In this report, 297 vulnerabilities have been publicly disclosed. Security patches for 93 of these plugins and themes are now available, so please run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 204 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.2 was released on July 15, 2025. This maintenance release includes fixes for 20 Core tickets and 15 Block Editor issues. For a full list of bug fixes, please refer to the release candidate announcement.
WordPress Plugins — 83 Patched / 112 Unpatched
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
- Plugin Slug:
- gutentor
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58783
ARI Fancy Lightbox – Popup for WordPress
- Plugin Slug:
- ari-fancy-lightbox
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58784
Ray Enterprise Translation
- Plugin:
- Ray Enterprise Translation
- Plugin Slug:
- lingotek-translation
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58785
Themify Popup
- Plugin:
- Themify Popup
- Plugin Slug:
- themify-popup
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58787
Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions
- Plugin:
- Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions
- Plugin Slug:
- wp-full-stripe-free
- Installations
- 9,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58789
Ibtana – Ecommerce Product Addons
- Plugin Slug:
- ibtana-ecommerce-product-addons
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58786
License Manager for WooCommerce
- Plugin:
- License Manager for WooCommerce
- Plugin Slug:
- license-manager-for-woocommerce
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58788
Authors List
- Plugin:
- Authors List
- Plugin Slug:
- authors-list
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58792
Social Sharing Plugin – Kiwi
- Plugin:
- Social Sharing Plugin – Kiwi
- Plugin Slug:
- kiwi-social-share
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58790
Payoneer Checkout
- Plugin:
- Payoneer Checkout
- Plugin Slug:
- payoneer-checkout
- Installations
- 5,000+
- Vulnerability:
- Content Spoofing
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58795
Assistant – Every Day Productivity Apps
- Plugin Slug:
- assistant
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-53307
BCM Duplicate Menu
- Plugin:
- BCM Duplicate Menu
- Plugin Slug:
- bcm-duplicate-menu
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58798
Elementor Element Condition
- Plugin:
- Elementor Element Condition
- Plugin Slug:
- ele-conditions
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58796
Notification for Telegram
- Plugin:
- Notification for Telegram
- Plugin Slug:
- notification-for-telegram
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58794
SEO Auto Linker
- Plugin:
- SEO Auto Linker
- Plugin Slug:
- wpa-seo-auto-linker
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58791
WPB Elementor Addons
- Plugin:
- WPB Elementor Addons
- Plugin Slug:
- wpb-elementor-addons
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58793
Custom WooCommerce Checkout Fields Editor
- Plugin Slug:
- add-fields-to-checkout-page-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58799
Ninja Charts – WordPress Charts and Graphs Plugin
- Plugin Slug:
- ninja-charts
- Installations
- 3,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58797
Responder
- Plugin:
- Responder
- Plugin Slug:
- responder
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58801
TrustMate.io – WooCommerce integration
- Plugin Slug:
- trustmate-io-integration-for-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58802
Widgetize Pages Light
- Plugin:
- Widgetize Pages Light
- Plugin Slug:
- widgetize-pages-light
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58805
WP Email Template
- Plugin:
- WP Email Template
- Plugin Slug:
- wp-email-template
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58800
WordPress Error Monitoring by Bugsnag
- Plugin Slug:
- bugsnag
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58806
WordPress prettyPhoto
- Plugin:
- WordPress prettyPhoto
- Plugin Slug:
- prettyphoto
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58808
Purge Varnish Cache
- Plugin:
- Purge Varnish Cache
- Plugin Slug:
- purge-varnish
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58807
Brilliant Web-to-Lead for Salesforce
- Plugin Slug:
- salesforce-wordpress-to-lead
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58809
Simple Link List Widget
- Plugin:
- Simple Link List Widget
- Plugin Slug:
- simple-link-list-widget
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58810
Ultimate Client Dash
- Plugin:
- Ultimate Client Dash
- Plugin Slug:
- ulimate-client-dash
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58811
Aitasi Coming Soon
- Plugin:
- Aitasi Coming Soon
- Plugin Slug:
- aitasi-coming-soon
- Installations
- 1,000+
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58815
Great Restaurant Menu WP
- Plugin:
- Great Restaurant Menu WP
- Plugin Slug:
- best-restaurant-menu-by-pricelisto
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58812
Categorify – WordPress Media Library Category & File Manager
- Plugin Slug:
- categorify
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59005
Easy Flash Embed
- Plugin:
- Easy Flash Embed
- Plugin Slug:
- easy-flash-embed
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48105
Product Carousel Slider for Elementor
- Plugin Slug:
- ecommerce-product-carousel-slider-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2025-58816
GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership
- Plugin Slug:
- gourl-bitcoin-payment-gateway-paid-downloads-membership
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48102
StagTools
- Plugin:
- StagTools
- Plugin Slug:
- stagtools
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58814
Today’s Date Inserter
- Plugin:
- Today’s Date Inserter
- Plugin Slug:
- todays-date-inserter
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-48103
Bulk Featured Image
- Plugin:
- Bulk Featured Image
- Plugin Slug:
- bulk-featured-image
- Installations
- 900+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-58819
WP Notification Bell
- Plugin:
- WP Notification Bell
- Plugin Slug:
- wp-notification-bell
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58821
Developer Tools Blocker
- Plugin:
- Developer Tools Blocker
- Plugin Slug:
- swiftninjapro-inspect-element-console-blocker
- Installations
- 800+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58818
Carousel Ultimate
- Plugin:
- Carousel Ultimate
- Plugin Slug:
- carousel
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58820
WP Mail
- Plugin:
- WP Mail
- Plugin Slug:
- wp-mail
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58822
Comment Form WP – Customize Default Comment Form
- Plugin Slug:
- comment-form-wp
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58825
Get Cash
- Plugin:
- Get Cash
- Plugin Slug:
- get-cash
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58823
???? ???
