In this report, 88 vulnerabilities have been publicly disclosed. Security patches for 46 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 42 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.1 has been released! This maintenance release includes fixes for 15 bugs throughout Core and the Block Editor, addressing issues affecting multiple areas of WordPress, including the block editor, multisite, and REST API. For a full list, refer to the release candidate announcement.
Plus, WordCamp Europe 2025 lands in Basel, Switzerland, June 5-7! Connect with WordPress enthusiasts, developers, and pros for three days of learning, networking, and collaboration with the global community.
WordPress Plugins — 40 Patched / 42 Unpatched
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder
- Plugin Slug:
- wps-team
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-3521
Section Widget
- Plugin:
- Section Widget
- Plugin Slug:
- section-widget
- Installations
- 600+
- Vulnerability:
- Path Traversal
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46441
Section Widget
- Plugin:
- Section Widget
- Plugin Slug:
- section-widget
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46537
Crossword Compiler Puzzles
- Plugin:
- Crossword Compiler Puzzles
- Plugin Slug:
- crossword-compiler-puzzles
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46493
A/B Testing, Popups, Website Personalization, Email Popup, Exit Intent Pop Up, Upsell Pop Up – Personizely
- Plugin Slug:
- personizely
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-3779
Total processing card payments for WooCommerce
- Plugin Slug:
- totalprocessing-card-payments
- Installations
- 200+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46486
Abundatrade
- Plugin:
- Abundatrade
- Plugin Slug:
- abundatrade-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4199
Advanced Reorder Image Text Slider
- Plugin:
- Advanced Reorder Image Text Slider
- Plugin Slug:
- advanced-reorder-image-text-slider
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4188
AHAthat
- Plugin:
- AHAthat
- Plugin Slug:
- ahathat
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4337
Alink Tap
- Plugin:
- Alink Tap
- Plugin Slug:
- alink-tap
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4198
Buddyboss Platform
- Plugin:
- Buddyboss Platform
- Plugin Slug:
- buddyboss-platform
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-13858
Category Widget
- Plugin:
- Category Widget
- Plugin Slug:
- category-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46515
Custom PC Builder Lite for WooCommerce
- Plugin:
- Custom PC Builder Lite for WooCommerce
- Plugin Slug:
- custom-pc-builder-lite-for-woocommerce
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-43838
Database Toolset
- Plugin:
- Database Toolset
- Plugin Slug:
- database-toolset
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4222
EC Authorize.net
- Plugin:
- EC Authorize.net
- Plugin Slug:
- ec-authorizenet
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46487
External image replace
- Plugin:
- External image replace
- Plugin Slug:
- external-image-replace
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-4279
Flynax Bridge
- Plugin:
- Flynax Bridge
- Plugin Slug:
- flynax-bridge
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4177
GmapsMania
- Plugin:
- GmapsMania
- Plugin Slug:
- gmapsmania
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4131
IGIT Related Posts With Thumb Image After Posts
- Plugin:
- IGIT Related Posts With Thumb Image After Posts
- Plugin Slug:
- igit-related-posts-with-thumb-images-after-posts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46518
Job Listings
- Plugin:
- Job Listings
- Plugin Slug:
- job-listings
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-3918
KiwiChat NextClient
- Plugin:
- KiwiChat NextClient
- Plugin Slug:
- kiwichat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-3670
kStats Reloaded
- Plugin:
- kStats Reloaded
- Plugin Slug:
- kstats-reloaded
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46440
LayoutBoxx
- Plugin:
- LayoutBoxx
- Plugin Slug:
- layoutboxx
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-2802
Web3Press
- Plugin:
- Web3Press
- Plugin Slug:
- likecoin
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-46527
Custom Login and Registration
- Plugin:
- Custom Login and Registration
- Plugin Slug:
- ms-registration
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-39363
Nautic Pages
- Plugin:
- Nautic Pages
- Plugin Slug:
- nautic-pages
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4100
occupancyplan
- Plugin:
- occupancyplan
- Plugin Slug:
- occupancyplan
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46458
OTP-less one tap Sign in
- Plugin:
- OTP-less one tap Sign in
- Plugin Slug:
- otpless
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-3746
Remote Images Grabber
- Plugin:
- Remote Images Grabber
- Plugin Slug:
- remote-images-grabber
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-43832
Separator Shortcode and Widget
- Plugin:
- Separator Shortcode and Widget
- Plugin Slug:
- separator-shortcode-and-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32117
Reales WP STPT
