In this report, 139 vulnerabilities have been publicly disclosed. Security patches for 87 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 52 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.3 was released on September 30, 2025! This is a security release that features two fixes. As this is a security release, we recommend updating your sites immediately. For more information on WordPress 6.8.3, please visit the version page on the HelpHub site.
WordPress Plugins — 79 Patched / 50 Unpatched
Binary MLM Plan
- Plugin:
- Binary MLM Plan
- Plugin Slug:
- binary-mlm-plan
- Installations
- 80+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11895
Block Country
- Plugin:
- Block Country
- Plugin Slug:
- block-country
- Installations
- 70+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48077
Simple Stripe
- Plugin:
- Simple Stripe
- Plugin Slug:
- simple-stripe
- Installations
- 70+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48085
Stock History & Reports Manager for WooCommerce
- Plugin Slug:
- stock-snapshot-for-woocommerce
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10167
replyMail
- Plugin:
- replyMail
- Plugin Slug:
- replymail
- Installations
- 60+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-31029
Slick Google Map
- Plugin:
- Slick Google Map
- Plugin Slug:
- slick-google-map
- Installations
- 60+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48078
wpNamedUsers
- Plugin:
- wpNamedUsers
- Plugin Slug:
- wpnamedusers
- Installations
- 60+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48083
WP BookWidgets
- Plugin:
- WP BookWidgets
- Plugin Slug:
- wp-bookwidgets
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10139
Woocommerce Category and Products Accordion Panel
- Plugin:
- Woocommerce Category and Products Accordion Panel
- Plugin Slug:
- accordion-panel-for-category-and-products
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-11722
Code Quality Control Tool
- Plugin:
- Code Quality Control Tool
- Plugin Slug:
- code-quality-control-tool
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8484
Course Redirects for Learndash
- Plugin:
- Course Redirects for Learndash
- Plugin Slug:
- course-redirects-for-learndash
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10376
Custom 404 Pro
- Plugin:
- Custom 404 Pro
- Plugin Slug:
- custom-404-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9947
Demo Import Kit
- Plugin:
- Demo Import Kit
- Plugin Slug:
- demo-import-kit
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10051
Dhivehi Text
- Plugin:
- Dhivehi Text
- Plugin Slug:
- dhivehi-text
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10132
Digiseller
- Plugin:
- Digiseller
- Plugin Slug:
- digiseller
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10141
DocoDoco Store Locator
- Plugin:
- DocoDoco Store Locator
- Plugin Slug:
- docodoco-store-locator
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10754
Dynamically Display Posts
- Plugin:
- Dynamically Display Posts
- Plugin Slug:
- dynamically-display-posts
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-11501
External Login
- Plugin:
- External Login
- Plugin Slug:
- external-login
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-11177
External Login
- Plugin:
- External Login
- Plugin Slug:
- external-login
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11196
Find And Replace content for WordPress
- Plugin:
- Find And Replace content for WordPress
- Plugin Slug:
- find-and-replace-content
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10313
FunKItools
- Plugin:
- FunKItools
- Plugin Slug:
- funkitools
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10301
Keyy Two Factor Authentication (like Clef)
- Plugin:
- Keyy Two Factor Authentication (like Clef)
- Plugin Slug:
- keyy
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10293
Library Management System
- Plugin:
- Library Management System
- Plugin Slug:
- library-management-system
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10303
YourMembership Single Sign On
- Plugin:
- YourMembership Single Sign On
- Plugin Slug:
- login-with-yourmembership
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10648
Memberlite Shortcodes
- Plugin:
- Memberlite Shortcodes
- Plugin Slug:
- memberlite-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48087
Oceanpayment CreditCard Gateway
- Plugin:
- Oceanpayment CreditCard Gateway
- Plugin Slug:
- oceanpayment-creditcard-gateway
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11728
onOffice for WP-Websites
- Plugin:
- onOffice for WP-Websites
- Plugin Slug:
- onoffice-for-wp-websites
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10045
Orion SMS OTP Verification
- Plugin:
- Orion SMS OTP Verification
- Plugin Slug:
- orion-sms-otp-verification
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9967
OwnID Passwordless Login
- Plugin:
- OwnID Passwordless Login
- Plugin Slug:
- ownid-passwordless-login
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-10294
Page Blocks
- Plugin:
- Page Blocks
- Plugin Slug:
- page-blocks
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9626
Quick Social Login
- Plugin:
- Quick Social Login
- Plugin Slug:
- quick-login
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10140
Related Posts Lite
- Plugin:
- Related Posts Lite
- Plugin Slug:
- related-posts-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11926
Shortcode Button
- Plugin:
- Shortcode Button
- Plugin Slug:
- shortcode-button
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10194
TARIFFUXX
- Plugin:
- TARIFFUXX
- Plugin Slug:
- tariffuxx
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10682
Task Scheduler
- Plugin:
- Task Scheduler
- Plugin Slug:
- task-scheduler
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10056
Theme Importer
- Plugin:
- Theme Importer
- Plugin Slug:
- theme-importer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10312
TopBar
- Plugin:
- TopBar
- Plugin Slug:
- topbar
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10300
Truelysell Core
- Plugin:
- Truelysell Core
- Plugin Slug:
- truelysell-core
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-10742
TwentyFourth WP Scraper
- Plugin:
- TwentyFourth WP Scraper
- Plugin Slug:
- twentyfourth-wp-scraper
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9975
URLYar URL Shortner
- Plugin:
- URLYar URL Shortner
- Plugin Slug:
- urlyar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10133
WooCommerce Designer Pro
- Plugin:
- WooCommerce Designer Pro
- Plugin Slug:
- wc-designer-pro
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6439
WidgetPack Comment System
- Plugin:
- WidgetPack Comment System
- Plugin Slug:
- widgetpack-comment-system
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9621
WP Dashboard Chat
- Plugin:
- WP Dashboard Chat
- Plugin Slug:
- wp-dashboard-chat
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10660
WP Easy Toggles
- Plugin:
- WP Easy Toggles
- Plugin Slug:
- wp-easy-toggles
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10190
WP Google Map
- Plugin:
- WP Google Map
- Plugin Slug:
- wp-google-map
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-11365
WP jQuery Pager
- Plugin:
- WP jQuery Pager
- Plugin Slug:
- wp-jquery-pdf-paged
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10575
WP Private Content Plus
- Plugin:
- WP Private Content Plus
- Plugin Slug:
- wp-private-content-plus
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10720
WordPress Live Webcam Widget & Shortcode
- Plugin:
- WordPress Live Webcam Widget & Shortcode
- Plugin Slug:
- wp-webcam-widget-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10129
Zip Attachments
- Plugin:
- Zip Attachments
- Plugin Slug:
- zip-attachments
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11701
Zip Attachments
- Plugin:
- Zip Attachments
- Plugin Slug:
- zip-attachments
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-11692
Ally – Web Accessibility & Usability
- Plugin Slug:
- pojo-accessibility
- Installations
- 400,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.1
- Severity Score:
- Medium
- CVE:
- 2025-10700
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
- Plugin Slug:
- shortpixel-image-optimiser
- Installations
- 300,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.5
- Severity Score:
- Medium
- CVE:
- 2025-11378
SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more
- Plugin:
- SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more
- Plugin Slug:
- sureforms
- Installations
- 300,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.12.2
- Severity Score:
- Medium
- CVE:
- 2025-10732
WP Go Maps (formerly WP Google Maps)
- Plugin Slug:
- wp-google-maps
- Installations
- 300,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 9.0.49
- Severity Score:
- Medium
- CVE:
- 2025-11703
Redirection for Contact Form 7
- Plugin:
- Redirection for Contact Form 7
- Plugin Slug:
- wpcf7-redirect
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.7
- Severity Score:
- Medium
- CVE:
- 2025-9562
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
- Plugin Slug:
- essential-blocks
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.7.2
- Severity Score:
- Medium
- CVE:
- 2025-11270
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
- Plugin Slug:
- essential-blocks
- Installations
- 200,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 5.7.2
- Severity Score:
- Medium
- CVE:
- 2025-11361
FileBird – WordPress Media Library Folders & File Manager
- Plugin Slug:
- filebird
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.5.0
- Severity Score:
- Medium
- CVE:
- 2025-11510
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization
- Plugin Slug:
- optimole-wp
- Installations
- 200,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 4.1.1
- Severity Score:
- Medium
- CVE:
- 2025-11519
Element Pack Addons for Elementor
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 8.2.6
- Severity Score:
- Medium
- CVE:
- 2025-11536
Colibri Page Builder
- Plugin:
- Colibri Page Builder
- Plugin Slug:
- colibri-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.335
- Severity Score:
- Medium
- CVE:
- 2025-9560
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.3.16
- Severity Score:
- Medium
- CVE:
- 2025-9698
WPC Smart Quick View for WooCommerce
- Plugin Slug:
- woo-smart-quick-view
- Installations
- 100,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 4.2.6
- Severity Score:
- Medium
- CVE:
- 2025-11741
WPC Smart Wishlist for WooCommerce
- Plugin Slug:
- woo-smart-wishlist
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.5
- Severity Score:
- Medium
- CVE:
- 2025-11742
Event Tickets and Registration
- Plugin:
- Event Tickets and Registration
- Plugin Slug:
- event-tickets
- Installations
- 90,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 5.26.6
- Severity Score:
- High
- CVE:
- 2025-11517
Event Tickets and Registration
- Plugin:
- Event Tickets and Registration
- Plugin Slug:
- event-tickets
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.26.4
- Severity Score:
- Medium
- CVE:
- 2025-62027
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.9.4
- Severity Score:
- Medium
- CVE:
- 2025-11372
Media Library Assistant
- Plugin:
- Media Library Assistant
- Plugin Slug:
- media-library-assistant
- Installations
- 70,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 3.30
- Severity Score:
- Medium
- CVE:
- 2025-11738
Quick Featured Images
- Plugin:
- Quick Featured Images
- Plugin Slug:
- quick-featured-images
- Installations
- 50,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 13.7.3
- Severity Score:
- Medium
- CVE:
- 2025-11176
Theme Editor
- Plugin:
- Theme Editor
- Plugin Slug:
- theme-editor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1
- Severity Score:
- High
- CVE:
- 2025-9890
Advanced Coupons – WooCommerce Coupons & Store Credit
- Plugin Slug:
- advanced-coupons-for-woocommerce-free
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.6.9
- Severity Score:
- High
- CVE:
- 2025-62015
One Page Express Companion
- Plugin:
- One Page Express Companion
- Plugin Slug:
- one-page-express-companion
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.44
- Severity Score:
- Medium
- CVE:
- 2025-62052
Pz-LinkCard
- Plugin:
- Pz-LinkCard
- Plugin Slug:
- pz-linkcard
