WordPress Vulnerability Report

WordPress Vulnerability Report — January 22, 2025

This last week, 486 new plugin and theme vulnerabilities emerged in the WordPress ecosystem. 393 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Jan 22, 2025

Filed Under:WordPress Vulnerability Report

Reading Time:80 min.

In this report, 486 vulnerabilities have been publicly disclosed. Security patches for 93 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 393 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 90 Patched / 371 Unpatched

CoDesigner – All in One Elementor WooCommerce Builder

Plugin:
CoDesigner – All in One Elementor WooCommerce Builder
Plugin Slug:
woolementor
Installations
9,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22788
The vulnerability has not been patched. You should deactivate the plugin.

Bold pagos en linea

Plugin:
Bold pagos en linea
Plugin Slug:
bold-pagos-en-linea
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22793
The vulnerability has not been patched. You should deactivate the plugin.

GSheetConnector for Forminator Forms

Plugin:
GSheetConnector for Forminator Forms
Plugin Slug:
gsheetconnector-forminator
Installations
700+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22752
The vulnerability has not been patched. You should deactivate the plugin.

Post Carousel & Slider

Plugin:
Post Carousel & Slider
Plugin Slug:
post-types-carousel-slider
Installations
400+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22750
The vulnerability has not been patched. You should deactivate the plugin.

Product Carousel For WooCommerce – WoorouSell

Plugin:
Product Carousel For WooCommerce – WoorouSell
Plugin Slug:
woorousell
Installations
400+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22724
The vulnerability has not been patched. You should deactivate the plugin.

WP Headmaster

Plugin:
WP Headmaster
Plugin Slug:
wp-headmaster
Installations
200+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22755
The vulnerability has not been patched. You should deactivate the plugin.

Course Booking System

Plugin:
Course Booking System
Plugin Slug:
course-booking-system
Installations
100+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-22785
The vulnerability has not been patched. You should deactivate the plugin.

Neon Product Designer

Plugin:
Neon Product Designer
Plugin Slug:
neon-product-designer-for-woocommerce
Installations
100+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22799
The vulnerability has not been patched. You should deactivate the plugin.

Partners

Plugin:
Partners
Plugin Slug:
partners
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22751
The vulnerability has not been patched. You should deactivate the plugin.

Online Payments – Get Paid with PayPal, Square & Stripe

Plugin:
Online Payments – Get Paid with PayPal, Square & Stripe
Plugin Slug:
paypal-payment-button-by-vcita
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22661
The vulnerability has not been patched. You should deactivate the plugin.

WP Order By

Plugin:
WP Order By
Plugin Slug:
wp-order-by
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22765
The vulnerability has not been patched. You should deactivate the plugin.

WR Price List Manager For Woocommerce

Plugin:
WR Price List Manager For Woocommerce
Plugin Slug:
wr-price-list-for-woocommerce
Installations
100+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-22782
The vulnerability has not been patched. You should deactivate the plugin.

Estatebud – Properties & Listings

Plugin:
Estatebud – Properties & Listings
Plugin Slug:
estatebud-properties-listings
Installations
90+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23994
The vulnerability has not been patched. You should deactivate the plugin.

Amber

Plugin:
Amber
Plugin Slug:
amberlink
Installations
80+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22754
The vulnerability has not been patched. You should deactivate the plugin.

Multilang Contact Form

Plugin:
Multilang Contact Form
Plugin Slug:
multilang-contact-form
Installations
80+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22795
The vulnerability has not been patched. You should deactivate the plugin.

Responsive jQuery Slider

Plugin:
Responsive jQuery Slider
Plugin Slug:
responsive-jquery-slider
Installations
80+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22798
The vulnerability has not been patched. You should deactivate the plugin.

Gallery and Lightbox

Plugin:
Gallery and Lightbox
Plugin Slug:
gallery-and-lightbox
Installations
70+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22797
The vulnerability has not been patched. You should deactivate the plugin.

User Management

Plugin:
User Management
Plugin Slug:
user-management
Installations
70+
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22736
The vulnerability has not been patched. You should deactivate the plugin.

WP Post Corrector

Plugin:
WP Post Corrector
Plugin Slug:
wp-post-corrector
Installations
70+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22764
The vulnerability has not been patched. You should deactivate the plugin.

Foundation Columns

Plugin:
Foundation Columns
Plugin Slug:
foundation-columns
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22747
The vulnerability has not been patched. You should deactivate the plugin.

Navigation Du Lapin Blanc

Plugin:
Navigation Du Lapin Blanc
Plugin Slug:
navigation-du-lapin-blanc
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22745
The vulnerability has not been patched. You should deactivate the plugin.

S-DEV SEO

Plugin:
S-DEV SEO
Plugin Slug:
s-dev-seo
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22744
The vulnerability has not been patched. You should deactivate the plugin.

SetMore Theme – Custom Post Types

Plugin:
SetMore Theme – Custom Post Types
Plugin Slug:
service-provider-profile-cpt
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22748
The vulnerability has not been patched. You should deactivate the plugin.

Social Media Engine

Plugin:
Social Media Engine
Plugin Slug:
social-media-engine
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22749
The vulnerability has not been patched. You should deactivate the plugin.

WP ViewSTL

Plugin:
WP ViewSTL
Plugin Slug:
wp-viewstl
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22742
The vulnerability has not been patched. You should deactivate the plugin.

HireHive Job Plugin

Plugin:
HireHive Job Plugin
Plugin Slug:
zartis-job-plugin
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22746
The vulnerability has not been patched. You should deactivate the plugin.

Ajax Contact Form

Plugin:
Ajax Contact Form
Plugin Slug:
fws-ajax-contact-form
Installations
40+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22761
The vulnerability has not been patched. You should deactivate the plugin.

Related Post Shortcode

Plugin:
Related Post Shortcode
Plugin Slug:
related-post-shortcode
Installations
30+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22276
The vulnerability has not been patched. You should deactivate the plugin.

CodeBard Help Desk

Plugin:
CodeBard Help Desk
Plugin Slug:
codebard-help-desk
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22760
The vulnerability has not been patched. You should deactivate the plugin.

1003 Mortgage Application

Plugin:
1003 Mortgage Application
Plugin Slug:
1003-mortgage-application
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-13536
The vulnerability has not been patched. You should deactivate the plugin.

a Gateway for Pasargad Bank on WooCommerce

Plugin:
a Gateway for Pasargad Bank on WooCommerce
Plugin Slug:
a-gateway-for-pasargad-bank-on-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23966
The vulnerability has not been patched. You should deactivate the plugin.

Ad Blocking Detector

Plugin:
Ad Blocking Detector
Plugin Slug:
ad-blocking-detector
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22732
The vulnerability has not been patched. You should deactivate the plugin.

add custom google tag manager

Plugin:
add custom google tag manager
Plugin Slug:
add-custom-google-tag-manager
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23537
The vulnerability has not been patched. You should deactivate the plugin.

Add RSS

Plugin:
Add RSS
Plugin Slug:
add-rss
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23895
The vulnerability has not been patched. You should deactivate the plugin.

Admin Cleanup

Plugin:
Admin Cleanup
Plugin Slug:
admin-cleanup
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23832
The vulnerability has not been patched. You should deactivate the plugin.

Admin Menu Organizer

Plugin:
Admin Menu Organizer
Plugin Slug:
admin-menu-organizer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23686
The vulnerability has not been patched. You should deactivate the plugin.

Elementor AI Addons

Plugin:
Elementor AI Addons
Plugin Slug:
ai-addons-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22758
The vulnerability has not been patched. You should deactivate the plugin.

AI Responsive Gallery Album

Plugin:
AI Responsive Gallery Album
Plugin Slug:
ai-responsive-gallery-album
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23785
The vulnerability has not been patched. You should deactivate the plugin.

Ajax WP Query Search Filter

Plugin:
Ajax WP Query Search Filter
Plugin Slug:
ajax-wp-query-search-filter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23926
The vulnerability has not been patched. You should deactivate the plugin.

AlT Report

Plugin:
AlT Report
Plugin Slug:
alt-report
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23432
The vulnerability has not been patched. You should deactivate the plugin.

Altima Lookbook Free for WooCommerce

Plugin:
Altima Lookbook Free for WooCommerce
Plugin Slug:
altima-lookbook-free-for-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23429
The vulnerability has not been patched. You should deactivate the plugin.

amr personalise

Plugin:
amr personalise
Plugin Slug:
amr-personalise
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23880
The vulnerability has not been patched. You should deactivate the plugin.

Annie

Plugin:
Annie
Plugin Slug:
annie
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23884
The vulnerability has not been patched. You should deactivate the plugin.

Annie

Plugin:
Annie
Plugin Slug:
annie
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23886
The vulnerability has not been patched. You should deactivate the plugin.

Anonymize Links

Plugin:
Anonymize Links
Plugin Slug:
anonymize-links
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23702
The vulnerability has not been patched. You should deactivate the plugin.

AnyRoad

Plugin:
AnyRoad
Plugin Slug:
anyguide
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23996
The vulnerability has not been patched. You should deactivate the plugin.

Apply with LinkedIn buttons

Plugin:
Apply with LinkedIn buttons
Plugin Slug:
apply-with-linkedin-buttons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23897
The vulnerability has not been patched. You should deactivate the plugin.

Apply with LinkedIn buttons

Plugin:
Apply with LinkedIn buttons
Plugin Slug:
apply-with-linkedin-buttons
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23898
The vulnerability has not been patched. You should deactivate the plugin.

Auphonic Importer

Plugin:
Auphonic Importer
Plugin Slug:
auphonic-importer
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23649
The vulnerability has not been patched. You should deactivate the plugin.

Auto FTP

Plugin:
Auto FTP
Plugin Slug:
auto-ftp
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23793
The vulnerability has not been patched. You should deactivate the plugin.

Background animation blocks

Plugin:
Background animation blocks
Plugin Slug:
background-animation-blocks
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23948
The vulnerability has not been patched. You should deactivate the plugin.

Background Control

Plugin:
Background Control
Plugin Slug:
background-control
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22784
The vulnerability has not been patched. You should deactivate the plugin.

Better Protected Pages

Plugin:
Better Protected Pages
Plugin Slug:
better-protected-pages
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23875
The vulnerability has not been patched. You should deactivate the plugin.

Bible Embed

Plugin:
Bible Embed
Plugin Slug:
bible-embed
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23513
The vulnerability has not been patched. You should deactivate the plugin.

Bit.ly linker

Plugin:
Bit.ly linker
Plugin Slug:
bitly-linker
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23674
The vulnerability has not been patched. You should deactivate the plugin.

BizLibrary

Plugin:
BizLibrary
Plugin Slug:
bizlibrary
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23580
The vulnerability has not been patched. You should deactivate the plugin.

