In this report, 306 vulnerabilities have been publicly disclosed. Security patches for 134 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 172 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.1 was released on April 30, 2025. This maintenance release includes fixes for 15 bugs throughout Core and the Block Editor, addressing issues affecting multiple areas of WordPress, including the block editor, multisite, and REST API. For a full list, refer to the release candidate announcement.
WordPress Plugins — 120 Patched / 151 Unpatched
Widget Logic
- Plugin:
- Widget Logic
- Plugin Slug:
- widget-logic
- Installations
- 100,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32222
CubeWP – All-in-One Dynamic Content Framework
- Plugin Slug:
- cubewp-framework
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30994
PayU CommercePro Plugin
- Plugin:
- PayU CommercePro Plugin
- Plugin Slug:
- payu-india
- Installations
- 5,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31022
WP Shopify
- Plugin:
- WP Shopify
- Plugin Slug:
- wp-shopify
- Installations
- 4,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30999
Easy Mega Menu Plugin for WordPress – ThemeHunk
- Plugin Slug:
- themehunk-megamenu-plus
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30990
Widgetize Pages Light
- Plugin:
- Widgetize Pages Light
- Plugin Slug:
- widgetize-pages-light
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30995
Premium Packages – Sell Digital Products Securely
- Plugin Slug:
- wpdm-premium-packages
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30991
Category Icon
- Plugin:
- Category Icon
- Plugin Slug:
- category-icon
- Installations
- 2,000+
- Vulnerability:
- XML External Entity (XXE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31039
WP Live Chat + Chatbots Plugin for WordPress – Chaport
- Plugin Slug:
- chaport
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30977
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
- Plugin Slug:
- ajax-filter-posts
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30974
Booqable Rental Plugin
- Plugin:
- Booqable Rental Plugin
- Plugin Slug:
- booqable-rental-reservations
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30956
Activity Plus Reloaded for BuddyPress
- Plugin Slug:
- bp-activity-plus-reloaded
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30957
Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
- Plugin Slug:
- nexa-blocks
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30952
Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
- Plugin Slug:
- nexa-blocks
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30976
onOffice for WP-Websites
- Plugin:
- onOffice for WP-Websites
- Plugin Slug:
- onoffice-for-wp-websites
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30958
Simple Keyword to Link
- Plugin:
- Simple Keyword to Link
- Plugin Slug:
- simple-keyword-to-link
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30980
All Currencies for WooCommerce
- Plugin:
- All Currencies for WooCommerce
- Plugin Slug:
- woocommerce-all-currencies
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30950
Taskbuilder – WordPress Project & Task Management plugin
- Plugin Slug:
- taskbuilder
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30945
WP Compress for MainWP
- Plugin:
- WP Compress for MainWP
- Plugin Slug:
- wp-compress-mainwp
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30932
???????????????
- Plugin:
- ???????????????
- Plugin Slug:
- os-diagnosis-generator
- Installations
- 800+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30934
Spice Blocks
- Plugin:
- Spice Blocks
- Plugin Slug:
- spice-blocks
- Installations
- 800+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48130
ACF: Yandex Maps Field
- Plugin:
- ACF: Yandex Maps Field
- Plugin Slug:
- acf-yandex-maps-field
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30930
Broadly for WordPress
- Plugin:
- Broadly for WordPress
- Plugin Slug:
- broadly
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30938
Bitly URL Shortener
- Plugin:
- Bitly URL Shortener
- Plugin Slug:
- codehaveli-bitly-url-shortener
- Installations
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30629
«?????????» ?? DaData.ru
- Plugin:
- «?????????» ?? DaData.ru
- Plugin Slug:
- dadata-ru
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30931
IFrame Widget
- Plugin:
- IFrame Widget
- Plugin Slug:
- iframe-widget
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30939
Melipayamak
- Plugin:
- Melipayamak
- Plugin Slug:
- melipayamak
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30940
Accessibility Suite by Ability, Inc
- Plugin Slug:
- online-accessibility
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30636
Pinterest Verify Meta Tag
- Plugin:
- Pinterest Verify Meta Tag
- Plugin Slug:
- pinterest-verify-meta-tag
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30941
Responsify WP
- Plugin:
- Responsify WP
- Plugin Slug:
- responsify-wp
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30937
Wordapp
- Plugin:
- Wordapp
- Plugin Slug:
- wordapp
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30927
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light
- Plugin Slug:
- excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
- Installations
- 600+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-48122
WordLift – AI powered SEO – Schema
- Plugin Slug:
- wordlift
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30624
Behance Portfolio Manager
- Plugin:
- Behance Portfolio Manager
- Plugin Slug:
- portfolio-manager-powered-by-behance
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-29010
Wishlist
- Plugin:
- Wishlist
- Plugin Slug:
- wishlist
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31061
HR Management Lite
- Plugin:
- HR Management Lite
- Plugin Slug:
- hr-management-lite
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-29005
Multi CryptoCurrency Payments
- Plugin:
- Multi CryptoCurrency Payments
- Plugin Slug:
- multi-crypto-currency-payment
- Installations
- 400+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-48141
WP AutoKeyword
- Plugin:
- WP AutoKeyword
- Plugin Slug:
- wp-autokeyword
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-28997
GPP Slideshow
- Plugin:
- GPP Slideshow
- Plugin Slug:
- gpp-slideshow
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-28996
