In this report, 228 vulnerabilities have been publicly disclosed. Security patches for 97 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 131 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.
WordPress Plugins — 95 Patched / 110 Unpatched
Smart Custom Fields
- Plugin:
- Smart Custom Fields
- Plugin Slug:
- smart-custom-fields
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22308
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
- Plugin Slug:
- gutentor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22293
Link Whisper Free
- Plugin:
- Link Whisper Free
- Plugin Slug:
- link-whisper
- Installations
- 30,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22306
WP Visitor Statistics (Real Time Traffic)
- Plugin Slug:
- wp-stats-manager
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22304
Thim Elementor Kit
- Plugin:
- Thim Elementor Kit
- Plugin Slug:
- thim-elementor-kit
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22312
MashShare – Social Media Share Buttons, Social Share Icons
- Plugin Slug:
- mashsharer
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22319
TemplatesNext ToolKit
- Plugin:
- TemplatesNext ToolKit
- Plugin Slug:
- templatesnext-toolkit
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22310
WP FullCalendar
- Plugin:
- WP FullCalendar
- Plugin Slug:
- wp-fullcalendar
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22261
Product Table for WooCommerce by CodeAstrology (wooproducttable.com)
- Plugin Slug:
- woo-product-table
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22307
Hash Elements
- Plugin:
- Hash Elements
- Plugin Slug:
- hash-elements
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22296
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler
- Plugin Slug:
- cf7-styler
- Installations
- 4,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12419
CubeWP Forms – All-in-One Form Builder
- Plugin Slug:
- cubewp-forms
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-51651
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes
- Plugin Slug:
- elex-bulk-edit-products-prices-attributes-for-woocommerce-basic
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22352
SpeakOut! Email Petitions
- Plugin:
- SpeakOut! Email Petitions
- Plugin Slug:
- speakout
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22309
DynamicTags
- Plugin:
- DynamicTags
- Plugin Slug:
- dynamictags
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22348
BSK Forms Blacklist
- Plugin:
- BSK Forms Blacklist
- Plugin Slug:
- bsk-gravityforms-blacklist
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22347
Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin
- Plugin Slug:
- bus-ticket-booking-with-seat-reservation
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49294
DirectoryPress – Business Directory And Classified Ad Listing
- Plugin Slug:
- directorypress
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49633
Hero Banner Ultimate
- Plugin:
- Hero Banner Ultimate
- Plugin Slug:
- hero-banner-ultimate
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22305
Typing Text
- Plugin:
- Typing Text
- Plugin Slug:
- typing-text
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22315
Custom Field For WP Job Manager
- Plugin:
- Custom Field For WP Job Manager
- Plugin Slug:
- custom-field-for-wp-job-manager
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22294
FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor
- Plugin:
- FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor
- Plugin Slug:
- post-block
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10536
Build App Online
- Plugin:
- Build App Online
- Plugin Slug:
- build-app-online
- Installations
- 700+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49649
WordLift – AI powered SEO – Schema
- Plugin Slug:
- wordlift
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12176
ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
- Plugin:
- ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
- Plugin Slug:
- clickwhale
- Installations
- 500+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-51715
SMSA Shipping (official)
- Plugin:
- SMSA Shipping (official)
- Plugin Slug:
- smsa-shipping-official
- Installations
- 500+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49249
WP Youtube Gallery
- Plugin:
- WP Youtube Gallery
- Plugin Slug:
- wp-youtube-gallery
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12590
ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons)
- Plugin Slug:
- css-for-elementor
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22321
NAVER Analytics
- Plugin:
- NAVER Analytics
- Plugin Slug:
- naver-analytics
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-51700
ThePerfectWedding.nl Widget
- Plugin:
- ThePerfectWedding.nl Widget
- Plugin Slug:
- theperfectweddingnl-widget
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12322
Hide Category by User Role for WooCommerce
- Plugin Slug:
- hide-category-by-user-role-for-woocommerce
- Installations
- 200+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-56272
Rezgo Online Booking
- Plugin:
- Rezgo Online Booking
- Plugin Slug:
- rezgo
- Installations
- 200+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53800
Standard Box Sizes – for WooCommerce
- Plugin Slug:
- standard-box-sizes