Blog Summary

Plugin:
Blog Summary
Plugin Slug:
blog-summary
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23887
The vulnerability has not been patched. You should deactivate the plugin.

Blogger Image Import

Plugin:
Blogger Image Import
Plugin Slug:
blogger-image-import
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23689
The vulnerability has not been patched. You should deactivate the plugin.

Blrt WP Embed

Plugin:
Blrt WP Embed
Plugin Slug:
blrt-wp-embed
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23507
The vulnerability has not been patched. You should deactivate the plugin.

Blue Wrench Video Widget

Plugin:
Blue Wrench Video Widget
Plugin Slug:
blue-wrench-videos-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23809
The vulnerability has not been patched. You should deactivate the plugin.

Board Election

Plugin:
Board Election
Plugin Slug:
board-election
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23499
The vulnerability has not been patched. You should deactivate the plugin.

Bonjour Bar

Plugin:
Bonjour Bar
Plugin Slug:
bonjour-bar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22262
The vulnerability has not been patched. You should deactivate the plugin.

Book a Place

Plugin:
Book a Place
Plugin Slug:
book-a-place
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23690
The vulnerability has not been patched. You should deactivate the plugin.

Bookalet

Plugin:
Bookalet
Plugin Slug:
bookalet
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23899
The vulnerability has not been patched. You should deactivate the plugin.

Brizy Pro

Plugin:
Brizy Pro
Plugin Slug:
brizy-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22763
The vulnerability has not been patched. You should deactivate the plugin.

Calendi

Plugin:
Calendi
Plugin Slug:
calendi
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23606
The vulnerability has not been patched. You should deactivate the plugin.

Call me Now

Plugin:
Call me Now
Plugin Slug:
call-me-now
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23745
The vulnerability has not been patched. You should deactivate the plugin.

Call To Action Popup

Plugin:
Call To Action Popup
Plugin Slug:
call-to-action-popup
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23605
The vulnerability has not been patched. You should deactivate the plugin.

CAMOO SMS

Plugin:
CAMOO SMS
Plugin Slug:
camoo-sms
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23607
The vulnerability has not been patched. You should deactivate the plugin.

Captchelfie – Captcha by Selfie

Plugin:
Captchelfie – Captcha by Selfie
Plugin Slug:
captchelfie-captcha-by-selfie
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23620
The vulnerability has not been patched. You should deactivate the plugin.

Car Demon

Plugin:
Car Demon
Plugin Slug:
car-demon
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-13334
The vulnerability has not been patched. You should deactivate the plugin.

Category D3 Tree

Plugin:
Category D3 Tree
Plugin Slug:
category-d3-tree
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23873
The vulnerability has not been patched. You should deactivate the plugin.

Category Custom Fields

Plugin:
Category Custom Fields
Plugin Slug:
categorycustomfields
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23822
The vulnerability has not been patched. You should deactivate the plugin.

CC Circle Progress Bar

Plugin:
CC Circle Progress Bar
Plugin Slug:
cc-circle-progress-bar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23936
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form 7 – CCAvenue Add-on

Plugin:
Contact Form 7 – CCAvenue Add-on
Plugin Slug:
cf7-cc-avenue-add-on
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23623
The vulnerability has not been patched. You should deactivate the plugin.

Charity-thermometer

Plugin:
Charity-thermometer
Plugin Slug:
charitydonation-thermometer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23860
The vulnerability has not been patched. You should deactivate the plugin.

Chatter

Plugin:
Chatter
Plugin Slug:
chatter
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23760
The vulnerability has not been patched. You should deactivate the plugin.

Chess Tempo Viewer

Plugin:
Chess Tempo Viewer
Plugin Slug:
chesstempoviewer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23868
The vulnerability has not been patched. You should deactivate the plugin.

CJ Custom Content

Plugin:
CJ Custom Content
Plugin Slug:
cj-custom-content
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23869
The vulnerability has not been patched. You should deactivate the plugin.

CMC MIGRATE

Plugin:
CMC MIGRATE
Plugin Slug:
cmc-migrate
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23746
The vulnerability has not been patched. You should deactivate the plugin.

CNZZ&51LA for WordPress

Plugin:
CNZZ&51LA for WordPress
Plugin Slug:
cnzz51la-for-wordpress
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23823
The vulnerability has not been patched. You should deactivate the plugin.

Comment-Emailer

Plugin:
Comment-Emailer
Plugin Slug:
comment-emailer
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23627
The vulnerability has not been patched. You should deactivate the plugin.

HyperComments

Plugin:
HyperComments
Plugin Slug:
comments-with-hypercommentscom
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23509
The vulnerability has not been patched. You should deactivate the plugin.

Compare Ninja

Plugin:
Compare Ninja
Plugin Slug:
compare-ninja-comparison-tables
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23909
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form 7 Anti Spambot

Plugin:
Contact Form 7 Anti Spambot
Plugin Slug:
contact-form-7-anti-spambot
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23862
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form 7 Round Robin Lead Distribution

Plugin:
Contact Form 7 Round Robin Lead Distribution
Plugin Slug:
contact-form-7-round-robin-lead-distribution
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23812
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form 7 Round Robin Lead Distribution

Plugin:
Contact Form 7 Round Robin Lead Distribution
Plugin Slug:
contact-form-7-round-robin-lead-distribution
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23784
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form Master – by Edmon

Plugin:
Contact Form Master – by Edmon
Plugin Slug:
contact-form-master
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-12587
The vulnerability has not been patched. You should deactivate the plugin.

Content Mirror

Plugin:
Content Mirror
Plugin Slug:
content-mirror
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23769
The vulnerability has not been patched. You should deactivate the plugin.

Content Planner

Plugin:
Content Planner
Plugin Slug:
content-planner
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23631
The vulnerability has not been patched. You should deactivate the plugin.

Content Security Policy Pro

Plugin:
Content Security Policy Pro
Plugin Slug:
content-security-policy-pro
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23820
The vulnerability has not been patched. You should deactivate the plugin.

ContentOptin Lite

Plugin:
ContentOptin Lite
Plugin Slug:
contentoptin
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23589
The vulnerability has not been patched. You should deactivate the plugin.

Cookie Consent & Autoblock for GDPR/CCPA

Plugin:
Cookie Consent & Autoblock for GDPR/CCPA
Plugin Slug:
cookie-consent-autoblock
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23501
The vulnerability has not been patched. You should deactivate the plugin.

Copy Move Posts

Plugin:
Copy Move Posts
Plugin Slug:
copy-move-posts
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23764
The vulnerability has not been patched. You should deactivate the plugin.

Copyright Safeguard Footer Notice

Plugin:
Copyright Safeguard Footer Notice
Plugin Slug:
copyright-safeguard-footer-notice
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23870
The vulnerability has not been patched. You should deactivate the plugin.

Custom CSS Addons

Plugin:
Custom CSS Addons
Plugin Slug:
css-addons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23578
The vulnerability has not been patched. You should deactivate the plugin.

Custom List Table Example

Plugin:
Custom List Table Example
Plugin Slug:
custom-list-table-example
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23808
The vulnerability has not been patched. You should deactivate the plugin.

Custom Post

Plugin:
Custom Post
Plugin Slug:
custom-post-type-gui
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23566
The vulnerability has not been patched. You should deactivate the plugin.

Custom Post Type Lockdown

Plugin:
Custom Post Type Lockdown
Plugin Slug:
custom-post-type-lockdown
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23530
The vulnerability has not been patched. You should deactivate the plugin.

Custom Widget Classes

Plugin:
Custom Widget Classes
Plugin Slug:
custom-widget-classes
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23844
The vulnerability has not been patched. You should deactivate the plugin.

Customizable Captcha and Contact Us

Plugin:
Customizable Captcha and Contact Us
Plugin Slug:
customizable-captcha-and-contact-us-form
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23503
The vulnerability has not been patched. You should deactivate the plugin.

Cyber Slider

Plugin:
Cyber Slider
Plugin Slug:
cyber-new-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23630
The vulnerability has not been patched. You should deactivate the plugin.

Daily Proverb

Plugin:
Daily Proverb
Plugin Slug:
daily-proverb
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23859
The vulnerability has not been patched. You should deactivate the plugin.

Database Sync

Plugin:
Database Sync
Plugin Slug:
database-sync
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23486
The vulnerability has not been patched. You should deactivate the plugin.

DD Roles

Plugin:
DD Roles
Plugin Slug:
dd-roles
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23528
The vulnerability has not been patched. You should deactivate the plugin.

Debt Calculator

Plugin:
Debt Calculator
Plugin Slug:
debt-calculator
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23861
The vulnerability has not been patched. You should deactivate the plugin.

Debug Tool

Plugin:
Debug Tool
Plugin Slug:
debug-tool
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23684
The vulnerability has not been patched. You should deactivate the plugin.

DF Draggable

Plugin:
DF Draggable
Plugin Slug:
df-draggable
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23708
The vulnerability has not been patched. You should deactivate the plugin.

dForms

Plugin:
dForms
Plugin Slug:
dforms
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23592
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Local SEO

Plugin:
WordPress Local SEO
Plugin Slug:
dh-local-seo
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-23931
The vulnerability has not been patched. You should deactivate the plugin.

REAL WordPress Sidebar

Plugin:
REAL WordPress Sidebar
Plugin Slug:
drag-and-drop-custom-sidebar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23535
The vulnerability has not been patched. You should deactivate the plugin.

EU DSGVO Helper

Plugin:
EU DSGVO Helper
Plugin Slug:
dsgvo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23866
The vulnerability has not been patched. You should deactivate the plugin.

Easy Automatic Newsletter Lite

Plugin:
Easy Automatic Newsletter Lite
Plugin Slug:
easy-automatic-newsletter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23879
The vulnerability has not been patched. You should deactivate the plugin.

Easy Code Snippets

Plugin:
Easy Code Snippets
Plugin Slug:
easy-code-snippets
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23780
The vulnerability has not been patched. You should deactivate the plugin.

Easy EU Cookie law

Plugin:
Easy EU Cookie law
Plugin Slug:
easy-eu-cookie-law
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23434
The vulnerability has not been patched. You should deactivate the plugin.

Easy FAQs

Plugin:
Easy FAQs
Plugin Slug:
easy-faqs
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23795
The vulnerability has not been patched. You should deactivate the plugin.

Easy Filtering

Plugin:
Easy Filtering
Plugin Slug:
easy-filtering
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23732
The vulnerability has not been patched. You should deactivate the plugin.

Easy Portfolio

Plugin:
Easy Portfolio
Plugin Slug:
easy-portfolio
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23796
The vulnerability has not been patched. You should deactivate the plugin.

Post-to-Post Links

Plugin:
Post-to-Post Links
Plugin Slug:
easy-post-to-post-links
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23878
The vulnerability has not been patched. You should deactivate the plugin.

