In this report, 199 vulnerabilities have been publicly disclosed. Security patches for 104 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 95 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.3 was released on September 30, 2025. This is a security release that features two fixes. As this is a security release, we recommend updating your sites immediately. For more information on WordPress 6.8.3, please visit the version page on the HelpHub site.
WordPress 6.9 Release Candidate 1 (RC1) is now available for testing. This version is still under development and should not be installed on production or mission-critical websites. Instead, test RC1 on a staging or test site. You can read more on the WordPress Core blog for details on how to download and test this release.
The final release of WordPress 6.9 is scheduled for December 2, 2025. For updates, testing information, and release announcements, visit the Make WordPress Core blog.
WordPress Plugins — 103 Patched / 94 Unpatched
WP Snow Effect
- Plugin:
- WP Snow Effect
- Plugin Slug:
- wp-snow-effect
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64294
Image Comparison Addon for Elementor
- Plugin Slug:
- image-comparison-elementor-addon
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10896
Master Blocks – Ultimate Gutenberg Blocks for Marketers
- Plugin Slug:
- ultimate-blocks-for-gutenberg
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10896
EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin
- Plugin Slug:
- easycommerce
- Installations
- 60+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-11457
Magazine Companion
- Plugin:
- Magazine Companion
- Plugin Slug:
- bnm-blocks
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11828
Content Locker for Elementor
- Plugin:
- Content Locker for Elementor
- Plugin Slug:
- content-locker-for-elementor
- Installations
- 40+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10896
Ace User Management
- Plugin:
- Ace User Management
- Plugin Slug:
- ace-user-management
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6027
Add Multiple Marker
- Plugin:
- Add Multiple Marker
- Plugin Slug:
- add-multiple-marker
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11999
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
- Plugin:
- Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
- Plugin Slug:
- ai-auto-tool
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12156
Auto Amazon Links
- Plugin:
- Auto Amazon Links
- Plugin Slug:
- amazon-auto-links
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-11451
Authors List
- Plugin:
- Authors List
- Plugin Slug:
- authors-list
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12010
Multi-language Responsive Portfolio
- Plugin:
- Multi-language Responsive Portfolio
- Plugin Slug:
- bootstrap-multi-language-responsive-portfolio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11753
Associados Amazon
- Plugin:
- Associados Amazon
- Plugin Slug:
- brzon
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12403
CE21 Suite
- Plugin:
- CE21 Suite
- Plugin Slug:
- ce21-suite
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-11007
CE21 Suite
- Plugin:
- CE21 Suite
- Plugin Slug:
- ce21-suite
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-11008
Centangle Team Showcase
- Plugin:
- Centangle Team Showcase
- Plugin Slug:
- centangle-team
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12456
Chart Expert
- Plugin:
- Chart Expert
- Plugin Slug:
- chart-expert
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12753
Clubmember
- Plugin:
- Clubmember
- Plugin Slug:
- clubmember
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12396
Coon Google Maps
- Plugin:
- Coon Google Maps
- Plugin Slug:
- coon-google-maps
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12662
WP????????? for CPI
- Plugin:
- WP????????? for CPI
- Plugin Slug:
- cpi-wp-migration
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-11170
Crypto
- Plugin:
- Crypto
- Plugin Slug:
- crypto
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11986
Crypto
- Plugin:
- Crypto
- Plugin Slug:
- crypto
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11988
Crypto Payment Gateway with Payeer for WooCommerce
- Plugin:
- Crypto Payment Gateway with Payeer for WooCommerce
