WordPress Vulnerability Report � February 19, 2025

In this report, 230 vulnerabilities have been publicly disclosed. Security patches for 135 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 95 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.2 is now available! This minor release includes 35 bug fixes, addressing issues affecting multiple components including the block editor, HTML API, and Customize.

WordPress Plugins � 123 Patched / 91 Unpatched

Plugin:: Easy MLS Listings Import
Plugin Slug:: easy-mls-listings-import
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12525

Plugin:: Gumlet Video
Plugin Slug:: gumlet-video
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13576

Plugin:: Actionwear products sync
Plugin Slug:: actionwear-products-sync
Installations: 50+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13535

Plugin:: Filled In
Plugin Slug:: filled-in
Installations: 50+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22628

Plugin:: 1 Click WordPress Migration
Plugin Slug:: 1-click-migration
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13609

Plugin:: 1 Click WordPress Migration
Plugin Slug:: 1-click-migration
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13555

Plugin:: Aparat Responsive
Plugin Slug:: aparat-responsive
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26558

Plugin:: Apus Framework
Plugin Slug:: apus-framework
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12296

Plugin:: Naver Syndication V2
Plugin Slug:: badr-naver-syndication
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26552

Plugin:: BigBuy Dropshipping Connector for WooCommerce
Plugin Slug:: bigbuy-wc-dropshipping-connector
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13538

Plugin:: Book a Room
Plugin Slug:: book-a-room
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13437

Plugin:: Bootstrap collapse
Plugin Slug:: bootstrap-collapse
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26551

Plugin:: WooODT Lite
Plugin Slug:: byconsole-woo-order-delivery-time
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13540

Plugin:: CalendApp
Plugin Slug:: calendapp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13669

Plugin:: CATS Job Listings
Plugin Slug:: cats-job-listings
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13577

Plugin:: Chalet-Montagne.com Tools
Plugin Slug:: chalet-montagne-com-tools
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12586

Plugin:: Simple Documentation
Plugin Slug:: client-documentation
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26578

Plugin:: DL Leadback
Plugin Slug:: dl-leadback
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26585

Plugin:: DX-auto-publish
Plugin Slug:: dx-auto-publish
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26577

Plugin:: Easy Amazon Product Information
Plugin Slug:: easy-amazon-product-information
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26568

Plugin:: Ebook Downloader
Plugin Slug:: ebook-downloader
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-13435

Plugin:: Embed Google Map
Plugin Slug:: embed-google-map
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26539

Plugin:: Events Planner
Plugin Slug:: events-planner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26586

Plugin:: Font Awesome WP
Plugin Slug:: font-awesome-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26567

Plugin:: WP-FormAssembly
Plugin Slug:: formassembly-web-forms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13501

Plugin:: GetBookingsWP
Plugin Slug:: get-bookings-wp
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13677

Plugin:: Glance That
Plugin Slug:: glance-that
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26570

Plugin:: Global Meta Keyword & Description
Plugin Slug:: global-meta-keyword-and-description
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26550

Plugin:: Google Drive WP Media
Plugin Slug:: google-drive-wp-media
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26574

Plugin:: IE CSS3 Support
Plugin Slug:: ie-css3-support
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26589

Plugin:: Keap Official Opt-in Forms
Plugin Slug:: infusionsoft-official-opt-in-forms
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13725

Plugin:: Library Bookshelves
Plugin Slug:: library-bookshelves
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13464

Plugin:: magayo Lottery Results
Plugin Slug:: magayo-lottery-results
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13522

Plugin:: Mortgage Calculator / Loan Calculator
Plugin Slug:: mortgage-loan-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0805

Plugin:: My Login Logout Plugin
Plugin Slug:: my-loginlogout
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26547

Plugin:: Easy Quiz Maker
Plugin Slug:: n-media-wp-simple-quiz
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13456

Plugin:: Open Hours
Plugin Slug:: open-hours
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12813

Plugin:: Option Editor
Plugin Slug:: option-editor
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13852

Plugin:: Page/Post Specific Social Share Buttons
Plugin Slug:: pagepost-specific-social-share-buttons
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26580

Plugin:: Pallet Packaging for WooCommerce
Plugin Slug:: pallet-packaging-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22285

Plugin:: WP PHPList
Plugin Slug:: phplist-form-integration
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26572

Plugin:: Post Sync
Plugin Slug:: post-sync
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13634

