WordPress Vulnerability Report � January 8, 2025

In this report, 228 vulnerabilities have been publicly disclosed. Security patches for 97 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 131 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

WordPress Plugins � 95 Patched / 110 Unpatched

Plugin:: Smart Custom Fields
Plugin Slug:: smart-custom-fields
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22308

Plugin:: Gutentor � Gutenberg Blocks � Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22293

Plugin:: Link Whisper Free
Plugin Slug:: link-whisper
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22306

Plugin:: WP Visitor Statistics (Real Time Traffic)
Plugin Slug:: wp-stats-manager
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22304

Plugin:: Thim Elementor Kit
Plugin Slug:: thim-elementor-kit
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22312

Plugin:: MashShare � Social Media Share Buttons, Social Share Icons
Plugin Slug:: mashsharer
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22319

Plugin:: TemplatesNext ToolKit
Plugin Slug:: templatesnext-toolkit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22310

Plugin:: WP FullCalendar
Plugin Slug:: wp-fullcalendar
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22261

Plugin:: Product Table for WooCommerce by CodeAstrology (wooproducttable.com)
Plugin Slug:: woo-product-table
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22307

Plugin:: Hash Elements
Plugin Slug:: hash-elements
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22296

Plugin:: Design for Contact Form 7 Style WordPress Plugin � CF7 WOW Styler
Plugin Slug:: cf7-styler
Installations: 4,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12419

Plugin:: CubeWP Forms � All-in-One Form Builder
Plugin Slug:: cubewp-forms
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-51651

Plugin:: ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes
Plugin Slug:: elex-bulk-edit-products-prices-attributes-for-woocommerce-basic
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22352

Plugin:: SpeakOut! Email Petitions
Plugin Slug:: speakout
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22309

Plugin:: DynamicTags
Plugin Slug:: dynamictags
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22348

Plugin:: BSK Forms Blacklist
Plugin Slug:: bsk-gravityforms-blacklist
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22347

Plugin:: Bus Ticket Booking with Seat Reservation � WpBusTicketly | WordPress plugin
Plugin Slug:: bus-ticket-booking-with-seat-reservation
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49294

Plugin:: DirectoryPress � Business Directory And Classified Ad Listing
Plugin Slug:: directorypress
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49633

Plugin:: Hero Banner Ultimate
Plugin Slug:: hero-banner-ultimate
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22305

Plugin:: Typing Text
Plugin Slug:: typing-text
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22315

Plugin:: Custom Field For WP Job Manager
Plugin Slug:: custom-field-for-wp-job-manager
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22294

Plugin:: FancyPost � Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor
Plugin Slug:: post-block
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10536

Plugin:: Build App Online
Plugin Slug:: build-app-online
Installations: 700+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49649

Plugin:: WordLift � AI powered SEO � Schema
Plugin Slug:: wordlift
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12176

Plugin:: ClickWhale � Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
Plugin Slug:: clickwhale
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-51715

Plugin:: SMSA Shipping (official)
Plugin Slug:: smsa-shipping-official
Installations: 500+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49249

Plugin:: WP Youtube Gallery
Plugin Slug:: wp-youtube-gallery
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12590

Plugin:: ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons)
Plugin Slug:: css-for-elementor
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22321

Plugin:: NAVER Analytics
Plugin Slug:: naver-analytics
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-51700

Plugin:: ThePerfectWedding.nl Widget
Plugin Slug:: theperfectweddingnl-widget
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12322

Plugin:: Hide Category by User Role for WooCommerce
Plugin Slug:: hide-category-by-user-role-for-woocommerce
Installations: 200+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56272

Plugin:: Rezgo Online Booking
Plugin Slug:: rezgo
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53800

Plugin:: Standard Box Sizes � for WooCommerce
Plugin Slug:: standard-box-sizes
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22318

Plugin:: ARS Affiliate Page Plugin
Plugin Slug:: ars-affiliate-page
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12098

Plugin:: ProductDyno
Plugin Slug:: productdyno
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22320