- Plugin:
- ???? ???
- Plugin Slug:
- mshop-naver-talktalk
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58828
WP Publication Archive
- Plugin:
- WP Publication Archive
- Plugin Slug:
- wp-publication-archive
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58826
Job Board Manager
- Plugin:
- Job Board Manager
- Plugin Slug:
- job-board-manager
- Installations
- 400+
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2025-58827
Parallax Scrolling Enllax.js
- Plugin:
- Parallax Scrolling Enllax.js
- Plugin Slug:
- parallax-scrolling-enllax-js
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58831
Parallax Scrolling Enllax.js
- Plugin:
- Parallax Scrolling Enllax.js
- Plugin Slug:
- parallax-scrolling-enllax-js
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58830
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
- Plugin Slug:
- ai-auto-tool
- Installations
- 200+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58829
Bonus for Woo
- Plugin:
- Bonus for Woo
- Plugin Slug:
- bonus-for-woo
- Installations
- 200+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58835
Custom Team Manager
- Plugin:
- Custom Team Manager
- Plugin Slug:
- custom-team-manager
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58840
Donation Forms WP by Givecloud
- Plugin:
- Donation Forms WP by Givecloud
- Plugin Slug:
- donation-forms-by-givecloud
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58842
eDS Responsive Menu
- Plugin:
- eDS Responsive Menu
- Plugin Slug:
- eds-responsive-menu
- Installations
- 200+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58839
Invelity MyGLS connect
- Plugin:
- Invelity MyGLS connect
- Plugin Slug:
- invelity-mygls-connect
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58833
Media Author
- Plugin:
- Media Author
- Plugin Slug:
- media-author
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58841
Search by Google
- Plugin:
- Search by Google
- Plugin Slug:
- search-google
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58832
Smooth Accordion
- Plugin:
- Smooth Accordion
- Plugin Slug:
- smooth-accordion
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58838
SS Font Awesome Icon
- Plugin:
- SS Font Awesome Icon
- Plugin Slug:
- ss-font-awesome-icon
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58837
short.io
- Plugin:
- short.io
- Plugin Slug:
- wp-shortcm
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58834
Add to Feedly
- Plugin:
- Add to Feedly
- Plugin Slug:
- add-to-feedly
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58859
AP HoneyPot WordPress Plugin
- Plugin:
- AP HoneyPot WordPress Plugin
- Plugin Slug:
- ap-honeypot
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58855
Auto Last Youtube Video
- Plugin:
- Auto Last Youtube Video
- Plugin Slug:
- auto-last-youtube-video
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58843
Boxed Content
- Plugin:
- Boxed Content
- Plugin Slug:
- boxed-content
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58851
WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule
- Plugin:
- WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule
- Plugin Slug:
- buffer-my-post
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58846
Bulk Watermark
- Plugin:
- Bulk Watermark
- Plugin Slug:
- bulk-watermark
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58845
connectDaily Events Calendar Plugin
- Plugin Slug:
- connect-daily-web-calendar
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58862
Table of content
- Plugin:
- Table of content
- Plugin Slug:
- content-table
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58857
Database to Excel
- Plugin:
- Database to Excel
- Plugin Slug:
- database-to-excel
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58844
FW Anker
- Plugin:
- FW Anker
- Plugin Slug:
- fw-anker
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58836
Hide Real Download Path
- Plugin:
- Hide Real Download Path
- Plugin Slug:
- hide-real-download-path
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58849
MSTW League Manager
- Plugin:
- MSTW League Manager
- Plugin Slug:
- mstw-league-manager
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58852
Popping Sidebars and Widgets Light
- Plugin Slug:
- popping-sidebars-and-widgets-light
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58853
Quick Event Calendar
- Plugin:
- Quick Event Calendar
- Plugin Slug:
- quick-event-calendar
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58861
Showpass WordPress Extension
- Plugin:
- Showpass WordPress Extension
- Plugin Slug:
- showpass
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58850
Ultimate AJAX Login
- Plugin:
- Ultimate AJAX Login
- Plugin Slug:
- ultimate-ajax-login
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58854
WN Flipbox Pro
- Plugin:
- WN Flipbox Pro
- Plugin Slug:
- wn-flipbox-pro
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58847
Woocommerce Notify Updated Product
- Plugin Slug:
- woocommerce-notify-updated-product
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58856
WP likes
- Plugin:
- WP likes
- Plugin Slug:
- wp-likes
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58848
WPB Image Widget
- Plugin:
- WPB Image Widget
- Plugin Slug:
- wpb-image-widget
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58858
Enable Latex
- Plugin:
- Enable Latex
- Plugin Slug:
- enable-latex
- Installations
- 90+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58860
Zoomify embed for WP
- Plugin:
- Zoomify embed for WP
- Plugin Slug:
- zoom-image-shortcode
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58863
???