Plugin:: Post Thumbs
Plugin Slug:: post-thumbs
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26569

Plugin:: Prezi Embedder
Plugin Slug:: prezi-embedder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26538

Plugin:: pushBIZ
Plugin Slug:: pushbiz
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13629

Plugin:: R3W InstaFeed
Plugin Slug:: r3w-instafeed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13678

Plugin:: Rapid Cache
Plugin Slug:: rapid-cache
Vulnerability:: Content Spoofing
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12314

Plugin:: Reaction Buttons
Plugin Slug:: reaction-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13848

Plugin:: Related Posts Line-up-Exactly by Milliard
Plugin Slug:: related-posts-line-up-exactry-by-milliard
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26545

Plugin:: Reset
Plugin Slug:: reset
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13684

Plugin:: Rise Blocks
Plugin Slug:: rise-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0506

Plugin:: Mobile
Plugin Slug:: rocket-wp-mobile
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26563

Plugin:: RSS Filter
Plugin Slug:: rss-filter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26562

Plugin:: Sensly Online Presence
Plugin Slug:: sensly-online-presence
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13493

Plugin:: ShipEngine Shipping Quotes
Plugin Slug:: shipengine-shipping-quotes
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-13531

Plugin:: sidebarTabs
Plugin Slug:: sidebartabs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26587

Plugin:: Simple catalogue
Plugin Slug:: simple-catalogue
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13633

Plugin:: Simple Charts
Plugin Slug:: simple-charts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13581

Plugin:: Simple Pricing Tables For WPBakery Page Builder
Plugin Slug:: simple-pricing-tables-vc-extension
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13582

Plugin:: Simple Responsive Menu
Plugin Slug:: simple-responsive-menu
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26543

Plugin:: Simple Signup Form
Plugin Slug:: simple-signup-form
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13595

Plugin:: Simple Video Management System
Plugin Slug:: simple-video-management-system
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0692

Plugin:: Small Package Quotes � Purolator Edition
Plugin Slug:: small-package-quotes-purolator-edition
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-13532

Plugin:: Spiritual Gifts Survey
Plugin Slug:: spiritual-gifts-survey
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-0688

Plugin:: Stray Random Quotes
Plugin Slug:: stray-quotes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13570

Plugin:: Themes Coder
Plugin Slug:: tc-ecommerce
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-13726

Plugin:: Team Builder
Plugin Slug:: team-display
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13687

Plugin:: TinyMCE Advanced qTranslate fix editor problems
Plugin Slug:: tinymce-advanced-qtranslate-fix-editor-problems
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26582

Plugin:: Track Logins
Plugin Slug:: track-logins
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13608

Plugin:: TTT Crop
Plugin Slug:: ttt-crop
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26588

Plugin:: Tube Video Ads Lite
Plugin Slug:: tube-video-ads-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13625

Plugin:: VR-Frases
Plugin Slug:: vr-frases
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13626

Plugin:: Wibiya Toolbar
Plugin Slug:: wibiya
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26571

Plugin:: Wise Forms
Plugin Slug:: wise-forms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13603

Plugin:: File Uploads Addon for WooCommerce
Plugin Slug:: woo-addon-uploads
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13622

Plugin:: WordPress Activity-o-meter
Plugin Slug:: wordpress-activity-o-meter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13668

Plugin:: WP-Asambleas
Plugin Slug:: wp-asambleas
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13579

Plugin:: WP-BibTeX
Plugin Slug:: wp-bibtex
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13578

Plugin:: WP Extra Fields
Plugin Slug:: wp-extra-fields
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13632

Plugin:: FoodBakery
Plugin Slug:: wp-foodbakery
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-0180

Plugin:: FoodBakery
Plugin Slug:: wp-foodbakery
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-0181

Plugin:: FoodBakery
Plugin Slug:: wp-foodbakery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13010

Plugin:: FoodBakery
Plugin Slug:: wp-foodbakery
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-13011

Plugin:: WP Html Page Sitemap
Plugin Slug:: wp-html-page-sitemap
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26549

Plugin:: WP Job Board Pro
Plugin Slug:: wp-job-board-pro
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12213

Plugin:: WP Pricing Table
Plugin Slug:: wp-pricing-table
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13628

Plugin:: OWL Carousel Slider
Plugin Slug:: wp-touch-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13627