Plugin:: SSL Wireless SMS Notification
Plugin Slug:: ssl-wireless-sms-notification
Installations: 70+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-56284

Plugin:: Image Hover Effects for Elementor
Plugin Slug:: image-hover-effects-elementor-addon
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22323

Plugin:: WP SecureSubmit
Plugin Slug:: securesubmit
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56271

Plugin:: WP SecureSubmit
Plugin Slug:: securesubmit
Installations: 60+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56270

Plugin:: Chative Live chat and Chatbot
Plugin Slug:: chative-live-chat-and-chatbot
Installations: 50+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12541

Plugin:: EO4WP: EmailOctopus for WordPress
Plugin Slug:: fw-integration-for-emailoctopus
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22327

Plugin:: 5centsCDN � WordPress CDN Plugin
Plugin Slug:: 5centscdn
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22326

Plugin:: ACH Invoicing Plugin
Plugin Slug:: ach-invoice-app
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22364

Plugin:: Contact Form 7 Database � CFDB7
Plugin Slug:: advanced-cf7-database
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22351

Plugin:: Wp advertising management
Plugin Slug:: advertising-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22358

Plugin:: AHAthat
Plugin Slug:: ahathat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12595

Plugin:: Allada T-shirt Designer for Woocommerce
Plugin Slug:: allada-tshirt-designer-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22363

Plugin:: ARPrice
Plugin Slug:: arprice
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49666

Plugin:: ARPrice
Plugin Slug:: arprice
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49655

Plugin:: ARPrice
Plugin Slug:: arprice
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49699

Plugin:: ARPrice
Plugin Slug:: arprice
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49688

Plugin:: Autocompleter
Plugin Slug:: autocompleter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22325

Plugin:: Bizapp for WooCommerce
Plugin Slug:: bizapp-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11378

Plugin:: BVD Easy Gallery Manager
Plugin Slug:: bvd-easy-gallery-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22353

Plugin:: Candifly
Plugin Slug:: candifly
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12440

Plugin:: Chatroll Live Chat
Plugin Slug:: chatroll-live-chat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12464

Plugin:: ClickDesigns
Plugin Slug:: clickdesigns
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12559

Plugin:: Common Ninja
Plugin Slug:: common-ninja
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11382

Plugin:: Duplicate Post, Page and Any Custom Post
Plugin Slug:: duplicate-pp
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12538

Plugin:: Elevio
Plugin Slug:: elevio
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22328

Plugin:: EMC2 Alert Boxes
Plugin Slug:: emc2-alert-boxes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22365

Plugin:: Enable Accessibility
Plugin Slug:: enable-accessibility
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9208

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-51818

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-51919

Plugin:: Formaloo Form Maker
Plugin Slug:: formaloo-form-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11934

Plugin:: GDY Modular Content
Plugin Slug:: gdy-modular-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12153

Plugin:: Geo Content
Plugin Slug:: geo-targetly-geo-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11887

Plugin:: Hero Mega Menu – Responsive WordPress Menu Plugin
Plugin Slug:: hmenu
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49333

Plugin:: Hero Mega Menu – Responsive WordPress Menu Plugin
Plugin Slug:: hmenu
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49303

Plugin:: Host PHP Info
Plugin Slug:: host-php-info
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12535

Plugin:: Ultimate Learning Pro
Plugin Slug:: indeed-learning-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22350

Plugin:: LazyLoad Background Images
Plugin Slug:: lazyload-background-images
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12327

Plugin:: Marketplace Items
Plugin Slug:: marketplace-items
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12437

Plugin:: Meteor Slides
Plugin Slug:: meteor-slides
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12073

Plugin:: MG Parallax Slider
Plugin Slug:: mg-parallax-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22330

Plugin:: Opencart Product in WP
Plugin Slug:: opencart-product-in-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22335

Plugin:: OZ Canonical
Plugin Slug:: oz-canonical
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22324

Plugin:: PayGreen Payment Gateway
Plugin Slug:: paygreen-payment-gateway
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11810

Plugin:: RightMessage WP
Plugin Slug:: rightmessage
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12445

