In this report, 199 vulnerabilities have been publicly disclosed. Security patches for 50 of these plugins and themes are now available, so please run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 149 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.8.2 was released on July 15, 2025. This maintenance release includes fixes for 20 Core tickets and 15 Block Editor issues. For a full list of bug fixes, please refer to the release candidate announcement.
WordPress Plugins — 47 Patched / 50 Unpatched
Duplicate Page and Post
- Plugin:
- Duplicate Page and Post
- Plugin Slug:
- duplicate-wp-page-post
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-6189
Categorify – WordPress Media Library Category & File Manager
- Plugin Slug:
- categorify
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59005
WP Mailgun SMTP
- Plugin:
- WP Mailgun SMTP
- Plugin Slug:
- wp-mailgun-smtp
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
WP SendGrid SMTP
- Plugin:
- WP SendGrid SMTP
- Plugin Slug:
- wp-sendgrid-smtp
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
All in one Minifier
- Plugin:
- All in one Minifier
- Plugin Slug:
- all-in-one-minifier
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9073
Ultimate Classified Listings
- Plugin:
- Ultimate Classified Listings
- Plugin Slug:
- ultimate-classified-listings
- Installations
- 10+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-0763
Admin in English with Switch
- Plugin:
- Admin in English with Switch
- Plugin Slug:
- admin-in-english-with-switch
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9623
Analytics Reduce Bounce Rate
- Plugin:
- Analytics Reduce Bounce Rate
- Plugin Slug:
- analytics-unbounce
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9635
Auto Save Remote Images (Drafts)
- Plugin:
- Auto Save Remote Images (Drafts)
- Plugin Slug:
- auto-save-remote-images-drafts
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-7843
AutoCatSet
- Plugin:
- AutoCatSet
- Plugin Slug:
- autocatset
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9631
azurecurve BBCode
- Plugin:
- azurecurve BBCode
- Plugin Slug:
- azurecurve-bbcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8398
BeyondCart Connector
- Plugin:
- BeyondCart Connector
- Plugin Slug:
- beyondcart
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-8570
Blog Designer For Elementor
- Plugin:
- Blog Designer For Elementor
- Plugin Slug:
- blog-designer-for-elementor
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8481
Certifica WP
- Plugin:
- Certifica WP
- Plugin Slug:
- certifica-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8316
Contact Form 7 reCAPTCHA
- Plugin:
- Contact Form 7 reCAPTCHA
- Plugin Slug:
- contact-form-7-recaptcha
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-8280
Countdown Timer for Elementor
- Plugin:
- Countdown Timer for Elementor
- Plugin Slug:
- countdown-timer-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8445
Coupon API
- Plugin:
- Coupon API
- Plugin Slug:
- couponapi
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-8692
Digital Events Calendar
- Plugin:
- Digital Events Calendar
- Plugin Slug:
- digital-events-calendar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-5801
Elements Plus!
- Plugin:
- Elements Plus!