Plugin:: WPMovieLibrary
Plugin Slug:: wpmovielibrary
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13624

Plugin:: Mortgage Lead Capture System
Plugin Slug:: wprequal
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0796

Plugin:: Elfsight Yottie Lite
Plugin Slug:: yottie-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26561

Plugin:: Zarinpal Paid Download
Plugin Slug:: zarinpal-paid-downloads
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-13544

Plugin:: Rank Math SEO � AI SEO Tools to Dominate SEO Rankings
Plugin Slug:: seo-by-rank-math
Installations: 3,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.236
Severity Score:: Medium
CVE:: 2024-13229

Plugin:: Rank Math SEO � AI SEO Tools to Dominate SEO Rankings
Plugin Slug:: seo-by-rank-math
Installations: 3,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.236
Severity Score:: Medium
CVE:: 2024-13227

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.1
Severity Score:: Medium
CVE:: 2025-1005

Plugin:: Slider, Gallery, and Carousel by MetaSlider � Image Slider, Video Slider
Plugin Slug:: ml-slider
Installations: 600,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.95.0
Severity Score:: Critical
CVE:: 2025-26763

Plugin:: Forminator Forms � Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.38.3
Severity Score:: Medium
CVE:: 2024-7052

Plugin:: Post SMTP � WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications � Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.0
Severity Score:: High
CVE:: 2025-0521

Plugin:: WP Ghost (Hide My WP Ghost) � Security & Firewall
Plugin Slug:: hide-my-wp
Installations: 200,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.4.01
Severity Score:: Medium
CVE:: 2024-13794

Plugin:: WP Activity Log
Plugin Slug:: wp-security-audit-log
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.0
Severity Score:: High
CVE:: 2025-0924

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content � ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.20
Severity Score:: Medium
CVE:: 2024-13119

Plugin:: Everest Forms � Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
Plugin Slug:: everest-forms
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.8.1
Severity Score:: Medium
CVE:: 2024-13125

Plugin:: Widget Options � The #1 WordPress Widget & Block Control Plugin
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 4.1.1
Severity Score:: Critical
CVE:: 2025-22630

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-12599

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-10322

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.6.5
Severity Score:: Critical
CVE:: 2024-10960

Plugin:: Stream
Plugin Slug:: stream
Installations: 70,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.1.0
Severity Score:: Medium
CVE:: 2024-13879

Plugin:: Spotlight Social Feeds � Block, Shortcode, and Widget
Plugin Slug:: spotlight-social-photo-feeds
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2025-26758

Plugin:: WP Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.10.1
Severity Score:: Medium
CVE:: 2024-13821

Plugin:: DethemeKit for Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2025-26772

Plugin:: DethemeKit for Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2025-0661

Plugin:: FULL � Cliente
Plugin Slug:: full-customer
Installations: 40,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1.27
Severity Score:: High
CVE:: 2025-26757

Plugin:: BEAR � Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
Plugin Slug:: woo-bulk-editor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4.5
Severity Score:: Medium
CVE:: 2025-26775

Plugin:: Security & Malware scan by CleanTalk
Plugin Slug:: security-malware-firewall
Installations: 30,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.150
Severity Score:: Critical
CVE:: 2024-13365

Plugin:: Analytify � Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.5.1
Severity Score:: Medium
CVE:: 2025-26773

Plugin:: Ecwid by Lightspeed Ecommerce Shopping Cart
Plugin Slug:: ecwid-shopping-cart
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.12.28
Severity Score:: Medium
CVE:: 2024-13795

Plugin:: Read More & Accordion
Plugin Slug:: expand-maker
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium
CVE:: 2024-13639

Plugin:: HurryTimer � An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
Plugin Slug:: hurrytimer
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.0
Severity Score:: Medium
CVE:: 2024-13735

Plugin:: Custom Block Builder � Lazy Blocks
Plugin Slug:: lazy-blocks
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.3
Severity Score:: High
CVE:: 2024-12878

Plugin:: Responsive Plus � Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.
Plugin Slug:: responsive-add-ons
Installations: 20,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.1.5
Severity Score:: Medium
CVE:: 2024-13834

Plugin:: Welcart e-Commerce
Plugin Slug:: usc-e-shop
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.10
Severity Score:: High
CVE:: 2025-0511

Plugin:: GeoDirectory � WP Business Directory Plugin and Classified Listings Directory
Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.98
Severity Score:: Medium
CVE:: 2024-13506

