In this report, 240 vulnerabilities have been publicly disclosed. Security patches for 51 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 189 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8 Release Candidate 1 is ready for download and testing! This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended that you evaluate RC1 on a test server and site.
WordPress Plugins — 46 Patched / 180 Unpatched
teachPress
- Plugin:
- teachPress
- Plugin Slug:
- teachpress
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-1320
GlobalPayments WooCommerce
- Plugin:
- GlobalPayments WooCommerce
- Plugin Slug:
- global-payments-woocommerce
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22767
EZ SQL Reports Shortcode Widget and DB Backup
- Plugin Slug:
- elisqlreports
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-2319
WP Email Delivery
- Plugin:
- WP Email Delivery
- Plugin Slug:
- wp-email-delivery
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
AdSense Privacy Policy
- Plugin:
- AdSense Privacy Policy
- Plugin Slug:
- adsense-privacy-policy
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30578
Advanced Dewplayer
- Plugin:
- Advanced Dewplayer
- Plugin Slug:
- advanced-dewplayer
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30592
AHAthat
- Plugin:
- AHAthat
- Plugin Slug:
- ahathat
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-2511
AI Preloader
- Plugin:
- AI Preloader
- Plugin Slug:
- ai-preloader
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30530
Alert Box Block – Display notice/alerts in the front end
- Plugin:
- Alert Box Block – Display notice/alerts in the front end
- Plugin Slug:
- alert-box-block
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13731
AlphaOmega Captcha & Anti-Spam Filter
- Plugin:
- AlphaOmega Captcha & Anti-Spam Filter
- Plugin Slug:
- alphaomega-captcha-anti-spam
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30584
ANAC XML Render
- Plugin:
- ANAC XML Render
- Plugin Slug:
- anac-xml-render
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30558
Arrow Maps
- Plugin:
- Arrow Maps
- Plugin Slug:
- ap-google-maps
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28858
AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps
- Plugin:
- AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps
- Plugin Slug:
- appexperts
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30609
AppReview
- Plugin:
- AppReview
- Plugin Slug:
- appreview
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23714
Are you robot google recaptcha for wordpress
- Plugin:
- Are you robot google recaptcha for wordpress
- Plugin Slug:
- are-you-robot-recaptcha
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28928
ARPrice
- Plugin:
- ARPrice
- Plugin Slug:
- arprice
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26731
AuMenu
- Plugin:
- AuMenu
- Plugin Slug:
- aumenu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23728
Auto Load Next Post
- Plugin:
- Auto Load Next Post
- Plugin Slug:
- auto-load-next-post
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30529
AvaiBook
- Plugin:
- AvaiBook
- Plugin Slug:
- avaibook
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30540
Awesome Logos
- Plugin:
- Awesome Logos
- Plugin Slug:
- awesome-logos
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-30528
banner-manager
- Plugin:
- banner-manager
- Plugin Slug:
- banner-manager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30565
Beautiful Link Preview
- Plugin:
- Beautiful Link Preview
- Plugin Slug:
- beautiful-link-preview
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30536
Block Logic
- Plugin:
- Block Logic
- Plugin Slug:
- block-logic
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-2303
Blue Captcha
- Plugin:
- Blue Captcha
- Plugin Slug:
- blue-captcha
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28880
BMo Expo
- Plugin:
- BMo Expo
- Plugin Slug:
- bmo-expo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30539
Browser Address Bar Color
- Plugin:
- Browser Address Bar Color
- Plugin Slug:
- browser-address-bar-color
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30577
Cackle
- Plugin:
- Cackle
- Plugin Slug:
- cackle
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30546
CallPhone’r
- Plugin:
- CallPhone’r
- Plugin Slug:
- callphoner
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30550
CAS Maestro
- Plugin:
- CAS Maestro
- Plugin Slug:
- cas-maestro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30561
Cazamba
- Plugin:
- Cazamba
- Plugin Slug:
- cazamba