Viral Loops WP Integration
- Plugin:
- Viral Loops WP Integration
- Plugin Slug:
- viral-loops-wp-integration
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-28994
Viral Loops WP Integration
- Plugin:
- Viral Loops WP Integration
- Plugin Slug:
- viral-loops-wp-integration
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-28995
Elastic Email Subscribe Form
- Plugin:
- Elastic Email Subscribe Form
- Plugin Slug:
- elastic-email-subscribe-form
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-28985
Epicwin Plugin
- Plugin:
- Epicwin Plugin
- Plugin Slug:
- epicwin-subscribers
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28986
Read More Login
- Plugin:
- Read More Login
- Plugin Slug:
- read-more-login
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-28989
Subscription Renewal Reminders for WooCommerce
- Plugin Slug:
- subscriptions-renewal-reminders
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-28984
Pay with Contact Form 7
- Plugin:
- Pay with Contact Form 7
- Plugin Slug:
- pay-with-contact-form-7
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-24772
Quick Event Calendar
- Plugin:
- Quick Event Calendar
- Plugin Slug:
- quick-event-calendar
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27360
Recover abandoned cart for WooCommerce
- Plugin Slug:
- recover-wc-abandoned-cart
- Installations
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47608
WP Media File Type Manager
- Plugin:
- WP Media File Type Manager
- Plugin Slug:
- wp-media-file-type-manager
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27359
TicketBAI Facturas para WooCommerce
- Plugin Slug:
- wp-ticketbai
- Installations
- 80+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-24767
TicketBAI Facturas para WooCommerce
- Plugin Slug:
- wp-ticketbai
- Installations
- 80+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-24762
One-Login
- Plugin:
- One-Login
- Plugin Slug:
- one-login
- Installations
- 70+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23974
Next Event Calendar
- Plugin:
- Next Event Calendar
- Plugin Slug:
- next-event-calendar
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-26001
WP Post Corrector
- Plugin:
- WP Post Corrector
- Plugin Slug:
- wp-post-corrector
- Installations
- 60+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-26003
6Storage Rentals
- Plugin:
- 6Storage Rentals
- Plugin Slug:
- 6storage-rentals
- Installations
- 50+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-26002
Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery
- Plugin Slug:
- aeroscroll-gallery
- Installations
- 50+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49451
Bang tinh vay
- Plugin:
- Bang tinh vay
- Plugin Slug:
- bang-tinh-lai-suat
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-26000
Sola Support Tickets
- Plugin:
- Sola Support Tickets
- Plugin Slug:
- sola-support-tickets
- Installations
- 50+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-25997
Interactive Regional Map of Africa
- Plugin Slug:
- interactive-map-of-africa
- Installations
- 30+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49449
SEPA Girocode
- Plugin:
- SEPA Girocode
- Plugin Slug:
- sepa-girocode
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49450
Admin Notes
- Plugin:
- Admin Notes
- Plugin Slug:
- admin-note
- Installations
- 20+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49446
Interactive UK Regional Map
- Plugin:
- Interactive UK Regional Map
- Plugin Slug:
- interactive-uk-regional-map
- Installations
- 20+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49445
Bacon Ipsum
- Plugin:
- Bacon Ipsum
- Plugin Slug:
- bacon-ipsum
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49443
Interactive Regional Map of Florida
- Plugin Slug:
- interactive-map-of-florida
- Installations
- 10+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49441
Team Builder
- Plugin:
- Team Builder
- Plugin Slug:
- a-team-showcase
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32308
Abbie Expander
- Plugin:
- Abbie Expander
- Plugin Slug:
- abbie-expander
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49427
Advanced Post List
- Plugin:
- Advanced Post List
- Plugin Slug:
- advanced-post-list
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30968
AI Mortgage Calculator
- Plugin:
- AI Mortgage Calculator
- Plugin Slug:
- ai-mortgage-calculator
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-25995
AppBanners
- Plugin:
- AppBanners
- Plugin Slug:
- appbanners
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30625
Atelier Create CV
- Plugin:
- Atelier Create CV
- Plugin Slug:
- atelier-create-cv
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49439
Backwp
- Plugin:
- Backwp
- Plugin Slug:
- backwp
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28954
bbPress API
- Plugin:
- bbPress API
- Plugin Slug:
- bbp-api
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-24763
Bg Orthodox Calendar
- Plugin:
- Bg Orthodox Calendar
- Plugin Slug:
- bg-orthodox-calendar
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28958
BNS Featured Category
- Plugin:
- BNS Featured Category
- Plugin Slug:
- bns-featured-category
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5538
BP Profile as Homepage
- Plugin:
- BP Profile as Homepage
- Plugin Slug:
- bp-profile-as-homepage
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49453
Bunny’s Print CSS
- Plugin:
- Bunny’s Print CSS
- Plugin Slug:
- bunnys-print-css
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5925
WPCHURCH
- Plugin:
- WPCHURCH
- Plugin Slug:
- church-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32303
HyperComments
- Plugin:
- HyperComments
- Plugin Slug:
- comments-with-hypercommentscom
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-5701
Complete Google Seo Scan
- Plugin:
- Complete Google Seo Scan
- Plugin Slug:
- complete-google-seo-scan
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26590
Contact Form
- Plugin:
- Contact Form
- Plugin Slug:
- contact-form-ready
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30935
WordPress Ajax Load More and Infinite Scroll
- Plugin:
- WordPress Ajax Load More and Infinite Scroll
- Plugin Slug:
- cpt-ajax-load-more
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5586
CubePoints
- Plugin:
- CubePoints
- Plugin Slug:
- cubepoints
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-28952
