In this report, 108 vulnerabilities have been publicly disclosed. Security patches for 77 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 31 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.3 was released on September 30, 2025. This is a security release that features two fixes. As this is a security release, we recommend updating your sites immediately. For more information on WordPress 6.8.3, please visit the version page on the HelpHub site.
WordPress 6.9 Beta 3 is now ready for testing! This beta version of WordPress is still under development, so please avoid using it on production or mission-critical sites. Instead, test Beta 3 on a staging or test site.
The final release of WordPress 6.9 is scheduled for December 2, 2025. You can find the full release schedule and testing information on the WordPress Core blog. Your help testing Beta and RC versions is essential to ensuring a stable and powerful release.
WordPress Plugins — 68 Patched / 30 Unpatched
WP Snow Effect
- Plugin:
- WP Snow Effect
- Plugin Slug:
- wp-snow-effect
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-64294
Multi-language Responsive Portfolio
- Plugin:
- Multi-language Responsive Portfolio
- Plugin Slug:
- bootstrap-multi-language-responsive-portfolio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11753
Associados Amazon
- Plugin:
- Associados Amazon
- Plugin Slug:
- brzon
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12403
CE21 Suite
- Plugin:
- CE21 Suite
- Plugin Slug:
- ce21-suite
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-11008
Centangle Team Showcase
- Plugin:
- Centangle Team Showcase
- Plugin Slug:
- centangle-team
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12456
Clubmember
- Plugin:
- Clubmember
- Plugin Slug:
- clubmember
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12396
Crypto Payment Gateway with Payeer for WooCommerce
- Plugin:
- Crypto Payment Gateway with Payeer for WooCommerce
- Plugin Slug:
- crypto-payment-gateway-with-payeer-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-11890
DominoKit
- Plugin:
- DominoKit
- Plugin Slug:
- dominokit
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12350
Elegance Menu
- Plugin:
- Elegance Menu
- Plugin Slug:
- elegance-menu
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-11704
EM Beer Manager
- Plugin:
- EM Beer Manager
- Plugin Slug:
- em-beer-manager
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-11724
Free Quotation
- Plugin:
- Free Quotation
- Plugin Slug:
- free-quotation
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12393
Import Export For WooCommerce
- Plugin:
- Import Export For WooCommerce
- Plugin Slug:
- import-export-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12389
Label Plugins
- Plugin:
- Label Plugins
- Plugin Slug:
- label-plugins
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12401
LinkedIn Resume
- Plugin:
- LinkedIn Resume
- Plugin Slug:
- linkedin-resume
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12402
LMB^Box Smileys
- Plugin:
- LMB^Box Smileys
- Plugin Slug:
- lmbbox-smileys
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12400
MapMap
- Plugin:
- MapMap
- Plugin Slug:
- mapmap
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12415
MeetingList
- Plugin:
- MeetingList
- Plugin Slug:
- meeting-list
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12184
Nari Accountant
- Plugin:
- Nari Accountant
- Plugin Slug:
- nari-accountant
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12371
NS Maintenance Mode for WP
- Plugin:
- NS Maintenance Mode for WP
- Plugin Slug:
- ns-maintenance-mode-for-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10636
Pagerank Tools
- Plugin:
- Pagerank Tools
- Plugin Slug:
- pagerank-tools
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12416
Posts Navigation Links for Sections and Headings
- Plugin:
- Posts Navigation Links for Sections and Headings
- Plugin Slug:
- posts-navigation-links-for-sections-and-headings-free-by-wp-masters
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12188
Reuse Builder
- Plugin:
- Reuse Builder
- Plugin Slug:
- reuse-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11812
SH Contextual Help
- Plugin:
- SH Contextual Help
- Plugin Slug:
- sh-contextual-help
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-12410
Simple User Capabilities
- Plugin:
- Simple User Capabilities
- Plugin Slug:
- simple-user-capabilities
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-12158
Simple User Capabilities
- Plugin:
- Simple User Capabilities
- Plugin Slug:
- simple-user-capabilities
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12157
ViaAds
- Plugin:
- ViaAds
- Plugin Slug:
- viaads
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12070
WooCommerce Designer Pro
- Plugin:
- WooCommerce Designer Pro
- Plugin Slug:
- wc-designer-pro
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10897
WP Carticon
- Plugin:
- WP Carticon
- Plugin Slug:
- wp-carticon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12065
WP Global Screen Options
- Plugin:
- WP Global Screen Options
- Plugin Slug:
- wp-global-screen-options
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12069
Social Media WPCF7 Stop Words
- Plugin:
- Social Media WPCF7 Stop Words
- Plugin Slug:
- wpcf7-stop-words
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-12413
LiteSpeed Cache
- Plugin:
- LiteSpeed Cache
- Plugin Slug:
- litespeed-cache
- Installations
- 7,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6
- Severity Score:
- High
- CVE:
- 2025-12450
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations
- 7,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.9.0
- Severity Score:
- Medium
- CVE:
- 2023-7320
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations
- 7,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 10.0.3
- Severity Score:
- Medium
- CVE:
- 2025-49042
Polylang
- Plugin:
- Polylang
- Plugin Slug:
- polylang
- Installations
- 800,000+
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- 3.7.4
- Severity Score:
- High
- CVE:
- 2025-64353
TablePress – Tables in WordPress made easy
- Plugin Slug:
- tablepress
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.5
- Severity Score:
- Medium
- CVE:
- 2025-12324
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.15.10
- Severity Score:
- Medium
- CVE:
- 2025-12175
Facebook for WooCommerce
- Plugin:
- Facebook for WooCommerce
- Plugin Slug:
- facebook-for-woocommerce
- Installations
- 500,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.8
- Severity Score:
- Medium
- CVE:
- 2025-64296
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App
- Plugin Slug:
- post-smtp
- Installations
- 400,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 3.6.1
- Severity Score:
- Critical
- CVE:
- 2025-11833
SiteSEO – SEO Simplified
- Plugin:
- SiteSEO – SEO Simplified
- Plugin Slug:
- siteseo
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.2
- Severity Score:
- Low
- CVE:
- 2025-12367
Call Now Button – The #1 Click to Call Button for WordPress
- Plugin Slug:
- call-now-button
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.5
- Severity Score:
- Medium
- CVE:
- 2025-11632
Call Now Button – The #1 Click to Call Button for WordPress
- Plugin Slug:
- call-now-button
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.4
- Severity Score:
- Medium
- CVE:
- 2025-11587
Advanced Ads – Ad Manager & AdSense
- Plugin Slug:
- advanced-ads
- Installations
- 100,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 2.0.13
- Severity Score:
- High
- CVE:
- 2025-10487
Advanced Database Cleaner
- Plugin:
- Advanced Database Cleaner
- Plugin Slug:
- advanced-database-cleaner
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.7
- Severity Score:
- Medium
- CVE:
- 2025-64357
Advanced Database Cleaner
- Plugin:
- Advanced Database Cleaner
- Plugin Slug:
- advanced-database-cleaner
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.7
- Severity Score:
- Medium
- CVE:
- 2025-11497
Anti-Malware Security and Brute-Force Firewall
- Plugin Slug:
- gotmls
- Installations
- 100,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 4.23.83
- Severity Score:
- Medium
- CVE:
- 2025-11705
Insert PHP Code Snippet
- Plugin:
- Insert PHP Code Snippet
- Plugin Slug:
- insert-php-code-snippet
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2025-64356
Schema & Structured Data for WP & AMP
- Plugin Slug:
- schema-and-structured-data-for-wp
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.52
- Severity Score:
- Medium
- CVE:
- 2025-11502
HUSKY – Products Filter Professional for WooCommerce
- Plugin Slug:
- woocommerce-products-filter
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.7.2
- Severity Score:
- Critical
- CVE:
- 2025-11735
List category posts
- Plugin:
- List category posts
- Plugin Slug:
- list-category-posts
- Installations
- 90,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 0.93.0
- Severity Score:
- Medium
- CVE:
- 2025-11377
Greenshift – animation and page builder blocks
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.2.8
- Severity Score:
- Medium
- CVE:
- 2025-11841
Qi Blocks
- Plugin:
- Qi Blocks
- Plugin Slug:
- qi-blocks
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2025-12180
Translate WordPress and go Multilingual – Weglot
- Plugin Slug:
- weglot
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.2
- Severity Score:
- Medium
- CVE:
- 2025-10008
Auto Featured Image (Auto Post Thumbnail)
- Plugin Slug:
- auto-post-thumbnail
- Installations
- 50,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.2.0
- Severity Score:
- Medium
- CVE:
- 2025-10145
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
- Plugin Slug:
- ays-popup-box
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.5.5
- Severity Score:
- Medium
- CVE:
- 2025-57931
Smart Coupons For WooCommerce Coupons
