In this report, 180 vulnerabilities have been publicly disclosed. Security patches for 88 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 92 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.1 has been released! This maintenance release includes fixes for 15 bugs throughout Core and the Block Editor, addressing issues affecting multiple areas of WordPress, including the block editor, multisite, and REST API. For a full list, refer to the release candidate announcement.
Plus, WordCamp Europe 2025 lands in Basel, Switzerland, June 5-7! Connect with WordPress enthusiasts, developers, and pros for three days of learning, networking, and collaboration with the global community.
WordPress Plugins — 74 Patched / 60 Unpatched
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48341
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
- Plugin Slug:
- wp-event-manager
- Installations
- 30,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48125
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)
- Plugin Slug:
- miniorange-login-openid
- Installations
- 20,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47670
Essential Real Estate
- Plugin:
- Essential Real Estate
- Plugin Slug:
- essential-real-estate
- Installations
- 9,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48126
Simplelightbox
- Plugin:
- Simplelightbox
- Plugin Slug:
- simplelightbox
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5878
User Meta – User Profile Builder and User management plugin
- Plugin Slug:
- user-meta
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47611
StyleAI
- Plugin:
- StyleAI
- Plugin Slug:
- relentlosoftware
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48139
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light
- Plugin Slug:
- excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
- Installations
- 600+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-48123
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light
- Plugin Slug:
- excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
- Installations
- 600+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-48129
Dynamic Pricing & Discounts Lite for WooCommerce
- Plugin Slug:
- woo-dynamic-pricing-discounts-lite
- Installations
- 600+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48342
CryptoCloud – Crypto Payment Gateway
- Plugin Slug:
- cryptocloud-crypto-payment-gateway
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48147
MetalpriceAPI
- Plugin:
- MetalpriceAPI
- Plugin Slug:
- metalpriceapi
- Installations
- 400+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-48140
Embed and Integrate Etsy Shop
- Plugin:
- Embed and Integrate Etsy Shop
- Plugin Slug:
- embed-and-integrate-etsy-shop
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48346
miniOrange Discord Integration
- Plugin:
- miniOrange Discord Integration
- Plugin Slug:
- miniorange-discord-integration
- Installations
- 100+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47672
Splitit
Binary MLM Plan
- Plugin:
- Binary MLM Plan
- Plugin Slug:
- binary-mlm-plan
- Installations
- 60+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47671
4stats
- Plugin:
- 4stats
- Plugin Slug:
- 4stats
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3869
WhatsCart – Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce
- Plugin:
- WhatsCart – Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce
- Plugin Slug:
- WhatsCart-for-WooCommerce
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31056
Animated Buttons
- Plugin:
- Animated Buttons
- Plugin Slug:
- animated-buttons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4221
Ads Pro Plugin
- Plugin:
- Ads Pro Plugin
- Plugin Slug:
- ap-plugin-scripteo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46444
Blog Designer PRO for WordPress
- Plugin:
- Blog Designer PRO for WordPress
- Plugin Slug:
- blog-designer-pro
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47696
WPCHURCH
- Plugin:
- WPCHURCH
- Plugin Slug:
- church-management
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31642
DPEPress
- Plugin:
- DPEPress
- Plugin Slug:
- dpepress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4219
DZS Video Gallery
- Plugin:
- DZS Video Gallery
- Plugin Slug:
- dzs-videogallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32300
DZS Video Gallery
- Plugin:
- DZS Video Gallery
- Plugin Slug:
- dzs-videogallery
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47553
DZS Video Gallery
- Plugin:
- DZS Video Gallery
- Plugin Slug:
- dzs-videogallery
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47552
ZoomSounds
- Plugin:
- ZoomSounds
- Plugin Slug:
- dzs-zoomsounds
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47568
Formulario de contacto SalesUp!
- Plugin:
- Formulario de contacto SalesUp!
