In this report, 281 vulnerabilities have been publicly disclosed. Security patches for 56 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 225 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 7.0 Beta 2 is now available for testing. As this is a pre-release version, it is intended for testing and development only and should not be installed on production or mission-critical sites. Organizations should use local or staging environments to evaluate compatibility and new features before the final rollout.
The full release of WordPress 7.0 is currently scheduled for April 9, 2026. You can find the complete release schedule and technical testing details in the official announcement.
WordPress Plugins — 50 Patched / 58 Unpatched
W3 Total Cache
- Plugin:
- W3 Total Cache
- Plugin Slug:
- w3-total-cache
- Installations
- 900,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27384
Royal Addons for Elementor – Addons and Templates Kit for Elementor
- Plugin Slug:
- royal-elementor-addons
- Installations
- 600,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28135
SiteGuard WP Plugin
- Plugin:
- SiteGuard WP Plugin
- Plugin Slug:
- siteguard
- Installations
- 600,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-27411
Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets
- Plugin Slug:
- widget-options
- Installations
- 100,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27984
NextScripts: Social Networks Auto-Poster
- Plugin Slug:
- social-networks-auto-poster-facebook-twitter-g
- Installations
- 30,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27379
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent
- Plugin Slug:
- tablesome
- Installations
- 9,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27373
Builderall for WordPress
- Plugin:
- Builderall for WordPress
- Plugin Slug:
- builderall-cheetah-for-wp
- Installations
- 1,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-22390
Directory Listings WordPress plugin – uListing
- Plugin Slug:
- ulisting
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-28078
Filr – Secure document library
- Plugin:
- Filr – Secure document library
- Plugin Slug:
- filr-protection
- Installations
- 800+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28133
Scientific and Interactive Blocks – inseri core
- Plugin Slug:
- inseri-core
- Installations
- 80+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-27344
Site Suggest
- Plugin:
- Site Suggest
- Plugin Slug:
- site-suggest
- Installations
- 30+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-28104
Super Stage WP
- Plugin:
- Super Stage WP
- Plugin Slug:
- super-stage-wp
- Installations
- 10+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-1542
WP Attractive Donations System – Easy Stripe & Paypal donations
- Plugin:
- WP Attractive Donations System – Easy Stripe & Paypal donations
- Plugin Slug:
- WP_AttractiveDonationsSystem
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-28115
AllInOne – Banner Rotator
- Plugin:
- AllInOne – Banner Rotator
- Plugin Slug:
- all-in-one-bannerRotator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28112
LambertGroup – AllInOne – Banner with Playlist
- Plugin:
- LambertGroup – AllInOne – Banner with Playlist
- Plugin Slug:
- all-in-one-bannerWithPlaylist
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28110
LambertGroup – AllInOne – Content Slider
- Plugin:
- LambertGroup – AllInOne – Content Slider
- Plugin Slug:
- all-in-one-contentSlider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28109
LambertGroup – AllInOne – Banner with Thumbnails
- Plugin:
- LambertGroup – AllInOne – Banner with Thumbnails
- Plugin Slug:
- all-in-one-thumbnailsBanner
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28108
Awa Plugins
- Plugin:
- Awa Plugins
- Plugin Slug:
- awa-plugins
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27359
Cost Calculator Pro
- Plugin:
- Cost Calculator Pro
- Plugin Slug:
- cost-calculator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-2506
Custom Logo
- Plugin:
- Custom Logo
- Plugin Slug:
- custom-logo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-2499
DesignThemes Booking Manager
- Plugin:
- DesignThemes Booking Manager
- Plugin Slug:
- designthemes-booking-manager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27388
DesignThemes Directory Addon
- Plugin:
- DesignThemes Directory Addon
- Plugin Slug:
- designthemes-directory-addon
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27386
DesignThemes Portfolio
- Plugin:
- DesignThemes Portfolio
- Plugin Slug:
- designthemes-portfolio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27385
Directory Pro
- Plugin:
- Directory Pro
- Plugin Slug:
- directory-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27396
Eagle Booking
- Plugin:
- Eagle Booking
- Plugin Slug:
- eagle-booking
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27428
Easy Author Image
- Plugin:
- Easy Author Image
- Plugin Slug:
- easy-author-image
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1373
Electric Enquiries
- Plugin:
- Electric Enquiries
- Plugin Slug:
- electric-enquiries
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-14142
EventON
- Plugin:
- EventON
- Plugin Slug:
- eventon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28037
Ultimate Learning Pro
- Plugin:
- Ultimate Learning Pro
- Plugin Slug:
- indeed-learning-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28113
iXML
- Plugin:
- iXML
- Plugin Slug:
- ixml
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-14076
Lawyer Directory
- Plugin:
- Lawyer Directory
- Plugin Slug:
- lawyer-directory
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28127
LBG Zoominoutslider
- Plugin:
- LBG Zoominoutslider
- Plugin Slug:
- lbg_zoominoutslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28103
ListingPro
- Plugin:
- ListingPro
- Plugin Slug:
- listingpro-plugin
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28122
LMS Elementor Pro
- Plugin:
- LMS Elementor Pro
- Plugin Slug:
- lms-elementor-pro
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27983
OVRI Payment
- Plugin:
- OVRI Payment
- Plugin Slug:
- moneytigo
- Vulnerability:
- Backdoor
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10938
Profile Builder Pro
- Plugin:
- Profile Builder Pro
- Plugin Slug:
- profile-builder-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27413
Responsive Posts Carousel Pro
- Plugin:
- Responsive Posts Carousel Pro
- Plugin Slug:
- responsive-posts-carousel-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27361
RH Frontend Publishing Pro
- Plugin:
- RH Frontend Publishing Pro
- Plugin Slug:
- rh-frontend
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28126
Rise Blocks
- Plugin:
- Rise Blocks
- Plugin Slug:
- rise-blocks
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1614
TP2WP Importer
- Plugin:
- TP2WP Importer
- Plugin Slug:
- tp2wp-importer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-2489
UberSlider Classic
- Plugin:
- UberSlider Classic
- Plugin Slug:
- uberSlider_classic
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28102
UberSlider MouseInteraction
- Plugin:
- UberSlider MouseInteraction
- Plugin Slug:
- uberSlider_mouseinteraction
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28101
UberSlider PerpetuumMobile
- Plugin:
- UberSlider PerpetuumMobile
- Plugin Slug:
- uberSlider_perpetuummobile
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28100
UberSlider Ultra
- Plugin:
- UberSlider Ultra
- Plugin Slug:
- uberSlider_ultra
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28099
Ultimate Addons for WPBakery Page Builder
- Plugin:
- Ultimate Addons for WPBakery Page Builder
- Plugin Slug:
- ultimate_vc_addons
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-28038
WP Bakery Autoresponder Addon
- Plugin:
- WP Bakery Autoresponder Addon
- Plugin Slug:
- vc-autoresponder-addon
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-27362
WP Bakery Autoresponder Addon
- Plugin:
- WP Bakery Autoresponder Addon
- Plugin Slug:
- vc-autoresponder-addon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27363
WeDesignTech Ultimate Booking Addon
- Plugin:
- WeDesignTech Ultimate Booking Addon
- Plugin Slug:
- wedesigntech-ultimate-booking-addon
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27389
WeDesignTech Ultimate Booking Addon
- Plugin:
- WeDesignTech Ultimate Booking Addon
- Plugin Slug:
- wedesigntech-ultimate-booking-addon
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27390
WooCommerce Coming Soon Product with Countdown
- Plugin:
- WooCommerce Coming Soon Product with Countdown
- Plugin Slug:
- woo-coming-soon-product
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-27354
WooCommerce Order Details
- Plugin:
- WooCommerce Order Details
- Plugin Slug:
- woocommerce-order-details
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27374
Worry Proof Backup
- Plugin:
- Worry Proof Backup
- Plugin Slug:
- worry-proof-backup
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-1311
WP Ad Guru
- Plugin:
- WP Ad Guru
- Plugin Slug:
- wp-ad-guru
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12411
Conditional CAPTCHA
- Plugin:
- Conditional CAPTCHA
- Plugin Slug:
- wp-conditional-captcha
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-1369
WP eMember
- Plugin:
- WP eMember
- Plugin Slug:
- wp-eMember
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28073
WP Responsive Images
- Plugin:
- WP Responsive Images
- Plugin Slug:
- wp-responsive-images
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-1557
WP Social Meta
- Plugin:
- WP Social Meta
- Plugin Slug:
- wp-social-meta
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-2498
xmlrpc attacks blocker
- Plugin:
- xmlrpc attacks blocker
- Plugin Slug:
- xmlrpc-attacks-blocker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-2502
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor
- Plugin Slug:
- elementskit-lite
- Installations
- 2,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.9
- Severity Score:
- Medium
- CVE:
- 2026-23693
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.15.16.1
- Severity Score:
- Medium
- CVE:
- 2026-2694
Page Builder by SiteOrigin
- Plugin:
- Page Builder by SiteOrigin
- Plugin Slug:
- siteorigin-panels
- Installations
- 500,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.34.0
- Severity Score:
- High
- CVE:
- 2026-2448
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty
- Plugin Slug:
- chaty
- Installations
- 400,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.5.2
- Severity Score:
- High
- CVE:
- 2026-27370
WP Mail Logging
- Plugin:
- WP Mail Logging
- Plugin Slug:
- wp-mail-logging
- Installations
- 300,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.16
- Severity Score:
- Critical
- CVE:
- 2026-2471
Post Duplicator
- Plugin:
- Post Duplicator
- Plugin Slug:
- post-duplicator
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.9
- Severity Score:
- Medium
- CVE:
- 2026-2301
AI Engine – The Chatbot, AI Framework & MCP for WordPress
- Plugin Slug:
- ai-engine
- Installations
- 100,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.3.3
- Severity Score:
- Critical
- CVE:
- 2026-23802
Disable Admin Notices – Hide Dashboard Notifications
- Plugin Slug:
- disable-admin-notices
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.3
- Severity Score:
- Medium
- CVE:
- 2026-2410
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.2.8
- Severity Score:
- High
- CVE:
- 2026-1487
Responsive Lightbox & Gallery
- Plugin:
- Responsive Lightbox & Gallery
- Plugin Slug:
- responsive-lightbox
- Installations
- 100,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.7.2
- Severity Score:
- Medium
- CVE:
- 2026-2479
Responsive Lightbox & Gallery
- Plugin:
- Responsive Lightbox & Gallery
- Plugin Slug:
- responsive-lightbox
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.1
- Severity Score:
- High
- CVE:
- 2025-15386
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.4.8
- Severity Score:
- Medium
- CVE:
- 2026-2385
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.9.7
- Severity Score:
- Critical
- CVE:
- 2025-13673
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.6
- Severity Score:
- Medium
- CVE:
- 2026-23799
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
- Plugin Slug:
- user-registration
- Installations
- 60,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 5.1.3
- Severity Score:
- High
- CVE:
- 2026-1779
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
- Plugin Slug:
- user-registration
- Installations
- 60,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.1.3
- Severity Score:
- Medium
- CVE:
- 2026-2356
WP Accessibility
- Plugin:
- WP Accessibility
- Plugin Slug:
- wp-accessibility
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.2
- Severity Score:
- Medium
- CVE:
- 2026-2362
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
- Plugin Slug:
- uncanny-automator
- Installations
- 50,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 7.1.0
- Severity Score:
- High
- CVE:
- 2026-2269
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 10.3.3
- Severity Score:
- Medium
- CVE:
- 2026-1558
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 10.3.0
- Severity Score:
- Medium
- CVE:
- 2025-14742
Simple Membership
- Plugin:
- Simple Membership
- Plugin Slug:
- simple-membership
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.7.1
- Severity Score:
- Medium
- CVE:
- 2026-1461
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
- Plugin Slug:
- wp-simple-firewall
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 21.0.10
- Severity Score:
- High
- CVE:
- 2026-0561
PowerPress Podcasting plugin by Blubrry
- Plugin Slug:
- powerpress
- Installations
- 30,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 11.15.11
- Severity Score:
- High
- CVE:
- 2026-23798
Xpro Addons — 140+ Widgets for Elementor
- Plugin Slug:
- xpro-elementor-addons
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.25
- Severity Score:
- Medium
- CVE:
- 2025-14149
Secure Copy Content Protection and Content Locking
- Plugin Slug:
- secure-copy-content-protection
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.2
- Severity Score:
- Medium
- CVE:
- 2026-2367
Simple Download Monitor
- Plugin:
- Simple Download Monitor
- Plugin Slug:
- simple-download-monitor
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.6
- Severity Score:
- Medium
- CVE:
- 2026-2383
WP Customer Reviews
- Plugin:
- WP Customer Reviews
- Plugin Slug:
- wp-customer-reviews
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.6
- Severity Score:
- High
- CVE:
- 2025-14452
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration
- Plugin:
- User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration
- Plugin Slug:
- wp-user-frontend
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.2.9
