Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a purple gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � February 26, 2025

In this report, 335 vulnerabilities have been publicly disclosed. Security patches for 158 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 177 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.2 is now available! This minor release includes 35 bug fixes, addressing issues affecting multiple components including the block editor, HTML API, and Customize.

WordPress Plugins � 147 Patched / 177 Unpatched

Plugin:: Ibtana � WordPress Website Builder
Plugin Slug:: ibtana-visual-editor
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26891

Plugin:: Social Sharing Plugin � Social Warfare
Plugin Slug:: social-warfare
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26973

Plugin:: Newpost Catch
Plugin Slug:: newpost-catch
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1406

Plugin:: Estatik Real Estate Plugin
Plugin Slug:: estatik
Installations: 9,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26905

Plugin:: Raptive Ads
Plugin Slug:: adthrive-ads
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13364

Plugin:: Estatik Mortgage Calculator
Plugin Slug:: estatik-mortgage-calculator
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26907

Plugin:: Age Verification for your checkout page. Verify your customer’s identity
Plugin Slug:: agecheckernet
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22622

Plugin:: Store Locator Widget
Plugin Slug:: store-locator-widget
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13657

Plugin:: Responsive Flickr Slideshow
Plugin Slug:: mobile-friendly-flickr-slideshow
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13660

Plugin:: PiwigoPress
Plugin Slug:: piwigopress
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26896

Plugin:: Terms Dictionary
Plugin Slug:: terms-dictionary
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Better Customer List for WooCommerce
Plugin Slug:: woo-better-customer-list
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Easy MLS Listings Import
Plugin Slug:: easy-mls-listings-import
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12525

Plugin:: List Related Attachments
Plugin Slug:: list-related-attachments-widget
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26897

Plugin:: Prime Addons for Elementor
Plugin Slug:: prime-addons-for-elementor
Installations: 100+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13855

Plugin:: Gumlet Video
Plugin Slug:: gumlet-video
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13576

Plugin:: Actionwear products sync
Plugin Slug:: actionwear-products-sync
Installations: 60+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13535

Plugin:: A1POST.BG Shipping for WooCommerce
Plugin Slug:: a1post-bg-shipping-for-woocommerce
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27012

Plugin:: 1 Click WordPress Migration
Plugin Slug:: 1-click-migration
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13609

Plugin:: 1 Click WordPress Migration
Plugin Slug:: 1-click-migration
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13555

Plugin:: 17TRACK for WooCommerce
Plugin Slug:: 17track
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27324

Plugin:: 3D Photo Gallery
Plugin Slug:: 3d-photo-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13751

Plugin:: Add Linked Images To Gallery
Plugin Slug:: add-linked-images-to-gallery-v01
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27277

Plugin:: ADFO
Plugin Slug:: admin-form
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27300

Plugin:: ADFO
Plugin Slug:: admin-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13390

Plugin:: Adsmonetizer
Plugin Slug:: adsensei-b30
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: All-In-One Cufon
Plugin Slug:: all-in-one-cufon
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27315

Plugin:: AMO Team Showcase
Plugin Slug:: amo-team-showcase
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1407

Plugin:: Apptivo Business Site CRM
Plugin Slug:: apptivo-business-site
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13405

Plugin:: Archive Page
Plugin Slug:: archive-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27280

Plugin:: Ark Theme Core
Plugin Slug:: ark-core
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26970

Plugin:: Auto Tag Links
Plugin Slug:: auto-tag-links
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27335

Plugin:: Bandsintown Events
Plugin Slug:: bandsintown
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13802

Plugin:: BigBuy Dropshipping Connector for WooCommerce
Plugin Slug:: bigbuy-wc-dropshipping-connector
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13538

Plugin:: Blightly Explorer
Plugin Slug:: blighty-explorer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27321

Plugin:: Booknetic
Plugin Slug:: booknetic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26926

Plugin:: Bravo Search & Replace
Plugin Slug:: bravo-search-and-replace
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27297

Plugin:: Bulk Content Creator
Plugin Slug:: bulk-content-creator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27311

Plugin:: Widget BUY.BOX
Plugin Slug:: buybox-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13679

Plugin:: WooODT Lite
Plugin Slug:: byconsole-woo-order-delivery-time
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13540

Plugin:: C9 Admin Dashboard
Plugin Slug:: c9-admin-dashboard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13379

Plugin:: C9 Blocks
Plugin Slug:: c9-blocks
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13537

Plugin:: Categorized Gallery Plugin
Plugin Slug:: categorized-gallery
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13676

Plugin:: CATS Job Listings
Plugin Slug:: cats-job-listings
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13577

Plugin:: CHATLIVE
Plugin Slug:: chatlive
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-27302

Plugin:: Coaching Staffs
Plugin Slug:: coaching-staffs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13663

Plugin:: Contact Form 7 Star Rating
Plugin Slug:: contact-form-7-star-rating
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27303

Plugin:: Contact Form 7 Star Rating with font Awesome
Plugin Slug:: contact-form-7-star-rating-with-font-awersome
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27304

Plugin:: Cookie Notice Bar
Plugin Slug:: cookie-notice-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13849

Plugin:: Cosmic Blocks
Plugin Slug:: cosmic-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13674

Plugin:: Live css
Plugin Slug:: css-live
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27295