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22318
ARS Affiliate Page Plugin
- Plugin:
- ARS Affiliate Page Plugin
- Plugin Slug:
- ars-affiliate-page
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12098
ProductDyno
- Plugin:
- ProductDyno
- Plugin Slug:
- productdyno
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22320
SSL Wireless SMS Notification
- Plugin:
- SSL Wireless SMS Notification
- Plugin Slug:
- ssl-wireless-sms-notification
- Installations
- 70+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-56284
Image Hover Effects for Elementor
- Plugin Slug:
- image-hover-effects-elementor-addon
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22323
WP SecureSubmit
- Plugin:
- WP SecureSubmit
- Plugin Slug:
- securesubmit
- Installations
- 60+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-56271
WP SecureSubmit
- Plugin:
- WP SecureSubmit
- Plugin Slug:
- securesubmit
- Installations
- 60+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-56270
Chative Live chat and Chatbot
- Plugin:
- Chative Live chat and Chatbot
- Plugin Slug:
- chative-live-chat-and-chatbot
- Installations
- 50+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12541
EO4WP: EmailOctopus for WordPress
- Plugin Slug:
- fw-integration-for-emailoctopus
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22327
5centsCDN – WordPress CDN Plugin
- Plugin:
- 5centsCDN – WordPress CDN Plugin
- Plugin Slug:
- 5centscdn
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22326
ACH Invoicing Plugin
- Plugin:
- ACH Invoicing Plugin
- Plugin Slug:
- ach-invoice-app
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22364
Contact Form 7 Database – CFDB7
- Plugin:
- Contact Form 7 Database – CFDB7
- Plugin Slug:
- advanced-cf7-database
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22351
Wp advertising management
- Plugin:
- Wp advertising management
- Plugin Slug:
- advertising-management
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22358
AHAthat
- Plugin:
- AHAthat
- Plugin Slug:
- ahathat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12595
Allada T-shirt Designer for Woocommerce
- Plugin:
- Allada T-shirt Designer for Woocommerce
- Plugin Slug:
- allada-tshirt-designer-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22363
ARPrice
- Plugin:
- ARPrice
- Plugin Slug:
- arprice
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49666
ARPrice
- Plugin:
- ARPrice
- Plugin Slug:
- arprice
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49655
ARPrice
- Plugin:
- ARPrice
- Plugin Slug:
- arprice
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49699
ARPrice
- Plugin:
- ARPrice
- Plugin Slug:
- arprice
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49688
Autocompleter
- Plugin:
- Autocompleter
- Plugin Slug:
- autocompleter
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22325
Bizapp for WooCommerce
- Plugin:
- Bizapp for WooCommerce
- Plugin Slug:
- bizapp-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11378
BVD Easy Gallery Manager
- Plugin:
- BVD Easy Gallery Manager
- Plugin Slug:
- bvd-easy-gallery-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22353
Candifly
- Plugin:
- Candifly
- Plugin Slug:
- candifly
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12440
Chatroll Live Chat
- Plugin:
- Chatroll Live Chat
- Plugin Slug:
- chatroll-live-chat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12464
ClickDesigns
- Plugin:
- ClickDesigns
- Plugin Slug:
- clickdesigns
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12559
Common Ninja
- Plugin:
- Common Ninja
- Plugin Slug:
- common-ninja
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11382
Duplicate Post, Page and Any Custom Post
- Plugin:
- Duplicate Post, Page and Any Custom Post
- Plugin Slug:
- duplicate-pp
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12538
Elevio
- Plugin:
- Elevio
- Plugin Slug:
- elevio
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22328
EMC2 Alert Boxes
- Plugin:
- EMC2 Alert Boxes
- Plugin Slug:
- emc2-alert-boxes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22365
Enable Accessibility
- Plugin:
- Enable Accessibility
- Plugin Slug:
- enable-accessibility
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9208
Fancy Product Designer
- Plugin:
- Fancy Product Designer
- Plugin Slug:
- fancy-product-designer
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-51818
Fancy Product Designer
- Plugin:
- Fancy Product Designer
- Plugin Slug:
- fancy-product-designer
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-51919
Formaloo Form Maker
- Plugin:
- Formaloo Form Maker
- Plugin Slug:
- formaloo-form-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11934
GDY Modular Content
- Plugin:
- GDY Modular Content
- Plugin Slug:
- gdy-modular-content
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12153
Geo Content
- Plugin:
- Geo Content
- Plugin Slug:
- geo-targetly-geo-content
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11887
Hero Mega Menu – Responsive WordPress Menu Plugin
- Plugin:
- Hero Mega Menu – Responsive WordPress Menu Plugin
- Plugin Slug:
- hmenu
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49333
Hero Mega Menu – Responsive WordPress Menu Plugin
- Plugin:
- Hero Mega Menu – Responsive WordPress Menu Plugin
- Plugin Slug:
- hmenu