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25100
Contact Form 7 Material Design
- Plugin:
- Contact Form 7 Material Design
- Plugin Slug:
- cf7-material-design
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30522
UTM tags tracking for Contact Form 7
- Plugin:
- UTM tags tracking for Contact Form 7
- Plugin Slug:
- cf7-utm-tracking
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26544
cits-support-svg-webp-media-upload
- Plugin:
- cits-support-svg-webp-media-upload
- Plugin Slug:
- cits-support-svg-webp-media-upload
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13768
Clink
- Plugin:
- Clink
- Plugin Slug:
- clink
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30566
Code Clone
- Plugin:
- Code Clone
- Plugin Slug:
- code-clone
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-2478
CG Button
- Plugin:
- CG Button
- Plugin Slug:
- content-glass-button
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23632
Cookies Pro
- Plugin:
- Cookies Pro
- Plugin Slug:
- cookies-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26546
CopyLink
- Plugin:
- CopyLink
- Plugin Slug:
- copy-link
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30603
Menu Duplicator
- Plugin:
- Menu Duplicator
- Plugin Slug:
- copy-menu
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30543
CryoKey
- Plugin:
- CryoKey
- Plugin Slug:
- cryokey
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-2477
CSV to Responsive Tables
- Plugin:
- CSV to Responsive Tables
- Plugin Slug:
- csv-to-webpage-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-56012
cTabs
- Plugin:
- cTabs
- Plugin Slug:
- ctabs
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30586
custom-field-list-widget
- Plugin:
- custom-field-list-widget
- Plugin Slug:
- custom-field-list-widget
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23952
Custom Product Stickers for Woocommerce
- Plugin:
- Custom Product Stickers for Woocommerce
- Plugin Slug:
- custom-product-stickers-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28889
Custom Script Integration
- Plugin:
- Custom Script Integration
- Plugin Slug:
- custom-script-integration
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30564
Custom Smilies
- Plugin:
- Custom Smilies
- Plugin Slug:
- custom-smilies-se
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28917
Management-screen-droptiles
- Plugin:
- Management-screen-droptiles
- Plugin Slug:
- cxc-sawa
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23666
WP Database Audit
- Plugin:
- WP Database Audit
- Plugin Slug:
- database-audit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23633
Driving Directions
- Plugin:
- Driving Directions
- Plugin Slug:
- ddirections
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28903
DesignThemes Core Features
- Plugin:
- DesignThemes Core Features
- Plugin Slug:
- designthemes-core-features
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-0845
Display Post Meta
- Plugin:
- Display Post Meta
- Plugin Slug:
- display-post-meta
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26575
Docpro
- Plugin:
- Docpro
- Plugin Slug:
- docpro
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-28916
????? ???? ??????? ????
- Plugin:
- ????? ???? ??????? ????
- Plugin Slug:
- dokme
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30570
Easy Custom Admin Bar
- Plugin:
- Easy Custom Admin Bar
- Plugin Slug:
- easy-custom-admin-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-2479
Easy Page Transition
- Plugin:
- Easy Page Transition
- Plugin Slug:
- easy-page-transition
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30606
En Masse
- Plugin:
- En Masse
- Plugin Slug:
- en-masse-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23707
External image replace
- Plugin:
- External image replace
- Plugin Slug:
- external-image-replace
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30535
Secret Meta
- Plugin:
- Secret Meta
- Plugin Slug:
- facebook-secret-meta
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25086
Fancybox Plus
- Plugin:
- Fancybox Plus
- Plugin Slug:
- fancybox-plus
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28935
File Away
- Plugin:
- File Away
- Plugin Slug:
- file-away
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-2539
File Away
- Plugin:
- File Away
- Plugin Slug:
- file-away
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-2512
Fiverr.com Official Search Box
- Plugin:
- Fiverr.com Official Search Box
- Plugin Slug:
- fiverr-official-search-box
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-28885