- Installations
- 20,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.5.7
- Severity Score:
- Medium
- CVE:
- 2025-8594
SmartCrawl SEO checker, analyzer & optimizer
- Plugin Slug:
- smartcrawl-seo
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.14.4
- Severity Score:
- Medium
- CVE:
- 2025-62048
PPOM – Product Addons & Custom Fields for WooCommerce
- Plugin Slug:
- woocommerce-product-addon
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 33.0.16
- Severity Score:
- Critical
- CVE:
- 2025-11691
PPOM – Product Addons & Custom Fields for WooCommerce
- Plugin Slug:
- woocommerce-product-addon
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 33.0.16
- Severity Score:
- Critical
- CVE:
- 2025-11391
Web Accessibility by accessiBe
- Plugin:
- Web Accessibility by accessiBe
- Plugin Slug:
- accessibe
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.11
- Severity Score:
- Medium
- CVE:
- 2025-10375
BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor
- Plugin Slug:
- blockspare
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.14
- Severity Score:
- Medium
- CVE:
- 2025-62026
Simple SEO
- Plugin:
- Simple SEO
- Plugin Slug:
- cds-simple-seo
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.32
- Severity Score:
- Medium
- CVE:
- 2025-10357
E2Pdf – Export Pdf Tool for WordPress
- Plugin Slug:
- e2pdf
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.28.10
- Severity Score:
- Medium
- CVE:
- 2025-62068
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.6.21
- Severity Score:
- Medium
- CVE:
- 2025-59575
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic
- Plugin Slug:
- shopmagic-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.5.7
- Severity Score:
- Medium
- CVE:
- 2025-59578
Simple Job Board
- Plugin:
- Simple Job Board
- Plugin Slug:
- simple-job-board
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.13.8
- Severity Score:
- High
- CVE:
- 2025-59579
WP SMS – Ultimate SMS & MMS Notifications, OTP, 2FA, and WooCommerce & Forms Integrations
- Plugin Slug:
- wp-sms
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.0.2
- Severity Score:
- Medium
- CVE:
- 2025-62006
UiChemy — Figma Converter for Elementor, Gutenberg and Bricks
- Plugin Slug:
- uichemy
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.1
- Severity Score:
- Medium
- CVE:
- 2025-62013
Error Log Viewer by BestWebSoft
- Plugin:
- Error Log Viewer by BestWebSoft
- Plugin Slug:
- error-log-viewer
- Installations
- 6,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- CVE:
- 2025-9950
Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar
- Plugin Slug:
- booking-manager
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.15
- Severity Score:
- Medium
- CVE:
- 2025-10124
GSpeech TTS – WordPress Text To Speech Plugin
- Plugin Slug:
- gspeech
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.18.0
- Severity Score:
- High
- CVE:
- 2025-10187
Kognetiks Chatbot
- Plugin:
- Kognetiks Chatbot
- Plugin Slug:
- chatbot-chatgpt
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.6
- Severity Score:
- Medium
- CVE:
- 2025-11256
Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress
- Plugin Slug:
- easy-post-submission
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.0
- Severity Score:
- Medium
- CVE:
- 2025-62062
Event post
- Plugin:
- Event post
- Plugin Slug:
- event-post
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.10.4
- Severity Score:
- Medium
- CVE:
- 2025-62042
GSheetConnector For Gravity Forms
- Plugin Slug:
- gsheetconnector-gravity-forms
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.24
- Severity Score:
- Medium
- CVE:
- 2025-8606
GSheetConnector For Gravity Forms
- Plugin Slug:
- gsheetconnector-gravity-forms
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.28
- Severity Score:
- High
- CVE:
- 2025-8593
Events Calendar Made Simple – Pie Calendar
- Plugin Slug:
- pie-calendar
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2025-62024
Product Catalog Simple
- Plugin:
- Product Catalog Simple
- Plugin Slug:
- post-type-x
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.8.5