Easy Real Estate

Plugin:
Easy Real Estate
Plugin Slug:
easy-real-estate
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-32555
The vulnerability has not been patched. You should deactivate the plugin.

Easy Shortcode Buttons

Plugin:
Easy Shortcode Buttons
Plugin Slug:
easy-shortcode-buttons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23825
The vulnerability has not been patched. You should deactivate the plugin.

Easy Tweet Embed

Plugin:
Easy Tweet Embed
Plugin Slug:
easy-tweet-embed
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23890
The vulnerability has not been patched. You should deactivate the plugin.

Easy Tynt

Plugin:
Easy Tynt
Plugin Slug:
easy-tynt
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23445
The vulnerability has not been patched. You should deactivate the plugin.

ECT Add to Cart Button

Plugin:
ECT Add to Cart Button
Plugin Slug:
ect-add-to-cart-button
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23471
The vulnerability has not been patched. You should deactivate the plugin.

EditionGuard for WooCommerce – eBook Sales with DRM

Plugin:
EditionGuard for WooCommerce – eBook Sales with DRM
Plugin Slug:
editionguard-for-woocommerce-ebook-sales-with-drm
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23452
The vulnerability has not been patched. You should deactivate the plugin.

EELV Newsletter

Plugin:
EELV Newsletter
Plugin Slug:
eelv-newsletter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23602
The vulnerability has not been patched. You should deactivate the plugin.

Email Capture & Lead Generation

Plugin:
Email Capture & Lead Generation
Plugin Slug:
email-capture-lead-generation
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23929
The vulnerability has not been patched. You should deactivate the plugin.

Email on Publish

Plugin:
Email on Publish
Plugin Slug:
email-on-publish
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23673
The vulnerability has not been patched. You should deactivate the plugin.

EmailShroud

Plugin:
EmailShroud
Plugin Slug:
emailshroud
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23456
The vulnerability has not been patched. You should deactivate the plugin.

iSpring Embedder

Plugin:
iSpring Embedder
Plugin Slug:
embed-ispring
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-23922
The vulnerability has not been patched. You should deactivate the plugin.

Enhanced YouTube Shortcode

Plugin:
Enhanced YouTube Shortcode
Plugin Slug:
enhanced-youtube-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23946
The vulnerability has not been patched. You should deactivate the plugin.

Error Notification

Plugin:
Error Notification
Plugin Slug:
error-notification
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23902
The vulnerability has not been patched. You should deactivate the plugin.

Event Countdown Timer Plugin by TechMix

Plugin:
Event Countdown Timer Plugin by TechMix
Plugin Slug:
event-countdown-timer
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23699
The vulnerability has not been patched. You should deactivate the plugin.

Event Registration Calendar By vcita

Plugin:
Event Registration Calendar By vcita
Plugin Slug:
event-registration-calendar-by-vcita
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-11870
The vulnerability has not been patched. You should deactivate the plugin.

Explara Membership

Plugin:
Explara Membership
Plugin Slug:
explara-membership
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23583
The vulnerability has not been patched. You should deactivate the plugin.

Explore pages

Plugin:
Explore pages
Plugin Slug:
explore-pages
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23563
The vulnerability has not been patched. You should deactivate the plugin.

Extra Options – Favicons

Plugin:
Extra Options – Favicons
Plugin Slug:
extra-options-favicons
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23508
The vulnerability has not been patched. You should deactivate the plugin.

EZPlayer

Plugin:
EZPlayer
Plugin Slug:
ezplayer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23950
The vulnerability has not been patched. You should deactivate the plugin.

Fast Tube

Plugin:
Fast Tube
Plugin Slug:
fast-tube
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23770
The vulnerability has not been patched. You should deactivate the plugin.

FAT Event Lite

Plugin:
FAT Event Lite
Plugin Slug:
fat-event-lite
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23915
The vulnerability has not been patched. You should deactivate the plugin.

FAT Event Lite

Plugin:
FAT Event Lite
Plugin Slug:
fat-event-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22718
The vulnerability has not been patched. You should deactivate the plugin.

Feedburner Optin Form

Plugin:
Feedburner Optin Form
Plugin Slug:
feedburner-optin-form
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23925
The vulnerability has not been patched. You should deactivate the plugin.

Find Your Reps

Plugin:
Find Your Reps
Plugin Slug:
find-your-reps
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23557
The vulnerability has not been patched. You should deactivate the plugin.

Flexible Blogtitle

Plugin:
Flexible Blogtitle
Plugin Slug:
flexible-blogtitle
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23846
The vulnerability has not been patched. You should deactivate the plugin.

Floatbox Plus

Plugin:
Floatbox Plus
Plugin Slug:
floatbox-plus
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23617
The vulnerability has not been patched. You should deactivate the plugin.

Flying Twitter Birds

Plugin:
Flying Twitter Birds
Plugin Slug:
flying-twitter-birds
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23710
The vulnerability has not been patched. You should deactivate the plugin.

FontAwesome.io ShortCodes

Plugin:
FontAwesome.io ShortCodes
Plugin Slug:
fontawesomeio-shortcodes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23824
The vulnerability has not been patched. You should deactivate the plugin.

Formatted post

Plugin:
Formatted post
Plugin Slug:
formatted-post
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23709
The vulnerability has not been patched. You should deactivate the plugin.

FP RSS Category Excluder

Plugin:
FP RSS Category Excluder
Plugin Slug:
fp-rss-category-excluder
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23679
The vulnerability has not been patched. You should deactivate the plugin.

FWD Slider

Plugin:
FWD Slider
Plugin Slug:
fwd-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23462
The vulnerability has not been patched. You should deactivate the plugin.

GDPR Personal Data Reports

Plugin:
GDPR Personal Data Reports
Plugin Slug:
gdpr-personal-data-reports
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23777
The vulnerability has not been patched. You should deactivate the plugin.

GDReseller

Plugin:
GDReseller
Plugin Slug:
gdreseller
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23567
The vulnerability has not been patched. You should deactivate the plugin.

Genki Announcement

Plugin:
Genki Announcement
Plugin Slug:
genki-announcement
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23900
The vulnerability has not been patched. You should deactivate the plugin.

Geotagged Media

Plugin:
Geotagged Media
Plugin Slug:
geotagged-media
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23558
The vulnerability has not been patched. You should deactivate the plugin.

Multi Uploader for Gravity Forms

Plugin:
Multi Uploader for Gravity Forms
Plugin Slug:
gf-multi-uploader
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-23921
The vulnerability has not been patched. You should deactivate the plugin.

Giveaways and Contests by PromoSimple

Plugin:
Giveaways and Contests by PromoSimple
Plugin Slug:
giveaways-contests-by-promosimple
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23934
The vulnerability has not been patched. You should deactivate the plugin.

Glofox Shortcodes

Plugin:
Glofox Shortcodes
Plugin Slug:
glofox-shortcodes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-12508
The vulnerability has not been patched. You should deactivate the plugin.

GMap Shortcode

Plugin:
GMap Shortcode
Plugin Slug:
gmap-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23893
The vulnerability has not been patched. You should deactivate the plugin.

GMAPS for WPBakery Page Builder Free

Plugin:
GMAPS for WPBakery Page Builder Free
Plugin Slug:
gmaps-for-visual-composer-free
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23775
The vulnerability has not been patched. You should deactivate the plugin.

go Social

Plugin:
go Social
Plugin Slug:
go-social
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23426
The vulnerability has not been patched. You should deactivate the plugin.

Goldstar

Plugin:
Goldstar
Plugin Slug:
goldstar
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23962
The vulnerability has not been patched. You should deactivate the plugin.

Good Old Gallery

Plugin:
Good Old Gallery
Plugin Slug:
good-old-gallery
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23959
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Google Map Professional

Plugin:
WordPress Google Map Professional
Plugin Slug:
google-map-professional
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23913
The vulnerability has not been patched. You should deactivate the plugin.

Google Org Chart

Plugin:
Google Org Chart
Plugin Slug:
google-org-chart
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23928
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Graphs & Charts

Plugin:
WordPress Graphs & Charts
Plugin Slug:
graph-lite
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23961
The vulnerability has not been patched. You should deactivate the plugin.

GravatarLocalCache

Plugin:
GravatarLocalCache
Plugin Slug:
gravatarlocalcache
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23901
The vulnerability has not been patched. You should deactivate the plugin.

Greek Namedays Widget From Eortologio.Net

Plugin:
Greek Namedays Widget From Eortologio.Net
Plugin Slug:
greek-namedays-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23783
The vulnerability has not been patched. You should deactivate the plugin.

Group category creator

Plugin:
Group category creator
Plugin Slug:
group-category-creator
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23603
The vulnerability has not been patched. You should deactivate the plugin.

Hack me if you can

Plugin:
Hack me if you can
Plugin Slug:
hack-me-if-you-can
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23713
The vulnerability has not been patched. You should deactivate the plugin.

History timeline

Plugin:
History timeline
Plugin Slug:
history-timeline
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23475
The vulnerability has not been patched. You should deactivate the plugin.

Horizontal Line Shortcode

Plugin:
Horizontal Line Shortcode
Plugin Slug:
horizontal-line-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23791
The vulnerability has not been patched. You should deactivate the plugin.

Hotspots Analytics

Plugin:
Hotspots Analytics
Plugin Slug:
hotspots
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23848
The vulnerability has not been patched. You should deactivate the plugin.

HTTP to HTTPS link changer by Eyga.net

Plugin:
HTTP to HTTPS link changer by Eyga.net
Plugin Slug:
https-links-in-content
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23677
The vulnerability has not been patched. You should deactivate the plugin.

Gallery: Hybrid – Advanced Visual Gallery

Plugin:
Gallery: Hybrid – Advanced Visual Gallery
Plugin Slug:
hybrid-gallery
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23951
The vulnerability has not been patched. You should deactivate the plugin.

CtyGrid Hyp3rL0cal Search

Plugin:
CtyGrid Hyp3rL0cal Search
Plugin Slug:
hyp3rl0cal-city-search
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23695
The vulnerability has not been patched. You should deactivate the plugin.

Image Gallery Box by CRUDLab

Plugin:
Image Gallery Box by CRUDLab
Plugin Slug:
image-gallery-box-by-crudlab
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23938
The vulnerability has not been patched. You should deactivate the plugin.

Image Switcher

Plugin:
Image Switcher
Plugin Slug:
image-switcher
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23939
The vulnerability has not been patched. You should deactivate the plugin.

Image Switcher

Plugin:
Image Switcher
Plugin Slug:
image-switcher
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23940
The vulnerability has not been patched. You should deactivate the plugin.

imaGenius

Plugin:
imaGenius
Plugin Slug:
imagenius
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23772
The vulnerability has not been patched. You should deactivate the plugin.