- Plugin Slug:
- elements-plus
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8689
Embed Google Datastudio
- Plugin:
- Embed Google Datastudio
- Plugin Slug:
- embed-google-data-studio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9877
Enhanced BibliPlug
- Plugin:
- Enhanced BibliPlug
- Plugin Slug:
- enhanced-bibliplug
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9855
Evenium
- Plugin:
- Evenium
- Plugin Slug:
- evenium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9850
WPGYM
- Plugin:
- WPGYM
- Plugin Slug:
- gym-management
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7049
IndiaNIC Testimonial
- Plugin:
- IndiaNIC Testimonial
- Plugin Slug:
- indianic-testimonial
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7826
Catalog Importer, Scraper & Crawler
- Plugin:
- Catalog Importer, Scraper & Crawler
- Plugin Slug:
- intelligent-importer
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-8417
jQuery Colorbox
- Plugin:
- jQuery Colorbox
- Plugin Slug:
- jquery-colorbox
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-3650
The integration of the AMO.CRM
- Plugin:
- The integration of the AMO.CRM
- Plugin Slug:
- leads-for-amo-crm
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9628
LH Signing
- Plugin:
- LH Signing
- Plugin Slug:
- lh-signing
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9633
Mitfahrgelegenheit
- Plugin:
- Mitfahrgelegenheit
- Plugin Slug:
- mitfahrgelegenheit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8392
Mixtape
- Plugin:
- Mixtape
- Plugin Slug:
- mixtape
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9860
My WP Translate
- Plugin:
- My WP Translate
- Plugin Slug:
- my-wp-translate
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8425
My WP Translate
- Plugin:
- My WP Translate
- Plugin Slug:
- my-wp-translate
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8423
PhpList Subber
- Plugin:
- PhpList Subber
- Plugin Slug:
- phpls
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9632
Plugin updates blocker
- Plugin:
- Plugin updates blocker
- Plugin Slug:
- plugin-update-blocker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9634
Propovoice CRM
- Plugin:
- Propovoice CRM
- Plugin Slug:
- propovoice
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-8422
Publish Approval
- Plugin:
- Publish Approval
- Plugin Slug:
- publish-approval
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9617
Resideo Plugin for Resideo
- Plugin:
- Resideo Plugin for Resideo
- Plugin Slug:
- resideo-plugin
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-7718
Responsive Addons for Elementor
- Plugin:
- Responsive Addons for Elementor
- Plugin Slug:
- responsive-addons-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8215
Run Log
- Plugin:
- Run Log
- Plugin Slug:
- run-log
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9627
Salon booking system
- Plugin:
- Salon booking system
- Plugin Slug:
- salon-booking-system
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8492
Seo Monster
- Plugin:
- Seo Monster
- Plugin Slug:
- seo-monster
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9620
Side Slide Responsive Menu
- Plugin:
- Side Slide Responsive Menu
- Plugin Slug:
- side-slide-responsive-menu
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9880
eID Easy
- Plugin:
- eID Easy
- Plugin Slug:
- smart-id
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9128
Smartcat Translator for WPML
- Plugin:
- Smartcat Translator for WPML
- Plugin Slug:
- smartcat-wpml
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9451
Spotify Embed Creator
- Plugin:
- Spotify Embed Creator
- Plugin Slug:
- spotify-embed-creator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9879
ThemeLoom Widgets
- Plugin:
- ThemeLoom Widgets
- Plugin Slug:
- themeloom-widgets
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-9861
Ultimate Blogroll
- Plugin:
- Ultimate Blogroll
- Plugin Slug:
- ultimate-blogroll
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9881
User Meta
- Plugin:
- User Meta
- Plugin Slug:
- user-meta
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-9693
WP Scriptcase
- Plugin:
- WP Scriptcase
- Plugin Slug:
- wp-scriptcase
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8691
Workable Api
- Plugin:
- Workable Api
- Plugin Slug:
- wrapper-for-workable-api
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8721
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.15.3
- Severity Score:
- Medium
- CVE:
- 2025-9808
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.15.1.1
- Severity Score:
- Critical
- CVE:
- 2025-9807
Ninja Forms – The Contact Form Builder That Grows With You
- Plugin Slug:
- ninja-forms
- Installations
- 600,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.11.1
- Severity Score:
- Critical
- CVE:
- 2025-9083
NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN
- Plugin Slug:
- nitropack
