In this report, 359 vulnerabilities have been publicly disclosed. Security patches for 194 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 165 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.1 has been released! This maintenance release includes fixes for 15 bugs throughout Core and the Block Editor, addressing issues affecting multiple areas of WordPress, including the block editor, multisite, and REST API. For a full list, refer to the release candidate announcement.
Plus, WordCamp Europe 2025 lands in Basel, Switzerland, June 5-7! Connect with WordPress enthusiasts, developers, and pros for three days of learning, networking, and collaboration with the global community.
WordPress Plugins — 191 Patched / 150 Unpatched
TI WooCommerce Wishlist
- Plugin:
- TI WooCommerce Wishlist
- Plugin Slug:
- ti-woocommerce-wishlist
- Installations
- 100,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47577
TI WooCommerce Wishlist
- Plugin:
- TI WooCommerce Wishlist
- Plugin Slug:
- ti-woocommerce-wishlist
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-32920
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48341
WP Tabs – Responsive Tabs and Custom Product Tabs
- Plugin Slug:
- wp-expand-tabs-free
- Installations
- 10,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48134
WooCommerce POS – Point of Sale
- Plugin:
- WooCommerce POS – Point of Sale
- Plugin Slug:
- woocommerce-pos
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48117
Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
- Plugin Slug:
- salon-booking-system
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47583
Eventer
- Plugin:
- Eventer
- Plugin Slug:
- eventer
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39481
Eventer
- Plugin:
- Eventer
- Plugin Slug:
- eventer
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39482
ShayanWeb Admin FontChanger | ???????? ????? ???? ??????? ?????? ????? ??
- Plugin Slug:
- shayanweb-admin-fontchanger
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48114
Estatik Mortgage Calculator
- Plugin:
- Estatik Mortgage Calculator
- Plugin Slug:
- estatik-mortgage-calculator
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48136
RS WP Book Showcase – A Complete Book Catalogue & Library System
- Plugin Slug:
- rs-wp-books-showcase
- Installations
- 1,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48119
Simplelightbox
- Plugin:
- Simplelightbox
- Plugin Slug:
- simplelightbox
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5878
WP Notes Widget
- Plugin:
- WP Notes Widget
- Plugin Slug:
- wp-notes-widget
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48121
UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)
- Plugin Slug:
- ultraaddons-elementor-lite
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48131
ValidateCertify Free
- Plugin:
- ValidateCertify Free
- Plugin Slug:
- validar-certificados-de-cursos
- Installations
- 900+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48115
MapSVG – Vector maps, Image maps, Google Maps
- Plugin Slug:
- mapsvg-lite-interactive-vector-maps
- Installations
- 800+
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48120
BERTHA AI. Your AI co-pilot for WordPress and Chrome
- Plugin Slug:
- bertha-ai-free
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48138
Broadstreet
- Plugin:
- Broadstreet
- Plugin Slug:
- broadstreet
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48113
Dynamic Pricing & Discounts Lite for WooCommerce
- Plugin Slug:
- woo-dynamic-pricing-discounts-lite
- Installations
- 600+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48342
Push notification for Mobile and Web app
- Plugin Slug:
- push-notification-mobile-and-web-app
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48127
Wishlist
- Plugin:
- Wishlist
- Plugin Slug:
- wishlist
- Installations
- 500+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31062
Wishlist
- Plugin:
- Wishlist
- Plugin Slug:
- wishlist
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31063
Import Export For WooCommerce
- Plugin:
- Import Export For WooCommerce
- Plugin Slug:
- import-export-for-woocommerce
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48144
STAGGS – Product Configurator Toolkit
- Plugin Slug:
- staggs
- Installations
- 300+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47637
Embed and Integrate Etsy Shop
- Plugin:
- Embed and Integrate Etsy Shop
- Plugin Slug:
- embed-and-integrate-etsy-shop
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48346
SEO Flow by LupsOnline
- Plugin:
- SEO Flow by LupsOnline
- Plugin Slug:
- lupsonline-link-netwerk
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48146
X Addons for Elementor
- Plugin:
- X Addons for Elementor
- Plugin Slug:
- x-addons-elementor
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48132
Aptivada for WP
- Plugin:
- Aptivada for WP
- Plugin Slug:
- aptivada-for-wp
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48135
Dot html,php,xml etc pages
- Plugin:
- Dot html,php,xml etc pages
- Plugin Slug:
- dot-htmlphpxml-etc-pages
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48112
Facturante – Facturación Electrónica
- Plugin Slug:
- facturante
- Installations
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47599
Printcart Web to Print Product Designer for WooCommerce
- Plugin Slug:
- printcart-integration
- Installations
- 100+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47641
Printcart Web to Print Product Designer for WooCommerce
- Plugin Slug:
- printcart-integration
- Installations
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47640
WC Affiliate – A Complete WooCommerce Affiliate Plugin
- Plugin Slug:
- wc-affiliate
- Installations
- 100+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47660
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
- Plugin:
- WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
- Plugin Slug:
- wp2leads
- Installations
- 70+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32922
6Storage Rentals
- Plugin:
- 6Storage Rentals
- Plugin Slug:
- 6storage-rentals
- Installations
- 60+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47619
Interview
- Plugin:
- Interview
- Plugin Slug:
- interview
- Installations
- 40+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48137
BNS Twitter Follow Button
- Plugin:
- BNS Twitter Follow Button
- Plugin Slug:
- bns-twitter-follow-button
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47578
Real WP Shop Lite Ajax eCommerce Shopping Cart
- Plugin Slug:
- real-wp-shop-lite
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11140
360 Product Rotation
- Plugin:
- 360 Product Rotation
- Plugin Slug:
- 360-product-rotation
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13823
WP Ultimate Tours Builder
- Plugin:
- WP Ultimate Tours Builder
- Plugin Slug:
- WP_UltimateToursBuilder
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31921
Advance Post Prefix
- Plugin:
- Advance Post Prefix
- Plugin Slug:
- advance-post-prefix
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12735
Advance Post Prefix
- Plugin:
- Advance Post Prefix
- Plugin Slug:
- advance-post-prefix
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12734
Advanced Page Visit Counter
- Plugin:
- Advanced Page Visit Counter
- Plugin Slug:
- advanced-page-visit-counter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-5529
AffiliateImporterEb
- Plugin:
- AffiliateImporterEb
- Plugin Slug:
- affiliateimportereb
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12733
AffiliateImporterEb
- Plugin:
- AffiliateImporterEb
- Plugin Slug:
- affiliateimportereb
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12732
AlT Monitoring
- Plugin:
- AlT Monitoring
- Plugin Slug:
- alt-monitoring
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4194
Ads Pro Plugin
- Plugin:
- Ads Pro Plugin
- Plugin Slug:
- ap-plugin-scripteo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46464
Audio Comments
- Plugin:
- Audio Comments
- Plugin Slug:
- audio-comments
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4189
Radio Player Shoutcast & Icecast WordPress Plugin
- Plugin:
- Radio Player Shoutcast & Icecast WordPress Plugin
- Plugin Slug:
- audio4-html5
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32306
BabelZ
- Plugin:
- BabelZ
- Plugin Slug:
- babelz
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-8095
Backup Database
- Plugin:
- Backup Database
- Plugin Slug:
- backup-database
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-8702
Badgearoo
- Plugin:
- Badgearoo
- Plugin Slug:
- badgearoo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-1033
Badgearoo
- Plugin:
- Badgearoo
- Plugin Slug:
- badgearoo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13828
????SEO??(????/??/Bing/????)