- Plugin Slug:
- formularios-de-contacto-salesup
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48143
Goodlayers Hostel
- Plugin:
- Goodlayers Hostel
- Plugin Slug:
- gdlr-hostel
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39501
Goodlayers Hostel
- Plugin:
- Goodlayers Hostel
- Plugin Slug:
- gdlr-hostel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39502
Goodlayers Hostel
- Plugin:
- Goodlayers Hostel
- Plugin Slug:
- gdlr-hostel
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39500
Goodlayers Hotel
- Plugin:
- Goodlayers Hotel
- Plugin Slug:
- gdlr-hotel
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39504
Goodlayers Hotel
- Plugin:
- Goodlayers Hotel
- Plugin Slug:
- gdlr-hotel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39505
Goodlayers Hotel
- Plugin:
- Goodlayers Hotel
- Plugin Slug:
- gdlr-hotel
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39503
Hospital Management System
- Plugin:
- Hospital Management System
- Plugin Slug:
- hospital-management
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47631
Hospital Management System
- Plugin:
- Hospital Management System
- Plugin Slug:
- hospital-management
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-47663
JobHunt Job Alerts
- Plugin:
- JobHunt Job Alerts
- Plugin Slug:
- jobhunt-notifications
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39536
JP Students Result Management System Premium
- Plugin:
- JP Students Result Management System Premium
- Plugin Slug:
- jp-students-result-system-premium
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31916
KBx Pro Ultimate
- Plugin:
- KBx Pro Ultimate
- Plugin Slug:
- knowledgebase-helpdesk-pro
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31053
MapSVG
- Plugin:
- MapSVG
- Plugin Slug:
- mapsvg
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47558
MapSVG
- Plugin:
- MapSVG
- Plugin Slug:
- mapsvg
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9544
Nasa Core
- Plugin:
- Nasa Core
- Plugin Slug:
- nasa-core
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39506
Posts Extended
- Plugin:
- Posts Extended
- Plugin Slug:
- network-posts-extended
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-3750
Pixel WordPress Form BuilderPlugin & Autoresponder
- Plugin:
- Pixel WordPress Form BuilderPlugin & Autoresponder
- Plugin Slug:
- pixel-formbuilder
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31914
Raisely Donation Form
- Plugin:
- Raisely Donation Form
- Plugin Slug:
- raisely-donation-form
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-3781
Rootspersona
- Plugin:
- Rootspersona
- Plugin Slug:
- rootspersona
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39368
Rootspersona
- Plugin:
- Rootspersona
- Plugin Slug:
- rootspersona
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48344
School Management
- Plugin:
- School Management
- Plugin Slug:
- school-management
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47575
School Management
- Plugin:
- School Management
- Plugin Slug:
- school-management
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-47613
Bus Ticket Booking with Seat Reservation for WooCommerce
- Plugin:
- Bus Ticket Booking with Seat Reservation for WooCommerce
- Plugin Slug:
- scw-bus-seat-reservation
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31397
Simple Business Directory Pro
- Plugin:
- Simple Business Directory Pro
- Plugin Slug:
- simple-business-directory-pro
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31918
Smart Forms
- Plugin:
- Smart Forms
- Plugin Slug:
- smart-forms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5055
eMagicOne Store Manager
- Plugin:
- eMagicOne Store Manager
- Plugin Slug:
- store-manager-connector
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4603
eMagicOne Store Manager
- Plugin:
- eMagicOne Store Manager
- Plugin Slug:
- store-manager-connector
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4602
eMagicOne Store Manager
- Plugin:
- eMagicOne Store Manager
- Plugin Slug:
- store-manager-connector
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-4336
User Profile Meta Manager
- Plugin:
- User Profile Meta Manager
- Plugin Slug:
- user-profile-meta
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-48340
Affiliate Sales in Google Analytics and other tools
- Plugin:
- Affiliate Sales in Google Analytics and other tools
- Plugin Slug:
- wecantrack
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-12561
WP Post Modules for Elementor
- Plugin:
- WP Post Modules for Elementor
- Plugin Slug:
- wp-post-modules-el
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31636
WP YouTube Video Optimizer
- Plugin:
- WP YouTube Video Optimizer
- Plugin Slug:
- wp-youtube-video-optimizer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4217
Glossary by WPPedia
- Plugin:
- Glossary by WPPedia
- Plugin Slug:
- wppedia