Import Users to MailChimp

Plugin:
Import Users to MailChimp
Plugin Slug:
import-users-to-mailchimp
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23675
The vulnerability has not been patched. You should deactivate the plugin.

Improved Sale Badges – Free Version

Plugin:
Improved Sale Badges – Free Version
Plugin Slug:
improved-sale-badges-free-version
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23949
The vulnerability has not been patched. You should deactivate the plugin.

Incredible Font Awesome

Plugin:
Incredible Font Awesome
Plugin Slug:
incredible-font-awesome
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23927
The vulnerability has not been patched. You should deactivate the plugin.

InFunding

Plugin:
InFunding
Plugin Slug:
infunding
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23768
The vulnerability has not been patched. You should deactivate the plugin.

Instant Appointment

Plugin:
Instant Appointment
Plugin Slug:
instant-appointment
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23672
The vulnerability has not been patched. You should deactivate the plugin.

Interactive Page Hierarchy

Plugin:
Interactive Page Hierarchy
Plugin Slug:
interactive-page-hierarchy
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23615
The vulnerability has not been patched. You should deactivate the plugin.

JB Horizontal Scroller News Ticker

Plugin:
JB Horizontal Scroller News Ticker
Plugin Slug:
jb-horizontal-scroller-news-ticker
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23830
The vulnerability has not been patched. You should deactivate the plugin.

Jet Skinner for BuddyPress

Plugin:
Jet Skinner for BuddyPress
Plugin Slug:
jet-skinner-for-buddypress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23706
The vulnerability has not been patched. You should deactivate the plugin.

Kapost

Plugin:
Kapost
Plugin Slug:
kapost-byline
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23712
The vulnerability has not been patched. You should deactivate the plugin.

Kopa Nictitate Toolkit

Plugin:
Kopa Nictitate Toolkit
Plugin Slug:
kopa-nictitate-toolkit
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23965
The vulnerability has not been patched. You should deactivate the plugin.

Len Slider

Plugin:
Len Slider
Plugin Slug:
len-slider
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23810
The vulnerability has not been patched. You should deactivate the plugin.

LH Email

Plugin:
LH Email
Plugin Slug:
lh-email
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23676
The vulnerability has not been patched. You should deactivate the plugin.

LH Login Page

Plugin:
LH Login Page
Plugin Slug:
lh-login-page
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23547
The vulnerability has not been patched. You should deactivate the plugin.

Lime Developer Login

Plugin:
Lime Developer Login
Plugin Slug:
lime-developer-login
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23701
The vulnerability has not been patched. You should deactivate the plugin.

LocalGrid

Plugin:
LocalGrid
Plugin Slug:
localgrid
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23678
The vulnerability has not been patched. You should deactivate the plugin.

Loginplus

Plugin:
Loginplus
Plugin Slug:
loginplus
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23514
The vulnerability has not been patched. You should deactivate the plugin.

LSD Google Maps Embedder

Plugin:
LSD Google Maps Embedder
Plugin Slug:
lsd-google-maps-embedder
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23871
The vulnerability has not been patched. You should deactivate the plugin.

MACME

Plugin:
MACME
Plugin Slug:
macme
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23683
The vulnerability has not been patched. You should deactivate the plugin.

Magic Google Maps

Plugin:
Magic Google Maps
Plugin Slug:
magic-google-maps
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23935
The vulnerability has not been patched. You should deactivate the plugin.

Free MailClient FMC

Plugin:
Free MailClient FMC
Plugin Slug:
mailclient
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23703
The vulnerability has not been patched. You should deactivate the plugin.

Mapbox for WP Advanced

Plugin:
Mapbox for WP Advanced
Plugin Slug:
mapbox-for-wp-advanced
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22772
The vulnerability has not been patched. You should deactivate the plugin.

Mark Posts

Plugin:
Mark Posts
Plugin Slug:
mark-posts
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23963
The vulnerability has not been patched. You should deactivate the plugin.

Marmoset Viewer

Plugin:
Marmoset Viewer
Plugin Slug:
marmoset-viewer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23767
The vulnerability has not been patched. You should deactivate the plugin.

Marquee Style RSS News Ticker

Plugin:
Marquee Style RSS News Ticker
Plugin Slug:
marquee-style-rss-news-ticker
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23424
The vulnerability has not been patched. You should deactivate the plugin.

Mass Custom Fields Manager

Plugin:
Mass Custom Fields Manager
Plugin Slug:
mass-custom-fields-manager
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23430
The vulnerability has not been patched. You should deactivate the plugin.

Mass Messaging in BuddyPress

Plugin:
Mass Messaging in BuddyPress
Plugin Slug:
mass-messaging-in-buddypress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23798
The vulnerability has not been patched. You should deactivate the plugin.

MD Custom content after or before of post

Plugin:
MD Custom content after or before of post
Plugin Slug:
md-custom-content
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23463
The vulnerability has not been patched. You should deactivate the plugin.

MDC YouTube Downloader

Plugin:
MDC YouTube Downloader
Plugin Slug:
mdc-youtube-downloader
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23639
The vulnerability has not been patched. You should deactivate the plugin.

MeinTurnierplan.de Widget Viewer

Plugin:
MeinTurnierplan.de Widget Viewer
Plugin Slug:
meinturnierplande-widget-viewer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23941
The vulnerability has not been patched. You should deactivate the plugin.

MemeOne

Plugin:
MemeOne
Plugin Slug:
memeone
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23559
The vulnerability has not been patched. You should deactivate the plugin.

Menus Plus+

Plugin:
Menus Plus+
Plugin Slug:
menus-plus
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23910
The vulnerability has not been patched. You should deactivate the plugin.

MercadoLibre Integration

Plugin:
MercadoLibre Integration
Plugin Slug:
mercadolibre-integration
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23659
The vulnerability has not been patched. You should deactivate the plugin.

MFPlugin

Plugin:
MFPlugin
Plugin Slug:
mfplugin
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23660
The vulnerability has not been patched. You should deactivate the plugin.

MHR-Custom-Anti-Copy

Plugin:
MHR-Custom-Anti-Copy
Plugin Slug:
mhr-custom-anti-copy
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23817
The vulnerability has not been patched. You should deactivate the plugin.

Mindmeister Shortcode

Plugin:
Mindmeister Shortcode
Plugin Slug:
mindmeister-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23896
The vulnerability has not been patched. You should deactivate the plugin.

More Link Modifier

Plugin:
More Link Modifier
Plugin Slug:
more-link-modifier
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23818
The vulnerability has not been patched. You should deactivate the plugin.

WP VTiger Synchronization

Plugin:
WP VTiger Synchronization
Plugin Slug:
msstiger
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23455
The vulnerability has not been patched. You should deactivate the plugin.

Metaphor Widgets

Plugin:
Metaphor Widgets
Plugin Slug:
mtphr-widgets
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23816
The vulnerability has not been patched. You should deactivate the plugin.

Muzaara Google Ads Report

Plugin:
Muzaara Google Ads Report
Plugin Slug:
muzaara-adwords-optimize-dashboard
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-23914
The vulnerability has not been patched. You should deactivate the plugin.

my-related-posts

Plugin:
my-related-posts
Plugin Slug:
my-related-posts
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23476
The vulnerability has not been patched. You should deactivate the plugin.

MyAnime Widget

Plugin:
MyAnime Widget
Plugin Slug:
myanime-widget
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23532
The vulnerability has not been patched. You should deactivate the plugin.

mybb Last Topics

Plugin:
mybb Last Topics
Plugin Slug:
mybb-last-topics
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23749
The vulnerability has not been patched. You should deactivate the plugin.

MyBookProgress by Stormhill Media

Plugin:
MyBookProgress by Stormhill Media
Plugin Slug:
mybookprogress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-12598
The vulnerability has not been patched. You should deactivate the plugin.

Nativery

Plugin:
Nativery
Plugin Slug:
nativery
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22781
The vulnerability has not been patched. You should deactivate the plugin.

Nite Shortcodes

Plugin:
Nite Shortcodes
Plugin Slug:
nite-shortcodes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23877
The vulnerability has not been patched. You should deactivate the plugin.

NV Slider

Plugin:
NV Slider
Plugin Slug:
nv-slider
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23661
The vulnerability has not been patched. You should deactivate the plugin.

OrangeBox

Plugin:
OrangeBox
Plugin Slug:
orangebox
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23800
The vulnerability has not been patched. You should deactivate the plugin.

Password Protect Plugin for WordPress

Plugin:
Password Protect Plugin for WordPress
Plugin Slug:
password-protect-plugin-for-wordpress
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23435
The vulnerability has not been patched. You should deactivate the plugin.

Pastebin

Plugin:
Pastebin
Plugin Slug:
pastebin-embed
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23908
The vulnerability has not been patched. You should deactivate the plugin.

PayForm

Plugin:
PayForm
Plugin Slug:
payform
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23872
The vulnerability has not been patched. You should deactivate the plugin.

PayPal Marketing Solutions

Plugin:
PayPal Marketing Solutions
Plugin Slug:
paypal-promotions-and-insights
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23930
The vulnerability has not been patched. You should deactivate the plugin.

PDF.js Shortcode

Plugin:
PDF.js Shortcode
Plugin Slug:
pdfjs-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23943
The vulnerability has not been patched. You should deactivate the plugin.

Powie’s pLinks PagePeeker

Plugin:
Powie’s pLinks PagePeeker
Plugin Slug:
plinks
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23641
The vulnerability has not been patched. You should deactivate the plugin.

Pod?lánková inzerce

Plugin:
Pod?lánková inzerce
Plugin Slug:
podclankova-inzerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23697
The vulnerability has not been patched. You should deactivate the plugin.

Pootle button

Plugin:
Pootle button
Plugin Slug:
pootle-button
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23758
The vulnerability has not been patched. You should deactivate the plugin.

Popliup

Plugin:
Popliup
Plugin Slug:
popliup
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23945
The vulnerability has not been patched. You should deactivate the plugin.

Post & Page Notes

Plugin:
Post & Page Notes
Plugin Slug:
post-page-notes
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23715
The vulnerability has not been patched. You should deactivate the plugin.

PPO Call To Actions

Plugin:
PPO Call To Actions
Plugin Slug:
ppo-call-to-actions
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-24001
The vulnerability has not been patched. You should deactivate the plugin.

Preloader Quotes

Plugin:
Preloader Quotes
Plugin Slug:
preloader-quotes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23682
The vulnerability has not been patched. You should deactivate the plugin.

Progress Tracker

Plugin:
Progress Tracker
Plugin Slug:
progress-tracker
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23892
The vulnerability has not been patched. You should deactivate the plugin.

QR Code Generator

Plugin:
QR Code Generator
Plugin Slug:
qrcode-wprhe
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23831
The vulnerability has not been patched. You should deactivate the plugin.