Plugin:: Custom Post Type Date Archives
Plugin Slug:: custom-post-type-date-archives
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1510

Plugin:: Disable Auto Updates
Plugin Slug:: disable-auto-updates
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13336

Plugin:: Drivr Lite � Google Drive Plugin
Plugin Slug:: drivr-google-drive-file-picker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27016

Plugin:: Easy Form by AYS
Plugin Slug:: easy-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27285

Plugin:: Education Addon for Elementor
Plugin Slug:: education-addon
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13854

Plugin:: CanadaHelps Embedded Donation Form
Plugin Slug:: embedded-cdn
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11778

Plugin:: Erima Zarinpal Donate
Plugin Slug:: erima-zarinpal-donate
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27290

Plugin:: F12-Profiler
Plugin Slug:: f12-profiler
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27340

Plugin:: File Icons
Plugin Slug:: file-icons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27288

Plugin:: Flagged Content
Plugin Slug:: flagged-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27284

Plugin:: Flashfader
Plugin Slug:: flashfader
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27279

Plugin:: flickr-slideshow-wrapper
Plugin Slug:: flickr-slideshow-wrapper
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27309

Plugin:: WP-FormAssembly
Plugin Slug:: formassembly-web-forms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13501

Plugin:: Fresh Framework
Plugin Slug:: fresh-framework
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26936

Plugin:: GetBookingsWP
Plugin Slug:: get-bookings-wp
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13677

Plugin:: Gift Vouchers
Plugin Slug:: gift-voucher
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13520

Plugin:: Google Maps for WordPress
Plugin Slug:: google-maps-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27265

Plugin:: Google Maps GPX Viewer
Plugin Slug:: google-maps-gpx-viewer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27313

Plugin:: Helloprint
Plugin Slug:: helloprint
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26540

Plugin:: Helloprint
Plugin Slug:: helloprint
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26534

Plugin:: Hover Image Button
Plugin Slug:: hover-image-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27266

Plugin:: Keap Official Opt-in Forms
Plugin Slug:: infusionsoft-official-opt-in-forms
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13725

Plugin:: EZ InLinkz linkup
Plugin Slug:: inlinkz-scripter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27329

Plugin:: YouTube Playlists with Schema
Plugin Slug:: jma-youtube-playlists-with-schema
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13589

Plugin:: Just Variables
Plugin Slug:: just-wp-variables
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27336

Plugin:: Kush Micro News
Plugin Slug:: kush-micro-news
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27314

Plugin:: Legoeso PDF Manager
Plugin Slug:: legoeso-pdf-manager
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-0866

Plugin:: Library Bookshelves
Plugin Slug:: library-bookshelves
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13464

Plugin:: Phee’s LinkPreview
Plugin Slug:: linkpreview
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27344

Plugin:: Local Search SEO Contact Page
Plugin Slug:: local-search-seo-contact-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27351

Plugin:: Woocommerce � Loi Hamon
Plugin Slug:: loi-hamon
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27355

Plugin:: magayo Lottery Results
Plugin Slug:: magayo-lottery-results
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13522

Plugin:: Mambo Importer
Plugin Slug:: mambo-joomla-importer
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13899

Plugin:: AcuGIS Leaflet Maps
Plugin Slug:: mapfig-premium-leaflet-map-maker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27278

Plugin:: Minimum Password Strength
Plugin Slug:: minimum-password-strength
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27339

Plugin:: Mortgage Calculator / Loan Calculator
Plugin Slug:: mortgage-loan-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0805

Plugin:: Typed JS
Plugin Slug:: mrlegend-typedjs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1328

Plugin:: MyTicket Events
Plugin Slug:: myticket-events
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27299

Plugin:: Namaste! LMS
Plugin Slug:: namaste-lms
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27353

Plugin:: NHR Options Table Manager
Plugin Slug:: nhrrob-options-table-manager
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27301

Plugin:: Get Posts
Plugin Slug:: nurelm-get-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27349

Plugin:: �nceki Yaz? Link
Plugin Slug:: onceki-yazi-linki
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27357

Plugin:: Open Hours
Plugin Slug:: open-hours
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12813

Plugin:: Option Editor
Plugin Slug:: option-editor
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13852

Plugin:: Page and Post Lister
Plugin Slug:: page-and-post-lister
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27310

Plugin:: Pathomation
Plugin Slug:: pathomation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27306

Plugin:: PeproDev Ultimate Invoice
Plugin Slug:: pepro-ultimate-invoice
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13719

Plugin:: Photo Gallery ( Responsive )
Plugin Slug:: photo-gallery-pearlbells
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27276

Plugin:: WordPress Photo Gallery � Image Gallery
Plugin Slug:: photo-image-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27291

Plugin:: Pie Register
Plugin Slug:: pie-register
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13818

Plugin:: PlayerJS
Plugin Slug:: playerjs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27330

Plugin:: Pollin
Plugin Slug:: pollin
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13712

Plugin:: Pollin
Plugin Slug:: pollin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13711

Plugin:: PrivateContent
Plugin Slug:: private-content
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26966

Plugin:: Profile Widget Ninja
Plugin Slug:: profile-widget-ninja
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27320

Plugin:: Protected wp-login
Plugin Slug:: protected-wp-login
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27333