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4803
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations
- 8,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.3.4
- Severity Score:
- High
- CVE:
- 2025-5062
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
- Plugin Slug:
- all-in-one-seo-pack
- Installations
- 3,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.2
- Severity Score:
- Medium
- CVE:
- 2025-2892
Ninja Forms – The Contact Form Builder That Grows With You
- Plugin Slug:
- ninja-forms
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.1
- Severity Score:
- Medium
- CVE:
- 2025-2524
TablePress – Tables in WordPress made easy
- Plugin Slug:
- tablepress
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2025-5096
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.12.0
- Severity Score:
- Medium
- CVE:
- 2025-48246
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.59.5
- Severity Score:
- Medium
- CVE:
- 2024-5878
Page Builder: Pagelayer – Drag and Drop website builder
- Plugin Slug:
- pagelayer
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.1
- Severity Score:
- High
- CVE:
- 2025-4223
Page Builder: Pagelayer – Drag and Drop website builder
- Plugin Slug:
- pagelayer
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.1
- Severity Score:
- Medium
- CVE:
- 2024-13427
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin
- Plugin:
- PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin
- Plugin Slug:
- pretty-link
- Installations
- 300,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.16
- Severity Score:
- Medium
- CVE:
- 2025-48247
Essential Blocks – AI-Powered Page Builder Gutenberg Blocks, Patterns & Templates
- Plugin Slug:
- essential-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.1
- Severity Score:
- Medium
- CVE:
- 2025-4682
Solid Mail – SMTP email and logging made by SolidWP
- Plugin Slug:
- wp-smtp
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.6
- Severity Score:
- High
- CVE:
- 2025-1123
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.9.2
- Severity Score:
- Medium
- CVE:
- 2025-4783
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.9.1
- Severity Score:
- Medium
- CVE:
- 2025-48244
Qi Blocks
Blog2Social: Social Media Auto Post & Scheduler
- Plugin Slug:
- blog2social
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.4.0
- Severity Score:
- Medium
- CVE:
- 2025-4133
Slim SEO – Fast & Automated WordPress SEO Plugin
- Plugin Slug:
- slim-seo
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.4
- Severity Score:
- Medium
- CVE:
- 2025-4611
Ultimate Blocks – WordPress Blocks Plugin
- Plugin Slug:
- ultimate-blocks
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.1
- Severity Score:
- Medium
- CVE:
- 2025-48234
Visual Composer Website Builder
- Plugin:
- Visual Composer Website Builder
- Plugin Slug:
- visualcomposer
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 45.12.0
- Severity Score:
- Medium
- CVE:
- 2025-48276
Cost Calculator Builder
- Plugin:
- Cost Calculator Builder
- Plugin Slug:
- cost-calculator-builder
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- CVE:
- 2025-48277
bunny.net – WordPress CDN Plugin
- Plugin:
- bunny.net – WordPress CDN Plugin
- Plugin Slug:
- bunnycdn
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.1
- Severity Score:
- High
- CVE:
- 2025-48236
Cost of Goods: Product Cost & Profit Calculator for WooCommerce
- Plugin Slug:
- cost-of-goods-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.1
- Severity Score:
- Medium
- CVE:
- 2025-48240
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory
- Plugin Slug:
- ean-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.7
- Severity Score:
- Medium
- CVE:
- 2025-48249
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
- Plugin Slug:
- legal-pages
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.6
- Severity Score:
- Medium
- CVE:
- 2025-48242
Japanized for WooCommerce
- Plugin:
- Japanized for WooCommerce
- Plugin Slug:
- woocommerce-for-japan
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.41
- Severity Score:
- Medium
- CVE:
- 2025-48284
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin:
- AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin Slug:
- automatorwp
- Installations
- 9,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.2.2
- Severity Score:
- High
- CVE:
- 2025-48280
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 7,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.3.3
- Severity Score:
- High
- CVE:
- 2025-48273
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.3.3
- Severity Score:
- Medium
- CVE:
- 2025-48272
Back Button Widget
- Plugin:
- Back Button Widget
- Plugin Slug:
- back-button-widget
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.0
- Severity Score:
- Medium
- CVE:
- 2025-48252
Leadinfo
- Plugin:
- Leadinfo
- Plugin Slug:
- leadinfo
- Installations