Plugin:: Maps Plugin using Google Maps for WordPress � WP Google Map
Plugin Slug:: gmap-embed
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.4
Severity Score:: Medium
CVE:: 2024-13208

Plugin:: Media Library Folders
Plugin Slug:: media-library-plus
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.3.1
Severity Score:: Medium
CVE:: 2025-0935

Plugin:: Qubely � Advanced Gutenberg Blocks
Plugin Slug:: qubely
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.13
Severity Score:: Medium
CVE:: 2025-26767

Plugin:: s2Member � Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 250214
Severity Score:: Critical
CVE:: 2024-12562

Plugin:: Team � Team Members Showcase Plugin
Plugin Slug:: tlp-team
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.0
Severity Score:: Medium
CVE:: 2024-13439

Plugin:: Export All Posts, Products, Orders, Refunds & Users
Plugin Slug:: wp-ultimate-exporter
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.10
Severity Score:: High
CVE:: 2024-12315

Plugin:: Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button � Bit Assist
Plugin Slug:: bit-assist
Installations: 9,000+
Vulnerability:: Path Traversal
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2025-0822

Plugin:: Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button � Bit Assist
Plugin Slug:: bit-assist
Installations: 9,000+
Vulnerability:: Path Traversal
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2024-13791

Plugin:: Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button � Bit Assist
Plugin Slug:: bit-assist
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.3
Severity Score:: High
CVE:: 2025-0821

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.6.18
Severity Score:: High
CVE:: 2024-13500

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.18
Severity Score:: Medium
CVE:: 2024-13752

Plugin:: Customer Email Verification for WooCommerce
Plugin Slug:: emails-verification-for-woocommerce
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.9.5
Severity Score:: Medium
CVE:: 2024-13525

Plugin:: Customer Email Verification for WooCommerce
Plugin Slug:: emails-verification-for-woocommerce
Installations: 7,000+
Vulnerability:: Broken Authentication
Patched in Version:: 2.9.6
Severity Score:: High
CVE:: 2024-13528

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.8.9
Severity Score:: High
CVE:: 2024-13606

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.9.4.3
Severity Score:: Medium
CVE:: 2024-13740

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 5.9.4.3
Severity Score:: Medium
CVE:: 2024-13741

Plugin:: Return Refund and Exchange For WooCommerce � Return Management System, RMA Exchange, Wallet And Cancel Order Features
Plugin Slug:: woo-refund-and-exchange-lite
Installations: 5,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.4.6
Severity Score:: Medium
CVE:: 2024-13692

Plugin:: Return Refund and Exchange For WooCommerce � Return Management System, RMA Exchange, Wallet And Cancel Order Features
Plugin Slug:: woo-refund-and-exchange-lite
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.4.6
Severity Score:: Medium
CVE:: 2024-13641

Plugin:: Affiliate Links: WordPress Plugin for Link Cloaking and Link Management
Plugin Slug:: affiliate-links
Installations: 4,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1.0
Severity Score:: High
CVE:: 2024-13556

Plugin:: CM Search And Replace � Optimize content edits with a powerful search and replace tool
Plugin Slug:: cm-on-demand-search-and-replace
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.6
Severity Score:: High
CVE:: 2025-24758

Plugin:: Super Testimonials
Plugin Slug:: super-testimonial
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: High
CVE:: 2024-13704

Plugin:: Leyka
Plugin Slug:: leyka
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.31.9
Severity Score:: Medium
CVE:: 2025-26766

Plugin:: Majestic Support � The Leading-Edge Help Desk & Customer Support Plugin
Plugin Slug:: majestic-support
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2024-13601

Plugin:: Majestic Support � The Leading-Edge Help Desk & Customer Support Plugin
Plugin Slug:: majestic-support
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.6
Severity Score:: High
CVE:: 2024-13600

Plugin:: Active Products Tables for WooCommerce. Use constructor to create tables�
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6.7
Severity Score:: High
CVE:: 2025-0864

Plugin:: SKT Blocks � Gutenberg based Page Builder
Plugin Slug:: skt-blocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8
Severity Score:: Medium
CVE:: 2025-26771

Plugin:: Timeline Block � Timeline block plugin for WordPress
Plugin Slug:: timeline-block-block
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-26754

Plugin:: Vitepos � Point of sale (POS) plugin for WooCommerce
Plugin Slug:: vitepos-lite
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2025-26750