- Plugin:
- ???
- Plugin Slug:
- jinshuju
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58864
Compact Admin
- Plugin:
- Compact Admin
- Plugin Slug:
- compact-admin
- Installations
- 70+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58865
Site Info
- Plugin:
- Site Info
- Plugin Slug:
- site-info-dashboard-widget
- Installations
- 70+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2025-58866
Aparat Video Shortcode
- Plugin:
- Aparat Video Shortcode
- Plugin Slug:
- aparat-shortcode
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58876
Easy Download Media Counter
- Plugin:
- Easy Download Media Counter
- Plugin Slug:
- easy-download-media-counter
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58867
Floating Window Music Player
- Plugin:
- Floating Window Music Player
- Plugin Slug:
- floating-window-music-player
- Installations
- 60+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48104
Master Paper Collapse Toggle
- Plugin:
- Master Paper Collapse Toggle
- Plugin Slug:
- master-paper-collapse-toggle
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58871
SimaCookie
- Plugin:
- SimaCookie
- Plugin Slug:
- simasicher-dsgvo-cookie
- Installations
- 60+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58869
SimaCookie
- Plugin:
- SimaCookie
- Plugin Slug:
- simasicher-dsgvo-cookie
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58868
Pushe Web Push Notification
- Plugin:
- Pushe Web Push Notification
- Plugin Slug:
- pushe-webpush
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58873
Simple Price Calculator
- Plugin:
- Simple Price Calculator
- Plugin Slug:
- simple-price-calculator-basic
- Installations
- 50+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58872
WP Github Gist
- Plugin:
- WP Github Gist
- Plugin Slug:
- wp-github-gist
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58875
WP-GraphViz
- Plugin:
- WP-GraphViz
- Plugin Slug:
- wp-graphviz
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58870
WordPress StoryMap Plugin
- Plugin:
- WordPress StoryMap Plugin
- Plugin Slug:
- wp-storymap
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58874
New Simple Gallery
- Plugin:
- New Simple Gallery
- Plugin Slug:
- new-simple-gallery
- Installations
- 30+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-58881
Simple Text Slider
- Plugin:
- Simple Text Slider
- Plugin Slug:
- simple-text-slider
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58882
Course Booking Platform
- Plugin:
- Course Booking Platform
- Plugin Slug:
- course-booking-platform
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58887
Instant Locations
- Plugin:
- Instant Locations
- Plugin Slug:
- instant-locations
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58886
Constant Contact for WordPress
- Plugin:
- Constant Contact for WordPress
- Plugin Slug:
- constant-contact-api
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-48101
FAT Event – WordPress Event and Calendar Booking
- Plugin:
- FAT Event – WordPress Event and Calendar Booking
- Plugin Slug:
- fat-event
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-22508
Make, formerly Integromat Connector
- Plugin:
- Make, formerly Integromat Connector
- Plugin Slug:
- integromat-connector
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6085
PopAd
- Plugin:
- PopAd
- Plugin Slug:
- popad
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9616
Recent Posts Widget Extended
- Plugin:
- Recent Posts Widget Extended
- Plugin Slug:
- recent-posts-widget-extended
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-6757
Search Cloud One
- Plugin:
- Search Cloud One
- Plugin Slug:
- search-cloud-one
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58883
Spirit Framework
- Plugin:
- Spirit Framework
- Plugin Slug:
- spirit-framework
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49428
Translate This gTranslate Shortcode
- Plugin:
- Translate This gTranslate Shortcode
- Plugin Slug:
- translate-this-google-translate-web-element-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58880
Uxper Booking
- Plugin:
- Uxper Booking
- Plugin Slug:
- uxper-booking
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-49891
vipdrv
- Plugin:
- vipdrv
- Plugin Slug:
- vipdrv-vip-test-drive
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58884
Woocommerce Gifts Product
- Plugin:
- Woocommerce Gifts Product
- Plugin Slug:
- woo-gift-product
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58878
WooCommerce Single Page Checkout
- Plugin:
- WooCommerce Single Page Checkout
- Plugin Slug:
- woo-single-page-checkout
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58804
WordPress Helpdesk Integration
- Plugin:
- WordPress Helpdesk Integration
- Plugin Slug:
- wp-helpdesk-integration
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9990
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
- Plugin Slug:
- fluentform
- Installations
- 600,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 6.1.2
- Severity Score:
- Medium
- CVE:
- 2025-9260
Admin Menu Editor
- Plugin:
- Admin Menu Editor
- Plugin Slug:
- admin-menu-editor
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.14.1
- Severity Score:
- Medium
- CVE:
- 2025-9493
Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
- Plugin Slug:
- post-smtp