Fix Rss Feeds
- Plugin:
- Fix Rss Feeds
- Plugin Slug:
- fix-rss-feed
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30556
Flickr set slideshows
- Plugin:
- Flickr set slideshows
- Plugin Slug:
- flickr-set-slideshows
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30590
Flipdish Ordering System
- Plugin:
- Flipdish Ordering System
- Plugin Slug:
- flipdish-ordering-system
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30601
FOMO Pay Chinese Payment Solution
- Plugin:
- FOMO Pay Chinese Payment Solution
- Plugin Slug:
- fomo-payment-gateway-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23543
Frndzk Expandable Bottom Bar
- Plugin:
- Frndzk Expandable Bottom Bar
- Plugin Slug:
- frndzk-expandable-bottom-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-2510
custom-post-edit
- Plugin:
- custom-post-edit
- Plugin Slug:
- front-end-post-edit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23667
Frontend Post Submission
- Plugin:
- Frontend Post Submission
- Plugin Slug:
- frontend-post-submission
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23638
GDPR Tools
- Plugin:
- GDPR Tools
- Plugin Slug:
- gdpr-tools
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26537
Generate Post Thumbnails
- Plugin:
- Generate Post Thumbnails
- Plugin Slug:
- generate-post-thumbnails
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30585
GetShop ecommerce
- Plugin:
- GetShop ecommerce
- Plugin Slug:
- getshop-ecommerce
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-54362
Gravity 2 PDF
- Plugin:
- Gravity 2 PDF
- Plugin Slug:
- gf2pdf
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28911
GMO Font Agent
- Plugin:
- GMO Font Agent
- Plugin Slug:
- gmo-font-agent
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30553
Google Plus
- Plugin:
- Google Plus
- Plugin Slug:
- google-plus-google
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23964
Gotcha
- Plugin:
- Gotcha
- Plugin Slug:
- gotcha-gesture-based-captcha
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-2482
GP Back To Top
- Plugin:
- GP Back To Top
- Plugin Slug:
- gp-back-to-top
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30521
Hacklog Remote Image Autosave
- Plugin:
- Hacklog Remote Image Autosave
- Plugin Slug:
- hacklog-remote-image-autosave
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30576
IG Shortcodes
- Plugin:
- IG Shortcodes
- Plugin Slug:
- ig-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30597
Image Captcha
- Plugin:
- Image Captcha
- Plugin Slug:
- image-captcha
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30534
Image Slider / Slideshow Pearlbells
- Plugin:
- Image Slider / Slideshow Pearlbells
- Plugin Slug:
- image-slider-pearlbells
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-56012
Improve My City
- Plugin:
- Improve My City
- Plugin Slug:
- improve-my-city
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22501
include-file
- Plugin:
- include-file
- Plugin Slug:
- include-file
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30595
Include URL
- Plugin:
- Include URL
- Plugin Slug:
- include-url
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30593
Info Boxes Shortcode and Widget
- Plugin:
- Info Boxes Shortcode and Widget
- Plugin Slug:
- info-boxes-shortcode-and-widget
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30541
Infugrator
- Plugin:
- Infugrator
- Plugin Slug:
- infugrator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23735
Instant Appointment
- Plugin:
- Instant Appointment
- Plugin Slug:
- instant-appointment
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
issuuPress
- Plugin:
- issuuPress
- Plugin Slug:
- issuupress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30545
JiangQie Official Website Mini Program
- Plugin:
- JiangQie Official Website Mini Program
- Plugin Slug:
- jiangqie-official-website-mini-program
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30604
jQuery Dropdown Menu
- Plugin:
- jQuery Dropdown Menu
- Plugin Slug:
- jquery-drop-down-menu-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30560
Key4ce osTicket Bridge
- Plugin:
- Key4ce osTicket Bridge
- Plugin Slug:
- key4ce-osticket-bridge
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28877
LH OGP Meta
- Plugin:
- LH OGP Meta
- Plugin Slug:
- lh-ogp-meta-tags
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30587
Lightview Plus
- Plugin:
- Lightview Plus
- Plugin Slug:
- lightview-plus
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28890
LinkedIn Lite
- Plugin:
- LinkedIn Lite
