Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark black to purple gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � February 4, 2026

[email protected]

In this report, 661 vulnerabilities have been publicly disclosed. Security patches for 497 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Currently, 164 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.9.1 was released on February 3, 2026, as a short-cycle maintenance update, addressing 49 bugs across WordPress Core and the Block Editor, including fixes affecting the editor, mail functionality, and classic themes. Sites with automatic background updates may already be updated. We recommend reviewing the details and updating as part of your regular maintenance cycle.

The next major WordPress release, version 7.0, is scheduled for April 9, 2026, during WordCamp Asia.

WordPress Plugins � 488 Patched / 150 Unpatched

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Master Slider � Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13757

Plugin:: Gutentor � Gutenberg Blocks � Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13650

Plugin:: Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
Plugin Slug:: directorist
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68069

Plugin:: Kama Thumbnail
Plugin Slug:: kama-thumbnail
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24521

Plugin:: Leadpages
Plugin Slug:: leadpages
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68050

Plugin:: Shiprocket
Plugin Slug:: shiprocket
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68051

Plugin:: NextMove Lite � Thank You Page for WooCommerce
Plugin Slug:: woo-thank-you-page-nextmove-lite
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68048

Plugin:: CLP Varnish Cache
Plugin Slug:: clp-varnish-cache
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24525

Plugin:: Tablesome Table � Contact Form DB � WPForms, CF7, Gravity, Forminator, Fluent
Plugin Slug:: tablesome
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24524

Plugin:: WP FullCalendar
Plugin Slug:: wp-fullcalendar
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24523

Plugin:: WP Subscribe
Plugin Slug:: wp-subscribe
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24522

Plugin:: Travelpayouts
Plugin Slug:: travelpayouts
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68042

Plugin:: TelSender � ?ontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot
Plugin Slug:: telsender
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: ?????? ????? ???? ?? ???? ?? ?? ??
Plugin Slug:: farazsms
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68031

Plugin:: Translate WordPress Websites Globally with ConveyThis Translate
Plugin Slug:: conveythis-translate
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68021

Plugin:: Frontend File Manager Plugin
Plugin Slug:: nmedia-user-file-uploader
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1280

Plugin:: Nova Blocks by Pixelgrade
Plugin Slug:: nova-blocks
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24528

Plugin:: Email Inquiry & Cart Options for WooCommerce
Plugin Slug:: woocommerce-email-inquiry-cart-options
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24526

Plugin:: Generic Elements
Plugin Slug:: generic-elements-for-elementor
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9080

Plugin:: Quick Restaurant Reservations
Plugin Slug:: quick-restaurant-reservations
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-24529

Plugin:: Easy Hotel Booking � Powerful Hotel Booking
Plugin Slug:: easy-hotel
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68005

Plugin:: SurveyJS: Drag & Drop Form Builder
Plugin Slug:: surveyjs
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13139

Plugin:: SurveyJS: Drag & Drop Form Builder
Plugin Slug:: surveyjs
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13194

Plugin:: SurveyJS: Drag & Drop Form Builder
Plugin Slug:: surveyjs
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13205

Plugin:: Sendy
Plugin Slug:: sendy
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68564

Plugin:: Asynchronous Javascript
Plugin Slug:: asynchronous-javascript
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68846

Plugin:: eDS Responsive Menu
Plugin Slug:: eds-responsive-menu
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68845

Plugin:: FeedWordPress Advanced Filters
Plugin Slug:: faf
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68843

Plugin:: Membee Login
Plugin Slug:: membees-member-login-widget
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68844

Plugin:: Widget Logic Visual
Plugin Slug:: widget-logic-visual
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68842

Plugin:: ID Arrays
Plugin Slug:: id-arrays
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68854

Plugin:: iSape
Plugin Slug:: isape
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68847

Plugin:: JobBoard Job listing plugin
Plugin Slug:: job-board-light
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68855

Plugin:: Mopinion Feedback Form
Plugin Slug:: mopinion-feedback-form
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68856

Plugin:: LazyTasks � Project & Task Management with Collaboration, Kanban and Gantt Chart
Plugin Slug:: lazytasks-project-task-management
Installations: 80+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-12963

Plugin:: JavaScript Notifier
Plugin Slug:: javascript-notifier
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1191

Plugin:: Simple Archive Generator
Plugin Slug:: simple-archive-generator
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68880

Plugin:: Aardvark Plugin
Plugin Slug:: aardvark-plugin
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69297

Plugin:: ABC Notation
Plugin Slug:: abc-notation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13551

Plugin:: AhaChat Messenger Marketing
Plugin Slug:: ahachat-messenger-marketing
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68895

Plugin:: AhaChat Messenger Marketing
Plugin Slug:: ahachat-messenger-marketing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-14316

Plugin:: AHAthat
Plugin Slug:: ahathat
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11269

Plugin:: Allmart
Plugin Slug:: allmart-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69304

Plugin:: Anber Elementor Addon
Plugin Slug:: anber-elementor-addon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7439

Plugin:: Aoa Downloadable
Plugin Slug:: aoa-downloadable
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13617

Plugin:: Aoa Downloadable
Plugin Slug:: aoa-downloadable
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13618

Plugin:: Ads Pro
Plugin Slug:: ap-plugin-scripteo
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-4381

Plugin:: Ads Pro
Plugin Slug:: ap-plugin-scripteo
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-5339

Plugin:: Ads Pro
Plugin Slug:: ap-plugin-scripteo
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-7402

Plugin:: ArielBrailovsky-ViralAd
Plugin Slug:: arielbrailovsky-viralad
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-2106

Plugin:: Auto Thickbox
Plugin Slug:: auto-thickbox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2537