Quick Count

Plugin:
Quick Count
Plugin Slug:
quick-count
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-23932
The vulnerability has not been patched. You should deactivate the plugin.

quote-posttype-plugin

Plugin:
quote-posttype-plugin
Plugin Slug:
quote-post-type-plugin
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-13386
The vulnerability has not been patched. You should deactivate the plugin.

QuoteMedia Tools

Plugin:
QuoteMedia Tools
Plugin Slug:
quotemedia-tools
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23644
The vulnerability has not been patched. You should deactivate the plugin.

ReadMe Creator

Plugin:
ReadMe Creator
Plugin Slug:
readme-creator
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23643
The vulnerability has not been patched. You should deactivate the plugin.

Realty Workstation

Plugin:
Realty Workstation
Plugin Slug:
realty-workstation
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23477
The vulnerability has not been patched. You should deactivate the plugin.

REDIRECTION PLUS

Plugin:
REDIRECTION PLUS
Plugin Slug:
redirection-plus
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23681
The vulnerability has not been patched. You should deactivate the plugin.

User Sync ActiveCampaign

Plugin:
User Sync ActiveCampaign
Plugin Slug:
registered-user-sync-activecampaign
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23778
The vulnerability has not been patched. You should deactivate the plugin.

Rezdy Reloaded

Plugin:
Rezdy Reloaded
Plugin Slug:
reloaded-rezdy
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23604
The vulnerability has not been patched. You should deactivate the plugin.

Rename Author Slug

Plugin:
Rename Author Slug
Plugin Slug:
rename-author-slug
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23640
The vulnerability has not been patched. You should deactivate the plugin.

Links/Problem Reporter

Plugin:
Links/Problem Reporter
Plugin Slug:
report-broken-links
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23833
The vulnerability has not been patched. You should deactivate the plugin.

ResAds

Plugin:
ResAds
Plugin Slug:
resads
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23779
The vulnerability has not been patched. You should deactivate the plugin.

Responsivity

Plugin:
Responsivity
Plugin Slug:
responsivity
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23548
The vulnerability has not been patched. You should deactivate the plugin.

Rio Photo Gallery

Plugin:
Rio Photo Gallery
Plugin Slug:
rio-photo-gallery
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23597
The vulnerability has not been patched. You should deactivate the plugin.

Rollover Tab

Plugin:
Rollover Tab
Plugin Slug:
rollover-tab
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23863
The vulnerability has not been patched. You should deactivate the plugin.

root Cookie

Plugin:
root Cookie
Plugin Slug:
root-cookie
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23815
The vulnerability has not been patched. You should deactivate the plugin.

RSS Icon Widget

Plugin:
RSS Icon Widget
Plugin Slug:
rss-icon-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-12203
The vulnerability has not been patched. You should deactivate the plugin.

RSS News Scroller

Plugin:
RSS News Scroller
Plugin Slug:
rss-news-scroller
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23467
The vulnerability has not been patched. You should deactivate the plugin.

RSV GMaps

Plugin:
RSV GMaps
Plugin Slug:
rsv-google-maps
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23665
The vulnerability has not been patched. You should deactivate the plugin.

Salvador – AI Image Generator

Plugin:
Salvador – AI Image Generator
Plugin Slug:
salvador-ai-image-generator
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23954
The vulnerability has not been patched. You should deactivate the plugin.

Scroll Top Advanced

Plugin:
Scroll Top Advanced
Plugin Slug:
scroll-top-advanced
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23444
The vulnerability has not been patched. You should deactivate the plugin.

Secure CAPTCHA

Plugin:
Secure CAPTCHA
Plugin Slug:
secure-captcha
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23693
The vulnerability has not been patched. You should deactivate the plugin.

Real Seguro Viagem

Plugin:
Real Seguro Viagem
Plugin Slug:
seguro-viagem
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23664
The vulnerability has not been patched. You should deactivate the plugin.

Send to a Friend Addon

Plugin:
Send to a Friend Addon
Plugin Slug:
send-booking-invites-to-friends
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23600
The vulnerability has not been patched. You should deactivate the plugin.

Send to Twitter

Plugin:
Send to Twitter
Plugin Slug:
send-to-twitter
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23691
The vulnerability has not been patched. You should deactivate the plugin.

SOCIAL.NINJA

Plugin:
SOCIAL.NINJA
Plugin Slug:
seo-meta
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23907
The vulnerability has not been patched. You should deactivate the plugin.

SexBundle

Plugin:
SexBundle
Plugin Slug:
sexbundle
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23551
The vulnerability has not been patched. You should deactivate the plugin.

Shabbos and Yom Tov

Plugin:
Shabbos and Yom Tov
Plugin Slug:
shabbos-and-yom-tov
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23694
The vulnerability has not been patched. You should deactivate the plugin.

Shockingly Big IE6 Warning

Plugin:
Shockingly Big IE6 Warning
Plugin Slug:
shockingly-big-ie6-warning
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23442
The vulnerability has not been patched. You should deactivate the plugin.

Shortcode in Comment

Plugin:
Shortcode in Comment
Plugin Slug:
shortcode-in-comment
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23569
The vulnerability has not been patched. You should deactivate the plugin.

Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com

Plugin:
Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com
Plugin Slug:
shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23854
The vulnerability has not been patched. You should deactivate the plugin.

Sidebar-Content from Shortcode

Plugin:
Sidebar-Content from Shortcode
Plugin Slug:
sidebar-content-from-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23642
The vulnerability has not been patched. You should deactivate the plugin.

Simple Custom post type custom field

Plugin:
Simple Custom post type custom field
Plugin Slug:
simple-content-construction-kit
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23500
The vulnerability has not been patched. You should deactivate the plugin.

Simple Project Manager

Plugin:
Simple Project Manager
Plugin Slug:
simple-project-managment
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23497
The vulnerability has not been patched. You should deactivate the plugin.

Simple shortcode buttons

Plugin:
Simple shortcode buttons
Plugin Slug:
simple-shortcode-buttons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23449
The vulnerability has not been patched. You should deactivate the plugin.

Simple Vertical Timeline

Plugin:
Simple Vertical Timeline
Plugin Slug:
simple-vertical-timeline
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23856
The vulnerability has not been patched. You should deactivate the plugin.

Slides & Presentations

Plugin:
Slides & Presentations
Plugin Slug:
slide
Vulnerability:
Content Injection
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23919
The vulnerability has not been patched. You should deactivate the plugin.

Slider for Writers

Plugin:
Slider for Writers
Plugin Slug:
slider-for-writers
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23692
The vulnerability has not been patched. You should deactivate the plugin.

Smallerik File Browser

Plugin:
Smallerik File Browser
Plugin Slug:
smallerik-file-browser
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-23918
The vulnerability has not been patched. You should deactivate the plugin.

Smooth Dynamic Slider

Plugin:
Smooth Dynamic Slider
Plugin Slug:
smooth-dynamic-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23447
The vulnerability has not been patched. You should deactivate the plugin.

Cache Sniper for Nginx

Plugin:
Cache Sniper for Nginx
Plugin Slug:
snipe-nginx-cache
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23776
The vulnerability has not been patched. You should deactivate the plugin.

Snippy

Plugin:
Snippy
Plugin Slug:
snippy
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23803
The vulnerability has not been patched. You should deactivate the plugin.

Social Analytics

Plugin:
Social Analytics
Plugin Slug:
social-analytics
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23743
The vulnerability has not been patched. You should deactivate the plugin.

Social Pug: Author Box

Plugin:
Social Pug: Author Box
Plugin Slug:
social-pug-author-box
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22706
The vulnerability has not been patched. You should deactivate the plugin.

Social2Blog

Plugin:
Social2Blog
Plugin Slug:
social2blog
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23461
The vulnerability has not been patched. You should deactivate the plugin.

Solidres – Hotel booking plugin

Plugin:
Solidres – Hotel booking plugin
Plugin Slug:
solidres
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23911
The vulnerability has not been patched. You should deactivate the plugin.

Spiderpowa Embed PDF

Plugin:
Spiderpowa Embed PDF
Plugin Slug:
spiderpowa-embed-pdf
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23807
The vulnerability has not been patched. You should deactivate the plugin.

SEOReseller Partner

Plugin:
SEOReseller Partner
Plugin Slug:
sr-partner
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23805
The vulnerability has not been patched. You should deactivate the plugin.

Staging CDN

Plugin:
Staging CDN
Plugin Slug:
staging-cdn
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23696
The vulnerability has not been patched. You should deactivate the plugin.

Stars SMTP Mailer

Plugin:
Stars SMTP Mailer
Plugin Slug:
stars-smtp-mailer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23453
The vulnerability has not been patched. You should deactivate the plugin.

Strx Magic Floating Sidebar Maker

Plugin:
Strx Magic Floating Sidebar Maker
Plugin Slug:
strx-magic-floating-sidebar-maker
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23827
The vulnerability has not been patched. You should deactivate the plugin.

Style Admin

Plugin:
Style Admin
Plugin Slug:
style-admin
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23801
The vulnerability has not been patched. You should deactivate the plugin.

Sur.ly

Plugin:
Sur.ly
Plugin Slug:
surly
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23957
The vulnerability has not been patched. You should deactivate the plugin.

Tab My Content

Plugin:
Tab My Content
Plugin Slug:
tab-my-content
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23601
The vulnerability has not been patched. You should deactivate the plugin.

Tagesteller

Plugin:
Tagesteller
Plugin Slug:
tagesteller
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23609
The vulnerability has not been patched. You should deactivate the plugin.

Team 118GROUP Agent

Plugin:
Team 118GROUP Agent
Plugin Slug:
team-118group-agent
Vulnerability:
Arbitrary Content Deletion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23512
The vulnerability has not been patched. You should deactivate the plugin.

Theme My Ontraport Smartform

Plugin:
Theme My Ontraport Smartform
Plugin Slug:
theme-my-ontraport-smartform
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23717
The vulnerability has not been patched. You should deactivate the plugin.

Top Flash Embed

Plugin:
Top Flash Embed
Plugin Slug:
top-flash-embed
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23841
The vulnerability has not been patched. You should deactivate the plugin.

Track Page Scroll

Plugin:
Track Page Scroll
Plugin Slug:
track-page-scroll
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23536
The vulnerability has not been patched. You should deactivate the plugin.

Translation.Pro

Plugin:
Translation.Pro
Plugin Slug:
translation-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23498
The vulnerability has not been patched. You should deactivate the plugin.

ts-tree

Plugin:
ts-tree
Plugin Slug:
ts-tree
Vulnerability:
Arbitrary Content Deletion
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23515
The vulnerability has not been patched. You should deactivate the plugin.

Twitter Bootstrap Collapse aka Accordian Shortcode

Plugin:
Twitter Bootstrap Collapse aka Accordian Shortcode
Plugin Slug:
twitter-bootstrap-collapse-aka-accordian-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22743
The vulnerability has not been patched. You should deactivate the plugin.