- Plugin Slug:
- linkedin-lite
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23937
LIVE TV
- Plugin:
- LIVE TV
- Plugin Slug:
- live-tv
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23608
Login Redirect
- Plugin:
- Login Redirect
- Plugin Slug:
- login-redirect
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30575
Map Contact
- Plugin:
- Map Contact
- Plugin Slug:
- map-contact
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30588
Message ticker
- Plugin:
- Message ticker
- Plugin Slug:
- message-ticker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30533
Mobile Navigation
- Plugin:
- Mobile Navigation
- Plugin Slug:
- mobile-navigation
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30574
Multi Video Box
- Plugin:
- Multi Video Box
- Plugin Slug:
- multi-video-box
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-2484
Music Press Pro
- Plugin:
- Music Press Pro
- Plugin Slug:
- music-press-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30591
My Bootstrap Menu
- Plugin:
- My Bootstrap Menu
- Plugin Slug:
- my-bootstrap-menu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30527
My Default Post Content
- Plugin:
- My Default Post Content
- Plugin Slug:
- my-default-post-content
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30573
Narnoo Operator
- Plugin:
- Narnoo Operator
- Plugin Slug:
- narnoo-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23680
NextGEN Gallery Voting
- Plugin:
- NextGEN Gallery Voting
- Plugin Slug:
- nextgen-gallery-voting
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28869
NS Simple Intro Loader
- Plugin:
- NS Simple Intro Loader
- Plugin Slug:
- ns-simple-intro-loader
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23459
Easy 301 Redirects
- Plugin:
- Easy 301 Redirects
- Plugin Slug:
- odihost-easy-redirect-301
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30557
Off Page SEO
- Plugin:
- Off Page SEO
- Plugin Slug:
- off-page-seo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23554
Omnify
- Plugin:
- Omnify
- Plugin Slug:
- omnify-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28882
OSS Upload
- Plugin:
- OSS Upload
- Plugin Slug:
- oss-upload
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30598
Pixobe Cartography
- Plugin:
- Pixobe Cartography
- Plugin Slug:
- pixobe-cartography
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23612
Pretty file links
- Plugin:
- Pretty file links
- Plugin Slug:
- pretty-file-links
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30551
Product Puller
- Plugin:
- Product Puller
- Plugin Slug:
- product-puller
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23550
Pro Rank Tracker
- Plugin:
- Pro Rank Tracker
- Plugin Slug:
- proranktracker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30583
Random Quotes
- Plugin:
- Random Quotes
- Plugin Slug:
- random-quotes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-27267
RDP inGroups+
- Plugin:
- RDP inGroups+
- Plugin Slug:
- rdp-ingroups
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23546
RDP Linkedin Login
- Plugin:
- RDP Linkedin Login
- Plugin Slug:
- rdp-linkedin-login
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23542
Related Posts via Categories
- Plugin:
- Related Posts via Categories
- Plugin Slug:
- related-posts-via-categories
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30602
Replace Default Words
- Plugin:
- Replace Default Words
- Plugin Slug:
- replace-default-words
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30612
Rewrite
- Plugin:
- Rewrite
- Plugin Slug:
- rewrite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30617
Rizzi Guestbook
- Plugin:
- Rizzi Guestbook
- Plugin Slug:
- rizzi-guestbook
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26573
RWS Enquiry And Lead Follow-up
- Plugin:
- RWS Enquiry And Lead Follow-up
- Plugin Slug:
- rws-enquiry
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23460
s2Member Pro
- Plugin:
- s2Member Pro
- Plugin Slug:
- s2member-pro
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12563
Schedule
- Plugin:
- Schedule
- Plugin Slug:
- schedule
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-22523
Shuffle
- Plugin:
- Shuffle
- Plugin Slug:
- shuffle
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28873
Simple Optimizer
- Plugin:
- Simple Optimizer
- Plugin Slug:
- simple-optimizer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30538
Simple Post Series
- Plugin:
- Simple Post Series
- Plugin Slug:
- simple-post-series
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28934
Simple Rating
- Plugin:
- Simple Rating
- Plugin Slug:
- simple-rating
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30572
Site Editor Google Map
- Plugin:
- Site Editor Google Map
- Plugin Slug:
- site-editor-google-map
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23466
Sleekplan
- Plugin:
- Sleekplan
- Plugin Slug:
- sleekplan
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23469
SoundCloud Ultimate
- Plugin:
- SoundCloud Ultimate
- Plugin Slug:
- soundcloud-ultimate
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30542
sourceplay-navermap
- Plugin:
- sourceplay-navermap
- Plugin Slug:
- sourceplay-navermap
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30605
SpatialMatch IDX
- Plugin:
- SpatialMatch IDX
- Plugin Slug:
- spatialmatch-free-lifestyle-search
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28921
SpeakPipe
- Plugin:
- SpeakPipe
- Plugin Slug:
- speakpipe-voicemail-for-websites
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30619
STEdb Forms
- Plugin:
- STEdb Forms
- Plugin Slug:
- stedb-forms
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30571
Stencies
- Plugin:
- Stencies
- Plugin Slug:
- stencies
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22356
Super Simple Subscriptions
- Plugin:
- Super Simple Subscriptions
- Plugin Slug:
- super-simple-subscriptions
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30523
SUPER RESPONSIVE SLIDER
- Plugin:
- SUPER RESPONSIVE SLIDER
- Plugin Slug:
- super-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22575
Super Static Cache
- Plugin:
- Super Static Cache
- Plugin Slug:
- super-static-cache
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30568
Teleport
- Plugin:
- Teleport
- Plugin Slug:
- teleport
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28855
Translator
- Plugin:
- Translator
- Plugin Slug:
- translator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30621
Trust Payments Gateway for WooCommerce
- Plugin:
- Trust Payments Gateway for WooCommerce
- Plugin Slug:
- trust-payments-hosted-payment-pages-integration
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-28942
Typekit plugin for WordPress
- Plugin:
- Typekit plugin for WordPress
- Plugin Slug:
- typekit
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30526
Top Bar
- Plugin:
- Top Bar
- Plugin Slug:
- ultimate-bar
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30581
ULTIMATE VIDEO GALLERY
- Plugin:
- ULTIMATE VIDEO GALLERY
- Plugin Slug:
- ultimate-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22566
Upload Quota per User
- Plugin:
- Upload Quota per User
- Plugin Slug:
- upload-quota-per-user
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30537
Visual Text Editor
- Plugin:
- Visual Text Editor
- Plugin Slug:
- visual-text-editor
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-28893
wA11y – The Web Accessibility Toolbox
- Plugin:
- wA11y – The Web Accessibility Toolbox
- Plugin Slug:
- wa11y
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30623
Já-Já Pagamentos for WooCommerce
- Plugin:
- Já-Já Pagamentos for WooCommerce
- Plugin Slug:
- wc-ja-ja-pagamentos-multicaixa-express
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-51624
WooCommerce Multivendor Marketplace – REST API
- Plugin:
- WooCommerce Multivendor Marketplace – REST API
- Plugin Slug:
- wcfm-marketplace-rest-api
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-1311
Weather Layer
- Plugin:
- Weather Layer
- Plugin Slug:
- weather-layer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30532
Bitcoin / AltCoin Payment Gateway for WooCommerce
- Plugin:
- Bitcoin / AltCoin Payment Gateway for WooCommerce
- Plugin Slug:
- woo-altcoin-payment-gateway
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26541
WordPress Admin Bar Improved
- Plugin:
- WordPress Admin Bar Improved
- Plugin Slug:
- wordpress-admin-bar-improved
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30552
Secure Invites
- Plugin:
- Secure Invites
- Plugin Slug:
- wordpress-mu-secure-invites
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26559
WordPress SQL Backup
- Plugin:
- WordPress SQL Backup
- Plugin Slug:
- wordpress-sql-backup
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30608
Theme Demo Bar
- Plugin:
- Theme Demo Bar
- Plugin Slug:
- wordpress-theme-demo-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-25134
Ads24 Lite
- Plugin:
- Ads24 Lite
- Plugin Slug:
- wp-ad-management
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23458
WP Azure offload
- Plugin:
- WP Azure offload
- Plugin Slug:
- wp-azure-offload
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22360
WP Colorful Tag Cloud
- Plugin:
- WP Colorful Tag Cloud
- Plugin Slug:
- wp-colorful-tag-cloud
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28865
WP Contact Form III
- Plugin:
- WP Contact Form III
- Plugin Slug:
- wp-contact-form-iii
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26560
WP e-Commerce Style Email
- Plugin:
- WP e-Commerce Style Email
- Plugin Slug:
- wp-e-commerce-style-email
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-30615
WP Featured Entries
- Plugin:
- WP Featured Entries
- Plugin Slug:
- wp-featured-entries
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30569
FoodBakery
- Plugin:
- FoodBakery
- Plugin Slug:
- wp-foodbakery
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13933
WP Google Calendar Manager
- Plugin:
- WP Google Calendar Manager
- Plugin Slug:
- wp-gcalendar
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28939
WP Hotjar
- Plugin:
- WP Hotjar
- Plugin Slug:
- wp-hotjar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30600
WP Multistore Locator
- Plugin:
- WP Multistore Locator
- Plugin Slug:
- wp-multi-store-locator
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-28898
WP Odoo Form Integrator
- Plugin:
- WP Odoo Form Integrator
- Plugin Slug:
- wp-odoo-form-integrator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30620
WP Parallax Content Slider
- Plugin:
- WP Parallax Content Slider
- Plugin Slug:
- wp-parallax-content-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30599
WP Profitshare
- Plugin:
- WP Profitshare
- Plugin Slug:
- wp-profitshare
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30525
WP Ride Booking
- Plugin:
- WP Ride Booking
- Plugin Slug:
- wp-ride-booking
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30531
WP Social Widget
- Plugin:
- WP Social Widget
- Plugin Slug:
- wp-social-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30610
WordPres ????
- Plugin:
- WordPres ????
- Plugin Slug:
- wp2wb
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-30555
WP Event Ticketing
- Plugin:
- WP Event Ticketing
- Plugin Slug:
- wpeventticketing
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28899
Your Lightbox
- Plugin:
- Your Lightbox
- Plugin Slug:
- your-lightbox
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23704
Yummly Rich Recipes
- Plugin:
- Yummly Rich Recipes
- Plugin Slug:
- yummly-rich-recipes
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-30549
Zalo Live Chat
- Plugin:
- Zalo Live Chat
- Plugin Slug:
- zalo-live-chat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26542
ZD Scribd iPaper
- Plugin:
- ZD Scribd iPaper
- Plugin Slug:
- zd-scribd-ipaper
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23757
ZenphotoPress
- Plugin:
- ZenphotoPress
- Plugin Slug:
- zenphotopress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-28924
ZhinaTwitterWidget
- Plugin:
- ZhinaTwitterWidget
- Plugin Slug:
- zhina-twitter-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23719
Zielke Design Project Gallery
- Plugin:
- Zielke Design Project Gallery
- Plugin Slug:
- zielke-design-project-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-23705
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
- Plugin Slug:
- ml-slider
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.95.0
- Severity Score:
- Medium
- CVE:
- 2025-1062
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
- Plugin Slug:
- fluentform
- Installations
- 500,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 6.0.0
- Severity Score:
- Medium
- CVE:
- 2024-13666
GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD
- Plugin Slug:
- gdpr-cookie-compliance
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.15.9
- Severity Score:
- Medium
- CVE:
- 2025-1623
WP Ghost (Hide My WP Ghost) – Security & Firewall
- Plugin Slug:
- hide-my-wp
- Installations
- 200,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.4.02
- Severity Score:
- Critical
- CVE:
- 2025-26909
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
- Plugin Slug:
- photo-gallery
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.33
- Severity Score:
- Medium
- CVE:
- 2024-13124
Custom Twitter Feeds – A Tweets Widget or X Feed Widget
- Plugin Slug:
- custom-twitter-feeds
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
- 2025-1314
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.22.2
- Severity Score:
- Medium
- CVE:
- 2025-2331
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.22.1
- Severity Score:
- Medium
- CVE:
- 2025-2025
Pods – Custom Content Types and Fields
- Plugin Slug:
- pods
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.2.8.2
- Severity Score:
- High
- CVE:
- 2025-1446
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.4
- Severity Score:
- Medium
- CVE:
- 2025-1802
Nested Pages
- Plugin:
- Nested Pages
- Plugin Slug:
- wp-nested-pages
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.13
- Severity Score:
- Medium
- CVE:
- 2025-0718
Site Reviews
- Plugin:
- Site Reviews
- Plugin Slug:
- site-reviews
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.2.5
- Severity Score:
- High
- CVE:
- 2025-1232
Export and Import Users and Customers
- Plugin Slug:
- users-customers-import-export-for-wp-woocommerce
- Installations
- 60,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.6.3
- Severity Score:
- Low
- CVE:
- 2025-1973
Export and Import Users and Customers
- Plugin Slug:
- users-customers-import-export-for-wp-woocommerce
- Installations
- 60,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.6.3
- Severity Score:
- High
- CVE:
- 2025-1971
Export and Import Users and Customers
- Plugin Slug:
- users-customers-import-export-for-wp-woocommerce
- Installations
- 60,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 2.6.3
- Severity Score:
- Low
- CVE:
- 2025-1972
Export and Import Users and Customers
- Plugin Slug:
- users-customers-import-export-for-wp-woocommerce
- Installations
- 60,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.6.3
- Severity Score:
- Medium
- CVE:
- 2025-1970
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
- Plugin Slug:
- easy-digital-downloads
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.3.7
- Severity Score:
- Medium
- CVE:
- 2025-2252
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.30
- Severity Score:
- Medium
- CVE:
- 2024-10558
Order Export & Order Import for WooCommerce
- Plugin Slug:
- order-import-export-for-woocommerce
- Installations
- 50,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.6.1
- Severity Score:
- Medium
- CVE:
- 2024-13920
Order Export & Order Import for WooCommerce
- Plugin Slug:
- order-import-export-for-woocommerce
- Installations
- 50,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.6.1
- Severity Score:
- High
- CVE:
- 2024-13921
Order Export & Order Import for WooCommerce
- Plugin Slug:
- order-import-export-for-woocommerce
- Installations
- 50,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 2.6.1
- Severity Score:
- Low
- CVE:
- 2024-13922
Order Export & Order Import for WooCommerce
- Plugin Slug:
- order-import-export-for-woocommerce
- Installations
- 50,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.6.1
- Severity Score:
- Medium
- CVE:
- 2024-13923
Age Gate
Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
- Plugin Slug:
- gs-logo-slider
- Installations
- 30,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 3.7.4
- Severity Score:
- High
- CVE:
- 2025-2262
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
- Plugin Slug:
- wp-marketing-automations
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.5.2
- Severity Score:
- Critical
- CVE:
- 2025-2186
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
- Plugin Slug:
- directorist
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.3
- Severity Score:
- Medium
- CVE:
- 2025-2224
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes
- Plugin Slug:
- lifterlms
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.0.2
- Severity Score:
- Medium
- CVE:
- 2025-2290
Event Manager, Events Calendar, Tickets, Registrations – Eventin
- Plugin Slug:
- wp-event-solution
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.25
- Severity Score:
- Medium
- CVE:
- 2025-1766
Event Manager, Events Calendar, Tickets, Registrations – Eventin
- Plugin Slug:
- wp-event-solution
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.0.25
- Severity Score:
- High
- CVE:
- 2025-1770
NP Quote Request for WooCommerce
- Plugin:
- NP Quote Request for WooCommerce
- Plugin Slug:
- woo-rfq-for-woocommerce
- Installations
- 9,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.9.180
- Severity Score:
- High
- CVE:
- 2024-13558
WP Compress – Instant Performance & Speed Optimization
- Plugin Slug:
- wp-compress-image-optimizer
- Installations
- 8,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 6.30.16
- Severity Score:
- Medium
- CVE:
- 2025-2109
Poll Maker – Versus Polls, Anonymous Polls, Image Polls
- Plugin Slug:
- poll-maker
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.4
- Severity Score:
- Medium
- CVE:
- 2024-13602
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.9.4.8
- Severity Score:
- High
- CVE:
- 2025-0723
Newsletters
- Plugin:
- Newsletters
- Plugin Slug:
- newsletters-lite
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.9.8
- Severity Score:
- High
- CVE:
- 2024-13739
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
- Plugin Slug:
- tripetto
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.0.10
- Severity Score:
- Medium
- CVE:
- 2025-1530
Digital License Manager
- Plugin:
- Digital License Manager
- Plugin Slug:
- digital-license-manager
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.4
- Severity Score:
- High
- CVE:
- 2025-2635
Web Directory Free
- Plugin:
- Web Directory Free
- Plugin Slug:
- web-directory-free
- Installations
- 500+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.7.7
- Severity Score:
- Critical
- CVE:
- 2025-28904
MemberSpace – Membership Plugin and Paid Subscriptions
- Plugin Slug:
- memberspace
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.14
- Severity Score:
- High
- CVE:
- 2025-26874
Formality
- Plugin:
- Formality
- Plugin Slug:
- formality
- Installations
- 200+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.5.8
- Severity Score:
- High
- CVE:
- 2025-24690
Your Friendly Drag and Drop Page Builder — Make Builder
- Plugin Slug:
- make-builder
- Installations
- 200+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.1.11
- Severity Score:
- Medium
- CVE:
- 2024-13856
DICOM Support
- Plugin:
- DICOM Support
- Plugin Slug:
- dicom-support
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.10.7
- Severity Score:
- Medium
- CVE:
- 2024-12623
Your Simple SVG Support
- Plugin:
- Your Simple SVG Support
- Plugin Slug:
- your-simple-svg-support
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2025-2542
Bitspecter Suite
- Plugin:
- Bitspecter Suite
- Plugin Slug:
- bitspecter-suite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
- 2025-2577
BoomBox Theme Extensions
- Plugin:
- BoomBox Theme Extensions
- Plugin Slug:
- boombox-theme-extensions
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.8.1
- Severity Score:
- High
- CVE:
- 2024-12295
Service Finder Booking
- Plugin:
- Service Finder Booking
- Plugin Slug:
- sf-booking
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 5.1
- Severity Score:
- Critical
- CVE:
- 2024-13442
FoodBakery
- Plugin:
- FoodBakery
- Plugin Slug:
- wp-foodbakery
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.8
- Severity Score:
- High
- CVE:
- 2024-12920
WordPress Themes — 5 Patched / 9 Unpatched
AuraMart
- Theme:
- AuraMart
- Theme Slug:
- auramart
- Downloads
- 802
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26922
Hester
- Theme:
- Hester
- Theme Slug:
- hester
- Downloads
- 7,268
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26734
MorningTime Lite
- Theme:
- MorningTime Lite
- Theme Slug:
- morningtime-lite
- Downloads
- 40,087
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26736
StoreBiz
- Theme:
- StoreBiz
- Theme Slug:
- storebiz
- Downloads
- 102,239
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26732
Build
- Theme:
- Build
- Theme Slug:
- build
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26869
City Store
- Theme:
- City Store
- Theme Slug:
- city-store
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26737
newseqo
- Theme:
- newseqo
- Theme Slug:
- newseqo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26739
RainbowNews
- Theme:
- RainbowNews
- Theme Slug:
- rainbownews
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-26747
Whitish Lite
- Theme:
- Whitish Lite
- Theme Slug:
- whitish-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-22278
Altair
- Theme:
- Altair
- Theme Slug:
- altair
- Vulnerability:
- Settings Change
- Patched in Version:
- 5.2.5
- Severity Score:
- Critical
- CVE:
- 2024-12922
CozyStay
- Theme:
- CozyStay
- Theme Slug:
- cozystay
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.1
- Severity Score:
- High
- CVE:
- 2024-13412
CozyStay
- Theme:
- CozyStay
- Theme Slug:
- cozystay
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.7.1
- Severity Score:
- Critical
- CVE:
- 2024-13410
MinimogWP
- Theme:
- MinimogWP
- Theme Slug:
- minimog
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.8.0
- Severity Score:
- Critical
- CVE:
- 2024-13790
TinySalt
- Theme:
- TinySalt
- Theme Slug:
- tinysalt
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.10.0
- Severity Score:
- Critical
- CVE:
- 2024-13410
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