- Plugin:
- ????SEO??(????/??/Bing/????)
- Plugin Slug:
- baiduseo
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-3917
Element Pack Pro
- Plugin:
- Element Pack Pro
- Plugin Slug:
- bdthemes-element-pack
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46257
Element Pack Pro
- Plugin:
- Element Pack Pro
- Plugin Slug:
- bdthemes-element-pack
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46258
BTEV
- Plugin:
- BTEV
- Plugin Slug:
- bluetrait-event-viewer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10677
Bon Toolkit
- Plugin:
- Bon Toolkit
- Plugin Slug:
- bon-toolkit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4589
WPCHURCH
- Plugin:
- WPCHURCH
- Plugin Slug:
- church-management
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32304
CountDown Pro WP Plugin
- Plugin:
- CountDown Pro WP Plugin
- Plugin Slug:
- circular_countdown
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32301
Clasify Classified Listing
- Plugin:
- Clasify Classified Listing
- Plugin Slug:
- clasify-classified-listing
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12725
Clicksold IDX
- Plugin:
- Clicksold IDX
- Plugin Slug:
- clicksold-wordpress-plugin
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-7769
ClipArt
- Plugin:
- ClipArt
- Plugin Slug:
- clipart
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12726
Competition Form
- Plugin:
- Competition Form
- Plugin Slug:
- competition-form
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12750
Countdown Timer
- Plugin:
- Countdown Timer
- Plugin Slug:
- countdown-timer-block
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10631
CSS3 Accordions for WordPress
- Plugin:
- CSS3 Accordions for WordPress
- Plugin Slug:
- css3_accordions
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31922
CSS3 Accordions for WordPress
- Plugin:
- CSS3 Accordions for WordPress
- Plugin Slug:
- css3_accordions
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31923
CSS3 Tooltips for WordPress
- Plugin:
- CSS3 Tooltips for WordPress
- Plugin Slug:
- css3_tooltips
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-32180
CSS3 Compare Pricing Tables for WordPress
- Plugin:
- CSS3 Compare Pricing Tables for WordPress
- Plugin Slug:
- css3_web_pricing_tables_grids
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47556
Custom Author Base
- Plugin:
- Custom Author Base
- Plugin Slug:
- custom-author-base
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-8050
Custom Field Manager
- Plugin:
- Custom Field Manager
- Plugin Slug:
- custom-field-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12873
DL Verification
- Plugin:
- DL Verification
- Plugin Slug:
- dl-verification
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6798
DL Yandex Metrika
- Plugin:
- DL Yandex Metrika
- Plugin Slug:
- dl-yandex-metrika
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6462
Dokan Pro
- Plugin:
- Dokan Pro
- Plugin Slug:
- dokan-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39497
S3Player – WooCommerce & Elementor Integration
- Plugin:
- S3Player – WooCommerce & Elementor Integration
- Plugin Slug:
- drm-protected-video-streaming
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-13865
EG-Series
- Plugin:
- EG-Series
- Plugin Slug:
- eg-series
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4126
Event Calendar
- Plugin:
- Event Calendar
- Plugin Slug:
- event-calendars
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-8701
Event Calendar
- Plugin:
- Event Calendar
- Plugin Slug:
- event-calendars
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-8700
EventON
- Plugin:
- EventON
- Plugin Slug:
- eventON
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47564
FAT Services Booking
- Plugin:
- FAT Services Booking
- Plugin Slug:
- fat-services-booking
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47693
File Manager Advanced Shortcode
- Plugin:
- File Manager Advanced Shortcode
- Plugin Slug:
- file-manager-advanced-shortcode
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13914
Front End Users
- Plugin:
- Front End Users
- Plugin Slug:
- front-end-only-users
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47580
Full Screen (Page) Background Image Slideshow
- Plugin:
- Full Screen (Page) Background Image Slideshow
- Plugin Slug:
- full-screen-page-background-image-slideshow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11221
Geocache Stat Bar Widget
- Plugin:
- Geocache Stat Bar Widget
- Plugin Slug:
- geocache-stat-bar-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11266
WPGYM
- Plugin:
- WPGYM
- Plugin Slug:
- gym-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32643
JavaScript Logic
- Plugin:
- JavaScript Logic
- Plugin Slug:
- javascript-logic
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-8090
JSP Store Locator
- Plugin:
- JSP Store Locator
- Plugin Slug:
- jsp-store-locator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12301
JSP Store Locator
- Plugin:
- JSP Store Locator
- Plugin Slug:
- jsp-store-locator
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11267
jwp-a11y
- Plugin:
- jwp-a11y
- Plugin Slug:
- jwp-a11y
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11190
Chameleon HTML5 Audio Player With/Without Playlist
- Plugin:
- Chameleon HTML5 Audio Player With/Without Playlist
- Plugin Slug:
- lbg-audio1-html5
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32307
Responsive HTML5 Audio Player PRO With Playlist
- Plugin:
- Responsive HTML5 Audio Player PRO With Playlist
- Plugin Slug:
- lbg-audio2-html5
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32287
Sticky HTML5 Music Player
- Plugin:
- Sticky HTML5 Music Player
- Plugin Slug:
- lbg-audio3-html5
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32290
Sticky Radio Player
- Plugin:
- Sticky Radio Player
- Plugin Slug:
- lbg-audio5-html5-shoutcast_sticky
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31926
Apollo
- Plugin:
- Apollo
- Plugin Slug:
- lbg-audio7_html5_full_width_sticky_pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32245
SHOUT
- Plugin:
- SHOUT
- Plugin Slug:
- lbg-audio8-html5-radio_ads
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31637
illi Link Party!
- Plugin:
- illi Link Party!