Plugin:: Bitcoin Donate Button
Plugin Slug:: bitcoin-donate-button
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1380

Plugin:: BlockArt Blocks
Plugin Slug:: blockart-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14283

Plugin:: BlossomThemes Social Feed
Plugin Slug:: blossomthemes-instagram-feed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Booked
Plugin Slug:: booked
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-22341

Plugin:: Business Card
Plugin Slug:: business-card-by-esterox-100
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4531

Plugin:: Business Card
Plugin Slug:: business-card-by-esterox-100
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4531

Plugin:: Business Card
Plugin Slug:: business-card-by-esterox-100
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4532

Plugin:: Buttons Shortcode and Widget
Plugin Slug:: buttons-shortcode-and-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0711

Plugin:: Change WP URL
Plugin Slug:: change-wp-url
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1398

Plugin:: cits-support-svg-webp-media-upload
Plugin Slug:: cits-support-svg-webp-media-upload
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0807

Plugin:: Accessiy by CodeConfig Widget for ADA, EAA & WCAG Compliance
Plugin Slug:: codeconfig-accessibility
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13309

Plugin:: Crete Core
Plugin Slug:: crete-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69305

Plugin:: CRM Memberships
Plugin Slug:: crm-memberships
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13312

Plugin:: CRM Memberships
Plugin Slug:: crm-memberships
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-13313

Plugin:: DesignThemes Core Features
Plugin Slug:: designthemes-core-features
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69302

Plugin:: Pixter Right Click Protect Images for WordPress
Plugin Slug:: disable-right-click-powered-by-pixterme
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-8047

Plugin:: Dyn Business Panel
Plugin Slug:: dyn-business-panel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13056

Plugin:: Easy Jump Links Menus
Plugin Slug:: easy-jump-links-menus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13860

Plugin:: Electio Core
Plugin Slug:: electio-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69306

Plugin:: Elegant Addons for elementor
Plugin Slug:: elegant-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5092

Plugin:: Emerce Core
Plugin Slug:: emerce-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69366

Plugin:: Eyewear prescription form
Plugin Slug:: eyewear-prescription-form
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14365

Plugin:: Feedback Modal for Website
Plugin Slug:: feedback-modal-for-website
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13528

Plugin:: Fintelligence Calculator
Plugin Slug:: fintelligence-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9859

Plugin:: Font Farsi
Plugin Slug:: font-farsi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2657

Plugin:: Frontend Checklist
Plugin Slug:: frontend-checklist
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4959

Plugin:: GoZen Forms
Plugin Slug:: gozen-forms
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-6783

Plugin:: Hide Categories Or Products On Shop Page
Plugin Slug:: hide-categories-or-products-on-shop-page
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12128

Plugin:: HL Twitter
Plugin Slug:: hl-twitter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3631

Plugin:: Image Hover Effects – Caption Hover with Carousel
Plugin Slug:: image-hover-effects-with-carousel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5001

Plugin:: Image Optimizer by wps.sk
Plugin Slug:: image-optimizer-wpssk
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12190

Plugin:: imwptip
Plugin Slug:: imwptip
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1377

Plugin:: Likes and Dislikes
Plugin Slug:: inprosysmedia-likes-dislikes-post
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-4840

Plugin:: Internal Link Builder
Plugin Slug:: internal-link-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14725

Plugin:: Joy Of Text Lite
Plugin Slug:: joy-of-text
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7984

Plugin:: JustClick registration plugin
Plugin Slug:: justclick-subscriber
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-13676

Plugin:: Kalrav AI Agent
Plugin Slug:: kalrav-ai-agent
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-13374

Plugin:: KiotViet Sync
Plugin Slug:: kiotvietsync
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12675

Plugin:: Kona Gallery Block
Plugin Slug:: kona-instagram-feed-for-gutenberg
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13400

Plugin:: Light Poll
Plugin Slug:: light-poll
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6496

Plugin:: Login Logout Register Menu
Plugin Slug:: login-logout-register-menu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3726

Plugin:: Marketplace Items
Plugin Slug:: marketplace-items
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12439

Plugin:: Medinik Core
Plugin Slug:: medinik-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69307

Plugin:: Meta-box GalleryMeta
Plugin Slug:: meta-box-gallerymeta
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2026-0687

Plugin:: Meta-box GalleryMeta
Plugin Slug:: meta-box-gallerymeta
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1302

Plugin:: Search Atlas SEO
Plugin Slug:: metasync
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-14386

Plugin:: ModelTheme Framework
Plugin Slug:: modeltheme-framework
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69303

Plugin:: Takeads
Plugin Slug:: monetize-link
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12370

Plugin:: Nestbyte Core
Plugin Slug:: nestbyte-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69308

Plugin:: Newsletter Popup
Plugin Slug:: newsletter-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3641

Plugin:: Newsletter Popup
Plugin Slug:: newsletter-popup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3642

Plugin:: Newsletter Popup
Plugin Slug:: newsletter-popup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3643

Plugin:: Norby AI
Plugin Slug:: norby-ai
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13362

Plugin:: PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
Plugin Slug:: paypal-pay-buy-donation-and-cart-buttons-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5447

Plugin:: Pet Manager
Plugin Slug:: pet-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3918

Plugin:: Image License and Protection
Plugin Slug:: pixter-image-digital-license
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-8047

Plugin:: Postalicious
Plugin Slug:: postalicious
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1266

Plugin:: Premmerce Brands for WooCommerce
Plugin Slug:: premmerce-woocommerce-brands
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12783

Plugin:: Recooty
Plugin Slug:: recooty
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14616

