WordPress Vulnerability Report — January 29, 2025

This last week, 234 new plugin and theme vulnerabilities emerged in the WordPress ecosystem. 44 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Jan 29, 2025

Filed Under:WordPress Vulnerability Report

Reading Time:43 min.

In this report, 234 vulnerabilities have been publicly disclosed. Security patches for 190 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 44 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 183 Patched / 42 Unpatched

2.1 Product Size Charts Plugin for WooCommerce
2.2 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
2.3 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
2.4 Scroll Styler
2.5 Broadstreet
2.6 Designer – Elementor Addons
2.7 Internal Link Builder
2.8 Estatebud – Properties & Listings
2.9 Linear
2.10 1003 Mortgage Application
2.11 ABC Notation
2.12 Altra Side Menu
2.13 Altra Side Menu
2.14 AnyRoad
2.15 Ask Me Anything (Anonymously)
2.16 Automate Hub
2.17 Automate Hub
2.18 BMLT Meeting Map
2.19 brodos.net Onlineshop Plugin
2.20 Connections
2.21 Dental Optimizer Patient Generator App
2.22 Dyn Business Panel
2.23 Dyn Business Panel
2.24 Easy Real Estate
2.25 Etsy Importer
2.26 Fare Calculator
2.27 FlashCounter
2.28 Post Title (TypeWriter)
2.29 Full Circle
2.30 Issuu Panel
2.31 Masy Gallery
2.32 NOTICE BOARD BY TOWKIR
2.33 WordPress SEO Friendly Accordion FAQ
2.34 Post Carousel Slider
2.35 Power Ups for Elementor
2.36 PPO Call To Actions
2.37 SEO Blogger to WordPress Migration using 301 Redirection
2.38 Social Share Buttons for WordPress
2.39 WP All Import Pro
2.40 WP Contact Form7 Email Spam Blocker
2.41 WP Triggers Lite
2.42 WP Triggers Lite
2.43 Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
2.44 Starter Templates — Elementor, WordPress & Beaver Builder Templates
2.45 Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
2.46 The Events Calendar
2.47 Page Builder Gutenberg Blocks – CoBlocks
2.48 ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)
2.49 Gutenberg Blocks with AI by Kadence WP – Page Builder Features
2.50 FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider
2.51 WP Go Maps (formerly WP Google Maps)
2.52 Call Now Button – The #1 Click to Call Button for WordPress
2.53 Page Builder: Pagelayer – Drag and Drop website builder
2.54 Post Duplicator
2.55 Admin and Site Enhancements (ASE)
2.56 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider)
2.57 Stackable – Page Builder Gutenberg Blocks
2.58 String locator
2.59 LearnPress – WordPress LMS Plugin
2.60 LearnPress – WordPress LMS Plugin
2.61 List category posts
2.62 Nested Pages
2.63 Import and export users and customers
2.64 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
2.65 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
2.66 Better Find and Replace
2.67 WP-Polls
2.68 Social Share, Social Login and Social Comments Plugin – Super Socializer
2.69 Carousel Maker for Divi
2.70 WP Visitor Statistics (Real Time Traffic)
2.71 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
2.72 Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
2.73 IP2Location Country Blocker
2.74 RomethemeKit For Elementor
2.75 Simple Download Monitor
2.76 Thim Elementor Kit
2.77 PPOM – Product Addons & Custom Fields for WooCommerce
2.78 Contact Form Email
2.79 WP Customer Area
2.80 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
2.81 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
2.82 AI Power: Complete AI Pack
2.83 AI Power: Complete AI Pack
2.84 AI Power: Complete AI Pack
2.85 Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
2.86 AI Chatbot for WordPress – Hyve Lite
2.87 JSM Show Post Metadata
2.88 Link Library
2.89 Modal Window – create popup modal window
2.90 Membership Plugin – Restrict Content
2.91 Internal Links Manager
2.92 WooCommerce Product Table Lite
2.93 Countdown Timer – Widget Countdown
2.94 Export All Posts, Products, Orders, Refunds & Users
2.95 WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress
2.96 Essential Real Estate
2.97 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
2.98 Sticky Buttons – floating buttons builder
2.99 VikBooking Hotel Booking Engine & PMS
2.100 Product Carousel Slider & Grid Ultimate for WooCommerce
2.101 WP Hotel Booking
2.102 Xagio SEO
2.103 Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
2.104 Side Menu Lite – add sticky fixed buttons
2.105 Super block slider – Responsive image & content slider
2.106 Themify Builder
2.107 Button Generator – easily Button Builder
2.108 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution
2.109 ElementInvader Addons for Elementor
2.110 ElementInvader Addons for Elementor
2.111 ElementInvader Addons for Elementor
2.112 Variation Swatches for WooCommerce