Custom Bulk/Quick Edit
- Plugin:
- Custom Bulk/Quick Edit
- Plugin Slug:
- custom-bulkquick-edit
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30946
Custom Category/Post Type Post order
- Plugin:
- Custom Category/Post Type Post order
- Plugin Slug:
- custom-post-order-category
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-29013
Developer Formatter
- Plugin:
- Developer Formatter
- Plugin Slug:
- devformatter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5699
Slack Notifications by dorzki
- Plugin:
- Slack Notifications by dorzki
- Plugin Slug:
- dorzki-notifications-to-slack
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30978
ZoomSounds
- Plugin:
- ZoomSounds
- Plugin Slug:
- dzs-zoomsounds
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47566
Elegant Visitor Counter
- Plugin:
- Elegant Visitor Counter
- Plugin Slug:
- elegant-visitor-counter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30627
Universal Video Player
- Plugin:
- Universal Video Player
- Plugin Slug:
- elementor_widget_universal_video_player
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31057
elfsight Contact Form widget
- Plugin:
- elfsight Contact Form widget
- Plugin Slug:
- elfsight-contact-form
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31045
Elite Video Player
- Plugin:
- Elite Video Player
- Plugin Slug:
- elite-video-player
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30986
Foxit eSign for WordPress
- Plugin:
- Foxit eSign for WordPress
- Plugin Slug:
- esign-genie-for-wp
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49419
ESV Bible Shortcode for WordPress
- Plugin:
- ESV Bible Shortcode for WordPress
- Plugin Slug:
- esv-bible-shortcode-for-wordpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5534
FastBook
- Plugin:
- FastBook
- Plugin Slug:
- fastbook-responsive-appointment-booking-and-scheduling-system
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26593
File Provider
- Plugin:
- File Provider
- Plugin Slug:
- file-provider
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4580
File Provider
- Plugin:
- File Provider
- Plugin Slug:
- file-provider
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-4578
Free WP Mail SMTP
- Plugin:
- Free WP Mail SMTP
- Plugin Slug:
- free-wp-mail-smtp
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28974
Global Translator
- Plugin:
- Global Translator
- Plugin Slug:
- global-translator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30630
Global Translator
- Plugin:
- Global Translator
- Plugin Slug:
- global-translator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30632
Hide It
- Plugin:
- Hide It
- Plugin Slug:
- hide-it
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5565
Hive Support
- Plugin:
- Hive Support
- Plugin Slug:
- hive-support
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-5018
Hive Support
- Plugin:
- Hive Support
- Plugin Slug:
- hive-support
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5019
Image Hover Effects Block
- Plugin:
- Image Hover Effects Block
- Plugin Slug:
- image-hover-effects-block
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31025
InWave Jobs
- Plugin:
- InWave Jobs
- Plugin Slug:
- iwjob
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39477
KI Live Video Conferences
- Plugin:
- KI Live Video Conferences
- Plugin Slug:
- ki-live-video-conferences
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-23969
KI Live Video Conferences
- Plugin:
- KI Live Video Conferences
- Plugin Slug:
- ki-live-video-conferences
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-23971
Konami Easter Egg
- Plugin:
- Konami Easter Egg
- Plugin Slug:
- konami-easter-egg
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49425
Layouts for Elementor
- Plugin:
- Layouts for Elementor
- Plugin Slug:
- layouts-for-elementor
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30948
CLEVER
- Plugin:
- CLEVER
- Plugin Slug:
- lbg-audio11-html5-shoutcast_history
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31635
Sticky Radio Player
- Plugin:
- Sticky Radio Player
- Plugin Slug:
- lbg-audio5-html5-shoutcast_sticky
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31426
SHOUT
- Plugin:
- SHOUT
- Plugin Slug:
- lbg-audio8-html5-radio_ads
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31925
WP Lead Capturing Pages
- Plugin:
- WP Lead Capturing Pages
- Plugin Slug:
- leadcapture
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31424
MapSVG
- Plugin:
- MapSVG
- Plugin Slug:
- mapsvg
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47561
Mediabay – WordPress Media Library Folders
- Plugin:
- Mediabay – WordPress Media Library Folders
- Plugin Slug:
- mediabay
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28948
No Spam At All
- Plugin:
- No Spam At All
- Plugin Slug:
- no-spam-at-all
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-24778
Paged Gallery
- Plugin:
- Paged Gallery
- Plugin Slug:
- paged-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5686
Payment QR WooCommerce
- Plugin:
- Payment QR WooCommerce
- Plugin Slug:
- payment-qr-woo
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31000
Personal Favicon
- Plugin:
- Personal Favicon
- Plugin Slug:
- personal-favicon
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28964
Post Author
- Plugin:
- Post Author
- Plugin Slug:
- post-author
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28950
Post Custom Templates Lite
- Plugin:
- Post Custom Templates Lite
- Plugin Slug:
- post-custom-templates-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30942
Powie’s Uptime Robot
- Plugin:
- Powie’s Uptime Robot
- Plugin Slug:
- powies-uptime-robot
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30638
Recent Posts Slider Responsive
- Plugin:
- Recent Posts Slider Responsive
- Plugin Slug:
- recent-posts-slider-responsive
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28966
Responsive Flipbooks
- Plugin:
- Responsive Flipbooks
- Plugin Slug:
- responsive-flipbooks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-24776
Revolution Video Player
- Plugin:
- Revolution Video Player
- Plugin Slug:
- revolution_video_player
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31058
Runners Log
- Plugin:
- Runners Log
- Plugin Slug:
- runners-log
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5541
Seofy Core
- Plugin:
- Seofy Core
- Plugin Slug:
- seofy-core
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39473
Simple Google Static Map
- Plugin:
- Simple Google Static Map
- Plugin Slug:
- simple-google-static-map
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-27334
Simple Nested Menu
- Plugin:
- Simple Nested Menu
- Plugin Slug:
- simple-nested-menu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49442
SocialMark
- Plugin:
- SocialMark
- Plugin Slug:
- socialmark
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-29008
StageShow
- Plugin:
- StageShow
- Plugin Slug:
- stageshow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5703
Motors – Events
- Plugin:
- Motors – Events
- Plugin Slug:
- stm-motors-events
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47586
Stop Spammers
- Plugin:
- Stop Spammers
- Plugin Slug:
- stop-spammer-registrations-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-2935
The Holiday Calendar
- Plugin:
- The Holiday Calendar
- Plugin Slug:
- the-holiday-calendar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-29003
Universal Video Player
- Plugin:
- Universal Video Player
- Plugin Slug:
- universal_video_player
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31917
Video Embeds
- Plugin:
- Video Embeds
- Plugin Slug:
- video-embeds
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49429
Direct Checkout for WooCommerce Lite
- Plugin:
- Direct Checkout for WooCommerce Lite
- Plugin Slug:
- woo-direct-checkout-lite
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-29006
WooCommerce Photo Reviews – Review Reminders – Review for Discounts
- Plugin:
- WooCommerce Photo Reviews – Review Reminders – Review for Discounts
- Plugin Slug:
- woocommerce-photo-reviews
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47570
WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates
- Plugin:
- WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates
- Plugin Slug:
- woocommerce-ultimate-gift-card
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47569
WooBeWoo Product Filter Pro
- Plugin:
- WooBeWoo Product Filter Pro
- Plugin Slug:
- woofilter-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39496
Wp Easy Allopass
- Plugin:
- Wp Easy Allopass
- Plugin Slug:
- wordpress-easy-allopass
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49435
WP-Addpub
- Plugin:
- WP-Addpub
- Plugin Slug:
- wp-addpub
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-5563
WP Biographia
- Plugin:
- WP Biographia
- Plugin Slug:
- wp-biographia
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30928
WP Email Debug
- Plugin:
- WP Email Debug
- Plugin Slug:
- wp-email-debug
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-5486
WP Featured Content Slider
- Plugin:
- WP Featured Content Slider
- Plugin Slug:
- wp-featured-content-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30634
Freemind Viewer
- Plugin:
- Freemind Viewer
- Plugin Slug:
- wp-freemind
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5536
WP Mail Options
- Plugin:
- WP Mail Options
- Plugin Slug:
- wp-mail-options
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28981
WP Online Users Stats
- Plugin:
- WP Online Users Stats
- Plugin Slug:
- wp-online-users-stats
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4966
WP-Recall
- Plugin:
- WP-Recall
- Plugin Slug:
- wp-recall
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30981
WP Security Master
- Plugin:
- WP Security Master
- Plugin Slug:
- wp-security-master
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49440
WP Text Expander
- Plugin:
- WP Text Expander
- Plugin Slug:
- wp-text-expander
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49421
YouTube Simple Gallery
- Plugin:
- YouTube Simple Gallery
- Plugin Slug:
- youtube-simple-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-29011
Essential Addons for Elementor – Popular Elementor Templates and Widgets
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.1.13
- Severity Score:
- Medium
- CVE:
- 2024-9994
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance
- Plugin:
- WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance
- Plugin Slug:
- wp-optimize
- Installations
- 1,000,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.2.0
- Severity Score:
- High
- CVE:
- 2025-3951
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
- Plugin:
- Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
- Plugin Slug:
- popup-maker
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.20.5
- Severity Score:
- Medium
- CVE:
- 2025-4205
Broken Link Checker
- Plugin:
- Broken Link Checker
- Plugin Slug:
- broken-link-checker
- Installations
- 600,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.4.5
- Severity Score:
- Medium
- CVE:
- 2025-4047
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.44.2
- Severity Score:
- Medium
- CVE:
- 2025-5341
Ocean Extra
- Plugin:
- Ocean Extra
- Plugin Slug:
- ocean-extra
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.9
- Severity Score:
- Medium
- CVE:
- 2025-49068
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.4.0
- Severity Score:
- Medium
- CVE:
- 2025-49244
Simple History – Track, Log, and Audit WordPress Changes
- Plugin Slug:
- simple-history
- Installations
- 300,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.8.2
- Severity Score:
- Medium
- CVE:
- 2025-5760
Real Cookie Banner: GDPR & ePrivacy Cookie Consent
- Plugin Slug:
- real-cookie-banner
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.6
- Severity Score:
- Medium
- CVE:
- 2025-1485
Social Sharing Plugin – Sassy Social Share
- Plugin Slug:
- sassy-social-share
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.76
- Severity Score:
- High
- CVE:
- 2025-5528
Ninja Tables – Easy Data Table Builder
- Plugin Slug:
- ninja-tables
- Installations
- 80,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 5.0.19
- Severity Score:
- Critical
- CVE:
- 2025-2939
WP Table Builder – WordPress Table Plugin
- Plugin Slug:
- wp-table-builder
- Installations
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.7
- Severity Score:
- Medium
- CVE:
- 2025-49286
WPtouch – Make your WordPress Website Mobile-Friendly
- Plugin Slug:
- wptouch
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.61
- Severity Score:
- Medium
- CVE:
- 2025-49318
Calculated Fields Form
- Plugin:
- Calculated Fields Form
- Plugin Slug:
- calculated-fields-form