- Severity Score:
- High
- CVE:
- 2026-1565
WPZOOM Addons for Elementor – Starter Templates & Widgets
- Plugin Slug:
- wpzoom-elementor-addons
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.5
- Severity Score:
- High
- CVE:
- 2026-2295
Advanced Woo Labels – Product Labels & Badges for WooCommerce
- Plugin Slug:
- advanced-woo-labels
- Installations
- 10,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 2.37
- Severity Score:
- High
- CVE:
- 2026-1929
Classified Listing – AI-Powered Classified ads & Business Directory Plugin
- Plugin Slug:
- classified-listing
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.3.5
- Severity Score:
- Medium
- CVE:
- 2026-23546
Japanized for WooCommerce
- Plugin:
- Japanized for WooCommerce
- Plugin Slug:
- woocommerce-for-japan
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.5
- Severity Score:
- Medium
- CVE:
- 2026-1305
Analytics Cat – Google Analytics Made Easy
- Plugin Slug:
- analytics-cat
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.3
- Severity Score:
- High
- CVE:
- 2024-12072
Geo Mashup
- Plugin:
- Geo Mashup
- Plugin Slug:
- geo-mashup
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.13.18
- Severity Score:
- Critical
- CVE:
- 2026-2416
WPGSI: Spreadsheet Integration
- Plugin:
- WPGSI: Spreadsheet Integration
- Plugin Slug:
- wpgsi
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.8.4
- Severity Score:
- High
- CVE:
- 2026-1916
Ebook Store
- Plugin:
- Ebook Store
- Plugin Slug:
- ebook-store
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.8002
- Severity Score:
- High
- CVE:
- 2024-12262
My Tickets – Accessible Event Ticketing
- Plugin Slug:
- my-tickets
- Installations
- 700+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.1.1
- Severity Score:
- High
- CVE:
- 2026-27406
Theater for WordPress
- Plugin:
- Theater for WordPress
- Plugin Slug:
- theatre
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.19.1
- Severity Score:
- Medium
- CVE:
- 2025-69343
AI ChatBot with ChatGPT and Content Generator by AYS
- Plugin Slug:
- ays-chatgpt-assistant
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.6
- Severity Score:
- Medium
- CVE:
- 2026-1336
MailArchiver
- Plugin:
- MailArchiver
- Plugin Slug:
- mailarchiver
- Installations
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.5.1
- Severity Score:
- High
- CVE:
- 2026-2831
PKT1 Centro de envios
- Plugin:
- PKT1 Centro de envios
- Plugin Slug:
- pkt1-centro-de-envios
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.2
- Severity Score:
- High
- CVE:
- 2024-11806
Planaday API
- Plugin:
- Planaday API
- Plugin Slug:
- planaday-api
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 11.5
- Severity Score:
- High
- CVE:
- 2024-11804
Fluent Forms Pro Add On Pack
- Plugin:
- Fluent Forms Pro Add On Pack
- Plugin Slug:
- fluentformpro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.1.18
- Severity Score:
- High
- CVE:
- 2026-2428
WooCommerce License Manager
- Plugin:
- WooCommerce License Manager
- Plugin Slug:
- fs-license-manager
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 7.0.7
- Severity Score:
- Critical
- CVE:
- 2026-28114
JetEngine
- Plugin:
- JetEngine
- Plugin Slug:
- jet-engine
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 3.8.1.2
- Severity Score:
- High
- CVE:
- 2026-28134
pixfort Core
- Plugin:
- pixfort Core
- Plugin Slug:
- pixfort-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.26
- Severity Score:
- Medium
- CVE:
- 2026-28071
pixfort Core
- Plugin:
- pixfort Core
- Plugin Slug:
- pixfort-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.26
- Severity Score:
- High
- CVE:
- 2026-28072
Really Simple Security Pro
- Plugin:
- Really Simple Security Pro
- Plugin Slug:
- really-simple-ssl-pro
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 9.5.4.1
- Severity Score:
- Medium
- CVE:
- 2026-27397
Riode Core
- Plugin:
- Riode Core
- Plugin Slug:
- riode-core
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.6.27
- Severity Score:
- Critical
- CVE:
- 2025-69338
WeDesignTech Ultimate Booking Addon
- Plugin:
- WeDesignTech Ultimate Booking Addon
- Plugin Slug:
- wedesigntech-ultimate-booking-addon
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.4
- Severity Score:
- High
- CVE:
- 2025-69340
WordPress Themes — 6 Patched / 167 Unpatched
Nirvana
- Theme:
- Nirvana
- Theme Slug:
- nirvana
- Downloads
- 773,853
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28119
OsTende
- Theme:
- OsTende
- Theme Slug:
- ostende
- Downloads
- 8,315
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27986
Alchemists
- Theme:
- Alchemists
- Theme Slug:
- alchemists
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27334
Aldo
- Theme:
- Aldo
- Theme Slug:
- aldo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27993
Alliance
- Theme:
- Alliance
- Theme Slug:
- alliance
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22443
Anderson
- Theme:
- Anderson
- Theme Slug:
- andersonclinic