- Plugin:
- Reales WP STPT
- Plugin Slug:
- short-tax-post
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-3609
Reales WP STPT
- Plugin:
- Reales WP STPT
- Plugin Slug:
- short-tax-post
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-3610
Subpage List
- Plugin:
- Subpage List
- Plugin Slug:
- subpage-view
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4168
Syndicate Out
- Plugin:
- Syndicate Out
- Plugin Slug:
- syndicate-out
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-43836
Theme Blvd Sliders
- Plugin:
- Theme Blvd Sliders
- Plugin Slug:
- theme-blvd-sliders
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46456
Total Donations
- Plugin:
- Total Donations
- Plugin Slug:
- total-donations
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-43837
VerticalResponse Newsletter Widget
- Plugin:
- VerticalResponse Newsletter Widget
- Plugin Slug:
- vertical-response-newsletter-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4172
Visual Builder
- Plugin:
- Visual Builder
- Plugin Slug:
- visual-builder
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46488
Widgets as Shortcodes
- Plugin:
- Widgets as Shortcodes
- Plugin Slug:
- widgets-as-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-32117
Meta Keywords & Description
- Plugin:
- Meta Keywords & Description
- Plugin Slug:
- wp-meta-keywords-meta-description
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-46454
Xavin’s Review Ratings
- Plugin:
- Xavin’s Review Ratings
- Plugin Slug:
- xavins-review-ratings
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-4170
Yame
- Plugin:
- Yame
- Plugin Slug:
- yame-linkinbio
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-2880
WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin
- Plugin Slug:
- wp-statistics
- Installations
- 600,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 14.13.4
- Severity Score:
- Medium
- CVE:
- 2025-3953
Newsletter – Send awesome emails from WordPress
- Plugin Slug:
- newsletter
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.7.1
- Severity Score:
- Medium
- CVE:
- 2025-3583
SureForms – Drag and Drop Form Builder for WordPress
- Plugin Slug:
- sureforms
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2025-3513
SureForms – Drag and Drop Form Builder for WordPress
- Plugin Slug:
- sureforms
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2025-3471
Admin and Site Enhancements (ASE)
- Plugin Slug:
- admin-site-enhancements
- Installations
- 100,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 7.6.10
- Severity Score:
- Medium
- CVE:
- 2024-13688
Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel
- Plugin Slug:
- depicter
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.6.2
- Severity Score:
- Critical
- CVE:
- 2025-2011
OttoKit: All-in-One Automation Platform (Formerly SureTriggers)
- Plugin Slug:
- suretriggers
- Installations
- 100,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.0.83
- Severity Score:
- Critical
- CVE:
- 2025-27007
User Registration & Membership – Custom Registration Form, Login Form, and User Profile
- Plugin Slug:
- user-registration
- Installations
- 70,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 4.2.2
- Severity Score:
- Medium
- CVE:
- 2025-3281
WP Maps – Display Google Maps Perfectly with Ease
- Plugin Slug:
- wp-google-map-plugin
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.2
- Severity Score:
- Medium
- CVE:
- 2025-3502
Calculated Fields Form
- Plugin:
- Calculated Fields Form
- Plugin Slug:
- calculated-fields-form
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.62
- Severity Score:
- Medium
- CVE:
- 2024-12273
Seraphinite Accelerator
- Plugin:
- Seraphinite Accelerator
- Plugin Slug:
- seraphinite-accelerator
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.27.22
- Severity Score:
- Medium
WordPress Tag, Category, and Taxonomy Manager – AI Autotagger
- Plugin Slug:
- simple-tags
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.30.0
- Severity Score:
- Medium
- CVE:
- 2025-0627
FULL – Cliente
- Plugin:
- FULL – Cliente
- Plugin Slug:
- full-customer
- Installations
- 40,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.1.26
- Severity Score:
- High
- CVE:
- 2024-12023
SecuPress Free — WordPress Security
- Plugin Slug:
- secupress
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.10
- Severity Score:
- Medium
- CVE:
- 2025-3452
Gutenverse – Ultimate Block Addons and Page Builder for Site Editor
- Plugin Slug:
- gutenverse
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.0
- Severity Score:
- Medium
- CVE:
- 2025-2893
Page View Count
- Plugin:
- Page View Count
- Plugin Slug:
- page-views-count
- Installations
- 20,000+
- Vulnerability:
- Settings Change
- Patched in Version:
- 2.8.5
- Severity Score:
- High
- CVE:
- 2025-2816
WordPress Simple Shopping Cart
- Plugin:
- WordPress Simple Shopping Cart
- Plugin Slug:
- wordpress-simple-paypal-shopping-cart
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.4
- Severity Score:
- Medium
- CVE:
- 2025-3890
WordPress Simple Shopping Cart
- Plugin:
- WordPress Simple Shopping Cart
- Plugin Slug:
- wordpress-simple-paypal-shopping-cart
- Installations
- 10,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.1.4