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.3.59
- Severity Score:
- Medium
- CVE:
- 2025-49291
Greenshift – animation and page builder blocks
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 11.5.7
- Severity Score:
- Medium
- CVE:
- 2025-49301
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
- Plugin Slug:
- profile-builder
- Installations
- 50,000+
- Vulnerability:
- Content Spoofing
- Patched in Version:
- 3.13.9
- Severity Score:
- Medium
- CVE:
- 2025-49292
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
- Plugin Slug:
- profile-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.13.9
- Severity Score:
- Medium
- CVE:
- 2025-4671
Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates)
- Plugin Slug:
- sina-extension-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.0
- Severity Score:
- High
- CVE:
- 2025-49262
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
- Plugin Slug:
- uncanny-automator
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.5.0
- Severity Score:
- Medium
- CVE:
- 2025-48133
FancyBox for WordPress
- Plugin:
- FancyBox for WordPress
- Plugin Slug:
- fancybox-for-wordpress
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.6
- Severity Score:
- High
- CVE:
- 2025-3662
?????? ????? ??????? Persian WooCommerce SMS
- Plugin Slug:
- persian-woocommerce-sms
- Installations
- 40,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.1.0
- Severity Score:
- High
- CVE:
- 2025-49315
Simple Membership
- Plugin:
- Simple Membership
- Plugin Slug:
- simple-membership
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.4
- Severity Score:
- Medium
- CVE:
- 2025-49333
RTMKit Addons for Elementor
- Plugin:
- RTMKit Addons for Elementor
- Plugin Slug:
- rometheme-for-elementor
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.1
- Severity Score:
- Medium
- CVE:
- 2025-49235
Print Invoice & Delivery Notes for WooCommerce
- Plugin Slug:
- woocommerce-delivery-notes
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.6.0
- Severity Score:
- Medium
- CVE:
- 2025-49239
Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress
- Plugin Slug:
- file-manager
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.8
- Severity Score:
- Medium
- CVE:
- 2025-1725
Welcart e-Commerce
- Plugin:
- Welcart e-Commerce
- Plugin Slug:
- usc-e-shop
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 2.11.14
- Severity Score:
- Medium
- CVE:
- 2025-47511
Backup and Staging by WP Time Capsule
- Plugin Slug:
- wp-time-capsule
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.22.24
- Severity Score:
- High
- CVE:
- 2025-47477
WP Travel Engine – Tour Booking Plugin – Tour Operator Software
- Plugin Slug:
- wp-travel-engine
- Installations
- 20,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 6.5.2
- Severity Score:
- High
- CVE:
- 2025-49308
Store Locator WordPress
- Plugin:
- Store Locator WordPress
- Plugin Slug:
- agile-store-locator
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- CVE:
- 2025-49329
Store Locator WordPress
- Plugin:
- Store Locator WordPress
- Plugin Slug:
- agile-store-locator
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.2
- Severity Score:
- High
- CVE:
- 2025-49328
Bellows Accordion Menu
- Plugin:
- Bellows Accordion Menu
- Plugin Slug:
- bellows-accordion-menu
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2025-49242
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin Slug:
- gamipress
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.4.6
- Severity Score:
- High
- CVE:
- 2025-49326
Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent
- Plugin Slug:
- gdpr-cookie-consent
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.1
- Severity Score:
- Medium
- CVE:
- 2025-49285
Music Player for Elementor – Audio Player & Podcast Player
- Plugin Slug:
- music-player-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2025-5340
Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider
- Plugin:
- Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider
- Plugin Slug:
- post-slider-and-carousel
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.10
- Severity Score:
- Medium
- CVE:
- 2025-4567
ShiftNav – Responsive Mobile Menu
- Plugin Slug:
- shiftnav-responsive-mobile-menu
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.1
- Severity Score:
- Medium
- CVE:
- 2025-49243
WP Multilang – Translation and Multilingual Plugin
- Plugin Slug:
- wp-multilang
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.4.19.1
- Severity Score:
- High
- CVE:
- 2025-49307
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
- Plugin Slug:
- mage-eventpress
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.3
- Severity Score:
- Medium
- CVE:
- 2025-5568
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
- Plugin:
- WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
- Plugin Slug:
- smart-wishlist-for-more-convert
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.2
- Severity Score:
- High
- CVE:
- 2025-47487
Ultimate Gift Cards for WooCommerce
- Plugin Slug:
- woo-gift-cards-lite
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.1.5
- Severity Score:
- High
- CVE:
- 2025-5103
Password Policy Manager | Password Manager
- Plugin Slug:
- password-policy-manager
- Installations
- 5,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 2.0.5
- Severity Score:
- High
- CVE:
- 2025-31019
WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors
- Plugin Slug:
- wc-vendors
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.5.7
- Severity Score:
- High
- CVE:
- 2025-49263
WP Social Widget
- Plugin:
- WP Social Widget
- Plugin Slug:
- wp-social-widget
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.1
- Severity Score:
- Medium
- CVE:
- 2025-49306
MultiVendorX – WooCommerce Multivendor Marketplace Solutions
- Plugin Slug:
- dc-woocommerce-multi-vendor
- Installations
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.2.23
- Severity Score:
- High
- CVE:
- 2025-48261
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
- Plugin Slug:
- everest-backup
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.3.4
- Severity Score:
- Medium
- CVE:
- 2025-49238
Min Max Step Quantity Limits Manager for WooCommerce
- Plugin Slug:
- product-quantity-for-woocommerce
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.1.1
- Severity Score:
- Medium
- CVE:
- 2025-49510
Shared Files – Frontend File Upload Form & Secure File Sharing
- Plugin Slug:
- shared-files
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.49
- Severity Score:
- High
- CVE:
- 2025-4392
WordPress Comments Import & Export
- Plugin Slug:
- comments-import-export-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.4
- Severity Score:
- Medium
- CVE:
- 2025-3919
The Events Calendar Countdown Addon
- Plugin Slug:
- countdown-for-the-events-calendar
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.10
- Severity Score:
- Medium
- CVE:
- 2025-49311
Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant
- Plugin Slug:
- gdpr-compliant-recaptcha-for-all-forms
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.1.2
- Severity Score:
- Medium
- CVE:
- 2025-49283
Icegram Collect – Easy Form, Lead Collection and Subscription plugin
- Plugin Slug:
- icegram-rainmaker
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.19
- Severity Score:
- High
- CVE:
- 2025-47527
Libro de Reclamaciones y Quejas
- Plugin:
- Libro de Reclamaciones y Quejas
- Plugin Slug:
- libro-de-reclamaciones-y-quejas
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.0
- Severity Score:
- High
- CVE:
- 2025-30989
Newsletters
- Plugin:
- Newsletters
- Plugin Slug:
- newsletters-lite
- Installations
- 3,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.10
- Severity Score:
- High
- CVE:
- 2025-4857
WP Maintenance Mode & Site Under Construction
- Plugin Slug:
- wp-maintenance-mode-site-under-construction
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.4
- Severity Score:
- Medium
- CVE:
- 2025-49284
BlockStrap Page Builder – Bootstrap Blocks
- Plugin Slug:
- blockstrap-page-builder-blocks
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.1.37
- Severity Score:
- Medium
- CVE:
- 2025-30951
oik
- Plugin:
- oik
- Plugin Slug:
- oik
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.15.2
- Severity Score:
- Medium
- CVE:
- 2025-49241
Trinity Audio – Text to Speech AI audio player to convert content into audio
- Plugin Slug:
- trinity-audio
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.20.1
- Severity Score:
- Medium
- CVE:
- 2025-49272
Product Feed for WooCommerce – Google Shopping Feed, Pinterest Feed, TikTok Ads & More
- Plugin Slug:
- webtoffee-product-feed
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.9
- Severity Score:
- Medium
- CVE:
- 2025-49287
WP Tools Repair, Javascript errors, Jquery errors, Increase Maximum Limits, File Permissions, Transients, Error Log
- Plugin Slug:
- wptools
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.25
- Severity Score:
- Medium
- CVE:
- 2025-49273
Event post
- Plugin:
- Event post
- Plugin Slug:
- event-post
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.10.2
- Severity Score:
- Medium
- CVE:
- 2025-49298
WP Gravity Forms Salesforce
- Plugin:
- WP Gravity Forms Salesforce
- Plugin Slug:
- gf-salesforce-crmperks
- Installations
- 1,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 1.4.8
- Severity Score:
- Medium
- CVE:
- 2025-30953
Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings
- Plugin Slug:
- hydra-booking
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.11
- Severity Score:
- High
- CVE:
- 2025-49323
Market Exporter
- Plugin:
- Market Exporter
- Plugin Slug:
- market-exporter
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.23
- Severity Score:
- Medium
- CVE:
- 2025-49269
Membership For WooCommerce
- Plugin:
- Membership For WooCommerce
- Plugin Slug:
- membership-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.2
- Severity Score:
- High
- CVE:
- 2025-49265
Newspack Newsletters
- Plugin:
- Newspack Newsletters
- Plugin Slug:
- newspack-newsletters
- Installations
- 1,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 3.14.0
- Severity Score:
- Medium
- CVE:
- 2025-49325
Product Catalog Simple
- Plugin:
- Product Catalog Simple
- Plugin Slug:
- post-type-x
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.2
- Severity Score:
- Medium
- CVE:
- 2025-49305
Raychat
- Plugin:
- Raychat
- Plugin Slug:
- raychat
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2025-49236
Stock Locations for WooCommerce
- Plugin:
- Stock Locations for WooCommerce
- Plugin Slug:
- stock-locations-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.7
- Severity Score:
- High
- CVE:
- 2025-47463
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
- Plugin Slug:
- sunshine-photo-cart
- Installations
- 1,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.4.12
- Severity Score:
- High
- CVE:
- 2025-5482
Vayu Blocks – Website Builder for the Block Editor
- Plugin Slug:
- vayu-blocks
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2025-4420
WordPress CRM Plugin – WP-CRM System
- Plugin Slug:
- wp-crm-system
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.3
- Severity Score:
- Medium
- CVE:
- 2025-49270
WP Time Slots Booking Form
- Plugin:
- WP Time Slots Booking Form
- Plugin Slug:
- wp-time-slots-booking-form
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.31
- Severity Score:
- Medium
- CVE:
- 2025-49332
WordPress Contact Forms by Cimatti
- Plugin Slug:
- contact-forms
- Installations
- 900+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.9.9
- Severity Score:
- Medium
- CVE:
- 2025-49069
WP Gravity Forms Constant Contact Plugin
- Plugin Slug:
- gf-constant-contact
- Installations
- 900+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2025-30954
PDF for WPForms + Drag and Drop Template Builder
- Plugin Slug:
- pdf-for-wpforms
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.6.1
- Severity Score:
- Medium
- CVE:
- 2025-49289
Ultimate WP Mail
- Plugin:
- Ultimate WP Mail
- Plugin Slug:
- ultimate-wp-mail
- Installations
- 900+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.3.6
- Severity Score:
- High
- CVE:
- 2025-49288
FraudLabs Pro for WooCommerce
- Plugin:
- FraudLabs Pro for WooCommerce
- Plugin Slug:
- fraudlabs-pro-for-woocommerce
- Installations
- 800+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.22.12
- Severity Score:
- Medium
- CVE:
- 2025-49320
Booking Ultra Pro Appointments Booking Calendar Plugin
- Plugin Slug:
- booking-ultra-pro
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.21
- Severity Score:
- Medium
- CVE:
- 2025-30637
Broadstreet
- Plugin:
- Broadstreet
- Plugin Slug:
- broadstreet
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.51.8
- Severity Score:
- High
- CVE:
- 2025-4652
Frontend Dashboard
- Plugin:
- Frontend Dashboard
- Plugin Slug:
- frontend-dashboard
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.9
- Severity Score:
- Medium
- CVE:
- 2025-49310
WP Team – WordPress Team Member Plugin
- Plugin Slug:
- ht-team-member
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.8
- Severity Score:
- Medium
- CVE:
- 2025-49309
POEditor
- Plugin:
- POEditor
- Plugin Slug:
- poeditor
- Installations
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 0.9.11
- Severity Score:
- High
- CVE:
- 2025-49237
WC MyParcel Belgium
- Plugin:
- WC MyParcel Belgium
- Plugin Slug:
- wc-myparcel-belgium
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.6
- Severity Score:
- High
- CVE:
- 2025-48279
WP Page Loading
- Plugin:
- WP Page Loading
- Plugin Slug:
- wp-page-loading
- Installations
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
- 2025-49317
WP Plugin Info Card
- Plugin:
- WP Plugin Info Card
- Plugin Slug:
- wp-plugin-info-card
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.0
- Severity Score:
- Medium
- CVE:
- 2025-5116
Search with Typesense
- Plugin:
- Search with Typesense
- Plugin Slug:
- search-with-typesense
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.11
- Severity Score:
- Medium
- CVE:
- 2025-49304
Verge3D Publishing and E-Commerce
- Plugin Slug:
- verge3d
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.5
- Severity Score:
- Medium
- CVE:
- 2025-49268
404 Page by SeedProd
- Plugin:
- 404 Page by SeedProd
- Plugin Slug:
- 404-page
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2025-49322
DocsPress – Online Documentation
- Plugin:
- DocsPress – Online Documentation
- Plugin Slug:
- docspress
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
- 2025-49240
Domain For Sale, Domain appraisal, Domain auction, Domain marketplace – Best Domain For sale Plugin for WordPress
- Plugin Slug:
- domain-for-sale
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.11
- Severity Score:
- Medium
- CVE:
- 2025-5239
Job Board Manager
- Plugin:
- Job Board Manager
- Plugin Slug:
- job-board-manager
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.61
- Severity Score:
- Medium
- CVE:
- 2025-49324
WebHotelier for WordPress
- Plugin:
- WebHotelier for WordPress
- Plugin Slug:
- webhotelier
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.10.0
- Severity Score:
- Medium
- CVE:
- 2025-49299
Audio Editor & Recorder
- Plugin:
- Audio Editor & Recorder
- Plugin Slug:
- audio-editor-recorder
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2025-49509
Employee Directory – Staff Listing & Team Directory Plugin for WordPress
- Plugin Slug:
- employee-directory
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.1
- Severity Score:
- Medium
- CVE:
- 2025-5531
Knowledge Base
- Plugin:
- Knowledge Base
- Plugin Slug:
- knowledgebase
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.1
- Severity Score:
- Medium
- CVE:
- 2025-5533
Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress
- Plugin Slug:
- campus-directory
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.1
- Severity Score:
- Medium
- CVE:
- 2025-5532
MyStyle Custom Product Designer
- Plugin:
- MyStyle Custom Product Designer
- Plugin Slug:
- mystyle-custom-product-designer
- Installations
- 80+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.21.2
- Severity Score:
- Critical
- CVE:
- 2025-48281
Simple Contact Form Plugin for WordPress – WP Easy Contact
- Plugin Slug:
- wp-easy-contact
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.1
- Severity Score:
- Medium
- CVE:
- 2025-5539
ShortLinks Pro – Affiliate Links, Link Shortening, Click Tracking & Marketing
- Plugin Slug:
- shortlinkspro
- Installations
- 20+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.0.8
- Severity Score:
- High
- CVE:
- 2025-49327
LTL Freight Quotes – Day & Ross Edition
- Plugin Slug:
- ltl-freight-quotes-day-ross-edition
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.11
- Severity Score:
- High
- CVE:
- 2025-5303
Art Theme
- Plugin:
- Art Theme
- Plugin Slug:
- art-theme
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.12.3
- Severity Score:
- Medium
- CVE:
- 2025-1778
Civi Framework
- Plugin:
- Civi Framework
- Plugin Slug:
- civi-framework
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.6.4
- Severity Score:
- High
- CVE:
- 2025-49511
Crawlomatic Multisite Scraper Post Generator
- Plugin:
- Crawlomatic Multisite Scraper Post Generator
- Plugin Slug:
- crawlomatic-multipage-scraper-post-generator
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- CVE:
- 2025-49294
Crawlomatic Multisite Scraper Post Generator
- Plugin:
- Crawlomatic Multisite Scraper Post Generator
- Plugin Slug:
- crawlomatic-multipage-scraper-post-generator
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- CVE:
- 2025-49293
LTL Freight Quotes – Daylight Edition
- Plugin Slug:
- ltl-freight-quotes-daylight-edition
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.7
- Severity Score:
- High
- CVE:
- 2025-5303
LTL Freight Quotes – Freightview Edition
- Plugin Slug:
- ltl-freight-quotes-freightview-edition
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.12
- Severity Score:
- High
- CVE:
- 2025-5303
Modern Events Calendar Lite
- Plugin:
- Modern Events Calendar Lite
- Plugin Slug:
- modern-events-calendar-lite
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.22
- Severity Score:
- Medium
- CVE:
- 2025-5733
Nasa Core
- Plugin:
- Nasa Core
- Plugin Slug:
- nasa-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.1
- Severity Score:
- Medium
- CVE:
- 2025-49067
BRW
- Plugin:
- BRW
- Plugin Slug:
- ova-brw
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.7
- Severity Score:
- Medium
- CVE:
- 2025-49314
BRW
- Plugin:
- BRW
- Plugin Slug:
- ova-brw
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.8.7
- Severity Score:
- High
- CVE:
- 2025-49313
NewsLetter
- Plugin:
- NewsLetter
- Plugin Slug:
- plugin-newsletter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.8.5
- Severity Score:
- Medium
- CVE:
- 2025-3581
NewsLetter
- Plugin:
- NewsLetter
- Plugin Slug:
- plugin-newsletter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.8.2
- Severity Score:
- Medium
- CVE:
- 2025-3584
Real Cookie Banner Pro
- Plugin:
- Real Cookie Banner Pro
- Plugin Slug:
- real-cookie-banner-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.6
- Severity Score:
- Medium
- CVE:
- 2025-1485
Team Showcase
- Plugin:
