In this report, 99 vulnerabilities have been publicly disclosed. Security patches for 32 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Currently, 67 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.3 is now available! This is a security release that features two fixes. As this is a security release, we recommend updating your sites immediately. For more information on WordPress 6.8.3, please visit the version page on the HelpHub site.
WordPress Plugins — 31 Patched / 66 Unpatched
The Pack Elementor addon
- Plugin:
- The Pack Elementor addon
- Plugin Slug:
- the-pack-addon
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8214
Yoga Schedule Momoyoga
- Plugin:
- Yoga Schedule Momoyoga
- Plugin Slug:
- momoyoga-integration
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9852
Layers
- Plugin:
- Layers
- Plugin Slug:
- layers
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10130
Smart Docs
- Plugin:
- Smart Docs
- Plugin Slug:
- smart-docs
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9333
Simple Multilanguage Plugin
- Plugin:
- Simple Multilanguage Plugin
- Plugin Slug:
- a-simple-multilanguage
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9854
Ajax WooSearch
- Plugin:
- Ajax WooSearch
- Plugin Slug:
- ajax-woosearch
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9697
All in One Music Player
- Plugin:
- All in One Music Player
- Plugin Slug:
- all-in-one-music-player
- Vulnerability:
- Path Traversal
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8559
All Social Share Options
- Plugin:
- All Social Share Options
- Plugin Slug:
- all-social-share-options
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10131
Eulerpool Research Systems
- Plugin:
- Eulerpool Research Systems
- Plugin Slug:
- alleaktien-quantitativ
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10128
Any News Ticker
- Plugin:
- Any News Ticker
- Plugin Slug:
- any-news-ticker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10168
AP Background
- Plugin:
- AP Background
- Plugin Slug:
- ap-background
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10165
AP Background
- Plugin:
- AP Background
- Plugin Slug:
- ap-background
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9897
AP Background
- Plugin:
- AP Background
- Plugin Slug:
- ap-background
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9561
Appy Pie Connect for WooCommerce
- Plugin:
- Appy Pie Connect for WooCommerce
- Plugin Slug:
- appy-pie-connect-for-woocommerce
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9286
Auto Bulb Finder for WordPress
- Plugin:
- Auto Bulb Finder for WordPress
- Plugin Slug:
- auto-bulb-finder-for-wp-wc
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9858
Backup Bolt
- Plugin:
- Backup Bolt
- Plugin Slug:
- backup-bolt
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10306
Bei Fen
- Plugin:
- Bei Fen
- Plugin Slug:
- bei-fen
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9993
BP Direct Menus
- Plugin:
- BP Direct Menus
- Plugin Slug:
- bp-direct-menus
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10189
Chat by Chatwee
- Plugin:
- Chat by Chatwee
- Plugin Slug:
- chatwee
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9948
Comment Info Detector
- Plugin:
- Comment Info Detector
- Plugin Slug:
- comment-info-detector
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10311
ContentMX Content Publisher
- Plugin:
- ContentMX Content Publisher
- Plugin Slug:
- contentmx-content-publisher
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9889
Copypress Rest API
- Plugin:
- Copypress Rest API
- Plugin Slug:
- copypress-rest-api
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-8625
CTL Behance Importer Lite
- Plugin:
- CTL Behance Importer Lite
- Plugin Slug:
- ctl-behance-importer-lite
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9587
Custom Searchable Data Entry System
- Plugin:
- Custom Searchable Data Entry System
- Plugin Slug:
- custom-searchable-data-entry-system
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2020-36852
dbview
- Plugin:
- dbview
- Plugin Slug:
- dbview
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10182
Easy Elementor Addons
- Plugin:
- Easy Elementor Addons
- Plugin Slug:
- easy-elementor-addons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9045
Epic Bootstrap Buttons
- Plugin:
- Epic Bootstrap Buttons
- Plugin Slug:
- epic-bootstrap-buttons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8776
FancyTabs
- Plugin:
- FancyTabs
- Plugin Slug:
- fancytabs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8560
Flexi – Guest Submit
- Plugin:
- Flexi – Guest Submit
- Plugin Slug:
- flexi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9129
GutenBee
- Plugin:
- GutenBee
- Plugin Slug:
- gutenbee
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8566
Interactive Medical Drawing of Human Body
- Plugin:
- Interactive Medical Drawing of Human Body
- Plugin Slug:
- interactive-medical-drawing-of-human-body
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9332
Ird Slider
- Plugin:
- Ird Slider
- Plugin Slug:
- ird-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9876
LockerPress
- Plugin:
- LockerPress
- Plugin Slug:
- lockerpress-wordpress-security
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9946
Meks Easy Maps
- Plugin:
- Meks Easy Maps
- Plugin Slug:
- meks-easy-maps