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.2
- Severity Score:
- Medium
- CVE:
- 2025-9219
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.1
- Severity Score:
- Medium
- CVE:
- 2025-58593
AI Engine
Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Blocks, and Elementor Widgets)
- Plugin Slug:
- content-views-query-and-display-post-page
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2
- Severity Score:
- Medium
- CVE:
- 2025-8722
Brizy – Page Builder
- Plugin:
- Brizy – Page Builder
- Plugin Slug:
- brizy
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.13
- Severity Score:
- Medium
- CVE:
- 2025-58594
User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
- Plugin Slug:
- user-registration
- Installations
- 60,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.4.0
- Severity Score:
- High
- CVE:
- 2025-9085
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 60,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 3.5.4.3
- Severity Score:
- Medium
- CVE:
- 2025-9489
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
- Plugin Slug:
- easy-facebook-likebox
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.6.8
- Severity Score:
- Medium
- CVE:
- 2025-6067
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
- Plugin Slug:
- quiz-master-next
- Installations
- 40,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 10.2.6
- Severity Score:
- Critical
- CVE:
- 2025-49401
Ditty – Responsive News Tickers, Sliders, and Lists
- Plugin Slug:
- ditty-news-ticker
- Installations
- 30,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.1.58
- Severity Score:
- High
- CVE:
- 2025-8085
Klarna Order Management for WooCommerce
- Plugin Slug:
- klarna-order-management-for-woocommerce
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.9.9
- Severity Score:
- Medium
- CVE:
- 2025-58598
LA-Studio Element Kit for Elementor
- Plugin Slug:
- lastudio-element-kit
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.5.2
- Severity Score:
- Medium
- CVE:
- 2025-8360
Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin
- Plugin Slug:
- mailoptin
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.75.1
- Severity Score:
- Medium
- CVE:
- 2025-58596
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
- Plugin:
- UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
- Plugin Slug:
- userswp
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.2.45
- Severity Score:
- Critical
- CVE:
- 2025-10003
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations
- 20,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2025-58597
Classified Listing – AI-Powered Classified ads & Business Directory Plugin
- Plugin Slug:
- classified-listing
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.7
- Severity Score:
- Medium
- CVE:
- 2025-58601
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.16
- Severity Score:
- Medium
- CVE:
- 2025-54744
Multi Step Form
- Plugin:
- Multi Step Form
- Plugin Slug:
- multi-step-form
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.7.26
- Severity Score:
- High
- CVE:
- 2025-9515
Order Delivery Date for WooCommerce
- Plugin Slug:
- order-delivery-date-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.0
- Severity Score:
- Medium
- CVE:
- 2025-58599
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin:
- Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin Slug:
- paid-member-subscriptions
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.16.0
- Severity Score:
- Medium
- CVE:
- 2025-58600
Sticky Side Buttons
- Plugin:
- Sticky Side Buttons
- Plugin Slug:
- sticky-side-buttons
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.0
- Severity Score:
- Medium
- CVE:
- 2023-3666
Malcure Malware Scanner — #1 Toolset for Malware Removal
- Plugin Slug:
- wp-malware-removal
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 16.9
- Severity Score:
- Medium
- CVE:
- 2025-3701
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin:
- AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin Slug:
- automatorwp
- Installations
- 9,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 5.3.7
- Severity Score:
- High
- CVE:
- 2025-9539
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin:
- AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin Slug:
- automatorwp
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.3.8
- Severity Score:
- Medium
- CVE:
- 2025-9542
If-So Dynamic Content Personalization
- Plugin Slug:
- if-so
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.4.1
- Severity Score:
- Medium
- CVE:
- 2025-58602
aThemes Addons for Elementor
- Plugin:
- aThemes Addons for Elementor
- Plugin Slug:
- athemes-addons-for-elementor-lite
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2025-8149
Email Marketing, Email Automation, Newsletter & Cart Abandonment for WordPress and WooCommerce – Mail Mint
- Plugin Slug:
- mail-mint
- Installations
- 6,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.18.6
- Severity Score:
- High
- CVE:
- 2025-58604
Surfer – WordPress Plugin
- Plugin:
- Surfer – WordPress Plugin
- Plugin Slug:
- surferseo
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.5.584
- Severity Score:
- Medium
- CVE:
- 2025-58603
Cookie Notice & Consent Banner for GDPR & CCPA Compliance
- Plugin Slug:
- cookie-notice-and-consent-banner