- Team Showcase
- Plugin Slug:
- team-showcase-cm
- Vulnerability:
- Content Injection
- Patched in Version:
- 25.05.13
- Severity Score:
- Medium
- CVE:
- 2025-49250
Team Showcase
- Plugin:
- Team Showcase
- Plugin Slug:
- team-showcase-cm
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 25.05.13
- Severity Score:
- Medium
- CVE:
- 2025-49248
Testimonials Showcase
- Plugin:
- Testimonials Showcase
- Plugin Slug:
- testimonials-showcase
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.18
- Severity Score:
- Medium
- CVE:
- 2025-49246
Abandoned Cart Pro for WooCommerce
- Plugin:
- Abandoned Cart Pro for WooCommerce
- Plugin Slug:
- woocommerce-abandon-cart-pro
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 9.17.0
- Severity Score:
- Critical
- CVE:
- 2025-4387
WP User Frontend Pro
- Plugin:
- WP User Frontend Pro
- Plugin Slug:
- wp-user-frontend-pro
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.1.4
- Severity Score:
- Critical
- CVE:
- 2025-3054
WP User Frontend Pro
- Plugin:
- WP User Frontend Pro
- Plugin Slug:
- wp-user-frontend-pro
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 4.1.4
- Severity Score:
- High
- CVE:
- 2025-3055
wpForo Advanced Attachments
- Plugin:
- wpForo Advanced Attachments
- Plugin Slug:
- wpforo-advanced-attachments
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.0
- Severity Score:
- High
- CVE:
- 2025-4224
WordPress Themes — 14 Patched / 21 Unpatched
Arlo
- Theme:
- Arlo
- Theme Slug:
- arlo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39475
BodyCenter – Gym, Fitness WooCommerce WordPress Theme
- Theme:
- BodyCenter – Gym, Fitness WooCommerce WordPress Theme
- Theme Slug:
- bodycenter
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-25999
CraftXtore
- Theme:
- CraftXtore
- Theme Slug:
- bw-craftxtore
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-24770
Fitrush
- Theme:
- Fitrush
- Theme Slug:
- bw-fitrush
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-26005
GiftXtore
- Theme:
- GiftXtore
- Theme Slug:
- bw-giftxtore
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28888
Petito
- Theme:
- Petito
- Theme Slug:
- bw-petito
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27362
Car Repair Services
- Theme:
- Car Repair Services
- Theme Slug:
- car-repair-services
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30997
Themify Edmin
- Theme:
- Themify Edmin
- Theme Slug:
- edmin
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31047
FLAP – Business WordPress Theme
- Theme:
- FLAP – Business WordPress Theme
- Theme Slug:
- flap
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31396
FlatNews
- Theme:
- FlatNews
- Theme Slug:
- flatnews
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32305
Inset
- Theme:
- Inset
- Theme Slug:
- inset
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Krowd
- Theme:
- Krowd
- Theme Slug:
- krowd
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32595
PIMP – Creative MultiPurpose
- Theme:
- PIMP – Creative MultiPurpose
- Theme Slug:
- pimp
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31398
PressGrid – Frontend Publish Reaction & Multimedia Theme
- Theme:
- PressGrid – Frontend Publish Reaction & Multimedia Theme
- Theme Slug:
- press-grid
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31429
Revo
- Theme:
- Revo
- Theme Slug:
- revo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39476
SNS Anton
- Theme:
- SNS Anton
- Theme Slug:
- snsanton
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28992
Avaz
- Theme:
- Avaz
- Theme Slug:
- snsavaz
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28944
Nitan
- Theme:
- Nitan
- Theme Slug:
- snsnitan
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-24768
Soho Hotel
- Theme:
- Soho Hotel
- Theme Slug:
- soho-hotel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39539
Spare
- Theme:
- Spare
- Theme Slug:
- spare
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31638
Valen – Sport, Fashion WooCommerce WordPress Theme
- Theme:
- Valen – Sport, Fashion WooCommerce WordPress Theme
- Theme Slug:
- valen
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28945
Courtney
- Theme:
- Courtney
- Theme Slug:
- courtney
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2025-48290
CozyStay
- Theme:
- CozyStay
- Theme Slug:
- cozystay
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.7.1
- Severity Score:
- Critical
- CVE:
- 2025-49507
GrandPrix
- Theme:
- GrandPrix
- Theme Slug:
- grandprix
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.6.1
- Severity Score:
- High
- CVE:
- 2025-49296
Grill and Chow
- Theme:
- Grill and Chow
- Theme Slug:
- grillandchow
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.6.1
- Severity Score:
- High
- CVE:
- 2025-49297
Lesya
- Theme:
- Lesya
- Theme Slug:
- lesya
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.7.3
- Severity Score:
- High
- CVE:
- 2025-48290
Lettery
- Theme:
- Lettery
- Theme Slug:
- lettery
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.1.8
- Severity Score:
- High
- CVE:
- 2025-48290
MediClinic
- Theme:
- MediClinic
- Theme Slug:
- mediclinic
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.2
- Severity Score:
- High
- CVE:
- 2025-49295
Minterio
- Theme:
- Minterio
- Theme Slug:
- minterio
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.4.1
- Severity Score:
- High
- CVE:
- 2025-48290
Mr. Murphy
- Theme:
- Mr. Murphy
- Theme Slug:
- mr-murphy
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.2.12.1
- Severity Score:
- Critical
- CVE:
- 2025-49072
RealHomes
- Theme:
- RealHomes
- Theme Slug:
- realhomes
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 4.4.1
- Severity Score:
- High
- CVE:
- 2025-4601
Starbelly
- Theme:
- Starbelly
- Theme Slug:
- starbelly
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.7
- Severity Score:
- High
- CVE:
- 2025-48290
Sweet Dessert
- Theme:
- Sweet Dessert
- Theme Slug:
- sweet-dessert
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.1.13
- Severity Score:
- Critical
- CVE:
- 2025-49073
TinySalt
- Theme:
- TinySalt
- Theme Slug:
- tinysalt
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.10.0
- Severity Score:
- Critical
- CVE:
- 2025-49455
TinySalt
- Theme:
- TinySalt
- Theme Slug:
- tinysalt
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.10.0
- Severity Score:
- High
- CVE:
- 2025-49454
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