Plugin:: Responsive Header
Plugin Slug:: responsive-header
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1300

Plugin:: Rupantorpay
Plugin Slug:: rupantorpay
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15511

Plugin:: Saasplate Core
Plugin Slug:: saasplate-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69309

Plugin:: SendPress Newsletters
Plugin Slug:: sendpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1588

Plugin:: SendPress Newsletters
Plugin Slug:: sendpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1589

Plugin:: SEO Links Interlinking
Plugin Slug:: seo-links-interlinking
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-14063

Plugin:: Sermon Manager
Plugin Slug:: sermon-manager-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12368

Plugin:: Smart PopUp Blaster
Plugin Slug:: smart-popup-blaster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12458

Plugin:: Solidres � Hotel booking plugin
Plugin Slug:: solidres
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13329

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3749

Plugin:: SSP Debug
Plugin Slug:: ssp-debugging
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13494

Plugin:: SVS Pricing Tables
Plugin Slug:: svs-pricing-tables
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2960

Plugin:: Testimonials Widget
Plugin Slug:: testimonials-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4705

Plugin:: Top Comments
Plugin Slug:: top-comments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12874

Plugin:: Translate This gTranslate Shortcode
Plugin Slug:: translate-this-google-translate-web-element-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8719

Plugin:: Quantic Social Image Hover
Plugin Slug:: tw-image-hover-share
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13360

Plugin:: Twitter Bootstrap Collapse aka Accordian Shortcode
Plugin Slug:: twitter-bootstrap-collapse-aka-accordian-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12722

Plugin:: Uroan Core
Plugin Slug:: uroan-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69365

Plugin:: Vzaar Media Management
Plugin Slug:: vzaar-media-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1391

Plugin:: Widget4Call
Plugin Slug:: widget4call
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13099

Plugin:: Woodly Core
Plugin Slug:: woodly-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69310

Plugin:: WoWPth
Plugin Slug:: wowpth
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1487

Plugin:: WordPress Auction Plugin
Plugin Slug:: wp-auctions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8857

Plugin:: WP Easy FAQs
Plugin Slug:: wp-easy-faqs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8686

Plugin:: WP Featherlight
Plugin Slug:: wp-featherlight
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5667

Plugin:: WP Google Ad Manager
Plugin Slug:: wp-google-ad-manager-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1399

Plugin:: WP Logs Book
Plugin Slug:: wp-logs-book
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4475

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6852

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6853

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6855

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6857

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6860

Plugin:: WP Online Users Stats
Plugin Slug:: wp-online-users-stats
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-4964

Plugin:: WP Prayer
Plugin Slug:: wp-prayer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3406

Plugin:: WP Prayer
Plugin Slug:: wp-prayer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3407

Plugin:: WP-Revive Adserver
Plugin Slug:: wp-revive-adserver
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12461

Plugin:: WordPress Survey & Poll
Plugin Slug:: wp-survey-and-poll
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12528

Plugin:: YouTube Embed, Playlist and Popup by WpDevArt
Plugin Slug:: youtube-video-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2537

Plugin:: All in One SEO � Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
Plugin Slug:: all-in-one-seo-pack
Installations: 3,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.1.1
Severity Score:: Medium
CVE:: 2024-3368

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.5
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.12
Severity Score:: Medium
CVE:: 2024-2650

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.16
Severity Score:: Medium
CVE:: 2024-3728

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.20
Severity Score:: Medium
CVE:: 2024-4448

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.20
Severity Score:: Medium
CVE:: 2024-4449

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-8742

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.13
Severity Score:: Medium
CVE:: 2024-9993

Plugin:: ElementsKit Elementor Addons and Templates
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.3
Severity Score:: Medium
CVE:: 2025-3614

Plugin:: Spectra Gutenberg Blocks � Website Builder for the Block Editor
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.19.18
Severity Score:: Medium
CVE:: 2026-0950

Plugin:: Spectra Gutenberg Blocks � Website Builder for the Block Editor
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.9
Severity Score:: Medium
CVE:: 2024-1815

Plugin:: Cookie Notice & Compliance for GDPR / CCPA
Plugin Slug:: cookie-notice
Installations: 900,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.9
Severity Score:: Medium
CVE:: 2025-11186

Plugin:: Migration, Backup, Staging � WPvivid Backup & Migration
Plugin Slug:: wpvivid-backuprestore
Installations: 800,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.9.121
Severity Score:: Low
CVE:: 2025-12654

Plugin:: Premium Addons for Elementor � Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.29
Severity Score:: Medium
CVE:: 2024-3647

Plugin:: Premium Addons for Elementor � Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.32
Severity Score:: Medium
CVE:: 2024-4376

Plugin:: Premium Addons for Elementor � Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.32
Severity Score:: Medium
CVE:: 2024-4379

Plugin:: Fluent Forms � Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-6518

Plugin:: Fluent Forms � Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-6521

Plugin:: MetForm � Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Plugin Slug:: metform
Installations: 600,000+
Vulnerability:: Broken Authentication
Patched in Version:: 4.1.1
Severity Score:: Low
CVE:: 2026-0633

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.1
Severity Score:: Medium
CVE:: 2025-2560

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.1
Severity Score:: Medium
CVE:: 2025-2561

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-2798

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-2799

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-3889

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.976
Severity Score:: Medium
CVE:: 2024-4087

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-9059

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-9668

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1013
Severity Score:: Medium
CVE:: 2025-1455

Plugin:: Easy WP SMTP � WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more
Plugin Slug:: easy-wp-smtp
Installations: 500,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.1
Severity Score:: Low
CVE:: 2024-3073

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.38
Severity Score:: Medium
CVE:: 2024-4208