Twitter Shortcode

Plugin:
Twitter Shortcode
Plugin Slug:
twitter-shortcode
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23618
The vulnerability has not been patched. You should deactivate the plugin.

Twitter Post

Plugin:
Twitter Post
Plugin Slug:
twitterpost
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23654
The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Events

Plugin:
Ultimate Events
Plugin Slug:
ultimate-events
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23610
The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Subscribe

Plugin:
Ultimate Subscribe
Plugin Slug:
ultimate-subscribe
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23806
The vulnerability has not been patched. You should deactivate the plugin.

Unique UX

Plugin:
Unique UX
Plugin Slug:
unique-ux
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23625
The vulnerability has not been patched. You should deactivate the plugin.

Universal Analytics Injector

Plugin:
Universal Analytics Injector
Plugin Slug:
universal-analytics-injector
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23483
The vulnerability has not been patched. You should deactivate the plugin.

UpDownUpDown

Plugin:
UpDownUpDown
Plugin Slug:
updownupdown-postcomment-voting
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23572
The vulnerability has not been patched. You should deactivate the plugin.

user files

Plugin:
user files
Plugin Slug:
user-files
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-23953
The vulnerability has not been patched. You should deactivate the plugin.

Utilities for MTG

Plugin:
Utilities for MTG
Plugin Slug:
utilities-for-mtg
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-13433
The vulnerability has not been patched. You should deactivate the plugin.

Nature FlipBook

Plugin:
Nature FlipBook
Plugin Slug:
vertical-diamond-flipbook-flash
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23454
The vulnerability has not been patched. You should deactivate the plugin.

ViewMedica 9

Plugin:
ViewMedica 9
Plugin Slug:
viewmedica
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-13394
The vulnerability has not been patched. You should deactivate the plugin.

Visit Site Link enhanced

Plugin:
Visit Site Link enhanced
Plugin Slug:
visit-site-link-enhanced
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23470
The vulnerability has not been patched. You should deactivate the plugin.

W3SPEEDSTER

Plugin:
W3SPEEDSTER
Plugin Slug:
w3speedster-wp
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23765
The vulnerability has not been patched. You should deactivate the plugin.

WCS QR Code Generator

Plugin:
WCS QR Code Generator
Plugin Slug:
wcs-qr-code-generator
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23864
The vulnerability has not been patched. You should deactivate the plugin.

Weaver Themes Shortcode Compatibility

Plugin:
Weaver Themes Shortcode Compatibility
Plugin Slug:
weaver-themes-shortcode-compatibility
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22267
The vulnerability has not been patched. You should deactivate the plugin.

Web Push

Plugin:
Web Push
Plugin Slug:
web-push
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23720
The vulnerability has not been patched. You should deactivate the plugin.

Web Testimonials

Plugin:
Web Testimonials
Plugin Slug:
web-testimonials
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23560
The vulnerability has not been patched. You should deactivate the plugin.

WH Cache & Security

Plugin:
WH Cache & Security
Plugin Slug:
wh-cache-and-security
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23611
The vulnerability has not been patched. You should deactivate the plugin.

Wibstats

Plugin:
Wibstats
Plugin Slug:
wibstats-statistics-for-wordpress-mu
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23565
The vulnerability has not been patched. You should deactivate the plugin.

Winning Portfolio

Plugin:
Winning Portfolio
Plugin Slug:
winning-portfolio
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23865
The vulnerability has not been patched. You should deactivate the plugin.

WM Options Import Export

Plugin:
WM Options Import Export
Plugin Slug:
wm-options-import-export
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23781
The vulnerability has not been patched. You should deactivate the plugin.

Woo Tuner

Plugin:
Woo Tuner
Plugin Slug:
woo-tuner
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23761
The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce Order Search

Plugin:
WooCommerce Order Search
Plugin Slug:
woocommerce-order-searching
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23495
The vulnerability has not been patched. You should deactivate the plugin.

WOOEXIM

Plugin:
WOOEXIM
Plugin Slug:
wooexim
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23944
The vulnerability has not been patched. You should deactivate the plugin.

Word Freshener

Plugin:
Word Freshener
Plugin Slug:
word-freshener
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23577
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Custom Sidebar

Plugin:
WordPress Custom Sidebar
Plugin Slug:
wordpress-custom-sidebar
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23912
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Data Guard

Plugin:
WordPress Data Guard
Plugin Slug:
wordpress-data-guards
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23828
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Gallery Plugin

Plugin:
WordPress Gallery Plugin
Plugin Slug:
wordpress-gallery-plugin
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23842
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Logging Service

Plugin:
WordPress Logging Service
Plugin Slug:
wordpress-logging-service
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23510
The vulnerability has not been patched. You should deactivate the plugin.

WP All Import Pro

Plugin:
WP All Import Pro
Plugin Slug:
wp-all-import-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8722
The vulnerability has not been patched. You should deactivate the plugin.

wp_amaps

Plugin:
wp_amaps
Plugin Slug:
wp-amaps
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23794
The vulnerability has not been patched. You should deactivate the plugin.

WP-Announcements

Plugin:
WP-Announcements
Plugin Slug:
wp-announcements
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23489
The vulnerability has not been patched. You should deactivate the plugin.

WP Background Tile

Plugin:
WP Background Tile
Plugin Slug:
wp-background-tile
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23573
The vulnerability has not been patched. You should deactivate the plugin.

WP-BlackCheck

Plugin:
WP-BlackCheck
Plugin Slug:
wp-blackcheck
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23511
The vulnerability has not been patched. You should deactivate the plugin.

WP Block Pack

Plugin:
WP Block Pack
Plugin Slug:
wp-block-pack
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23874
The vulnerability has not been patched. You should deactivate the plugin.

WP Bulletin Board

Plugin:
WP Bulletin Board
Plugin Slug:
wp-bulletin-board
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22776
The vulnerability has not been patched. You should deactivate the plugin.

WP Cookies Alert

Plugin:
WP Cookies Alert
Plugin Slug:
wp-cookies-alert
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23821
The vulnerability has not been patched. You should deactivate the plugin.

WP Custom Google Search

Plugin:
WP Custom Google Search
Plugin Slug:
wp-custom-google-search
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23698
The vulnerability has not been patched. You should deactivate the plugin.

WP Download Codes

Plugin:
WP Download Codes
Plugin Slug:
wp-download-codes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23882
The vulnerability has not been patched. You should deactivate the plugin.

WP FixTag

Plugin:
WP FixTag
Plugin Slug:
wp-fixtag
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23564
The vulnerability has not been patched. You should deactivate the plugin.

WP IMAP Auth

Plugin:
WP IMAP Auth
Plugin Slug:
wp-imap-authentication
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23506
The vulnerability has not been patched. You should deactivate the plugin.

WP Intro.JS

Plugin:
WP Intro.JS
Plugin Slug:
wp-intro-js-tours
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23576
The vulnerability has not been patched. You should deactivate the plugin.

WP krpano

Plugin:
WP krpano
Plugin Slug:
wp-krpano
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23876
The vulnerability has not been patched. You should deactivate the plugin.

Lijit Search

Plugin:
Lijit Search
Plugin Slug:
wp-lijit-wijit
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22778
The vulnerability has not been patched. You should deactivate the plugin.

WP Load Gallery

Plugin:
WP Load Gallery
Plugin Slug:
wp-load-gallery
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-23942
The vulnerability has not been patched. You should deactivate the plugin.

WP Meetup

Plugin:
WP Meetup
Plugin Slug:
wp-meetup
Vulnerability:
Settings Change
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23916
The vulnerability has not been patched. You should deactivate the plugin.

WP News Sliders

Plugin:
WP News Sliders
Plugin Slug:
wp-news-sliders
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22779
The vulnerability has not been patched. You should deactivate the plugin.

WP Options Editor

Plugin:
WP Options Editor
Plugin Slug:
wp-options-editor
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2025-23797
The vulnerability has not been patched. You should deactivate the plugin.

wp-pano

Plugin:
wp-pano
Plugin Slug:
wp-pano
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22780
The vulnerability has not been patched. You should deactivate the plugin.

WP Panoramio

Plugin:
WP Panoramio
Plugin Slug:
wp-panoramio
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23662
The vulnerability has not been patched. You should deactivate the plugin.

WP Photo Sphere

Plugin:
WP Photo Sphere
Plugin Slug:
wp-photo-sphere
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23924
The vulnerability has not been patched. You should deactivate the plugin.

WP-Player

Plugin:
WP-Player
Plugin Slug:
wp-player
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23947
The vulnerability has not been patched. You should deactivate the plugin.

WP PT-Viewer

Plugin:
WP PT-Viewer
Plugin Slug:
wp-ptviewer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23438
The vulnerability has not been patched. You should deactivate the plugin.

WP-Revive Adserver

Plugin:
WP-Revive Adserver
Plugin Slug:
wp-revive-adserver
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23802
The vulnerability has not been patched. You should deactivate the plugin.

Wp-Scribd-List

Plugin:
Wp-Scribd-List
Plugin Slug:
wp-scribd-list
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23436
The vulnerability has not been patched. You should deactivate the plugin.

SendGrid for WordPress

Plugin:
SendGrid for WordPress
Plugin Slug:
wp-sendgrid-mailer
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23423
The vulnerability has not been patched. You should deactivate the plugin.

WP Service Payment Form With Authorize.net

Plugin:
WP Service Payment Form With Authorize.net
Plugin Slug:
wp-service-payment-form-with-authorizenet
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23804
The vulnerability has not been patched. You should deactivate the plugin.

WP2APP

Plugin:
WP2APP
Plugin Slug:
wp2appir
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23811
The vulnerability has not been patched. You should deactivate the plugin.

WPDB to Sql

Plugin:
WPDB to Sql
Plugin Slug:
wpdb-to-sql
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23774
The vulnerability has not been patched. You should deactivate the plugin.

WpF Ultimate Carousel

Plugin:
WpF Ultimate Carousel
Plugin Slug:
wpf-ultimate-carousel
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23933
The vulnerability has not been patched. You should deactivate the plugin.

WordPress File Search

Plugin:
WordPress File Search
Plugin Slug:
wpfilesearch
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23867
The vulnerability has not been patched. You should deactivate the plugin.

WP Journal

Plugin:
WP Journal
Plugin Slug:
wpjournal
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23613
The vulnerability has not been patched. You should deactivate the plugin.

WP Lyrics

Plugin:
WP Lyrics
Plugin Slug:
wplyrics
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23533
The vulnerability has not been patched. You should deactivate the plugin.

XLSXviewer

Plugin:
XLSXviewer
Plugin Slug:
xlsx-viewer
Vulnerability:
Arbitrary File Deletion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23562
The vulnerability has not been patched. You should deactivate the plugin.