Plugin:: Pure Chat
Plugin Slug:: pure-chat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13736

Plugin:: Quotes llama
Plugin Slug:: quotes-llama
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27307

Plugin:: Rapid Cache
Plugin Slug:: rapid-cache
Vulnerability:: Content Spoofing
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12314

Plugin:: Ravpage
Plugin Slug:: ravpage
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-13789

Plugin:: RAYS Grid
Plugin Slug:: rays-grid
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27317

Plugin:: Reaction Buttons
Plugin Slug:: reaction-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13848

Plugin:: Reactive Mortgage Calculator
Plugin Slug:: reactive-mortgage-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27341

Plugin:: Reset
Plugin Slug:: reset
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13684

Plugin:: Residential Address Detection
Plugin Slug:: residential-address-detection
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-27270

Plugin:: Restrict Taxonomies
Plugin Slug:: restrict-taxonomies
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27289

Plugin:: Auto Ad Inserter � Increase Google Adsense and Ad Manager Revenue
Plugin Slug:: revenueflex-easy-ads
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27296

Plugin:: Saoshyant Slider
Plugin Slug:: saoshyant-slider
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-27286

Plugin:: Show Me The Cookies
Plugin Slug:: show-me-the-cookies
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1509

Plugin:: Simple Charts
Plugin Slug:: simple-charts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13581

Plugin:: Simple Email Subscriber
Plugin Slug:: simple-email-subscriber
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27354

Plugin:: Simple Google Sitemap
Plugin Slug:: simple-google-sitemap
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27318

Plugin:: Simple Pricing Tables For WPBakery Page Builder
Plugin Slug:: simple-pricing-tables-vc-extension
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13582

Plugin:: Simple Signup Form
Plugin Slug:: simple-signup-form
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13595

Plugin:: Small Package Quotes � Worldwide Express Edition
Plugin Slug:: small-package-quotes-wwe-edition
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-27268

Plugin:: Smart Maintenance & Countdown
Plugin Slug:: smart-maintenance-countdown
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27332

Plugin:: Live Streaming Video Player � by SRS Player
Plugin Slug:: srs-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27327

Plugin:: SS Quiz
Plugin Slug:: ssquiz
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-27287

Plugin:: Sticky Header On Scroll
Plugin Slug:: sticky-header-on-scroll
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27356

Plugin:: Table of Contents Block
Plugin Slug:: table-of-contents
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27305

Plugin:: Themes Coder
Plugin Slug:: tc-ecommerce
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-13726

Plugin:: TCBD Tooltip
Plugin Slug:: tcbd-tooltip
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13388

Plugin:: Team Builder For WPBakery Page Builder
Plugin Slug:: team-builder-for-wpbakery-page-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13591

Plugin:: Team Builder For WPBakery Page Builder
Plugin Slug:: team-builder-for-wpbakery-page-builder
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13592

Plugin:: Team Builder
Plugin Slug:: team-display
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13687

Plugin:: Theme File Duplicator
Plugin Slug:: theme-file-duplicator
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-27282

Plugin:: Theme File Duplicator
Plugin Slug:: theme-file-duplicator
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27283

Plugin:: Track Logins
Plugin Slug:: track-logins
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13608

Plugin:: Trash Duplicate and 301 Redirect
Plugin Slug:: trash-duplicate-and-301-redirect
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13468

Plugin:: Tube Video Ads Lite
Plugin Slug:: tube-video-ads-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13625

Plugin:: WordPress Portfolio Builder � Portfolio Gallery
Plugin Slug:: uber-grid
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13231

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13748

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13753

Plugin:: UltraEmbed
Plugin Slug:: ultraembed-advanced-iframe
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11335

Plugin:: UMich OIDC Login
Plugin Slug:: umich-oidc-login
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11753

Plugin:: User List
Plugin Slug:: user-list
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27319

Plugin:: VG PostCarousel
Plugin Slug:: vg-postcarousel
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27272

Plugin:: Video.js HLS Player
Plugin Slug:: videojs-hls-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27325

Plugin:: ViperBar
Plugin Slug:: viperbar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26557

Plugin:: VR-Frases
Plugin Slug:: vr-frases
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13626

Plugin:: QR Code for WooCommerce
Plugin Slug:: wc-qr-codes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27322

Plugin:: Shipmozo Courier Tracking
Plugin Slug:: webparex
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27293

Plugin:: Wise Forms
Plugin Slug:: wise-forms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13603

Plugin:: File Uploads Addon for WooCommerce
Plugin Slug:: woo-addon-uploads
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13622

Plugin:: WOO Codice Fiscale
Plugin Slug:: woo-codice-fiscale
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27275

Plugin:: Direct Checkout Button for WooCommerce
Plugin Slug:: woo-direct-checkout-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27347

Plugin:: WooCommerce Recargo de Equivalencia
Plugin Slug:: woo-recargo-de-equivalencia
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27342

Plugin:: WooCommerce Display Products by Tags
Plugin Slug:: woocommerce-display-products-by-tags
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27331

Plugin:: WooCommerce HTML5 Video
Plugin Slug:: woocommerce-html5-video
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27343

Plugin:: WP About Author
Plugin Slug:: wp-about-author
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27323

Plugin:: WP-Asambleas
Plugin Slug:: wp-asambleas
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27294