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.37
Severity Score:: Medium
CVE:: 2024-4209

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.54
Severity Score:: Medium
CVE:: 2024-12581

Plugin:: Ocean Extra
Plugin Slug:: ocean-extra
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-3458

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.20.8
Severity Score:: Medium
CVE:: 2026-1210

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.4
Severity Score:: Medium
CVE:: 2024-1498

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.3
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2786

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2787

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2788

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2789

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-3724

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.8
Severity Score:: Medium
CVE:: 2024-4391

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.0
Severity Score:: Medium
CVE:: 2024-5041

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.9
Severity Score:: Medium
CVE:: 2024-5088

Plugin:: Jeg Kit for Elementor � Powerful Addons for Elementor, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-3161

Plugin:: Jeg Kit for Elementor � Powerful Addons for Elementor, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-3162

Plugin:: Photo Gallery, Sliders, Proofing and Themes � NextGEN Gallery
Plugin Slug:: nextgen-gallery
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.59.12
Severity Score:: Medium
CVE:: 2025-2537

Plugin:: Page Builder: Pagelayer � Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.8
Severity Score:: Medium
CVE:: 2024-8426

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 400,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.4.6
Severity Score:: Medium
CVE:: 2025-12800

Plugin:: SureForms � Contact Form, Payment Form & Other Custom Form Builder
Plugin Slug:: sureforms
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: High
CVE:: 2025-14855

Plugin:: SureForms � Contact Form, Payment Form & Other Custom Form Builder
Plugin Slug:: sureforms
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2025-3514

Plugin:: GDPR Cookie Compliance � Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.7
Severity Score:: Medium
CVE:: 2025-1619

Plugin:: GDPR Cookie Compliance � Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.7
Severity Score:: Medium
CVE:: 2025-1620

Plugin:: GDPR Cookie Compliance � Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.7
Severity Score:: Medium
CVE:: 2025-1621

Plugin:: GDPR Cookie Compliance � Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law
Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.9
Severity Score:: Medium
CVE:: 2025-1624

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.136
Severity Score:: Medium
CVE:: 2024-13153

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2025-14274

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.113
Severity Score:: Medium
CVE:: 2024-6170

Plugin:: WP Go Maps (formerly WP Google Maps)
Plugin Slug:: wp-google-maps
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.0.05
Severity Score:: Medium
CVE:: 2026-0593

Plugin:: Advanced Google reCAPTCHA
Plugin Slug:: advanced-google-recaptcha
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.30
Severity Score:: High
CVE:: 2025-2074

Plugin:: Gutenberg Essential Blocks � Page Builder for Gutenberg Blocks & Patterns
Plugin Slug:: essential-blocks
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.4
Severity Score:: Medium
CVE:: 2024-2255

Plugin:: FileOrganizer � WordPress File Manager
Plugin Slug:: fileorganizer
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.8
Severity Score:: High
CVE:: 2024-5599

Plugin:: Jetpack Boost � Website Speed, Performance and Critical CSS
Plugin Slug:: jetpack-boost
Installations: 200,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.4.7
Severity Score:: Medium
CVE:: 2024-6584

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.31
Severity Score:: Medium
CVE:: 2024-10704

Plugin:: Supreme Modules Lite � Divi Theme, Extra Theme and Divi Builder
Plugin Slug:: supreme-modules-for-divi
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.53
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Ultimate Member � User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.1
Severity Score:: Medium
CVE:: 2025-13220

Plugin:: Redirection for Contact Form 7
Plugin Slug:: wpcf7-redirect
Installations: 200,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.2.8
Severity Score:: High
CVE:: 2025-14800

Plugin:: Ivory Search � WordPress Search Plugin
Plugin Slug:: add-search-to-menu
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.14
Severity Score:: Medium
CVE:: 2026-1053

Plugin:: AI Engine � The Chatbot and AI Framework for WordPress
Plugin Slug:: ai-engine
Installations: 100,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2026-0746

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-1426

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-1429

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.12
Severity Score:: Medium
CVE:: 2024-5554

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.3
Severity Score:: Medium
CVE:: 2024-9867

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.3
Severity Score:: Medium
CVE:: 2024-10980

Plugin:: Prime Slider � Addons for Elementor
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.2
Severity Score:: Medium
CVE:: 2024-3997

Plugin:: EmbedPress � PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.11
Severity Score:: Medium
CVE:: 2024-1565

Plugin:: EmbedPress � PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.13
Severity Score:: Medium
CVE:: 2024-2688

Plugin:: EmbedPress � PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.15
Severity Score:: Medium
CVE:: 2024-3245

Plugin:: Lightbox & Modal Popup WordPress Plugin � FooBox
Plugin Slug:: foobox-image-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.35
Severity Score:: Medium
CVE:: 2025-5537

Plugin:: Gallery by FooGallery
Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.15
Severity Score:: Medium
CVE:: 2024-2081

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.14.2
Severity Score:: Critical
CVE:: 2024-5932

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.6.1
Severity Score:: High
CVE:: 2025-8620

Plugin:: WP Ghost (Hide My WP Ghost) � Security & Firewall
Plugin Slug:: hide-my-wp
Installations: 100,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 5.4.02
Severity Score:: High
CVE:: 2025-2056

Plugin:: Modula Image Gallery � Photo Grid & Video Gallery
Plugin Slug:: modula-best-grid-gallery
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.13.4
Severity Score:: Medium
CVE:: 2025-13891

Plugin:: The Ultimate Video Player For WordPress � by Presto Player
Plugin Slug:: presto-player
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2024-2428

Plugin:: Relevanssi � A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.22.1
Severity Score:: Medium
CVE:: CVE-2024-1380