- Plugin Slug:
- link-party
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-7230
Connexion Logs
- Plugin:
- Connexion Logs
- Plugin Slug:
- logs-de-connexion
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11373
Connexion Logs
- Plugin:
- Connexion Logs
- Plugin Slug:
- logs-de-connexion
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11372
Magic Responsive Slider and Carousel WordPress
- Plugin:
- Magic Responsive Slider and Carousel WordPress
- Plugin Slug:
- magic-carousel
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31640
MapFig Studio
- Plugin:
- MapFig Studio
- Plugin Slug:
- mapfig-studio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-6712
MapSVG
- Plugin:
- MapSVG
- Plugin Slug:
- mapsvg
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47557
MapSVG
- Plugin:
- MapSVG
- Plugin Slug:
- mapsvg
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47560
MapSVG
- Plugin:
- MapSVG
- Plugin Slug:
- mapsvg
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47562
Multimedia Responsive Carousel with Image Video Audio Support
- Plugin:
- Multimedia Responsive Carousel with Image Video Audio Support
- Plugin Slug:
- multimedia-carousel
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31928
Nasa Core
- Plugin:
- Nasa Core
- Plugin Slug:
- nasa-core
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39507
Ninja Tables Pro
- Plugin:
- Ninja Tables Pro
- Plugin Slug:
- ninja-tables-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39534
Nokaut Offers Box
- Plugin:
- Nokaut Offers Box
- Plugin Slug:
- nokaut-offers-box
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10634
Nokaut Offers Box
- Plugin:
- Nokaut Offers Box
- Plugin Slug:
- nokaut-offers-box
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10632
Ntz Antispam
- Plugin:
- Ntz Antispam
- Plugin Slug:
- ntzantispam
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-8094
TNC FlipBook
- Plugin:
- TNC FlipBook
- Plugin Slug:
- pdf-viewer-for-wordpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39509
PeoplePond
- Plugin:
- PeoplePond
- Plugin Slug:
- peoplepond
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-8085
Pixel WordPress Form BuilderPlugin & Autoresponder
- Plugin:
- Pixel WordPress Form BuilderPlugin & Autoresponder
- Plugin Slug:
- pixel-formbuilder
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31915
Planning Center Online Giving
- Plugin:
- Planning Center Online Giving
- Plugin Slug:
- planning-center-online-giving
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11502
profilepro
- Plugin:
- profilepro
- Plugin Slug:
- profilepro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6668
Panorama – WordPress Project Management Plugin
- Plugin:
- Panorama – WordPress Project Management Plugin
- Plugin Slug:
- project-panorama-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11843
PVN Auth Popup
- Plugin:
- PVN Auth Popup
- Plugin Slug:
- pvn-auth-popup
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6718
PVN Auth Popup
- Plugin:
- PVN Auth Popup
- Plugin Slug:
- pvn-auth-popup
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6713
Simple Link Directory Pro
- Plugin:
- Simple Link Directory Pro
- Plugin Slug:
- qc-simple-link-directory
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-32296
QuickCal
- Plugin:
- QuickCal
- Plugin Slug:
- quickcal
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-32299
QuickCal
- Plugin:
- QuickCal
- Plugin Slug:
- quickcal
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32310
Rootspersona
- Plugin:
- Rootspersona
- Plugin Slug:
- rootspersona
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39368
Rootspersona
- Plugin:
- Rootspersona
- Plugin Slug:
- rootspersona
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48344
Sailthru Triggermail
- Plugin:
- Sailthru Triggermail
- Plugin Slug:
- sailthru-triggermail
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11141
Salon Booking Pro
- Plugin:
- Salon Booking Pro
- Plugin Slug:
- salon-booking-plugin-pro-cc
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-32295
Simple Nav Archives
- Plugin:
- Simple Nav Archives
- Plugin Slug:
- simple-nav-archives
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-8398
Smooth Gallery Replacement
- Plugin:
- Smooth Gallery Replacement
- Plugin Slug:
- smooth-gallery-replacement
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-8032
Spiritual Gifts Survey
- Plugin:
- Spiritual Gifts Survey
- Plugin Slug:
- spiritual-gifts-survey
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-0687
Spotlight – Social Media Feeds (Premium)
- Plugin:
- Spotlight – Social Media Feeds (Premium)
- Plugin Slug:
- spotlight-social-photo-feeds-premium
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39498
The Plus Addons for Elementor Pro
- Plugin:
- The Plus Addons for Elementor Pro
- Plugin Slug:
- theplus_elementor_addon
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46259
TwitterPosts
- Plugin:
- TwitterPosts
- Plugin Slug:
- twitter-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-7297
UberSlider
- Plugin:
- UberSlider
- Plugin Slug:
- uber-classic
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31641
Video Player & FullScreen Video Background
- Plugin:
- Video Player & FullScreen Video Background
- Plugin Slug:
- universal-video-player-and-bg
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47567
User Profile Meta Manager
- Plugin:
- User Profile Meta Manager
- Plugin Slug:
- user-profile-meta
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-48340
Weluka Lite
- Plugin:
- Weluka Lite
- Plugin Slug:
- weluka-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4591
WHMpress
- Plugin:
- WHMpress
- Plugin Slug:
- whmpress
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39491
WHMpress
- Plugin:
- WHMpress
- Plugin Slug:
- whmpress
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39492
Widgets Reset
- Plugin:
- Widgets Reset
- Plugin Slug:
- widgets-reset
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-8082
WolfNet IDX
- Plugin:
- WolfNet IDX
- Plugin Slug:
- wolfnet-idx-for-wordpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6783
CURCY
- Plugin:
- CURCY
- Plugin Slug:
- woocommerce-multi-currency
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47563
WOOEXIM
- Plugin:
- WOOEXIM
- Plugin Slug:
- wooexim
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-1288
WordPress Auto Spinner
- Plugin:
- WordPress Auto Spinner
- Plugin Slug:
- wp-auto-spinner
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-47534
WordPress????
- Plugin:
- WordPress????
- Plugin Slug:
- wp-connect
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12282
WP Content Security Plugin
- Plugin:
- WP Content Security Plugin
- Plugin Slug:
- wp-content-security-policy
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4579
WP DeskLite
- Plugin:
- WP DeskLite
- Plugin Slug:
- wp-desklite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-12724
WP JobHunt
- Plugin:
- WP JobHunt
- Plugin Slug:
- wp-jobhunt
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39537
Pinterest Automatic Pin
- Plugin:
- Pinterest Automatic Pin
- Plugin Slug:
- wp-pinterest-automatic
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39511
WP-PManager
- Plugin:
- WP-PManager
- Plugin Slug:
- wp-programmmanager
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-2248
WP-PManager
- Plugin:
- WP-PManager
- Plugin Slug:
- wp-programmmanager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-2247
WPBot Pro WordPress Chatbot
- Plugin:
- WPBot Pro WordPress Chatbot
- Plugin Slug:
- wpbot-pro
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47582
WordPress Events Calendar Registration & Tickets
- Plugin:
- WordPress Events Calendar Registration & Tickets
- Plugin Slug:
- wpeventplus
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47581
Jetpack – WP Security, Backup, Speed, & Growth
- Plugin Slug:
- jetpack
- Installations