- 6,000+
- Vulnerability:
- Settings Change
- Patched in Version:
- 2.1
- Severity Score:
- Medium
- CVE:
- 2025-48271
ElementInvader Addons for Elementor
- Plugin Slug:
- elementinvader-addons-for-elementor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.6
- Severity Score:
- Medium
- CVE:
- 2025-48288
WPAdverts – Classifieds Plugin
- Plugin:
- WPAdverts – Classifieds Plugin
- Plugin Slug:
- wpadverts
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.4
- Severity Score:
- Medium
- CVE:
- 2025-48269
MultiVendorX – WooCommerce Multivendor Marketplace Solutions
- Plugin Slug:
- dc-woocommerce-multi-vendor
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.23
- Severity Score:
- Medium
- CVE:
- 2025-48263
Import Social Events
- Plugin:
- Import Social Events
- Plugin Slug:
- import-facebook-events
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.6
- Severity Score:
- Medium
- CVE:
- 2025-48256
MStore API – Create Native Android & iOS Apps On The Cloud
- Plugin Slug:
- mstore-api
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.17.6
- Severity Score:
- Medium
- CVE:
- 2025-4683
Free Shipping Bar: Amount Left for Free Shipping for WooCommerce
- Plugin Slug:
- amount-left-free-shipping-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2025-48253
Hot Random Image
- Plugin:
- Hot Random Image
- Plugin Slug:
- hot-random-image
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.3
- Severity Score:
- Medium
- CVE:
- 2025-4405
Hot Random Image
- Plugin:
- Hot Random Image
- Plugin Slug:
- hot-random-image
- Installations
- 3,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 1.9.3
- Severity Score:
- Medium
- CVE:
- 2025-4419
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin
- Plugin Slug:
- majestic-support
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.1
- Severity Score:
- Critical
- CVE:
- 2025-48283
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin
- Plugin Slug:
- majestic-support
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2025-48282
Wishlist for WooCommerce: Multi Wishlists Per Customer
- Plugin Slug:
- wish-list-for-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.3
- Severity Score:
- Medium
- CVE:
- 2025-48237
Additional Custom Emails & Recipients for WooCommerce
- Plugin Slug:
- custom-emails-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.2
- Severity Score:
- Medium
- CVE:
- 2025-48251
Active Products Tables for WooCommerce. Use constructor to create tables
- Plugin Slug:
- profit-products-tables-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.6.9
- Severity Score:
- Medium
- CVE:
- 2025-48266
SKT Blocks – Gutenberg based Page Builder
- Plugin Slug:
- skt-blocks
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3
- Severity Score:
- Medium
- CVE:
- 2025-48270
Coupons & Add to Cart by URL Links for WooCommerce
- Plugin Slug:
- url-coupons-for-woocommerce-by-algoritmika
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.8
- Severity Score:
- Medium
- CVE:
- 2025-48250
Change Add to Cart Button Text for WooCommerce
- Plugin Slug:
- add-to-cart-button-labels-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.3
- Severity Score:
- Medium
- CVE:
- 2025-48254
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
- Plugin Slug:
- booking-and-rental-manager-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.9
- Severity Score:
- Medium
- CVE:
- 2025-47585
Falang multilanguage for WordPress
- Plugin Slug:
- falang
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.62
- Severity Score:
- Medium
- CVE:
- 2025-48285
WordPress Mega Menu Block
- Plugin:
- WordPress Mega Menu Block
- Plugin Slug:
- getwid-megamenu
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
- 2025-48258
GDPR CCPA Compliance & Cookie Consent Banner
- Plugin Slug:
- ninja-gdpr-compliance
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.4
- Severity Score:
- Medium
- CVE:
- 2025-48260
Product Code for WooCommerce
- Plugin:
- Product Code for WooCommerce
- Plugin Slug:
- product-code-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.1
- Severity Score:
- Medium
- CVE:
- 2025-48264
Product Notes Tab & Private Admin Notes for WooCommerce
- Plugin Slug:
- product-notes-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- CVE:
- 2025-48239
WP Smart Import : Import any XML File to WordPress
- Plugin Slug:
- wp-smart-import
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.1.4
- Severity Score:
- High
- CVE:
- 2025-47453
Year Make Model Search for WooCommerce
- Plugin Slug:
- ymm-search
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.12
- Severity Score:
- Medium
- CVE:
- 2025-48265
ReDi Restaurant Reservation – Instant Availability & Confirmation
- Plugin Slug:
- redi-restaurant-reservation
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 25.0513
- Severity Score:
- High
- CVE:
- 2025-48286
Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack.