- Plugin Slug:
- crypto-payment-gateway-with-payeer-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-11890
CTL Arcade Lite
- Plugin:
- CTL Arcade Lite
- Plugin Slug:
- ctl-arcade-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11886
Document Pro Elementor
- Plugin:
- Document Pro Elementor
- Plugin Slug:
- document-pro-elementor
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11997
DominoKit
- Plugin:
- DominoKit
- Plugin Slug:
- dominokit
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12350
Download Counter Button
- Plugin:
- Download Counter Button
- Plugin Slug:
- download-counter-button
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-11072
Elastic Theme Editor
- Plugin:
- Elastic Theme Editor
- Plugin Slug:
- elastic-theme-editor
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-12637
Elegance Menu
- Plugin:
- Elegance Menu
- Plugin Slug:
- elegance-menu
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-11704
EM Beer Manager
- Plugin:
- EM Beer Manager
- Plugin Slug:
- em-beer-manager
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-11724
Eventbee Ticketing Widget
- Plugin:
- Eventbee Ticketing Widget
- Plugin Slug:
- eventbee-ticketing-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11856
Find Unused Images
- Plugin:
- Find Unused Images
- Plugin Slug:
- find-unused-images
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11996
Five9 Live Chat
- Plugin:
- Five9 Live Chat
- Plugin Slug:
- five9
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11829
Fleet Manager
- Plugin:
- Fleet Manager
- Plugin Slug:
- fleet
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12538
Free Quotation
- Plugin:
- Free Quotation
- Plugin Slug:
- free-quotation
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12393
Geopost
- Plugin:
- Geopost
- Plugin Slug:
- geopost
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12754
Astra Security Suite
- Plugin:
- Astra Security Suite
- Plugin Slug:
- getastra
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-11521
GitHub Gist Shortcode
- Plugin:
- GitHub Gist Shortcode
- Plugin Slug:
- github-gist-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12667
Holiday class post calendar
- Plugin:
- Holiday class post calendar
- Plugin Slug:
- holiday-class-post-calendar
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-12813
Import Export For WooCommerce
- Plugin:
- Import Export For WooCommerce
- Plugin Slug:
- import-export-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12389
Jeba Cute forkit
- Plugin:
- Jeba Cute forkit
- Plugin Slug:
- jeba-cute-forkit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12663
KiotViet Sync
- Plugin:
- KiotViet Sync
- Plugin Slug:
- kiotvietsync
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-12674
KiotViet Sync
- Plugin:
- KiotViet Sync
- Plugin Slug:
- kiotvietsync
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12676
KiotViet Sync
- Plugin:
- KiotViet Sync
- Plugin Slug:
- kiotvietsync
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12677
Label Plugins
- Plugin:
- Label Plugins
- Plugin Slug:
- label-plugins
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12401
LinkedIn Resume
- Plugin:
- LinkedIn Resume
- Plugin Slug:
- linkedin-resume
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12402
Live Photos on WordPress
- Plugin:
- Live Photos on WordPress
- Plugin Slug:
- live-photos
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12651
LMB^Box Smileys
- Plugin:
- LMB^Box Smileys
- Plugin Slug:
- lmbbox-smileys
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12400
MapMap
- Plugin:
- MapMap
- Plugin Slug:
- mapmap
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12415
MeetingList
- Plugin:
- MeetingList
- Plugin Slug:
- meeting-list
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12184
Mementor Core
- Plugin:
- Mementor Core
- Plugin Slug:
- mementor-core
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-11168
My Geo Posts Free
- Plugin:
- My Geo Posts Free
- Plugin Slug:
- my-geo-posts-free
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11863
Nari Accountant
- Plugin:
- Nari Accountant
- Plugin Slug:
- nari-accountant
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12371
Ninja Countdown
- Plugin:
- Ninja Countdown
- Plugin Slug:
- ninja-countdown
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12665
Nonaki
- Plugin:
- Nonaki
- Plugin Slug:
- nonaki-email-template-customizer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12644
Twitter Feed
- Plugin:
- Twitter Feed
- Plugin Slug:
- ot-twitter-feed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11860
Pagerank Tools
- Plugin:
- Pagerank Tools
- Plugin Slug:
- pagerank-tools
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12416
Paypal Donation Shortcode
- Plugin:
- Paypal Donation Shortcode
- Plugin Slug:
- paypal-donation-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11859
Posts Navigation Links for Sections and Headings
- Plugin:
- Posts Navigation Links for Sections and Headings
- Plugin Slug:
- posts-navigation-links-for-sections-and-headings-free-by-wp-masters
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12188
Precise Columns
- Plugin:
- Precise Columns
- Plugin Slug:
- precise-columns
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11869
Preload Current Images
- Plugin:
- Preload Current Images
- Plugin Slug:
- preload-current-images
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12658
Progress Bar Blocks for Gutenberg
- Plugin:
- Progress Bar Blocks for Gutenberg
- Plugin Slug:
- progressmatify-blocks
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12880
RandomQuotr
- Plugin:
- RandomQuotr
- Plugin Slug:
- randomquotr
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12632
Reuse Builder
- Plugin:
- Reuse Builder
- Plugin Slug:
- reuse-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11812
SH Contextual Help
- Plugin:
- SH Contextual Help
- Plugin Slug:
- sh-contextual-help
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12410
Share to Google Classroom
- Plugin:
- Share to Google Classroom
- Plugin Slug:
- share-to-google-classroom
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12711
Shelf Planner
- Plugin:
- Shelf Planner
- Plugin Slug:
- shelf-planner
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11894
Shelf Planner
- Plugin:
- Shelf Planner
- Plugin Slug:
- shelf-planner
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11891
Simple Donate
- Plugin:
- Simple Donate
- Plugin Slug:
- simple-donate
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11882
Simple User Capabilities
- Plugin:
- Simple User Capabilities
- Plugin Slug:
- simple-user-capabilities
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-12158
Simple User Capabilities
- Plugin:
- Simple User Capabilities
- Plugin Slug:
- simple-user-capabilities
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12157
Skip to Timestamp
- Plugin:
- Skip to Timestamp
- Plugin Slug:
- skip-to-timestamp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11805
Slippy Slider
- Plugin:
- Slippy Slider
- Plugin Slug:
- slippy-slider-responsive-touch-navigation-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11874
SMS for WordPress
- Plugin:
- SMS for WordPress
- Plugin Slug:
- sms4wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12580
Squirrels Auto Inventory
- Plugin:
- Squirrels Auto Inventory
- Plugin Slug:
- squirrels-auto-inventory
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12631
The Total Book Project
- Plugin:
- The Total Book Project
- Plugin Slug:
- the-total-book-project
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12126
Top Bar Notification
- Plugin:
- Top Bar Notification
- Plugin Slug:
- top-bar-notification
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12412
Ungapped Widgets
- Plugin:
- Ungapped Widgets
- Plugin Slug:
- ungapped-widgets
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12652
USB Qr Code Scanner For Woocommerce
- Plugin:
- USB Qr Code Scanner For Woocommerce
- Plugin Slug:
- usb-qr-code-scanner-for-woocommerce
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12588
ViaAds
- Plugin:
- ViaAds
- Plugin Slug:
- viaads
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12070
Wisly
- Plugin:
- Wisly
- Plugin Slug:
- wisly
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11532
Woocommerce – Products By Custom Tax
- Plugin:
- Woocommerce – Products By Custom Tax
- Plugin Slug:
- woocommerce-products-by-custom-tax
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11821
