In this report, 209 vulnerabilities have been publicly disclosed. Security patches for 75 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 134 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.9.3 is now available and is a mandatory security and maintenance update. This release follows version 6.9.2, which addressed 10 security vulnerabilities but introduced a “blank screen” bug for certain themes. Version 6.9.3 includes all previous security patches while resolving the front-end display issues.
It is recommended that you update your sites to version 6.9.3 immediately to ensure they are protected. For sites supporting automatic background updates, the process will begin shortly. You can find more technical details and the full list of fixes in the official announcement.
The next major release of WordPress will be version 7.0, which is planned for April 9, 2026.
WordPress Plugins — 69 Patched / 29 Unpatched
Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets
- Plugin Slug:
- widget-options
- Installations
- 100,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27984
Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress
- Plugin Slug:
- easy-post-submission
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22479
WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales
- Plugin Slug:
- easy-sticky-sidebar
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22459
FormGent – Next-Gen AI Form Builder for WordPress with Multi-Step, Quizzes, Payments & More
- Plugin Slug:
- formgent
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22460
Bus Ticket Booking with Seat Reservation
- Plugin Slug:
- bus-ticket-booking-with-seat-reservation
- Installations
- 900+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27095
My auctions allegro
- Plugin:
- My auctions allegro
- Plugin Slug:
- my-auctions-allegro-free-edition
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22491
Carta Online
- Plugin:
- Carta Online
- Plugin Slug:
- carta-online
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1071
Secudeal Payments for Ecommerce
- Plugin:
- Secudeal Payments for Ecommerce
- Plugin Slug:
- secudeal-payments-for-ecommerce
- Installations
- 10+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22471
Super Stage WP
- Plugin:
- Super Stage WP
- Plugin Slug:
- super-stage-wp
- Installations
- 10+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-1542
Consensus Embed
- Plugin:
- Consensus Embed
- Plugin Slug:
- consensus-embed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1823
DA Media GigList
- Plugin:
- DA Media GigList
- Plugin Slug:
- damedia-giglist
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1805
EventON
- Plugin:
- EventON
- Plugin Slug:
- eventon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28037
Handmade Framework
- Plugin:
- Handmade Framework
- Plugin Slug:
- handmade-framework
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22520
Infomaniak Connect for OpenID
- Plugin:
- Infomaniak Connect for OpenID
- Plugin Slug:
- infomaniak-connect-openid
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1824
Lisfinity Core
- Plugin:
- Lisfinity Core
- Plugin Slug:
- lisfinity-core
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22484
LMS Elementor Pro
- Plugin:
- LMS Elementor Pro
- Plugin Slug:
- lms-elementor-pro
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27983
LotekMedia Popup Form
- Plugin:
- LotekMedia Popup Form
- Plugin Slug:
- ltm-popup-form
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-2420
Media Library Alt Text Editor
- Plugin:
- Media Library Alt Text Editor
- Plugin Slug:
- media-library-alt-text-editor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1820
My Album Gallery
- Plugin:
- My Album Gallery
- Plugin Slug:
- my-album-gallery
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-22485
MyQtip – easy qTip2
- Plugin:
- MyQtip – easy qTip2
- Plugin Slug:
- myqtip-easy-qtip2
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1574
Purchase Button For Affiliate Link
- Plugin:
- Purchase Button For Affiliate Link
- Plugin Slug:
- purchase-button
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1073
True Ranker
- Plugin:
- True Ranker
- Plugin Slug:
- seo-local-rank
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1085
Show YouTube video
- Plugin:
- Show YouTube video
- Plugin Slug:
- show-youtube-video
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1825
The Guardian News Feed
- Plugin:
- The Guardian News Feed
- Plugin Slug:
- the-guardian-news-feed
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1087
Ultimate Addons for WPBakery Page Builder
- Plugin:
- Ultimate Addons for WPBakery Page Builder
- Plugin Slug:
- ultimate_vc_addons
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-28038
WP App Bar
- Plugin:
- WP App Bar
- Plugin Slug:
- wp-app-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-1074
WP eMember
- Plugin:
- WP eMember
- Plugin Slug:
- wp-eMember
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28073
Font Pairing Preview For Landing Pages
- Plugin:
- Font Pairing Preview For Landing Pages
- Plugin Slug:
- wp-font-pairing-preview
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1086
Wueen
- Plugin:
- Wueen
- Plugin Slug:
- wueen
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1569
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations
- 7,000,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 10.5.3
- Severity Score:
- Medium
- CVE:
- 2026-3589
Enable Media Replace
- Plugin:
- Enable Media Replace
- Plugin Slug:
- enable-media-replace
- Installations
- 600,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.8
- Severity Score:
- Medium
- CVE:
- 2026-2732
Meta Box
- Plugin:
- Meta Box
- Plugin Slug:
- meta-box
- Installations
- 500,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 5.11.2
- Severity Score:
- High
- CVE:
- 2025-14675
Page Builder by SiteOrigin
- Plugin:
- Page Builder by SiteOrigin
- Plugin Slug:
- siteorigin-panels
- Installations
- 500,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.34.0
- Severity Score:
- High
- CVE:
- 2026-2448
WP Mail Logging
- Plugin:
- WP Mail Logging
- Plugin Slug:
- wp-mail-logging
- Installations
- 300,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.16
- Severity Score:
- Critical
- CVE:
- 2026-2471
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More
- Plugin Slug:
- envira-gallery-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.12.4
- Severity Score:
- Medium
- CVE:
- 2026-1236
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.2.8
- Severity Score:
- High
- CVE:
- 2026-1487
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 100,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 5.2.8
- Severity Score:
- High
- CVE:
- 2026-1566
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.9.7
- Severity Score:
- Critical
- CVE:
- 2025-13673
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets
- Plugin Slug:
- wp-all-import
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.1
- Severity Score:
- High
- CVE:
- 2026-2830
Booking for Appointments and Events Calendar – Amelia
- Plugin Slug:
- ameliabooking
- Installations
- 90,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.0
- Severity Score:
- High
- CVE:
- 2026-24963
Database for Contact Form 7, WPforms, Elementor forms
- Plugin Slug:
- contact-form-entries
- Installations
- 70,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.4.8
- Severity Score:
- Critical
- CVE:
- 2026-2599
Greenshift – animation and page builder blocks
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 12.8.4
- Severity Score:
- Medium
- CVE:
- 2026-2371
Greenshift – animation and page builder blocks
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 12.8.4
- Severity Score:
- Medium
- CVE:
- 2026-2589
Greenshift – animation and page builder blocks
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.8.6
- Severity Score:
- Medium
- CVE:
- 2026-2593
Media Library Assistant
- Plugin:
- Media Library Assistant
- Plugin Slug:
- media-library-assistant
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.34
- Severity Score:
- Medium
- CVE:
- 2026-3072
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
- Plugin Slug:
- wpdatatables
- Installations
- 70,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 6.5.0.2
- Severity Score:
- High
- CVE:
- 2026-28039
Drag and Drop Multiple File Upload for Contact Form 7
- Plugin Slug:
- drag-and-drop-multiple-file-upload-contact-form-7
- Installations
- 60,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.3.9.6
- Severity Score:
- Critical
- CVE:
- 2026-3459
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
- Plugin Slug:
- email-subscribers
- Installations
- 60,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.9.17
- Severity Score:
- High
- CVE:
- 2026-1651
Fast Page & Post Duplicator
- Plugin:
- Fast Page & Post Duplicator
- Plugin Slug:
- page-or-post-clone
- Installations
- 60,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.4
- Severity Score:
- High
- CVE:
- 2026-2893
Seraphinite Accelerator
- Plugin:
- Seraphinite Accelerator
- Plugin Slug:
- seraphinite-accelerator
- Installations
- 60,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.28.15
- Severity Score:
- Medium
- CVE:
- 2026-3058
Seraphinite Accelerator
- Plugin:
- Seraphinite Accelerator
- Plugin Slug:
- seraphinite-accelerator
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.28.15
- Severity Score:
- Medium
- CVE:
- 2026-3056
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
- Plugin Slug:
- user-registration
- Installations
- 60,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 5.1.3
- Severity Score:
- Critical
- CVE:
- 2026-1492
OoohBoi Steroids for Elementor
- Plugin:
- OoohBoi Steroids for Elementor
- Plugin Slug:
- ooohboi-steroids-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.25
- Severity Score:
- Medium
- CVE:
- 2026-3034
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
- Plugin Slug:
- uncanny-automator
- Installations
- 50,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 7.1.0
- Severity Score:
- High
- CVE:
- 2026-2269
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 50,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.5.6
- Severity Score:
- High
- CVE:
- 2026-2363
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging
- Plugin Slug:
- wp-rss-aggregator
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.12
- Severity Score:
- High
- CVE:
- 2026-2433
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
- Plugin Slug:
- ultimate-post
- Installations
- 40,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 5.0.9
- Severity Score:
- High
- CVE:
- 2026-1273
All-in-One Video Gallery
- Plugin:
- All-in-One Video Gallery
- Plugin Slug:
- all-in-one-video-gallery
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.5
- Severity Score:
- High
- CVE:
- 2026-1706
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder
- Plugin:
- Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder
- Plugin Slug:
- gutena-forms
- Installations
- 20,000+
- Vulnerability:
- Settings Change
- Patched in Version:
- 1.6.1
- Severity Score:
- Medium
- CVE:
- 2026-1674
My Calendar – Accessible Event Manager
- Plugin Slug:
- my-calendar
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.4
- Severity Score:
- Medium
- CVE:
- 2026-2355
WP Booking System – Booking Calendar
- Plugin Slug:
- wp-booking-system
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.19.13
- Severity Score:
- Medium
- CVE:
- 2025-68515
WPZOOM Addons for Elementor – Starter Templates & Widgets
- Plugin Slug:
- wpzoom-elementor-addons
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.5
- Severity Score:
- High
- CVE:
- 2026-2295
Membership Plugin – Restrict Content
- Plugin Slug:
- restrict-content
- Installations
- 10,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.2.21
- Severity Score:
- High
- CVE:
- 2026-1321
JS Help Desk – AI-Powered Support & Ticketing System
- Plugin Slug:
- js-support-ticket
- Installations
- 8,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.8.3
- Severity Score:
- Critical
- CVE:
- 2023-7337
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
- Plugin Slug:
- mail-mint
- Installations
- 6,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.19.5
- Severity Score:
- High
- CVE:
- 2026-2025
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.9.8.2
- Severity Score:
- Medium
- CVE:
- 2026-2488
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.9.8.3
- Severity Score:
- Medium
- CVE:
- 2026-2494
Podlove Web Player
- Plugin:
- Podlove Web Player
- Plugin Slug:
- podlove-web-player
- Installations
- 4,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 5.9.2
- Severity Score:
- High
- CVE:
- 2026-24385
JS Archive List
- Plugin:
- JS Archive List
- Plugin Slug:
- jquery-archive-list-widget
- Installations
- 3,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 6.2.0
- Severity Score:
- High
- CVE:
- 2026-2020
Stock Ticker
- Plugin:
- Stock Ticker
- Plugin Slug:
- stock-ticker
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.26.2
- Severity Score:
- Medium
- CVE:
- 2026-2722
WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More
- Plugin Slug:
- webtoffee-product-feed
- Installations
- 2,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.3.4
- Severity Score:
- High
- CVE:
- 2026-22480
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe
- Plugin Slug:
- contest-gallery
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 28.1.5
- Severity Score:
- Critical
- CVE:
- 2026-3180
Easy PHP Settings
- Plugin:
- Easy PHP Settings
- Plugin Slug:
- easy-php-settings
- Installations
- 1,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.0.5
- Severity Score:
- High
- CVE:
- 2026-3352
WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation
- Plugin Slug:
- optin
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.25
- Severity Score:
- High
- CVE:
- 2026-1720
Morkva UA Shipping
- Plugin:
- Morkva UA Shipping
- Plugin Slug:
- morkva-ua-shipping
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.10
- Severity Score:
- Medium
- CVE:
- 2026-2292
Taskbuilder – Project Management & Task Management Tool With Kanban Board
- Plugin Slug:
- taskbuilder
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.4
- Severity Score:
- Medium
- CVE:
- 2026-2289
All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login
- Plugin Slug:
- login-with-azure
- Installations
- 600+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.2.6
- Severity Score:
- Critical
- CVE:
- 2026-2628
AI ChatBot with ChatGPT and Content Generator by AYS
- Plugin Slug:
- ays-chatgpt-assistant
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.6
- Severity Score:
- Medium
- CVE:
- 2026-1336
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
- Plugin Slug:
- cf7-zendesk
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.6
- Severity Score:
- High
- CVE:
- 2026-2568
Apocalypse Meow
- Plugin:
- Apocalypse Meow
- Plugin Slug:
- apocalypse-meow
- Installations
- 400+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 23.0.0
- Severity Score:
- High
- CVE:
- 2026-3523
ionCube Tester Plus
- Plugin:
- ionCube Tester Plus
- Plugin Slug:
- ioncube-tester-plus
- Installations
- 300+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.4
- Severity Score:
- High
- CVE:
- 2025-69411
CM Custom Reports – Flexible reporting to track what matters most
- Plugin Slug:
- cm-custom-reports
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.8
- Severity Score:
- High
- CVE:
- 2026-2431
MailArchiver
- Plugin:
- MailArchiver
- Plugin Slug:
- mailarchiver
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.0
- Severity Score:
- Medium
- CVE:
- 2026-2721
WP Frontend Profile
- Plugin:
- WP Frontend Profile
- Plugin Slug:
- wp-front-end-profile
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.9
- Severity Score:
- Medium
- CVE:
- 2026-1644
Hammas Calendar
- Plugin:
- Hammas Calendar
- Plugin Slug:
- hammas-calendar
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.12
- Severity Score:
- Medium
- CVE:
- 2026-1902
MDJM Event Management
- Plugin:
- MDJM Event Management
- Plugin Slug:
- mobile-dj-manager
- Installations
- 50+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.8.2
- Severity Score:
- Medium
- CVE:
- 2026-1650
Community Events
- Plugin:
- Community Events
- Plugin Slug:
- community-events
- Installations
- 30+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.9
- Severity Score:
- High
- CVE:
- 2026-2429
Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
- Plugin Slug:
- ppv-live-webcams
- Installations
- 30+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 7.3.21
- Severity Score:
- High
- CVE:
- 2025-8899
HUMN-1 AI Website Scanner & Human Certification by Winston AI
- Plugin Slug:
- winston-ai-wp
- Installations
- 30+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.0.4
- Severity Score:
- Medium
- CVE:
- 2026-1981
WPBookit
WPBookit
ZIP Code Based Content Protection
- Plugin Slug:
- zip-code-based-content-protection
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.0.3
- Severity Score:
- Critical
- CVE:
- 2025-14353
Fluent Forms Pro Add On Pack
- Plugin:
- Fluent Forms Pro Add On Pack
- Plugin Slug:
- fluentformpro
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 6.1.18
- Severity Score:
- High
- CVE:
- 2026-2899
Fluent Forms Pro Add On Pack
- Plugin:
- Fluent Forms Pro Add On Pack
- Plugin Slug:
- fluentformpro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.1.18
- Severity Score:
- High
- CVE:
- 2026-2365
Master Addons for Elementor Premium
- Plugin:
- Master Addons for Elementor Premium
- Plugin Slug:
- master-addons-pro
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 2.1.4
- Severity Score:
- High
- CVE:
- 2026-3132
pixfort Core
- Plugin:
- pixfort Core
- Plugin Slug:
- pixfort-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.26
- Severity Score:
- Medium
- CVE:
- 2026-28071
pixfort Core
- Plugin:
- pixfort Core
- Plugin Slug:
- pixfort-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.26
- Severity Score:
- High
- CVE:
- 2026-28072
WPSubscription
- Plugin:
- WPSubscription
- Plugin Slug:
- subscription
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.8.11
- Severity Score:
- High
- CVE:
- 2025-69347
WordPress Themes — 6 Patched / 105 Unpatched
Estate
- Theme:
- Estate
- Theme Slug:
- estate
- Downloads
- 58,132
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22475
OsTende
- Theme:
- OsTende
- Theme Slug:
- ostende
- Downloads
- 8,317
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27986
Agrofood
- Theme:
- Agrofood
- Theme Slug:
- agrofood
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27332
Aldo
- Theme:
- Aldo
- Theme Slug:
- aldo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27993
Amoli
- Theme:
- Amoli
- Theme Slug:
- amoli
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22506
Askka
- Theme:
- Askka
- Theme Slug:
- askka
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22456
Au Pair Agency – Babysitting & Nanny Theme
- Theme:
- Au Pair Agency – Babysitting & Nanny Theme
- Theme Slug:
- au-pair-agency
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27098
Avventure
- Theme:
- Avventure
- Theme Slug:
- avventure
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27991
Beelove
- Theme:
- Beelove
- Theme Slug:
- beelove
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22507
Berger
- Theme:
- Berger
- Theme Slug:
- berger
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-53335
Bonbon
- Theme:
- Bonbon
- Theme Slug:
- bonbon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28030
BuddyApp
- Theme:
- BuddyApp
- Theme Slug:
- buddyapp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22465
Car Zone
- Theme:
- Car Zone
- Theme Slug:
- carzone
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27338
CasaMia | Property Rental Real Estate WordPress Theme
- Theme:
- CasaMia | Property Rental Real Estate WordPress Theme
- Theme Slug:
- casamia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27097
Chroma
- Theme:
- Chroma
- Theme Slug:
- chroma
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28020
Classter
- Theme:
- Classter
- Theme Slug:
- classter
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-54001
Coinpress
- Theme:
- Coinpress
- Theme Slug:
- coinpress
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28007
ColorFolio – Freelance Designer WordPress Theme
- Theme:
- ColorFolio – Freelance Designer WordPress Theme
- Theme Slug:
- colorfolio
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27096
ConFix
- Theme:
- ConFix
- Theme Slug:
- confix
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27990
Cookiteer
- Theme:
- Cookiteer
- Theme Slug:
- cookiteer
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-68886
Craftis
- Theme:
- Craftis
- Theme Slug:
- craftis
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28021
DeepDigital
- Theme:
- DeepDigital
- Theme Slug:
- deepdigital
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22467
Dental Clinic
- Theme:
- Dental Clinic
- Theme Slug:
- dental
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22473
Dentalux
- Theme:
- Dentalux
- Theme Slug:
- dentalux
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22508
Don Peppe
- Theme:
- Don Peppe
- Theme Slug:
- donpeppe
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22449
DroneX
- Theme:
- DroneX
- Theme Slug:
- dronex
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28009
Edifice
- Theme:
- Edifice
- Theme Slug:
- edifice
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28033
EmojiNation
- Theme:
- EmojiNation
- Theme Slug:
- emojination
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28029
Equadio
- Theme:
- Equadio
- Theme Slug:
- equadio
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27988
Equestrian Centre
- Theme:
- Equestrian Centre
- Theme Slug:
- equestrian-centre
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22474
Etchy
- Theme:
- Etchy
- Theme Slug:
- etchy
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22476
Felizia
- Theme:
- Felizia
- Theme Slug:
- felizia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22477
FindAll
- Theme:
- FindAll
- Theme Slug:
- findall
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22478
FlashMart
- Theme:
- FlashMart
- Theme Slug:
- flashmart
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28048
Foodie
- Theme:
- Foodie
- Theme Slug:
- foodie
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28022
Gaspard
- Theme:
- Gaspard
- Theme Slug:
- gaspard
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22493
Gioia
- Theme:
- Gioia
- Theme Slug:
- gioia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22509
Global Logistics
- Theme:
- Global Logistics
- Theme Slug:
- globallogistics
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28018
Good Homes
- Theme:
- Good Homes
- Theme Slug:
- good-homes
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22494
Grand Wedding
- Theme:
- Grand Wedding
- Theme Slug:
- grandwedding
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22417
Green Thumb
- Theme:
- Green Thumb
- Theme Slug:
- greenthumb
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28017
Greenville
- Theme:
- Greenville
- Theme Slug:
- greenville
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22495
Gridiron
- Theme:
- Gridiron
- Theme Slug:
- gridiron
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28012
Grit
- Theme:
- Grit
- Theme Slug:
- grit
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28041
Handyman
- Theme:
- Handyman
- Theme Slug:
- handyman-services
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22451
Healer – Doctor, Clinic & Medical WordPress Theme
- Theme:
- Healer – Doctor, Clinic & Medical WordPress Theme
- Theme Slug:
- healer
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-28043
Helion
- Theme:
- Helion
- Theme Slug:
- helion
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28024
Hoverex
- Theme:
- Hoverex
- Theme Slug:
- hoverex
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22452
Humanum
- Theme:
- Humanum
- Theme Slug:
- humanum
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27985
Hypnotherapy
- Theme:
- Hypnotherapy
- Theme Slug:
- hypnotherapy
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22496
Invetex
- Theme:
- Invetex
- Theme Slug:
- invetex
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28031
Jardi
- Theme:
- Jardi
- Theme Slug:
- jardi
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22497
Justitia
- Theme:
- Justitia
- Theme Slug:
- justitia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27995
Kayon
- Theme:
- Kayon
- Theme Slug:
- kayon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28027
Kratz
- Theme:
- Kratz
- Theme Slug:
- kratz
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28013
Laurent
- Theme:
- Laurent
- Theme Slug:
- laurent
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22498
Law Office
- Theme:
- Law Office
- Theme Slug:
- law-office
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28046
Lella
- Theme:
- Lella
- Theme Slug:
- lella
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22499
Lingvico
- Theme:
- Lingvico
- Theme Slug:
- lingvico
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27996
Listify
- Theme:
- Listify
- Theme Slug:
- listify
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28042
Luxury Wine
- Theme:
- Luxury Wine
- Theme Slug:
- luxury-wine
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28016
m2 | Construction and Tools Store
- Theme:
- m2 | Construction and Tools Store
- Theme Slug:
- m2-ce
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22500
Manoir
- Theme:
- Manoir
- Theme Slug:
- manoir
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28019
Maxify
- Theme:
- Maxify
- Theme Slug:
- maxify
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27997
Meals & Wheels
- Theme:
- Meals & Wheels
- Theme Slug:
- meals-wheels
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27992
Melody
- Theme:
- Melody
- Theme Slug:
- melodyschool
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22510
MoneyFlow
- Theme:
- MoneyFlow
- Theme Slug:
- moneyflow
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28028
Morning Records
- Theme:
- Morning Records
- Theme Slug:
- morning-records
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22505
Motorix
- Theme:
- Motorix
- Theme Slug:
- motorix
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28026
Mounthood
- Theme:
- Mounthood
- Theme Slug:
- mounthood
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22501
Mr. Cobbler
- Theme:
- Mr. Cobbler
- Theme Slug:
- mr-cobbler
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22502
N7 | Golf Club Sports & Events
- Theme:
- N7 | Golf Club Sports & Events
- Theme Slug:
- n7-golf-club
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28045
Nelson
- Theme:
- Nelson
- Theme Slug:
- nelson
