WordPress Vulnerability Report � January 15, 2025

In this report, 374 vulnerabilities have been publicly disclosed. Security patches for 126 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 248 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

WordPress Plugins � 123 Patched / 219 Unpatched

Plugin:: Smart Custom Fields
Plugin Slug:: smart-custom-fields
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22308

Plugin:: Gutentor � Gutenberg Blocks � Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22293

Plugin:: Link Whisper Free
Plugin Slug:: link-whisper
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22306

Plugin:: WP Visitor Statistics (Real Time Traffic)
Plugin Slug:: wp-stats-manager
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22304

Plugin:: Thim Elementor Kit
Plugin Slug:: thim-elementor-kit
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22312

Plugin:: Duplicate Post, Page and Any Custom Post
Plugin Slug:: duplicate-pp
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12538

Plugin:: TemplatesNext ToolKit
Plugin Slug:: templatesnext-toolkit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22310

Plugin:: WP FullCalendar
Plugin Slug:: wp-fullcalendar
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22261

Plugin:: CoDesigner � All in One Elementor WooCommerce Builder
Plugin Slug:: woolementor
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22788

Plugin:: Product Table for WooCommerce by CodeAstrology (wooproducttable.com)
Plugin Slug:: woo-product-table
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22307

Plugin:: Hash Elements
Plugin Slug:: hash-elements
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22296

Plugin:: PayU CommercePro Plugin
Plugin Slug:: payu-india
Installations: 6,000+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12264

Plugin:: WP Travel � Ultimate Travel Booking System, Tour Management Engine
Plugin Slug:: wp-travel
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12067

Plugin:: Button Block � Get fully customizable & multi-functional buttons
Plugin Slug:: button-block
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22815

Plugin:: Design for Contact Form 7 Style WordPress Plugin � CF7 WOW Styler
Plugin Slug:: cf7-styler
Installations: 4,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12419

Plugin:: CubeWP Forms � All-in-One Form Builder
Plugin Slug:: cubewp-forms
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-51651

Plugin:: Widgetize Pages Light
Plugin Slug:: widgetize-pages-light
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22313

Plugin:: Food Store � Online Food Delivery & Pickup
Plugin Slug:: food-store
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22314

Plugin:: School Management System � WPSchoolPress
Plugin Slug:: wpschoolpress
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12332

Plugin:: Post Grid Master � Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:: ajax-filter-posts
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-11642

Plugin:: Bold pagos en linea
Plugin Slug:: bold-pagos-en-linea
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22793

Plugin:: Bus Ticket Booking with Seat Reservation � WpBusTicketly | WordPress plugin
Plugin Slug:: bus-ticket-booking-with-seat-reservation
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-49294

Plugin:: Hero Banner Ultimate
Plugin Slug:: hero-banner-ultimate
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22305

Plugin:: Typing Text
Plugin Slug:: typing-text
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22315

Plugin:: FancyPost � Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor
Plugin Slug:: post-block
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10536

Plugin:: Ukrposhta
Plugin Slug:: woo-ukrposhta
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12049

Plugin:: Build App Online
Plugin Slug:: build-app-online
Installations: 700+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-49649

Plugin:: CLUEVO LMS, E-Learning Platform
Plugin Slug:: cluevo-lms
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11328

Plugin:: WordLift � AI powered SEO � Schema
Plugin Slug:: wordlift
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12176

Plugin:: SMSA Shipping (official)
Plugin Slug:: smsa-shipping-official
Installations: 500+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49249

Plugin:: WP Youtube Gallery
Plugin Slug:: wp-youtube-gallery
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12590

Plugin:: Chatroll Live Chat
Plugin Slug:: chatroll-live-chat
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12464

Plugin:: Deliver via Shipos for WooCommerce
Plugin Slug:: wc-shipos-delivery
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12222

Plugin:: SimplyRETS Real Estate IDX
Plugin Slug:: simply-rets
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12491

Plugin:: ThePerfectWedding.nl Widget
Plugin Slug:: theperfectweddingnl-widget
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12322

Plugin:: Rezgo Online Booking
Plugin Slug:: rezgo
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53800

Plugin:: Course Booking System
Plugin Slug:: course-booking-system
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-22785

Plugin:: Horoscope And Tarot
Plugin Slug:: horoscope-and-tarot
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11337

Plugin:: Neon Product Designer
Plugin Slug:: neon-product-designer-for-woocommerce
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22799

Plugin:: WR Price List Manager For Woocommerce
Plugin Slug:: wr-price-list-for-woocommerce
Installations: 100+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-22782

Plugin:: YOGO Booking
Plugin Slug:: yogo-booking
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12462

Plugin:: Responsive jQuery Slider
Plugin Slug:: responsive-jquery-slider
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22798

Plugin:: WooCommerce Digital Content Delivery (incl. DRM) � FlickRocket
Plugin Slug:: woocommerce-digital-content-delivery-with-drm-flickrocket
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12438

Plugin:: ARS Affiliate Page Plugin
Plugin Slug:: ars-affiliate-page
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12098

Plugin:: Gallery and Lightbox
Plugin Slug:: gallery-and-lightbox
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22797