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9206
Mihdan: Elementor Yandex Maps
- Plugin:
- Mihdan: Elementor Yandex Maps
- Plugin Slug:
- mihdan-elementor-yandex-maps
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8608
Mobile Site Redirect
- Plugin:
- Mobile Site Redirect
- Plugin Slug:
- mobile-site-redirect
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9884
MPWizard
- Plugin:
- MPWizard
- Plugin Slug:
- mpwizard
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9885
My AskAI
- Plugin:
- My AskAI
- Plugin Slug:
- my-askai
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10179
SiteAlert (Formerly WP Health)
- Plugin:
- SiteAlert (Formerly WP Health)
- Plugin Slug:
- my-wp-health-check
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10212
Nexa Blocks
- Plugin:
- Nexa Blocks
- Plugin Slug:
- nexa-blocks
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8624
Optimize More! – CSS
- Plugin:
- Optimize More! – CSS
- Plugin Slug:
- optimize-more-css
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9945
PayPal Forms
- Plugin:
- PayPal Forms
- Plugin Slug:
- paypal-forms
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10309
planetcalc
- Plugin:
- planetcalc
- Plugin Slug:
- planetcalc
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8777
Post By Email
- Plugin:
- Post By Email
- Plugin Slug:
- post-by-email
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9762
Restrict User Registration
- Plugin:
- Restrict User Registration
- Plugin Slug:
- restrict-user-registration
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9892
RestroPress
- Plugin:
- RestroPress
- Plugin Slug:
- restropress
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9209
Notification Bar
- Plugin:
- Notification Bar
- Plugin Slug:
- simple-bar
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9895
Survey Anyplace
- Plugin:
- Survey Anyplace
- Plugin Slug:
- surveyanyplace
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10196
TableGen – Data Table Generator
- Plugin:
- TableGen – Data Table Generator
- Plugin Slug:
- table-creator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10053
Tiny Bootstrap Elements Light
- Plugin:
- Tiny Bootstrap Elements Light
- Plugin Slug:
- tiny-bootstrap-elements-light
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9991
Ultimate Multi Design Video Carousel
- Plugin:
- Ultimate Multi Design Video Carousel
- Plugin Slug:
- ultimate-multi-design-video-carousel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9372
Ultimate Viral Quiz
- Plugin:
- Ultimate Viral Quiz
- Plugin Slug:
- ultimate-viral-quiz
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10302
Unify
- Plugin:
- Unify
- Plugin Slug:
- unify
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9130
Ultra Addons Lite for Elementor
- Plugin:
- Ultra Addons Lite for Elementor
- Plugin Slug:
- ut-elementor-addons-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9077
WeedMaps Menu
- Plugin:
- WeedMaps Menu
- Plugin Slug:
- weedmaps-menu-embed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8623
Big Post Shipping for WooCommerce
- Plugin:
- Big Post Shipping for WooCommerce
- Plugin Slug:
- woo-bigpost-shipping
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10191
Woo superb slideshow transition gallery with random effect
- Plugin:
- Woo superb slideshow transition gallery with random effect
- Plugin Slug:
- woo-superb-slideshow-transition-gallery-with-random-effect
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9199
Wp cycle text announcement
- Plugin:
- Wp cycle text announcement
- Plugin Slug:
- wp-cycle-text-announcement
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9198
WP Dispatcher
- Plugin:
- WP Dispatcher
- Plugin Slug:
- wp-dispatcher
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9212
WP Dispatcher
- Plugin:
- WP Dispatcher
- Plugin Slug:
- wp-dispatcher
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-10582
WP Photo Effects
- Plugin:
- WP Photo Effects
- Plugin Slug:
- wp-photo-effects
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-10192
WP SinoType
- Plugin:
- WP SinoType
- Plugin Slug:
- wp-sinotype
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9630
WordPress Schema Plugin For Divi, Gutenberg & Shortcodes
- Plugin:
- WordPress Schema Plugin For Divi, Gutenberg & Shortcodes
- Plugin Slug:
- wp-structured-data-schema
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7825
WPRecovery
- Plugin:
- WPRecovery
- Plugin Slug:
- wprecovery
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-10726
X Addons for Elementor
- Plugin:
- X Addons for Elementor
- Plugin Slug:
- x-addons-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9204
Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App
- Plugin:
- Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App
- Plugin Slug:
- yournewsapp
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9200
Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)
- Plugin Slug:
- header-footer-elementor
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.0
- Severity Score:
- Medium
- CVE:
- 2025-9703
WP Reset
- Plugin:
- WP Reset
- Plugin Slug:
- wp-reset
- Installations
- 400,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.06
- Severity Score:
- Medium
- CVE:
- 2025-10645
Blocksy Companion
- Plugin:
- Blocksy Companion
- Plugin Slug:
- blocksy-companion
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.15