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.18.5
- Severity Score:
- Medium
- CVE:
- 2025-8778
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.8.0
- Severity Score:
- High
- CVE:
- 2025-58993
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.1
- Severity Score:
- Medium
- CVE:
- 2025-58990
Import any XML, CSV or Excel File to WordPress
- Plugin Slug:
- wp-all-import
- Installations
- 100,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.9.4
- Severity Score:
- High
- CVE:
- 2025-10001
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.5
- Severity Score:
- Medium
- CVE:
- 2025-8388
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 60,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 3.5.4.3
- Severity Score:
- Medium
- CVE:
- 2025-9489
Maspik – Ultimate Spam Protection
- Plugin Slug:
- contact-forms-anti-spam
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.5.7
- Severity Score:
- Medium
- CVE:
- 2025-9888
Maspik – Ultimate Spam Protection
- Plugin Slug:
- contact-forms-anti-spam
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.7
- Severity Score:
- Medium
- CVE:
- 2025-9979
Ditty – Responsive News Tickers, Sliders, and Lists
- Plugin Slug:
- ditty-news-ticker
- Installations
- 30,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.1.58
- Severity Score:
- High
- CVE:
- 2025-8085
Welcart e-Commerce
- Plugin:
- Welcart e-Commerce
- Plugin Slug:
- usc-e-shop
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.11.21
- Severity Score:
- Medium
- CVE:
- 2025-58984
WP Import – Ultimate CSV XML Importer for WordPress
- Plugin Slug:
- wp-ultimate-csv-importer
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.28
- Severity Score:
- High
- CVE:
- 2025-10040
LWS Cleaner
- Plugin:
- LWS Cleaner
- Plugin Slug:
- lws-cleaner
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 2.4.2
- Severity Score:
- High
- CVE:
- 2025-8575
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin:
- AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin Slug:
- automatorwp
- Installations
- 9,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 5.3.7
- Severity Score:
- High
- CVE:
- 2025-9539
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin:
- AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
- Plugin Slug:
- automatorwp
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.3.8
- Severity Score:
- Medium
- CVE:
- 2025-9542
Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors
- Plugin Slug:
- accessibility-checker
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.31.1
- Severity Score:
- Medium
- CVE:
- 2025-58976
Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors
- Plugin Slug:
- accessibility-checker
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.31.1
- Severity Score:
- Medium
- CVE:
- 2025-58981
AI ChatBot for WordPress – WPBot
- Plugin:
- AI ChatBot for WordPress – WPBot
- Plugin Slug:
- chatbot
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.0
- Severity Score:
- Medium
- CVE:
- 2025-9111
CatFolders – Tame Your WordPress Media Library by Category
- Plugin Slug:
- catfolders
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.5.3
- Severity Score:
- High
- CVE:
- 2025-9776
Export WP Page to Static HTML & PDF
- Plugin Slug:
- export-wp-page-to-static-html
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.0
- Severity Score:
- Medium
- CVE:
- 2025-58980
Include Me
- Plugin:
- Include Me
- Plugin Slug:
- include-me
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2025-58983
PagBank / PagSeguro Connect para WooCommerce
- Plugin Slug:
- pagbank-connect
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.44.4
- Severity Score:
- High
- CVE:
- 2025-10142
BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
- Plugin Slug:
- searchpro
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.54
- Severity Score:
- Medium
- CVE:
- 2025-58979
PDF Generator for WordPress
- Plugin:
- PDF Generator for WordPress
- Plugin Slug:
- pdf-generator-for-wp
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.5
- Severity Score:
- Medium
- CVE:
- 2025-58978
Responsive Filterable Portfolio
- Plugin:
- Responsive Filterable Portfolio
- Plugin Slug:
- responsive-filterable-portfolio
- Installations
- 2,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.0.25
- Severity Score:
- Critical
- CVE:
- 2025-10049
Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form
- Plugin Slug:
- wp-edit-password-protected
- Installations
- 2,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2025-9034
Authorsy – Author Box, Multiple Authors, Guest Authors & Post Rating
- Plugin Slug:
- authorsy
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.6
- Severity Score:
- Medium
- CVE:
- 2025-27006
Dynamic Text Field For Contact Form 7
- Plugin Slug:
- dynamic-text-field-for-contact-form-7
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1
- Severity Score:
- Medium
- CVE:
- 2025-58989