2.113 Custom Product Tabs Lite for WooCommerce
2.114 Import WP – Export and Import CSV and XML files to WordPress
2.115 Popup Box: Create Popups Easily
2.116 RSVP and Event Management
2.117 Premium Packages – Sell Digital Products Securely
2.118 XML for Google Merchant Center
2.119 HelloAsso
2.120 Multiple Page Generator Plugin – MPG
2.121 Patreon WordPress
2.122 Paytium: Mollie payment forms & donations
2.123 Ultimate Coming Soon & Maintenance
2.124 Ultimate Coming Soon & Maintenance
2.125 Auction Nudge – Your eBay on Your Site
2.126 Chained Quiz
2.127 Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site
2.128 Email Subscription Popup
2.129 Social Proof Popups & Real-Time Notifications – Herd Effects
2.130 Plethora Plugins Tabs + Accordions
2.131 Plethora Plugins Tabs + Accordions
2.132 Comment Edit Core – Simple Comment Editing
2.133 Product Table by WBW
2.134 WooCommerce Quick View
2.135 Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
2.136 Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
2.137 Visual Website Collaboration, Feedback & Project Management – Atarim
2.138 Bubble Menu – Sticky Navigation with Floating Button Menu Solution
2.139 Event post
2.140 Flexmls® IDX Plugin
2.141 WP Fast Total Search – The Power of Indexed Search
2.142 WP Fast Total Search – The Power of Indexed Search
2.143 KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin
2.144 GDPR CCPA Compliance & Cookie Consent Banner
2.145 GoHero Store Customizer for WooCommerce
2.146 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget
2.147 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
2.148 Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates
2.149 Save as PDF Plugin by Pdfcrowd
2.150 Tainacan
2.151 Tamara Checkout
2.152 Toocheke Companion
2.153 Tourfic – Ultimate Hotel Booking, Travel Booking & Car Rental WordPress Plugin | WooCommerce Booking
2.154 WooCommerce Cloak Affiliate Links
2.155 MDTF – Meta Data and Taxonomies Filter
2.156 12 Step Meeting List
2.157 12 Step Meeting List
2.158 Booking Calendar Contact Form
2.159 Easy YouTube Gallery
2.160 FireCask Like & Share Button
2.161 Wishlist for WooCommerce
2.162 Create with Code
2.163 Job Board Manager
2.164 Ketchup Shortcodes
2.165 Listamester
2.166 WP Google Street View (with 360° virtual tour) & Google maps + Local SEO
2.167 WP Multi Store Locator
2.168 Form Builder CP
2.169 MachForm Shortcode
2.170 Picture Gallery – Frontend Image Uploads, AJAX Photo List
2.171 SERPed.net
2.172 aDirectory – WordPress Directory Listing Plugin
2.173 All Embed – Elementor Addons
2.174 Gutenberg Blocks and Page Layouts – Attire Blocks
2.175 WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
2.176 RSVPMaker
2.177 Build Private Store For Woocommerce
2.178 WP Duplicate – WordPress Migration Plugin
2.179 Magic the Gathering Card Tooltips
2.180 ShMapper by Teplitsa
2.181 Taxonomy/Term and Role based Discounts for WooCommerce
2.182 Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
2.183 Advanced Notifications
2.184 Blur Text
2.185 Target Video Easy Publish
2.186 Bug Library
2.187 Linet ERP-Woocommerce Integration Plugin
2.188 Morkva UA Shipping
2.189 Orbisius Simple Notice
2.190 People Lists
2.191 Precious Metals Charts and Widgets for WordPress
2.192 Roi Calculator
2.193 Show/Hide Shortcode
2.194 Simple Downloads List
2.195 FV Thoughtful Comments
2.196 WC Affiliate – A Complete WooCommerce Affiliate Plugin
2.197 WC Affiliate – A Complete WooCommerce Affiliate Plugin
2.198 WP-BibTeX
2.199 PDF Invoices for WooCommerce + Drag and Drop Template Builder
2.200 Dynamic URL SEO
2.201 Restrict Anonymous Access
2.202 WPBookit
2.203 Simple Gallery with Filter
2.204 Bilingual Linker
2.205 Cliptakes
2.206 FAQ Builder AYS
2.207 Radius Blocks – WordPress Gutenberg Blocks
2.208 wp-greet
2.209 Boom Fest
2.210 Caching Compatible Cookie Opt-In and JavaScript
2.211 Subscription DNA®
2.212 KBucket: Your Curated Content in WordPress
2.213 ReviewsTap
2.214 Admin and Site Enhancements (ASE) Pro
2.215 BMLT Meeting Map
2.216 Bridge Core
2.217 Fusion Builder
2.218 JetElements For Elementor
2.219 Oshine Modules
2.220 LearnDash LMS
2.221 ThemeREX Addons
2.222 VideoWhisper Live Streaming Integration
2.223 WPBot Pro WordPress Chatbot
2.224 WPBot Pro WordPress Chatbot
2.225 WPJobBoard

3. WordPress Themes — 7 Patched / 2 Unpatched

3.1 Bootstrap Ultimate
3.2 RealHomes
3.3 AdForest
3.4 Avada
3.5 Betheme
3.6 Houzez
3.7 Houzez
3.8 uDesign
3.9 Zox News

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

WordPress Plugins — 183 Patched / 42 Unpatched

Plugin:: Product Size Charts Plugin for WooCommerce
Plugin Slug:: woo-advanced-product-size-chart
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23991