WP BBCode
- Plugin:
- WP BBCode
- Plugin Slug:
- wp-bbcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11873
WP Bootstrap Tabs
- Plugin:
- WP Bootstrap Tabs
- Plugin Slug:
- wp-bootstrap-tabs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11822
WP Carticon
- Plugin:
- WP Carticon
- Plugin Slug:
- wp-carticon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12065
WP Count Down Timer
- Plugin:
- WP Count Down Timer
- Plugin Slug:
- wp-count-down-timer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12668
WP Custom Admin Login Page Logo
- Plugin:
- WP Custom Admin Login Page Logo
- Plugin Slug:
- wp-custom-login-page-logo
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12132
Flickr Show
- Plugin:
- Flickr Show
- Plugin Slug:
- wp-flickrshow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12672
WP Global Screen Options
- Plugin:
- WP Global Screen Options
- Plugin Slug:
- wp-global-screen-options
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12069
WP-Iconics
- Plugin:
- WP-Iconics
- Plugin Slug:
- wp-iconics
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12671
WP-OAuth
- Plugin:
- WP-OAuth
- Plugin Slug:
- wp-oauth
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12021
WP-Walla
- Plugin:
- WP-Walla
- Plugin Slug:
- wp-walla
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12589
Social Media WPCF7 Stop Words
- Plugin:
- Social Media WPCF7 Stop Words
- Plugin Slug:
- wpcf7-stop-words
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12413
YSlider
- Plugin:
- YSlider
- Plugin Slug:
- yslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12590
Spectra Gutenberg Blocks – Website Builder for the Block Editor
- Plugin Slug:
- ultimate-addons-for-gutenberg
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.19.15
- Severity Score:
- Medium
- CVE:
- 2025-11162
TablePress – Tables in WordPress made easy
- Plugin Slug:
- tablepress
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.5
- Severity Score:
- Medium
- CVE:
- 2025-12324
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.15.10
- Severity Score:
- Critical
- CVE:
- 2025-12197
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.15.10
- Severity Score:
- Medium
- CVE:
- 2025-12192
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App
- Plugin Slug:
- post-smtp
- Installations
- 400,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 3.6.1
- Severity Score:
- Critical
- CVE:
- 2025-11833
SiteSEO – SEO Simplified
- Plugin:
- SiteSEO – SEO Simplified
- Plugin Slug:
- siteseo
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.2
- Severity Score:
- Low
- CVE:
- 2025-12367
Ad Inserter – Ad Manager & AdSense Ads
- Plugin Slug:
- ad-inserter
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.8
- Severity Score:
- Medium
- CVE:
- 2025-11745
Blocksy Companion
- Plugin:
- Blocksy Companion
- Plugin Slug:
- blocksy-companion
- Installations
- 300,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.1.20
- Severity Score:
- Critical
- CVE:
- 2025-12846
Advanced Ads – Ad Manager & AdSense
- Plugin Slug:
- advanced-ads
- Installations
- 100,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 2.0.13
- Severity Score:
- High
- CVE:
- 2025-10487
AI Engine
- Plugin:
- AI Engine
- Plugin Slug:
- ai-engine
- Installations
- 100,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.1.4
- Severity Score:
- Critical
- CVE:
- 2025-11749
Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel
- Plugin Slug:
- depicter
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.5
- Severity Score:
- Medium
- CVE:
- 2025-11373
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.31
- Severity Score:
- Medium
- CVE:
- 2025-12177
Gallery Plugin for WordPress – Envira Photo Gallery
- Plugin Slug:
- envira-gallery-lite
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.12.0
- Severity Score:
- Medium
- CVE:
- 2025-11448
Schema & Structured Data for WP & AMP
- Plugin Slug:
- schema-and-structured-data-for-wp
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.52
- Severity Score:
- Medium
- CVE:
- 2025-11502
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
- Plugin Slug:
- themeisle-companion
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.3
- Severity Score:
- Medium
- CVE:
- 2025-12045