Falang multilanguage for WordPress
- Plugin Slug:
- falang
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.3.66
- Severity Score:
- High
- CVE:
- 2025-58619
WP eBay Product Feeds
- Plugin:
- WP eBay Product Feeds
- Plugin Slug:
- ebay-feeds-for-wordpress
- Installations
- 900+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.4.9
- Severity Score:
- Medium
- CVE:
- 2025-58977
Pixeline’s Email Protector
- Plugin:
- Pixeline’s Email Protector
- Plugin Slug:
- pixelines-email-protector
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2025-58982
Football Pool
- Plugin:
- Football Pool
- Plugin Slug:
- football-pool
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.13.0
- Severity Score:
- Medium
- CVE:
- 2025-58987
My Tickets – Accessible Event Ticketing
- Plugin Slug:
- my-tickets
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.23
- Severity Score:
- Medium
- CVE:
- 2025-58988
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net
- Plugin Slug:
- peachpay-for-woocommerce
- Installations
- 500+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.117.6
- Severity Score:
- High
- CVE:
- 2025-9463
Additional Custom Product Tabs for WooCommerce
- Plugin Slug:
- product-tabs-for-woocommerce
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.4
- Severity Score:
- Medium
- CVE:
- 2025-58985
The Hack Repair Guy’s Plugin Archiver
- Plugin Slug:
- hackrepair-plugin-archiver
- Installations
- 400+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.1.1
- Severity Score:
- High
- CVE:
- 2025-10176
Advanced Settings 3
- Plugin:
- Advanced Settings 3
- Plugin Slug:
- advanced-settings
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- CVE:
- 2025-58975
Time Tracker
- Plugin:
- Time Tracker
- Plugin Slug:
- time-tracker
- Installations
- 60+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.0
- Severity Score:
- High
- CVE:
- 2025-9018
WP Blast | SEO & Performance Booster
- Plugin Slug:
- wpblast
- Installations
- 40+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.8.7
- Severity Score:
- Medium
- CVE:
- 2025-9622
Heateor Login – Social Login Plugin
- Plugin Slug:
- heateor-login
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.10
- Severity Score:
- Medium
- CVE:
- 2025-9857
MyBrain Utilities
- Plugin:
- MyBrain Utilities
- Plugin Slug:
- mybrain-utilities
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
- 2025-10126
Compress & Upload
- Plugin:
- Compress & Upload
- Plugin Slug:
- compress-then-upload
- Installations
- 10+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.0.5
- Severity Score:
- Critical
- CVE:
- 2025-8889
Mikado Core
- Plugin:
- Mikado Core
- Plugin Slug:
- mikado-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6
- Severity Score:
- Medium
- CVE:
- 2025-9058
Wilmer Core
- Plugin:
- Wilmer Core
- Plugin Slug:
- wilmer-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.6
- Severity Score:
- Medium
- CVE:
- 2025-9061
WooCommerce Booking Bundle Hours
- Plugin:
- WooCommerce Booking Bundle Hours
- Plugin Slug:
- woo-booking-bundle-hours
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 0.7.5
- Severity Score:
- High
- CVE:
- 2025-58991
WordPress Themes — 3 Patched / 99 Unpatched
ButterBelly
- Theme:
- ButterBelly
- Theme Slug:
- butterbelly
- Downloads
- 70,694
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
Cloriato Lite
- Theme:
- Cloriato Lite
- Theme Slug:
- cloriato-lite
- Downloads
- 111,776
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
ColorWay
- Theme:
- ColorWay
- Theme Slug:
- colorway
- Downloads
- 1,314,146
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
Compass
- Theme:
- Compass
- Theme Slug:
- compass
- Downloads
- 65,712
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
Dzonia Lite
- Theme:
- Dzonia Lite
- Theme Slug:
- dzonia-lite
- Downloads
- 114,483
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
Poloray
- Theme:
- Poloray
- Theme Slug:
- poloray
- Downloads
- 71,063
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
Rethink
- Theme:
- Rethink
- Theme Slug:
- rethink
- Downloads
- 42,070
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
Road Fighter
- Theme:
- Road Fighter
- Theme Slug:
- road-fighter
- Downloads
- 82,748
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
Themia Lite
- Theme:
- Themia Lite
- Theme Slug:
- themia-lite
- Downloads
- 194,918
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-59003
Abogado
- Theme:
- Abogado
- Theme Slug:
- abogado
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Accalia
- Theme:
- Accalia
- Theme Slug:
- accalia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Adrena
- Theme:
- Adrena
- Theme Slug:
- adrena
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Advice
- Theme:
- Advice
- Theme Slug:
- advice
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Agora
- Theme:
- Agora
- Theme Slug:
- agora
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Alanzo