- 4,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 13.8
- Severity Score:
- Medium
- CVE:
- 2024-10076
Jetpack – WP Security, Backup, Speed, & Growth
- Plugin Slug:
- jetpack
- Installations
- 4,000,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 13.8
- Severity Score:
- Medium
- CVE:
- 2024-10075
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
- Plugin Slug:
- all-in-one-seo-pack
- Installations
- 3,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.2
- Severity Score:
- Medium
- CVE:
- 2025-2892
Ninja Forms – The Contact Form Builder That Grows With You
- Plugin Slug:
- ninja-forms
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.1
- Severity Score:
- Medium
- CVE:
- 2025-2524
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.12.0
- Severity Score:
- Medium
- CVE:
- 2025-48246
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.6.4
- Severity Score:
- Medium
- CVE:
- 2024-8493
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.59.5
- Severity Score:
- Medium
- CVE:
- 2024-5878
Jetpack Boost – Website Speed, Performance and Critical CSS
- Plugin Slug:
- jetpack-boost
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.8
- Severity Score:
- Medium
- CVE:
- 2024-10076
Page Builder: Pagelayer – Drag and Drop website builder
- Plugin Slug:
- pagelayer
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.0
- Severity Score:
- Medium
- CVE:
- 2024-8618
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin
- Plugin:
- PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin
- Plugin Slug:
- pretty-link
- Installations
- 300,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.16
- Severity Score:
- Medium
- CVE:
- 2025-48247
Firelight Lightbox
- Plugin:
- Firelight Lightbox
- Plugin Slug:
- easy-fancybox
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.15
- Severity Score:
- Medium
- CVE:
- 2025-3597
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
- Plugin Slug:
- photo-gallery
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.29
- Severity Score:
- Medium
- CVE:
- 2024-8670
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.99
- Severity Score:
- Medium
- CVE:
- 2024-8284
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
- Plugin Slug:
- everest-forms
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.3.1
- Severity Score:
- Medium
- CVE:
- 2024-8542
Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu)
- Plugin Slug:
- mystickymenu
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.8
- Severity Score:
- Medium
- CVE:
- 2024-2643
Relevanssi – A Better Search
- Plugin:
- Relevanssi – A Better Search
- Plugin Slug:
- relevanssi
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.24.5
- Severity Score:
- High
- CVE:
- 2025-4396
Responsive Lightbox & Gallery
- Plugin:
- Responsive Lightbox & Gallery
- Plugin Slug:
- responsive-lightbox
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.1
- Severity Score:
- Medium
- CVE:
- 2025-3742
Simple Lightbox
- Plugin:
- Simple Lightbox
- Plugin Slug:
- simple-lightbox
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.4
- Severity Score:
- Medium
- CVE:
- 2025-3516
Tracking Code Manager
- Plugin:
- Tracking Code Manager
- Plugin Slug:
- tracking-code-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
- 2024-6335
Social Media Share Buttons & Social Sharing Icons
- Plugin Slug:
- ultimate-social-media-icons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.1
- Severity Score:
- Medium
- CVE:
- 2024-10362
Hustle – Email Marketing, Lead Generation, Optins, Popups
- Plugin Slug:
- wordpress-popup
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.8.5
- Severity Score:
- Medium
- CVE:
- 2024-8492
Jupiter X Core
- Plugin:
- Jupiter X Core
- Plugin Slug:
- jupiterx-core
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.1
- Severity Score:
- Medium
- CVE:
- 2025-3888
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.7.5.1
- Severity Score:
- Medium
- CVE:
- 2024-13128
Nested Pages
- Plugin:
- Nested Pages
- Plugin Slug:
- wp-nested-pages
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.9
- Severity Score:
- Medium
- CVE:
- 2024-8759
Ajax Search Lite – Live Search & Filter
- Plugin Slug:
- ajax-search-lite
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.12.3
- Severity Score:
- Medium
- CVE:
- 2024-8619
ImageMagick Engine
- Plugin:
- ImageMagick Engine
- Plugin Slug:
- imagemagick-engine
- Installations
- 70,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.7.11
- Severity Score:
- Critical
- CVE:
- 2024-6486
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.9.1
- Severity Score:
- Medium
- CVE:
- 2025-48244
Qi Blocks
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.3
- Severity Score:
- Medium
- CVE:
- 2025-4610
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
- Plugin Slug:
- ays-popup-box
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.8
- Severity Score:
- Medium
- CVE:
- 2024-9599
WP Booking Calendar
- Plugin:
- WP Booking Calendar
- Plugin Slug:
- booking
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 10.11.2
- Severity Score:
- Medium
- CVE:
- 2025-4669
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
- Plugin Slug:
- profile-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.12.2
- Severity Score:
- Medium
- CVE:
- 2024-6708
Ultimate Blocks – WordPress Blocks Plugin
- Plugin Slug:
- ultimate-blocks
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.1
- Severity Score:
- Medium
- CVE:
- 2025-48234
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
- Plugin Slug:
- uncanny-automator
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.5.0
- Severity Score:
- Medium
- CVE:
- 2025-4520
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
- Plugin Slug:
- uncanny-automator
- Installations
- 50,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 6.4.0.2
- Severity Score:
- High
- CVE:
- 2025-3623
Visual Composer Website Builder
- Plugin:
- Visual Composer Website Builder
- Plugin Slug:
- visualcomposer
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 45.12.0
- Severity Score:
- Medium
- CVE:
- 2025-48276
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 40,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.1.93
- Severity Score:
- Medium
- CVE:
- 2025-3769
MapPress Maps for WordPress
- Plugin:
- MapPress Maps for WordPress
- Plugin Slug:
- mappress-google-maps-for-wordpress
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.93
- Severity Score:
- Medium
- CVE:
- 2024-8620
Photo Gallery, Images, Slider in Rbs Image Gallery
- Plugin Slug:
- robo-gallery
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.24
- Severity Score:
- Medium
- CVE:
- 2024-13384
Photo Gallery, Images, Slider in Rbs Image Gallery
- Plugin Slug:
- robo-gallery
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.22
- Severity Score:
- Medium
- CVE:
- 2024-10144
Hubbub Lite – Fast, Reliable Social Sharing Buttons
- Plugin Slug:
- social-pug
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.34.4
- Severity Score:
- Medium
- CVE:
- 2024-10145
LightPress Lightbox
- Plugin:
- LightPress Lightbox
- Plugin Slug:
- wp-jquery-lightbox
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.4
- Severity Score:
- Medium
- CVE:
- 2025-3649
Advanced Cron Manager – debug & control
- Plugin Slug:
- advanced-cron-manager
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.7
- Severity Score:
- Medium
- CVE:
- 2024-4004
Cost Calculator Builder
- Plugin:
- Cost Calculator Builder
- Plugin Slug:
- cost-calculator-builder
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- CVE:
- 2025-48277
FunnelKit – Funnel Builder for WooCommerce Checkout
- Plugin Slug:
- funnel-builder
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.10.2
- Severity Score:
- High
- CVE:
- 2025-2203
Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
- Plugin Slug:
- gs-logo-slider
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.7.1
- Severity Score:
- Medium
- CVE:
- 2024-9233
Social Slider Feed
- Plugin:
- Social Slider Feed