Plugin:: Infility Global
Plugin Slug:: infility-global
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11496

Plugin:: Chative Live chat and Chatbot
Plugin Slug:: chative-live-chat-and-chatbot
Installations: 50+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12541

Plugin:: 1003 Mortgage Application
Plugin Slug:: 1003-mortgage-application
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22592

Plugin:: 1003 Mortgage Application
Plugin Slug:: 1003-mortgage-application
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22591

Plugin:: 3DVieweronline
Plugin Slug:: 3dvieweronline-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12514

Plugin:: 4ECPS Web Forms
Plugin Slug:: 4ecps-webforms
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-22504

Plugin:: Accordion Slider Lite
Plugin Slug:: accordion-slider-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11892

Plugin:: AddFunc Mobile Detect
Plugin Slug:: addfunc-mobile-detect
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22550

Plugin:: Affiliate Disclosure Statement
Plugin Slug:: affiliate-disclosure-statement
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22552

Plugin:: Elementor AI Addons
Plugin Slug:: ai-addons-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12140

Plugin:: AI Scribe
Plugin Slug:: ai-scribe-the-chatgpt-powered-seo-content-creation-wizard
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12606

Plugin:: AI Scribe
Plugin Slug:: ai-scribe-the-chatgpt-powered-seo-content-creation-wizard
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12473

Plugin:: AI Scribe
Plugin Slug:: ai-scribe-the-chatgpt-powered-seo-content-creation-wizard
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12605

Plugin:: Aklamator INfeed
Plugin Slug:: aklamator-infeed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12731

Plugin:: Aklamator INfeed
Plugin Slug:: aklamator-infeed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12717

Plugin:: Alpha Price Table For Elementor
Plugin Slug:: alpha-price-table-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22500

Plugin:: Arcade Ready
Plugin Slug:: arcadeready
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22581

Plugin:: Asgard Security Scanner
Plugin Slug:: asgard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12715

Plugin:: Background Control
Plugin Slug:: background-control
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22784

Plugin:: Backlink Monitoring Manager
Plugin Slug:: backlink-monitoring-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12714

Plugin:: Better User Shortcodes
Plugin Slug:: better-user-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22594

Plugin:: Biltorvet Dealer Tools
Plugin Slug:: biltorvet-dealer-tools
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22580

Plugin:: Bizapp for WooCommerce
Plugin Slug:: bizapp-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11378

Plugin:: Booking and Rental Manager
Plugin Slug:: booking-and-rental-manager-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12412

Plugin:: BP Profile Shortcodes Extra
Plugin Slug:: bp-profile-shortcodes-extra
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22817

Plugin:: BU Section Editing
Plugin Slug:: bu-section-editing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12736

Plugin:: Candifly
Plugin Slug:: candifly
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12440

Plugin:: Chat Support for Viber
Plugin Slug:: chat-viber
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12457

Plugin:: ClickDesigns
Plugin Slug:: clickdesigns
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12559

Plugin:: Common Ninja
Plugin Slug:: common-ninja
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11382

Plugin:: Contact Form Master � by Edmon
Plugin Slug:: contact-form-master
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12587

Plugin:: Custom DataBase Tables
Plugin Slug:: custom-database-tables
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22539

Plugin:: Dominion � Domain Checker for WPBakery
Plugin Slug:: dominion-domain-checker-wpbakery-addon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12520

Plugin:: Donation Block For PayPal
Plugin Slug:: donations-block
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22525

Plugin:: S3Player � WooCommerce & Elementor Integration
Plugin Slug:: drm-protected-video-streaming
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22818

Plugin:: Admin debug wordpress � enable debug
Plugin Slug:: dzs-enable-debug
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22503

Plugin:: eDoc Easy Tables
Plugin Slug:: edoc-easy-tables
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22519

Plugin:: Emailing Subscription
Plugin Slug:: email-suscripcion
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-22540

Plugin:: Enable Accessibility
Plugin Slug:: enable-accessibility
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9208

Plugin:: Essential WP Real Estate
Plugin Slug:: essential-wp-real-estate
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13318

Plugin:: WP Delete Post Copies
Plugin Slug:: etruel-del-post-copies
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22541

Plugin:: FAT Event Lite
Plugin Slug:: fat-event-lite
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22508

Plugin:: Featured Page Widget
Plugin Slug:: featured-page-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22569

Plugin:: Files Download Delay
Plugin Slug:: files-download-delay
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12493

Plugin:: Formaloo Form Maker
Plugin Slug:: formaloo-form-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11934

Plugin:: GatorMail SmartForms
Plugin Slug:: gatormail-smart-forms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11386

Plugin:: GDY Modular Content
Plugin Slug:: gdy-modular-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12153

Plugin:: Genesis Style Shortcodes
Plugin Slug:: genesis-style-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22823

Plugin:: Geo Content
Plugin Slug:: geo-targetly-geo-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11887

Plugin:: Google Maps Travel Route
Plugin Slug:: google-maps-travel-route
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22537

Plugin:: Grid Accordion Lite
Plugin Slug:: grid-accordion-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11874

Plugin:: GS Insever Portfolio
Plugin Slug:: gs-instagram-portfolio
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12249