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.2.6
- Severity Score:
- High
- CVE:
- 2025-12493
Strong Testimonials
- Plugin:
- Strong Testimonials
- Plugin Slug:
- strong-testimonials
- Installations
- 90,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 3.2.17
- Severity Score:
- Medium
- CVE:
- 2025-11268
List category posts
- Plugin:
- List category posts
- Plugin Slug:
- list-category-posts
- Installations
- 80,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 0.93.0
- Severity Score:
- Medium
- CVE:
- 2025-11377
Greenshift – animation and page builder blocks
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.2.8
- Severity Score:
- Medium
- CVE:
- 2025-11841
Qi Blocks
- Plugin:
- Qi Blocks
- Plugin Slug:
- qi-blocks
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2025-12180
Premium Portfolio Features for Phlox theme
- Plugin Slug:
- auxin-portfolio
- Installations
- 50,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.3.12
- Severity Score:
- High
- CVE:
- 2025-12497
Blog2Social: Social Media Auto Post & Scheduler
- Plugin Slug:
- blog2social
- Installations
- 50,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 8.6.1
- Severity Score:
- Medium
- CVE:
- 2025-12560
Blog2Social: Social Media Auto Post & Scheduler
- Plugin Slug:
- blog2social
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.6.1
- Severity Score:
- Medium
- CVE:
- 2025-12563
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
- Plugin Slug:
- easy-digital-downloads
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.3
- Severity Score:
- Medium
- CVE:
- 2025-11271
Quick Featured Images
- Plugin:
- Quick Featured Images
- Plugin Slug:
- quick-featured-images
- Installations
- 50,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 13.7.4
- Severity Score:
- High
- CVE:
- 2025-11980
Better Find and Replace – AI-Powered Suggestions
- Plugin Slug:
- real-time-auto-find-and-replace
- Installations
- 50,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 1.7.8
- Severity Score:
- High
- CVE:
- 2025-9334
Better Find and Replace – AI-Powered Suggestions
- Plugin Slug:
- real-time-auto-find-and-replace
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.8
- Severity Score:
- Medium
- CVE:
- 2025-12360
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
- Plugin Slug:
- simple-tags
- Installations
- 50,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.40.1
- Severity Score:
- High
- CVE:
- 2025-11972
FunnelKit – Funnel Builder for WooCommerce Checkout
- Plugin Slug:
- funnel-builder
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.12.0.1
- Severity Score:
- High
- CVE:
- 2025-10567
Hubbub Lite – Fast, free social sharing and follow buttons
- Plugin Slug:
- social-pug
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.36.1
- Severity Score:
- High
- CVE:
- 2025-12471
PowerPress Podcasting plugin by Blubrry
- Plugin Slug:
- powerpress
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 11.14
- Severity Score:
- Medium
- CVE:
- 2025-64201
Inactive Logout
- Plugin:
- Inactive Logout
- Plugin Slug:
- inactive-logout
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.0
- Severity Score:
- Medium
- CVE:
- 2025-11922
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
- Plugin Slug:
- wp-marketing-automations
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.6.4.2
- Severity Score:
- Medium
- CVE:
- 2025-12468
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
- Plugin Slug:
- wp-marketing-automations
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.4.2
- Severity Score:
- Medium
- CVE:
- 2025-12469
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.4.10
- Severity Score:
- High
- CVE:
- 2025-11740
Asgaros Forum
- Plugin:
- Asgaros Forum
- Plugin Slug:
- asgaros-forum
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.2.0
- Severity Score:
- Critical
- CVE:
- 2025-11452
Classified Listing – AI-Powered Classified ads & Business Directory Plugin
- Plugin Slug:
- classified-listing
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.2.1
- Severity Score:
- Medium
- CVE:
- 2025-12953
CSS & JavaScript Toolbox
- Plugin:
- CSS & JavaScript Toolbox
- Plugin Slug:
- css-javascript-toolbox
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.0.6
- Severity Score:
- Medium
- CVE:
- 2025-11928