- Plugin Slug:
- instagram-slider-widget
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.9
- Severity Score:
- Medium
- CVE:
- 2024-10149
Uncanny Toolkit for LearnDash
- Plugin:
- Uncanny Toolkit for LearnDash
- Plugin Slug:
- uncanny-learndash-toolkit
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.0.3
- Severity Score:
- Medium
- CVE:
- 2025-48080
WP Google Review Slider
- Plugin:
- WP Google Review Slider
- Plugin Slug:
- wp-google-places-review-slider
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 15.6
- Severity Score:
- Medium
- CVE:
- 2024-11109
Maspik – Ultimate Spam Protection
- Plugin Slug:
- contact-forms-anti-spam
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
- 2024-9182
Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms
- Plugin Slug:
- happyforms
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.26.3
- Severity Score:
- Medium
- CVE:
- 2024-10054
Contact Form builder with drag & drop for WordPress – Kali Forms
- Plugin Slug:
- kali-forms
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.3
- Severity Score:
- Medium
- CVE:
- 2025-3201
Smart Post Show – Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More
- Plugin Slug:
- post-carousel
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.28
- Severity Score:
- Medium
- CVE:
- 2024-3996
PWA for WP – Progressive Web Apps Made Simple
- Plugin Slug:
- pwa-for-wp
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.72
- Severity Score:
- Medium
- CVE:
- 2024-7759
Quiz Maker
- Plugin:
- Quiz Maker
- Plugin Slug:
- quiz-maker
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.9.9
- Severity Score:
- Medium
- CVE:
- 2024-8617
Simple Job Board
- Plugin:
- Simple Job Board
- Plugin Slug:
- simple-job-board
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.12.6
- Severity Score:
- Medium
- CVE:
- 2024-7762
Simple Job Board
- Plugin:
- Simple Job Board
- Plugin Slug:
- simple-job-board
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.12.2
- Severity Score:
- Medium
- CVE:
- 2024-7761
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
- Plugin Slug:
- aweber-web-form-widget
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.3.21
- Severity Score:
- Medium
- CVE:
- 2024-13313
bunny.net – WordPress CDN Plugin
- Plugin:
- bunny.net – WordPress CDN Plugin
- Plugin Slug:
- bunnycdn
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.1
- Severity Score:
- High
- CVE:
- 2025-48236
Cost of Goods: Product Cost & Profit Calculator for WooCommerce
- Plugin Slug:
- cost-of-goods-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.1
- Severity Score:
- Medium
- CVE:
- 2025-48240
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.0.2.1
- Severity Score:
- Medium
- CVE:
- 2024-9390
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory
- Plugin Slug:
- ean-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.7
- Severity Score:
- Medium
- CVE:
- 2025-48249
The GDPR Framework By Data443
- Plugin:
- The GDPR Framework By Data443
- Plugin Slug:
- gdpr-framework
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2024-13621
Prisna GWT – Google Website Translator
- Plugin Slug:
- google-website-translator
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.14
- Severity Score:
- Medium
- CVE:
- 2024-12679
Responsive Contact Form Builder & Lead Generation Plugin
- Plugin Slug:
- lead-form-builder
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.8
- Severity Score:
- Medium
- CVE:
- 2024-10475
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
- Plugin Slug:
- legal-pages
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.6
- Severity Score:
- Medium
- CVE:
- 2025-48242
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes
- Plugin Slug:
- lifterlms
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.0.1
- Severity Score:
- High
- CVE:
- 2024-13619
MB Custom Post Types & Custom Taxonomies
- Plugin Slug:
- mb-custom-post-type
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.7
- Severity Score:
- Medium
- CVE:
- 2024-10143
Mobile Contact Bar
- Plugin:
- Mobile Contact Bar
- Plugin Slug:
- mobile-contact-bar
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.5
- Severity Score:
- Medium
- CVE:
- 2024-12739
Sensei LMS – Online Courses, Quizzes, & Learning
- Plugin Slug:
- sensei-lms
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.20.0
- Severity Score:
- Medium
- CVE:
- 2024-8009
Simple Basic Contact Form
- Plugin:
- Simple Basic Contact Form
- Plugin Slug:
- simple-basic-contact-form
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 20250114
- Severity Score:
- Medium
- CVE:
- 2024-12716
Team – Team Members Showcase Plugin
- Plugin Slug:
- tlp-team
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.2
- Severity Score:
- Medium
- CVE:
- 2024-9236
UiPress lite | Effortless custom dashboards, admin themes and pages
- Plugin Slug:
- uipress-lite
- Installations
- 10,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 3.5.08
- Severity Score:
- High
- CVE:
- 2025-3053
Japanized for WooCommerce
- Plugin:
- Japanized for WooCommerce
- Plugin Slug:
- woocommerce-for-japan
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.41
- Severity Score:
- Medium
- CVE:
- 2025-48284
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin:
- AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin Slug:
- automatorwp
- Installations
- 9,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.2.2
- Severity Score:
- High
- CVE:
- 2025-48280
VikBooking Hotel Booking Engine & PMS
- Plugin Slug:
- vikbooking
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.2
- Severity Score:
- Medium
- CVE:
- 2024-13616
CM Tooltip Glossary
- Plugin:
- CM Tooltip Glossary
- Plugin Slug:
- enhanced-tooltipglossary
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.4
- Severity Score:
- Medium
- CVE:
- 2024-5026
If-So Dynamic Content Personalization
- Plugin Slug:
- if-so
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.0.3
- Severity Score:
- Medium
- CVE:
- 2024-5440
Travelpayouts: All Travel Brands in One Place
- Plugin Slug:
- travelpayouts
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.13
- Severity Score:
- Medium
- CVE:
- 2023-5934
Travelpayouts: All Travel Brands in One Place
- Plugin Slug:
- travelpayouts
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.14
- Severity Score:
- High
- CVE:
- 2023-5932
Easiest Funnel Builder For WordPress & WooCommerce, Specialized For Digital Creators – WPFunnels
- Plugin:
- Easiest Funnel Builder For WordPress & WooCommerce, Specialized For Digital Creators – WPFunnels
- Plugin Slug:
- wpfunnels
- Installations
- 8,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.5.19
- Severity Score:
- Critical
- CVE:
- 2025-47530
AI ChatBot for WordPress – WPBot
- Plugin:
- AI ChatBot for WordPress – WPBot
- Plugin Slug:
- chatbot
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.2.4
- Severity Score:
- Medium
- CVE:
- 2025-0329
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
- Plugin:
- WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
- Plugin Slug:
- erp
- Installations
- 7,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.13.4
- Severity Score:
- Medium
- CVE:
- 2024-12812
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
- Plugin:
- WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
- Plugin Slug:
- erp
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.13.4
- Severity Score:
- Medium
- CVE:
- 2024-12808
HD Quiz
- Plugin:
- HD Quiz
- Plugin Slug:
- hd-quiz
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.0
- Severity Score:
- Medium
- CVE:
- 2024-13383
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.9.5.2
- Severity Score:
- Medium
- CVE:
- 2025-48079
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.9.5.1
- Severity Score:
- High
- CVE:
- 2025-47478
Wise Chat
- Plugin:
- Wise Chat
- Plugin Slug:
- wise-chat
- Installations
- 7,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.3.4
- Severity Score:
- High
- CVE:
- 2024-13613