- Plugin Slug:
- recaptcha-for-all
- Installations
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.27
- Severity Score:
- Medium
- CVE:
- 2025-48243
Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP
- Plugin Slug:
- videowhisper-live-streaming-integration
- Installations
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.2.5
- Severity Score:
- Medium
- CVE:
- 2025-48255
Sitewide Discount for WooCommerce: Apply Discount to All Products
- Plugin Slug:
- global-shop-discount-for-woocommerce
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2025-48248
Xpro Addons For Beaver Builder – Lite
- Plugin Slug:
- xpro-addons-beaver-builder-elementor
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.6
- Severity Score:
- Medium
- CVE:
- 2025-48232
Affiliates Manager Google reCAPTCHA Integration
- Plugin Slug:
- affiliates-manager-google-recaptcha-integration
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.7
- Severity Score:
- High
- CVE:
- 2025-48233
Visual Header
- Plugin:
- Visual Header
- Plugin Slug:
- visual-header
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5
- Severity Score:
- Medium
- CVE:
- 2025-48275
WP Mapa Politico España
- Plugin:
- WP Mapa Politico España
- Plugin Slug:
- wp-mapa-politico-spain
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.1
- Severity Score:
- Medium
- CVE:
- 2025-48259
Url Rewrite Analyzer
- Plugin:
- Url Rewrite Analyzer
- Plugin Slug:
- url-rewrite-analyzer
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.4
- Severity Score:
- Medium
- CVE:
- 2025-48262
Bot for Telegram on WooCommerce
- Plugin:
- Bot for Telegram on WooCommerce
- Plugin Slug:
- bot-for-telegram-on-woocommerce
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2025-48268
Projectopia – WordPress Project Management
- Plugin Slug:
- projectopia-core
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.18
- Severity Score:
- Medium
- CVE:
- 2025-48257
RSVPMaker
- Plugin:
- RSVPMaker
- Plugin Slug:
- rsvpmaker
- Installations
- 300+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 11.5.7
- Severity Score:
- High
- CVE:
- 2025-48278
AWcode Toolkit
- Plugin:
- AWcode Toolkit
- Plugin Slug:
- awcode-toolkit
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.19
- Severity Score:
- High
- CVE:
- 2025-48238
WP Image Mask
- Plugin:
- WP Image Mask
- Plugin Slug:
- wp-image-mask
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2025-48235
Infocob CRM Forms
- Plugin:
- Infocob CRM Forms
- Plugin Slug:
- infocob-crm-forms
- Installations
- 100+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.4.1
- Severity Score:
- Medium
- CVE:
- 2025-47513
Pix 4x sem juros – Pagaleve
- Plugin:
- Pix 4x sem juros – Pagaleve
- Plugin Slug:
- wc-pagaleve
- Installations
- 100+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.6.10
- Severity Score:
- Critical
- CVE:
- 2025-48287
Property – Real Estate Directory Listing
- Plugin Slug:
- property
- Installations
- 30+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.0.7
- Severity Score:
- High
- CVE:
- 2025-5117
Advanced Database Cleaner PRO
- Plugin:
- Advanced Database Cleaner PRO
- Plugin Slug:
- advanced-database-cleaner-pro
- Vulnerability:
- Path Traversal
- Patched in Version:
- 3.2.11
- Severity Score:
- Medium
- CVE:
- 2025-46256
Digits
- Plugin:
- Digits
- Plugin Slug:
- digits
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 8.4.6.1
- Severity Score:
- Critical
- CVE:
- 2025-4094
Order Delivery Date for WP e-Commerce
- Plugin:
- Order Delivery Date for WP e-Commerce
- Plugin Slug:
- order-delivery-date
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.4.0
- Severity Score:
- High
- CVE:
- 2025-2929
Tourmaster
- Plugin:
- Tourmaster
- Plugin Slug:
- tourmaster
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.3.9
- Severity Score:
- High
- CVE:
- 2025-48292
WordPress Themes — 14 Patched / 32 Unpatched
Acerola
- Theme:
- Acerola
- Theme Slug:
- acerola
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31927
Avantage
- Theme:
- Avantage
- Theme Slug:
- avantage
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39495
Backpack Traveler
- Theme:
- Backpack Traveler
- Theme Slug:
- backpacktraveler
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-39490
Bloggie
- Theme:
- Bloggie
- Theme Slug:
- bloggie
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31054
Butcher
- Theme:
- Butcher
- Theme Slug:
- butcher
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32285
Butcher
- Theme:
- Butcher
- Theme Slug:
- butcher
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32286
Capie
- Theme:
- Capie
- Theme Slug:
- capie
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31060
Car Dealer
- Theme:
- Car Dealer
- Theme Slug:
- cardealer
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39480
CouponXL
- Theme:
- CouponXL
- Theme Slug:
- couponxl
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39489
Crafts & Arts
- Theme:
- Crafts & Arts
- Theme Slug:
- crafts-and-arts
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31924