Plugin:: Relevanssi � A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.26.0
Severity Score:: Medium
CVE:: 2025-14719

Plugin:: Responsive Lightbox & Gallery
Plugin Slug:: responsive-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.8
Severity Score:: Medium
CVE:: 2024-5667

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.4.2
Severity Score:: High
CVE:: 2024-2210

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.5
Severity Score:: Medium
CVE:: 2024-2784

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-2785

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-3197

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-3199

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.3
Severity Score:: Medium
CVE:: 2024-4484

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.3
Severity Score:: Medium
CVE:: 2024-4485

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-6575

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-5583

Plugin:: Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
Plugin Slug:: themeisle-companion
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.31
Severity Score:: Medium
CVE:: 2024-1497

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.9.6
Severity Score:: Medium
CVE:: 2026-1371

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.4
Severity Score:: Medium
CVE:: 2025-13935

Plugin:: VK All in One Expansion Unit
Plugin Slug:: vk-all-in-one-expansion-unit
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.112.2
Severity Score:: Medium
CVE:: 2025-11267

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content � ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.15
Severity Score:: Medium
CVE:: 2024-10518

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content � ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.20
Severity Score:: Medium
CVE:: 2024-13120

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content � ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.20
Severity Score:: Medium
CVE:: 2024-13121

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13
Severity Score:: Medium
CVE:: 2024-1391

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13
Severity Score:: Medium
CVE:: 2024-1392

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.3
Severity Score:: Medium
CVE:: 2024-2091

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.4
Severity Score:: Medium
CVE:: 2024-2092

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.6
Severity Score:: Medium
CVE:: 2024-4570

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.6
Severity Score:: Medium
CVE:: 2024-4401

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.7
Severity Score:: Medium
CVE:: 2024-7122

Plugin:: Booking for Appointments and Events Calendar � Amelia
Plugin Slug:: ameliabooking
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2025-14720

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.17.3
Severity Score:: Medium
CVE:: 2024-12588

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1348

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1357

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1396

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1533

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-3341

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.17.1
Severity Score:: Medium
CVE:: 2024-9545

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.17.14
Severity Score:: Medium
CVE:: 2025-12379

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.17.14
Severity Score:: Medium
CVE:: 2025-13215

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.274
Severity Score:: Medium
CVE:: 2024-3337

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.277
Severity Score:: Medium
CVE:: 2024-4451

Plugin:: JetFormBuilder � Dynamic Blocks Form Builder
Plugin Slug:: jetformbuilder
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2025-11991

Plugin:: Custom Login Page Customizer
Plugin Slug:: login-customizer
Installations: 90,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.5.4
Severity Score:: Critical
CVE:: 2025-14975

Plugin:: Product Import Export for WooCommerce � Import Export Product CSV Suite
Plugin Slug:: product-import-export-for-woo
Installations: 90,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.5.1
Severity Score:: Low
CVE:: 2025-1911

Plugin:: Hustle � Email Marketing, Lead Generation, Optins, Popups
Plugin Slug:: wordpress-popup
Installations: 90,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.8.9.3
Severity Score:: High
CVE:: 2026-0911

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2024-2084

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-3308

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-3989

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.6
Severity Score:: Medium
CVE:: 2024-5173

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.7
Severity Score:: Medium
CVE:: 2024-4734

Plugin:: 3D FlipBook � PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery
Plugin Slug:: interactive-3d-flipbook-powered-physics-engine
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.16.16
Severity Score:: Medium
CVE:: 2025-5289

Plugin:: LearnPress � WordPress LMS Plugin for Create and Sell Online Courses
Plugin Slug:: learnpress
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.7.2
Severity Score:: Medium
CVE:: 2024-9881

Plugin:: MaxButtons � Create buttons
Plugin Slug:: maxbuttons
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.8.1
Severity Score:: Medium
CVE:: 2024-8968

Plugin:: SlimStat Analytics
Plugin Slug:: wp-slimstat
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.3
Severity Score:: High
CVE:: 2025-69323

Plugin:: Advanced Contact form 7 DB
Plugin Slug:: advanced-cf7-db
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.3
Severity Score:: Medium
CVE:: 2024-3723

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.41
Severity Score:: Medium
CVE:: 2024-1293

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.42
Severity Score:: Medium
CVE:: 2024-1940

Plugin:: Database for Contact Form 7, WPforms, Elementor forms
Plugin Slug:: contact-form-entries
Installations: 70,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.4.4
Severity Score:: High
CVE:: 2025-7384

Plugin:: Database for Contact Form 7, WPforms, Elementor forms
Plugin Slug:: contact-form-entries
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.6
Severity Score:: Medium
CVE:: 2026-0825

Plugin:: Featured Image from URL (FIFU)
Plugin Slug:: featured-image-from-url
Installations: 70,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.2.8
Severity Score:: High
CVE:: 2025-10036

Plugin:: Featured Image from URL (FIFU)
Plugin Slug:: featured-image-from-url
Installations: 70,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2025-13393

Plugin:: WP Maps � Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters
Plugin Slug:: wp-google-map-plugin
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.2
Severity Score:: Medium
CVE:: 2025-3503

Plugin:: WP Maps � Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters
Plugin Slug:: wp-google-map-plugin
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.2
Severity Score:: Medium
CVE:: 2025-3504

Plugin:: WP ULike � Engagement Analytics & Interactive Buttons to Understand Your Audience
Plugin Slug:: wp-ulike
Installations: 70,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.0.0
Severity Score:: Medium
CVE:: 2026-0909

Plugin:: Email Subscribers & Newsletters � Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.18
Severity Score:: Medium
CVE:: 2024-3626