- Severity Score:
- Medium
- CVE:
- 2025-3874
MStore API – Create Native Android & iOS Apps On The Cloud
- Plugin Slug:
- mstore-api
- Installations
- 4,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 4.17.5
- Severity Score:
- Medium
- CVE:
- 2025-3438
WP-Recall – Registration, Profile, Commerce & More
- Plugin Slug:
- wp-recall
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 16.26.12
- Severity Score:
- Medium
- CVE:
- 2024-9771
Product Category Slider for WooCommerce
- Plugin Slug:
- woo-category-slider-by-pluginever
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.3.5
- Severity Score:
- High
- CVE:
- 2025-39364
Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
- Plugin:
- Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
- Plugin Slug:
- ultimate-store-kit
- Installations
- 900+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.5.0
- Severity Score:
- Medium
- CVE:
- 2025-2168
AM LottiePlayer
- Plugin:
- AM LottiePlayer
- Plugin Slug:
- am-lottieplayer
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.4
- Severity Score:
- Medium
- CVE:
- 2025-1529
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
- Plugin Slug:
- surveyjs
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.12.33
- Severity Score:
- Medium
- CVE:
- 2025-3815
Projectopia – WordPress Project Management
- Plugin Slug:
- projectopia-core
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.17
- Severity Score:
- High
- CVE:
- 2025-3952
BP Messages Tool
- Plugin:
- BP Messages Tool
- Plugin Slug:
- bp-messages-tool
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5
- Severity Score:
- High
- CVE:
- 2025-43839
Formality
Cision Block
- Plugin:
- Cision Block
- Plugin Slug:
- cision-block
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.0
- Severity Score:
- Medium
- CVE:
- 2025-3782
List Children
- Plugin:
- List Children
- Plugin Slug:
- list-children
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2025-4099
Taxonomy Chain Menu
- Plugin:
- Taxonomy Chain Menu
- Plugin Slug:
- taxonomy-chain-menu
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.9
- Severity Score:
- Medium
- CVE:
- 2025-3748
Ads Pro Plugin
- Plugin:
- Ads Pro Plugin
- Plugin Slug:
- ap-plugin-scripteo
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.89
- Severity Score:
- Critical
- CVE:
- 2024-13322
BuddyPress Platform Pro
- Plugin:
- BuddyPress Platform Pro
- Plugin Slug:
- buddyboss-platform-pro
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 2.7.10
- Severity Score:
- Critical
- CVE:
- 2025-1909
Envolve Plugin
- Plugin:
- Envolve Plugin
- Plugin Slug:
- envolve-plugin
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
- 2024-11615
Gravity Forms WebHooks
- Plugin:
- Gravity Forms WebHooks
- Plugin Slug:
- gravityformswebhooks
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.7.0
- Severity Score:
- Medium
- CVE:
- 2024-13845
Order Delivery Date for WP e-Commerce
- Plugin:
- Order Delivery Date for WP e-Commerce
- Plugin Slug:
- order-delivery-date
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 12.3.1
- Severity Score:
- Critical
- CVE:
- 2025-2907
Advance Seat Reservation Management for WooCommerce
- Plugin:
- Advance Seat Reservation Management for WooCommerce
- Plugin Slug:
- scw-seat-reservation
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.4
- Severity Score:
- Critical
- CVE:
- 2024-13344
Multilingual CMS
- Plugin:
- Multilingual CMS
- Plugin Slug:
- sitepress-multilingual-cms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.4
- Severity Score:
- Medium
- CVE:
- 2025-3488
tagDiv Composer
- Plugin:
- tagDiv Composer
- Plugin Slug:
- td-composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.1
- Severity Score:
- Medium
- CVE:
- 2025-3510
tagDiv Opt-In Builder
- Plugin:
- tagDiv Opt-In Builder
- Plugin Slug:
- td-subscription
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.7.1
- Severity Score:
- High
- CVE:
- 2025-2890
Ultimate Auction Pro
- Plugin:
- Ultimate Auction Pro
- Plugin Slug:
- ultimate-woocommerce-auction-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.3
- Severity Score:
- Critical
- CVE:
- 2025-4204
WordPress Themes — 6 Patched / 0 Unpatched
NewsBlogger
- Theme:
- NewsBlogger
- Theme Slug:
- newsblogger
- Downloads
- 100,624
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 0.2.5.2
- Severity Score:
- High
- CVE:
- 2025-1304
NewsBlogger
- Theme:
- NewsBlogger
- Theme Slug:
- newsblogger
- Downloads
- 100,624
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 0.2.5.5
- Severity Score:
- High
- CVE:
- 2025-1305
Homey
- Theme:
- Homey
- Theme Slug:
- homey
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.5
- Severity Score:
- Medium
- CVE:
- 2025-1326
Homey
- Theme:
- Homey
- Theme Slug:
- homey
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.4.5
- Severity Score:
- Medium
- CVE:
- 2025-1327
Kleo
- Theme:
- Kleo
- Theme Slug:
- kleo
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.4.4
- Severity Score:
- Medium
- CVE:
- 2025-39367
Motors
- Theme:
- Motors
- Theme Slug:
- motors
- Vulnerability:
- Content Injection
- Patched in Version:
- 5.6.66
- Severity Score:
- High
- CVE:
- 2024-13738
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