Plugin:: Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:: youzify
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13368

Plugin:: Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:: youzify
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12113

Plugin:: Scroll Styler
Plugin Slug:: scroll-styler
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23990

Plugin:: Broadstreet
Plugin Slug:: broadstreet
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11825

Plugin:: Designer – Elementor Addons
Plugin Slug:: designer
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23987

Plugin:: Internal Link Builder
Plugin Slug:: internal-link-builder
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23989

Plugin:: Estatebud – Properties & Listings
Plugin Slug:: estatebud-properties-listings
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23994

Plugin:: Linear
Plugin Slug:: linear
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13709

Plugin:: 1003 Mortgage Application
Plugin Slug:: 1003-mortgage-application
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13536

Plugin:: ABC Notation
Plugin Slug:: abc-notation
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13550

Plugin:: Altra Side Menu
Plugin Slug:: altra-side-menu
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12774

Plugin:: Altra Side Menu
Plugin Slug:: altra-side-menu
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12773

Plugin:: AnyRoad
Plugin Slug:: anyguide
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23996

Plugin:: Ask Me Anything (Anonymously)
Plugin Slug:: ask-me-anything-anonymously
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12512

Plugin:: Automate Hub
Plugin Slug:: automate-hub-free-by-sperse-io
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13683

Plugin:: Automate Hub
Plugin Slug:: automate-hub-free-by-sperse-io
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11377

Plugin:: BMLT Meeting Map
Plugin Slug:: bmlt-meeting-map
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12494

Plugin:: brodos.net Onlineshop Plugin
Plugin Slug:: brodos-net-onlineshop
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12529

Plugin:: Connections
Plugin Slug:: connections1
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12885

Plugin:: Dental Optimizer Patient Generator App
Plugin Slug:: dental-optimizer-patient-generator-app
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13052

Plugin:: Dyn Business Panel
Plugin Slug:: dyn-business-panel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13057

Plugin:: Dyn Business Panel
Plugin Slug:: dyn-business-panel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13055

Plugin:: Easy Real Estate
Plugin Slug:: easy-real-estate
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32555

Plugin:: Etsy Importer
Plugin Slug:: etsy-importer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12817

Plugin:: Fare Calculator
Plugin Slug:: fare-calculator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23982

Plugin:: FlashCounter
Plugin Slug:: flashcounter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23978

Plugin:: Post Title (TypeWriter)
Plugin Slug:: flashnews-typewriter-pearlbells
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-56012

Plugin:: Full Circle
Plugin Slug:: full-circle
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23980

Plugin:: Issuu Panel
Plugin Slug:: issuu-panel
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23976

Plugin:: Masy Gallery
Plugin Slug:: masy-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13586

Plugin:: NOTICE BOARD BY TOWKIR
Plugin Slug:: notice-board-by-towkir
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12816

Plugin:: WordPress SEO Friendly Accordion FAQ
Plugin Slug:: notice-faq
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13458

Plugin:: Post Carousel Slider
Plugin Slug:: post-carousel-slider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23977

Plugin:: Power Ups for Elementor
Plugin Slug:: power-ups-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13548

Plugin:: PPO Call To Actions
Plugin Slug:: ppo-call-to-actions
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-24001

Plugin:: SEO Blogger to WordPress Migration using 301 Redirection
Plugin Slug:: seo-blogger-to-wordpress-301-redirector
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13422

Plugin:: Social Share Buttons for WordPress
Plugin Slug:: share-buttons
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13117

Plugin:: WP All Import Pro
Plugin Slug:: wp-all-import-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8722

Plugin:: WP Contact Form7 Email Spam Blocker
Plugin Slug:: wp-contact-form7-email-spam-blocker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13467

Plugin:: WP Triggers Lite
Plugin Slug:: wp-triggers-lite
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13095

Plugin:: WP Triggers Lite
Plugin Slug:: wp-triggers-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13094

Plugin:: Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
Plugin Slug:: really-simple-ssl
Installations: 4,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.2.0
Severity Score:: Medium
CVE:: 2025-24623

Plugin:: Starter Templates — Elementor, WordPress & Beaver Builder Templates
Plugin Slug:: astra-sites
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.4.10
Severity Score:: Medium
CVE:: 2025-24568

Plugin:: Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.20.3
Severity Score:: Medium
CVE:: 2025-24746

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.9.1
Severity Score:: Medium
CVE:: 2024-12118

Plugin:: Page Builder Gutenberg Blocks – CoBlocks
Plugin Slug:: coblocks
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2025-24751

Plugin:: ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)
Plugin Slug:: google-analytics-dashboard-for-wp
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.2.0
Severity Score:: Medium
CVE:: 2025-24750

Plugin:: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2025-24753

Plugin:: FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider
Plugin Slug:: fluent-smtp
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2025-24739

Plugin:: WP Go Maps (formerly WP Google Maps)
Plugin Slug:: wp-google-maps
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.0.41
Severity Score:: Medium
CVE:: 2025-24742