Plugin:: Email Subscribers & Newsletters � Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.45
Severity Score:: Medium
CVE:: 2024-12566

Plugin:: Email Subscribers & Newsletters � Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.45
Severity Score:: Medium
CVE:: 2024-12567

Plugin:: Email Subscribers & Newsletters � Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.45
Severity Score:: Medium
CVE:: 2024-12568

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.3
Severity Score:: Medium
CVE:: 2024-2503

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.5
Severity Score:: Medium
CVE:: 2024-3985

Plugin:: Master Slider � Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.10.0
Severity Score:: Medium
CVE:: 2024-6490

Plugin:: Post and Page Builder by BoldGrid � Visual Drag and Drop Editor
Plugin Slug:: post-and-page-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.7
Severity Score:: Medium
CVE:: 2024-6848

Plugin:: Qi Blocks
Plugin Slug:: qi-blocks
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2025-1626

Plugin:: Qi Blocks
Plugin Slug:: qi-blocks
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2025-1627

Plugin:: Ultimate Dashboard � Custom WordPress Dashboard
Plugin Slug:: ultimate-dashboard
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.6
Severity Score:: Medium
CVE:: 2025-1524

Plugin:: Ultimate Dashboard � Custom WordPress Dashboard
Plugin Slug:: ultimate-dashboard
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.6
Severity Score:: Medium
CVE:: 2025-1525

Plugin:: Divi Torque Lite � Divi Theme, Divi Builder & Extra Theme
Plugin Slug:: addons-for-divi
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.6
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Popup Box � Create Countdown, Coupon, Video, Contact Form Popups
Plugin Slug:: ays-popup-box
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.1.2
Severity Score:: Medium
CVE:: 2026-1165

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium
CVE:: 2024-3266

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.6
Severity Score:: Medium
CVE:: 2025-3715

Plugin:: Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.14.7
Severity Score:: Medium
CVE:: 2025-12804

Plugin:: Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.14.14
Severity Score:: Medium
CVE:: 2026-1431

Plugin:: Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.5
Severity Score:: Medium
CVE:: 2024-10893

Plugin:: Clearfy Cache � WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2024-13338

Plugin:: Getwid � Gutenberg Blocks
Plugin Slug:: getwid
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.11
Severity Score:: Medium
CVE:: 2024-6489

Plugin:: User Profile Builder � Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.11.9
Severity Score:: Critical
CVE:: 2024-6695

Plugin:: Search Exclude
Plugin Slug:: search-exclude
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2025-2821

Plugin:: Tag, Category, and Taxonomy Manager � AI Autotagger with OpenAI
Plugin Slug:: simple-tags
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.41.0
Severity Score:: High
CVE:: 2025-13922

Plugin:: Sina Extension for Elementor
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2024-4333

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-2922

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4458

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4459

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4212

Plugin:: Ultimate Blocks � 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-4268

Plugin:: Ultimate Blocks � 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.8
Severity Score:: Medium
CVE:: 2025-1312

Plugin:: Ultimate Blocks � 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.8
Severity Score:: Medium
CVE:: 2025-1703

Plugin:: Ultimate Blocks � 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.4
Severity Score:: Medium
CVE:: 2025-2918

Plugin:: Ultimate Blocks � 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-6362

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.3.0
Severity Score:: Medium
CVE:: 2026-24357

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1458

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1461

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1464

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1465

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1466

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.4
Severity Score:: Medium
CVE:: 2024-2926

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.4
Severity Score:: Medium
CVE:: 2024-3639

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2025.0
Severity Score:: Medium
CVE:: 2025-1439

Plugin:: Ajax Load More � Infinite Scroll, Load More, & Lazy Load
Plugin Slug:: ajax-load-more
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.8.2
Severity Score:: Medium
CVE:: 2025-15525

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.62
Severity Score:: Medium
CVE:: 2024-13381

Plugin:: Carousel Slider
Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.15
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-6691

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.31
Severity Score:: Medium
CVE:: 2024-10562

Plugin:: FunnelKit � Funnel Builder for WooCommerce Checkout
Plugin Slug:: funnel-builder
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.1.3
Severity Score:: Medium
CVE:: 2025-12878

Plugin:: Genesis Blocks
Plugin Slug:: genesis-blocks
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-2761

Plugin:: Genesis Blocks
Plugin Slug:: genesis-blocks
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2024-3901

Plugin:: Quiz and Survey Master (QSM) � Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 9.0.2
Severity Score:: High
CVE:: 2024-5606

Plugin:: Quiz and Survey Master (QSM) � Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 10.3.2
Severity Score:: High
CVE:: 2025-67987

Plugin:: Robo Gallery � Photo & Image Slider
Plugin Slug:: robo-gallery
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.23
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Post Grid Gutenberg Blocks for News, Magazines, Blog Websites � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.3
Severity Score:: High
CVE:: 2024-5326

Plugin:: Post Grid Gutenberg Blocks for News, Magazines, Blog Websites � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-3239

Plugin:: YITH WooCommerce Ajax Search
Plugin Slug:: yith-woocommerce-ajax-search
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.1
Severity Score:: Medium
CVE:: 2024-7846

Plugin:: Ditty � Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.46
Severity Score:: Medium
CVE:: 2024-6715

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.29
Severity Score:: Medium
CVE:: 2024-4262

Plugin:: Post Grid
Plugin Slug:: post-grid
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-1988

Plugin:: Post Grid
Plugin Slug:: post-grid
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-4042

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 12.3.20
Severity Score:: High
CVE:: 2024-6497

Plugin:: Stop Spammers Classic
Plugin Slug:: stop-spammer-registrations-plugin
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2026.2
Severity Score:: Medium
CVE:: 2025-14795

