WordPress Vulnerability Report — July 30, 2025
Since last week, 113 new vulnerabilities have emerged in the WordPress ecosystem, including 100 plugins and 13 themes. 53 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.
In this report, 113 vulnerabilities have been publicly disclosed. Security patches for 60 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 53 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.2 was released on July 15, 2025. This maintenance release includes fixes for 20 Core tickets and 15 Block Editor issues. For a full list of bug fixes, please refer to the release candidate announcement.
WordPress Plugins — 50 Patched / 50 Unpatched
Structured Content (JSON-LD) #wpsc
- Plugin Slug:
- structured-content
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4608
Graphina – Elementor Charts and Graphs
- Plugin Slug:
- graphina-elementor-charts-and-graphs
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23968
WP Links Page
- Plugin:
- WP Links Page
- Plugin Slug:
- wp-links-page
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30998
Video Blogster Lite
- Plugin:
- Video Blogster Lite
- Plugin Slug:
- video-blogster-lite
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47689
Featured Image Plus – Quick & Bulk Edit with Unsplash
- Plugin Slug:
- featured-image-plus
- Installations
- 700+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5818
WP Pipes
- Plugin:
- WP Pipes
- Plugin Slug:
- wp-pipes
- Installations
- 500+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28979
CaptionPix
- Plugin:
- CaptionPix
- Plugin Slug:
- captionpix
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52788
ONLYOFFICE Docs
- Plugin:
- ONLYOFFICE Docs
- Plugin Slug:
- onlyoffice
- Installations
- 100+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-6380
Nginx Cache Purge Preload
- Plugin:
- Nginx Cache Purge Preload
- Plugin Slug:
- fastcgi-cache-purge-and-preload-nginx
- Installations
- 70+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-6213
AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT
- Plugin:
- AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT
- Plugin Slug:
- artificial-intelligence-auto-content-generator
- Installations
- 60+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50029
Supreme Addons for Beaver Builder –
- Plugin Slug:
- supreme-addons-for-beaver-builder-lite
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-3669
WP Get The Table
- Plugin:
- WP Get The Table
- Plugin Slug:
- wp-get-the-table
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6387
WooCommerce Point Of Sale (POS)
- Plugin:
- WooCommerce Point Of Sale (POS)
- Plugin Slug:
- woo-point-of-salepos
- Installations
- 40+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52820
Advanced Google Universal Analytics
- Plugin:
- Advanced Google Universal Analytics
- Plugin Slug:
- advanced-google-universal-analytics
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-28962
Affiliate Plus
- Plugin:
- Affiliate Plus
- Plugin Slug:
- affiliate-plus
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7690
Post Grid Master
- Plugin:
- Post Grid Master
- Plugin Slug:
- ajax-filter-posts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-5084
Birth Chart Compatibility
- Plugin:
- Birth Chart Compatibility
- Plugin Slug:
- birth-chart-compatibility
- Vulnerability:
- Full Path Disclosure (FPD)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6082
bSecure – Your Universal Checkout
- Plugin:
- bSecure – Your Universal Checkout
- Plugin Slug:
- bsecure
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-6187
Valuation Calculator
- Plugin:
- Valuation Calculator
- Plugin Slug:
- commercial-real-estate-valuation-calculator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5753
Droip
- Plugin:
- Droip
- Plugin Slug:
- droip
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-5831
Droip
- Plugin:
- Droip
- Plugin Slug:
- droip
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-5835
Fan Page
- Plugin:
- Fan Page
- Plugin Slug:
- fan-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6681
Fleetwire Fleet Management
- Plugin:
- Fleetwire Fleet Management
- Plugin Slug:
- fleetwire-fleet-management
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6261
Get Youtube Subs
- Plugin:
- Get Youtube Subs
- Plugin Slug:
- get-youtube-subs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7966
hiWeb Export Posts
- Plugin:
- hiWeb Export Posts
- Plugin Slug:
- hiweb-export-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7640
iThoughts Advanced Code Editor
- Plugin:
- iThoughts Advanced Code Editor
- Plugin Slug:
- ithoughts-advanced-code-editor
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7835
Latest Post Accordian Slider
- Plugin:
- Latest Post Accordian Slider
- Plugin Slug:
- latest-post-accordian-slider
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7687
Like & Share My Site
- Plugin:
- Like & Share My Site