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28121
Aora
- Theme:
- Aora
- Theme Slug:
- aora
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27381
Apollo | Night Club, DJ Event WordPress Theme
- Theme:
- Apollo | Night Club, DJ Event WordPress Theme
- Theme Slug:
- apollo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27340
Aqualots
- Theme:
- Aqualots
- Theme Slug:
- aqualots
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28088
Architecturer
- Theme:
- Architecturer
- Theme Slug:
- architecturer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27358
Artrium
- Theme:
- Artrium
- Theme Slug:
- artrium
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28097
Asia Garden
- Theme:
- Asia Garden
- Theme Slug:
- asia-garden
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28063
Aviana
- Theme:
- Aviana
- Theme Slug:
- aviana
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22387
Avventure
- Theme:
- Avventure
- Theme Slug:
- avventure
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27991
Bassein
- Theme:
- Bassein
- Theme Slug:
- bassein
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28067
Bazinga
- Theme:
- Bazinga
- Theme Slug:
- bazinga
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28084
Beacon
- Theme:
- Beacon
- Theme Slug:
- beacon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28050
Bonbon
- Theme:
- Bonbon
- Theme Slug:
- bonbon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28030
Buzz Stone | Magazine & Viral Blog WordPress Theme
- Theme:
- Buzz Stone | Magazine & Viral Blog WordPress Theme
- Theme Slug:
- buzzstone
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27339
Celeste
- Theme:
- Celeste
- Theme Slug:
- celeste
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27369
Miller
- Theme:
- Miller
- Theme Slug:
- christine-miller
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28053
Chroma
- Theme:
- Chroma
- Theme Slug:
- chroma
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28020
Chronicle – Lifestyle Magazine & Blog WordPress Theme
- Theme:
- Chronicle – Lifestyle Magazine & Blog WordPress Theme
- Theme Slug:
- chronicle
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27337
Claue – Clean, Minimal Elementor WooCommerce Theme
- Theme:
- Claue – Clean, Minimal Elementor WooCommerce Theme
- Theme Slug:
- claue
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27376
CloudMe
- Theme:
- CloudMe
- Theme Slug:
- cloudme
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22433
Cocco
- Theme:
- Cocco
- Theme Slug:
- cocco
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22389
Coinpress
- Theme:
- Coinpress
- Theme Slug:
- coinpress
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28007
Coleo
- Theme:
- Coleo
- Theme Slug:
- coleo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28091
ConFix
- Theme:
- ConFix
- Theme Slug:
- confix
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27990
Conquerors
- Theme:
- Conquerors
- Theme Slug:
- conquerors
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28079
Consultor | Consulting, Accounting & Legal Counsel WordPress Theme
- Theme:
- Consultor | Consulting, Accounting & Legal Counsel WordPress Theme
- Theme Slug:
- consultor
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27336
Cortex
- Theme:
- Cortex
- Theme Slug:
- cortex
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22392
Craftis
- Theme:
- Craftis
- Theme Slug:
- craftis
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28021
Crown Art
- Theme:
- Crown Art
- Theme Slug:
- crown-art
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22434
Daiquiri
- Theme:
- Daiquiri
- Theme Slug:
- daiquiri
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28089
Dentario
- Theme:
- Dentario
- Theme Slug:
- dentario
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27439
Dermatology Clinic
- Theme:
- Dermatology Clinic
- Theme Slug:
- dermatology-clinic
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28059
Dixon
- Theme:
- Dixon
- Theme Slug:
- dixon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28058
Dolcino
- Theme:
- Dolcino
- Theme Slug:
- dolcino
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22410
Dr.Patterson
- Theme:
- Dr.Patterson
- Theme Slug:
- dr-patterson
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28120
DroneX
- Theme:
- DroneX
- Theme Slug:
- dronex
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28009
Edge Decor
- Theme:
- Edge Decor
- Theme Slug:
- edge-decor
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28064
Edifice
- Theme:
- Edifice
- Theme Slug:
- edifice
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28033
Eject
- Theme:
- Eject
- Theme Slug:
- eject
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28065
Ekoterra – NonProfit, Green Energy & Ecology Theme
- Theme:
- Ekoterra – NonProfit, Green Energy & Ecology Theme
- Theme Slug:
- ekoterra
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27335
ElectroServ