Plugin:: Kikx Simple Post Author Filter
Plugin Slug:: sa-post-author-filter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22355

Plugin:: School Management System � SakolaWP
Plugin Slug:: sakolawp-lite
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12470

Plugin:: Sell Media
Plugin Slug:: sell-media
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11777

Plugin:: Sellsy
Plugin Slug:: sellsy
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12592

Plugin:: SEO LAT Auto Post
Plugin Slug:: seo-beginner-auto-post
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12252

Plugin:: Simple Add Pages or Posts
Plugin Slug:: simple-add-pages-or-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12288

Plugin:: Slider Pro Lite
Plugin Slug:: slider-pro-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11899

Plugin:: Social Rocket
Plugin Slug:: social-rocket
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9702

Plugin:: Social Rocket
Plugin Slug:: social-rocket
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9697

Plugin:: Spacer
Plugin Slug:: spacer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2024-10527

Plugin:: SweepWidget Contests, Giveaways, Photo Contests, Competitions
Plugin Slug:: sweepwidget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11756

Plugin:: SyncFields
Plugin Slug:: syncfields
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22359

Plugin:: WP-tagMaker
Plugin Slug:: tagmaker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22338

Plugin:: Target Notifications
Plugin Slug:: target-notifications
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22357

Plugin:: Themes Coder
Plugin Slug:: tc-ecommerce
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12402

Plugin:: Timeline Designer
Plugin Slug:: timeline-designer
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11437

Plugin:: Transporters.io
Plugin Slug:: transportersio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12557

Plugin:: Private Messages for UserPro
Plugin Slug:: userpro-messaging
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22311

Plugin:: ViewMedica 9
Plugin Slug:: viewmedica
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12291

Plugin:: ViewMedica 9
Plugin Slug:: viewmedica
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12170

Plugin:: WC1C
Plugin Slug:: wc1c-main
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11375

Plugin:: Wizhi Multi Filters by Wenprise
Plugin Slug:: wizhi-multi-filters
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22336

Plugin:: Binary MLM Woocommerce
Plugin Slug:: woo-binary-mlm
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12383

Plugin:: Woo Ukrposhta
Plugin Slug:: woo-ukrposhta
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12049

Plugin:: WooCommerce Digital Content Delivery (incl. DRM) � FlickRocket
Plugin Slug:: woocommerce-digital-content-delivery-with-drm-flickrocket
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12438

Plugin:: Live Sales Notification for Woocommerce – Woomotiv
Plugin Slug:: woomotiv
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12416

Plugin:: WordPress Auction Plugin
Plugin Slug:: wp-auctions
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22349

Plugin:: WP Simple Sitemap
Plugin Slug:: wp-simple-sitemap
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22342

Plugin:: WPAchievements Free
Plugin Slug:: wpachievements-free
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22362

Plugin:: wpSOL
Plugin Slug:: wpsol
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22343

Plugin:: Custom Product Tabs for WooCommerce
Plugin Slug:: yikes-inc-easy-custom-woocommerce-product-tabs
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11465

Plugin:: WPForms � Easy Form Builder for WordPress � Contact Forms, Payment Forms, Surveys, & More
Plugin Slug:: wpforms-lite
Installations: 6,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.2.3
Severity Score:: Medium
CVE:: 2024-56276

Plugin:: UpdraftPlus: WP Backup & Migration Plugin
Plugin Slug:: updraftplus
Installations: 3,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.24.12
Severity Score:: High
CVE:: 2024-10957

Plugin:: Envato Elements � Photos & Elementor Templates
Plugin Slug:: envato-elements
Installations: 1,000,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.15
Severity Score:: Medium
CVE:: 2024-56275

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 700,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 3.8.23
Severity Score:: Medium
CVE:: 2024-12238

Plugin:: Migration, Backup, Staging � WPvivid Backup & Migration
Plugin Slug:: wpvivid-backuprestore
Installations: 600,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.9.107
Severity Score:: Medium
CVE:: 2024-56273