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.12
- Severity Score:
- Medium
- CVE:
- 2025-58607
WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
- Plugin Slug:
- delicious-recipes
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.8
- Severity Score:
- Medium
- CVE:
- 2025-58605
MediaPress
- Plugin:
- MediaPress
- Plugin Slug:
- mediapress
- Installations
- 5,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.6.0
- Severity Score:
- High
- CVE:
- 2025-58608
Latest Post Shortcode
- Plugin:
- Latest Post Shortcode
- Plugin Slug:
- latest-post-shortcode
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 14.10
- Severity Score:
- Medium
- CVE:
- 2025-58609
Gallery PhotoBlocks
- Plugin:
- Gallery PhotoBlocks
- Plugin Slug:
- photoblocks-grid-gallery
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2025-58610
Posts Table with Search & Sort
- Plugin:
- Posts Table with Search & Sort
- Plugin Slug:
- posts-data-table
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.11
- Severity Score:
- Medium
- CVE:
- 2025-58613
Property Hive
- Plugin:
- Property Hive
- Plugin Slug:
- propertyhive
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.6
- Severity Score:
- Medium
- CVE:
- 2025-58612
Tickera – WordPress Event Ticketing
- Plugin Slug:
- tickera-event-ticketing-system
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.5.5.8
- Severity Score:
- Medium
- CVE:
- 2025-58611
Amministrazione Trasparente
- Plugin:
- Amministrazione Trasparente
- Plugin Slug:
- amministrazione-trasparente
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1
- Severity Score:
- Medium
- CVE:
- 2025-5083
Tooltipy (tooltips for WP)
- Plugin:
- Tooltipy (tooltips for WP)
- Plugin Slug:
- bluet-keywords-tooltip-generator
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.9
- Severity Score:
- Medium
- CVE:
- 2025-58614
Easy Timer
- Plugin:
- Easy Timer
- Plugin Slug:
- easy-timer
- Installations
- 1,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 4.2.2
- Severity Score:
- High
- CVE:
- 2025-9519
ELEX WooCommerce Google Shopping (Google Product Feed)
- Plugin Slug:
- elex-woocommerce-google-product-feed-plugin-basic
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.4.4
- Severity Score:
- High
- CVE:
- 2025-10046
F4 Media Taxonomies
- Plugin:
- F4 Media Taxonomies
- Plugin Slug:
- f4-media-taxonomies
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2025-58617
InPost Gallery
- Plugin:
- InPost Gallery
- Plugin Slug:
- inpost-gallery
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.1.4.6
- Severity Score:
- High
- CVE:
- 2025-57889
Mobile Contact Line
- Plugin:
- Mobile Contact Line
- Plugin Slug:
- mobile-contact-line
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.1
- Severity Score:
- Medium
- CVE:
- 2025-58622
PDF for WPForms + Drag and Drop Template Builder
- Plugin Slug:
- pdf-for-wpforms
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.3.0
- Severity Score:
- Medium
- CVE:
- 2025-58620
WordPress Events Calendar Plugin – Pie Calendar
- Plugin Slug:
- pie-calendar
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.9
- Severity Score:
- Medium
- CVE:
- 2025-58618
PuzzleMe for WordPress
- Plugin:
- PuzzleMe for WordPress
- Plugin Slug:
- puzzleme
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.1
- Severity Score:
- Medium
- CVE:
- 2025-58621
Quick Paypal Payments
- Plugin:
- Quick Paypal Payments
- Plugin Slug:
- quick-paypal-payments
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.7.47
- Severity Score:
- Medium
- CVE:
- 2025-27003
Frisbii Pay
- Plugin:
- Frisbii Pay
- Plugin Slug:
- reepay-checkout-gateway
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.3
- Severity Score:
- Medium
- CVE:
- 2025-58616
SKT Addons for Elementor
- Plugin:
- SKT Addons for Elementor
- Plugin Slug:
- skt-addons-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8
- Severity Score:
- Medium
- CVE:
- 2025-8564
Vayu Blocks – Website Builder for the Block Editor
- Plugin Slug:
- vayu-blocks
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.10
- Severity Score:
- Medium
- CVE:
- 2025-9378
WP Bannerize Pro
- Plugin:
- WP Bannerize Pro
- Plugin Slug:
- wp-bannerize-pro
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.11.0
- Severity Score:
- Medium
- CVE:
- 2025-58615
WP Flow Plus
- Plugin:
- WP Flow Plus
- Plugin Slug:
- wp-imageflow2
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.6
- Severity Score:
- Medium
- CVE:
- 2025-58625
Show Eventbrite Events – Event Feed for Eventbrite
- Plugin Slug:
- event-feed-for-eventbrite
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2025-58623
Exchange Rates
- Plugin:
- Exchange Rates
- Plugin Slug:
- exchange-rates
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2025-58624
RumbleTalk Live Group Chat – HTML5
- Plugin Slug:
- rumbletalk-chat-a-chat-with-themes
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.3.6
- Severity Score:
- Medium
- CVE:
- 2025-58626
Simple Matomo Tracking Code
- Plugin:
- Simple Matomo Tracking Code
- Plugin Slug:
- simple-matomo-tracking-code
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2025-58630
Dadevarzan WordPress Common
- Plugin:
- Dadevarzan WordPress Common
- Plugin Slug:
- dadevarzan-common
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.3
- Severity Score:
- Medium
- CVE:
- 2025-58632