Plugin:: Stratum Widgets for Elementor
Plugin Slug:: stratum
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.1
Severity Score:: Medium
CVE:: 2025-7845

Plugin:: ThirstyAffiliates � Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
Plugin Slug:: thirstyaffiliates
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.11.10
Severity Score:: Medium
CVE:: 2026-25024

Plugin:: Tutor LMS Elementor Addons
Plugin Slug:: tutor-lms-elementor-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-5576

Plugin:: WP Video Lightbox
Plugin Slug:: wp-post-447778 wp-video-lightbox
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.12
Severity Score:: Medium
CVE:: 2025-2540

Plugin:: Xpro Addons � 140+ Widgets for Elementor
Plugin Slug:: xpro-elementor-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.8
Severity Score:: Medium
CVE:: 2025-2108

Plugin:: Image Photo Gallery Final Tiles Grid
Plugin Slug:: final-tiles-grid-gallery-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.9
Severity Score:: Medium
CVE:: 2025-13693

Plugin:: Icegram Engage � Popups, Optins, CTAs & lot more�
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.32
Severity Score:: Medium
CVE:: 2024-13482

Plugin:: New User Approve
Plugin Slug:: new-user-approve
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.3
Severity Score:: High
CVE:: 2026-0832

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.7
Severity Score:: Medium
CVE:: 2024-6889

Plugin:: Snow Monkey Forms
Plugin Slug:: snow-monkey-forms
Installations: 20,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 12.0.4
Severity Score:: High
CVE:: 2026-1056

Plugin:: Ultimate Addons for Beaver Builder � Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2140

Plugin:: Ultimate Addons for Beaver Builder � Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2142

Plugin:: Ultimate Addons for Beaver Builder � Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2143

Plugin:: Ultimate Addons for Beaver Builder � Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2144

Plugin:: Welcart e-Commerce
Plugin Slug:: usc-e-shop
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.21
Severity Score:: Medium
CVE:: 2025-9367

Plugin:: UsersWP � Front-end login form, User Registration, User Profile & Members Directory plugin for WP
Plugin Slug:: userswp
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.54
Severity Score:: Medium
CVE:: 2026-25015

Plugin:: Appointment Hour Booking � Booking Calendar
Plugin Slug:: appointment-hour-booking
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.61
Severity Score:: Medium
CVE:: 2026-1083

Plugin:: Bit Form � Custom Contact Form, Multi Step, Conversational Form & Payment Form builder
Plugin Slug:: bit-form
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.13.10
Severity Score:: High
CVE:: 2024-7780

Plugin:: BlockSpare � News, Magazine and Blog Addons for (Gutenberg) Block Editor
Plugin Slug:: blockspare
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2024-8325

Plugin:: Bold Timeline Lite
Plugin Slug:: bold-timeline-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2025-14032

Plugin:: Passster � Password Protect Pages and Content
Plugin Slug:: content-protector
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.25
Severity Score:: Medium
CVE:: 2025-14865

Plugin:: Crelly Slider
Plugin Slug:: crelly-slider
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.7
Severity Score:: Medium
CVE:: 2024-13116

Plugin:: Content Blocks (Custom Post Widget)
Plugin Slug:: custom-post-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2024-3565

Plugin:: Content Blocks (Custom Post Widget)
Plugin Slug:: custom-post-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2024-6432

Plugin:: WP Customer Area
Plugin Slug:: customer-area
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.2.5
Severity Score:: Medium
CVE:: 2024-12436

Plugin:: Document Embedder � Embed PDFs, Word, Excel, and Other Files
Plugin Slug:: document-emberdder
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.0.5
Severity Score:: Medium
CVE:: 2026-1389

Plugin:: GamiPress � Gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Content Injection
Patched in Version:: 7.2.2
Severity Score:: Medium
CVE:: 2024-13499

Plugin:: Maps Plugin using Google Maps for WordPress � WP Google Map
Plugin Slug:: gmap-embed
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.4
Severity Score:: Medium
CVE:: 2024-13306

Plugin:: AIP � AI Chatbots, Content Writer & Forms (formerly AI Power)
Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.8.97
Severity Score:: High
CVE:: 2025-0428

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.9
Severity Score:: High
CVE:: 2024-5349

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2025-3106

Plugin:: Motors � Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.58
Severity Score:: Medium
CVE:: 2024-13737

Plugin:: Child Theme Creator by Orbisius
Plugin Slug:: orbisius-child-theme-creator
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-12263

Plugin:: Order Minimum/Maximum Amount Limits for WooCommerce
Plugin Slug:: order-minimum-amount-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.9
Severity Score:: Medium
CVE:: 2026-1381

Plugin:: OSM � OpenStreetMap
Plugin Slug:: osm
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-3603

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.11.2
Severity Score:: Medium
CVE:: 2024-1389

Plugin:: Recipe Card Blocks Lite
Plugin Slug:: recipe-card-blocks-by-wpzoom
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.13
Severity Score:: High
CVE:: 2025-14973

Plugin:: SupportCandy � Helpdesk & Customer Support Ticket System
Plugin Slug:: supportcandy
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.4.5
Severity Score:: Medium
CVE:: 2026-1251

Plugin:: SupportCandy � Helpdesk & Customer Support Ticket System
Plugin Slug:: supportcandy
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.5
Severity Score:: High
CVE:: 2026-0683

Plugin:: Testimonial Carousel For Elementor
Plugin Slug:: testimonials-carousel-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.2.0
Severity Score:: Medium
CVE:: 2024-4698

