Slug:
- barberry
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68908
Brook
- Theme:
- Brook
- Theme Slug:
- brook
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14430
Consult Aid
- Theme:
- Consult Aid
- Theme Slug:
- consultaid
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-67617
DeepDigital
- Theme:
- DeepDigital
- Theme Slug:
- deepdigital
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22469
Depot
- Theme:
- Depot
- Theme Slug:
- depot
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-54003
Drone
- Theme:
- Drone
- Theme Slug:
- drone
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49249
Electron
- Theme:
- Electron
- Theme Slug:
- electron
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5805
Energia
- Theme:
- Energia
- Theme Slug:
- energia
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-50002
Melania
- Theme:
- Melania
- Theme Slug:
- melania
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22324
Mella
- Theme:
- Mella
- Theme Slug:
- mella
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-67616
Mitech
- Theme:
- Mitech
- Theme Slug:
- mitech
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22708
Myour
- Theme:
- Myour
- Theme Slug:
- myour
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-67615
Navian
- Theme:
- Navian
- Theme Slug:
- navian
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14431
OchaHouse
- Theme:
- OchaHouse
- Theme Slug:
- ochahouse
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12550
Oshine
- Theme:
- Oshine
- Theme Slug:
- oshin
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14359
Promo
- Theme:
- Promo
- Theme Slug:
- promo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22325
Racquet
- Theme:
- Racquet
- Theme Slug:
- racquet
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69369
Reprizo
- Theme:
- Reprizo
- Theme Slug:
- reprizo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22326
Right Way
- Theme:
- Right Way
- Theme Slug:
- rightway
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22330
Rozy – Flower Shop
- Theme:
- Rozy – Flower Shop
- Theme Slug:
- rozy
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12549
Search & Go
- Theme:
- Search & Go
- Theme Slug:
- search-and-go
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-69005
TheNa
- Theme:
- TheNa
- Theme Slug:
- thena
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-67614
Moody
- Theme:
- Moody
- Theme Slug:
- tm-moody
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22707
Typify
- Theme:
- Typify
- Theme Slug:
- typify
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22712
VideoPro
- Theme:
- VideoPro
- Theme Slug:
- videopro
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58913
xSmart
- Theme:
- xSmart
- Theme Slug:
- xsmart
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-54002
xSmart
- Theme:
- xSmart
- Theme Slug:
- xsmart
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-50007
xSmart
- Theme:
- xSmart
- Theme Slug:
- xsmart
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-50006
Zorka
- Theme:
- Zorka
- Theme Slug:
- zorka
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-0676
Phlox
Corpkit
- Theme:
- Corpkit
- Theme Slug:
- corpkit
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.0.1
- Severity Score:
- High
- CVE:
- 2025-67925
Corpkit
- Theme:
- Corpkit
- Theme Slug:
- corpkit
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.0.1
- Severity Score:
- Critical
- CVE:
- 2025-67924
Curly
- Theme:
- Curly
- Theme Slug:
- curly
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.3
- Severity Score:
- High
- CVE:
- 2025-67936
Grand Restaurant
- Theme:
- Grand Restaurant
- Theme Slug:
- grandrestaurant
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.9
- Severity Score:
- High
- CVE:
- 2025-67922
Hendon
- Theme:
- Hendon
- Theme Slug:
- hendon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.7
- Severity Score:
- High
- CVE:
- 2025-67937
Jobify
- Theme:
- Jobify
- Theme Slug:
- jobify
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.1
- Severity Score:
- High
- CVE:
- 2025-67916
Lobo
- Theme:
- Lobo
- Theme Slug:
- lobo
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.8.6
- Severity Score:
- High
- CVE:
- 2025-67921
Neo Ocular
- Theme:
- Neo Ocular
- Theme Slug:
- neoocular
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.2
- Severity Score:
- High
- CVE:
- 2025-67920
Optimize
- Theme:
- Optimize
- Theme Slug:
- optimizewp
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.4
- Severity Score:
- High
- CVE:
- 2025-67935
Photography
- Theme:
- Photography
- Theme Slug:
- photography
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 7.7.5
- Severity Score:
- High
- CVE:
- 2025-68510
Traveler
- Theme:
- Traveler
- Theme Slug:
- traveler
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.7
- Severity Score:
- Medium
- CVE:
- 2025-67917
Wellspring
- Theme:
- Wellspring
- Theme Slug:
- wellspring
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.8
- Severity Score:
- High
- CVE:
- 2025-67934
Woffice
- Theme:
- Woffice
- Theme Slug:
- woffice
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.31
- Severity Score:
- High
- CVE:
- 2025-67918
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