Plugin:: Help Scout
Plugin Slug:: help-scout
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22512

Plugin:: Homey Login Register
Plugin Slug:: homey-login-register
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-51888

Plugin:: Host PHP Info
Plugin Slug:: host-php-info
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12535

Plugin:: Huurkalender WP
Plugin Slug:: huurkalender-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22528

Plugin:: ???? ???? ?? ????
Plugin Slug:: iamport-payment
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22530

Plugin:: Icons Enricher
Plugin Slug:: icons-enricher
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22573

Plugin:: ICS Button
Plugin Slug:: ics-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22574

Plugin:: iframe to embed
Plugin Slug:: iframe-to-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22545

Plugin:: Inline Tweets
Plugin Slug:: inline-tweets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22570

Plugin:: Instabot
Plugin Slug:: instabot
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22571

Plugin:: CF Internal Link Shortcode
Plugin Slug:: internal-link-shortcode
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12404

Plugin:: JK Html To Pdf
Plugin Slug:: jk-html-to-pdf
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22547

Plugin:: jQuery TwentyTwenty
Plugin Slug:: js-twentytwenty
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22546

Plugin:: Justified Image Gallery
Plugin Slug:: justified-image-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22518

Plugin:: KNR Author List Widget
Plugin Slug:: knr-author-list-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22514

Plugin:: Laika Pedigree Tree
Plugin Slug:: laika-pedigree-tree
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22593

Plugin:: LazyLoad Background Images
Plugin Slug:: lazyload-background-images
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12327

Plugin:: ldap_login_password_and_role_manager
Plugin Slug:: ldap-login-password-and-role-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22548

Plugin:: linkID
Plugin Slug:: linkid
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12542

Plugin:: List Pages at Depth
Plugin Slug:: list-pages-at-depth
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22517

Plugin:: Live Flight Radar
Plugin Slug:: live-flight-radar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22824

Plugin:: Financial Stocks & Crypto Market Data Plugin
Plugin Slug:: live-stock-prices-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11690

Plugin:: LucidLMS
Plugin Slug:: lucidlms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22498

Plugin:: WhatsApp click to chat
Plugin Slug:: manycontacts-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11686

Plugin:: Marketplace Items
Plugin Slug:: marketplace-items
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12437

Plugin:: Muslim Prayer Time-Salah/Iqamah
Plugin Slug:: masjidal
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12515

Plugin:: mcjh button shortcode
Plugin Slug:: mcjh-button-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22558

Plugin:: Member Access
Plugin Slug:: member-access
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11290

Plugin:: Metadata SEO
Plugin Slug:: metadata-seo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22516

Plugin:: Meteor Slides
Plugin Slug:: meteor-slides
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12073

Plugin:: MIMO Woocommerce Order Tracking
Plugin Slug:: mimo-woocommerce-order-tracking
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5769

Plugin:: Mind Doodle Visual Sitemaps & Tasks
Plugin Slug:: mind-doodle-sitemap
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22544

Plugin:: MindValley Super PageMash
Plugin Slug:: mindvalley-pagemash
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22502

Plugin:: Muzaara Google Ads Report
Plugin Slug:: muzaara-adwords-optimize-dashboard
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12159

Plugin:: NC Wishlist for Woocommerce
Plugin Slug:: nc-wishlist-for-woocommerce
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22505

Plugin:: Newsletter2Go
Plugin Slug:: newsletter2go
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12618

Plugin:: PayGreen Payment Gateway
Plugin Slug:: paygreen-payment-gateway
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11810

Plugin:: Perfect Portal Widgets
Plugin Slug:: perfect-portal-widgets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12527

Plugin:: PIXNET
Plugin Slug:: pixnet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11338

Plugin:: Post And Page Reactions
Plugin Slug:: post-and-page-reactions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22568

Plugin:: PostLists
Plugin Slug:: postlists
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10815

Plugin:: Prayer Times Anywhere
Plugin Slug:: prayer-times-anywhere
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22590

Plugin:: Pretty Url
Plugin Slug:: pretty-url
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22563

Plugin:: Qr Code and Barcode Scanner Reader
Plugin Slug:: qr-code-and-barcode-scanner-reader
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22819

Plugin:: Quote Tweet
Plugin Slug:: quote-tweet
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22589

Plugin:: ResAds
Plugin Slug:: resads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12122

Plugin:: Responsive FlipBook
Plugin Slug:: responsive-flipbook
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11929

Plugin:: RightMessage WP
Plugin Slug:: rightmessage
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12445

Plugin:: RRAddons for Elementor
Plugin Slug:: rrdevs-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11915

Plugin:: School Management System � SakolaWP
Plugin Slug:: sakolawp-lite
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12470

Plugin:: Same but Different � Related Posts by Taxonomy
Plugin Slug:: same-but-different
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11363

Plugin:: Saoshyant Page Builder
Plugin Slug:: saoshyant-page-builder
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22560

Plugin:: Scan External Links
Plugin Slug:: scan-external-links
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22583

Plugin:: Searchie
Plugin Slug:: searchie
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12819

Plugin:: Sell Digital Downloads
Plugin Slug:: sell-digital-downloads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22826