- Severity Score:
- Medium
- CVE:
- 2025-62061
Product Bundles, Quantity/Bulk Discount, BOGO, Buy X Get Y – WowRevenue
- Plugin Slug:
- revenue
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.14
- Severity Score:
- Medium
- CVE:
- 2025-62070
Reviews Widgets for Google & 45+ platforms by Repuso
- Plugin Slug:
- social-testimonials-and-reviews-widget
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.30
- Severity Score:
- Medium
- CVE:
- 2025-62071
Tab Ultimate
- Plugin:
- Tab Ultimate
- Plugin Slug:
- tabs-pro
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9
- Severity Score:
- Medium
- CVE:
- 2025-62060
MDTF – Meta Data and Taxonomies Filter
- Plugin Slug:
- wp-meta-data-filter-and-taxonomy-filter
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3.9
- Severity Score:
- Medium
- CVE:
- 2025-62069
WP Travel Gutenberg Blocks
- Plugin:
- WP Travel Gutenberg Blocks
- Plugin Slug:
- wp-travel-blocks
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.3
- Severity Score:
- Medium
- CVE:
- 2025-62063
WPC Countdown Timer for WooCommerce
- Plugin Slug:
- wpc-countdown-timer
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.5
- Severity Score:
- Medium
- CVE:
- 2025-49908
WPCasa
- Plugin:
- WPCasa
- Plugin Slug:
- wpcasa
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- Medium
- CVE:
- 2025-62043
WhyDonate – FREE Donate button – Crowdfunding – Fundraising
- Plugin Slug:
- wp-whydonate
- Installations
- 800+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.16
- Severity Score:
- Medium
- CVE:
- 2025-49899
Product Table For WooCommerce
- Plugin:
- Product Table For WooCommerce
- Plugin Slug:
- product-table-for-woocommerce
- Installations
- 600+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.2.5
- Severity Score:
- High
- CVE:
- 2025-62008
PowerBI Embed Reports
- Plugin:
- PowerBI Embed Reports
- Plugin Slug:
- embed-power-bi-reports
- Installations
- 500+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.2.1
- Severity Score:
- Medium
- CVE:
- 2025-10750
Front End Users
- Plugin:
- Front End Users
- Plugin Slug:
- front-end-only-users
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.34
- Severity Score:
- Medium
- CVE:
- 2025-62072
MeetingHub for Zoom Meeting, Google Meet, Jitsi Meet, Webex, & Microsoft Teams | The All-in-One Webinar & Video Conference Solution
- Plugin Slug:
- meetinghub
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.23.10
- Severity Score:
- Medium
- CVE:
- 2025-62073
UPC/EAN/GTIN Barcode Generator/Importer
- Plugin Slug:
- upc-ean-barcode-generator
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.3
- Severity Score:
- Medium
- CVE:
- 2025-62009
Content Writer
- Plugin:
- Content Writer
- Plugin Slug:
- content-writer
- Installations
- 300+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.6.9
- Severity Score:
- Medium
- CVE:
- 2025-10486
Acknowledgify
- Plugin:
- Acknowledgify
- Plugin Slug:
- acknowledgify
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.4
- Severity Score:
- Medium
- CVE:
- 2025-62021
WPBifröst – Instant Passwordless Temporary Login Links
- Plugin Slug:
- create-temporary-login
- Installations
- 40+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.8
- Severity Score:
- Critical
- CVE:
- 2025-10299
XX2WP Integration Tools
- Plugin:
- XX2WP Integration Tools
- Plugin Slug:
- fb2wp-integration-tools
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.0
- Severity Score:
- Medium
- CVE:
- 2025-11857
Flex QR Code Generator
- Plugin:
- Flex QR Code Generator
- Plugin Slug:
- flex-qr-code-generator
- Installations
- 30+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.2.6
- Severity Score:
- Critical
- CVE:
- 2025-10041
Voice Feedback – Voice Recorder for Audio Feedback
- Plugin Slug:
- voice-feedback
- Installations
- 10+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.0.0
- Severity Score:
- High
- CVE:
- 2025-62007
BlindMatrix e-Commerce
- Plugin:
- BlindMatrix e-Commerce
- Plugin Slug:
- window-blinds-solution
- Installations
- 10+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.1
- Severity Score:
- High
- CVE:
- 2025-10406
Felan Framework