Document Embedder – Embed PDFs, Word, Excel, and Other Files
- Plugin Slug:
- document-emberdder
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.1
- Severity Score:
- High
- CVE:
- 2025-12384
WP2Social Auto Publish
- Plugin:
- WP2Social Auto Publish
- Plugin Slug:
- facebook-auto-publish
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.8
- Severity Score:
- High
- CVE:
- 2025-12064
Graphina – Charts and Graphs For Elementor
- Plugin Slug:
- graphina-elementor-charts-and-graphs
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.9
- Severity Score:
- Medium
- CVE:
- 2025-11820
Groups
- Plugin:
- Groups
- Plugin Slug:
- groups
- Installations
- 10,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.8.0
- Severity Score:
- Medium
- CVE:
- 2025-11748
HTML Forms – Simple WordPress Forms Plugin
- Plugin Slug:
- html-forms
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.6
- Severity Score:
- Medium
- CVE:
- 2025-12125
Mang Board WP
- Plugin:
- Mang Board WP
- Plugin Slug:
- mangboard
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.2
- Severity Score:
- High
- CVE:
- 2025-12193
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin:
- Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin Slug:
- paid-member-subscriptions
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.16.5
- Severity Score:
- Medium
- CVE:
- 2025-11835
Visual Link Preview
- Plugin:
- Visual Link Preview
- Plugin Slug:
- visual-link-preview
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.8
- Severity Score:
- Medium
- CVE:
- 2025-11987
WPeMatico RSS Feed Fetcher
- Plugin:
- WPeMatico RSS Feed Fetcher
- Plugin Slug:
- wpematico
- Installations
- 10,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.8.12
- Severity Score:
- Medium
- CVE:
- 2025-11917
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages
- Plugin Slug:
- wplegalpages
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.2
- Severity Score:
- Medium
- CVE:
- 2025-11816
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent
- Plugin Slug:
- tablesome
- Installations
- 9,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.3.33
- Severity Score:
- Critical
- CVE:
- 2025-11499
aThemes Addons for Elementor
- Plugin:
- aThemes Addons for Elementor
- Plugin Slug:
- athemes-addons-for-elementor-lite
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2025-12837
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.0.1
- Severity Score:
- Medium
- CVE:
- 2025-12498
Insert Headers and Footers Code – HT Script
- Plugin Slug:
- insert-headers-and-footers-script
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- CVE:
- 2025-12112
Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels
- Plugin Slug:
- wpfunnels
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.3
- Severity Score:
- Medium
- CVE:
- 2025-12353
Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels
- Plugin Slug:
- wpfunnels
- Installations
- 7,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.6.3
- Severity Score:
- Medium
- CVE:
- 2025-12000
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
- Plugin Slug:
- mail-mint
- Installations
- 6,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.18.11
- Severity Score:
- High
- CVE:
- 2025-11967
Carousel Block – Responsive Image and Content Carousel
- Plugin Slug:
- b-carousel-block
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2025-12388
WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
- Plugin Slug:
- delicious-recipes
- Installations
- 5,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.9.1
- Severity Score:
- Critical
- CVE:
- 2025-11755
Import WP – Export and Import CSV and XML files to WordPress
- Plugin Slug:
- jc-importer
- Installations
- 5,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.14.17
- Severity Score:
- Medium
- CVE:
- 2025-12137
Flying Images: Optimize and Lazy Load Images for Faster Page Speed
- Plugin Slug:
- nazy-load
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.15
- Severity Score:
- Medium
- CVE:
- 2025-11927
ElementInvader Addons for Elementor
- Plugin Slug:
- elementinvader-addons-for-elementor
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.1
- Severity Score:
- Medium
- CVE:
- 2025-10873
Document Library Lite
- Plugin:
- Document Library Lite