IssueM
- Plugin:
- IssueM
- Plugin Slug:
- issuem
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.1
- Severity Score:
- Medium
- CVE:
- 2025-58631
Booking Ultra Pro Appointments Booking Calendar Plugin
- Plugin Slug:
- booking-ultra-pro
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.22
- Severity Score:
- Medium
- CVE:
- 2025-58633
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net
- Plugin Slug:
- peachpay-for-woocommerce
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.117.5
- Severity Score:
- Medium
- CVE:
- 2025-58634
Support Genix – Helpdesk & Customer Support Ticket System
- Plugin Slug:
- support-genix-lite
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.24
- Severity Score:
- Medium
- CVE:
- 2025-58635
immonex Kickstart
- Plugin:
- immonex Kickstart
- Plugin Slug:
- immonex-kickstart
- Installations
- 300+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.11.13
- Severity Score:
- High
- CVE:
- 2025-58637
Contact Form By Mega Forms – Drag and Drop Form Builder
- Plugin Slug:
- mega-forms
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
- CVE:
- 2025-58639
Cloud SAML SSO – Single Sign On Login
- Plugin Slug:
- cloud-sso-single-sign-on
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.20
- Severity Score:
- High
- CVE:
- 2025-7040
Cloud SAML SSO – Single Sign On Login
- Plugin Slug:
- cloud-sso-single-sign-on
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.20
- Severity Score:
- Medium
- CVE:
- 2025-7045
Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF
- Plugin Slug:
- document-engine
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3
- Severity Score:
- Medium
- CVE:
- 2025-58640
Smart Table Builder
- Plugin:
- Smart Table Builder
- Plugin Slug:
- smart-table-builder
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
- 2025-9126
StreamWeasels Kick Integration
- Plugin:
- StreamWeasels Kick Integration
- Plugin Slug:
- streamweasels-kick-integration
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2025-9442
Html Social share buttons
- Plugin:
- Html Social share buttons
- Plugin Slug:
- html-social-share-buttons
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2025-9849
Optio Dentistry
- Plugin:
- Optio Dentistry
- Plugin Slug:
- optio-dentistry
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3
- Severity Score:
- Medium
- CVE:
- 2025-9853
atec Debug
- Plugin:
- atec Debug
- Plugin Slug:
- atec-debug
- Installations
- 40+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.2.23
- Severity Score:
- High
- CVE:
- 2025-9518
atec Debug
- Plugin:
- atec Debug
- Plugin Slug:
- atec-debug
- Installations
- 40+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.2.23
- Severity Score:
- High
- CVE:
- 2025-9517
atec Debug
- Plugin:
- atec Debug
- Plugin Slug:
- atec-debug
- Installations
- 40+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.2.23
- Severity Score:
- Medium
- CVE:
- 2025-9516
LTL Freight Quotes – Day & Ross Edition
- Plugin Slug:
- ltl-freight-quotes-day-ross-edition
- Installations
- 10+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.1.12
- Severity Score:
- High
- CVE:
- 2025-58642
ZIP Code Based Content Protection
- Plugin Slug:
- zip-code-based-content-protection
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.0.1
- Severity Score:
- High
- CVE:
- 2025-59008
Biagiotti Core
- Plugin:
- Biagiotti Core
- Plugin Slug:
- biagiotti-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
- 2025-9057
Exit Intent Popup
- Plugin:
- Exit Intent Popup
- Plugin Slug:
- exitintentpopup
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.0.3
- Severity Score:
- Medium
- CVE:
- 2025-58641
LTL Freight Quotes – Daylight Edition
- Plugin Slug:
- ltl-freight-quotes-daylight-edition
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.2.8
- Severity Score:
- High
- CVE:
- 2025-58643
LTL Freight Quotes – TQL Edition
- Plugin:
- LTL Freight Quotes – TQL Edition
- Plugin Slug:
- ltl-freight-quotes-tql-edition
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.2.7
- Severity Score:
- High
- CVE:
- 2025-58644
Mikado Core
- Plugin:
- Mikado Core
- Plugin Slug:
- mikado-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6
- Severity Score:
- Medium
- CVE:
- 2025-9058
Wilmer Core
- Plugin:
- Wilmer Core
- Plugin Slug:
- wilmer-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.6
- Severity Score:
- Medium
- CVE:
- 2025-9061
WordPress Themes — 10 Patched / 92 Unpatched
ConsultStreet
- Theme:
- ConsultStreet
- Theme Slug:
- consultstreet
- Downloads
- 581,213
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58813
Shk Corporate
- Theme:
- Shk Corporate
- Theme Slug:
- shk-corporate
- Downloads
- 105,547
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58824
SoftMe
- Theme:
- SoftMe
- Theme Slug:
- softme
- Downloads
- 155,328
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-58817
Abogado
- Theme:
- Abogado
- Theme Slug:
- abogado
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Accalia
- Theme:
- Accalia
- Theme Slug:
- accalia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Adrena
- Theme:
- Adrena
- Theme Slug:
- adrena
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Advice
- Theme:
- Advice
- Theme Slug:
- advice
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Agora
- Theme:
- Agora
- Theme Slug:
- agora