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49303
Host PHP Info
- Plugin:
- Host PHP Info
- Plugin Slug:
- host-php-info
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12535
Ultimate Learning Pro
- Plugin:
- Ultimate Learning Pro
- Plugin Slug:
- indeed-learning-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22350
LazyLoad Background Images
- Plugin:
- LazyLoad Background Images
- Plugin Slug:
- lazyload-background-images
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12327
Marketplace Items
- Plugin:
- Marketplace Items
- Plugin Slug:
- marketplace-items
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12437
Meteor Slides
- Plugin:
- Meteor Slides
- Plugin Slug:
- meteor-slides
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12073
MG Parallax Slider
- Plugin:
- MG Parallax Slider
- Plugin Slug:
- mg-parallax-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22330
Opencart Product in WP
- Plugin:
- Opencart Product in WP
- Plugin Slug:
- opencart-product-in-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22335
OZ Canonical
- Plugin:
- OZ Canonical
- Plugin Slug:
- oz-canonical
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22324
PayGreen Payment Gateway
- Plugin:
- PayGreen Payment Gateway
- Plugin Slug:
- paygreen-payment-gateway
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11810
RightMessage WP
- Plugin:
- RightMessage WP
- Plugin Slug:
- rightmessage
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12445
Kikx Simple Post Author Filter
- Plugin:
- Kikx Simple Post Author Filter
- Plugin Slug:
- sa-post-author-filter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22355
School Management System – SakolaWP
- Plugin:
- School Management System – SakolaWP
- Plugin Slug:
- sakolawp-lite
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-12470
Sell Media
- Plugin:
- Sell Media
- Plugin Slug:
- sell-media
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11777
Sellsy
- Plugin:
- Sellsy
- Plugin Slug:
- sellsy
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12592
SEO LAT Auto Post
- Plugin:
- SEO LAT Auto Post
- Plugin Slug:
- seo-beginner-auto-post
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-12252
Simple Add Pages or Posts
- Plugin:
- Simple Add Pages or Posts
- Plugin Slug:
- simple-add-pages-or-posts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12288
Slider Pro Lite
- Plugin:
- Slider Pro Lite
- Plugin Slug:
- slider-pro-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11899
Social Rocket
- Plugin:
- Social Rocket
- Plugin Slug:
- social-rocket
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9702
Social Rocket
- Plugin:
- Social Rocket
- Plugin Slug:
- social-rocket
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9697
Spacer
- Plugin:
- Spacer
- Plugin Slug:
- spacer
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2024-10527
SweepWidget Contests, Giveaways, Photo Contests, Competitions
- Plugin:
- SweepWidget Contests, Giveaways, Photo Contests, Competitions
- Plugin Slug:
- sweepwidget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11756
SyncFields
- Plugin:
- SyncFields
- Plugin Slug:
- syncfields
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22359
WP-tagMaker
- Plugin:
- WP-tagMaker
- Plugin Slug:
- tagmaker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22338
Target Notifications
- Plugin:
- Target Notifications
- Plugin Slug:
- target-notifications
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22357
Themes Coder
- Plugin:
- Themes Coder
- Plugin Slug:
- tc-ecommerce
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-12402
Timeline Designer
- Plugin:
- Timeline Designer
- Plugin Slug:
- timeline-designer
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11437
Transporters.io
- Plugin:
- Transporters.io
- Plugin Slug:
- transportersio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12557
Private Messages for UserPro
- Plugin:
- Private Messages for UserPro
- Plugin Slug:
- userpro-messaging
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22311
ViewMedica 9
- Plugin:
- ViewMedica 9
- Plugin Slug:
- viewmedica
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12291
ViewMedica 9
- Plugin:
- ViewMedica 9
- Plugin Slug:
- viewmedica
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12170
WC1C
- Plugin:
- WC1C
- Plugin Slug:
- wc1c-main
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11375
Wizhi Multi Filters by Wenprise
- Plugin:
- Wizhi Multi Filters by Wenprise
- Plugin Slug:
- wizhi-multi-filters
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22336
Binary MLM Woocommerce
- Plugin:
- Binary MLM Woocommerce
- Plugin Slug:
- woo-binary-mlm
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12383
Woo Ukrposhta
- Plugin:
- Woo Ukrposhta
- Plugin Slug:
- woo-ukrposhta
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12049
WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket
- Plugin:
- WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket
- Plugin Slug:
- woocommerce-digital-content-delivery-with-drm-flickrocket
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12438
Live Sales Notification for Woocommerce – Woomotiv
- Plugin:
- Live Sales Notification for Woocommerce – Woomotiv
- Plugin Slug:
- woomotiv
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-12416
WordPress Auction Plugin
- Plugin:
- WordPress Auction Plugin
- Plugin Slug:
- wp-auctions
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22349
WP Simple Sitemap
- Plugin:
- WP Simple Sitemap
- Plugin Slug:
- wp-simple-sitemap
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22342
WPAchievements Free
- Plugin:
- WPAchievements Free
- Plugin Slug:
- wpachievements-free
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22362
wpSOL
- Plugin:
- wpSOL
- Plugin Slug:
- wpsol
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22343
Custom Product Tabs for WooCommerce
- Plugin:
- Custom Product Tabs for WooCommerce
- Plugin Slug:
- yikes-inc-easy-custom-woocommerce-product-tabs
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11465
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
- Plugin Slug:
- wpforms-lite
- Installations
- 6,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.2.3
- Severity Score:
- Medium
- CVE:
- 2024-56276
UpdraftPlus: WP Backup & Migration Plugin
- Plugin Slug:
- updraftplus
- Installations
- 3,000,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.24.12
- Severity Score:
- High
- CVE:
- 2024-10957
Envato Elements – Photos & Elementor Templates
- Plugin Slug:
- envato-elements
- Installations
- 1,000,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.0.15
- Severity Score:
- Medium
- CVE:
- 2024-56275
Ninja Forms – The Contact Form Builder That Grows With You
- Plugin Slug:
- ninja-forms
- Installations
- 700,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 3.8.23
- Severity Score:
- Medium
- CVE:
- 2024-12238
Migration, Backup, Staging – WPvivid Backup & Migration
- Plugin Slug:
- wpvivid-backuprestore
- Installations
- 600,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.9.107
- Severity Score:
- Medium
- CVE:
- 2024-56273
PixelYourSite – Your smart PIXEL (TAG) & API Manager
- Plugin Slug:
- pixelyoursite
- Installations
- 500,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 10.0.2
- Severity Score:
- Medium
- CVE:
- 2025-22300
Astra Widgets
- Plugin:
- Astra Widgets
- Plugin Slug:
- astra-widgets
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.16
- Severity Score:
- Medium
- CVE:
- 2024-56274
Pods – Custom Content Types and Fields
- Plugin Slug:
- pods
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.8.1
- Severity Score:
- Medium
- CVE:
- 2024-11849
WordPress Popular Posts
- Plugin:
- WordPress Popular Posts
- Plugin Slug:
- wordpress-popular-posts
- Installations
- 100,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 7.2.0
- Severity Score:
- High
- CVE:
- 2024-11733
Backup Migration
- Plugin:
- Backup Migration
- Plugin Slug:
- backup-backup
- Installations
- 80,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.4.6.1
- Severity Score:
- Critical
- CVE:
- 2024-10932
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.44
- Severity Score:
- High
- CVE:
- 2024-12311
Media Library Assistant
- Plugin:
- Media Library Assistant
- Plugin Slug:
- media-library-assistant
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.24
- Severity Score:
- High
- CVE:
- 2024-11974
Piotnet Addons For Elementor
- Plugin:
- Piotnet Addons For Elementor
- Plugin Slug:
- piotnet-addons-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.32
- Severity Score:
- Medium
- CVE:
- 2025-22333
Compact WP Audio Player
- Plugin:
- Compact WP Audio Player
- Plugin Slug:
- compact-wp-audio-player
- Installations
- 30,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.9.15
- Severity Score:
- Medium
- CVE:
- 2024-56279
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
- Plugin Slug:
- master-addons
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6.8
- Severity Score:
- Medium
- CVE:
- 2024-9502
Data Tables Generator by Supsystic
- Plugin Slug:
- data-tables-generator-by-supsystic
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.10.37
- Severity Score:
- Medium
- CVE:
- 2024-56253
Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
- Plugin Slug:
- icegram
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.32
- Severity Score:
- Medium
- CVE:
- 2024-12302
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
- Plugin Slug:
- mp3-music-player-by-sonaar
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.9
- Severity Score:
- Medium
- CVE:
- 2024-56266
Post Grid Elementor Addon
- Plugin:
- Post Grid Elementor Addon
- Plugin Slug:
- post-grid-elementor-addon
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.19
- Severity Score:
- Medium
- CVE:
- 2024-56268
AFI – The Easiest Integration Plugin
- Plugin Slug:
- advanced-form-integration
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.97.0
- Severity Score:
- Medium
- CVE:
- 2024-56293
AyeCode Connect
- Plugin:
- AyeCode Connect
- Plugin Slug:
- ayecode-connect
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.9
- Severity Score:
- Medium
- CVE:
- 2024-56255
Export Import Menus
- Plugin:
- Export Import Menus
- Plugin Slug:
- export-import-menus
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.2
- Severity Score:
- Medium
- CVE:
- 2024-10866
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
- Plugin Slug:
- geodirectory
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.85
- Severity Score:
- Medium
- CVE:
- 2024-56259
Mang Board WP
- Plugin:
- Mang Board WP
- Plugin Slug:
- mangboard
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.5
- Severity Score:
- High
- CVE:
- 2024-56296
WP Post Author – Boost Your Blog’s Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder
- Plugin Slug:
- wp-post-author
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.8.3
- Severity Score:
- High
- CVE:
- 2024-56247
Export All Posts, Products, Orders, Refunds & Users
- Plugin Slug:
- wp-ultimate-exporter
- Installations
- 10,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 2.9.2
- Severity Score:
- Critical
- CVE:
- 2024-56278
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
- Plugin Slug:
- wedevs-project-manager
- Installations
- 8,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.6.17
- Severity Score:
- High
- CVE:
- 2024-12195
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates
- Plugin Slug:
- the-plus-addons-for-block-editor
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.8
- Severity Score:
- Medium
- CVE:
- 2024-56294
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates
- Plugin Slug:
- the-plus-addons-for-block-editor
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.5
- Severity Score:
- Medium
- CVE:
- 2024-56246
WP Compress – Instant Performance & Speed Optimization
- Plugin Slug:
- wp-compress-image-optimizer
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.30.04
- Severity Score:
- High
- CVE:
- 2024-12047
WPSSO Core – Complete and Optimized Structured Data SEO
- Plugin Slug:
- wpsso
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 18.18.2
- Severity Score:
- Medium
- CVE:
- 2024-56243
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 6,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.2.5
- Severity Score:
- Medium
- CVE:
- 2024-12132
Arconix Shortcodes
- Plugin:
- Arconix Shortcodes
- Plugin Slug:
- arconix-shortcodes
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.15
- Severity Score:
- Medium
- CVE:
- 2024-56242
Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
- Plugin Slug:
- magazine-blocks
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.21
- Severity Score:
- Medium
- CVE:
- 2024-56258
WPKoi Templates for Elementor
- Plugin:
- WPKoi Templates for Elementor
- Plugin Slug:
- wpkoi-templates-for-elementor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.4
- Severity Score:
- Medium
- CVE:
- 2024-56241
Ashe Extra
- Plugin:
- Ashe Extra
- Plugin Slug:
- ashe-extra
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3
- Severity Score:
- Medium
- CVE:
- 2024-56244
Move Addons for Elementor
- Plugin:
- Move Addons for Elementor
- Plugin Slug:
- move-addons
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.7
- Severity Score:
- Medium
- CVE:
- 2024-56254
Classic Addons – WPBakery Page Builder
- Plugin Slug:
- classic-addons-wpbakery-page-builder-addons
- Installations
- 2,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.1
- Severity Score:
- High
- CVE:
- 2024-56286
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
- Plugin Slug:
- groundhogg
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.3.4
- Severity Score:
- High
- CVE:
- 2024-56289
MyBookTable Bookstore by Stormhill Media
- Plugin Slug:
- mybooktable
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.5.4
- Severity Score:
- Medium
- CVE:
- 2025-22301
Premium Blocks – Gutenberg Blocks for WordPress
- Plugin Slug:
- premium-blocks-for-gutenberg
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.43
- Severity Score:
- Medium
- CVE:
- 2024-56245
Pronamic Google Maps
- Plugin:
- Pronamic Google Maps
- Plugin Slug:
- pronamic-google-maps
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.3
- Severity Score:
- Medium
- CVE:
- 2024-56240
WPBITS Addons For Elementor Page Builder
- Plugin Slug:
- wpbits-addons-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6
- Severity Score:
- Medium
- CVE:
- 2025-22316
WPBITS Addons For Elementor Page Builder
- Plugin Slug:
- wpbits-addons-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6
- Severity Score:
- Medium
- CVE:
- 2024-56285
WP Wand – AI Writer, AI Content Generator & AI Assistant by ChatGPT, OpenAI | Generate SEO Friendly AI Blog Post & Article with 20X Speed
- Plugin Slug:
- ai-content-generation
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.6
- Severity Score:
- Medium
- CVE:
- 2025-22302
AI WP Writer – automatic content creator, ChatGPT, GPT-4, Dalle 3, FLUX
- Plugin Slug:
- ai-wp-writer
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.4.5
- Severity Score:
- Medium
- CVE:
- 2025-22297
Accessibility by AllAccessible
- Plugin:
- Accessibility by AllAccessible
- Plugin Slug:
- allaccessible
- Installations
- 1,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.3.5
- Severity Score:
- High
- CVE:
- 2024-49644
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons
- Plugin Slug:
- contest-gallery
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 24.0.4
- Severity Score:
- Medium
- CVE:
- 2024-56237
Enter Addons – Ultimate Template Builder for Elementor
- Plugin Slug:
- enteraddons
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2024-56252
Locatoraid Store Locator
- Plugin:
- Locatoraid Store Locator
- Plugin Slug:
- locatoraid
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.9.51
- Severity Score:
- High
- CVE:
- 2024-56283
????? ?? ???? – ???? ?? ????
- Plugin:
- ????? ?? ???? – ???? ?? ????
- Plugin Slug:
- pgall-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.2.2
- Severity Score:
- High
- CVE:
- 2024-56281
Themify Audio Dock
- Plugin:
- Themify Audio Dock
- Plugin Slug:
- themify-audio-dock
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.5
- Severity Score:
- Medium
- CVE:
- 2024-56239
WP Docs
- Plugin:
- WP Docs
- Plugin Slug:
- wp-docs
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2024-56288
Photo Gallery Slideshow & Masonry Tiled Gallery
- Plugin Slug:
- wp-responsive-photo-gallery
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.0.16
- Severity Score:
- Medium
- CVE:
- 2024-12237
WP Smart Import : Import any XML File to WordPress
- Plugin Slug:
- wp-smart-import
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.3
- Severity Score:
- High
- CVE:
- 2024-12701
ConvertCalculator for WordPress
- Plugin:
- ConvertCalculator for WordPress
- Plugin Slug:
- convertcalculator
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.2
- Severity Score:
- Medium
- CVE:
- 2024-56302
Event Espresso – Event Registration & Ticketing Sales
- Plugin Slug:
- event-espresso-decaf
- Installations
- 900+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.0.31.decaf
- Severity Score:
- Medium
- CVE:
- 2024-56251
WP Social AutoConnect
- Plugin:
- WP Social AutoConnect
- Plugin Slug:
- wp-fb-autoconnect
- Installations
- 900+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.6.3
- Severity Score:
- High
- CVE:
- 2024-12279
Hestia Nginx Cache
- Plugin:
- Hestia Nginx Cache
- Plugin Slug:
- hestia-nginx-cache
- Installations
- 800+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.1
- Severity Score:
- Medium
- CVE:
- 2024-56236
Dynamics 365 Integration
- Plugin:
- Dynamics 365 Integration
- Plugin Slug:
- integration-dynamics
- Installations
- 800+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.3.24
- Severity Score:
- Critical
- CVE:
- 2024-12583
Just Writing Statistics
- Plugin:
- Just Writing Statistics
- Plugin Slug:
- just-writing-statistics
- Installations
- 800+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.8
- Severity Score:
- High
- CVE:
- 2024-56250
Taskbuilder – WordPress Project & Task Management plugin
- Plugin Slug:
- taskbuilder
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.7
- Severity Score:
- Medium
- CVE:
- 2024-11930
WP jQuery DataTable
- Plugin:
- WP jQuery DataTable
- Plugin Slug:
- wp-jquery-datatable
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.0
- Severity Score:
- Medium
- CVE:
- 2024-56287
One to one user Chat by WPGuppy
- Plugin:
- One to one user Chat by WPGuppy
- Plugin Slug:
- wpguppy-lite
- Installations
- 800+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.1.1
- Severity Score:
- High
- CVE:
- 2024-56280
One to one user Chat by WPGuppy
- Plugin:
- One to one user Chat by WPGuppy
- Plugin Slug:
- wpguppy-lite
- Installations
- 800+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.1.1
- Severity Score:
- Critical
- CVE:
- 2024-49222
WPMasterToolKit (WPMTK) – All in one plugin
- Plugin Slug:
- wpmastertoolkit
- Installations
- 800+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.14.0
- Severity Score:
- Critical
- CVE:
- 2024-56249
WPMasterToolKit (WPMTK) – All in one plugin
- Plugin Slug:
- wpmastertoolkit
- Installations
- 800+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.14.0
- Severity Score:
- Medium
- CVE:
- 2024-56248
AI for SEO – Bulk Generate Metadata, Alt Text, Image Titles, Captions, Descriptions
- Plugin Slug:
- ai-for-seo
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.10
- Severity Score:
- Medium
- CVE:
- 2025-22299
Service Box
- Plugin:
- Service Box
- Plugin Slug:
- service-boxs
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0
- Severity Score:
- Medium
- CVE:
- 2024-12699
WP Multi Store Locator
- Plugin:
- WP Multi Store Locator
- Plugin Slug:
- wp-multi-store-locator
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.6
- Severity Score:
- Medium
- CVE:
- 2024-12475
Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more
- Plugin Slug:
- scratch-win-giveaways-for-website-facebook
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.8.0
- Severity Score:
- Medium
- CVE:
- 2024-12545
WP Mailster
- Plugin:
- WP Mailster
- Plugin Slug:
- wp-mailster
- Installations
- 300+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.8.18.0
- Severity Score:
- Medium
- CVE:
- 2025-22303
ACF City Selector
- Plugin:
- ACF City Selector
- Plugin Slug:
- acf-city-selector
- Installations
- 200+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.15.0
- Severity Score:
- Medium
- CVE:
- 2024-56264
CC Canadian Mortgage Calculator
- Plugin:
- CC Canadian Mortgage Calculator
- Plugin Slug:
- cc-canadian-mortgage-calculator
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.1
- Severity Score:
- Medium
- CVE:
- 2024-11383
Multiple Shipping And Billing Address For Woocommerce
- Plugin Slug:
- different-shipping-and-billing-address-for-woocommerce
- Installations
- 200+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3
- Severity Score:
- Critical
- CVE:
- 2024-56290
Email Reminders
- Plugin:
- Email Reminders
- Plugin Slug:
- email-reminders
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6
- Severity Score:
- Medium
- CVE:
- 2024-56292
Project Showcase – A WordPress Plugin to Display Projects in Various Layouts
- Plugin Slug:
- gs-projects
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.2
- Severity Score:
- Medium
- CVE:
- 2024-56261
Post/Page Copying Tool to Export and Import post/page for Cross site Migration
- Plugin Slug:
- postpage-import-export-with-custom-fields-taxonomies
- Installations
- 200+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.1
- Severity Score:
- High
- CVE:
- 2024-56300
Turnkey bbPress by WeaverTheme
- Plugin:
- Turnkey bbPress by WeaverTheme
- Plugin Slug:
- weaver-for-bbpress
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.1
- Severity Score:
- High
- CVE:
- 2024-12221
Interactive UK Map
- Plugin:
- Interactive UK Map
- Plugin Slug:
- interactive-uk-map
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4.9
- Severity Score:
- High
- CVE:
- 2024-56267
JobBoard Job listing plugin
- Plugin:
- JobBoard Job listing plugin
- Plugin Slug:
- job-board-light
- Installations
- 100+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.2.7
- Severity Score:
- Critical
- CVE:
- 2024-43243
Pretty Simple Popup Builder
- Plugin:
- Pretty Simple Popup Builder
- Plugin Slug:
- pretty-simple-popup-builder
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.10
- Severity Score:
- Medium
- CVE:
- 2024-56298
PlainInventory – Inventory Management Plugin
- Plugin Slug:
- z-inventory-manager
- Installations
- 100+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.1.7
- Severity Score:
- High
- CVE:
- 2024-56291
Notify Odoo
- Plugin:
- Notify Odoo
- Plugin Slug:
- notify-odoo
- Installations
- 90+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.1
- Severity Score:
- High
- CVE:
- 2024-56299
Error Log Viewer By WP Guru
- Plugin:
- Error Log Viewer By WP Guru
- Plugin Slug:
- error-log-viewer-wp
- Installations
- 80+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.0.4
- Severity Score:
- High
- CVE:
- 2024-12849
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
- Plugin Slug:
- hive-support
- Installations
- 60+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- CVE:
- 2025-22298
GS Shots for Dribbble
- Plugin:
- GS Shots for Dribbble
- Plugin Slug:
- gs-dribbble-portfolio
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.1
- Severity Score:
- Medium
- CVE:
- 2024-56263
Highlight Sitewide Notice, Text, Button Menu
- Plugin Slug:
- highlight
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6
- Severity Score:
- Medium
- CVE:
- 2024-56297
GS Coaches
- Plugin:
- GS Coaches
- Plugin Slug:
- gs-coach
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2024-56262
WPMozo Addons Lite for Elementor
- Plugin:
- WPMozo Addons Lite for Elementor
- Plugin Slug:
- wpmozo-addons-lite-for-elementor
- Installations
- 10+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.1.1
- Severity Score:
- High
- CVE:
- 2024-56282
Coins MarketCap
- Plugin:
- Coins MarketCap
- Plugin Slug:
- coins-marketcap
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.9
- Severity Score:
- Medium
- CVE:
- 2024-56257
Floating Action Buttons
- Plugin:
- Floating Action Buttons
- Plugin Slug:
- floating-action-buttons
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.1