- Plugin Slug:
- document-library-lite
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- CVE:
- 2025-11174
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
- Plugin Slug:
- academy
- Installations
- 2,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.3.9
- Severity Score:
- High
- CVE:
- 2025-12099
Extensions for Leaflet Map
- Plugin:
- Extensions for Leaflet Map
- Plugin Slug:
- extensions-leaflet-map
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8
- Severity Score:
- Medium
- CVE:
- 2025-12369
Footnotes Made Easy
- Plugin:
- Footnotes Made Easy
- Plugin Slug:
- footnotes-made-easy
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.8
- Severity Score:
- High
- CVE:
- 2025-11733
Hydra Booking — Appointment Scheduling & Booking Calendar
- Plugin Slug:
- hydra-booking
- Installations
- 2,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.1.28
- Severity Score:
- Medium
- CVE:
- 2025-12788
Hydra Booking — Appointment Scheduling & Booking Calendar
- Plugin Slug:
- hydra-booking
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.28
- Severity Score:
- Medium
- CVE:
- 2025-12787
Page & Post Notes
- Plugin:
- Page & Post Notes
- Plugin Slug:
- page-post-notes
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2025-12527
Flexible Refund and Return Order for WooCommerce
- Plugin Slug:
- flexible-refund-and-return-order-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.43
- Severity Score:
- Medium
- CVE:
- 2025-12621
Connector Wizard (formerly LC Wizard)
- Plugin Slug:
- ghl-wizard
- Installations
- 1,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.4.0
- Severity Score:
- High
- CVE:
- 2025-5483
Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress
- Plugin Slug:
- sprout-invoices
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 20.8.8
- Severity Score:
- Medium
- CVE:
- 2025-64229
WP Airbnb Review Slider
- Plugin:
- WP Airbnb Review Slider
- Plugin Slug:
- wp-airbnb-review-slider
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4
- Severity Score:
- Medium
- CVE:
- 2025-12520
WP Discourse
- Plugin:
- WP Discourse
- Plugin Slug:
- wp-discourse
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6.0
- Severity Score:
- Low
- CVE:
- 2025-11983
WPCOM Member
- Plugin:
- WPCOM Member
- Plugin Slug:
- wpcom-member
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.7.15
- Severity Score:
- High
- CVE:
- 2025-11920
ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns
- Plugin Slug:
- zoloblocks
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.12
- Severity Score:
- Medium
- CVE:
- 2025-49903
Smart Auto Upload Images – Import External Images
- Plugin Slug:
- smart-auto-upload-images
- Installations
- 900+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.2.1
- Severity Score:
- Critical
- CVE:
- 2025-12161
All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier
- Plugin Slug:
- aio-time-clock-lite
- Installations
- 800+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.4
- Severity Score:
- Medium
- CVE:
- 2025-11758
TNC Toolbox: Web Performance
- Plugin:
- TNC Toolbox: Web Performance
- Plugin Slug:
- tnc-toolbox
- Installations
- 800+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.0.0
- Severity Score:
- Critical
- CVE:
- 2025-12539
Easy Upload Files During Checkout
- Plugin Slug:
- easy-upload-files-during-checkout
- Installations
- 600+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.9.9
- Severity Score:
- High
- CVE:
- 2025-12682
Employee Spotlight – Team Member Showcase & Meet the Team Plugin
- Plugin Slug:
- employee-spotlight
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.3
- Severity Score:
- Medium
- CVE:
- 2025-12090
Contact Form 7 AWeber Extension
- Plugin:
- Contact Form 7 AWeber Extension
- Plugin Slug:
- integrate-contact-form-7-and-aweber
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.1.43
- Severity Score:
- Medium
- CVE:
- 2025-12167
RealPress – Real Estate Plugin
- Plugin:
- RealPress – Real Estate Plugin
- Plugin Slug:
- realpress
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
- 2025-11191
CYAN Backup
- Plugin:
- CYAN Backup
- Plugin Slug:
- cyan-backup
- Installations
- 300+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 2.5.5
- Severity Score:
- Medium
- CVE:
- 2025-12092
Alex Reservations: Smart Restaurant Booking