Plugin:: Call Now Button – The #1 Click to Call Button for WordPress
Plugin Slug:: call-now-button
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.14
Severity Score:: Medium
CVE:: 2025-24738

Plugin:: Page Builder: Pagelayer – Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.5
Severity Score:: Medium
CVE:: 2025-24573

Plugin:: Post Duplicator
Plugin Slug:: post-duplicator
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.36
Severity Score:: Medium
CVE:: 2025-24736

Plugin:: Admin and Site Enhancements (ASE)
Plugin Slug:: admin-site-enhancements
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.6.3
Severity Score:: Medium
CVE:: 2025-24649

Plugin:: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.16.6
Severity Score:: Medium
CVE:: 2024-12043

Plugin:: Stackable – Page Builder Gutenberg Blocks
Plugin Slug:: stackable-ultimate-gutenberg-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.12
Severity Score:: Medium
CVE:: 2024-12117

Plugin:: String locator
Plugin Slug:: string-locator
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.7
Severity Score:: High
CVE:: 2024-10936

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.7.5.1
Severity Score:: Medium
CVE:: 2024-13599

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Open Redirection
Patched in Version:: 4.2.7.2
Severity Score:: Medium
CVE:: 2025-24740

Plugin:: List category posts
Plugin Slug:: list-category-posts
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.90.3
Severity Score:: Medium
CVE:: 2024-9020

Plugin:: Nested Pages
Plugin Slug:: wp-nested-pages
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.10
Severity Score:: Medium
CVE:: 2025-24579

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.27.13
Severity Score:: Medium
CVE:: 2025-24689

Plugin:: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Plugin Slug:: print-invoices-packing-slip-labels-for-woocommerce
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.2
Severity Score:: Medium
CVE:: 2025-24644

Plugin:: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-13517

Plugin:: Better Find and Replace
Plugin Slug:: real-time-auto-find-and-replace
Installations: 50,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.6.8
Severity Score:: High
CVE:: 2025-24734

Plugin:: WP-Polls
Plugin Slug:: wp-polls
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.77.3
Severity Score:: Medium
CVE:: 2024-13426

Plugin:: Social Share, Social Login and Social Comments Plugin – Super Socializer
Plugin Slug:: super-socializer
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.14.1
Severity Score:: Medium
CVE:: 2024-13230

Plugin:: Carousel Maker for Divi
Plugin Slug:: wow-carousel-for-divi-lite
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2025-0350

Plugin:: WP Visitor Statistics (Real Time Traffic)
Plugin Slug:: wp-stats-manager
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3
Severity Score:: Medium
CVE:: 2025-24675

Plugin:: Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Plugin Slug:: bookingpress-appointment-booking
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.26
Severity Score:: Medium
CVE:: 2025-24732

Plugin:: Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.32
Severity Score:: Medium
CVE:: 2025-24542

Plugin:: IP2Location Country Blocker
Plugin Slug:: ip2location-country-blocker
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.38.4
Severity Score:: Medium
CVE:: 2025-24731

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2025-24743

Plugin:: Simple Download Monitor
Plugin Slug:: simple-download-monitor
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.26
Severity Score:: High
CVE:: 2025-24663

Plugin:: Thim Elementor Kit
Plugin Slug:: thim-elementor-kit
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.9
Severity Score:: Medium
CVE:: 2025-24725

Plugin:: PPOM – Product Addons & Custom Fields for WooCommerce
Plugin Slug:: woocommerce-product-addon
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 33.0.9
Severity Score:: Medium
CVE:: 2025-24668

Plugin:: Contact Form Email
Plugin Slug:: contact-form-to-email
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.53
Severity Score:: Medium
CVE:: 2025-24727

Plugin:: WP Customer Area
Plugin Slug:: customer-area
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.2.5
Severity Score:: Medium
CVE:: 2024-12280

Plugin:: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.2.2
Severity Score:: Critical
CVE:: 2024-13496

Plugin:: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 7.2.2
Severity Score:: High
CVE:: 2024-13495

Plugin:: AI Power: Complete AI Pack
Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.97
Severity Score:: Medium
CVE:: 2024-13361

Plugin:: AI Power: Complete AI Pack
Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.8.97
Severity Score:: Medium
CVE:: 2024-13360

Plugin:: AI Power: Complete AI Pack
Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.8.97
Severity Score:: High
CVE:: 2025-0429

Plugin:: Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Plugin Slug:: ht-contactform
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2025-24726

Plugin:: AI Chatbot for WordPress – Hyve Lite
Plugin Slug:: hyve-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2025-24666

Plugin:: JSM Show Post Metadata
Plugin Slug:: jsm-show-post-meta
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.6.1
Severity Score:: Medium
CVE:: 2025-24589

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.3
Severity Score:: High
CVE:: 2024-13404

Plugin:: Modal Window – create popup modal window
Plugin Slug:: modal-window
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.1.5
Severity Score:: Medium
CVE:: 2025-24717