- Plugin Slug:
- wt-smart-coupons-for-woocommerce
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.4
- Severity Score:
- Medium
- CVE:
- 2025-64358
Inactive Logout
- Plugin:
- Inactive Logout
- Plugin Slug:
- inactive-logout
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.0
- Severity Score:
- Medium
- CVE:
- 2025-11922
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.4.10
- Severity Score:
- High
- CVE:
- 2025-11740
CSS & JavaScript Toolbox
- Plugin:
- CSS & JavaScript Toolbox
- Plugin Slug:
- css-javascript-toolbox
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.0.6
- Severity Score:
- Medium
- CVE:
- 2025-11928
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages
- Plugin Slug:
- wplegalpages
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.2
- Severity Score:
- Medium
- CVE:
- 2025-11816
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent
- Plugin Slug:
- tablesome
- Installations
- 9,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.3.33
- Severity Score:
- Critical
- CVE:
- 2025-11499
WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
- Plugin Slug:
- delicious-recipes
- Installations
- 5,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.9.1
- Severity Score:
- Critical
- CVE:
- 2025-11755
Import WP – Export and Import CSV and XML files to WordPress
- Plugin Slug:
- jc-importer
- Installations
- 5,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.14.17
- Severity Score:
- Medium
- CVE:
- 2025-12137
Flying Images: Optimize and Lazy Load Images for Faster Page Speed
- Plugin Slug:
- nazy-load
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.15
- Severity Score:
- Medium
- CVE:
- 2025-11927
OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)
- Plugin Slug:
- oopspam-anti-spam
- Installations
- 5,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.2.54
- Severity Score:
- Medium
- CVE:
- 2025-12094
WPC Name Your Price for WooCommerce
- Plugin Slug:
- wpc-name-your-price
- Installations
- 5,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.2.0
- Severity Score:
- High
- CVE:
- 2025-12115
Document Library Lite
- Plugin:
- Document Library Lite
- Plugin Slug:
- document-library-lite
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- CVE:
- 2025-11174
Extensions for Leaflet Map
- Plugin:
- Extensions for Leaflet Map
- Plugin Slug:
- extensions-leaflet-map
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8
- Severity Score:
- Medium
- CVE:
- 2025-12369
Footnotes Made Easy
- Plugin:
- Footnotes Made Easy
- Plugin Slug:
- footnotes-made-easy
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.8
- Severity Score:
- High
- CVE:
- 2025-11733
FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.)
- Plugin Slug:
- fusewp
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.23.1
- Severity Score:
- Medium
- CVE:
- 2025-11975
FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.)
- Plugin Slug:
- fusewp
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.23.1
- Severity Score:
- Medium
- CVE:
- 2025-11976
AppPresser – Mobile App Framework
- Plugin Slug:
- apppresser
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.5.1
- Severity Score:
- Medium
- CVE:
- 2025-11881
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
- Plugin Slug:
- booking-and-rental-manager-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.4
- Severity Score:
- High
- CVE:
- 2025-49904
Range Slider Addon for Gravity Forms
- Plugin Slug:
- range-slider-addon-for-gravity-forms
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.7
- Severity Score:
- High
- CVE:
- 2025-49905
WP Discourse
- Plugin:
- WP Discourse
- Plugin Slug:
- wp-discourse
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6.0
- Severity Score:
- Low
- CVE:
- 2025-11983
WPCOM Member
- Plugin:
- WPCOM Member
- Plugin Slug:
- wpcom-member
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.7.15
- Severity Score:
- High
- CVE:
- 2025-11920
Easy Testimonial Slider and Form
- Plugin:
- Easy Testimonial Slider and Form
- Plugin Slug:
- easy-testimonial-rotator
- Installations
- 900+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.0.3
- Severity Score:
- High
- CVE:
- 2015-10147
All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier
- Plugin Slug:
- aio-time-clock-lite
- Installations
- 800+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.4
- Severity Score:
- Medium
- CVE:
- 2025-11758
Thumbnail Slider With Lightbox
- Plugin:
- Thumbnail Slider With Lightbox
- Plugin Slug:
- wp-responsive-slider-with-lightbox
- Installations
- 800+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.0.5
- Severity Score:
- High
- CVE:
- 2015-10146
Doppler Forms
- Plugin:
- Doppler Forms
- Plugin Slug:
- doppler-form
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.0
- Severity Score:
- Medium
- CVE:
- 2025-9544
Employee Spotlight – Team Member Showcase & Meet the Team Plugin
- Plugin Slug:
- employee-spotlight
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.3