Plugin:: PixelYourSite � Your smart PIXEL (TAG) & API Manager
Plugin Slug:: pixelyoursite
Installations: 500,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 10.0.2
Severity Score:: Medium
CVE:: 2025-22300

Plugin:: Astra Widgets
Plugin Slug:: astra-widgets
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.16
Severity Score:: Medium
CVE:: 2024-56274

Plugin:: Pods � Custom Content Types and Fields
Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.8.1
Severity Score:: Medium
CVE:: 2024-11849

Plugin:: WordPress Popular Posts
Plugin Slug:: wordpress-popular-posts
Installations: 100,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 7.2.0
Severity Score:: High
CVE:: 2024-11733

Plugin:: Backup Migration
Plugin Slug:: backup-backup
Installations: 80,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.4.6.1
Severity Score:: Critical
CVE:: 2024-10932

Plugin:: Email Subscribers by Icegram Express � Affordable, Powerful Email Marketing for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.44
Severity Score:: High
CVE:: 2024-12311

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.24
Severity Score:: High
CVE:: 2024-11974

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.32
Severity Score:: Medium
CVE:: 2025-22333

Plugin:: Compact WP Audio Player
Plugin Slug:: compact-wp-audio-player
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.9.15
Severity Score:: Medium
CVE:: 2024-56279

Plugin:: Master Addons � Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6.8
Severity Score:: Medium
CVE:: 2024-9502

Plugin:: Data Tables Generator by Supsystic
Plugin Slug:: data-tables-generator-by-supsystic
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.10.37
Severity Score:: Medium
CVE:: 2024-56253

Plugin:: Icegram Engage � Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.32
Severity Score:: Medium
CVE:: 2024-12302

Plugin:: MP3 Audio Player � Music Player, Podcast Player & Radio by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9
Severity Score:: Medium
CVE:: 2024-56266

Plugin:: Post Grid Elementor Addon
Plugin Slug:: post-grid-elementor-addon
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.19
Severity Score:: Medium
CVE:: 2024-56268

Plugin:: AFI � The Easiest Integration Plugin
Plugin Slug:: advanced-form-integration
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.97.0
Severity Score:: Medium
CVE:: 2024-56293

Plugin:: AyeCode Connect
Plugin Slug:: ayecode-connect
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2024-56255

Plugin:: Export Import Menus
Plugin Slug:: export-import-menus
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.2
Severity Score:: Medium
CVE:: 2024-10866

Plugin:: GeoDirectory � WP Business Directory Plugin and Classified Listings Directory
Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.85
Severity Score:: Medium
CVE:: 2024-56259

Plugin:: Mang Board WP
Plugin Slug:: mangboard
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.5
Severity Score:: High
CVE:: 2024-56296

Plugin:: WP Post Author � Boost Your Blog’s Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder
Plugin Slug:: wp-post-author
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.8.3
Severity Score:: High
CVE:: 2024-56247

Plugin:: Export All Posts, Products, Orders, Refunds & Users
Plugin Slug:: wp-ultimate-exporter
Installations: 10,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.9.2
Severity Score:: Critical
CVE:: 2024-56278

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.6.17
Severity Score:: High
CVE:: 2024-12195

Plugin:: Nexter Blocks � WordPress Gutenberg Blocks & 1000+ Starter Templates
Plugin Slug:: the-plus-addons-for-block-editor
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.8
Severity Score:: Medium
CVE:: 2024-56294

Plugin:: Nexter Blocks � WordPress Gutenberg Blocks & 1000+ Starter Templates
Plugin Slug:: the-plus-addons-for-block-editor
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.5
Severity Score:: Medium
CVE:: 2024-56246

Plugin:: WP Compress � Instant Performance & Speed Optimization
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.30.04
Severity Score:: High
CVE:: 2024-12047

Plugin:: WPSSO Core � Complete and Optimized Structured Data SEO
Plugin Slug:: wpsso
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 18.18.2
Severity Score:: Medium
CVE:: 2024-56243

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.2.5
Severity Score:: Medium
CVE:: 2024-12132