- Plugin:
- Felan Framework
- Plugin Slug:
- felan-framework
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2025-10849
Felan Framework
- Plugin:
- Felan Framework
- Plugin Slug:
- felan-framework
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.1.5
- Severity Score:
- Critical
- CVE:
- 2025-10850
Houzez Theme – Functionality
- Plugin:
- Houzez Theme – Functionality
- Plugin Slug:
- houzez-theme-functionality
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.0
- Severity Score:
- Medium
- CVE:
- 2025-62058
Houzez Theme – Functionality
- Plugin:
- Houzez Theme – Functionality
- Plugin Slug:
- houzez-theme-functionality
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.2.0
- Severity Score:
- High
- CVE:
- 2025-62054
WPBakery Page Builder
- Plugin:
- WPBakery Page Builder
- Plugin Slug:
- js_composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.7
- Severity Score:
- Medium
- CVE:
- 2025-10006
WPBakery Page Builder
- Plugin:
- WPBakery Page Builder
- Plugin Slug:
- js_composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.7
- Severity Score:
- Medium
- CVE:
- 2025-11161
WPBakery Page Builder
- Plugin:
- WPBakery Page Builder
- Plugin Slug:
- js_composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.7
- Severity Score:
- Medium
- CVE:
- 2025-11160
Lisfinity Core
- Plugin:
- Lisfinity Core
- Plugin Slug:
- lisfinity-core
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.5.0
- Severity Score:
- High
- CVE:
- 2025-6042
Ova Advent
- Plugin:
- Ova Advent
- Plugin Slug:
- ova-advent
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.8
- Severity Score:
- Medium
- CVE:
- 2025-8561
SUMO Memberships for WooCommerce
- Plugin:
- SUMO Memberships for WooCommerce
- Plugin Slug:
- sumomemberships
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.8.0
- Severity Score:
- High
- CVE:
- 2025-62005
tagDiv Cloud Library
- Plugin:
- tagDiv Cloud Library
- Plugin Slug:
- td-cloud-library
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0
- Severity Score:
- Medium
- CVE:
- 2025-62032
tagDiv Composer
- Plugin:
- tagDiv Composer
- Plugin Slug:
- td-composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.2
- Severity Score:
- Medium
- CVE:
- 2025-62030
TheGem Theme Elements (for WPBakery)
- Plugin:
- TheGem Theme Elements (for WPBakery)
- Plugin Slug:
- thegem-elements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.10.5.2
- Severity Score:
- Medium
- CVE:
- 2025-62044
UDesign Core
- Plugin:
- UDesign Core
- Plugin Slug:
- u-design-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.14.2
- Severity Score:
- Medium
- CVE:
- 2025-62051
WordPress Themes — 8 Patched / 2 Unpatched
ClassifiedPro
- Theme:
- ClassifiedPro
- Theme Slug:
- classified-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10706
Rich Snippet Site Report
- Theme:
- Rich Snippet Site Report
- Theme Slug:
- easysnippet
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10310
HomeLancer
- Theme:
- HomeLancer
- Theme Slug:
- homelancer
- Downloads
- 3,788
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2025-49375
Newsup
Education WordPress Theme | HiStudy
- Theme:
- Education WordPress Theme | HiStudy
- Theme Slug:
- histudy
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.1.0
- Severity Score:
- Critical
- CVE:
- 2025-48089
Kallyas
- Theme:
- Kallyas
- Theme Slug:
- kallyas
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.23.0
- Severity Score:
- Medium
- CVE:
- 2025-62018
Kallyas
- Theme:
- Kallyas
- Theme Slug:
- kallyas
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.23.0
- Severity Score:
- Medium
- CVE:
- 2025-62017
Salient
- Theme:
- Salient
- Theme Slug:
- salient
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 17.4.0
- Severity Score:
- Medium
- CVE:
- 2025-62028
WoodMart
- Theme:
- WoodMart
- Theme Slug:
- woodmart
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 8.3.2
- Severity Score:
- High
- CVE:
- 2025-49935
XStore
- Theme:
- XStore
- Theme Slug:
- xstore
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 9.6
- Severity Score:
- High
- CVE:
- 2025-11746
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