Plugin:: Sell Media
Plugin Slug:: sell-media
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11777

Plugin:: Sellsy
Plugin Slug:: sellsy
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12592

Plugin:: SEO LAT Auto Post
Plugin Slug:: seo-beginner-auto-post
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12252

Plugin:: SEO Bulk Editor
Plugin Slug:: seo-bulk-editor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22587

Plugin:: seo-keywords
Plugin Slug:: seo-keywords
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12126

Plugin:: Show Google Analytics widget
Plugin Slug:: show-google-analytics-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22515

Plugin:: Simple Add Pages or Posts
Plugin Slug:: simple-add-pages-or-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12288

Plugin:: Simple Photo Sphere
Plugin Slug:: simple-photo-sphere
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22532

Plugin:: SingSong
Plugin Slug:: singsong
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22522

Plugin:: Site PIN
Plugin Slug:: site-pin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22576

Plugin:: Slides & Presentations
Plugin Slug:: slide
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22511

Plugin:: Slides & Presentations
Plugin Slug:: slide
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22534

Plugin:: Slider Pro Lite
Plugin Slug:: slider-pro-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11899

Plugin:: Smart Agenda
Plugin Slug:: smart-agenda-prise-de-rendez-vous-en-ligne
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22506

Plugin:: SmartEmailing.cz
Plugin Slug:: smartemailing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12261

Plugin:: Smoothness Slider Shortcode
Plugin Slug:: smoothness-slider-shortcode
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22555

Plugin:: Social Rocket
Plugin Slug:: social-rocket
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9702

Plugin:: Social Rocket
Plugin Slug:: social-rocket
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9697

Plugin:: Spacer
Plugin Slug:: spacer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2024-10527

Plugin:: Legacy ePlayer
Plugin Slug:: sportspress-tv
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22572

Plugin:: ST Gallery WP
Plugin Slug:: st-gallery-wp
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22543

Plugin:: SweepWidget Contests, Giveaways, Photo Contests, Competitions
Plugin Slug:: sweepwidget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11756

Plugin:: Tabs Shortcode
Plugin Slug:: tabs-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11606

Plugin:: Themes Coder
Plugin Slug:: tc-ecommerce
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12402

Plugin:: TCBD Auto Refresher
Plugin Slug:: tcbd-auto-refresher
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12519

Plugin:: Timeline Designer
Plugin Slug:: timeline-designer
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11437

Plugin:: Toggles Shortcode and Widget
Plugin Slug:: toggles-shortcode-and-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12207

Plugin:: TRUSTist REVIEWer
Plugin Slug:: trustist-reviewer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22567

Plugin:: TubePress.NET
Plugin Slug:: tubepressnet
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22559

Plugin:: Ultimate Image Hover Effects
Plugin Slug:: ultimate-image-hover-effects
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22585

Plugin:: Popup � MailChimp, GetResponse and ActiveCampaign Intergrations
Plugin Slug:: ultimate-popup-creator
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12158

Plugin:: Unlimited Theme Addon For Elementor and WooCommerce
Plugin Slug:: unlimited-theme-addons
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12116

Plugin:: Uptime Robot
Plugin Slug:: uptime-robot
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22582

Plugin:: Urdu Formatter � Shamil
Plugin Slug:: urdu-formatter-shamil
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22531

Plugin:: Video Embed Optimizer
Plugin Slug:: video-embed-optimizer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22554

Plugin:: ViewMedica 9
Plugin Slug:: viewmedica
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12291

Plugin:: ViewMedica 9
Plugin Slug:: viewmedica
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12170

Plugin:: Virtual Bot
Plugin Slug:: virtual-bot
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-22542

Plugin:: Virtual Bot
Plugin Slug:: virtual-bot
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22538

Plugin:: VR Views
Plugin Slug:: vr-views
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22820

Plugin:: WC1C
Plugin Slug:: wc1c-main
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11375

Plugin:: WE Blocks
Plugin Slug:: we-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22529

Plugin:: Binary MLM Woocommerce
Plugin Slug:: woo-binary-mlm
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12383

Plugin:: Woocommerce check pincode/zipcode for shipping
Plugin Slug:: woocommerce-check-pincode-zipcode-for-shipping
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12218

Plugin:: Scanventory
Plugin Slug:: woocommerce-inventory-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22588

Plugin:: WOOEXIM
Plugin Slug:: wooexim
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22533

Plugin:: Live Sales Notification for Woocommerce – Woomotiv
Plugin Slug:: woomotiv
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12416

Plugin:: Able Player
Plugin Slug:: wp-able-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22577

Plugin:: Bitly
Plugin Slug:: wp-bitly
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12616

Plugin:: WP Cookie
Plugin Slug:: wp-cookie
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22578

Plugin:: wp custom countdown
Plugin Slug:: wp-custom-countdown
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22822

Plugin:: Title Experiments Free
Plugin Slug:: wp-experiments-free
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22561

Plugin:: Title Experiments Free
Plugin Slug:: wp-experiments-free
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22562

Plugin:: WP Github
Plugin Slug:: wp-github
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22549

Plugin:: WP Header Notification
Plugin Slug:: wp-header-notification
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22579