Plugin:: Arconix Shortcodes
Plugin Slug:: arconix-shortcodes
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.15
Severity Score:: Medium
CVE:: 2024-56242

Plugin:: Magazine Blocks � Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
Plugin Slug:: magazine-blocks
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.21
Severity Score:: Medium
CVE:: 2024-56258

Plugin:: WPKoi Templates for Elementor
Plugin Slug:: wpkoi-templates-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2024-56241

Plugin:: Ashe Extra
Plugin Slug:: ashe-extra
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-56244

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-56254

Plugin:: Classic Addons � WPBakery Page Builder
Plugin Slug:: classic-addons-wpbakery-page-builder-addons
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1
Severity Score:: High
CVE:: 2024-56286

Plugin:: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner � Groundhogg
Plugin Slug:: groundhogg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.3.4
Severity Score:: High
CVE:: 2024-56289

Plugin:: MyBookTable Bookstore by Stormhill Media
Plugin Slug:: mybooktable
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2025-22301

Plugin:: Premium Blocks � Gutenberg Blocks for WordPress
Plugin Slug:: premium-blocks-for-gutenberg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.43
Severity Score:: Medium
CVE:: 2024-56245

Plugin:: Pronamic Google Maps
Plugin Slug:: pronamic-google-maps
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.3
Severity Score:: Medium
CVE:: 2024-56240

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: Medium
CVE:: 2025-22316

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: Medium
CVE:: 2024-56285

Plugin:: WP Wand � AI Writer, AI Content Generator & AI Assistant by ChatGPT, OpenAI | Generate SEO Friendly AI Blog Post & Article with 20X Speed
Plugin Slug:: ai-content-generation
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2025-22302

Plugin:: AI WP Writer � automatic content creator, ChatGPT, GPT-4, Dalle 3, FLUX
Plugin Slug:: ai-wp-writer
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.4.5
Severity Score:: Medium
CVE:: 2025-22297

Plugin:: Accessibility by AllAccessible
Plugin Slug:: allaccessible
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.3.5
Severity Score:: High
CVE:: 2024-49644

Plugin:: Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery � Upload, Vote, Sell via PayPal, Social Share Buttons
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 24.0.4
Severity Score:: Medium
CVE:: 2024-56237

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-56252

Plugin:: Locatoraid Store Locator
Plugin Slug:: locatoraid
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.9.51
Severity Score:: High
CVE:: 2024-56283

Plugin:: ????? ?? ???? � ???? ?? ????
Plugin Slug:: pgall-for-woocommerce
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.2.2
Severity Score:: High
CVE:: 2024-56281

Plugin:: Themify Audio Dock
Plugin Slug:: themify-audio-dock
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.5
Severity Score:: Medium
CVE:: 2024-56239

Plugin:: WP Docs
Plugin Slug:: wp-docs
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-56288

Plugin:: Photo Gallery Slideshow & Masonry Tiled Gallery
Plugin Slug:: wp-responsive-photo-gallery
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.0.16
Severity Score:: Medium
CVE:: 2024-12237

Plugin:: WP Smart Import : Import any XML File to WordPress
Plugin Slug:: wp-smart-import
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2024-12701

Plugin:: ConvertCalculator for WordPress
Plugin Slug:: convertcalculator
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2024-56302

Plugin:: Event Espresso � Event Registration & Ticketing Sales
Plugin Slug:: event-espresso-decaf
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.0.31.decaf
Severity Score:: Medium
CVE:: 2024-56251

Plugin:: WP Social AutoConnect
Plugin Slug:: wp-fb-autoconnect
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.6.3
Severity Score:: High
CVE:: 2024-12279

Plugin:: Hestia Nginx Cache
Plugin Slug:: hestia-nginx-cache
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.1
Severity Score:: Medium
CVE:: 2024-56236

Plugin:: Dynamics 365 Integration
Plugin Slug:: integration-dynamics
Installations: 800+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.3.24
Severity Score:: Critical
CVE:: 2024-12583