Plugin:: Membership Plugin – Restrict Content
Plugin Slug:: restrict-content
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.14
Severity Score:: Medium
CVE:: 2024-11090

Plugin:: Internal Links Manager
Plugin Slug:: seo-automated-link-building
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2025-24679

Plugin:: WooCommerce Product Table Lite
Plugin Slug:: wc-product-table-lite
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.0
Severity Score:: Medium
CVE:: 2025-24596

Plugin:: Countdown Timer – Widget Countdown
Plugin Slug:: widget-countdown
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2025-24719

Plugin:: Export All Posts, Products, Orders, Refunds & Users
Plugin Slug:: wp-ultimate-exporter
Installations: 10,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.9.1
Severity Score:: Medium
CVE:: 2025-24611

Plugin:: WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress
Plugin Slug:: wpvr
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.15
Severity Score:: Medium
CVE:: 2025-24730

Plugin:: Essential Real Estate
Plugin Slug:: essential-real-estate
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.1.9
Severity Score:: Medium
CVE:: 2025-24698

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 8,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.17.5
Severity Score:: Low
CVE:: 2024-13450

Plugin:: Sticky Buttons – floating buttons builder
Plugin Slug:: sticky-buttons
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.2
Severity Score:: Medium
CVE:: 2025-24720

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.3
Severity Score:: High
CVE:: 2024-11641

Plugin:: Product Carousel Slider & Grid Ultimate for WooCommerce
Plugin Slug:: woo-product-carousel-slider-and-grid-ultimate
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.10.1
Severity Score:: Medium
CVE:: 2025-24681

Plugin:: WP Hotel Booking
Plugin Slug:: wp-hotel-booking
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.7
Severity Score:: Medium
CVE:: 2024-13447

Plugin:: Xagio SEO
Plugin Slug:: xagio-seo
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.0.21
Severity Score:: Medium
CVE:: 2025-24702

Plugin:: Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
Plugin Slug:: extensions-for-cf7
Installations: 6,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2025-24695

Plugin:: Side Menu Lite – add sticky fixed buttons
Plugin Slug:: side-menu-lite
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2025-24724

Plugin:: Super block slider – Responsive image & content slider
Plugin Slug:: super-block-slider
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8
Severity Score:: Medium
CVE:: 2025-24682

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.7
Severity Score:: High
CVE:: 2024-13319

Plugin:: Button Generator – easily Button Builder
Plugin Slug:: button-generation
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.2
Severity Score:: Medium
CVE:: 2025-24713

Plugin:: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.14
Severity Score:: Medium
CVE:: 2025-24706

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2025-24729

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2025-24618

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2025-24578

Plugin:: Variation Swatches for WooCommerce
Plugin Slug:: th-variation-swatches
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-13511

Plugin:: Custom Product Tabs Lite for WooCommerce
Plugin Slug:: woocommerce-custom-product-tabs-lite
Installations: 5,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.9.1
Severity Score:: High
CVE:: 2024-12600

Plugin:: Import WP – Export and Import CSV and XML files to WordPress
Plugin Slug:: jc-importer
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.14.6
Severity Score:: High
CVE:: 2024-13562

Plugin:: Popup Box: Create Popups Easily
Plugin Slug:: popup-box
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2025-24711

Plugin:: RSVP and Event Management
Plugin Slug:: rsvp
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.15
Severity Score:: High
CVE:: 2025-24683

Plugin:: Premium Packages – Sell Digital Products Securely
Plugin Slug:: wpdm-premium-packages
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.9.7
Severity Score:: High
CVE:: 2025-24659

Plugin:: XML for Google Merchant Center
Plugin Slug:: xml-for-google-merchant-center
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.12
Severity Score:: High
CVE:: 2024-13406

Plugin:: HelloAsso
Plugin Slug:: helloasso
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.12
Severity Score:: Medium
CVE:: 2025-24575

Plugin:: Multiple Page Generator Plugin – MPG
Plugin Slug:: multiple-pages-generator-by-porthas
Installations: 3,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.0.6
Severity Score:: Medium
CVE:: 2024-10705

Plugin:: Patreon WordPress
Plugin Slug:: patreon-connect
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.2
Severity Score:: Medium
CVE:: 2025-24588

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 4.4.12
Severity Score:: Medium
CVE:: 2025-24552

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-24543

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-24546

Plugin:: Auction Nudge – Your eBay on Your Site
Plugin Slug:: auction-nudge
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.1
Severity Score:: Medium
CVE:: 2025-24658

Plugin:: Chained Quiz
Plugin Slug:: chained-quiz
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2025-24701

Plugin:: Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site
Plugin Slug:: counter-box
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2025-24715

Plugin:: Email Subscription Popup
Plugin Slug:: email-subscribe
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: = 1.2.24
Severity Score:: High
CVE:: 2025-24587

Plugin:: Social Proof Popups & Real-Time Notifications – Herd Effects
Plugin Slug:: mwp-herd-effect
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.2.2
Severity Score:: Medium
CVE:: 2025-24716