Plugin:: WP Airbnb Review Slider
Plugin Slug:: wp-airbnb-review-slider
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.0
Severity Score:: High
CVE:: 2025-26755

Plugin:: Calculator Builder � Create an Online Calculator
Plugin Slug:: calculator-builder
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.6.3
Severity Score:: High
CVE:: 2025-26760

Plugin:: DirectoryPress Frontend
Plugin Slug:: directorypress-frontend
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2024-10581

Plugin:: Flexible Wishlist for WooCommerce � Ecommerce Wishlist & Save for later
Plugin Slug:: flexible-wishlist
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.27
Severity Score:: Medium
CVE:: 2024-13718

Plugin:: iNET Webkit
Plugin Slug:: inet-webkit
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2025-22629

Plugin:: Oliver POS � A WooCommerce Point of Sale (POS)
Plugin Slug:: oliver-pos
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.4.2.4
Severity Score:: Critical
CVE:: 2024-13513

Plugin:: Simple Google Calendar Outlook Events Widget
Plugin Slug:: simple-google-icalendar-widget
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.0
Severity Score:: Medium
CVE:: 2025-22497

Plugin:: SuperSaaS � online appointment scheduling
Plugin Slug:: supersaas-appointment-scheduling
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.13
Severity Score:: Medium
CVE:: 2025-0862

Plugin:: The Ultimate WordPress Toolkit � WP Extended
Plugin Slug:: wpextended
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.14
Severity Score:: Medium
CVE:: 2024-13554

Plugin:: aBlocks � WordPress Gutenberg Blocks
Plugin Slug:: ablocks
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-13465

Plugin:: Marketing Automation
Plugin Slug:: marketing-automation
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6.9
Severity Score:: High
CVE:: 2025-22631

Plugin:: Waymark
Plugin Slug:: waymark
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2025-26770

Plugin:: All-Images.ai � IA Image Bank and Custom Image creation
Plugin Slug:: all-images-ai
Installations: 600+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.0.5
Severity Score:: High
CVE:: 2024-13714

Plugin:: Give � Divi Donation Modules
Plugin Slug:: give-donation-modules-for-divi
Installations: 600+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2025-22633

Plugin:: Houzez Property Feed
Plugin Slug:: houzez-property-feed
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.22
Severity Score:: Medium
CVE:: 2025-0808

Plugin:: NGG Smart Image Search
Plugin Slug:: ngg-smart-image-search
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2024-13658

Plugin:: aDirectory � WordPress Directory Listing Plugin
Plugin Slug:: adirectory
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.5
Severity Score:: Medium
CVE:: 2024-13541

Plugin:: AForms Eats
Plugin Slug:: aforms-eats
Installations: 400+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-13539

Plugin:: Keep Backup Daily
Plugin Slug:: keep-backup-daily
Installations: 400+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2025-26779

Plugin:: SpeedSize Image & Video AI-Optimizer
Plugin Slug:: speedsize-ai-image-optimizer
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-13438

Plugin:: Easy Elementor Addons
Plugin Slug:: easy-elementor-addons
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2025-26761

Plugin:: Scratch & Win � Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more
Plugin Slug:: scratch-win-giveaways-for-website-facebook
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.0
Severity Score:: Medium
CVE:: 2024-13316

Plugin:: Web Stories Enhancer � Level Up Your Web Stories
Plugin Slug:: web-stories-enhancer
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2024-13575

Plugin:: WooCommerce Pricing � Product Pricing
Plugin Slug:: woo-pricing-table
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.0
Severity Score:: High
CVE:: 2025-22632

Plugin:: WP Abstracts
Plugin Slug:: wp-abstracts-manuscripts-manager
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-12386

Plugin:: what3words Address Field
Plugin Slug:: 3-word-address-validation-field
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.0.16
Severity Score:: High
CVE:: 2025-26768

Plugin:: Content Snippet Manager
Plugin Slug:: content-snippet-manager
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.6
Severity Score:: High
CVE:: 2025-26759

Plugin:: Threepress
Plugin Slug:: threepress
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2024-13395

Plugin:: Admire Extra
Plugin Slug:: admire-extra
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-13665

Plugin:: CM Map Locations � Visualize and share your locations in a few clicks
Plugin Slug:: cm-map-locations
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.9
Severity Score:: High
CVE:: 2025-24758