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Alanzo
- Theme:
- Alanzo
- Theme Slug:
- alanzo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Albertino
- Theme:
- Albertino
- Theme Slug:
- albertino
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Alhambra
- Theme:
- Alhambra
- Theme Slug:
- alhambra
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
A.Williams
- Theme:
- A.Williams
- Theme Slug:
- alisha-williams
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
AlphaColor
- Theme:
- AlphaColor
- Theme Slug:
- alpha-color
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Anesta
- Theme:
- Anesta
- Theme Slug:
- anesta
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Angela
- Theme:
- Angela
- Theme Slug:
- angela
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
AI ANN
- Theme:
- AI ANN
- Theme Slug:
- ann
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Anubia
- Theme:
- Anubia
- Theme Slug:
- anubia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Artesia
- Theme:
- Artesia
- Theme Slug:
- artesia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Asclepius
- Theme:
- Asclepius
- Theme Slug:
- asclepius
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Belicia
- Theme:
- Belicia
- Theme Slug:
- belicia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
BeYoga
- Theme:
- BeYoga
- Theme Slug:
- beyoga
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Birdily | Travel Agency & Tour Booking WordPress Theme
- Theme:
- Birdily | Travel Agency & Tour Booking WordPress Theme
- Theme Slug:
- birdily
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Bonko
- Theme:
- Bonko
- Theme Slug:
- bonko
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Booklovers
- Theme:
- Booklovers
- Theme Slug:
- booklovers
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Callie Britt
- Theme:
- Callie Britt
- Theme Slug:
- callie-britt
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Camelia
- Theme:
- Camelia
- Theme Slug:
- camelia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Carlax
- Theme:
- Carlax
- Theme Slug:
- carlax
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Carz
- Theme:
- Carz
- Theme Slug:
- carz
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
ChainPress
- Theme:
- ChainPress
- Theme Slug:
- chainpress
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Chakra
- Theme:
- Chakra
- Theme Slug:
- chakra
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Chardonnay
- Theme:
- Chardonnay
- Theme Slug:
- chardonnay
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Childy
- Theme:
- Childy
- Theme Slug:
- childly
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Chrimson
- Theme:
- Chrimson
- Theme Slug:
- chrimson
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
City Hostel
- Theme:
- City Hostel
- Theme Slug:
- cityhostel
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
69 Clothing
- Theme:
- 69 Clothing
- Theme Slug:
- clothing69
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Corredo
- Theme:
- Corredo
- Theme Slug:
- corredo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Credit Card Experience
- Theme:
- Credit Card Experience
- Theme Slug:
- creditcard
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Crework
- Theme:
- Crework
- Theme Slug:
- crework
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Custom Made
- Theme:
- Custom Made
- Theme Slug:
- custom-made
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Def
- Theme:
- Def
- Theme Slug:
- def
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Doccure
- Theme:
- Doccure
- Theme Slug:
- doccure
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9112
Doccure
- Theme:
- Doccure
- Theme Slug:
- doccure
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9114
Doccure
- Theme:
- Doccure
- Theme Slug:
- doccure
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9113
Drone Media
- Theme:
- Drone Media
- Theme Slug:
- drone-media
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Edema
- Theme:
- Edema
- Theme Slug:
- edema
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Elementra
- Theme:
- Elementra
- Theme Slug:
- elementra
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Fortunio
- Theme:
- Fortunio
- Theme Slug:
- fortunio
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Good Wine
- Theme:
- Good Wine
- Theme Slug:
- good-wine-shop
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Gravity
- Theme:
- Gravity
- Theme Slug:
- gravity
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Gutentype
- Theme:
- Gutentype
- Theme Slug:
- gutentype
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Hampton
- Theme:
- Hampton
- Theme Slug:
- hampton
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Happy Rider
- Theme:
- Happy Rider
- Theme Slug:
- happy-rider
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Healthy Blog
- Theme:
- Healthy Blog
- Theme Slug:
- healthy-blog
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Heaven11
- Theme:
- Heaven11
- Theme Slug:
- heaven11
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Hello Summer
- Theme:
- Hello Summer
- Theme Slug:
- hello-summer
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Hogwords
- Theme:
- Hogwords
- Theme Slug:
- hogwords
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