Plugin:: Plethora Plugins Tabs + Accordions
Plugin Slug:: plethora-tabs-accordions
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2024-13721

Plugin:: Plethora Plugins Tabs + Accordions
Plugin Slug:: plethora-tabs-accordions
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2025-24709

Plugin:: Comment Edit Core – Simple Comment Editing
Plugin Slug:: simple-comment-editing
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.1.0
Severity Score:: Medium
CVE:: 2025-24703

Plugin:: Product Table by WBW
Plugin Slug:: woo-product-tables
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3
Severity Score:: Critical
CVE:: 2024-13234

Plugin:: WooCommerce Quick View
Plugin Slug:: woo-quick-view
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-24705

Plugin:: Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
Plugin Slug:: a4-barcode-generator
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.11
Severity Score:: Medium
CVE:: 2025-24603

Plugin:: Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:: ajax-filter-posts
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.4.13
Severity Score:: Medium
CVE:: 2025-24733

Plugin:: Visual Website Collaboration, Feedback & Project Management – Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.9
Severity Score:: High
CVE:: 2025-24570

Plugin:: Bubble Menu – Sticky Navigation with Floating Button Menu Solution
Plugin Slug:: bubble-menu
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.0.3
Severity Score:: Medium
CVE:: 2025-24714

Plugin:: Event post
Plugin Slug:: event-post
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.8
Severity Score:: Medium
CVE:: 2025-24585

Plugin:: Flexmls® IDX Plugin
Plugin Slug:: flexmls-idx
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.27
Severity Score:: Medium
CVE:: 2024-10552

Plugin:: WP Fast Total Search – The Power of Indexed Search
Plugin Slug:: fulltext-search
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.79.262
Severity Score:: Medium
CVE:: 2025-24572

Plugin:: WP Fast Total Search – The Power of Indexed Search
Plugin Slug:: fulltext-search
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.79.262
Severity Score:: Medium
CVE:: 2025-24571

Plugin:: KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin
Plugin Slug:: kb-support
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2025-24741

Plugin:: GDPR CCPA Compliance & Cookie Consent Banner
Plugin Slug:: ninja-gdpr-compliance
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2025-24591

Plugin:: GoHero Store Customizer for WooCommerce
Plugin Slug:: personalize-woocommerce-cart-page
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0
Severity Score:: Medium
CVE:: 2024-12826

Plugin:: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget
Plugin Slug:: post-grid-carousel-ultimate
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2025-24782

Plugin:: Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
Plugin Slug:: responsive-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.5
Severity Score:: Medium
CVE:: 2024-13354

Plugin:: Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates
Plugin Slug:: sastra-essential-addons-for-elementor
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.15
Severity Score:: Medium
CVE:: 2024-13335

Plugin:: Save as PDF Plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.4.1
Severity Score:: Critical
CVE:: 2025-24671

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 0.21.13
Severity Score:: High
CVE:: 2024-13236

Plugin:: Tamara Checkout
Plugin Slug:: tamara-checkout
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.9.1
Severity Score:: Medium
CVE:: 2025-23997

Plugin:: Toocheke Companion
Plugin Slug:: toocheke-companion
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.167
Severity Score:: Medium
CVE:: 2025-23992

Plugin:: Tourfic – Ultimate Hotel Booking, Travel Booking & Car Rental WordPress Plugin | WooCommerce Booking
Plugin Slug:: tourfic
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.15.4
Severity Score:: Critical
CVE:: 2025-24650

Plugin:: WooCommerce Cloak Affiliate Links
Plugin Slug:: woocommerce-cloak-affiliate-links
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.36
Severity Score:: Medium
CVE:: 2025-24647

Plugin:: MDTF – Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3.7
Severity Score:: Medium
CVE:: 2024-13340

Plugin:: 12 Step Meeting List
Plugin Slug:: 12-step-meeting-list
Installations: 800+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.16.6
Severity Score:: Medium
CVE:: 2025-24582

Plugin:: 12 Step Meeting List
Plugin Slug:: 12-step-meeting-list
Installations: 800+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 3.16.6
Severity Score:: Medium
CVE:: 2025-24580

Plugin:: Booking Calendar Contact Form
Plugin Slug:: booking-calendar-contact-form
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.56
Severity Score:: Medium
CVE:: 2025-24723

Plugin:: Easy YouTube Gallery
Plugin Slug:: easy-youtube-gallery
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.5
Severity Score:: Medium
CVE:: 2025-24721

Plugin:: FireCask Like & Share Button
Plugin Slug:: facebook-like-send-button
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-11226

Plugin:: Wishlist for WooCommerce
Plugin Slug:: wt-woocommerce-wishlist
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2025-24657

Plugin:: Create with Code
Plugin Slug:: create-with-code
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2025-24638

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.60
Severity Score:: Medium
CVE:: 2025-24622

Plugin:: Ketchup Shortcodes
Plugin Slug:: ketchup-shortcodes-pack
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.2.1
Severity Score:: Medium
CVE:: 2025-24673

Plugin:: Listamester
Plugin Slug:: listamester
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.5
Severity Score:: Medium
CVE:: 2025-24678