- Plugin Slug:
- like-share-my-site
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7685
LoginWP – Pro
- Plugin:
- LoginWP – Pro
- Plugin Slug:
- loginwp-pro
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46255
Mine CloudVod
- Plugin:
- Mine CloudVod
- Plugin Slug:
- mine-cloudvod
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8071
muse.ai video embedding
- Plugin:
- muse.ai video embedding
- Plugin Slug:
- muse-ai
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6262
My Reservation System
- Plugin:
- My Reservation System
- Plugin Slug:
- my-reservation-system
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7022
Omnishop
- Plugin:
- Omnishop
- Plugin Slug:
- omnishop
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6215
Omnishop
- Plugin:
- Omnishop
- Plugin Slug:
- omnishop
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6214
Orion Login with SMS
- Plugin:
- Orion Login with SMS
- Plugin Slug:
- orion-login-with-sms
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7692
The E-Commerce ERP
- Plugin:
- The E-Commerce ERP
- Plugin Slug:
- profitori
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52800
Qwizcards
- Plugin:
- Qwizcards
- Plugin Slug:
- qwiz-online-quizzes-and-flashcards
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6174
Realty Portal – Agent
- Plugin:
- Realty Portal – Agent
- Plugin Slug:
- realty-portal-agent
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6190
RT-Theme 18 | Extensions
- Plugin:
- RT-Theme 18 | Extensions
- Plugin Slug:
- rt18-extensions
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32288
Social Streams
- Plugin:
- Social Streams
- Plugin Slug:
- social-streams
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7722
Station Pro
- Plugin:
- Station Pro
- Plugin Slug:
- station-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7959
Supermalink
- Plugin:
- Supermalink
- Plugin Slug:
- supermalink
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49433
Tablesome Table Premium
- Plugin:
- Tablesome Table Premium
- Plugin Slug:
- tablesome-premium
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30944
Taeggie Feed
- Plugin:
- Taeggie Feed
- Plugin Slug:
- taeggie-feed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6382
Voltax Video Player
- Plugin:
- Voltax Video Player
- Plugin Slug:
- voltax-video-player
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6539
WP Applink
- Plugin:
- WP Applink
- Plugin Slug:
- wp-applink
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6385
WP JobHunt
- Plugin:
- WP JobHunt
- Plugin Slug:
- wp-jobhunt
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6585
WP Wallcreeper
- Plugin:
- WP Wallcreeper
- Plugin Slug:
- wp-wallcreeper
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7822
YANewsflash
- Plugin:
- YANewsflash
- Plugin Slug:
- yanewsflash
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6054
YouTube Embed – YouTube Gallery, Vimeo Gallery – WordPress Plugin
- Plugin:
- YouTube Embed – YouTube Gallery, Vimeo Gallery – WordPress Plugin
- Plugin Slug:
- youram-youtube-embed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6692
Elementor Website Builder – More Than Just a Page Builder
- Plugin Slug:
- elementor
- Installations
- 10,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.30.3
- Severity Score:
- Medium
- CVE:
- 2025-4566
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.4.3
- Severity Score:
- Medium
- CVE:
- 2025-8015
Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
- Plugin Slug:
- post-smtp
- Installations
- 400,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 3.3.0
- Severity Score:
- High
- CVE:
- 2025-24000
SureForms – Drag and Drop Form Builder for WordPress
- Plugin Slug:
- sureforms
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.2
- Severity Score:
- High
- CVE:
- 2025-5921
AI Engine
Brizy – Page Builder
- Plugin:
- Brizy – Page Builder
- Plugin Slug:
- brizy
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.21
- Severity Score:
- Medium
- CVE:
- 2025-4370
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
- Plugin Slug:
- post-and-page-builder
- Installations
- 60,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 1.27.9
- Severity Score:
- Medium
- CVE:
- 2025-52712
User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
- Plugin Slug:
- user-registration
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.0
- Severity Score:
- Medium
- CVE:
- 2025-6831
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.4.2
- Severity Score:
- Medium
- CVE:
- 2025-7495
Advanced iFrame
- Plugin:
- Advanced iFrame
- Plugin Slug:
- advanced-iframe
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2025.6
- Severity Score:
- Medium
- CVE:
- 2025-6987
Timber
- Plugin:
- Timber
- Plugin Slug:
- timber-library
- Installations
- 30,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 1.23.3
- Severity Score:
- Medium
- CVE:
- 2024-45411
Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks
- Plugin Slug:
- advanced-gutenberg
- Installations
- 20,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.3.2
- Severity Score:
- High
- CVE:
- 2025-48332
CSS & JavaScript Toolbox
- Plugin:
- CSS & JavaScript Toolbox
- Plugin Slug:
- css-javascript-toolbox
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 12.0.3
- Severity Score:
- High
- CVE:
- 2025-3703
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
- Plugin Slug:
- geodirectory
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.8.98
- Severity Score:
- Critical
- CVE:
- 2024-13507
Wonder Slider Lite
- Plugin:
- Wonder Slider Lite
- Plugin Slug:
- wonderplugin-slider-lite
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 14.5
- Severity Score:
- Medium
- CVE:
- 2025-7501
WP REST Cache
- Plugin:
- WP REST Cache
- Plugin Slug:
- wp-rest-cache
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2025.1.1
- Severity Score:
- High
- CVE:
- 2025-52716
WPeMatico RSS Feed Fetcher
- Plugin:
- WPeMatico RSS Feed Fetcher
- Plugin Slug:
- wpematico
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.8.8
- Severity Score:
- Medium
- CVE:
- 2025-8103
Security Ninja – WordPress Security Plugin & Firewall
- Plugin Slug:
- security-ninja
- Installations
- 9,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 5.243
- Severity Score:
- Medium
- CVE:
- 2025-8009
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.9.5.4
- Severity Score:
- High
- CVE:
- 2025-49033
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
- Plugin Slug:
- extensions-for-cf7
- Installations
- 6,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.2.9
- Severity Score:
- High
- CVE:
- 2025-7645
Simple File List
- Plugin:
- Simple File List
- Plugin Slug:
- simple-file-list
- Installations
- 6,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 6.1.15
- Severity Score:
- High
- CVE:
- 2025-54021
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
- Plugin Slug:
- magical-addons-for-elementor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.9
- Severity Score:
- Medium
- CVE:
- 2025-8196
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions
- Plugin Slug:
- wp-memory
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.99
- Severity Score:
- Medium
- CVE:
- 2025-8104
Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings
- Plugin Slug:
- hydra-booking
- Installations
- 3,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.1.19
- Severity Score:
- High
- CVE:
- 2025-7689
Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery
- Plugin Slug:
- pixel-gallery
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.8
- Severity Score:
- Medium
- CVE:
- 2025-7644
Geo Mashup
- Plugin:
- Geo Mashup
- Plugin Slug:
- geo-mashup
- Installations
- 2,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.13.17
- Severity Score:
- Critical
- CVE:
- 2025-48293
Melapress Login Security
- Plugin:
- Melapress Login Security
- Plugin Slug:
- melapress-login-security
- Installations
- 2,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.2.0
- Severity Score:
- Critical
- CVE:
- 2025-6895
Custom API for WP
- Plugin:
- Custom API for WP
- Plugin Slug:
- custom-api-for-wp
- Installations
- 1,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 4.2.3
- Severity Score:
- Critical
- CVE:
- 2025-54049
Ebook Store
- Plugin:
- Ebook Store
- Plugin Slug:
- ebook-store
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 5.8013
- Severity Score:
- Critical
- CVE:
- 2025-7437
Ebook Store
- Plugin:
- Ebook Store
- Plugin Slug:
- ebook-store
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.8013
- Severity Score:
- Medium
- CVE:
- 2025-7486
Frontend File Manager Plugin
- Plugin:
- Frontend File Manager Plugin
- Plugin Slug:
- nmedia-user-file-uploader
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 22.0
- Severity Score:
- High
- CVE:
- 2023-7306
SEOPress for MainWP
- Plugin:
- SEOPress for MainWP
- Plugin Slug:
- seopress-for-mainwp
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.5
- Severity Score:
- High
- CVE:
- 2025-48298
StreamWeasels Twitch Integration
- Plugin:
- StreamWeasels Twitch Integration
- Plugin Slug:
- streamweasels-twitch-integration
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.4
- Severity Score:
- Medium
- CVE:
- 2025-7809
SureDash
- Plugin:
- SureDash
- Plugin Slug:
- suredash
- Installations
- 500+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.1.0
- Severity Score:
- High
- CVE:
- 2025-48164
CRM and Lead Management by vcita
- Plugin:
- CRM and Lead Management by vcita
- Plugin Slug:
- crm-customer-relationship-management-by-vcita
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.0
- Severity Score:
- Medium
- CVE:
- 2025-5240
ReachShip WooCommerce Multi-Carrier & Conditional Shipping
- Plugin Slug:
- elex-reachship-multi-carrier-conditional-shipping
- Installations
- 100+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.3.2
- Severity Score:
- Critical
- CVE:
- 2025-53213
Dataverse Integration
- Plugin:
- Dataverse Integration
- Plugin Slug:
- integration-cds
- Installations
- 100+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.81.1
- Severity Score:
- High
- CVE:
- 2025-7695
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition
- Plugin Slug:
- webinar-ignition
- Installations
- 100+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 4.03.33
- Severity Score:
- Critical
- CVE:
- 2025-6441
CM Map Locations – Visualize and share your locations in a few clicks
- Plugin Slug:
- cm-map-locations
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- High
- CVE:
- 2025-48151
WPBookit
Elite Video Player
- Plugin:
- Elite Video Player
- Plugin Slug:
- elite-video-player
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 10.0.7
- Severity Score:
- High
- CVE:
- 2025-54044
Foxypress
- Plugin:
- Foxypress
- Plugin Slug:
- foxypress
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 0.4.2.2
- Severity Score:
- Critical
- CVE:
- 2012-10020
WPBakery Page Builder
- Plugin:
- WPBakery Page Builder
- Plugin Slug:
- js_composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.5
- Severity Score:
- Medium
- CVE:
- 2025-4968
Responsive HTML5 Audio Player PRO With Playlist
- Plugin:
- Responsive HTML5 Audio Player PRO With Playlist
- Plugin Slug:
- lbg-audio2-html5
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.9
- Severity Score:
- High
- CVE:
- 2025-54056
Universal Video Player – Addon for WPBakery Page Builder
- Plugin:
- Universal Video Player – Addon for WPBakery Page Builder
- Plugin Slug:
- lbg-universal-video-player-addon-visual-composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.2.0
- Severity Score:
- High
- CVE:
- 2025-53559
Simple Business Directory Pro
- Plugin:
- Simple Business Directory Pro
- Plugin Slug:
- simple-business-directory-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 15.5.2
- Severity Score:
- High
- CVE:
- 2025-48162
Support Board
- Plugin:
- Support Board
- Plugin Slug:
- supportboard
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.1
- Severity Score:
- High
- CVE:
- 2025-54027
Support Board
- Plugin:
- Support Board
- Plugin Slug:
- supportboard
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.8.1
- Severity Score:
- High
- CVE:
- 2025-54031
Youtube Vimeo Video Player and Slider WP Plugin
- Plugin:
- Youtube Vimeo Video Player and Slider WP Plugin
- Plugin Slug:
- video-player-youtube-vimeo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9
- Severity Score:
- High
- CVE:
- 2025-48159
Wonder Slider
- Plugin:
- Wonder Slider
- Plugin Slug:
- wonderplugin-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 14.5
- Severity Score:
- Medium
- CVE:
- 2025-7501
WordPress Themes — 10 Patched / 3 Unpatched
Educenter
News Magazine X
- Theme:
- News Magazine X
- Theme Slug:
- news-magazine-x
- Downloads
- 27,720
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-24766
VidMov
- Theme:
- VidMov
- Theme Slug:
- vidmov
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25172
Bricks Builder
- Theme:
- Bricks Builder
- Theme Slug:
- bricks
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.0
- Severity Score:
- Critical
- CVE:
- 2025-6495
Caliris
- Theme:
- Caliris
- Theme Slug:
- caliris-wp
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.6
- Severity Score:
- High
- CVE:
- 2025-48160
Cena Store
- Theme:
- Cena Store
- Theme Slug:
- cena
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.11.27
- Severity Score:
- High
- CVE:
- 2025-48171
KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme
- Theme:
- KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme
- Theme Slug:
- kallyas
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 4.22.0
- Severity Score:
- High
- CVE:
- 2025-6989
KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme
- Theme:
- KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme
- Theme Slug:
- kallyas
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.22.0
- Severity Score:
- High
- CVE:
- 2025-6991
MediCenter – Health Medical Clinic
- Theme:
- MediCenter – Health Medical Clinic
- Theme Slug:
- medicenter
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 15.2
- Severity Score:
- Critical
- CVE:
- 2025-54014
MinimogWP
- Theme:
- MinimogWP
- Theme Slug:
- minimog
- Vulnerability:
- Content Injection
- Patched in Version:
- 3.9.1
- Severity Score:
- High
- CVE:
- 2025-8198
Jobmonster
- Theme:
- Jobmonster
- Theme Slug:
- noo-jobmonster
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.9
- Severity Score:
- High
- CVE:
- 2025-53201
Platform
- Theme:
- Platform
- Theme Slug:
- platform
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.4
- Severity Score:
- Critical
- CVE:
- 2015-10143
WoodMart
- Theme:
- WoodMart
- Theme Slug:
- woodmart
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.2.7
- Severity Score:
- Medium
- CVE:
- 2025-8097
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