Plugin:: Just Writing Statistics
Plugin Slug:: just-writing-statistics
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 4.8
Severity Score:: High
CVE:: 2024-56250

Plugin:: Taskbuilder � WordPress Project & Task Management plugin
Plugin Slug:: taskbuilder
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-11930

Plugin:: WP jQuery DataTable
Plugin Slug:: wp-jquery-datatable
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.0
Severity Score:: Medium
CVE:: 2024-56287

Plugin:: One to one user Chat by WPGuppy
Plugin Slug:: wpguppy-lite
Installations: 800+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.1.1
Severity Score:: High
CVE:: 2024-56280

Plugin:: One to one user Chat by WPGuppy
Plugin Slug:: wpguppy-lite
Installations: 800+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.1.1
Severity Score:: Critical
CVE:: 2024-49222

Plugin:: WPMasterToolKit (WPMTK) � All in one plugin
Plugin Slug:: wpmastertoolkit
Installations: 800+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.14.0
Severity Score:: Critical
CVE:: 2024-56249

Plugin:: WPMasterToolKit (WPMTK) � All in one plugin
Plugin Slug:: wpmastertoolkit
Installations: 800+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.14.0
Severity Score:: Medium
CVE:: 2024-56248

Plugin:: AI for SEO � Bulk Generate Metadata, Alt Text, Image Titles, Captions, Descriptions
Plugin Slug:: ai-for-seo
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.10
Severity Score:: Medium
CVE:: 2025-22299

Plugin:: Service Box
Plugin Slug:: service-boxs
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-12699

Plugin:: WP Multi Store Locator
Plugin Slug:: wp-multi-store-locator
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.6
Severity Score:: Medium
CVE:: 2024-12475

Plugin:: Scratch & Win � Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more
Plugin Slug:: scratch-win-giveaways-for-website-facebook
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2024-12545

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 300+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.18.0
Severity Score:: Medium
CVE:: 2025-22303

Plugin:: ACF City Selector
Plugin Slug:: acf-city-selector
Installations: 200+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.15.0
Severity Score:: Medium
CVE:: 2024-56264

Plugin:: CC Canadian Mortgage Calculator
Plugin Slug:: cc-canadian-mortgage-calculator
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-11383

Plugin:: Multiple Shipping And Billing Address For Woocommerce
Plugin Slug:: different-shipping-and-billing-address-for-woocommerce
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: 1.3
Severity Score:: Critical
CVE:: 2024-56290

Plugin:: Email Reminders
Plugin Slug:: email-reminders
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-56292

Plugin:: Project Showcase � A WordPress Plugin to Display Projects in Various Layouts
Plugin Slug:: gs-projects
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2024-56261

Plugin:: Post/Page Copying Tool to Export and Import post/page for Cross site Migration
Plugin Slug:: postpage-import-export-with-custom-fields-taxonomies
Installations: 200+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.1
Severity Score:: High
CVE:: 2024-56300

Plugin:: Turnkey bbPress by WeaverTheme
Plugin Slug:: weaver-for-bbpress
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: High
CVE:: 2024-12221

Plugin:: Interactive UK Map
Plugin Slug:: interactive-uk-map
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4.9
Severity Score:: High
CVE:: 2024-56267

Plugin:: JobBoard Job listing plugin
Plugin Slug:: job-board-light
Installations: 100+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.2.7
Severity Score:: Critical
CVE:: 2024-43243

Plugin:: Pretty Simple Popup Builder
Plugin Slug:: pretty-simple-popup-builder
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.10
Severity Score:: Medium
CVE:: 2024-56298

Plugin:: PlainInventory � Inventory Management Plugin
Plugin Slug:: z-inventory-manager
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1.7
Severity Score:: High
CVE:: 2024-56291

Plugin:: Notify Odoo
Plugin Slug:: notify-odoo
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.1
Severity Score:: High
CVE:: 2024-56299

Plugin:: Error Log Viewer By WP Guru
Plugin Slug:: error-log-viewer-wp
Installations: 80+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.0.4
Severity Score:: High
CVE:: 2024-12849

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2025-22298