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.3.3
- Severity Score:
- Medium
- CVE:
- 2025-48272
Back Button Widget
- Plugin:
- Back Button Widget
- Plugin Slug:
- back-button-widget
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.0
- Severity Score:
- Medium
- CVE:
- 2025-48252
Easy Property Listings
- Plugin:
- Easy Property Listings
- Plugin Slug:
- easy-property-listings
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.4
- Severity Score:
- Medium
- CVE:
- 2024-2869
EventON – Events Calendar
- Plugin:
- EventON – Events Calendar
- Plugin Slug:
- eventon-lite
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.5
- Severity Score:
- Medium
- CVE:
- 2025-48116
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- CVE:
- 2024-4665
Arconix Shortcodes
- Plugin:
- Arconix Shortcodes
- Plugin Slug:
- arconix-shortcodes
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.17
- Severity Score:
- High
- CVE:
- 2025-47673
MultiVendorX – WooCommerce Multivendor Marketplace Solutions
- Plugin Slug:
- dc-woocommerce-multi-vendor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.23
- Severity Score:
- Medium
- CVE:
- 2025-48263
ElementInvader Addons for Elementor
- Plugin Slug:
- elementinvader-addons-for-elementor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.6
- Severity Score:
- Medium
- CVE:
- 2025-48288
Podlove Podcast Publisher
- Plugin:
- Podlove Podcast Publisher
- Plugin Slug:
- podlove-podcasting-plugin-for-wordpress
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.1
- Severity Score:
- Medium
- CVE:
- 2024-13730
Podlove Podcast Publisher
- Plugin:
- Podlove Podcast Publisher
- Plugin Slug:
- podlove-podcasting-plugin-for-wordpress
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.24
- Severity Score:
- Medium
- CVE:
- 2024-13729
Responsive Gallery Grid
- Plugin:
- Responsive Gallery Grid
- Plugin Slug:
- responsive-gallery-grid
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.15
- Severity Score:
- Medium
- CVE:
- 2024-4091
SMS Alert Order Notifications – WooCommerce
- Plugin Slug:
- sms-alert
- Installations
- 5,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.8.2
- Severity Score:
- High
- CVE:
- 2025-3876
SMS Alert Order Notifications – WooCommerce
- Plugin Slug:
- sms-alert
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.2
- Severity Score:
- Medium
- CVE:
- 2025-3878
Melapress File Monitor
- Plugin:
- Melapress File Monitor
- Plugin Slug:
- website-file-changes-monitor
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.1.1
- Severity Score:
- High
- CVE:
- 2024-9879
Melapress File Monitor
- Plugin:
- Melapress File Monitor
- Plugin Slug:
- website-file-changes-monitor
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.1.0
- Severity Score:
- High
- CVE:
- 2024-10009
WPAdverts – Classifieds Plugin
- Plugin:
- WPAdverts – Classifieds Plugin
- Plugin Slug:
- wpadverts
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.4
- Severity Score:
- Medium
- CVE:
- 2025-48269
Import Social Events
- Plugin:
- Import Social Events
- Plugin Slug:
- import-facebook-events
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.6
- Severity Score:
- Medium
- CVE:
- 2025-48256
Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
- Plugin Slug:
- salon-booking-system
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 10.9.4
- Severity Score:
- Medium
- CVE:
- 2024-9882
Stylish Price List – Price Table Builder & QR Code Restaurant Menu
- Plugin Slug:
- stylish-price-list
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.8
- Severity Score:
- Medium
- CVE:
- 2024-7758
Ultimate Noindex Nofollow Tool II
- Plugin Slug:
- ultimate-noindex-nofollow-tool-ii
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.6
- Severity Score:
- Medium
- CVE:
- 2024-1663
Auto Affiliate Links
- Plugin:
- Auto Affiliate Links
- Plugin Slug:
- wp-auto-affiliate-links
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.4.7
- Severity Score:
- High
- CVE:
- 2024-9838
Free Shipping Bar: Amount Left for Free Shipping for WooCommerce
- Plugin Slug:
- amount-left-free-shipping-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2025-48253
ApplyOnline – Application Form Builder and Manager
- Plugin Slug:
- apply-online
- Installations
- 3,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6.3
- Severity Score:
- Medium
- CVE:
- 2024-10098
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin
- Plugin Slug:
- majestic-support
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2025-48282
Newsletters
- Plugin:
- Newsletters
- Plugin Slug:
- newsletters-lite
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.9.9.9
- Severity Score:
- High
- CVE:
- 2025-3107
User Activity Tracking and Log
- Plugin:
- User Activity Tracking and Log
- Plugin Slug:
- user-activity-tracking-and-log
- Installations
- 3,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 4.1.4
- Severity Score:
- Medium
- CVE:
- 2024-0970
Wishlist for WooCommerce: Multi Wishlists Per Customer
- Plugin Slug:
- wish-list-for-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.3
- Severity Score:
- Medium
- CVE:
- 2025-48237
Additional Custom Emails & Recipients for WooCommerce
- Plugin Slug:
- custom-emails-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.2
- Severity Score:
- Medium
- CVE:
- 2025-48251
Active Products Tables for WooCommerce. Use constructor to create tables
- Plugin Slug:
- profit-products-tables-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.6.9
- Severity Score:
- Medium
- CVE:
- 2025-48266
SKT Blocks – Gutenberg based Page Builder
- Plugin Slug:
- skt-blocks
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3
- Severity Score:
- Medium
- CVE:
- 2025-48270
Coupons & Add to Cart by URL Links for WooCommerce
- Plugin Slug:
- url-coupons-for-woocommerce-by-algoritmika
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.8
- Severity Score:
- Medium
- CVE:
- 2025-48250
Change Add to Cart Button Text for WooCommerce
- Plugin Slug:
- add-to-cart-button-labels-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.3
- Severity Score:
- Medium
- CVE:
- 2025-48254
Auto Prune Posts
- Plugin:
- Auto Prune Posts
- Plugin Slug:
- auto-prune-posts
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.0
- Severity Score:
- Medium
- CVE:
- 2024-10639
Falang multilanguage for WordPress
- Plugin Slug:
- falang
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.62
- Severity Score:
- Medium
- CVE:
- 2025-48285
WordPress Mega Menu Block
- Plugin:
- WordPress Mega Menu Block
- Plugin Slug:
- getwid-megamenu
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
- 2025-48258
GDPR CCPA Compliance & Cookie Consent Banner
- Plugin Slug:
- ninja-gdpr-compliance
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.4
- Severity Score:
- Medium
- CVE:
- 2025-48260
Product Code for WooCommerce
- Plugin:
- Product Code for WooCommerce
- Plugin Slug:
- product-code-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.1
- Severity Score:
- Medium
- CVE:
- 2025-48264
Product Notes Tab & Private Admin Notes for WooCommerce
- Plugin Slug:
- product-notes-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- CVE:
- 2025-48239
Tainacan
- Plugin:
- Tainacan
- Plugin Slug:
- tainacan
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 0.21.15
- Severity Score:
- High
- CVE:
- 2025-47512
Year Make Model Search for WooCommerce
- Plugin Slug:
- ymm-search
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.12
- Severity Score:
- Medium
- CVE:
- 2025-48265
Taskbuilder – WordPress Project & Task Management plugin
- Plugin Slug:
- taskbuilder
- Installations
- 900+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.0.9
- Severity Score:
- High
- CVE:
- 2024-9831
Polls CP
Frontend Dashboard
- Plugin:
- Frontend Dashboard
- Plugin Slug:
- frontend-dashboard
- Installations
- 700+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.2.8
- Severity Score:
- High
- CVE:
- 2025-4474
Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack.