Plugin:: WP-Asambleas
Plugin Slug:: wp-asambleas
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13579

Plugin:: WP-BibTeX
Plugin Slug:: wp-bibtex
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13578

Plugin:: JPG, PNG Compression and Optimization
Plugin Slug:: wp-post-447768 wp-image-compression
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27316

Plugin:: WP-PostRatings Cheater
Plugin Slug:: wp-postratings-cheater
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27328

Plugin:: WP Sitemap
Plugin Slug:: wp-sitemap
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27312

Plugin:: WP Social SEO Booster � Knowledge Graph Social Signals SEO
Plugin Slug:: wp-social-seo-booster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27348

Plugin:: OWL Carousel Slider
Plugin Slug:: wp-touch-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13627

Plugin:: WP Video Posts
Plugin Slug:: wp-post-447768 wp-video-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27308

Plugin:: WP Video Posts
Plugin Slug:: wp-post-447768 wp-video-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27298

Plugin:: WP Wiki Tooltip
Plugin Slug:: wp-wiki-tooltip
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13462

Plugin:: Mortgage Lead Capture System
Plugin Slug:: wprequal
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0796

Plugin:: WPUpper Share Buttons
Plugin Slug:: wpupper-share-buttons
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13883

Plugin:: WPYog Documents
Plugin Slug:: wpyog-documents
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27292

Plugin:: ????????
Plugin Slug:: wumii-related-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27352

Plugin:: Yawave
Plugin Slug:: yawave
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-1648

Plugin:: Elementor Website Builder � More Than Just a Page Builder
Plugin Slug:: elementor
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.25.11
Severity Score:: Medium
CVE:: 2024-54444

Plugin:: Elementor Website Builder � More Than Just a Page Builder
Plugin Slug:: elementor
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.27.5
Severity Score:: Medium
CVE:: 2024-13445

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.1
Severity Score:: Medium
CVE:: 2025-0968

Plugin:: SVG Support
Plugin Slug:: svg-support
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.9
Severity Score:: Medium
CVE:: 2022-23638

Plugin:: SVG Support
Plugin Slug:: svg-support
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.11
Severity Score:: Medium
CVE:: 2024-10222

Plugin:: Migration, Backup, Staging � WPvivid Backup & Migration
Plugin Slug:: wpvivid-backuprestore
Installations: 600,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.9.113
Severity Score:: High
CVE:: 2024-13869

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1008
Severity Score:: High
CVE:: 2025-1441

Plugin:: Post SMTP � WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications � Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.0
Severity Score:: High
CVE:: 2025-0521

Plugin:: Head, Footer and Post Injections
Plugin Slug:: header-footer
Installations: 300,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.3.1
Severity Score:: High
CVE:: 2024-13900

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.141
Severity Score:: Medium
CVE:: 2024-13155

Plugin:: FileBird � WordPress Media Library Folders & File Manager
Plugin Slug:: filebird
Installations: 200,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 6.4.6
Severity Score:: Low
CVE:: 2025-26977

Plugin:: Ultimate Member � User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.10.0
Severity Score:: High
CVE:: 2024-12276

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.8.4
Severity Score:: Medium
CVE:: 2025-26871

Plugin:: Everest Forms � Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
Plugin Slug:: everest-forms
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.0.9.5
Severity Score:: Critical
CVE:: 2025-1128

Plugin:: Strong Testimonials
Plugin Slug:: strong-testimonials
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.4
Severity Score:: Medium
CVE:: 2025-26975

Plugin:: Event Tickets and Registration
Plugin Slug:: event-tickets
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.19.1.2
Severity Score:: Medium
CVE:: 2025-1402

Plugin:: Ajax Search Lite � Live Search & Filter
Plugin Slug:: ajax-search-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.12.5
Severity Score:: Medium
CVE:: 2024-13585

Plugin:: Booking for Appointments and Events Calendar � Amelia
Plugin Slug:: ameliabooking
Installations: 80,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.2.17
Severity Score:: Medium
CVE:: 2025-26965

Plugin:: Events Manager � Calendar, Bookings, Tickets, and more!
Plugin Slug:: events-manager
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.6.4
Severity Score:: Critical
CVE:: 2024-11260

Plugin:: Master Slider � Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-12173

Plugin:: WP ULike � All-in-One Engagement Toolkit
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.6
Severity Score:: Medium
CVE:: 2024-12770

Plugin:: Simple Image Sizes
Plugin Slug:: simple-image-sizes
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2025-24810

Plugin:: Embed Any Document � Embed PDF, Word, PowerPoint and Excel Files
Plugin Slug:: embed-any-document
Installations: 60,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2025-1043

Plugin:: Carousel, Slider, Gallery by WP Carousel � Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid
Plugin Slug:: wp-carousel-free
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-4002

Plugin:: Carousel, Slider, Gallery by WP Carousel � Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid
Plugin Slug:: wp-carousel-free
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-13314

Plugin:: Login/Signup Popup ( Inline Form + Woocommerce )
Plugin Slug:: easy-login-woocommerce
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.6
Severity Score:: Medium
CVE:: 2025-1064

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.33
Severity Score:: Medium
CVE:: 2024-13605

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.9
Severity Score:: Medium
CVE:: 2025-26884