- Plugin Slug:
- alex-reservations
- Installations
- 200+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.2.4
- Severity Score:
- High
- CVE:
- 2025-12399
IDonate – Blood Donation, Request And Donor Management System
- Plugin Slug:
- idonate
- Installations
- 100+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.1.10
- Severity Score:
- High
- CVE:
- 2025-4519
IDonate – Blood Donation, Request And Donor Management System
- Plugin Slug:
- idonate
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.10
- Severity Score:
- Medium
- CVE:
- 2025-4522
Simple Downloads List
- Plugin:
- Simple Downloads List
- Plugin Slug:
- simple-downloads-list
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.0
- Severity Score:
- Medium
- CVE:
- 2025-12583
Image Hover Effects for Elementor
- Plugin Slug:
- image-hover-effects-elementor-addon
- Installations
- 60+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.2.4
- Severity Score:
- High
- CVE:
- 2025-10896
Schema Scalpel
- Plugin:
- Schema Scalpel
- Plugin Slug:
- schema-scalpel
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
- CVE:
- 2025-12118
Community Events
- Plugin:
- Community Events
- Plugin Slug:
- community-events
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.3
- Severity Score:
- High
- CVE:
- 2025-11995
Easy Email Subscription
- Plugin:
- Easy Email Subscription
- Plugin Slug:
- email-subscription-with-secure-captcha
- Installations
- 30+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
- 2025-10691
Easy Email Subscription
- Plugin:
- Easy Email Subscription
- Plugin Slug:
- email-subscription-with-secure-captcha
- Installations
- 30+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2025-10683
Saphali LiqPay for donate
- Plugin:
- Saphali LiqPay for donate
- Plugin Slug:
- saphali-liqpay-for-donate
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.3
- Severity Score:
- Medium
- CVE:
- 2025-12643
Folderly
- Plugin:
- Folderly
- Plugin Slug:
- folderly
- Installations
- 10+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.3.1
- Severity Score:
- Low
- CVE:
- 2025-12038
Academy LMS Pro
- Plugin:
- Academy LMS Pro
- Plugin Slug:
- academy-pro
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.3.9
- Severity Score:
- Medium
- CVE:
- 2025-12098
SUMO Affiliates Pro
- Plugin:
- SUMO Affiliates Pro
- Plugin Slug:
- affs
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 11.1.0
- Severity Score:
- Medium
- CVE:
- 2025-64228
Doccure Core
- Plugin:
- Doccure Core
- Plugin Slug:
- doccure
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.5.4
- Severity Score:
- Critical
- CVE:
- 2025-8900
Everest Forms Pro
- Plugin:
- Everest Forms Pro
- Plugin Slug:
- everest-forms-pro
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.9.8
- Severity Score:
- Medium
- CVE:
- 2025-8871
Gravity Forms
- Plugin:
- Gravity Forms
- Plugin Slug:
- gravityforms
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.9.21
- Severity Score:
- Critical
- CVE:
- 2025-12352
Integrate Google Drive
- Plugin:
- Integrate Google Drive
- Plugin Slug:
- integrate-google-drive
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.5.4
- Severity Score:
- High
- CVE:
- 2025-12139
JetElements For Elementor
- Plugin:
- JetElements For Elementor
- Plugin Slug:
- jet-elements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.12.1
- Severity Score:
- Medium
- CVE:
- 2025-64355
Ohio Extra
- Plugin:
- Ohio Extra
- Plugin Slug:
- ohio-extra
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.1
- Severity Score:
- Medium
- CVE:
- 2025-64365
Ovatheme Events Manager
- Plugin:
- Ovatheme Events Manager
- Plugin Slug:
- ova-events-manager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.7
- Severity Score:
- Medium
- CVE:
- 2025-7663
Rey Core
- Plugin:
- Rey Core
- Plugin Slug:
- rey-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.9
- Severity Score:
- Medium
- CVE:
- 2025-64220
WordPress Themes — 1 Patched / 1 Unpatched
Kallyas
- Theme:
- Kallyas
- Theme Slug:
- kallyas
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6990
Kallyas
- Theme:
- Kallyas
- Theme Slug:
- kallyas
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.24.0
- Severity Score:
- Medium
- CVE:
- 2025-6988
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
