In this report, 177 vulnerabilities have been publicly disclosed. Security patches for 59 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 118 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.1 was released on April 30, 2025. This maintenance release includes fixes for 15 bugs throughout Core and the Block Editor, addressing issues affecting multiple areas of WordPress, including the block editor, multisite, and REST API. For a full list, refer to the release candidate announcement.
WordPress Plugins — 56 Patched / 105 Unpatched
Zapier for WordPress
- Plugin:
- Zapier for WordPress
- Plugin Slug:
- zapier
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50010
Auto Upload Images
- Plugin:
- Auto Upload Images
- Plugin Slug:
- auto-upload-images
- Installations
- 30,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49985
PowerPress Podcasting plugin by Blubrry
- Plugin Slug:
- powerpress
- Installations
- 30,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49984
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
- Plugin Slug:
- rafflepress
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49997
WP Visitor Statistics (Real Time Traffic)
- Plugin Slug:
- wp-stats-manager
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49996
WP Customer Area
- Plugin:
- WP Customer Area
- Plugin Slug:
- customer-area
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49982
Job Postings
- Plugin:
- Job Postings
- Plugin Slug:
- job-postings
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50050
User Roles and Capabilities
- Plugin:
- User Roles and Capabilities
- Plugin Slug:
- user-roles-and-capabilities
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49981
WP User Profile Avatar
- Plugin:
- WP User Profile Avatar
- Plugin Slug:
- wp-user-profile-avatar
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49980
Cookie-Script.com
- Plugin:
- Cookie-Script.com
- Plugin Slug:
- cookie-script-com
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49993
Download Attachments
- Plugin:
- Download Attachments
- Plugin Slug:
- download-attachments
- Installations
- 9,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49995
Media Hygiene: Remove or Delete Unused Images and More!
- Plugin Slug:
- media-hygiene
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49979
Automatically Hierarchic Categories in Menu
- Plugin Slug:
- automatically-hierarchic-categories-in-menu
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50048
App Builder – Create Native Android & iOS Apps On The Flight
- Plugin Slug:
- app-builder
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49989
ContentStudio
- Plugin:
- ContentStudio
- Plugin Slug:
- contentstudio
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49990
Notifier – Send Notifications from Woocommerce, Form Plugins and More!
- Plugin Slug:
- notifier
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49976
WP Inventory Manager
- Plugin:
- WP Inventory Manager
- Plugin Slug:
- wp-inventory-manager
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49977
WPThumb
- Plugin:
- WPThumb
- Plugin Slug:
- wp-thumb
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49983
Football Pool
- Plugin:
- Football Pool
- Plugin Slug:
- football-pool
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5490
ATP Call Now
- Plugin:
- ATP Call Now
- Plugin Slug:
- atp-call-now
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50024
Better Random Redirect
- Plugin:
- Better Random Redirect
- Plugin Slug:
- better-random-redirect
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50021
CodePen Embed Block
- Plugin:
- CodePen Embed Block
- Plugin Slug:
- codepen-embed-block
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50023
RDFa Breadcrumb
- Plugin:
- RDFa Breadcrumb
- Plugin Slug:
- rdfa-breadcrumb
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50020
Real Estate Manager – Property Listing and Agent Management
- Plugin Slug:
- real-estate-manager
- Installations
- 800+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50044
Real Estate Manager – Property Listing and Agent Management
- Plugin Slug:
- real-estate-manager
- Installations
- 800+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52825
Simple Sticky Footer
- Plugin:
- Simple Sticky Footer
- Plugin Slug:
- simple-sticky-footer
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50019
Spoki – Chat Buttons and WooCommerce Notifications
- Plugin Slug:
- spoki
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50026
Tealium
- Plugin:
- Tealium
- Plugin Slug:
- tealium
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50018
WP Social AutoConnect
- Plugin:
- WP Social AutoConnect
- Plugin Slug:
- wp-fb-autoconnect
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50022
Polls CP
- Plugin:
- Polls CP
- Plugin Slug:
- cp-polls
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50025
Code Engine
- Plugin:
- Code Engine
- Plugin Slug:
- code-engine
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50043
FormLift for Infusionsoft Web Forms
- Plugin Slug:
- formlift
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47654
Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes
- Plugin Slug:
- image-sizes-controller
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49973
Trusty Whistleblowing Solution
- Plugin:
- Trusty Whistleblowing Solution
- Plugin Slug:
- trusty-whistleblowing-solution
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52818
UpStream: a Project Management Plugin for WordPress
- Plugin Slug:
- upstream
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49974
Gutenberg Blocks – ACF Blocks Suite
- Plugin Slug:
- acf-blocks
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50041
Anant Addons for Elementor
- Plugin:
- Anant Addons for Elementor
- Plugin Slug:
- anant-addons-for-elementor
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50038
Hand Talk
- Plugin:
- Hand Talk
- Plugin Slug:
- handtalk
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50015
PDPA Consent for Thailand
- Plugin:
- PDPA Consent for Thailand
- Plugin Slug:
- pdpa-consent
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50014
WP Register Profile With Shortcode
- Plugin Slug:
- wp-register-profile-with-shortcode
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50042
WP Voting Contest Lite
- Plugin:
- WP Voting Contest Lite
- Plugin Slug:
- wp-voting-contest
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50017
Contact Form 7 AWeber Extension
- Plugin:
- Contact Form 7 AWeber Extension
- Plugin Slug:
- integrate-contact-form-7-and-aweber
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49988
IP Based Login
- Plugin:
- IP Based Login
- Plugin Slug:
- ip-based-login
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50016
Buying Buddy IDX CRM – Real Estate MLS Plugin
- Plugin Slug:
- buying-buddy-idx-crm
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50037
Content No Cache | Serve uncached partial content even when you add it to a page that is fully cached.
- Plugin Slug:
- content-no-cache
- Installations
- 300+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28993
WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily
- Plugin:
- WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily
- Plugin Slug:
- innovs-woo-manager
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50008
TM Replace Howdy
- Plugin:
- TM Replace Howdy
- Plugin Slug:
- tm-replace-howdy
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49972
WooCommerce Fortnox Integration
- Plugin:
- WooCommerce Fortnox Integration
- Plugin Slug:
- woocommerce-fortnox-integration
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49998
WP Roadmap – Product Feedback Board
- Plugin Slug:
- wp-roadmap
- Installations
- 300+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52822
Abandoned Contact Form 7
- Plugin:
- Abandoned Contact Form 7
- Plugin Slug:
- abandoned-contact-form-7
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52817
Lewe ChordPress – ChordPro Text Formatter
- Plugin Slug:
- chordpress
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52789
CSV Importer Improved
- Plugin:
- CSV Importer Improved
- Plugin Slug:
- csv-importer-improved
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50013
eDS Responsive Menu
- Plugin:
- eDS Responsive Menu
- Plugin Slug:
- eds-responsive-menu
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49971
Esselink.nu Settings
- Plugin:
- Esselink.nu Settings
- Plugin Slug:
- esselinknu-settings
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52793
Guest posting / Frontend Posting / Front Editor – WP Front User Submit
- Plugin Slug:
- front-editor
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52795
Fyrebox Quizzes
- Plugin:
- Fyrebox Quizzes
- Plugin Slug:
- fyrebox-shortcode
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50035
Knowledge Base – Knowledge Base Maker
- Plugin Slug:
- knowledge-base-maker
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52791
Creative Contact Form
- Plugin:
- Creative Contact Form
- Plugin Slug:
- sexy-contact-form
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52794
WP-DownloadCounter
- Plugin:
- WP-DownloadCounter
- Plugin Slug:
- wp-downloadcounter
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52790
Mailing Group Listserv
- Plugin:
- Mailing Group Listserv
- Plugin Slug:
- wp-mailing-group
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50036
Bluff Post
- Plugin:
- Bluff Post
- Plugin Slug:
- bluff-post
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52784
CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce
- Plugin Slug:
- crm-erp-business-solution
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49987
Enhanced Blocks – Page Builder Blocks for Gutenberg
- Plugin Slug:
- enhanced-blocks
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50034
Import YouTube videos as WP Posts
- Plugin Slug:
- import-youtube-videos-as-wp-post
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52802
Inventory Presser – Car Dealer Listings
- Plugin Slug:
- inventory-presser
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50012
National Weather Service Alerts
- Plugin:
- National Weather Service Alerts
- Plugin Slug:
- national-weather-service-alerts
- Installations
- 100+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52809
Logo Manager For Samandehi
- Plugin:
- Logo Manager For Samandehi
- Plugin Slug:
- samandehi-logo-manager
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52780
Scroll UP
- Plugin:
- Scroll UP
- Plugin Slug:
- scroll-to-up
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52782
TinyNav
- Plugin:
- TinyNav
- Plugin Slug:
- tinynav
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52781
Video List Manager
- Plugin:
- Video List Manager
- Plugin Slug:
- video-list-manager
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49986
Video List Manager
- Plugin:
- Video List Manager
- Plugin Slug:
- video-list-manager
- Installations
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52821
Change Cart button Colors WooCommerce
- Plugin Slug:
- wc-style
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52783
WP User Stylesheet Switcher
- Plugin:
- WP User Stylesheet Switcher
- Plugin Slug:
- wp-user-stylesheet-switcher
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52792
xili-dictionary
- Plugin:
- xili-dictionary
- Plugin Slug:
- xili-dictionary
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52778
Zara 4 Image Compression
- Plugin:
- Zara 4 Image Compression
- Plugin Slug:
- zara-4
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49969
Infility Global
- Plugin:
- Infility Global
- Plugin Slug:
- infility-global
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52774
MDJM Event Management
- Plugin:
- MDJM Event Management
- Plugin Slug:
- mobile-dj-manager
- Installations
- 90+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52824
Photo Express for Google
- Plugin:
- Photo Express for Google
- Plugin Slug:
- photo-express-for-google
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27361
XML Travel Portal Widget
- Plugin:
- XML Travel Portal Widget
- Plugin Slug:
- oganro-reservation-widget
- Installations
- 70+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49968
SpecFit-Virtual Try On Woocommerce
- Plugin Slug:
- try-on-for-woocommerce
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23973
DirectIQ Email Marketing
- Plugin:
- DirectIQ Email Marketing
- Plugin Slug:
- directiq-wp
- Installations
- 40+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-52829
Live Sports Streamthunder
- Plugin:
- Live Sports Streamthunder
- Plugin Slug:
- live-sports-streamthunder
- Installations
- 40+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49967
Oganro Travel Portal Search Widget for HotelBeds APITUDE API
- Plugin Slug:
- oganro-travel-portal-search-widget-for-hotelbeds-apitude-api
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49966
PixelBeds Channel Manager and Hotel Booking Engine
- Plugin Slug:
- pixelbeds-channel-manager-booking-engine
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49965
Backwp
- Plugin:
- Backwp
- Plugin Slug:
- backwp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28956
Bulk YouTube Post Creator
- Plugin:
- Bulk YouTube Post Creator
- Plugin Slug:
- bulk-youtube-post-creator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49423
ClipLink
- Plugin:
- ClipLink
- Plugin Slug:
- cliplink
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49964
CSV Me
- Plugin:
- CSV Me
- Plugin Slug:
- csv-me
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6086
Evangelische Termine
- Plugin:
- Evangelische Termine
- Plugin Slug:
- evangtermine
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28960
FastBook
- Plugin:
- FastBook
- Plugin Slug:
- fastbook-responsive-appointment-booking-and-scheduling-system
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25173
Flexo Counter
- Plugin:
- Flexo Counter
- Plugin Slug:
- flexo-countdown
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-50052
Image Shadow
- Plugin:
- Image Shadow
- Plugin Slug:
- image-shadow
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-24765
BRW
- Plugin:
- BRW
- Plugin Slug:
- ova-brw
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52814
Pixabay Images
- Plugin:
- Pixabay Images
- Plugin Slug:
- pixabay-images
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-4413
Simple Link Directory
- Plugin:
- Simple Link Directory
- Plugin Slug:
- qc-simple-link-directory
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32297
School Management
- Plugin:
- School Management
- Plugin Slug:
- school-management
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47574
Smart Notification
- Plugin:
- Smart Notification
- Plugin Slug:
- smio-push-notification
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39478
Virtual Moderator
- Plugin:
- Virtual Moderator
- Plugin Slug:
- virtual-moderator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52772
Woocommerce Line Notify
- Plugin:
- Woocommerce Line Notify
- Plugin Slug:
- woo-line-notify
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30972
JobSearch
- Plugin:
- JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49978
WP Optimize By xTraffic
- Plugin:
- WP Optimize By xTraffic
- Plugin Slug:
- wp-optimize-by-xtraffic
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-28970
WP-Recall
- Plugin:
- WP-Recall
- Plugin Slug:
- wp-recall
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49991
WPCRM – CRM for Contact form CF7 & WooCommerce
- Plugin:
- WPCRM – CRM for Contact form CF7 & WooCommerce
- Plugin Slug:
- wpcrm
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-24774
Recipes manager – WPH
- Plugin:
- Recipes manager – WPH
- Plugin Slug:
- wph-recipes-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50011
WPKit For Elementor
- Plugin:
- WPKit For Elementor
- Plugin Slug:
- wpkit-elementor
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32281
Elementor Website Builder – More Than Just a Page Builder
- Plugin Slug:
- elementor
- Installations
- 10,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.29.1
- Severity Score:
- Medium
- CVE:
- 2024-50555
ElementsKit Elementor Addons and Templates
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.3
- Severity Score:
- Medium
- CVE:
- 2025-4479
Click to Chat – HoliThemes
- Plugin:
- Click to Chat – HoliThemes
- Plugin Slug:
- click-to-chat-for-whatsapp
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.23
- Severity Score:
- Medium
- CVE:
- 2025-5336
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
- Plugin Slug:
- ml-slider
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.99.0
- Severity Score:
- Medium
- CVE:
- 2025-5337
YITH WooCommerce Wishlist
- Plugin:
- YITH WooCommerce Wishlist
- Plugin Slug:
- yith-woocommerce-wishlist
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.0
- Severity Score:
- Medium
- CVE:
- 2025-5238
Breeze – WordPress Cache Plugin
- Plugin:
- Breeze – WordPress Cache Plugin
- Plugin Slug:
- breeze
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.14
- Severity Score:
- Medium
- CVE:
- 2025-23999
Firelight Lightbox
- Plugin:
- Firelight Lightbox
- Plugin Slug:
- easy-fancybox
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.17
- Severity Score:
- Medium
- CVE:
- 2025-52707
Ivory Search – WordPress Search Plugin
- Plugin Slug:
- add-search-to-menu
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.10
- Severity Score:
- Medium
- CVE:
- 2025-5209
AI Engine
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.19
- Severity Score:
- Medium
- CVE:
- 2025-4367
File Manager Pro – Filester
- Plugin:
- File Manager Pro – Filester
- Plugin Slug:
- filester
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.9
- Severity Score:
- Medium
- CVE:
- 2025-52710
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.1
- Severity Score:
- Medium
- CVE:
- 2025-4571
HUSKY – Products Filter Professional for WooCommerce
- Plugin Slug:
- woocommerce-products-filter
- Installations
- 100,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.7.1
- Severity Score:
- High
- CVE:
- 2025-52708
Master Slider – Responsive Touch Slider
- Plugin Slug:
- master-slider
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.9
- Severity Score:
- Medium
- CVE:
- 2025-5291
Drag and Drop Multiple File Upload for Contact Form 7
- Plugin Slug:
- drag-and-drop-multiple-file-upload-contact-form-7
- Installations
- 60,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.3.9.0
- Severity Score:
- High
- CVE:
- 2025-3515
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
- Plugin Slug:
- post-and-page-builder
- Installations
- 60,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.27.9
- Severity Score:
- Medium
- CVE:
- 2025-52713
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
- Plugin Slug:
- post-and-page-builder
- Installations
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.27.9
- Severity Score:
- Medium
- CVE:
- 2025-52711
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
- Plugin Slug:
- simply-schedule-appointments
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.8.32
- Severity Score:
- Medium
- CVE:
- 2025-4667
Ultra Addons for Contact Form 7
- Plugin:
- Ultra Addons for Contact Form 7
- Plugin Slug:
- ultimate-addons-for-contact-form-7
- Installations
- 60,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.5.13
- Severity Score:
- High
- CVE:
- 2025-6220
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.4.1
- Severity Score:
- Medium
- CVE:
- 2025-50051
Blog2Social: Social Media Auto Post & Scheduler
- Plugin Slug:
- blog2social
- Installations
- 50,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 8.4.5
- Severity Score:
- High
- CVE:
- 2025-5673
Login & Register Customizer – Popup | Slider | Inline | WooCommerce
- Plugin Slug:
- easy-login-woocommerce
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.5
- Severity Score:
- Medium
- CVE:
- 2025-50027
Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more
- Plugin:
- Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more
- Plugin Slug:
- woocommerce-google-adwords-conversion-tracking-tag
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.49.1
- Severity Score:
- Medium
- CVE:
- 2025-6201
WordPress Infinite Scroll – Ajax Load More
- Plugin Slug:
- ajax-load-more
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.4.1
- Severity Score:
- Medium
- CVE:
- 2025-4775
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
- Plugin Slug:
- wp-marketing-automations
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.0
- Severity Score:
- Critical
- CVE:
- 2025-1562
Classified Listing – Classified ads & Business Directory Plugin
- Plugin Slug:
- classified-listing
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.2.1
- Severity Score:
- High
- CVE:
- 2025-52715
tarteaucitron.io
- Plugin:
- tarteaucitron.io
- Plugin Slug:
- tarteaucitronjs
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.5
- Severity Score:
- Medium
- CVE:
- 2025-4955
Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin
- Plugin Slug:
- wp-event-solution
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.29
- Severity Score:
- High
- CVE:
- 2025-49321
eCommerce Product Catalog Plugin for WordPress
- Plugin Slug:
- ecommerce-product-catalog
- Installations
- 9,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.4.4
- Severity Score:
- High
- CVE:
- 2025-49331
Poll, Survey & Quiz Maker Plugin by Opinion Stage
- Plugin Slug:
- social-polls-by-opinionstage
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 19.10.0
- Severity Score:
- Medium
- CVE:
- 2025-3880
WP Dummy Content Generator
- Plugin:
- WP Dummy Content Generator
- Plugin Slug:
- wp-dummy-content-generator
- Installations
- 8,000+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 4.0.0
- Severity Score:
- Medium
- CVE:
- 2025-49234
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Full Path Disclosure (FPD)
- Patched in Version:
- = 5.9.5.3
- Severity Score:
- Medium
- CVE:
- 2025-52719
Wise Chat
Modern Footnotes
- Plugin:
- Modern Footnotes
- Plugin Slug:
- modern-footnotes
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.20
- Severity Score:
- Medium
- CVE:
- 2025-50049
WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin
- Plugin Slug:
- cf7-zoho
- Installations
- 3,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.3.1
- Severity Score:
- Critical
- CVE:
- 2025-49330
Sitekit
- Plugin:
- Sitekit
- Plugin Slug:
- sitekit
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0
- Severity Score:
- Medium
- CVE:
- 2025-50047
YITH PayPal Express Checkout for WooCommerce
- Plugin Slug:
- yith-paypal-express-checkout-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.49.1
- Severity Score:
- Medium
- CVE:
- 2025-48111
JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin
- Plugin Slug:
- jobwp
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.4.1
- Severity Score:
- Medium
- CVE:
- 2025-49975
Off-Canvas Sidebars & Menus (Slidebars)
- Plugin Slug:
- off-canvas-sidebars
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.5.8.5
- Severity Score:
- High
- CVE:
- 2025-49290
Related Products Manager for WooCommerce
- Plugin Slug:
- related-products-manager-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.3
- Severity Score:
- Medium
- CVE:
- 2025-50045
WPComplete
- Plugin:
- WPComplete
- Plugin Slug:
- wpcomplete
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.5.1
- Severity Score:
- Medium
- CVE:
- 2025-50046
Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons
- Plugin Slug:
- gutenverse-news
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.0
- Severity Score:
- Medium
- CVE:
- 2025-5234
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates
- Plugin Slug:
- kata-plus
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.4
- Severity Score:
- Medium
- CVE:
- 2025-50009
Conference Scheduler
- Plugin:
- Conference Scheduler
- Plugin Slug:
- conference-scheduler
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.2
- Severity Score:
- Medium
- CVE:
- 2025-5258
Euro FxRef Currency Converter
- Plugin:
- Euro FxRef Currency Converter
- Plugin Slug:
- euro-fxref-currency-converter
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.3
- Severity Score:
- Medium
- CVE:
- 2025-6257
Guest posting / Frontend Posting / Front Editor – WP Front User Submit
- Plugin Slug:
- front-editor
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.4
- Severity Score:
- High
- CVE:
- 2025-28988
Simple Logo Carousel
- Plugin:
- Simple Logo Carousel
- Plugin Slug:
- simple-logo-carousel
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.4
- Severity Score:
- Medium
- CVE:
- 2025-5700
StreamWeasels Kick Integration
- Plugin:
- StreamWeasels Kick Integration
- Plugin Slug:
- streamweasels-kick-integration
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.4
- Severity Score:
- Medium
- CVE:
- 2025-5589
Target Video Easy Publish
- Plugin:
- Target Video Easy Publish
- Plugin Slug:
- brid-video-easy-publish
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.6
- Severity Score:
- Medium
- CVE:
- 2025-5237
ANON::form embedded secure form
- Plugin:
- ANON::form embedded secure form
- Plugin Slug:
- anonform-embedded-secure-form
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8
- Severity Score:
- Medium
- CVE:
- 2025-52733
Aiomatic
- Plugin:
- Aiomatic
- Plugin Slug:
- aiomatic-automatic-ai-content-writer
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.5.1
- Severity Score:
- High
- CVE:
- 2025-6206
Drag and Drop Multiple File Upload (Pro) – WooCommerce
- Plugin:
- Drag and Drop Multiple File Upload (Pro) – WooCommerce
- Plugin Slug:
- drag-and-drop-file-upload-wc-pro
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 5.0.7
- Severity Score:
- Critical
- CVE:
- 2025-49885
Elementor Pro
- Plugin:
- Elementor Pro
- Plugin Slug:
- elementor-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.29.1
- Severity Score:
- Medium
- CVE:
- 2024-50555
WPBakery Page Builder
- Plugin:
- WPBakery Page Builder
- Plugin Slug:
- js_composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.5
- Severity Score:
- Medium
- CVE:
- 2025-4965
Echo RSS Feed Post Generator Plugin for WordPress
- Plugin:
- Echo RSS Feed Post Generator Plugin for WordPress
- Plugin Slug:
- rss-feed-post-generator-echo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.9
- Severity Score:
- High
- CVE:
- 2025-49312
Rankie
- Plugin:
- Rankie
- Plugin Slug:
- valvepress-rankie
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.8.2
- Severity Score:
- High
- CVE:
- 2025-39486
WordPress Themes — 3 Patched / 13 Unpatched
Fitness Park
- Theme:
- Fitness Park
- Theme Slug:
- fitness-park
- Downloads
- 20,395
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50033
Hello FSE Blog
- Theme:
- Hello FSE Blog
- Theme Slug:
- hello-fse-blog
- Downloads
- 11,256
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-49970
Spark Multipurpose
- Theme:
- Spark Multipurpose
- Theme Slug:
- spark-multipurpose
- Downloads
- 5,635
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-50030
Zita
- Theme:
- Zita
- Theme Slug:
- zita
- Downloads
- 405,453
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52816
Zenny
- Theme:
- Zenny
- Theme Slug:
- bw-zenny
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-24769
HYDRO
- Theme:
- HYDRO
- Theme Slug:
- hydro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31428
LMS
- Theme:
- LMS
- Theme Slug:
- lms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52799
MagOne
- Theme:
- MagOne
- Theme Slug:
- magone
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39488
MBStore – Digital WooCommerce WordPress Theme
- Theme:
- MBStore – Digital WooCommerce WordPress Theme
- Theme Slug:
- mbstore
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28947
Nuss
- Theme:
- Nuss
- Theme Slug:
- nuss
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52827
Sala
- Theme:
- Sala
- Theme Slug:
- sala
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-52826
Seven Stars
- Theme:
- Seven Stars
- Theme Slug:
- sevenstars
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31067
Sofass
- Theme:
- Sofass
- Theme Slug:
- sofass
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-24760
OceanWP
Amely
- Theme:
- Amely
- Theme Slug:
- amely
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.2.0
- Severity Score:
- Critical
- CVE:
- 2025-39474
Puca
- Theme:
- Puca
- Theme Slug:
- puca
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.6.34
- Severity Score:
- High
- CVE:
- 2025-30992
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