Plugin:: Post Grid and Gutenberg Blocks � ComboBlocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.93
Severity Score:: Medium
CVE:: 2024-9645

Plugin:: Post Grid and Gutenberg Blocks � ComboBlocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.6
Severity Score:: Medium
CVE:: 2024-13798

Plugin:: WooCommerce Checkout & Funnel Builder by FunnelKit
Plugin Slug:: funnel-builder
Installations: 30,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.9.1
Severity Score:: High
CVE:: 2025-26979

Plugin:: Rife Elementor Extensions & Templates
Plugin Slug:: rife-elementor-extensions
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2024-13564

Plugin:: Visualizer: Tables and Charts Manager for WordPress
Plugin Slug:: visualizer
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.9
Severity Score:: Medium
CVE:: 2025-1065

Plugin:: Accept Donations with PayPal & Stripe
Plugin Slug:: easy-paypal-donation
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.5
Severity Score:: High
CVE:: 2024-13728

Plugin:: Ecwid by Lightspeed Ecommerce Shopping Cart
Plugin Slug:: ecwid-shopping-cart
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.12.28
Severity Score:: Medium
CVE:: 2024-13795

Plugin:: IP2Location Country Blocker
Plugin Slug:: ip2location-country-blocker
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.38.9
Severity Score:: High
CVE:: 2025-1361

Plugin:: Lenix Leads Collector
Plugin Slug:: lenix-elementor-leads-addon
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.3
Severity Score:: High
CVE:: 2025-1039

Plugin:: Responsive Plus � Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.
Plugin Slug:: responsive-add-ons
Installations: 20,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.1.5
Severity Score:: Medium
CVE:: 2024-13834

Plugin:: Subscribe2 � Form, Email Subscribers & Newsletters
Plugin Slug:: subscribe2
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.44
Severity Score:: High
CVE:: 2024-11582

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.25.3
Severity Score:: Medium
CVE:: 2024-13494

Plugin:: Web Accessibility By accessiBe
Plugin Slug:: accessibe
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6
Severity Score:: High
CVE:: 2025-26981

Plugin:: Booking Package
Plugin Slug:: booking-package
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.73
Severity Score:: High
CVE:: 2024-13508

Plugin:: Classified Listing � Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.5
Severity Score:: Medium
CVE:: 2025-1063

Plugin:: Maps Plugin using Google Maps for WordPress � WP Google Map
Plugin Slug:: gmap-embed
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.4
Severity Score:: Medium
CVE:: 2024-13208

Plugin:: Logo Slider � Logo Carousel, Logo Showcase & Client Logo Slider Plugin
Plugin Slug:: logo-slider-wp
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.0
Severity Score:: Medium
CVE:: 2024-12308

Plugin:: Modal Window � create popup modal window
Plugin Slug:: modal-window
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.6
Severity Score:: Medium
CVE:: 2025-0897

Plugin:: Recipe Card Blocks for Gutenberg & Elementor � Best WordPress Recipe Plugin
Plugin Slug:: recipe-card-blocks-by-wpzoom
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.4
Severity Score:: Medium
CVE:: 2025-26983

Plugin:: s2Member � Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 250214
Severity Score:: High
CVE:: 2025-26879

Plugin:: Event Manager, Events Calendar, Tickets, Registrations � Eventin
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.21
Severity Score:: High
CVE:: 2025-26964

Plugin:: YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service
Plugin Slug:: yaysmtp
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.3
Severity Score:: High
CVE:: 2025-0916

Plugin:: Frontend Admin by DynamiApps
Plugin Slug:: acf-frontend-form-element
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.25.18
Severity Score:: High
CVE:: 2025-26987

Plugin:: Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button � Bit Assist
Plugin Slug:: bit-assist
Installations: 9,000+
Vulnerability:: Path Traversal
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2025-0822

Plugin:: WP Media Category Management
Plugin Slug:: wp-media-category-management
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2025-0865

Plugin:: WPO365 | MICROSOFT 365 GRAPH MAILER
Plugin Slug:: wpo365-msgraphmailer
Installations: 8,000+
Vulnerability:: Open Redirection
Patched in Version:: 3.3
Severity Score:: Medium
CVE:: 2025-1488

Plugin:: Poll Maker � Versus Polls, Anonymous Polls, Image Polls
Plugin Slug:: poll-maker
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.6.6
Severity Score:: High
CVE:: 2025-26971

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.9.4.3
Severity Score:: Medium
CVE:: 2024-13740

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 5.9.4.3
Severity Score:: Medium
CVE:: 2024-13741

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 7,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.9
Severity Score:: High
CVE:: 2025-26935

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.2.9
Severity Score:: Medium
CVE:: 2024-13873

Plugin:: AI ChatBot for WordPress � WPBot
Plugin Slug:: chatbot
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 6.3.6
Severity Score:: High
CVE:: 2025-26932

Plugin:: Wonder Video Embed
Plugin Slug:: wonderplugin-video-embed
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3
Severity Score:: Medium
CVE:: 2024-13743

Plugin:: Animated Text Block
Plugin Slug:: animated-text-block
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2025-26883

Plugin:: WPMobile.App
Plugin Slug:: wpappninja
Installations: 5,000+
Vulnerability:: Open Redirection
Patched in Version:: 11.57
Severity Score:: Medium
CVE:: 2024-13888