Xola

Plugin:
Xola
Plugin Slug:
xola-bookings-for-tours-activities
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23955
The vulnerability has not been patched. You should deactivate the plugin.

Yet Another Countdown

Plugin:
Yet Another Countdown
Plugin Slug:
yacp
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-23891
The vulnerability has not been patched. You should deactivate the plugin.

yCyclista

Plugin:
yCyclista
Plugin Slug:
ycyclista
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23700
The vulnerability has not been patched. You should deactivate the plugin.

Zarinpal Paid Download

Plugin:
Zarinpal Paid Download
Plugin Slug:
zarinpal-paid-downloads
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22766
The vulnerability has not been patched. You should deactivate the plugin.

UpdraftPlus: WP Backup & Migration Plugin

Plugin:
UpdraftPlus: WP Backup & Migration Plugin
Plugin Slug:
updraftplus
Installations
3,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.25.1
Severity Score:
High
CVE:
2025-0215
The vulnerability has been patched, so you should update to version 1.25.1.

W3 Total Cache

Plugin:
W3 Total Cache
Plugin Slug:
w3-total-cache
Installations
1,000,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.8.2
Severity Score:
Medium
CVE:
2024-12008
The vulnerability has been patched, so you should update to version 2.8.2.

W3 Total Cache

Plugin:
W3 Total Cache
Plugin Slug:
w3-total-cache
Installations
1,000,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.8.2
Severity Score:
Medium
CVE:
2024-12006
The vulnerability has been patched, so you should update to version 2.8.2.

W3 Total Cache

Plugin:
W3 Total Cache
Plugin Slug:
w3-total-cache
Installations
1,000,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.8.2
Severity Score:
Medium
CVE:
2024-12365
The vulnerability has been patched, so you should update to version 2.8.2.

Page Builder by SiteOrigin

Plugin:
Page Builder by SiteOrigin
Plugin Slug:
siteorigin-panels
Installations
600,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.31.1
Severity Score:
Medium
CVE:
2024-12240
The vulnerability has been patched, so you should update to version 2.31.1.

Royal Elementor Addons and Templates

Plugin:
Royal Elementor Addons and Templates
Plugin Slug:
royal-elementor-addons
Installations
500,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.7.1007
Severity Score:
High
CVE:
2025-0393
The vulnerability has been patched, so you should update to version 1.7.1007.

Elementor Addon Elements

Plugin:
Elementor Addon Elements
Plugin Slug:
addon-elements-for-elementor-page-builder
Installations
100,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.14
Severity Score:
Medium
CVE:
2024-13215
The vulnerability has been patched, so you should update to version 1.14.

List category posts

Plugin:
List category posts
Plugin Slug:
list-category-posts
Installations
90,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
0.90.3
Severity Score:
Medium
CVE:
2024-9020
The vulnerability has been patched, so you should update to version 0.90.3.

Kubio AI Page Builder

Plugin:
Kubio AI Page Builder
Plugin Slug:
kubio
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.4.0
Severity Score:
High
CVE:
2024-13516
The vulnerability has been patched, so you should update to version 2.4.0.

WP ULike – All-in-One Engagement Toolkit

Plugin:
WP ULike – All-in-One Engagement Toolkit
Plugin Slug:
wp-ulike
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.7.7
Severity Score:
Medium
CVE:
2025-22738
The vulnerability has been patched, so you should update to version 4.7.7.

WP Booking Calendar

Plugin:
WP Booking Calendar
Plugin Slug:
booking
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
10.9.3
Severity Score:
Medium
CVE:
2024-13323
The vulnerability has been patched, so you should update to version 10.9.3.

Piotnet Addons For Elementor

Plugin:
Piotnet Addons For Elementor
Plugin Slug:
piotnet-addons-for-elementor
Installations
40,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.4.33
Severity Score:
Medium
CVE:
2024-10775
The vulnerability has been patched, so you should update to version 2.4.33.

Post Grid and Gutenberg Blocks – ComboBlocks

Plugin:
Post Grid and Gutenberg Blocks – ComboBlocks
Plugin Slug:
post-grid
Installations
40,000+
Vulnerability:
Privilege Escalation
Patched in Version:
2.3.4
Severity Score:
Critical
CVE:
2024-9636
The vulnerability has been patched, so you should update to version 2.3.4.

HTML5 Video Player – mp4 Video Player Plugin and Block

Plugin:
HTML5 Video Player – mp4 Video Player Plugin and Block
Plugin Slug:
html5-video-player
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.5.36
Severity Score:
Medium
CVE:
2024-13156
The vulnerability has been patched, so you should update to version 2.5.36.

VOD Infomaniak

Plugin:
VOD Infomaniak
Plugin Slug:
vod-infomaniak
Installations
30,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.5.10
Severity Score:
Medium
CVE:
2025-22729
The vulnerability has been patched, so you should update to version 1.5.10.

Link Library

Plugin:
Link Library
Plugin Slug:
link-library
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.7.3
Severity Score:
High
CVE:
2024-13404
The vulnerability has been patched, so you should update to version 7.7.3.

Multi Step Form

Plugin:
Multi Step Form
Plugin Slug:
multi-step-form
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.7.24
Severity Score:
Medium
CVE:
2024-12427
The vulnerability has been patched, so you should update to version 1.7.24.

Payment Button for PayPal

Plugin:
Payment Button for PayPal
Plugin Slug:
wp-paypal
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.3.36
Severity Score:
Medium
CVE:
2024-13401
The vulnerability has been patched, so you should update to version 1.2.3.36.

WP User Profile Avatar

Plugin:
WP User Profile Avatar
Plugin Slug:
wp-user-profile-avatar
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.6
Severity Score:
Medium
CVE:
2024-10789
The vulnerability has been patched, so you should update to version 1.0.6.

Motors – Car Dealer, Classifieds & Listing

Plugin:
Motors – Car Dealer, Classifieds & Listing
Plugin Slug:
motors-car-dealership-classified-listings
Installations
9,000+
Vulnerability:
Arbitrary Code Execution
Patched in Version:
1.4.44
Severity Score:
Medium
CVE:
2024-10970
The vulnerability has been patched, so you should update to version 1.4.44.

WP Hotel Booking

Plugin:
WP Hotel Booking
Plugin Slug:
wp-hotel-booking
Installations
8,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.1.6
Severity Score:
Medium
CVE:
2024-12370
The vulnerability has been patched, so you should update to version 2.1.6.

Proofreading

Plugin:
Proofreading
Plugin Slug:
proofreading
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.2
Severity Score:
High
CVE:
2024-12466
The vulnerability has been patched, so you should update to version 1.2.2.

ElementInvader Addons for Elementor

Plugin:
ElementInvader Addons for Elementor
Plugin Slug:
elementinvader-addons-for-elementor
Installations
5,000+
Vulnerability:
Local File Inclusion
Patched in Version:
1.2.7
Severity Score:
High
CVE:
2025-22786
The vulnerability has been patched, so you should update to version 1.2.7.

Podlove Podcast Publisher

Plugin:
Podlove Podcast Publisher
Plugin Slug:
podlove-podcasting-plugin-for-wordpress
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.2.0
Severity Score:
Medium
CVE:
2025-0554
The vulnerability has been patched, so you should update to version 4.2.0.

ApplyOnline – Application Form Builder and Manager

Plugin:
ApplyOnline – Application Form Builder and Manager
Plugin Slug:
apply-online
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.6.7.2
Severity Score:
Medium
CVE:
2025-22721
The vulnerability has been patched, so you should update to version 2.6.7.2.

Eventer

Plugin:
Eventer
Plugin Slug:
eventer
Installations
2,000+
Vulnerability:
Arbitrary File Download
Patched in Version:
3.9.8
Severity Score:
Medium
CVE:
2024-10799
The vulnerability has been patched, so you should update to version 3.9.8.

Checkout for PayPal

Plugin:
Checkout for PayPal
Plugin Slug:
checkout-for-paypal
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.33
Severity Score:
Medium
CVE:
2024-13398
The vulnerability has been patched, so you should update to version 1.0.33.

MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution

Plugin:
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution
Plugin Slug:
marketking-multivendor-marketplace-for-woocommerce
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.0
Severity Score:
Medium
CVE:
2024-13519
The vulnerability has been patched, so you should update to version 2.0.0.

Social proof testimonials and reviews by Repuso

Plugin:
Social proof testimonials and reviews by Repuso
Plugin Slug:
social-testimonials-and-reviews-widget
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.21
Severity Score:
Medium
CVE:
2024-13351
The vulnerability has been patched, so you should update to version 5.21.

WP Inventory Manager

Plugin:
WP Inventory Manager
Plugin Slug:
wp-inventory-manager
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.3
Severity Score:
High
CVE:
2024-13434
The vulnerability has been patched, so you should update to version 2.3.3.

The Ultimate WordPress Toolkit – WP Extended

Plugin:
The Ultimate WordPress Toolkit – WP Extended
Plugin Slug:
wpextended
Installations
1,000+
Vulnerability:
SQL Injection
Patched in Version:
3.0.13
Severity Score:
Critical
CVE:
2024-13184
The vulnerability has been patched, so you should update to version 3.0.13.

My Tickets – Accessible Event Ticketing

Plugin:
My Tickets – Accessible Event Ticketing
Plugin Slug:
my-tickets
Installations
900+
Vulnerability:
Broken Access Control
Patched in Version:
2.0.10
Severity Score:
High
CVE:
2025-22717
The vulnerability has been patched, so you should update to version 2.0.10.

FireCask Like & Share Button

Plugin:
FireCask Like & Share Button
Plugin Slug:
facebook-like-send-button
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3
Severity Score:
Medium
CVE:
2024-11226
The vulnerability has been patched, so you should update to version 1.3.

My auctions allegro

Plugin:
My auctions allegro
Plugin Slug:
my-auctions-allegro-free-edition
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.19
Severity Score:
High
CVE:
2025-22733
The vulnerability has been patched, so you should update to version 3.6.19.

Verge3D Publishing and E-Commerce

Plugin:
Verge3D Publishing and E-Commerce
Plugin Slug:
verge3d
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.8.1
Severity Score:
High
CVE:
2025-22709
The vulnerability has been patched, so you should update to version 4.8.1.

PDF for WPForms + Drag and Drop Template Builder

Plugin:
PDF for WPForms + Drag and Drop Template Builder
Plugin Slug:
pdf-for-wpforms
Installations
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.8.0
Severity Score:
Medium
CVE:
2024-12593
The vulnerability has been patched, so you should update to version 4.8.0.

Simple:Press Forum

Plugin:
Simple:Press Forum
Plugin Slug:
simplepress
Installations
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.10.11
Severity Score:
High
The vulnerability has been patched, so you should update to version 6.10.11.