- Theme:
- Alanzo
- Theme Slug:
- alanzo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Albertino
- Theme:
- Albertino
- Theme Slug:
- albertino
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Alhambra
- Theme:
- Alhambra
- Theme Slug:
- alhambra
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
A.Williams
- Theme:
- A.Williams
- Theme Slug:
- alisha-williams
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
AlphaColor
- Theme:
- AlphaColor
- Theme Slug:
- alpha-color
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Anesta
- Theme:
- Anesta
- Theme Slug:
- anesta
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Angela
- Theme:
- Angela
- Theme Slug:
- angela
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
AI ANN
- Theme:
- AI ANN
- Theme Slug:
- ann
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Anubia
- Theme:
- Anubia
- Theme Slug:
- anubia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Artesia
- Theme:
- Artesia
- Theme Slug:
- artesia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Asclepius
- Theme:
- Asclepius
- Theme Slug:
- asclepius
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Belicia
- Theme:
- Belicia
- Theme Slug:
- belicia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
BeYoga
- Theme:
- BeYoga
- Theme Slug:
- beyoga
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Birdily | Travel Agency & Tour Booking WordPress Theme
- Theme:
- Birdily | Travel Agency & Tour Booking WordPress Theme
- Theme Slug:
- birdily
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Bonko
- Theme:
- Bonko
- Theme Slug:
- bonko
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Booklovers
- Theme:
- Booklovers
- Theme Slug:
- booklovers
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Callie Britt
- Theme:
- Callie Britt
- Theme Slug:
- callie-britt
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Camelia
- Theme:
- Camelia
- Theme Slug:
- camelia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Carlax
- Theme:
- Carlax
- Theme Slug:
- carlax
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Carz
- Theme:
- Carz
- Theme Slug:
- carz
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
ChainPress
- Theme:
- ChainPress
- Theme Slug:
- chainpress
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Chakra
- Theme:
- Chakra
- Theme Slug:
- chakra
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Chardonnay
- Theme:
- Chardonnay
- Theme Slug:
- chardonnay
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Childy
- Theme:
- Childy
- Theme Slug:
- childly
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Chrimson
- Theme:
- Chrimson
- Theme Slug:
- chrimson
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
City Hostel
- Theme:
- City Hostel
- Theme Slug:
- cityhostel
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
69 Clothing
- Theme:
- 69 Clothing
- Theme Slug:
- clothing69
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Corredo
- Theme:
- Corredo
- Theme Slug:
- corredo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Credit Card Experience
- Theme:
- Credit Card Experience
- Theme Slug:
- creditcard
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Crework
- Theme:
- Crework
- Theme Slug:
- crework
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Custom Made
- Theme:
- Custom Made
- Theme Slug:
- custom-made
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Def
- Theme:
- Def
- Theme Slug:
- def
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Doccure
- Theme:
- Doccure
- Theme Slug:
- doccure
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9112
Doccure
- Theme:
- Doccure
- Theme Slug:
- doccure
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9114
Doccure
- Theme:
- Doccure
- Theme Slug:
- doccure
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2025-9113
Drone Media
- Theme:
- Drone Media
- Theme Slug:
- drone-media
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Edema
- Theme:
- Edema
- Theme Slug:
- edema
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Elementra
- Theme:
- Elementra
- Theme Slug:
- elementra
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Fortunio
- Theme:
- Fortunio
- Theme Slug:
- fortunio
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Good Wine
- Theme:
- Good Wine
- Theme Slug:
- good-wine-shop
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Gravity
- Theme:
- Gravity
- Theme Slug:
- gravity
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Gutentype
- Theme:
- Gutentype
- Theme Slug:
- gutentype
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Hampton
- Theme:
- Hampton
- Theme Slug:
- hampton
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Happy Rider
- Theme:
- Happy Rider
- Theme Slug:
- happy-rider
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Healthy Blog
- Theme:
- Healthy Blog
- Theme Slug:
- healthy-blog