Plugin:: Affiliate Links: WordPress Plugin for Link Cloaking and Link Management
Plugin Slug:: affiliate-links
Installations: 4,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1.0
Severity Score:: High
CVE:: 2024-13556

Plugin:: Assistant � Every Day Productivity Apps
Plugin Slug:: assistant
Installations: 4,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.5.1.1
Severity Score:: High
CVE:: 2025-26885

Plugin:: Icon List Block
Plugin Slug:: icon-list-block
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2025-26937

Plugin:: Place Order Without Payment for WooCommerce
Plugin Slug:: wc-place-order-without-payment
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.6.8
Severity Score:: High
CVE:: 2025-26933

Plugin:: Contact Form Plugin
Plugin Slug:: contact-form-lite
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.27
Severity Score:: Medium
CVE:: 2025-26962

Plugin:: SMTP for Amazon SES � YaySMTP
Plugin Slug:: smtp-amazon-ses
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8
Severity Score:: High
CVE:: 2025-0957

Plugin:: Super Testimonials
Plugin Slug:: super-testimonial
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: High
CVE:: 2024-13704

Plugin:: WP-Appbox
Plugin Slug:: wp-appbox
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.5
Severity Score:: Medium
CVE:: 2025-1489

Plugin:: Affiliate Coupons � The #1 Coupon Display Plugin for Affiliate Marketers
Plugin Slug:: affiliate-coupons
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7.4
Severity Score:: High
CVE:: 2025-26957

Plugin:: Counters Block � Display Number as an animated counter.
Plugin Slug:: counters-block
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-26939

Plugin:: Easy Charts
Plugin Slug:: easy-charts
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2025-26893

Plugin:: Majestic Support � The Leading-Edge Help Desk & Customer Support Plugin
Plugin Slug:: majestic-support
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.7
Severity Score:: High
CVE:: 2025-26985

Plugin:: Active Products Tables for WooCommerce. Use constructor to create tables�
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6.7
Severity Score:: High
CVE:: 2025-0864

Plugin:: Services Section block � Showcase services in a professional way.
Plugin Slug:: services-section
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2025-26947

Plugin:: WP Yelp Review Slider
Plugin Slug:: wp-yelp-review-slider
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 8.2
Severity Score:: High
CVE:: 2025-26946

Plugin:: Visual Website Collaboration, Feedback & Project Management � Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.1
Severity Score:: High
CVE:: 2025-26993

Plugin:: Post Form � Registration Form � Profile Form for User Profiles � Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.16
Severity Score:: Medium
CVE:: 2024-12038

Plugin:: Countdown Timer block � Display the event’s date into a timer.
Plugin Slug:: countdown-time
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2025-26938

Plugin:: Flexible Wishlist for WooCommerce � Ecommerce Wishlist & Save for later
Plugin Slug:: flexible-wishlist
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.27
Severity Score:: Medium
CVE:: 2024-13718

Plugin:: Flexmls� IDX Plugin
Plugin Slug:: flexmls-idx
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.14.28
Severity Score:: Critical
CVE:: 2025-26900

Plugin:: Info Cards � Gutenberg block for creating Beautiful Cards
Plugin Slug:: info-cards
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2025-26945

Plugin:: Market Exporter
Plugin Slug:: market-exporter
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.22
Severity Score:: Medium
CVE:: 2025-26995

Plugin:: Events Calendar Made Simple � Pie Calendar
Plugin Slug:: pie-calendar
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2025-1410

Plugin:: Responsive Addons for Elementor � Free Elementor Addons Plugin and Elementor Templates
Plugin Slug:: responsive-addons-for-elementor
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.6.5
Severity Score:: High
CVE:: 2024-13353

Plugin:: Team Section block � Showcase team members in various layouts and designs.
Plugin Slug:: team-section
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-26949

Plugin:: User Private Files � File Upload & Download Manager with Secure File Sharing
Plugin Slug:: user-private-files
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-13799

Plugin:: Order Limit for WooCommerce
Plugin Slug:: wc-order-limit-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.3
Severity Score:: Medium
CVE:: 2025-26928

Plugin:: Wired Impact Volunteer Management
Plugin Slug:: wired-impact-volunteer-management
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2025-26980

Plugin:: WPPizza � A Restaurant Plugin
Plugin Slug:: wppizza
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.5
Severity Score:: High
CVE:: 2025-26991

Plugin:: aBlocks � WordPress Gutenberg Blocks
Plugin Slug:: ablocks
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-13465

Plugin:: SMTP for SendGrid � YaySMTP
Plugin Slug:: smtp-sendgrid
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: High
CVE:: 2025-0918

Plugin:: System Dashboard
Plugin Slug:: system-dashboard
Installations: 800+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.8.19
Severity Score:: Medium
CVE:: 2025-26911

Plugin:: Business Card Block � Show your business card on the web.
Plugin Slug:: business-card-block
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2025-26952

Plugin:: Pago por Redsys
Plugin Slug:: pago-redsys-tpv-grafreak
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.13
Severity Score:: High
CVE:: 2024-12467

Plugin:: WP Responsive Auto Fit Text
Plugin Slug:: wp-responsive-slab-text
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.3
Severity Score:: Medium
CVE:: 2025-26904

Plugin:: AR for WordPress
Plugin Slug:: ar-for-wordpress
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.8
Severity Score:: Medium
CVE:: 2025-26913