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22503
NeoBeat
- Theme:
- NeoBeat
- Theme Slug:
- neobeat
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22511
Nuts
- Theme:
- Nuts
- Theme Slug:
- nuts
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28023
Pets Club
- Theme:
- Pets Club
- Theme Slug:
- petclub
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22453
Printy
- Theme:
- Printy
- Theme Slug:
- printy
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28035
Progress
- Theme:
- Progress
- Theme Slug:
- progress
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28034
ProLingua
- Theme:
- ProLingua
- Theme Slug:
- prolingua
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22504
Prowess
- Theme:
- Prowess
- Theme Slug:
- prowess
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22446
Quanzo
- Theme:
- Quanzo
- Theme Slug:
- quanzo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27989
Ratatouille
- Theme:
- Ratatouille
- Theme Slug:
- ratatouille
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-28036
Roisin
- Theme:
- Roisin
- Theme Slug:
- roisin
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22512
Scientia
- Theme:
- Scientia
- Theme Slug:
- scientia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28010
ShiftCV
- Theme:
- ShiftCV
- Theme Slug:
- shift-cv
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28015
Solaris
- Theme:
- Solaris
- Theme Slug:
- solaris
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22454
Stargaze
- Theme:
- Stargaze
- Theme Slug:
- stargaze
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28025
Tediss
- Theme:
- Tediss
- Theme Slug:
- tediss
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27994
The Qlean
- Theme:
- The Qlean
- Theme Slug:
- the-qlean
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27987
Thebe
- Theme:
- Thebe
- Theme Slug:
- thebe
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22455
TheBi
- Theme:
- TheBi
- Theme Slug:
- thebi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22438
Thecs
- Theme:
- Thecs
- Theme Slug:
- thecs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22440
Translogic
- Theme:
- Translogic
- Theme Slug:
- translogic
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28014
Triompher
- Theme:
- Triompher
- Theme Slug:
- triompher
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22513
Tripgo
- Theme:
- Tripgo
- Theme Slug:
- tripgo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27093
Tuning
- Theme:
- Tuning
- Theme Slug:
- tuning
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28032
Unica
- Theme:
- Unica
- Theme Slug:
- unica
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22514
VegaDays
- Theme:
- VegaDays
- Theme Slug:
- vegadays
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22515
Victo
- Theme:
- Victo
- Theme Slug:
- victo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28047
Vixus
- Theme:
- Vixus
- Theme Slug:
- vixus
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27998
Wanderland
- Theme:
- Wanderland
- Theme Slug:
- wanderland
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22457
AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme
- Theme:
- AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme
- Theme Slug:
- window-ac-services
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27326
Wizor’s
- Theme:
- Wizor’s
- Theme Slug:
- wizors-investments
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22516
Yottis
- Theme:
- Yottis
- Theme Slug:
- yottis
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28011
Yungen
- Theme:
- Yungen
- Theme Slug:
- yungen
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28006
Blocksy
Charety
- Theme:
- Charety
- Theme Slug:
- charety
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.0.2
- Severity Score:
- Critical
- CVE:
- 2026-24960
Keenarch
- Theme:
- Keenarch
- Theme Slug:
- keenarch
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.0.1
- Severity Score:
- Critical
- CVE:
- 2025-68554
Lendiz
- Theme:
- Lendiz
- Theme Slug:
- lendiz
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.0.1
- Severity Score:
- Critical
- CVE:
- 2025-68553
Nutrie
- Theme:
- Nutrie
- Theme Slug:
- nutrie
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.0.1
- Severity Score:
- Critical
- CVE:
- 2025-68555
Remons
- Theme:
- Remons
- Theme Slug:
- remons
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.5
- Severity Score:
- High
- CVE:
- 2025-69090
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