Plugin:: Distance Based Shipping Calculator
Plugin Slug:: distance-based-shipping-calculator
Installations: 100+
Vulnerability:: Settings Change
Patched in Version:: 2.0.23
Severity Score:: Medium
CVE:: 2025-26764

Plugin:: Distance Based Shipping Calculator
Plugin Slug:: distance-based-shipping-calculator
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.23
Severity Score:: Medium
CVE:: 2025-26765

Plugin:: Easy Booked � Appointment Booking and Scheduling Management System for WordPress
Plugin Slug:: easy-booked
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.6
Severity Score:: Medium
CVE:: 2025-22634

Plugin:: LTL Freight Quotes � Worldwide Express Edition
Plugin Slug:: ltl-freight-quotes-worldwide-express-edition
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.21
Severity Score:: Medium
CVE:: 2025-22291

Plugin:: LTL Freight Quotes � Worldwide Express Edition
Plugin Slug:: ltl-freight-quotes-worldwide-express-edition
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.22
Severity Score:: High
CVE:: 2025-22286

Plugin:: Magic the Gathering Card Tooltips
Plugin Slug:: magic-the-gathering-card-tooltips
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: High
CVE:: 2025-26756

Plugin:: StaffList
Plugin Slug:: stafflist
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.4
Severity Score:: High
CVE:: 2024-13749

Plugin:: Liveticker (by stklcode)
Plugin Slug:: stklcode-liveticker
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-13701

Plugin:: WPSyncSheets Lite For WPForms � WPForms Google Spreadsheet Addon
Plugin Slug:: wpsyncsheets-wpforms
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.1
Severity Score:: Medium
CVE:: 2024-12164

Plugin:: Shopwarden � Automated WooCommerce monitoring & testing
Plugin Slug:: shopwarden
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.12
Severity Score:: High
CVE:: 2024-13315

Plugin:: FuseDesk
Plugin Slug:: fusedesk
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7
Severity Score:: Medium
CVE:: 2024-13459

Plugin:: LTL Freight Quotes � FreightQuote Edition
Plugin Slug:: ltl-freight-quotes-freightquote-edition
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.12
Severity Score:: Medium
CVE:: 2025-22287

Plugin:: LTL Freight Quotes � FreightQuote Edition
Plugin Slug:: ltl-freight-quotes-freightquote-edition
Installations: 60+
Vulnerability:: SQL Injection
Patched in Version:: 2.3.12
Severity Score:: Critical
CVE:: 2025-22290

Plugin:: MemorialDay
Plugin Slug:: memorialday
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.0
Severity Score:: High
CVE:: 2024-13523

Plugin:: Vertex Addons for Elementor
Plugin Slug:: addons-for-elementor-builder
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2025-26769

Plugin:: Discover the Best Woocommerce Product Brands Plugin for WordPress � Woocommerce Brands Plugin
Plugin Slug:: gs-woo-brands
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-11746

Plugin:: LTL Freight Quotes � Estes Edition
Plugin Slug:: ltl-freight-quotes-estes-edition
Installations: 40+
Vulnerability:: SQL Injection
Patched in Version:: 3.3.8
Severity Score:: Critical
CVE:: 2024-13488

Plugin:: LTL Freight Quotes � XPO Edition
Plugin Slug:: ltl-freight-quotes-xpo-edition
Installations: 40+
Vulnerability:: SQL Injection
Patched in Version:: 4.3.8
Severity Score:: Critical
CVE:: 2024-13490

Plugin:: Small Package Quotes � UPS Edition
Plugin Slug:: small-package-quotes-ups-edition
Installations: 30+
Vulnerability:: SQL Injection
Patched in Version:: 4.5.17
Severity Score:: Critical
CVE:: 2024-13475

Plugin:: LTL Freight Quotes � For Customers of FedEx Freight
Plugin Slug:: ltl-freight-quotes-fedex-freight-edition
Installations: 20+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.2
Severity Score:: Critical
CVE:: 2024-13480

Plugin:: Simple Certain Time to Show Content
Plugin Slug:: simple-certain-time-to-show-content
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: High
CVE:: 2024-10152

Plugin:: Responsive Modal Builder for High Conversion � Easy Popups
Plugin Slug:: easy-popups
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: High
CVE:: 2025-26774

Plugin:: Chaty Pro
Plugin Slug:: chaty-pro
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.3.4
Severity Score:: Critical
CVE:: 2025-26776