- Severity Score:
- Medium
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.10.1
- Severity Score:
- Medium
- CVE:
- 2025-11227
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.10.1
- Severity Score:
- Medium
- CVE:
- 2025-11228
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.2.0
- Severity Score:
- High
- CVE:
- 2025-7052
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 100,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 5.2.0
- Severity Score:
- High
- CVE:
- 2025-7038
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.0
- Severity Score:
- Medium
- CVE:
- 2025-6815
LatePoint – Calendar Booking Plugin for Appointments and Events
- Plugin Slug:
- latepoint
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.0
- Severity Score:
- Medium
- CVE:
- 2025-6941
Responsive Lightbox & Gallery
- Plugin:
- Responsive Lightbox & Gallery
- Plugin Slug:
- responsive-lightbox
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.3
- Severity Score:
- High
- CVE:
- 2025-9710
Schema & Structured Data for WP & AMP
- Plugin Slug:
- schema-and-structured-data-for-wp
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.50
- Severity Score:
- High
- CVE:
- 2025-9512
Featured Image from URL (FIFU)
- Plugin:
- Featured Image from URL (FIFU)
- Plugin Slug:
- featured-image-from-url
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.8
- Severity Score:
- Medium
- CVE:
- 2025-7400
SmartCrawl SEO checker, analyzer & optimizer
- Plugin Slug:
- smartcrawl-seo
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.14.4
- Severity Score:
- Medium
- CVE:
- 2025-11163
WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
- Plugin:
- WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
- Plugin Slug:
- wdesignkit
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.17
- Severity Score:
- Medium
- CVE:
- 2025-9029
Postie
WP Photo Album Plus
- Plugin:
- WP Photo Album Plus
- Plugin Slug:
- wp-photo-album-plus
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.0.11.007
- Severity Score:
- Medium
- CVE:
- 2025-8726
OAuth Single Sign On – SSO (OAuth Client)
- Plugin Slug:
- miniorange-login-with-eve-online-google-facebook
- Installations
- 7,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 6.26.13
- Severity Score:
- Critical
- CVE:
- 2025-9485
TextBuilder
- Plugin:
- TextBuilder
- Plugin Slug:
- textbuilder
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.0
- Severity Score:
- High
- CVE:
- 2025-9213
Block For Mailchimp – Easy Mailchimp Form Integration
- Plugin Slug:
- block-for-mailchimp
- Installations
- 2,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.1.13
- Severity Score:
- Medium
- CVE:
- 2025-10735
Contest Gallery – Upload, Vote & Sell with PayPal and Stripe
- Plugin Slug:
- contest-gallery
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 27.0.3
- Severity Score:
- Medium
- CVE:
- 2025-10383
JoomSport – for Sports: Team & League, Football, Hockey & more
- Plugin Slug:
- joomsport-sports-league-results-management
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.7.4
- Severity Score:
- High
- CVE:
- 2025-7721
ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns
- Plugin Slug:
- zoloblocks
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.11
- Severity Score:
- Medium
- CVE:
- 2025-9075
Majestic Before After Image
- Plugin:
- Majestic Before After Image
- Plugin Slug:
- majestic-before-after-image
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.3
- Severity Score:
- Medium
- CVE:
- 2025-9030
File Manager, Code Editor, and Backup by Managefy
- Plugin Slug:
- softdiscover-db-file-manager
- Installations
- 100+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
- CVE:
- 2025-10744
Integrate Dynamics 365 CRM
- Plugin:
- Integrate Dynamics 365 CRM
- Plugin Slug:
- integrate-dynamics-365-crm
- Installations
- 70+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
- 2025-10746
Event Tickets, RSVPs, Calendar
- Plugin:
- Event Tickets, RSVPs, Calendar
- Plugin Slug:
- ticket-spot
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.3
- Severity Score:
- Medium
- CVE:
- 2025-9875
AffiliateWP
- Plugin:
- AffiliateWP
- Plugin Slug:
- affiliate-wp
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.29.0
- Severity Score:
- Critical
- CVE:
- 2025-8877
Spirit Framework
- Plugin:
- Spirit Framework
- Plugin Slug:
- spirit-framework
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.2.15
- Severity Score:
- Critical
- CVE:
- 2025-6388
Trinity Audio
- Plugin:
- Trinity Audio
- Plugin Slug:
- trinity-audio
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.21.0
- Severity Score:
- Medium
- CVE:
- 2025-9886
Trinity Audio
- Plugin:
- Trinity Audio
- Plugin Slug:
- trinity-audio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.21.0
- Severity Score:
- High
- CVE:
- 2025-9952
Yoast SEO Premium
- Plugin:
- Yoast SEO Premium
- Plugin Slug:
- wordpress-seo-premium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 26.0
- Severity Score:
- Medium
- CVE:
- 2025-11241
WordPress Themes — 1 Patched / 1 Unpatched
Constructor
- Theme:
- Constructor
- Theme Slug:
- constructor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9194
Customify
- Theme:
- Customify
- Theme Slug:
- customify-theme
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 0.4.12
- Severity Score:
- Medium
- CVE:
- 2025-8669
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