VikAppointments Services Booking Calendar

Plugin:
VikAppointments Services Booking Calendar
Plugin Slug:
vikappointments
Installations
500+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.17
Severity Score:
High
CVE:
2025-22719
The vulnerability has been patched, so you should update to version 1.2.17.

Admin and Customer Messages After Order for WooCommerce: OrderConvo

Plugin:
Admin and Customer Messages After Order for WooCommerce: OrderConvo
Plugin Slug:
admin-and-client-message-after-order-for-woocommerce
Installations
400+
Vulnerability:
Arbitrary File Upload
Patched in Version:
13.3
Severity Score:
Medium
CVE:
2024-13355
The vulnerability has been patched, so you should update to version 13.3.

Chamber Dashboard Business Directory

Plugin:
Chamber Dashboard Business Directory
Plugin Slug:
chamber-dashboard-business-directory
Installations
400+
Vulnerability:
Broken Access Control
Patched in Version:
3.3.11
Severity Score:
Medium
CVE:
2025-23917
The vulnerability has been patched, so you should update to version 3.3.11.

Chamber Dashboard Business Directory

Plugin:
Chamber Dashboard Business Directory
Plugin Slug:
chamber-dashboard-business-directory
Installations
400+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.3.10
Severity Score:
Medium
CVE:
2024-11452
The vulnerability has been patched, so you should update to version 3.3.10.

Stop Comment Spam

Plugin:
Stop Comment Spam
Plugin Slug:
stop-comment-spam
Installations
400+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
0.5.4
Severity Score:
High
CVE:
2025-23826
The vulnerability has been patched, so you should update to version 0.5.4.

WP Smart TV

Plugin:
WP Smart TV
Plugin Slug:
wp-smart-tv
Installations
400+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.9
Severity Score:
Medium
CVE:
2024-12818
The vulnerability has been patched, so you should update to version 2.1.9.

ShipWorks Connector for Woocommerce

Plugin:
ShipWorks Connector for Woocommerce
Plugin Slug:
shipworks-e-commerce-bridge
Installations
300+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
5.2.6
Severity Score:
Medium
CVE:
2024-13317
The vulnerability has been patched, so you should update to version 5.2.6.

turboSMTP

Plugin:
turboSMTP
Plugin Slug:
turbosmtp
Installations
300+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.7
Severity Score:
High
CVE:
2025-22753
The vulnerability has been patched, so you should update to version 4.7.

aDirectory – WordPress Directory Listing Plugin

Plugin:
aDirectory – WordPress Directory Listing Plugin
Plugin Slug:
adirectory
Installations
200+
Vulnerability:
PHP Object Injection
Patched in Version:
1.9
Severity Score:
High
The vulnerability has been patched, so you should update to version 1.9.

Build Private Store For Woocommerce

Plugin:
Build Private Store For Woocommerce
Plugin Slug:
build-private-store-for-woocommerce
Installations
200+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1
Severity Score:
Medium
CVE:
2025-22731
The vulnerability has been patched, so you should update to version 1.1.

Moving Users

Plugin:
Moving Users
Plugin Slug:
moving-users
Installations
100+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.10
Severity Score:
Medium
CVE:
2024-12637
The vulnerability has been patched, so you should update to version 1.10.

Passwords Manager

Plugin:
Passwords Manager
Plugin Slug:
passwords-manager
Installations
100+
Vulnerability:
Broken Access Control
Patched in Version:
1.5.1
Severity Score:
High
CVE:
2024-12614
The vulnerability has been patched, so you should update to version 1.5.1.

Passwords Manager

Plugin:
Passwords Manager
Plugin Slug:
passwords-manager
Installations
100+
Vulnerability:
SQL Injection
Patched in Version:
1.5.1
Severity Score:
High
CVE:
2024-12615
The vulnerability has been patched, so you should update to version 1.5.1.

Passwords Manager

Plugin:
Passwords Manager
Plugin Slug:
passwords-manager
Installations
100+
Vulnerability:
SQL Injection
Patched in Version:
1.5.1
Severity Score:
Critical
CVE:
2024-12613
The vulnerability has been patched, so you should update to version 1.5.1.

Video Share VOD – Turnkey Video Site Builder Script

Plugin:
Video Share VOD – Turnkey Video Site Builder Script
Plugin Slug:
video-share-vod
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.32
Severity Score:
Medium
CVE:
2024-13393
The vulnerability has been patched, so you should update to version 2.6.32.

WP-BibTeX

Plugin:
WP-BibTeX
Plugin Slug:
wp-bibtex
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.2
Severity Score:
High
CVE:
2024-12005
The vulnerability has been patched, so you should update to version 3.0.2.

Webcamconsult

Plugin:
Webcamconsult
Plugin Slug:
webcamconsult
Installations
60+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.0
Severity Score:
High
CVE:
2024-13432
The vulnerability has been patched, so you should update to version 1.6.0.

wp-greet

Plugin:
wp-greet
Plugin Slug:
wp-greet
Installations
60+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
6.3
Severity Score:
High
CVE:
2024-13444
The vulnerability has been patched, so you should update to version 6.3.

JSM Screenshot Machine Shortcode

Plugin:
JSM Screenshot Machine Shortcode
Plugin Slug:
screenshot-machine-shortcode
Installations
40+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.0
Severity Score:
Medium
CVE:
2024-13385
The vulnerability has been patched, so you should update to version 3.0.0.

WP Responsive Tabs

Plugin:
WP Responsive Tabs
Plugin Slug:
wp-responsive-tabs
Installations
40+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.0
Severity Score:
Medium
CVE:
2024-13387
The vulnerability has been patched, so you should update to version 1.3.0.

Posts Footer Manager

Plugin:
Posts Footer Manager
Plugin Slug:
intelly-posts-footer-manager
Installations
20+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.0
Severity Score:
Medium
CVE:
2025-22734
The vulnerability has been patched, so you should update to version 2.2.0.

Adifier System

Plugin:
Adifier System
Plugin Slug:
adifier-system
Vulnerability:
Privilege Escalation
Patched in Version:
3.1.8
Severity Score:
Critical
CVE:
2024-13375
The vulnerability has been patched, so you should update to version 3.1.8.

Gravity Forms

Plugin:
Gravity Forms
Plugin Slug:
gravityforms
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.9.2
Severity Score:
High
CVE:
2024-13377
The vulnerability has been patched, so you should update to version 2.9.2.

JetElements For Elementor

Plugin:
JetElements For Elementor
Plugin Slug:
jet-elements
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.3
Severity Score:
Medium
CVE:
2025-0371
The vulnerability has been patched, so you should update to version 2.7.3.

JetEngine

Plugin:
JetEngine
Plugin Slug:
jet-engine
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.3
Severity Score:
Medium
CVE:
2025-0369
The vulnerability has been patched, so you should update to version 3.6.3.

Tamara Checkout

Plugin:
Tamara Checkout
Plugin Slug:
tamara-checkout
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.9.9.1
Severity Score:
Medium
CVE:
2025-23997
The vulnerability has been patched, so you should update to version 1.9.9.1.

WordPress Themes — 3 Patched / 22 Unpatched

Multifox

Theme:
Multifox
Theme Slug:
multifox
Downloads
5,014
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22769
The vulnerability has not been patched. You should switch themes.

my money

Theme:
my money
Theme Slug:
my-money
Downloads
20,130
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49269
The vulnerability has not been patched. You should switch themes.

The Ultralight

Theme:
The Ultralight
Theme Slug:
the-ultralight
Downloads
19,244
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23998
The vulnerability has not been patched. You should switch themes.

TIJAJI

Theme:
TIJAJI
Theme Slug:
tijaji
Downloads
13,991
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23983
The vulnerability has not been patched. You should switch themes.

CarZine

Theme:
CarZine
Theme Slug:
carzine
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23981
The vulnerability has not been patched. You should switch themes.

Envo Multipurpose

Theme:
Envo Multipurpose
Theme Slug:
envo-multipurpose
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2025-22770
The vulnerability has not been patched. You should switch themes.

Flashy

Theme:
Flashy
Theme Slug:
flashy
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23979
The vulnerability has not been patched. You should switch themes.

ghostwriter

Theme:
ghostwriter
Theme Slug:
ghostwriter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23988
The vulnerability has not been patched. You should switch themes.

Js O3 Lite

Theme:
Js O3 Lite
Theme Slug:
js-o3-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22792
The vulnerability has not been patched. You should switch themes.

moseter

Theme:
moseter
Theme Slug:
moseter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22790
The vulnerability has not been patched. You should switch themes.

my depressive

Theme:
my depressive
Theme Slug:
my-depressive
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49269
The vulnerability has not been patched. You should switch themes.

my engine

Theme:
my engine
Theme Slug:
my-engine
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49269
The vulnerability has not been patched. You should switch themes.

my white

Theme:
my white
Theme Slug:
my-white
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22678
The vulnerability has not been patched. You should switch themes.

my zebra

Theme:
my zebra
Theme Slug:
my-zebra
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49269
The vulnerability has not been patched. You should switch themes.

offset writing

Theme:
offset writing
Theme Slug:
offset-writing
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22791
The vulnerability has not been patched. You should switch themes.

polka dots

Theme:
polka dots
Theme Slug:
polka-dots
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22789
The vulnerability has not been patched. You should switch themes.

RealHomes

Theme:
RealHomes
Theme Slug:
realhomes
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-32444
The vulnerability has not been patched. You should switch themes.

Sandbox

Theme:
Sandbox
Theme Slug:
sandbox
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-13366
The vulnerability has not been patched. You should switch themes.

Sandbox

Theme:
Sandbox
Theme Slug:
sandbox
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-13367
The vulnerability has not been patched. You should switch themes.

Tantyyellow

Theme:
Tantyyellow
Theme Slug:
tantyyellow
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23995
The vulnerability has not been patched. You should switch themes.

Tiki Time

Theme:
Tiki Time
Theme Slug:
tiki-time
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-23986
The vulnerability has not been patched. You should switch themes.

Tuaug4

Theme:
Tuaug4
Theme Slug:
tuaug4
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2025-22687
The vulnerability has not been patched. You should switch themes.

Betheme

Theme:
Betheme
Theme Slug:
betheme
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
27.6.2
Severity Score:
Medium
CVE:
2025-0450
The vulnerability has been patched, so you should update to version 27.6.2.

Buzz Club

Theme:
Buzz Club
Theme Slug:
buzzclub
Vulnerability:
Broken Access Control
Patched in Version:
2.0.5
Severity Score:
Medium
CVE:
2025-0515
The vulnerability has been patched, so you should update to version 2.0.5.

DWT – Directory & Listing

Theme:
DWT – Directory & Listing
Theme Slug:
dwt-listing
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.3.4
Severity Score:
High
CVE:
2025-0170
The vulnerability has been patched, so you should update to version 3.3.4.

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles