WordPress Vulnerability Report — July 23, 2025

Since last week, 167 new vulnerabilities have emerged in the WordPress ecosystem, including 162 plugins and 5 themes. 42 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Jul 23, 2025

Filed Under:WordPress Vulnerability Report

Reading Time:2 min.

In this report, 167 vulnerabilities have been publicly disclosed. Security patches for 125 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 42 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 121 Patched / 41 Unpatched

2.1 URL Shortener Plugin For WordPress
2.2 DB Backup
2.3 Nginx Cache Purge Preload
2.4 Block Editor Gallery Slider
2.5 aapanel WP Toolkit
2.6 Affiliate Reviews
2.7 Alike – WordPress Custom Post Comparison
2.8 Attachment Manager
2.9 Avishi WP PayPal Payment Button
2.10 Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer)
2.11 B1.lt for WooCommerce
2.12 Birth Chart Compatibility
2.13 Biteship
2.14 Brandfolder
2.15 bSecure – Your Universal Checkout
2.16 Copymatic
2.17 Counter live visitors for WooCommerce
2.18 Crowdfunding for WooCommerce
2.19 FoodMenu
2.20 WooCommerce Shop Page Builder
2.21 EPay.bg Payments
2.22 IDonatePro
2.23 Latest Post Accordian Slider
2.24 Multimedia Playlist Slider Addon for WPBakery Page Builder
2.25 Like & Share My Site
2.26 Listly
2.27 Live Stream Badger
2.28 Map My Locations
2.29 Partnerský systém Martinus
2.30 Mediabay – WordPress Media Library Folders
2.31 Orion Login with SMS
2.32 The E-Commerce ERP
2.33 Restrict File Access
2.34 Ruven Themes: Shortcodes
2.35 Temporarily Hidden Content
2.36 Terms descriptions
2.37 Testimonial Post type
2.38 Useful Tab Block
2.39 Vertical scroll image slideshow gallery
2.40 WP JobHunt
2.41 Zuppler Online Ordering
2.42 Forminator Forms – Contact Form, Payment Form & Custom Form Builder
2.43 WP Shortcodes Plugin — Shortcodes Ultimate
2.44 WP Shortcodes Plugin — Shortcodes Ultimate
2.45 Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
2.46 SureForms – Drag and Drop Form Builder for WordPress
2.47 Strong Testimonials
2.48 JetFormBuilder — Dynamic Blocks Form Builder
2.49 Media Library Assistant
2.50 User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
2.51 WP-Members Membership Plugin
2.52 Bold Page Builder
2.53 Companion Auto Update
2.54 Stop User Enumeration
2.55 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
2.56 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
2.57 FluentSnippets – The High-Performance file based Custom Code Snippets Plugin
2.58 SMTP2GO for WordPress – Email Made Easy
2.59 Welcart e-Commerce
2.60 WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
2.61 WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
2.62 CM Pop-Up – Create engaging popups to capture attention and boost interaction
2.63 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
2.64 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
2.65 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
2.66 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
2.67 Videopack
2.68 Malcure Malware Scanner — #1 Toolset for Malware Removal
2.69 Malcure Malware Scanner — #1 Toolset for Malware Removal
2.70 AntiSpam for Contact Form 7
2.71 Ghost Kit – Page Builder Blocks, Motion Effects & Extensions
2.72 ProfileGrid – User Profiles, Groups and Communities
2.73 Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
2.74 WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
2.75 Coupon Affiliates – Affiliate Plugin for WooCommerce
2.76 WPAdverts – Classifieds Plugin
2.77 ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)
2.78 GSheetConnector for WC
2.79 Restaurant Menu and Food Ordering
2.80 News Kit Elementor Addons
2.81 Newsletters
2.82 Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery
2.83 Animator – Scroll Triggered Animations
2.84 SMTP for Amazon SES – YaySMTP
2.85 Theme Builder For Elementor
2.86 Wallet System for WooCommerce
2.87 Appointment Booking & Scheduling Plugin — Webba Booking Calendar
2.88 Appointment Booking & Scheduling Plugin — Webba Booking Calendar
2.89 WP Post Hide
2.90 LightBox Block – Gutenberg block for creating fully functional lightbox
2.91 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
2.92 Widget for Google Reviews
2.93 Custom API for WP
2.94 Easy Elementor Addons
2.95 Ebook Store
2.96 Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms
2.97 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms
2.98 SMTP for SendGrid – YaySMTP
2.99 YayExtra – WooCommerce Extra Product Options
2.100 FG Drupal to WordPress
2.101 Ultimate WP Mail
2.102 Maya Business Plugin
2.103 Stop and Block bots plugin Anti bots
2.104 Chatbox Manager
2.105 SMTP for Sendinblue – YaySMTP
2.106 Formality
2.107 Image Wall
2.108 Residential Address Detection
2.109 Cloud SAML SSO – Single Sign On Login
2.110 CRM and Lead Management by vcita
2.111 Import CDN-Remote Images
2.112 Knowledge Base
2.113 CM Map Locations – Visualize and share your locations in a few clicks
2.114 Real Estate Property 2025 Create Your Own Fields and Search Bar
2.115 MORKVA Vchasno Kasa Integration
2.116 MORKVA Vchasno Kasa Integration
2.117 Bears Backup
2.118 Foxypress
2.119 Fusion Builder
2.120 GymBase Theme Classes
2.121 JetBlocks For Elementor
2.122 JetBlocks For Elementor
2.123 JetElements For Elementor
2.124 JetElements For Elementor
2.125 JetEngine
2.126 JetMenu
2.127 JetPopup
2.128 JetPopup
2.129 JetPopup
2.130 JetSearch
2.131 JetSmartFilters
2.132 JetSmartFilters
2.133 JetTabs
2.134 JetTabs
2.135 JetTricks
2.136 JetTricks
2.137 JetWooBuilder
2.138 Radio Player Shoutcast & Icecast
2.139 Apollo – Sticky Full Width HTML5 Audio Player
2.140 SHOUT – HTML5 Radio Player With Ads – ShoutCast and IceCast Support
2.141 Universal Video Player – Addon for WPBakery Page Builder
2.142 HTML5 Radio Player – WPBakery Page Builder Addon
2.143 Universal Video Player – Addon for WPBakery Page Builder
2.144 LoginPress Pro
2.145 Madara – Responsive Manga Site
2.146 MasterStudy LMS Pro
2.147 Modern Events Calendar Lite
2.148 Simple Link Directory
2.149 Cost Calculator
2.150 Revolution Video Player With Bottom Playlist
2.151 School Management
2.152 The Plus Addons for Elementor Pro
2.153 Transposh WordPress Translation
2.154 Transposh WordPress Translation
2.155 Transposh WordPress Translation
2.156 Transposh WordPress Translation
2.157 Transposh WordPress Translation
2.158 Transposh WordPress Translation
2.159 ThemeREX Addons
2.160 Youtube Vimeo Video Player and Slider
2.161 WooCommerce Refund And Exchange with RMA
2.162 Pinterest Automatic Pin

3. WordPress Themes — 4 Patched / 1 Unpatched

3.1 Visual Art | Gallery WordPress Theme
3.2 Hestia
3.3 Alone
3.4 Alone
3.5 Houzez

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.8.2 is now available! This maintenance release includes fixes for 20 Core tickets and 15 Block Editor issues. For a full list of bug fixes, please refer to the release candidate announcement.

WordPress Plugins — 121 Patched / 41 Unpatched

Plugin:: URL Shortener Plugin For WordPress
Plugin Slug:: exact-links
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28965

Plugin:: DB Backup
Plugin Slug:: db-backup
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-50031

Plugin:: Nginx Cache Purge Preload
Plugin Slug:: fastcgi-cache-purge-and-preload-nginx
Installations: 80+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-6213

Plugin:: Block Editor Gallery Slider
Plugin Slug:: block-editor-gallery-slider
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6726

Plugin:: aapanel WP Toolkit
Plugin Slug:: aapanel-wp-toolkit
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6813

Plugin:: Affiliate Reviews
Plugin Slug:: affiliate-reviews
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5845

Plugin:: Alike – WordPress Custom Post Comparison
Plugin Slug:: alike
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28975

Plugin:: Attachment Manager
Plugin Slug:: attachment-manager
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7643

Plugin:: Avishi WP PayPal Payment Button
Plugin Slug:: avishi-wp-paypal-payment-button
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7669

Plugin:: Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer)
Plugin Slug:: azon-addon-js-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30631

Plugin:: B1.lt for WooCommerce
Plugin Slug:: b1-accounting
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6718

Plugin:: Birth Chart Compatibility
Plugin Slug:: birth-chart-compatibility
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6082

Plugin:: Biteship
Plugin Slug:: biteship
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5816

Plugin:: Brandfolder
Plugin Slug:: brandfolder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5843

Plugin:: bSecure – Your Universal Checkout
Plugin Slug:: bsecure
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-6187

Plugin:: Copymatic
Plugin Slug:: copymatic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6781

Plugin:: Counter live visitors for WooCommerce
Plugin Slug:: counter-visitor-for-woocommerce
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7359

Plugin:: Crowdfunding for WooCommerce
Plugin Slug:: crowdfunding-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5767

Plugin:: FoodMenu
Plugin Slug:: dzs-restaurantmenu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-29014

Plugin:: WooCommerce Shop Page Builder
Plugin Slug:: dzs-wootable
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28999

Plugin:: EPay.bg Payments
Plugin Slug:: epaybg-payments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7653

Plugin:: IDonatePro
Plugin Slug:: idonate-pro
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30635

Plugin:: Latest Post Accordian Slider
Plugin Slug:: latest-post-accordian-slider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7687

Plugin:: Multimedia Playlist Slider Addon for WPBakery Page Builder
Plugin Slug:: lbg_vp_youtube_vimeo_addon_visual_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30626

Plugin:: Like & Share My Site
Plugin Slug:: like-share-my-site
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7685

Plugin:: Listly
Plugin Slug:: listly
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5811

Plugin:: Live Stream Badger
Plugin Slug:: live-stream-badger
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7655

Plugin:: Map My Locations
Plugin Slug:: map-my-locations
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7660

Plugin:: Partnerský systém Martinus
Plugin Slug:: martinus-partnersky-system
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7661

Plugin:: Mediabay – WordPress Media Library Folders
Plugin Slug:: mediabay
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28949

Plugin:: Orion Login with SMS
Plugin Slug:: orion-login-with-sms
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7692

Plugin:: The E-Commerce ERP
Plugin Slug:: profitori
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-52800

Plugin:: Restrict File Access
Plugin Slug:: restrict-file-access
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7667

Plugin:: Ruven Themes: Shortcodes
Plugin Slug:: ruven-themes-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7648

Plugin:: Temporarily Hidden Content
Plugin Slug:: temporarily-hidden-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7658

Plugin:: Terms descriptions
Plugin Slug:: terms-descriptions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6719

Plugin:: Testimonial Post type
Plugin Slug:: testimonial-post-type
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5800

Plugin:: Useful Tab Block
Plugin Slug:: useful-tab-block-responsive-amp-compatible
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5754

Plugin:: Vertical scroll image slideshow gallery
Plugin Slug:: vertical-scroll-image-slideshow-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5752

Plugin:: WP JobHunt
Plugin Slug:: wp-jobhunt
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6585

Plugin:: Zuppler Online Ordering
Plugin Slug:: zuppler-online-ordering
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6053

Plugin:: Forminator Forms – Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 600,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.45.1
Severity Score:: High
CVE:: 2025-7638

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 500,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.4.3
Severity Score:: Medium
CVE:: 2025-7369

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.3
Severity Score:: Medium
CVE:: 2025-7354

Plugin:: Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: Broken Authentication
Patched in Version:: 3.3.0
Severity Score:: High
CVE:: 2025-24000

Plugin:: SureForms – Drag and Drop Form Builder for WordPress
Plugin Slug:: sureforms
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.2
Severity Score:: High
CVE:: 2025-5921

Plugin:: Strong Testimonials
Plugin Slug:: strong-testimonials
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.12
Severity Score:: Medium
CVE:: 2025-7367

Plugin:: JetFormBuilder — Dynamic Blocks Form Builder
Plugin Slug:: jetformbuilder
Installations: 80,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.5.2
Severity Score:: High
CVE:: 2025-53990

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.27
Severity Score:: Medium
CVE:: 2025-7035

Plugin:: User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.0
Severity Score:: Medium
CVE:: 2025-6831

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4.2
Severity Score:: Medium
CVE:: 2025-7495

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.2
Severity Score:: Medium
CVE:: 2025-54006

Plugin:: Companion Auto Update
Plugin Slug:: companion-auto-update
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.3
Severity Score:: Medium
CVE:: 2025-4369

Plugin:: Stop User Enumeration
Plugin Slug:: stop-user-enumeration
Installations: 50,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.7.3
Severity Score:: Medium
CVE:: 2025-4302

Plugin:: Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Plugin Slug:: master-addons
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.8.3
Severity Score:: Medium
CVE:: 2025-5284

Plugin:: Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.9
Severity Score:: Medium
CVE:: 2025-4685

Plugin:: FluentSnippets – The High-Performance file based Custom Code Snippets Plugin
Plugin Slug:: easy-code-manager
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 10.51
Severity Score:: Critical
CVE:: 2025-54010

Plugin:: SMTP2GO for WordPress – Email Made Easy
Plugin Slug:: smtp2go
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.12.2
Severity Score:: Medium
CVE:: 2025-54011

Plugin:: Welcart e-Commerce
Plugin Slug:: usc-e-shop
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.17
Severity Score:: Medium
CVE:: 2025-54013

Plugin:: WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
Plugin Slug:: wp-event-manager
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.50
Severity Score:: Medium
CVE:: 2025-2799

Plugin:: WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
Plugin Slug:: wp-event-manager
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.51
Severity Score:: High
CVE:: 2025-2800

Plugin:: CM Pop-Up – Create engaging popups to capture attention and boost interaction
Plugin Slug:: cm-pop-up-banners
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.5
Severity Score:: Medium
CVE:: 2025-54018

Plugin:: HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Plugin Slug:: ht-contactform
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2025-54015

Plugin:: HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Plugin Slug:: ht-contactform
Installations: 10,000+
Vulnerability:: Directory Traversal
Patched in Version:: 2.2.2
Severity Score:: Critical
CVE:: 2025-7360

Plugin:: HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Plugin Slug:: ht-contactform
Installations: 10,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.2.2
Severity Score:: Critical
CVE:: 2025-7340

Plugin:: HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Plugin Slug:: ht-contactform
Installations: 10,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.2.2
Severity Score:: High
CVE:: 2025-7341

Plugin:: Videopack
Plugin Slug:: video-embed-thumbnail-generator
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.4
Severity Score:: Medium
CVE:: 2025-54016

Plugin:: Malcure Malware Scanner — #1 Toolset for Malware Removal
Plugin Slug:: wp-malware-removal
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 16.9
Severity Score:: Medium
CVE:: 2025-7772

Plugin:: Malcure Malware Scanner — #1 Toolset for Malware Removal
Plugin Slug:: wp-malware-removal
Installations: 10,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 17.1
Severity Score:: High
CVE:: 2025-6043

Plugin:: AntiSpam for Contact Form 7
Plugin Slug:: cf7-antispam
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.6.4
Severity Score:: Medium
CVE:: 2025-54020

Plugin:: Ghost Kit – Page Builder Blocks, Motion Effects & Extensions
Plugin Slug:: ghostkit
Installations: 7,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.4.2
Severity Score:: High
CVE:: 2025-53567

Plugin:: ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.5.5
Severity Score:: High
CVE:: 2025-6977

Plugin:: Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
Plugin Slug:: extensions-for-cf7
Installations: 6,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.2.9
Severity Score:: High
CVE:: 2025-7645

Plugin:: WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
Plugin Slug:: delicious-recipes
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.5
Severity Score:: Medium
CVE:: 2025-54023

Plugin:: Coupon Affiliates – Affiliate Plugin for WooCommerce
Plugin Slug:: woo-coupon-usage
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.4.1
Severity Score:: Medium
CVE:: 2025-54022

Plugin:: WPAdverts – Classifieds Plugin
Plugin Slug:: wpadverts
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.6
Severity Score:: Medium
CVE:: 2025-54024

Plugin:: ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)
Plugin Slug:: elex-bulk-edit-products-prices-attributes-for-woocommerce-basic
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2025-47645

Plugin:: GSheetConnector for WC
Plugin Slug:: wc-gsheetconnector
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2025-54030

Plugin:: Restaurant Menu and Food Ordering
Plugin Slug:: mp-restaurant-menu
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-54038

Plugin:: News Kit Elementor Addons
Plugin Slug:: news-kit-elementor-addons
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2025-54037

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.11
Severity Score:: Medium
CVE:: 2025-54035

Plugin:: Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery
Plugin Slug:: pixel-gallery
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2025-7644

Plugin:: Animator – Scroll Triggered Animations
Plugin Slug:: scroll-triggered-animations
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.17
Severity Score:: Medium
CVE:: 2025-54039

Plugin:: SMTP for Amazon SES – YaySMTP
Plugin Slug:: smtp-amazon-ses
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.9.1
Severity Score:: High
CVE:: 2025-54043

Plugin:: Theme Builder For Elementor
Plugin Slug:: theme-builder-for-elementor
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2025-54033

Plugin:: Wallet System for WooCommerce
Plugin Slug:: wallet-system-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.8
Severity Score:: Medium
CVE:: 2025-54041

Plugin:: Appointment Booking & Scheduling Plugin — Webba Booking Calendar
Plugin Slug:: webba-booking-lite
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.22
Severity Score:: Medium
CVE:: 2025-54040

Plugin:: Appointment Booking & Scheduling Plugin — Webba Booking Calendar
Plugin Slug:: webba-booking-lite
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.1.21
Severity Score:: Medium
CVE:: 2025-54036

Plugin:: WP Post Hide
Plugin Slug:: wp-post-hide
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-54042

Plugin:: LightBox Block – Gutenberg block for creating fully functional lightbox
Plugin Slug:: lightbox-block
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.31
Severity Score:: Medium
CVE:: 2025-54051

Plugin:: Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
Plugin Slug:: responsive-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2025-54050

Plugin:: Widget for Google Reviews
Plugin Slug:: business-reviews-wp
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.16
Severity Score:: High
CVE:: 2025-53565

Plugin:: Custom API for WP
Plugin Slug:: custom-api-for-wp
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.2.3
Severity Score:: Critical
CVE:: 2025-54048

Plugin:: Easy Elementor Addons
Plugin Slug:: easy-elementor-addons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.6
Severity Score:: Medium
CVE:: 2025-48295

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8013
Severity Score:: Medium
CVE:: 2025-7486

Plugin:: Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:: integration-for-contact-form-7-and-google-sheets
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.1.2
Severity Score:: Critical
CVE:: 2025-7697

Plugin:: Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:: integration-for-contact-form-7-and-pipedrive
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.2.4
Severity Score:: Critical
CVE:: 2025-7696

Plugin:: SMTP for SendGrid – YaySMTP
Plugin Slug:: smtp-sendgrid
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.1
Severity Score:: High
CVE:: 2025-48301

Plugin:: YayExtra – WooCommerce Extra Product Options
Plugin Slug:: yayextra
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.6
Severity Score:: High
CVE:: 2025-48299

Plugin:: FG Drupal to WordPress
Plugin Slug:: fg-drupal-to-wp
Installations: 900+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.90.1
Severity Score:: Medium
CVE:: 2025-48294

Plugin:: Ultimate WP Mail
Plugin Slug:: ultimate-wp-mail
Installations: 900+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.3.7
Severity Score:: High
CVE:: 2025-6993

Plugin:: Maya Business Plugin
Plugin Slug:: paymaya-checkout-for-woocommerce
Installations: 600+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2025-53208

Plugin:: Stop and Block bots plugin Anti bots
Plugin Slug:: antibots
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.50
Severity Score:: Medium
CVE:: 2025-48166

Plugin:: Chatbox Manager
Plugin Slug:: wa-chatbox-manager
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2025-48167

Plugin:: SMTP for Sendinblue – YaySMTP
Plugin Slug:: smtp-sendinblue
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.1
Severity Score:: High
CVE:: 2025-48161

Plugin:: Formality
Plugin Slug:: formality
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.10
Severity Score:: High
CVE:: 2025-48157

Plugin:: Image Wall
Plugin Slug:: image-wall
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2
Severity Score:: Medium
CVE:: 2025-48156

Plugin:: Residential Address Detection
Plugin Slug:: residential-address-detection
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.10
Severity Score:: Medium
CVE:: 2025-48155

Plugin:: Cloud SAML SSO – Single Sign On Login
Plugin Slug:: cloud-sso-single-sign-on
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.19
Severity Score:: High
CVE:: 2025-49264

Plugin:: CRM and Lead Management by vcita
Plugin Slug:: crm-customer-relationship-management-by-vcita
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2025-5240

Plugin:: Import CDN-Remote Images
Plugin Slug:: import-cdn-remote-images
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.3
Severity Score:: High
CVE:: 2025-48153

Plugin:: Knowledge Base
Plugin Slug:: knowledgebase
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2025-7431

Plugin:: CM Map Locations – Visualize and share your locations in a few clicks
Plugin Slug:: cm-map-locations
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.7
Severity Score:: High
CVE:: 2025-48151

Plugin:: Real Estate Property 2025 Create Your Own Fields and Search Bar
Plugin Slug:: real-estate-right-now
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: 4.49
Severity Score:: Medium
CVE:: 2025-48150

Plugin:: MORKVA Vchasno Kasa Integration
Plugin Slug:: mrkv-vchasno-kasa
Installations: 30+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2025-6721

Plugin:: MORKVA Vchasno Kasa Integration
Plugin Slug:: mrkv-vchasno-kasa
Installations: 30+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2025-6720

Plugin:: Bears Backup
Plugin Slug:: bears-backup
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.1.0
Severity Score:: Critical
CVE:: 2025-5396

Plugin:: Foxypress
Plugin Slug:: foxypress
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.4.2.2
Severity Score:: Critical
CVE:: 2012-10020

Plugin:: Fusion Builder
Plugin Slug:: fusion-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.2
Severity Score:: Medium
CVE:: 2025-6747

Plugin:: GymBase Theme Classes
Plugin Slug:: gymbase_classes
Vulnerability:: SQL Injection
Patched in Version:: 1.5
Severity Score:: High
CVE:: 2025-54026

Plugin:: JetBlocks For Elementor
Plugin Slug:: jet-blocks
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.19
Severity Score:: Medium
CVE:: 2025-53988

Plugin:: JetBlocks For Elementor
Plugin Slug:: jet-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.19.1
Severity Score:: Medium
CVE:: 2025-53989

Plugin:: JetElements For Elementor
Plugin Slug:: jet-elements
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.7.7.1
Severity Score:: Medium
CVE:: 2025-53983

Plugin:: JetElements For Elementor
Plugin Slug:: jet-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7.1
Severity Score:: Medium
CVE:: 2025-53982

Plugin:: JetEngine
Plugin Slug:: jet-engine
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.7.1.1
Severity Score:: Medium
CVE:: 2025-53196

Plugin:: JetMenu
Plugin Slug:: jet-menu
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.11.2
Severity Score:: Medium
CVE:: 2025-53987

Plugin:: JetPopup
Plugin Slug:: jet-popup
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.15.1
Severity Score:: Medium
CVE:: 2025-53993

Plugin:: JetPopup
Plugin Slug:: jet-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.16
Severity Score:: Medium
CVE:: 2025-53995

Plugin:: JetPopup
Plugin Slug:: jet-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.15.1
Severity Score:: Medium
CVE:: 2025-53994

Plugin:: JetSearch
Plugin Slug:: jet-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.11
Severity Score:: Medium
CVE:: 2025-53996

Plugin:: JetSmartFilters
Plugin Slug:: jet-smart-filters
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.6.7.1
Severity Score:: Medium
CVE:: 2025-54008

Plugin:: JetSmartFilters
Plugin Slug:: jet-smart-filters
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.8.1
Severity Score:: Medium
CVE:: 2025-54009

Plugin:: JetTabs
Plugin Slug:: jet-tabs
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.9.1
Severity Score:: Medium
CVE:: 2025-53985

Plugin:: JetTabs
Plugin Slug:: jet-tabs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.9.1
Severity Score:: Medium
CVE:: 2025-53984

Plugin:: JetTricks
Plugin Slug:: jet-tricks
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5.4.2
Severity Score:: Medium
CVE:: 2025-53992

Plugin:: JetTricks
Plugin Slug:: jet-tricks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4.2
Severity Score:: Medium
CVE:: 2025-53991

Plugin:: JetWooBuilder
Plugin Slug:: jet-woo-builder
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.20.1
Severity Score:: Medium
CVE:: 2025-53998

Plugin:: Radio Player Shoutcast & Icecast
Plugin Slug:: lbg-audio4-html5-shoutcast
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.8
Severity Score:: High
CVE:: 2025-53205

Plugin:: Apollo – Sticky Full Width HTML5 Audio Player
Plugin Slug:: lbg-audio5-html5-shoutcast-sticky
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.4
Severity Score:: High
CVE:: 2025-48168

Plugin:: SHOUT – HTML5 Radio Player With Ads – ShoutCast and IceCast Support
Plugin Slug:: lbg-audio8-html5-radio-ads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.5
Severity Score:: High
CVE:: 2025-48163

Plugin:: Universal Video Player – Addon for WPBakery Page Builder
Plugin Slug:: lbg-universal-video-player-addon-visual-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2.0
Severity Score:: High
CVE:: 2025-48170

Plugin:: HTML5 Radio Player – WPBakery Page Builder Addon
Plugin Slug:: lbg_radio_player_addon_visual_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.2
Severity Score:: High
CVE:: 2025-53564

Plugin:: Universal Video Player – Addon for WPBakery Page Builder
Plugin Slug:: lbg_universal_video_player_addon_visual_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2.0
Severity Score:: High
CVE:: 2025-53562

Plugin:: LoginPress Pro
Plugin Slug:: loginpress-pro
Vulnerability:: Broken Authentication
Patched in Version:: 5.0.2
Severity Score:: Critical
CVE:: 2025-7444

Plugin:: Madara – Responsive Manga Site
Plugin Slug:: madara-core
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.2.4
Severity Score:: High
CVE:: 2025-7712

Plugin:: MasterStudy LMS Pro
Plugin Slug:: masterstudy-lms-learning-management-system-pro
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.7.10
Severity Score:: Critical
CVE:: 2025-7438

Plugin:: Modern Events Calendar Lite
Plugin Slug:: modern-events-calendar-lite
Vulnerability:: SQL Injection
Patched in Version:: 6.4.0
Severity Score:: Critical
CVE:: 2021-4458

Plugin:: Simple Link Directory
Plugin Slug:: qc-simple-link-directory
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 14.8.1
Severity Score:: High
CVE:: 2025-48297

Plugin:: Cost Calculator
Plugin Slug:: ql-cost-calculator
Vulnerability:: Broken Access Control
Patched in Version:: 7.5
Severity Score:: Medium
CVE:: 2025-54047

Plugin:: Revolution Video Player With Bottom Playlist
Plugin Slug:: revolution-video-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.3
Severity Score:: High
CVE:: 2025-53212

Plugin:: School Management
Plugin Slug:: school-management
Vulnerability:: Local File Inclusion
Patched in Version:: 1.93.1
Severity Score:: High
CVE:: 2025-3740

Plugin:: The Plus Addons for Elementor Pro
Plugin Slug:: theplus_elementor_addon
Vulnerability:: Broken Access Control
Patched in Version:: 6.3.7
Severity Score:: Medium
CVE:: 2025-46434

Plugin:: Transposh WordPress Translation
Plugin Slug:: transposh-translation-filter-for-wordpress
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.9.2
Severity Score:: Medium
CVE:: 2022-25810

Plugin:: Transposh WordPress Translation
Plugin Slug:: transposh-translation-filter-for-wordpress
Vulnerability:: SQL Injection
Patched in Version:: 1.0.9.2
Severity Score:: High
CVE:: 2022-25811

Plugin:: Transposh WordPress Translation
Plugin Slug:: transposh-translation-filter-for-wordpress
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.0.9.2
Severity Score:: High
CVE:: 2022-25812

Plugin:: Transposh WordPress Translation
Plugin Slug:: transposh-translation-filter-for-wordpress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.9.2
Severity Score:: Medium
CVE:: 2021-24912

Plugin:: Transposh WordPress Translation
Plugin Slug:: transposh-translation-filter-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8
Severity Score:: High
CVE:: 2021-24910

Plugin:: Transposh WordPress Translation
Plugin Slug:: transposh-translation-filter-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8
Severity Score:: High
CVE:: 2021-24911

Plugin:: ThemeREX Addons
Plugin Slug:: trx_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.35.2.2
Severity Score:: Medium
CVE:: 2025-6997

Plugin:: Youtube Vimeo Video Player and Slider
Plugin Slug:: video_player_youtube_vimeo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9
Severity Score:: High
CVE:: 2025-53563

Plugin:: WooCommerce Refund And Exchange with RMA
Plugin Slug:: woocommerce-refund-and-exchange
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.2.7
Severity Score:: Critical
CVE:: 2025-6222

Plugin:: Pinterest Automatic Pin
Plugin Slug:: wp-pinterest-automatic
Vulnerability:: SQL Injection
Patched in Version:: 4.19.0
Severity Score:: High
CVE:: 2025-39510

WordPress Themes — 4 Patched / 1 Unpatched

Theme:: Visual Art | Gallery WordPress Theme
Theme Slug:: visual-arts
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31422

Theme:: Hestia
Theme Slug:: hestia
Downloads: 4,446,823
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.11
Severity Score:: Medium
CVE:: 2025-53986

Theme:: Alone
Theme Slug:: alone
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.8.5
Severity Score:: Critical
CVE:: 2025-5394

Theme:: Alone
Theme Slug:: alone
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 7.8.5
Severity Score:: High
CVE:: 2025-5393

Theme:: Houzez
Theme Slug:: houzez
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.1
Severity Score:: Medium
CVE:: 2025-53997

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 121 Patched / 41 Unpatched