Plugin:: WP Google Street View (with 360° virtual tour) & Google maps + Local SEO
Plugin Slug:: wp-google-street-view
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2024-13542

Plugin:: WP Multi Store Locator
Plugin Slug:: wp-multi-store-locator
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: High
CVE:: 2025-24680

Plugin:: Form Builder CP
Plugin Slug:: cp-easy-form-builder
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.42
Severity Score:: High
CVE:: 2025-24672

Plugin:: MachForm Shortcode
Plugin Slug:: machform-shortcode
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2025-24636

Plugin:: Picture Gallery – Frontend Image Uploads, AJAX Photo List
Plugin Slug:: picture-gallery
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.20
Severity Score:: Medium
CVE:: 2024-13584

Plugin:: SERPed.net
Plugin Slug:: serped-net
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 4.6
Severity Score:: High
CVE:: 2025-24669

Plugin:: aDirectory – WordPress Directory Listing Plugin
Plugin Slug:: adirectory
Installations: 300+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.9
Severity Score:: High

Plugin:: All Embed – Elementor Addons
Plugin Slug:: all-embed-addons-for-elementor
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2025-24595

Plugin:: Gutenberg Blocks and Page Layouts – Attire Blocks
Plugin Slug:: attire-blocks
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.7
Severity Score:: Medium
CVE:: 2025-24696

Plugin:: WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Plugin Slug:: cf7-dynamics-crm
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.7
Severity Score:: High
CVE:: 2025-24708

Plugin:: RSVPMaker
Plugin Slug:: rsvpmaker
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 11.4.6
Severity Score:: Medium
CVE:: 2025-24600

Plugin:: Build Private Store For Woocommerce
Plugin Slug:: build-private-store-for-woocommerce
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 1..1
Severity Score:: Medium
CVE:: 2025-24633

Plugin:: WP Duplicate – WordPress Migration Plugin
Plugin Slug:: local-sync
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2025-24652

Plugin:: Magic the Gathering Card Tooltips
Plugin Slug:: magic-the-gathering-card-tooltips
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2025-24704

Plugin:: ShMapper by Teplitsa
Plugin Slug:: shmapper-by-teplitsa
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2025-24674

Plugin:: Taxonomy/Term and Role based Discounts for WooCommerce
Plugin Slug:: taxonomy-discounts-woocommerce
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2
Severity Score:: Medium
CVE:: 2025-24625

Plugin:: Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
Plugin Slug:: v-form
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2025-24604

Plugin:: Advanced Notifications
Plugin Slug:: advanced-notifications
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2025-24693

Plugin:: Blur Text
Plugin Slug:: blur-text
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2025-24627

Plugin:: Target Video Easy Publish
Plugin Slug:: brid-video-easy-publish
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.4
Severity Score:: High
CVE:: 2024-12076

Plugin:: Bug Library
Plugin Slug:: bug-library
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.5
Severity Score:: High
CVE:: 2025-24728

Plugin:: Linet ERP-Woocommerce Integration Plugin
Plugin Slug:: linet-erp-woocommerce-integration
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.5.8
Severity Score:: Medium
CVE:: 2025-24594

Plugin:: Morkva UA Shipping
Plugin Slug:: morkva-ua-shipping
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.20
Severity Score:: High
CVE:: 2025-24685

Plugin:: Orbisius Simple Notice
Plugin Slug:: orbisius-simple-notice
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2025-24634

Plugin:: People Lists
Plugin Slug:: people-lists
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2025-24691

Plugin:: Precious Metals Charts and Widgets for WordPress
Plugin Slug:: precious-metals-chart-and-widgets
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.9
Severity Score:: Medium
CVE:: 2024-13572

Plugin:: Roi Calculator
Plugin Slug:: roi-calculator
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1
Severity Score:: High
CVE:: 2025-24756

Plugin:: Show/Hide Shortcode
Plugin Slug:: showhide-shortcode
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.1
Severity Score:: Medium
CVE:: 2025-24687

Plugin:: Simple Downloads List
Plugin Slug:: simple-downloads-list
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 1.4.3
Severity Score:: High
CVE:: 2024-13594

Plugin:: FV Thoughtful Comments
Plugin Slug:: thoughtful-comments
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 0.3.6
Severity Score:: Medium
CVE:: 2025-24613

Plugin:: WC Affiliate – A Complete WooCommerce Affiliate Plugin
Plugin Slug:: wc-affiliate
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4
Severity Score:: High
CVE:: 2024-12321

Plugin:: WC Affiliate – A Complete WooCommerce Affiliate Plugin
Plugin Slug:: wc-affiliate
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5
Severity Score:: High
CVE:: 2024-12334

Plugin:: WP-BibTeX
Plugin Slug:: wp-bibtex
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.2
Severity Score:: High
CVE:: 2024-12005

Plugin:: PDF Invoices for WooCommerce + Drag and Drop Template Builder
Plugin Slug:: pdf-for-woocommerce
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.0
Severity Score:: Medium
CVE:: 2025-24755