- Theme:
- ElectroServ
- Theme Slug:
- electroserv
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22435
EmojiNation
- Theme:
- EmojiNation
- Theme Slug:
- emojination
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28029
Eona
- Theme:
- Eona
- Theme Slug:
- eona
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22412
Equadio
- Theme:
- Equadio
- Theme Slug:
- equadio
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27988
Evently
- Theme:
- Evently
- Theme Slug:
- evently
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22394
Filmax
- Theme:
- Filmax
- Theme Slug:
- filmax
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28087
Fiorello
- Theme:
- Fiorello
- Theme Slug:
- fiorello
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22395
FixTeam
- Theme:
- FixTeam
- Theme Slug:
- fixteam
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22416
FlashMart
- Theme:
- FlashMart
- Theme Slug:
- flashmart
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28048
Fleur
- Theme:
- Fleur
- Theme Slug:
- fleur
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22397
Foodie
- Theme:
- Foodie
- Theme Slug:
- foodie
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28022
Gamezone
- Theme:
- Gamezone
- Theme Slug:
- gamezone
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28090
Gecko
- Theme:
- Gecko
- Theme Slug:
- gecko
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27375
Global Logistics
- Theme:
- Global Logistics
- Theme Slug:
- globallogistics
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28018
Good Energy
- Theme:
- Good Energy
- Theme Slug:
- goodenergy
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-28105
GoTravel
- Theme:
- GoTravel
- Theme Slug:
- gotravel
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22427
Grand News
- Theme:
- Grand News
- Theme Slug:
- grandnews
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27353
Great Lotus
- Theme:
- Great Lotus
- Theme Slug:
- great-lotus
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22418
Green Planet
- Theme:
- Green Planet
- Theme Slug:
- green-planet
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22439
Green Thumb
- Theme:
- Green Thumb
- Theme Slug:
- greenthumb
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28017
Gridiron
- Theme:
- Gridiron
- Theme Slug:
- gridiron
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28012
Grit
- Theme:
- Grit
- Theme Slug:
- grit
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28041
Guff
- Theme:
- Guff
- Theme Slug:
- guff
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28076
Happy Baby
- Theme:
- Happy Baby
- Theme Slug:
- happy-baby
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28062
Healer – Doctor, Clinic & Medical WordPress Theme
- Theme:
- Healer – Doctor, Clinic & Medical WordPress Theme
- Theme Slug:
- healer
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-28043
Helion
- Theme:
- Helion
- Theme Slug:
- helion
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28024
Helvig
- Theme:
- Helvig
- Theme Slug:
- helvig
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22436
Holmes
- Theme:
- Holmes
- Theme Slug:
- holmes
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22399
Honor
- Theme:
- Honor
- Theme Slug:
- honor
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22419
Horizon
- Theme:
- Horizon
- Theme Slug:
- horizon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22420
Humanum
- Theme:
- Humanum
- Theme Slug:
- humanum
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27985
Innovio
- Theme:
- Innovio
- Theme Slug:
- innovio
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22403
Invetex
- Theme:
- Invetex
- Theme Slug:
- invetex
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28031
Justicia
- Theme:
- Justicia
- Theme Slug:
- justicia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22408
Justitia
- Theme:
- Justitia
- Theme Slug:
- justitia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27995
Kayon
- Theme:
- Kayon
- Theme Slug:
- kayon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28027
Kingler
- Theme:
- Kingler
- Theme Slug:
- kingler
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27438
Kratz
- Theme:
- Kratz
- Theme Slug:
- kratz
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28013
Law Office
- Theme:
- Law Office
- Theme Slug:
- law-office
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28046
Legal Stone
- Theme:
- Legal Stone
- Theme Slug:
- legal-stone
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28054
Legrand
- Theme:
- Legrand
- Theme Slug:
- legrand
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28066
Le Truffe
- Theme:
- Le Truffe
- Theme Slug:
- letruffe
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28069
Lingvico
- Theme:
- Lingvico
- Theme Slug:
- lingvico
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27996
Listify
- Theme:
- Listify
- Theme Slug:
- listify