Plugin:: wp Hosting Performance Check
Plugin Slug:: wp-hosting-performance-check
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22521

Plugin:: WP Joomag
Plugin Slug:: wp-joomag
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22827

Plugin:: Mailing Group Listserv
Plugin Slug:: wp-mailing-group
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22595

Plugin:: Mailing Group Listserv
Plugin Slug:: wp-mailing-group
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22527

Plugin:: WP Music Player
Plugin Slug:: wp-music-player
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22536

Plugin:: WP SPID Italia
Plugin Slug:: wp-spid-italia
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11758

Plugin:: WPEX Replace DB Urls
Plugin Slug:: wpex-replace
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22586

Plugin:: WPListCal
Plugin Slug:: wplistcal
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22535

Plugin:: News Publisher Autopilot
Plugin Slug:: wpm-news-api
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22557

Plugin:: WPMU Prefill Post
Plugin Slug:: wpmu-prefill-post
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22507

Plugin:: Custom Product Tabs for WooCommerce
Plugin Slug:: yikes-inc-easy-custom-woocommerce-product-tabs
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11465

Plugin:: Yumpu ePaper publishing
Plugin Slug:: yumpu-epaper-publishing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12621

Plugin:: UpdraftPlus: WP Backup & Migration Plugin
Plugin Slug:: updraftplus
Installations: 3,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.24.12
Severity Score:: High
CVE:: 2024-10957

Plugin:: W3 Total Cache
Plugin Slug:: w3-total-cache
Installations: 1,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-12008

Plugin:: W3 Total Cache
Plugin Slug:: w3-total-cache
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-12006

Plugin:: W3 Total Cache
Plugin Slug:: w3-total-cache
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-12365

Plugin:: Page Builder by SiteOrigin
Plugin Slug:: siteorigin-panels
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.31.1
Severity Score:: Medium
CVE:: 2024-12240

Plugin:: PixelYourSite � Your smart PIXEL (TAG) & API Manager
Plugin Slug:: pixelyoursite
Installations: 500,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 10.0.2
Severity Score:: Medium
CVE:: 2025-22300

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1007
Severity Score:: High
CVE:: 2025-0393

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.15.2
Severity Score:: Medium
CVE:: 2024-12852

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.3
Severity Score:: Medium
CVE:: 2024-12304

Plugin:: Post SMTP � WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications � Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.12
Severity Score:: Medium
CVE:: 2025-22800

Plugin:: InfiniteWP Client
Plugin Slug:: iwp-client
Installations: 200,000+
Vulnerability:: Directory Traversal
Patched in Version:: 1.13.1
Severity Score:: Medium
CVE:: 2024-10585

Plugin:: Post Duplicator
Plugin Slug:: post-duplicator
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.37
Severity Score:: Medium
CVE:: 2024-12472

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.44
Severity Score:: Medium
CVE:: 2024-13183

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.44
Severity Score:: Medium
CVE:: 2025-0311

Plugin:: Dear Flipbook � PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer
Plugin Slug:: 3d-flipbook-dflip-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.53
Severity Score:: Medium
CVE:: 2024-11830

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.15
Severity Score:: Medium
CVE:: 2024-12851

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.1
Severity Score:: Medium
CVE:: 2024-12045

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.19.4
Severity Score:: Critical
CVE:: 2025-22777

Plugin:: Modula Image Gallery
Plugin Slug:: modula-best-grid-gallery
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.11.11
Severity Score:: Critical
CVE:: 2024-12853

Plugin:: Pods � Custom Content Types and Fields
Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.8.1
Severity Score:: Medium
CVE:: 2024-11849

Plugin:: Jupiter X Core
Plugin Slug:: jupiterx-core
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.8.6
Severity Score:: Medium
CVE:: 2024-12316

Plugin:: Jupiter X Core
Plugin Slug:: jupiterx-core
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.8.6
Severity Score:: Medium
CVE:: 2024-12033

Plugin:: Email Subscribers by Icegram Express � Affordable, Powerful Email Marketing for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.45
Severity Score:: Medium
CVE:: 2024-11636

Plugin:: Email Subscribers by Icegram Express � Affordable, Powerful Email Marketing for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.44
Severity Score:: High
CVE:: 2024-12311

Plugin:: WP Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.9.3
Severity Score:: Medium
CVE:: 2024-13323

Plugin:: Category Posts Widget
Plugin Slug:: category-posts
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.18
Severity Score:: Medium
CVE:: 2024-9638

Plugin:: User Profile Builder � Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.0
Severity Score:: High
CVE:: 2024-12738

Plugin:: Photo Gallery, Images, Slider in Rbs Image Gallery
Plugin Slug:: robo-gallery
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.22
Severity Score:: Medium
CVE:: 2024-10102

Plugin:: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2024-12624

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.0.1
Severity Score:: Medium
CVE:: 2024-6155

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.5
Severity Score:: Medium
CVE:: 2024-12205

Plugin:: WP Database Backup � Unlimited Database & Files Backup by Backup for WP
Plugin Slug:: wp-database-backup
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.4
Severity Score:: High
CVE:: 2024-12330