Plugin:: Dynamic URL SEO
Plugin Slug:: dynamic-url-seo
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2025-23985

Plugin:: Restrict Anonymous Access
Plugin Slug:: restrict-anonymous-access
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2025-24610

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 80+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.6.10
Severity Score:: Critical
CVE:: 2025-0357

Plugin:: Simple Gallery with Filter
Plugin Slug:: simple-gallery-with-filter
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-13583

Plugin:: Bilingual Linker
Plugin Slug:: bilingual-linker
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: Medium
CVE:: 2024-13441

Plugin:: Cliptakes
Plugin Slug:: cliptakes
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-13389

Plugin:: FAQ Builder AYS
Plugin Slug:: faq-builder-ays
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2025-24722

Plugin:: Radius Blocks – WordPress Gutenberg Blocks
Plugin Slug:: radius-blocks
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2025-24712

Plugin:: wp-greet
Plugin Slug:: wp-greet
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3
Severity Score:: High
CVE:: 2024-13444

Plugin:: Boom Fest
Plugin Slug:: boom-fest
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-13449

Plugin:: Caching Compatible Cookie Opt-In and JavaScript
Plugin Slug:: caching-compatible-cookie-optin-and-javascript
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.0.11
Severity Score:: Medium
CVE:: 2025-24547

Plugin:: Subscription DNA®
Plugin Slug:: subscriptiondna
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2
Severity Score:: High
CVE:: 2025-24555

Plugin:: KBucket: Your Curated Content in WordPress
Plugin Slug:: kbucket
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.2
Severity Score:: High
CVE:: 2025-24562

Plugin:: ReviewsTap
Plugin Slug:: reviewstap
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2025-24561

Plugin:: Admin and Site Enhancements (ASE) Pro
Plugin Slug:: admin-site-enhancements-pro
Vulnerability:: Broken Access Control
Patched in Version:: 7.6.3
Severity Score:: Medium
CVE:: 2025-24653

Plugin:: BMLT Meeting Map
Plugin Slug:: bmlt-meeting-map
Vulnerability:: Local File Inclusion
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2024-13593

Plugin:: Bridge Core
Plugin Slug:: bridge-core
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2025-24744

Plugin:: Fusion Builder
Plugin Slug:: fusion-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.12
Severity Score:: Medium
CVE:: 2024-12477

Plugin:: JetElements For Elementor
Plugin Slug:: jet-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2025-0371

Plugin:: Oshine Modules
Plugin Slug:: oshine-modules
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.3.8
Severity Score:: Medium
CVE:: 2024-44055

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Broken Access Control
Patched in Version:: 4.20.0.3
Severity Score:: Medium
CVE:: 2025-24662

Plugin:: ThemeREX Addons
Plugin Slug:: trx_addons
Vulnerability:: Local File Inclusion
Patched in Version:: 2.34.0
Severity Score:: High
CVE:: 2025-0682

Plugin:: VideoWhisper Live Streaming Integration
Plugin Slug:: videowhisper-live-streaming-integration
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.10
Severity Score:: Medium
CVE:: 2024-12504

Plugin:: WPBot Pro WordPress Chatbot
Plugin Slug:: wpbot-pro
Vulnerability:: Broken Access Control
Patched in Version:: 13.5.6
Severity Score:: Medium
CVE:: 2024-12879

Plugin:: WPBot Pro WordPress Chatbot
Plugin Slug:: wpbot-pro
Vulnerability:: Arbitrary File Upload
Patched in Version:: 13.5.6
Severity Score:: Critical
CVE:: 2024-13091

Plugin:: WPJobBoard
Plugin Slug:: wpjobboard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.11.1
Severity Score:: High
CVE:: 2025-24781

WordPress Themes — 7 Patched / 2 Unpatched

Theme:: Bootstrap Ultimate
Theme Slug:: bootstrap-ultimate
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13545

Theme:: RealHomes
Theme Slug:: realhomes
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32444

Theme:: AdForest
Theme Slug:: adforest
Vulnerability:: Broken Authentication
Patched in Version:: 5.1.9
Severity Score:: Critical
CVE:: 2024-12857

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Broken Access Control
Patched in Version:: 7.11.11
Severity Score:: Medium
CVE:: 2025-24748

Theme:: Betheme
Theme Slug:: betheme
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 27.6.2
Severity Score:: Medium
CVE:: 2025-0450

Theme:: Houzez
Theme Slug:: houzez
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.2
Severity Score:: Medium
CVE:: 2025-24747

Theme:: Houzez
Theme Slug:: houzez
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.2
Severity Score:: Medium
CVE:: 2025-24754

Theme:: uDesign
Theme Slug:: udesign
Vulnerability:: Broken Access Control
Patched in Version:: 4.11.3
Severity Score:: Medium
CVE:: 2025-24757

Theme:: Zox News
Theme Slug:: zox-news
Vulnerability:: Broken Access Control
Patched in Version:: 3.17.0
Severity Score:: High
CVE:: 2024-11936

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 183 Patched / 42 Unpatched