- Plugin Slug:
- recaptcha-for-all
- Installations
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.27
- Severity Score:
- Medium
- CVE:
- 2025-48243
Secure Downloads
- Plugin:
- Secure Downloads
- Plugin Slug:
- secure-downloads
- Installations
- 700+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2024-8031
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP
- Plugin Slug:
- videowhisper-live-streaming-integration
- Installations
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.2.5
- Severity Score:
- Medium
- CVE:
- 2025-48255
Drag and Drop File Upload for Elementor Forms
- Plugin Slug:
- drag-and-drop-file-upload-for-elementor-forms
- Installations
- 600+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.5.0
- Severity Score:
- High
- CVE:
- 2025-47492
Sitewide Discount for WooCommerce: Apply Discount to All Products
- Plugin Slug:
- global-shop-discount-for-woocommerce
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2025-48248
Sharespine Woocommerce Connector
- Plugin:
- Sharespine Woocommerce Connector
- Plugin Slug:
- sharespine-woocommerce-connector
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.8.56
- Severity Score:
- Medium
- CVE:
- 2025-48128
Xpro Addons For Beaver Builder – Lite
- Plugin Slug:
- xpro-addons-beaver-builder-elementor
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.6
- Severity Score:
- Medium
- CVE:
- 2025-48232
Affiliates Manager Google reCAPTCHA Integration
- Plugin Slug:
- affiliates-manager-google-recaptcha-integration
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.7
- Severity Score:
- High
- CVE:
- 2025-48233
GamiPress – Reset User
- Plugin:
- GamiPress – Reset User
- Plugin Slug:
- gamipress-reset-user
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.1
- Severity Score:
- Medium
- CVE:
- 2024-8245
Plugin Oficial – Getnet para WooCommerce
- Plugin Slug:
- wc-checkout-getnet
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.1
- Severity Score:
- High
- CVE:
- 2025-1303
Plugin Oficial – Getnet para WooCommerce
- Plugin Slug:
- wc-checkout-getnet
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.1
- Severity Score:
- Medium
- CVE:
- 2025-1289
WP Mapa Politico España
- Plugin:
- WP Mapa Politico España
- Plugin Slug:
- wp-mapa-politico-spain
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.1
- Severity Score:
- Medium
- CVE:
- 2025-48259
CYAN Backup
- Plugin:
- CYAN Backup
- Plugin Slug:
- cyan-backup
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
- 2024-9662
Url Rewrite Analyzer
- Plugin:
- Url Rewrite Analyzer
- Plugin Slug:
- url-rewrite-analyzer
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.4
- Severity Score:
- Medium
- CVE:
- 2025-48262
Bot for Telegram on WooCommerce
- Plugin:
- Bot for Telegram on WooCommerce
- Plugin Slug:
- bot-for-telegram-on-woocommerce
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2025-48268
Posts per Cat
- Plugin:
- Posts per Cat
- Plugin Slug:
- posts-per-cat
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.0
- Severity Score:
- Medium
- CVE:
- 2025-4169
Projectopia – WordPress Project Management
- Plugin Slug:
- projectopia-core
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.18
- Severity Score:
- Medium
- CVE:
- 2025-48257
RSVPMaker
- Plugin:
- RSVPMaker
- Plugin Slug:
- rsvpmaker
- Installations
- 300+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 11.5.7
- Severity Score:
- High
- CVE:
- 2025-48278
Subaccounts for WooCommerce
- Plugin:
- Subaccounts for WooCommerce
- Plugin Slug:
- subaccounts-for-woocommerce
- Installations
- 300+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.6.7
- Severity Score:
- High
- CVE:
- 2025-47461
Wholesale Market
- Plugin:
- Wholesale Market
- Plugin Slug:
- wholesale-market
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2022-4363
AWcode Toolkit
- Plugin:
- AWcode Toolkit
- Plugin Slug:
- awcode-toolkit
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.19
- Severity Score:
- High
- CVE:
- 2025-48238
B2i Investor Tools
- Plugin:
- B2i Investor Tools
- Plugin Slug:
- b2i-investor-tools
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.8
- Severity Score:
- High
- CVE:
- 2025-47458
Push Notification for Post and BuddyPress
- Plugin Slug:
- push-notification-for-post-and-buddypress
- Installations
- 200+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.94
- Severity Score:
- Critical
- CVE:
- 2024-6159
WP Image Mask
- Plugin:
- WP Image Mask
- Plugin Slug:
- wp-image-mask
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2025-48235
CTT Expresso para WooCommerce
- Plugin:
- CTT Expresso para WooCommerce
- Plugin Slug:
- ctt-expresso-para-woocommerce
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.13
- Severity Score:
- Medium
- CVE:
- 2024-6478
Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking
- Plugin Slug:
- easync-booking
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.15
- Severity Score:
- Medium
- CVE:
- 2024-9450
LogDash Activity Log
- Plugin:
- LogDash Activity Log
- Plugin Slug:
- logdash-activity-log
- Installations
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.4
- Severity Score:
- Critical
- CVE:
- 2023-6030
Payment Gateway for Telcell
- Plugin:
- Payment Gateway for Telcell
- Plugin Slug:
- payment-gateway-for-telcell
- Installations
- 100+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 2.0.4
- Severity Score:
- Medium
- CVE:
- 2023-6786
Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin
- Plugin Slug:
- experto-cta-widget
- Installations
- 90+
- Vulnerability:
- Settings Change
- Patched in Version:
- 1.2.1
- Severity Score:
- Medium
- CVE:
- 2025-47529
JSFiddle Shortcode
- Plugin:
- JSFiddle Shortcode
- Plugin Slug:
- jsfiddle-shortcode
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2024-10818
TicketBAI Facturas para WooCommerce
- Plugin Slug:
- wp-ticketbai
- Installations
- 80+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.19
- Severity Score:
- High
- CVE:
- 2025-4564
Z-Downloads
- Plugin:
- Z-Downloads
- Plugin Slug:
- z-downloads
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.11.6
- Severity Score:
- High
- CVE:
- 2024-8703
Z-Downloads
- Plugin:
- Z-Downloads
- Plugin Slug:
- z-downloads
- Installations
- 70+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.11.5
- Severity Score:
- Critical
- CVE:
- 2024-8699
Z-Downloads
- Plugin:
- Z-Downloads
- Plugin Slug:
- z-downloads
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.11.7
- Severity Score:
- Medium
- CVE:
- 2024-8673
Tours
- Plugin:
- Tours
- Plugin Slug:
- tours
- Installations
- 20+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.1
- Severity Score:
- Medium
- CVE:
- 2024-51666
EKC Tournament Manager
- Plugin:
- EKC Tournament Manager
- Plugin Slug:
- ekc-tournament-manager
- Installations
- 10+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2024-9765
EKC Tournament Manager
- Plugin:
- EKC Tournament Manager
- Plugin Slug:
- ekc-tournament-manager
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2024-9709
KBucket: Your Curated Content in WordPress
- Plugin Slug:
- kbucket
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.5
- Severity Score:
- High
- CVE:
- 2024-6667