Plugin:: ConvertPlus
Plugin Slug:: convertplug
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.31
Severity Score:: High
CVE:: 2024-13800

Plugin:: Fusion Builder
Plugin Slug:: fusion-builder
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.11.14
Severity Score:: High
CVE:: 2024-13345

Plugin:: Gallery
Plugin Slug:: gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2025-26778

Plugin:: Global Gallery – WordPress Responsive Gallery
Plugin Slug:: global-gallery
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 9.1.6
Severity Score:: Medium
CVE:: 2024-13814

Plugin:: K Elements
Plugin Slug:: k-elements
Vulnerability:: Privilege Escalation
Patched in Version:: 5.4.0
Severity Score:: Critical
CVE:: 2024-56000

Plugin:: LTL Freight Quotes � Unishippers Edition
Plugin Slug:: ltl-freight-quotes-unishippers-edition
Vulnerability:: SQL Injection
Patched in Version:: 2.5.9
Severity Score:: Critical
CVE:: 2024-13477

Plugin:: LTL Freight Quotes � Unishippers Edition
Plugin Slug:: ltl-freight-quotes-unishippers-edition
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.9
Severity Score:: High
CVE:: 2025-22284

Plugin:: LTL Freight Quotes � Unishippers Edition
Plugin Slug:: ltl-freight-quotes-unishippers-edition
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.9
Severity Score:: Medium
CVE:: 2025-22289

Plugin:: Notif Bell
Plugin Slug:: notif-bell
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.9
Severity Score:: Medium
CVE:: 2025-22496

Plugin:: Tourmaster
Plugin Slug:: tourmaster
Vulnerability:: SQL Injection
Patched in Version:: 5.3.7
Severity Score:: High
CVE:: 2024-13369

Plugin:: Uncode Core
Plugin Slug:: uncode-core
Vulnerability:: Content Injection
Patched in Version:: 2.9.1.7
Severity Score:: Medium
CVE:: 2024-13689

Plugin:: WP Table Manager
Plugin Slug:: wp-table-manager
Vulnerability:: Directory Traversal
Patched in Version:: 4.1.4
Severity Score:: Medium
CVE:: 2024-13374

WordPress Themes � 12 Patched / 4 Unpatched

Theme:: Campress
Theme Slug:: campress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10763

Theme:: Puzzles
Theme Slug:: puzzles
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-13770

Theme:: Puzzles
Theme Slug:: puzzles
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0837

Theme:: Puzzles
Theme Slug:: puzzles
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13769

Theme:: Uncode
Theme Slug:: uncode
Downloads: 2,247
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.9.1.7
Severity Score:: Medium
CVE:: 2024-13691

Theme:: Uncode
Theme Slug:: uncode
Downloads: 2,247
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.1.7
Severity Score:: Medium
CVE:: 2024-13667

Theme:: Uncode
Theme Slug:: uncode
Downloads: 2,247
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.9.1.7
Severity Score:: High
CVE:: 2024-13681

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 7.11.14
Severity Score:: High
CVE:: 2024-13346

Theme:: CarSpot
Theme Slug:: carspot
Vulnerability:: Broken Authentication
Patched in Version:: 2.4.4
Severity Score:: Critical
CVE:: 2024-12860

Theme:: Click Mag
Theme Slug:: click-mag
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.0
Severity Score:: High
CVE:: 2024-13656

Theme:: Listivo – Classified Ads
Theme Slug:: listivo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.68
Severity Score:: High
CVE:: 2024-13867

Theme:: PressMart
Theme Slug:: pressmart
Vulnerability:: Content Injection
Patched in Version:: 1.2.17
Severity Score:: Medium
CVE:: 2024-13797

Theme:: Real Estate 7
Theme Slug:: realestate-7
Vulnerability:: Privilege Escalation
Patched in Version:: 3.5.1
Severity Score:: Critical
CVE:: 2024-13421

Theme:: Zox News
Theme Slug:: zox-news
Vulnerability:: Broken Access Control
Patched in Version:: 3.17.1
Severity Score:: Medium
CVE:: 2024-13643

Theme:: ZoxPress
Theme Slug:: zoxpress
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.1
Severity Score:: High
CVE:: 2024-13654

Theme:: ZoxPress
Theme Slug:: zoxpress
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.1
Severity Score:: High
CVE:: 2024-13653