Plugin:: HTML5 Video Player � mp4 Video Player Plugin and Block
Plugin Slug:: html5-video-player
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.36
Severity Score:: Medium
CVE:: 2024-13156

Plugin:: Master Addons � Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6.8
Severity Score:: Medium
CVE:: 2024-9502

Plugin:: SureForms � Drag and Drop Form Builder for WordPress
Plugin Slug:: sureforms
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-12713

Plugin:: Appointment Booking Calendar Plugin and Scheduling Plugin � BookingPress
Plugin Slug:: bookingpress-appointment-booking
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.23
Severity Score:: Medium
CVE:: 2024-12274

Plugin:: Icegram Engage � Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.32
Severity Score:: Medium
CVE:: 2024-12302

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 4.25.0
Severity Score:: Critical
CVE:: 2024-11613

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Path Traversal
Patched in Version:: 4.24.14
Severity Score:: High
CVE:: 2024-9939

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 4.24.14
Severity Score:: Critical
CVE:: 2024-11635

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.25.0
Severity Score:: Medium
CVE:: 2024-12719

Plugin:: 140+ Widgets | Xpro Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.6.3
Severity Score:: Medium
CVE:: 2024-12584

Plugin:: Passster � Password Protect Pages and Content
Plugin Slug:: content-protector
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.2.11
Severity Score:: Medium
CVE:: 2024-11282

Plugin:: Export Import Menus
Plugin Slug:: export-import-menus
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.2
Severity Score:: Medium
CVE:: 2024-10866

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.13.8
Severity Score:: Critical
CVE:: 2024-12919

Plugin:: Ultimate Gift Cards for WooCommerce � Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates
Plugin Slug:: woo-gift-cards-lite
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-11423

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.2.6
Severity Score:: Medium
CVE:: 2024-12131

Plugin:: Author Avatars List/Block
Plugin Slug:: author-avatars
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.24
Severity Score:: Medium
CVE:: 2025-22804

Plugin:: Auto iFrame
Plugin Slug:: auto-iframe
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-10151

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.7
Severity Score:: High
CVE:: 2025-22786

Plugin:: SMS Alert Order Notifications � WooCommerce
Plugin Slug:: sms-alert
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.7
Severity Score:: High
CVE:: 2024-11725

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.9
Severity Score:: Medium
CVE:: 2024-12712

Plugin:: Booking calendar, Appointment Booking System
Plugin Slug:: booking-calendar
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.20
Severity Score:: High
CVE:: 2024-12077

Plugin:: Button Block � Get fully customizable & multi-functional buttons
Plugin Slug:: button-block
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2025-22787

Plugin:: Garden Gnome Package
Plugin Slug:: garden-gnome-package
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.4.0
Severity Score:: Critical
CVE:: 2024-12854

Plugin:: Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress
Plugin Slug:: quillforms
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.0
Severity Score:: Medium
CVE:: 2024-11826

Plugin:: RSVP and Event Management
Plugin Slug:: rsvp
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.14
Severity Score:: Medium
CVE:: 2024-12711

Plugin:: News Ticker Widget for Elementor
Plugin Slug:: news-ticker-widget-for-elementor
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2025-22812

Plugin:: Property Hive
Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.1
Severity Score:: High
CVE:: 2024-12585

Plugin:: SKT Page Builder
Plugin Slug:: skt-builder
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.8
Severity Score:: Critical
CVE:: 2024-12848

Plugin:: SpeakOut! Email Petitions
Plugin Slug:: speakout
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.0
Severity Score:: Medium
CVE:: 2025-22309

Plugin:: Easy Form Builder � WordPress plugin form builder: contact form, survey form, payment form, and custom form builder
Plugin Slug:: easy-form-builder
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.9
Severity Score:: Medium
CVE:: 2024-12112

Plugin:: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner � Groundhogg
Plugin Slug:: groundhogg
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.7.3.6
Severity Score:: Critical
CVE:: 2025-0394

Plugin:: MyBookTable Bookstore by Stormhill Media
Plugin Slug:: mybooktable
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2025-22301

Plugin:: WordPress form builder plugin for contact forms, surveys and quizzes � Tripetto
Plugin Slug:: tripetto
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.0.7
Severity Score:: High
CVE:: 2025-22295

Plugin:: WC Price History
Plugin Slug:: wc-price-history
Installations: 2,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.1.5
Severity Score:: High
CVE:: 2025-22510

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: Medium
CVE:: 2025-22316

Plugin:: WP Wand � AI Writer, AI Content Generator & AI Assistant by ChatGPT, OpenAI | Generate SEO Friendly AI Blog Post & Article with 20X Speed
Plugin Slug:: ai-content-generation
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2025-22302

Plugin:: AI WP Writer � automatic content creator, ChatGPT, GPT-4, Dalle 3, FLUX
Plugin Slug:: ai-wp-writer
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.4.5
Severity Score:: Medium
CVE:: 2025-22297

Plugin:: Black Widgets For Elementor
Plugin Slug:: black-widgets
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2025-22806

Plugin:: ChatBot Conversational Forms
Plugin Slug:: conversational-forms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2025-22813