Plugin:: ClickWhale � Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
Plugin Slug:: clickwhale
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.4
Severity Score:: Medium
CVE:: 2025-26963

Plugin:: Popup Builder
Plugin Slug:: easy-notify-lite
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.35
Severity Score:: Medium
CVE:: 2025-26882

Plugin:: Front End Users
Plugin Slug:: front-end-only-users
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.31
Severity Score:: Medium
CVE:: 2025-26877

Plugin:: Search with Typesense
Plugin Slug:: search-with-typesense
Installations: 600+
Vulnerability:: Path Traversal
Patched in Version:: 2.0.9
Severity Score:: Medium
CVE:: 2025-26876

Plugin:: Easy Quotes
Plugin Slug:: easy-quotes
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.3
Severity Score:: Critical
CVE:: 2025-26943

Plugin:: EZ SQL Reports Shortcode Widget and DB Backup
Plugin Slug:: elisqlreports
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.25.08
Severity Score:: Medium
CVE:: 2025-26887

Plugin:: Wishlist
Plugin Slug:: wishlist
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.42
Severity Score:: High
CVE:: 2025-26915

Plugin:: WP Multistore Locator � WP Store Locator Plugin: Effortless Integration With Snazzy Maps
Plugin Slug:: wp-multi-store-locator
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: 2.5.2
Severity Score:: Critical
CVE:: 2025-26974

Plugin:: SMTP for Sendinblue � YaySMTP
Plugin Slug:: smtp-sendinblue
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: High
CVE:: 2025-0953

Plugin:: SpeedSize Image & Video AI-Optimizer
Plugin Slug:: speedsize-ai-image-optimizer
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-13438

Plugin:: Autoship Cloud for WooCommerce Subscription Products
Plugin Slug:: autoship-cloud
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1
Severity Score:: Medium
CVE:: 2025-26878

Plugin:: Easy Elementor Addons
Plugin Slug:: easy-elementor-addons
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.7
Severity Score:: Medium
CVE:: 2025-26912

Plugin:: Tribulant Gallery Voting
Plugin Slug:: gallery-voting
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3
Severity Score:: High
CVE:: 2025-26931

Plugin:: Scratch & Win � Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more
Plugin Slug:: scratch-win-giveaways-for-website-facebook
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.0
Severity Score:: Medium
CVE:: 2024-13316

Plugin:: Sticky Content � Stick any content on pages
Plugin Slug:: sticky-menu-block
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2025-26881

Plugin:: Web Stories Enhancer � Level Up Your Web Stories
Plugin Slug:: web-stories-enhancer
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2024-13575

Plugin:: Fast Flow
Plugin Slug:: fast-flow-dashboard
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.18
Severity Score:: High
CVE:: 2025-26868

Plugin:: Mini Course Generator | Embed mini-courses and interactive content
Plugin Slug:: mini-course-generator
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2024-13672

Plugin:: Threepress
Plugin Slug:: threepress
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2024-13395

Plugin:: Zigaform � Price Calculator & Cost Estimation Form Builder Lite
Plugin Slug:: zigaform-calculator-cost-estimation-form-builder-lite
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.3
Severity Score:: High
CVE:: 2025-26994

Plugin:: Ziggeo
Plugin Slug:: ziggeo
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.1
Severity Score:: Medium
CVE:: 2024-12452

Plugin:: Zigaform � Form Builder Lite
Plugin Slug:: zigaform-form-builder-lite
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.3
Severity Score:: High
CVE:: 2025-26989

Plugin:: Shopwarden � Automated WooCommerce monitoring & testing
Plugin Slug:: shopwarden
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.12
Severity Score:: High
CVE:: 2024-13315

Plugin:: Activity Log WinterLock
Plugin Slug:: winterlock
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2025-24982

Plugin:: Yay! Forms
Plugin Slug:: yayforms
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-12522

Plugin:: Easypromos Plugin
Plugin Slug:: easypromos
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2024-13443

Plugin:: MemorialDay
Plugin Slug:: memorialday
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.0
Severity Score:: High
CVE:: 2024-13523

Plugin:: igumbi Online Booking
Plugin Slug:: igumbi-online-booking
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.41
Severity Score:: Medium
CVE:: 2024-13455

Plugin:: LTL Freight Quotes � GlobalTranz Edition
Plugin Slug:: ltl-freight-quotes-globaltranz-edition
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.13
Severity Score:: Medium
CVE:: 2025-1483

Plugin:: LTL Freight Quotes � GlobalTranz Edition
Plugin Slug:: ltl-freight-quotes-globaltranz-edition
Installations: 40+
Vulnerability:: SQL Injection
Patched in Version:: 2.3.12
Severity Score:: Critical
CVE:: 2024-13476

Plugin:: Small Package Quotes � Unishippers Edition
Plugin Slug:: small-package-quotes-unishippers-edition
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.10
Severity Score:: Medium
CVE:: 2025-26960

Plugin:: LTL Freight Quotes � ABF Freight Edition
Plugin Slug:: ltl-freight-quotes-abf-freight-edition
Installations: 30+
Vulnerability:: SQL Injection
Patched in Version:: 3.3.8
Severity Score:: Critical
CVE:: 2024-13485

Plugin:: LTL Freight Quotes � Old Dominion Edition
Plugin Slug:: ltl-freight-quotes-odfl-edition
Installations: 30+
Vulnerability:: SQL Injection
Patched in Version:: 4.2.11
Severity Score:: Critical
CVE:: 2024-13489

Plugin:: Small Package Quotes � For Customers of FedEx
Plugin Slug:: small-package-quotes-fedex-edition
Installations: 30+
Vulnerability:: SQL Injection
Patched in Version:: 4.3.2
Severity Score:: Critical
CVE:: 2024-13491

Plugin:: LTL Freight Quotes � SAIA Edition
Plugin Slug:: ltl-freight-quotes-saia-edition
Installations: 20+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.11
Severity Score:: Critical
CVE:: 2024-13483

Plugin:: LTL Freight Quotes � R+L Carriers Edition
Plugin Slug:: ltl-freight-quotes-rl-edition
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: 3.3.5
Severity Score:: Critical
CVE:: 2024-13481

Plugin:: LTL Freight Quotes � SEFL Edition
Plugin Slug:: ltl-freight-quotes-sefl-edition
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.5
Severity Score:: Critical
CVE:: 2024-13479

Plugin:: LTL Freight Quotes � TForce Edition
Plugin Slug:: ltl-freight-quotes-ups-edition
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: 3.6.5
Severity Score:: Critical
CVE:: 2024-13478

Plugin:: FormCraft 3
Plugin Slug:: formcraft3
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.12
Severity Score:: Medium
CVE:: 2024-13783

Plugin:: FormCraft 3
Plugin Slug:: formcraft3
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.12
Severity Score:: High
CVE:: 2025-0817

Plugin:: K Elements
Plugin Slug:: k-elements
Vulnerability:: Privilege Escalation
Patched in Version:: 5.4.0
Severity Score:: Critical
CVE:: 2024-56000

Plugin:: LTL Freight Quotes � Purolator Edition
Plugin Slug:: ltl-freight-quotes-purolator-freight-edition
Vulnerability:: SQL Injection
Patched in Version:: 2.2.4
Severity Score:: Critical
CVE:: 2024-13474

Plugin:: Pie Register Premium
Plugin Slug:: pie-register-premium
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.3.3
Severity Score:: Medium
CVE:: 2025-26948

Plugin:: Small Package Quotes � USPS Edition
Plugin Slug:: small-package-quotes-usps-edition
Vulnerability:: SQL Injection
Patched in Version:: 1.3.6
Severity Score:: Critical
CVE:: 2024-13533

Plugin:: Tourmaster
Plugin Slug:: tourmaster
Vulnerability:: SQL Injection
Patched in Version:: 5.3.7
Severity Score:: High
CVE:: 2024-13369

Plugin:: Indeed Ultimate Learning Pro
Plugin Slug:: ulp-duplicate-post-sql-timebased
Vulnerability:: SQL Injection
Patched in Version:: 3.9.1
Severity Score:: High
CVE:: 2024-13846

Plugin:: Uncode Core
Plugin Slug:: uncode-core
Vulnerability:: Content Injection
Patched in Version:: 2.9.1.7
Severity Score:: Medium
CVE:: 2024-13689

Plugin:: WooCommerce Food – Restaurant Menu & Food ordering
Plugin Slug:: woo-exfood
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.3.3
Severity Score:: High
CVE:: 2024-13792

WordPress Themes � 11 Patched / 0 Unpatched

Theme:: Uncode
Theme Slug:: uncode
Downloads: 2,271
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.9.1.7
Severity Score:: Medium
CVE:: 2024-13691

Theme:: Uncode
Theme Slug:: uncode
Downloads: 2,271
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.1.7
Severity Score:: Medium
CVE:: 2024-13667

Theme:: Uncode
Theme Slug:: uncode
Downloads: 2,271
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.9.1.7
Severity Score:: High
CVE:: 2024-13681

Theme:: CarSpot
Theme Slug:: carspot
Vulnerability:: Broken Authentication
Patched in Version:: 2.4.4
Severity Score:: Critical
CVE:: 2024-12860

Theme:: Enfold
Theme Slug:: enfold
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.0
Severity Score:: Medium
CVE:: 2024-13695

Theme:: Enfold
Theme Slug:: enfold
Vulnerability:: Broken Access Control
Patched in Version:: 7.0
Severity Score:: Medium
CVE:: 2024-13693

Theme:: Hostiko
Theme Slug:: hostiko
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 30.1
Severity Score:: High
CVE:: 2025-27014

Theme:: Hostiko
Theme Slug:: hostiko
Vulnerability:: Local File Inclusion
Patched in Version:: 30.1
Severity Score:: High
CVE:: 2025-27015

Theme:: MediCenter – Health Medical Clinic WordPress Theme
Theme Slug:: medicenter
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 14.7
Severity Score:: Medium
CVE:: 2025-27013

Theme:: Pearl – Corporate Business
Theme Slug:: pearl
Vulnerability:: Local File Inclusion
Patched in Version:: 3.4.8
Severity Score:: High
CVE:: 2025-26986

Theme:: PressMart
Theme Slug:: pressmart
Vulnerability:: Content Injection
Patched in Version:: 1.2.17
Severity Score:: Medium
CVE:: 2024-13797