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28042
Little Birdies
- Theme:
- Little Birdies
- Theme Slug:
- little-birdies
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28129
Luxury Wine
- Theme:
- Luxury Wine
- Theme Slug:
- luxury-wine
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28016
Mahogany
- Theme:
- Mahogany
- Theme Slug:
- mahogany
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28085
Malgré
- Theme:
- Malgré
- Theme Slug:
- malgre
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22413
Mandala
- Theme:
- Mandala
- Theme Slug:
- mandala
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28057
Manoir
- Theme:
- Manoir
- Theme Slug:
- manoir
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28019
Marcell
- Theme:
- Marcell
- Theme Slug:
- marcell
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28095
Marra
- Theme:
- Marra
- Theme Slug:
- marra
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22414
Maxify
- Theme:
- Maxify
- Theme Slug:
- maxify
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27997
MCKinney’s Politics
- Theme:
- MCKinney’s Politics
- Theme Slug:
- mckinney-politics
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28056
Meals & Wheels
- Theme:
- Meals & Wheels
- Theme Slug:
- meals-wheels
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27992
MediCenter – Health Medical Clinic
- Theme:
- MediCenter – Health Medical Clinic
- Theme Slug:
- medicenter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28137
Metro
- Theme:
- Metro
- Theme Slug:
- metro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27382
Metro
- Theme:
- Metro
- Theme Slug:
- metro
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27383
Midi
- Theme:
- Midi
- Theme Slug:
- midi
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28125
MoneyFlow
- Theme:
- MoneyFlow
- Theme Slug:
- moneyflow
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28028
Motorix
- Theme:
- Motorix
- Theme Slug:
- motorix
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28026
Musico
- Theme:
- Musico
- Theme Slug:
- musico
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27367
Muzicon
- Theme:
- Muzicon
- Theme Slug:
- muzicon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28107
N7 | Golf Club Sports & Events
- Theme:
- N7 | Golf Club Sports & Events
- Theme Slug:
- n7-golf-club
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28045
Notarius
- Theme:
- Notarius
- Theme Slug:
- notarius
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28124
Nuts
- Theme:
- Nuts
- Theme Slug:
- nuts
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28023
Overton
- Theme:
- Overton
- Theme Slug:
- overton
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22405
Ozisti
- Theme:
- Ozisti
- Theme Slug:
- ozisti
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28093
Peter Mason
- Theme:
- Peter Mason
- Theme Slug:
- petermason
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28052
Photography
- Theme:
- Photography
- Theme Slug:
- photography
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27348
Pizza House
- Theme:
- Pizza House
- Theme Slug:
- pizzahouse
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-28074
Playa
- Theme:
- Playa
- Theme Slug:
- playa
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22437
Police Department
- Theme:
- Police Department
- Theme Slug:
- police-department
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28049
Porto
- Theme:
- Porto
- Theme Slug:
- porto
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28075
Printy
- Theme:
- Printy
- Theme Slug:
- printy
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28035
Progress
- Theme:
- Progress
- Theme Slug:
- progress
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28034
Quantum
- Theme:
- Quantum
- Theme Slug:
- quantum
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22421
Quanzo
- Theme:
- Quanzo
- Theme Slug:
- quanzo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27989
Ratatouille
- Theme:
- Ratatouille
- Theme Slug:
- ratatouille
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2026-28036
RexCoin
- Theme:
- RexCoin
- Theme Slug:
- rexcoin
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28094
Rhythmo
- Theme:
- Rhythmo
- Theme Slug:
- rhythmo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28068
Run Gran
- Theme:
- Run Gran
- Theme Slug:
- run-gran
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28086
Save Life
- Theme:
- Save Life
- Theme Slug:
- save-life
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28098
Scientia
- Theme:
- Scientia
- Theme Slug:
- scientia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28010
SetSail
- Theme:
- SetSail
- Theme Slug:
- setsail
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22423
Shaha
- Theme:
- Shaha
- Theme Slug:
- shaha
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22424
ShiftCV
- Theme:
- ShiftCV
- Theme Slug:
- shift-cv
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28015