- Severity Score:
- Medium
- CVE:
- 2024-56238
Goodlayers Core
- Plugin:
- Goodlayers Core
- Plugin Slug:
- goodlayers-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.10
- Severity Score:
- Medium
- CVE:
- 2024-11357
ShopElement
- Plugin:
- ShopElement
- Plugin Slug:
- shopelement
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2024-56260
Tourmaster
- Plugin:
- Tourmaster
- Plugin Slug:
- tourmaster
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.4
- Severity Score:
- High
- CVE:
- 2024-11356
WordPress Themes — 2 Patched / 21 Unpatched
Store Commerce
- Theme:
- Store Commerce
- Theme Slug:
- store-commerce
- Downloads
- 50,956
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22339
Aports – Single Property WordPress Theme
- Theme:
- Aports – Single Property WordPress Theme
- Theme Slug:
- aports
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Boliin – Resort & Hotel Booking WordPress Theme
- Theme:
- Boliin – Resort & Hotel Booking WordPress Theme
- Theme Slug:
- boliin
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Constix – Construction Factory & Industrial WordPress Theme
- Theme:
- Constix – Construction Factory & Industrial WordPress Theme
- Theme Slug:
- constix
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Conult – Consulting Business WordPress Themes
- Theme:
- Conult – Consulting Business WordPress Themes
- Theme Slug:
- conult
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Digi Store
- Theme:
- Digi Store
- Theme Slug:
- digi-store
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22354
Education LMS
- Theme:
- Education LMS
- Theme Slug:
- education-lms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22334
Fioxen
- Theme:
- Fioxen
- Theme Slug:
- fioxen
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
TheFude – Crowdfunding & Charity WordPress Theme
- Theme:
- TheFude – Crowdfunding & Charity WordPress Theme
- Theme Slug:
- fude
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Gowilds – Travel & Tour Booking WordPress Theme
- Theme:
- Gowilds – Travel & Tour Booking WordPress Theme
- Theme Slug:
- gowilds
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Halpes
- Theme:
- Halpes
- Theme Slug:
- halpes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Lestin – Directory Listing WordPress Theme
- Theme:
- Lestin – Directory Listing WordPress Theme
- Theme Slug:
- lestin
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Modins – Insurance & Finance WordPress Theme
- Theme:
- Modins – Insurance & Finance WordPress Theme
- Theme Slug:
- modins
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Orgarium – Agriculture & Organic Farm WordPress Theme
- Theme:
- Orgarium – Agriculture & Organic Farm WordPress Theme
- Theme Slug:
- orgarium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Paroti
- Theme:
- Paroti
- Theme Slug:
- paroti
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Pisole – Digital Creative Agency WordPress Theme
- Theme:
- Pisole – Digital Creative Agency WordPress Theme
- Theme Slug:
- pisole
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Qempo
- Theme:
- Qempo
- Theme Slug:
- qempo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Qizon – Crowdfunding & Charity WordPress Theme
- Theme:
- Qizon – Crowdfunding & Charity WordPress Theme
- Theme Slug:
- qizon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Sominx – Creative Business Agency WordPress Theme
- Theme:
- Sominx – Creative Business Agency WordPress Theme
- Theme Slug:
- sominx
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
Tevily – Travel & Tour Booking WordPress Theme
- Theme:
- Tevily – Travel & Tour Booking WordPress Theme
- Theme Slug:
- tevily
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
welowe
- Theme:
- welowe
- Theme Slug:
- welowe
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43334
SimpleCharm
- Theme:
- SimpleCharm
- Theme Slug:
- simplecharm
- Downloads
- 1,014
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4
- Severity Score:
- High
- CVE:
- 2024-56056
Aurum
- Theme:
- Aurum
- Theme Slug:
- aurum-minimalist-shopping-theme
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.3
- Severity Score:
- Medium
- CVE:
- 2024-12781
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