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Heaven11
- Theme:
- Heaven11
- Theme Slug:
- heaven11
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Hello Summer
- Theme:
- Hello Summer
- Theme Slug:
- hello-summer
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Hogwords
- Theme:
- Hogwords
- Theme Slug:
- hogwords
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
HotLock
- Theme:
- HotLock
- Theme Slug:
- hotlock
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Insurance Ancora
- Theme:
- Insurance Ancora
- Theme Slug:
- insurance-ancora
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Jobify – Job Board WordPress Theme
- Theme:
- Jobify – Job Board WordPress Theme
- Theme Slug:
- jobify
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2025-8318
Juno
- Theme:
- Juno
- Theme Slug:
- junotoys
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Kargo
- Theme:
- Kargo
- Theme Slug:
- kargo
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Lab
- Theme:
- Lab
- Theme Slug:
- lab
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Laundry City
- Theme:
- Laundry City
- Theme Slug:
- laundrycity
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
MediaFlex
- Theme:
- MediaFlex
- Theme Slug:
- mediaflex
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Nazareth
- Theme:
- Nazareth
- Theme Slug:
- nazareth
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
OldStory
- Theme:
- OldStory
- Theme Slug:
- oldstory
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Partiso
- Theme:
- Partiso
- Theme Slug:
- partiso
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
PathWell
- Theme:
- PathWell
- Theme Slug:
- pathwell
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Planet Shakers
- Theme:
- Planet Shakers
- Theme Slug:
- planet-shakers
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Plastica
- Theme:
- Plastica
- Theme Slug:
- plastica
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Let’s Play
- Theme:
- Let’s Play
- Theme Slug:
- playhockey
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Podium
- Theme:
- Podium
- Theme Slug:
- podium
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Preston
- Theme:
- Preston
- Theme Slug:
- preston
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
ProDent
- Theme:
- ProDent
- Theme Slug:
- prodent
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
ProGuards
- Theme:
- ProGuards
- Theme Slug:
- proguards
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
ProRange
- Theme:
- ProRange
- Theme Slug:
- prorange
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Qwery
- Theme:
- Qwery
- Theme Slug:
- qwery
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Samadhi
- Theme:
- Samadhi
- Theme Slug:
- samadhi
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Smart Casa
- Theme:
- Smart Casa
- Theme Slug:
- smart-casa
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
SoccerClub
- Theme:
- SoccerClub
- Theme Slug:
- soccerclub
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Softic
- Theme:
- Softic
- Theme Slug:
- softic
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Solio
- Theme:
- Solio
- Theme Slug:
- solio
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
StevenWatkins
- Theme:
- StevenWatkins
- Theme Slug:
- steven-watkins
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Stratego
- Theme:
- Stratego
- Theme Slug:
- stratego
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Studeon
- Theme:
- Studeon
- Theme Slug:
- studeon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Tantra
- Theme:
- Tantra
- Theme Slug:
- tantra
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Tax Help
- Theme:
- Tax Help
- Theme Slug:
- tax-help
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Translang
- Theme:
- Translang
- Theme Slug:
- translang
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Travesia
- Theme:
- Travesia
- Theme Slug:
- travesia
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Vagabonds
- Theme:
- Vagabonds
- Theme Slug:
- vagabonds
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Wine House
- Theme:
- Wine House
- Theme Slug:
- wine-house
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Wise Move
- Theme:
- Wise Move
- Theme Slug:
- wisemove
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
WotaHub
- Theme:
- WotaHub
- Theme Slug:
- wotahub
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2025-26592
Goza
- Theme:
- Goza
- Theme Slug:
- goza-theme
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.2.3
- Severity Score:
- High
- CVE:
- 2025-10134
Goza
- Theme:
- Goza
- Theme Slug:
- goza-theme
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.2.3
- Severity Score:
- Critical
- CVE:
- 2025-5394
Mow
- Theme:
- Mow
- Theme Slug:
- mow
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.11
- Severity Score:
- Critical
- CVE:
- 2025-58997
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