- Severity Score:
- Medium
- CVE:
- 2025-12090
RealPress – Real Estate Plugin
- Plugin:
- RealPress – Real Estate Plugin
- Plugin Slug:
- realpress
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
- 2025-11191
IDonate – Blood Donation, Request And Donor Management System
- Plugin Slug:
- idonate
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.13
- Severity Score:
- Medium
- CVE:
- 2025-11154
Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue
- Plugin Slug:
- site-checkup
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.48
- Severity Score:
- Medium
- CVE:
- 2025-11627
Schema Scalpel
- Plugin:
- Schema Scalpel
- Plugin Slug:
- schema-scalpel
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
- CVE:
- 2025-12118
Community Events
- Plugin:
- Community Events
- Plugin Slug:
- community-events
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.3
- Severity Score:
- High
- CVE:
- 2025-11995
Simple Payment
- Plugin:
- Simple Payment
- Plugin Slug:
- simple-payment
- Installations
- 30+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.4.7
- Severity Score:
- High
- CVE:
- 2025-62075
Simple Payment
- Plugin:
- Simple Payment
- Plugin Slug:
- simple-payment
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.7
- Severity Score:
- High
- CVE:
- 2025-62076
ERI File Library
- Plugin:
- ERI File Library
- Plugin Slug:
- eri-file-library
- Installations
- 10+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2025-12041
Folderly
- Plugin:
- Folderly
- Plugin Slug:
- folderly
- Installations
- 10+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.3.1
- Severity Score:
- Low
- CVE:
- 2025-12038
Consulting Elementor Widgets
- Plugin:
- Consulting Elementor Widgets
- Plugin Slug:
- consulting-elementor-widgets
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.3
- Severity Score:
- Medium
- CVE:
- 2025-64361
Consulting Elementor Widgets
- Plugin:
- Consulting Elementor Widgets
- Plugin Slug:
- consulting-elementor-widgets
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.4.3
- Severity Score:
- High
- CVE:
- 2025-64360
Doccure Core
- Plugin:
- Doccure Core
- Plugin Slug:
- doccure
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.5.4
- Severity Score:
- Critical
- CVE:
- 2025-8900
Jannah – Extensions
- Plugin:
- Jannah – Extensions
- Plugin Slug:
- jannah-extensions
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2025-64208
K Elements
- Plugin:
- K Elements
- Plugin Slug:
- k-elements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.0
- Severity Score:
- Medium
- CVE:
- 2025-64362
Ohio Extra
- Plugin:
- Ohio Extra
- Plugin Slug:
- ohio-extra
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.1
- Severity Score:
- Medium
- CVE:
- 2025-64365
Analytify Pro
- Plugin:
- Analytify Pro
- Plugin Slug:
- wp-analytify-pro
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.0.4
- Severity Score:
- Medium
- CVE:
- 2025-12521
User Extra Fields
- Plugin:
- User Extra Fields
- Plugin Slug:
- wp-user-extra-fields
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 16.8
- Severity Score:
- High
- CVE:
- 2025-7846
Zombify
- Plugin:
- Zombify
- Plugin Slug:
- zombify
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.7.6
- Severity Score:
- Medium
- CVE:
- 2025-8385
WordPress Themes — 9 Patched / 1 Unpatched
Kallyas
- Theme:
- Kallyas
- Theme Slug:
- kallyas
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6990
Consulting
- Theme:
- Consulting
- Theme Slug:
- consulting
- Downloads
- 427,663
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 6.7.5
- Severity Score:
- High
- CVE:
- 2025-64359
Kallyas
- Theme:
- Kallyas
- Theme Slug:
- kallyas
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.24.0
- Severity Score:
- Medium
- CVE:
- 2025-6988
Kleo
- Theme:
- Kleo
- Theme Slug:
- kleo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.5.0
- Severity Score:
- High
- CVE:
- 2025-64363
Masterstudy
- Theme:
- Masterstudy
- Theme Slug:
- masterstudy
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.8.126
- Severity Score:
- High
- CVE:
- 2025-64364
Jobmonster
- Theme:
- Jobmonster
- Theme Slug:
- noo-jobmonster
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 4.8.2
- Severity Score:
- Critical
- CVE:
- 2025-5397
Sahifa
- Theme:
- Sahifa
- Theme Slug:
- sahifa
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.8.6
- Severity Score:
- Medium
- CVE:
- 2025-64202
SmartMag
- Theme:
- SmartMag
- Theme Slug:
- smart-mag
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 10.3.1
- Severity Score:
- High
- CVE:
- 2025-64216
SmartMag
- Theme:
- SmartMag
- Theme Slug:
- smart-mag
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 10.3.2
- Severity Score:
- Medium
- CVE:
- 2025-64204
wpresidence
- Theme:
- wpresidence
- Theme Slug:
- wpresidence
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.3.2.1
- Severity Score:
- Medium
- CVE:
- 2025-64199
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