Dash
- Theme:
- Dash
- Theme Slug:
- dash
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31049
Entrada
- Theme:
- Entrada
- Theme Slug:
- entrada
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39484
Enzio – Responsive Business WordPress Theme
- Theme:
- Enzio – Responsive Business WordPress Theme
- Theme Slug:
- enzio
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31912
Finance Consultant
- Theme:
- Finance Consultant
- Theme Slug:
- finance
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32293
Fish House
- Theme:
- Fish House
- Theme Slug:
- fish-house
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31631
Grand Tour | Travel Agency WordPress
- Theme:
- Grand Tour | Travel Agency WordPress
- Theme Slug:
- grandtour
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39485
Healsoul
- Theme:
- Healsoul
- Theme Slug:
- healsoul
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32309
HotStar – Multi-Purpose Business Theme
- Theme:
- HotStar – Multi-Purpose Business Theme
- Theme Slug:
- hotstar
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31069
Insurance
- Theme:
- Insurance
- Theme Slug:
- insurance
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31634
Jarvis – Night Club, Concert, Festival WordPress
- Theme:
- Jarvis – Night Club, Concert, Festival WordPress
- Theme Slug:
- jarvis
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-32292
Kiamo – Responsive Business Service WordPress Theme
- Theme:
- Kiamo – Responsive Business Service WordPress Theme
- Theme Slug:
- kiamo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31633
La Boom
- Theme:
- La Boom
- Theme Slug:
- laboom
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31632
Medicare
- Theme:
- Medicare
- Theme Slug:
- medicare
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-39499
The Business
- Theme:
- The Business
- Theme Slug:
- nrgbusiness
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31430
Ogami
- Theme:
- Ogami
- Theme Slug:
- ogami
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31913
Oxpitan
- Theme:
- Oxpitan
- Theme Slug:
- oxpitan
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32294
Pet World
- Theme:
- Pet World
- Theme Slug:
- petsworld
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32284
Photography
- Theme:
- Photography
- Theme Slug:
- photography
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
Umberto
- Theme:
- Umberto
- Theme Slug:
- umberto
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-31423
Vizeon – Business Consulting
- Theme:
- Vizeon – Business Consulting
- Theme Slug:
- vizeon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31064
Winnex
- Theme:
- Winnex
- Theme Slug:
- winnex
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32302
Yozi
- Theme:
- Yozi
- Theme Slug:
- yozi
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32289
Ashley
- Theme:
- Ashley
- Theme Slug:
- ashley
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.8.0
- Severity Score:
- High
- CVE:
- 2025-48290
Builty
- Theme:
- Builty
- Theme Slug:
- builty
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.5.0
- Severity Score:
- High
- CVE:
- 2025-48290
ITSulu
- Theme:
- ITSulu
- Theme Slug:
- itsulu
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.5.0
- Severity Score:
- High
- CVE:
- 2025-48290
Kaffen
- Theme:
- Kaffen
- Theme Slug:
- kaffen
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.2.6
- Severity Score:
- High
- CVE:
- 2025-48290
Kids Planet
- Theme:
- Kids Planet
- Theme Slug:
- kidsplanet
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.2.14.1
- Severity Score:
- Critical
- CVE:
- 2025-48289
Kinsley
- Theme:
- Kinsley
- Theme Slug:
- kinsley
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.4.5
- Severity Score:
- High
- CVE:
- 2025-48290
Larson
- Theme:
- Larson
- Theme Slug:
- larson
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.6.0
- Severity Score:
- High
- CVE:
- 2025-48290
Luique
- Theme:
- Luique
- Theme Slug:
- luique
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2025-48290
Madara
- Theme:
- Madara
- Theme Slug:
- madara
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.2.2.1
- Severity Score:
- High
- CVE:
- 2025-4524
Motors
- Theme:
- Motors
- Theme Slug:
- motors
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 5.6.68
- Severity Score:
- Critical
- CVE:
- 2025-4322
Ober
- Theme:
- Ober
- Theme Slug:
- ober
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.4
- Severity Score:
- High
- CVE:
- 2025-48290
Ruizarch
- Theme:
- Ruizarch
- Theme Slug:
- ruizarch
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.2.0
- Severity Score:
- High
- CVE:
- 2025-48290
Samantha
- Theme:
- Samantha
- Theme Slug:
- samantha
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.2.0
- Severity Score:
- High
- CVE:
- 2025-48290
Wilmër
- Theme:
- Wilmër
- Theme Slug:
- wilmer
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.4.2
- Severity Score:
- High
- CVE:
- 2025-39494
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