HotLock
- Theme:
- HotLock
- Theme Slug:
- hotlock
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Insurance Ancora
- Theme:
- Insurance Ancora
- Theme Slug:
- insurance-ancora
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Juno
- Theme:
- Juno
- Theme Slug:
- junotoys
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Kargo
- Theme:
- Kargo
- Theme Slug:
- kargo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Lab
- Theme:
- Lab
- Theme Slug:
- lab
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Laundry City
- Theme:
- Laundry City
- Theme Slug:
- laundrycity
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
MediaFlex
- Theme:
- MediaFlex
- Theme Slug:
- mediaflex
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Nazareth
- Theme:
- Nazareth
- Theme Slug:
- nazareth
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
OldStory
- Theme:
- OldStory
- Theme Slug:
- oldstory
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Partiso
- Theme:
- Partiso
- Theme Slug:
- partiso
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
PathWell
- Theme:
- PathWell
- Theme Slug:
- pathwell
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Planet Shakers
- Theme:
- Planet Shakers
- Theme Slug:
- planet-shakers
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Plastica
- Theme:
- Plastica
- Theme Slug:
- plastica
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Let’s Play
- Theme:
- Let’s Play
- Theme Slug:
- playhockey
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Podium
- Theme:
- Podium
- Theme Slug:
- podium
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Preston
- Theme:
- Preston
- Theme Slug:
- preston
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
ProDent
- Theme:
- ProDent
- Theme Slug:
- prodent
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
ProGuards
- Theme:
- ProGuards
- Theme Slug:
- proguards
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
ProRange
- Theme:
- ProRange
- Theme Slug:
- prorange
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Qwery
- Theme:
- Qwery
- Theme Slug:
- qwery
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Samadhi
- Theme:
- Samadhi
- Theme Slug:
- samadhi
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Smart Casa
- Theme:
- Smart Casa
- Theme Slug:
- smart-casa
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
SoccerClub
- Theme:
- SoccerClub
- Theme Slug:
- soccerclub
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Softic
- Theme:
- Softic
- Theme Slug:
- softic
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Solio
- Theme:
- Solio
- Theme Slug:
- solio
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
StevenWatkins
- Theme:
- StevenWatkins
- Theme Slug:
- steven-watkins
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Stratego
- Theme:
- Stratego
- Theme Slug:
- stratego
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Studeon
- Theme:
- Studeon
- Theme Slug:
- studeon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Tantra
- Theme:
- Tantra
- Theme Slug:
- tantra
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Tax Help
- Theme:
- Tax Help
- Theme Slug:
- tax-help
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Translang
- Theme:
- Translang
- Theme Slug:
- translang
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Travesia
- Theme:
- Travesia
- Theme Slug:
- travesia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Vagabonds
- Theme:
- Vagabonds
- Theme Slug:
- vagabonds
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Wine House
- Theme:
- Wine House
- Theme Slug:
- wine-house
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Wise Move
- Theme:
- Wise Move
- Theme Slug:
- wisemove
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
WotaHub
- Theme:
- WotaHub
- Theme Slug:
- wotahub
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
OceanWP
SaasLauncher
- Theme:
- SaasLauncher
- Theme Slug:
- saaslauncher
- Downloads
- 67,440
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
- 2025-58606
AdForest
- Theme:
- AdForest
- Theme Slug:
- adforest
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 6.0.10
- Severity Score:
- Critical
- CVE:
- 2025-8359
Flatsome
- Theme:
- Flatsome
- Theme Slug:
- flatsome
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.20.1
- Severity Score:
- Medium
- CVE:
- 2025-8684
Goza
- Theme:
- Goza
- Theme Slug:
- goza-theme
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.2.3
- Severity Score:
- High
- CVE:
- 2025-10134
Goza
- Theme:
- Goza
- Theme Slug:
- goza-theme
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.2.3
- Severity Score:
- Critical
- CVE:
- 2025-5394
Miraculous
- Theme:
- Miraculous
- Theme Slug:
- miraculous
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.0.9
- Severity Score:
- Critical
- CVE:
- 2025-58628
Oblo
- Theme:
- Oblo
- Theme Slug:
- oblo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.2.5
- Severity Score:
- High
- CVE:
- 2025-48290
Rehub
- Theme:
- Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- Content Injection
- Patched in Version:
- 19.9.8
- Severity Score:
- High
- CVE:
- 2025-7366
Rehub
- Theme:
- Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 19.9.8
- Severity Score:
- Medium
- CVE:
- 2025-7368
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