smart SEO
- Theme:
- smart SEO
- Theme Slug:
- smartSEO
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28117
Sounder
- Theme:
- Sounder
- Theme Slug:
- sounder
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28092
Stargaze
- Theme:
- Stargaze
- Theme Slug:
- stargaze
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28025
Starto
- Theme:
- Starto
- Theme Slug:
- starto
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27352
S.King
- Theme:
- S.King
- Theme Slug:
- stephanie-king
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28060
Sweet Jane
- Theme:
- Sweet Jane
- Theme Slug:
- sweetjane
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22425
Tediss
- Theme:
- Tediss
- Theme Slug:
- tediss
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27994
Tennis Club
- Theme:
- Tennis Club
- Theme Slug:
- tennis-sportclub
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2026-27437
The Mounty
- Theme:
- The Mounty
- Theme Slug:
- the-mounty
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22415
The Qlean
- Theme:
- The Qlean
- Theme Slug:
- the-qlean
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27987
Tiger Claw
- Theme:
- Tiger Claw
- Theme Slug:
- tiger-claw
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28061
Tooth Fairy
- Theme:
- Tooth Fairy
- Theme Slug:
- tooth-fairy
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22428
TopFit – Fitness and Gym WordPress Theme
- Theme:
- TopFit – Fitness and Gym WordPress Theme
- Theme Slug:
- topfit
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27342
TopScorer – Sports WordPress Theme
- Theme:
- TopScorer – Sports WordPress Theme
- Theme Slug:
- topscorer
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27341
Translogic
- Theme:
- Translogic
- Theme Slug:
- translogic
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28014
Tribe
- Theme:
- Tribe
- Theme Slug:
- tribe
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22442
Tuning
- Theme:
- Tuning
- Theme Slug:
- tuning
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28032
UDesign
- Theme:
- UDesign
- Theme Slug:
- u-design
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28130
Vapester
- Theme:
- Vapester
- Theme Slug:
- vapester
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28077
Veil
- Theme:
- Veil
- Theme Slug:
- veil
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28123
Verdure
- Theme:
- Verdure
- Theme Slug:
- verdure
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22429
Verse
- Theme:
- Verse
- Theme Slug:
- verse
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28128
Victo
- Theme:
- Victo
- Theme Slug:
- victo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28047
Vixus
- Theme:
- Vixus
- Theme Slug:
- vixus
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-27998
Wabi-Sabi
- Theme:
- Wabi-Sabi
- Theme Slug:
- wabi-sabi
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22431
WealthCo
- Theme:
- WealthCo
- Theme Slug:
- wealthco
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28096
Welldone
- Theme:
- Welldone
- Theme Slug:
- welldone
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28118
M.Williamson
- Theme:
- M.Williamson
- Theme Slug:
- williamson
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28055
Windsor
- Theme:
- Windsor
- Theme Slug:
- windsor
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28081
Wolmart
- Theme:
- Wolmart
- Theme Slug:
- wolmart
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22385
Woopy
- Theme:
- Woopy
- Theme Slug:
- woopy
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22432
Yacht Rental
- Theme:
- Yacht Rental
- Theme Slug:
- yacht-rental
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28051
Yottis
- Theme:
- Yottis
- Theme Slug:
- yottis
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28011
Yungen
- Theme:
- Yungen
- Theme Slug:
- yungen
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-28006
Zentrum
- Theme:
- Zentrum
- Theme Slug:
- zentrum
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2026-22441
Blocksy
Automotive Car Dealership Business
- Theme:
- Automotive Car Dealership Business
- Theme Slug:
- automotive
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 13.4.2
- Severity Score:
- Medium
- CVE:
- 2025-14040
Listee
- Theme:
- Listee
- Theme Slug:
- listee
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.1.7
- Severity Score:
- Critical
- CVE:
- 2025-12981
Molla
- Theme:
- Molla
- Theme Slug:
- molla
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.5.17
- Severity Score:
- High
- CVE:
- 2025-69339
Sweet Date
- Theme:
- Sweet Date
- Theme Slug:
- sweetdate
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.0.1
- Severity Score:
- Critical
- CVE:
- 2026-27417
The Issue
- Theme:
- The Issue
- Theme Slug:
- theissue
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.6.12
- Severity Score:
- High
- CVE:
- 2026-23801
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