KBucket: Your Curated Content in WordPress
- Plugin Slug:
- kbucket
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.6
- Severity Score:
- Medium
- CVE:
- 2024-6665
Offload Videos – Bunny.net, AWS S3
- Plugin Slug:
- offload-videos-bunny-netaws-s3
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.1
- Severity Score:
- Medium
- CVE:
- 2024-6719
Simple Video Directory
- Plugin:
- Simple Video Directory
- Plugin Slug:
- simple-media-directory
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.4.3
- Severity Score:
- Critical
- CVE:
- 2024-6809
File Manager Advanced Shortcode PRO
- Plugin:
- File Manager Advanced Shortcode PRO
- Plugin Slug:
- advanced-file-manager-pro-premium
- Vulnerability:
- Content Injection
- Patched in Version:
- 2.6.0
- Severity Score:
- Medium
- CVE:
- 2024-13914
ARForms Form Builder
- Plugin:
- ARForms Form Builder
- Plugin Slug:
- arforms-form-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.1
- Severity Score:
- High
- CVE:
- 2024-10504
Buddyboss Platform
- Plugin:
- Buddyboss Platform
- Plugin Slug:
- buddyboss-platform
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.7.60
- Severity Score:
- Medium
- CVE:
- 2024-12767
Crawlomatic Multisite Scraper Post Generator
- Plugin:
- Crawlomatic Multisite Scraper Post Generator
- Plugin Slug:
- crawlomatic-multipage-scraper-post-generator
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.6.8.2
- Severity Score:
- Critical
- CVE:
- 2025-4389
EventON
- Plugin:
- EventON
- Plugin Slug:
- eventON
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.7
- Severity Score:
- Medium
- CVE:
- 2025-3527
Jetpack Debug Tools
- Plugin:
- Jetpack Debug Tools
- Plugin Slug:
- jetpack-debug-helper
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.1
- Severity Score:
- Medium
- CVE:
- 2024-56006
Ninja Forms Webhooks
- Plugin:
- Ninja Forms Webhooks
- Plugin Slug:
- ninja-forms-webhooks
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.0.8
- Severity Score:
- Medium
- CVE:
- 2024-13940
Opal Woo Custom Product Variation
- Plugin:
- Opal Woo Custom Product Variation
- Plugin Slug:
- opal-woo-custom-product-variation
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.2.1
- Severity Score:
- High
- CVE:
- 2025-47535
PeepSo Core: File Uploads
- Plugin:
- PeepSo Core: File Uploads
- Plugin Slug:
- peepso-files
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 6.4.6.1
- Severity Score:
- Medium
- CVE:
- 2024-8988
Relevanssi Premium
- Plugin:
- Relevanssi Premium
- Plugin Slug:
- relevanssi-premium
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.27.5
- Severity Score:
- High
- CVE:
- 2025-4396
Echo RSS Feed Post Generator Plugin for WordPress
- Plugin:
- Echo RSS Feed Post Generator Plugin for WordPress
- Plugin Slug:
- rss-feed-post-generator-echo
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 5.4.8.2
- Severity Score:
- Critical
- CVE:
- 2025-4391
tarteaucitron.js for WordPress
- Plugin:
- tarteaucitron.js for WordPress
- Plugin Slug:
- tarteaucitron-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.3.0
- Severity Score:
- High
- CVE:
- 2024-11719
tarteaucitron.js for WordPress
- Plugin:
- tarteaucitron.js for WordPress
- Plugin Slug:
- tarteaucitron-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.3.0
- Severity Score:
- Medium
- CVE:
- 2024-11718
Rankie
- Plugin:
- Rankie
- Plugin Slug:
- valvepress-rankie
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.2
- Severity Score:
- Medium
- CVE:
- 2025-39493
WP Content Copy Protection & No Right Click (premium)
- Plugin:
- WP Content Copy Protection & No Right Click (premium)
- Plugin Slug:
- wccp-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 15.3
- Severity Score:
- Medium
- CVE:
- 2024-6693
WP Content Copy Protection & No Right Click (premium)
- Plugin:
- WP Content Copy Protection & No Right Click (premium)
- Plugin Slug:
- wccp-pro
- Vulnerability:
- Open Redirection
- Patched in Version:
- 15.3
- Severity Score:
- Medium
- CVE:
- 2024-6690
GDPR Cookie Consent
- Plugin:
- GDPR Cookie Consent
- Plugin Slug:
- webtoffee-gdpr-cookie-consent
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.1
- Severity Score:
- High
- CVE:
- 2024-8397
GDPR Cookie Consent
- Plugin:
- GDPR Cookie Consent
- Plugin Slug:
- webtoffee-gdpr-cookie-consent
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.1
- Severity Score:
- Medium
- CVE:
- 2024-8286
WPBot Pro WordPress Chatbot
- Plugin:
- WPBot Pro WordPress Chatbot
- Plugin Slug:
- wpbot-pro
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 13.7.0
- Severity Score:
- High
- CVE:
- 2025-3812
WordPress Themes — 3 Patched / 15 Unpatched
Acerola
- Theme:
- Acerola
- Theme Slug:
- acerola
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31066
AnyWhere Elementor Pro
- Theme:
- AnyWhere Elementor Pro
- Theme Slug:
- anywhere-elementor-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31046
Bimber – Viral Magazine WordPress Theme
- Theme:
- Bimber – Viral Magazine WordPress Theme
- Theme Slug:
- bimber
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47576
Bloggie
- Theme:
- Bloggie
- Theme Slug:
- bloggie
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31054
CouponXL
- Theme:
- CouponXL
- Theme Slug:
- couponxl
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39489
Dash
- Theme:
- Dash
- Theme Slug:
- dash
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31049
HotStar – Multi-Purpose Business Theme
- Theme:
- HotStar – Multi-Purpose Business Theme
- Theme Slug:
- hotstar
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31069
HotStar – Multi-Purpose Business Theme
- Theme:
- HotStar – Multi-Purpose Business Theme
- Theme Slug:
- hotstar
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31071
Jarvis – Night Club, Concert, Festival WordPress
- Theme:
- Jarvis – Night Club, Concert, Festival WordPress
- Theme Slug:
- jarvis
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32292
The Business
- Theme:
- The Business
- Theme Slug:
- nrgbusiness
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31430
The Business
- Theme:
- The Business
- Theme Slug:
- nrgbusiness
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31630
Plant – Gardening & Houseplants WordPress Theme
- Theme:
- Plant – Gardening & Houseplants WordPress Theme
- Theme Slug:
- plant
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31051
Rozario
- Theme:
- Rozario
- Theme Slug:
- rozario
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31065
Seven Stars
- Theme:
- Seven Stars
- Theme Slug:
- sevenstars
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31068
Spare
- Theme:
- Spare
- Theme Slug:
- spare
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-31639
Motors
- Theme:
- Motors
- Theme Slug:
- motors
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 5.6.68
- Severity Score:
- Critical
- CVE:
- 2025-4322
TheGem
- Theme:
- TheGem
- Theme Slug:
- thegem
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.10.3.1
- Severity Score:
- Medium
- CVE:
- 2025-4339
TheGem
- Theme:
- TheGem
- Theme Slug:
- thegem
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 5.10.3.1
- Severity Score:
- High
- CVE:
- 2025-4317
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