Plugin:: Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups
Plugin Slug:: coupon-x-discount-pop-up
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.3.6
Severity Score:: High
CVE:: 2024-12627

Plugin:: Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups
Plugin Slug:: coupon-x-discount-pop-up
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-12204

Plugin:: DirectoryPress � Business Directory And Classified Ad Listing
Plugin Slug:: directorypress
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.6.20
Severity Score:: High
CVE:: 2024-49633

Plugin:: JoomSport � for Sports: Team & League, Football, Hockey & more
Plugin Slug:: joomsport-sports-league-results-management
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.18
Severity Score:: High
CVE:: 2024-12633

Plugin:: MT Addons for Elementor
Plugin Slug:: mt-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2025-22811

Plugin:: PDF Catalog Woocommerce
Plugin Slug:: pdf-catalog-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2025-22809

Plugin:: MDTF � Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.3.6
Severity Score:: High
CVE:: 2024-12030

Plugin:: WordPress Webinar Plugin � WebinarPress
Plugin Slug:: wp-webinarsystem
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.33.25
Severity Score:: Critical
CVE:: 2024-11270

Plugin:: The Ultimate WordPress Toolkit � WP Extended
Plugin Slug:: wpextended
Installations: 1,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.0.12
Severity Score:: Critical
CVE:: 2024-11816

Plugin:: The Ultimate WordPress Toolkit � WP Extended
Plugin Slug:: wpextended
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.12
Severity Score:: Medium
CVE:: 2024-11916

Plugin:: Custom Field For WP Job Manager
Plugin Slug:: custom-field-for-wp-job-manager
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: High
CVE:: 2025-22294

Plugin:: MAS Elementor
Plugin Slug:: mas-addons-for-elementor
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.8
Severity Score:: Medium
CVE:: 2024-12328

Plugin:: Advanced Product Information for WooCommerce
Plugin Slug:: woo-advanced-product-information
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2025-22803

Plugin:: Content Blocks Builder � Create block, variation, repeater block with carousel, grid, accordion, popup, off-canvas layout
Plugin Slug:: content-blocks-builder
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7
Severity Score:: Medium
CVE:: 2025-22810

Plugin:: ??? ??? ??? ?????
Plugin Slug:: formafzar
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2025-22524

Plugin:: AI for SEO � Bulk Generate Metadata, Alt Text, Image Titles, Captions, Descriptions
Plugin Slug:: ai-for-seo
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.10
Severity Score:: Medium
CVE:: 2025-22299

Plugin:: ClickWhale � Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
Plugin Slug:: clickwhale
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.2
Severity Score:: High
CVE:: 2024-51715

Plugin:: F4 Post Tree
Plugin Slug:: f4-tree
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.19
Severity Score:: High
CVE:: 2025-22499

Plugin:: Tock Widget
Plugin Slug:: tock-widget
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2
Severity Score:: High
CVE:: 2025-22520

Plugin:: Trackserver
Plugin Slug:: trackserver
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.3
Severity Score:: Medium
CVE:: 2024-12505

Plugin:: Service Box
Plugin Slug:: service-boxs
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-12699

Plugin:: Skill Bars
Plugin Slug:: skillbars
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2025-22805

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.18.0
Severity Score:: Medium
CVE:: 2025-22303

Plugin:: Zephyr Admin Theme
Plugin Slug:: zephyr-modern-admin-theme
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2025-22814

Plugin:: BWD Elementor Addons (2500+ presets, Meet The Team, Lottie, Lord Icon, Masking, Woocommerce, Theme Builder, Products, Blogs, CV, Contact Form 7 Styler, Header, Slider, Hero Section)
Plugin Slug:: bwd-elementor-addons
Installations: 300+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.3.19
Severity Score:: Medium
CVE:: 2024-12532

Plugin:: Coupon Plugin
Plugin Slug:: coupon-lite
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-12516

Plugin:: Responsive Flickr Slideshow
Plugin Slug:: mobile-friendly-flickr-slideshow
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.1
Severity Score:: Medium
CVE:: 2025-22807

Plugin:: Solar Wizard Lite
Plugin Slug:: solar-wizard-lite
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2024-11764

Plugin:: Transporters.io
Plugin Slug:: transportersio
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: High
CVE:: 2024-12557

Plugin:: Bootstrap Blocks for WP Editor v2
Plugin Slug:: wp-editor-bootstrap-blocks
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-12495

Plugin:: Free WooCommerce Theme 99fy Extension
Plugin Slug:: 99fy-core
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.9
Severity Score:: Medium
CVE:: 2025-22801

Plugin:: CC Canadian Mortgage Calculator
Plugin Slug:: cc-canadian-mortgage-calculator
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-11383

Plugin:: Slotti Ajanvaraus
Plugin Slug:: slotti-ajanvaraus
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-12521

Plugin:: Store credit / Gift cards for woocommerce
Plugin Slug:: store-credit-for-woocommerce
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.49.47
Severity Score:: High
CVE:: 2024-11369

Plugin:: Email Templates Customizer for WordPress � Drag And Drop Email Templates Builder � YeeMail
Plugin Slug:: yeemail
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2025-22802

Plugin:: Boot-Modal
Plugin Slug:: boot-modal
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.10
Severity Score:: Medium
CVE:: 2025-22551

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 90+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.6.6
Severity Score:: Critical
CVE:: 2024-10215

Plugin:: Norse Rune Oracle Plugin
Plugin Slug:: norse-runes-oracle
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.3
Severity Score:: High
CVE:: 2025-22556

Plugin:: Shipping via Planzer for WooCommerce
Plugin Slug:: wc-planzer-shipping
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.26
Severity Score:: High
CVE:: 2024-12337

Plugin:: Error Log Viewer By WP Guru
Plugin Slug:: error-log-viewer-wp
Installations: 70+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.0.4
Severity Score:: High
CVE:: 2024-12849

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2025-22298

Plugin:: Timeline Pro
Plugin Slug:: timeline-pro
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2025-22584

Plugin:: App Embed
Plugin Slug:: appizy-app-embed
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2024-11749

Plugin:: MIPL WC Multisite Sync � Synchronize WC Products, Orders, Customers & Coupons across multiple sites
Plugin Slug:: mipl-wc-multisite-sync
Installations: 50+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.1.6
Severity Score:: High
CVE:: 2024-12152

Plugin:: Compare Products for WooCommerce
Plugin Slug:: woocommerce-compare-products
Installations: 50+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.2.2
Severity Score:: Critical
CVE:: 2024-12313

Plugin:: SEMA API
Plugin Slug:: sema-api
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.30
Severity Score:: High
CVE:: 2024-12285

Plugin:: Surbma | Premium WP
Plugin Slug:: surbma-premium-wp
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.0
Severity Score:: Medium
CVE:: 2025-22808

Plugin:: Booking Calendar Pro (WpDevArt)
Plugin Slug:: booking-calendar-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.2.20
Severity Score:: High
CVE:: 2024-12077

Plugin:: Cost Calculator Builder Pro
Plugin Slug:: cost-calculator-builder-pro
Vulnerability:: SQL Injection
Patched in Version:: 3.2.16
Severity Score:: Critical
CVE:: 2024-11939

Plugin:: Croma Music
Plugin Slug:: croma-music
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.1
Severity Score:: High
CVE:: 2024-12202

Plugin:: Gift Cards for WooCommerce Pro
Plugin Slug:: gift-cards-for-woocommerce-pro
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.2
Severity Score:: High
CVE:: 2024-11423

Plugin:: Tourmaster
Plugin Slug:: tourmaster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.4
Severity Score:: High
CVE:: 2024-11356

WordPress Themes � 3 Patched / 29 Unpatched

Theme:: my money
Theme Slug:: my-money
Downloads: 20,130
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49269

Theme:: Power Mag
Theme Slug:: power-mag
Downloads: 13,803
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22816

Theme:: StorePress
Theme Slug:: storepress
Downloads: 53,724
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22821

Theme:: Aports – Single Property WordPress Theme
Theme Slug:: aports
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Boliin – Resort & Hotel Booking WordPress Theme
Theme Slug:: boliin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Constix – Construction Factory & Industrial WordPress Theme
Theme Slug:: constix
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Conult – Consulting Business WordPress Themes
Theme Slug:: conult
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Fioxen
Theme Slug:: fioxen
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: TheFude – Crowdfunding & Charity WordPress Theme
Theme Slug:: fude
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Gowilds – Travel & Tour Booking WordPress Theme
Theme Slug:: gowilds
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Halpes
Theme Slug:: halpes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Homey
Theme Slug:: homey
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-51800

Theme:: Js O3 Lite
Theme Slug:: js-o3-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22792

Theme:: Lestin – Directory Listing WordPress Theme
Theme Slug:: lestin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Modins – Insurance & Finance WordPress Theme
Theme Slug:: modins
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: moseter
Theme Slug:: moseter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22790

Theme:: my depressive
Theme Slug:: my-depressive
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49269

Theme:: my engine
Theme Slug:: my-engine
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49269

Theme:: offset writing
Theme Slug:: offset-writing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22791

Theme:: Orgarium – Agriculture & Organic Farm WordPress Theme
Theme Slug:: orgarium
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Paroti
Theme Slug:: paroti
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Pisole – Digital Creative Agency WordPress Theme
Theme Slug:: pisole
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: polka dots
Theme Slug:: polka-dots
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22789

Theme:: Qempo
Theme Slug:: qempo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Qizon – Crowdfunding & Charity WordPress Theme
Theme Slug:: qizon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Sominx – Creative Business Agency WordPress Theme
Theme Slug:: sominx
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Tevily – Travel & Tour Booking WordPress Theme
Theme Slug:: tevily
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: welowe
Theme Slug:: welowe
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: Zilom
Theme Slug:: zilom
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43334

Theme:: AdForest
Theme Slug:: adforest
Vulnerability:: Privilege Escalation
Patched in Version:: 5.1.7
Severity Score:: Critical
CVE:: 2024-11350

Theme:: AdForest
Theme Slug:: adforest
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.8
Severity Score:: High
CVE:: 2024-12855

Theme:: Aurum
Theme Slug:: aurum-minimalist-shopping-theme
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.3
Severity Score:: Medium
CVE:: 2024-12781