Plugin:: User Submitted Posts � Enable Users to Submit Posts from the Front End
Plugin Slug:: user-submitted-posts
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20260110
Severity Score:: High
CVE:: 2026-0800

Plugin:: Countdown Timer � Widget Countdown
Plugin Slug:: widget-countdown
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.8
Severity Score:: Medium
CVE:: 2025-14555

Plugin:: Simple Shopping Cart
Plugin Slug:: wordpress-simple-paypal-shopping-cart
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.1.4
Severity Score:: Medium
CVE:: 2025-3889

Plugin:: Eventin � Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.9
Severity Score:: High
CVE:: 2024-7149

Plugin:: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages
Plugin Slug:: wplegalpages
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.5
Severity Score:: High
CVE:: 2025-67974

Plugin:: WP VR � 360 Panorama and Free Virtual Tour Builder For WordPress
Plugin Slug:: wpvr
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.33
Severity Score:: Medium
CVE:: 2025-6350

Plugin:: Backup, Restore and Migrate your sites with XCloner
Plugin Slug:: xcloner-backup-and-restore
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.8.3
Severity Score:: Medium
CVE:: 2025-11759

Plugin:: RegistrationMagic � Custom Registration Forms, User Registration, Payment, and User Login
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.0.7.5
Severity Score:: Medium
CVE:: 2026-1054

Plugin:: Prisna GWT � Google Website Translator
Plugin Slug:: google-website-translator
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.14
Severity Score:: Medium
CVE:: 2024-12680

Plugin:: Qubely � Advanced Gutenberg Blocks
Plugin Slug:: qubely
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.13
Severity Score:: Medium
CVE:: 2024-9601

Plugin:: Nexter Gutenberg Blocks � Website Builder & 1000+ Starter Templates
Plugin Slug:: the-plus-addons-for-block-editor
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.6.4
Severity Score:: Medium
CVE:: 2026-24377

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-9705

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-9706

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2024-2749

Plugin:: NEX-Forms � Ultimate Forms Plugin for WordPress
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.1.9
Severity Score:: Medium
CVE:: 2025-15510

Plugin:: WP Job Portal � AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-13429

Plugin:: WP Adminify � White Label WordPress, Admin Menu Editor, Login Customizer
Plugin Slug:: adminify
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.7.8
Severity Score:: Medium
CVE:: 2026-1060

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium
CVE:: 2024-1321

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.2.8.0
Severity Score:: Medium
CVE:: 2025-14507

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.8.1
Severity Score:: Medium
CVE:: 2026-24380

Plugin:: bSlider � Create Responsive Image, Post, Product, and Video Sliders
Plugin Slug:: b-slider
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2026-24383

Plugin:: EventON � Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.8
Severity Score:: High
CVE:: 2024-0233

Plugin:: EventON � Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.8
Severity Score:: Medium
CVE:: 2024-0235

Plugin:: EventON � Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.8
Severity Score:: Medium
CVE:: 2024-0236

Plugin:: EventON � Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.9
Severity Score:: Medium
CVE:: 2024-0237

Plugin:: EventON � Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.8
Severity Score:: High
CVE:: 2024-0238

Plugin:: Hunk Companion
Plugin Slug:: hunk-companion
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.0
Severity Score:: Critical
CVE:: 2024-11972

Plugin:: Pearl � Header Builder
Plugin Slug:: pearl-header-builder
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2024-12206

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 6,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.9.4.6
Severity Score:: High
CVE:: 2025-0724

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.4.5
Severity Score:: Medium
CVE:: 2025-1408

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.9.5
Severity Score:: Medium
CVE:: 2025-12892

Plugin:: Booking Calendar | Appointment Booking | Bookit
Plugin Slug:: bookit
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2025-12841

Plugin:: Easy Image Gallery
Plugin Slug:: easy-image-gallery
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2025-2540

Plugin:: SlingBlocks � Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
Plugin Slug:: slingblocks
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2024-13675

Plugin:: SlingBlocks � Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
Plugin Slug:: slingblocks
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.0
Severity Score:: Medium
CVE:: 2025-8607

Plugin:: Ultimate Store Kit � Addon For WooCommerce, EDD and Elementor
Plugin Slug:: ultimate-store-kit
Installations: 5,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.0.0
Severity Score:: Critical
CVE:: 2024-5335

Plugin:: Return Refund and Exchange For WooCommerce
Plugin Slug:: woo-refund-and-exchange-lite
Installations: 5,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.5.6
Severity Score:: Medium
CVE:: 2025-12086

Plugin:: CubeWP Framework
Plugin Slug:: cubewp-framework
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.28
Severity Score:: Medium
CVE:: 2025-12129

Plugin:: CubeWP Framework
Plugin Slug:: cubewp-framework
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.28
Severity Score:: Medium
CVE:: 2025-6461

Plugin:: CubeWP Framework
Plugin Slug:: cubewp-framework
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.27
Severity Score:: Medium
CVE:: 2025-8615

Plugin:: ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)
Plugin Slug:: elex-bulk-edit-products-prices-attributes-for-woocommerce-basic
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2025-3280

Plugin:: FluentCart A New Era of eCommerce � Faster, Lighter, and Simpler
Plugin Slug:: fluent-cart
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2025-67971

Plugin:: HelloAsso
Plugin Slug:: helloasso
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.11
Severity Score:: Medium
CVE:: 2024-7605

Plugin:: MediaPress
Plugin Slug:: mediapress
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2025-14552

Plugin:: TS Poll � Survey, Versus Poll, Image Poll, Video Poll
Plugin Slug:: poll-wp
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.0
Severity Score:: High
CVE:: 2024-8625

Plugin:: Spexo Addons for Elementor � Free Addons, Widgets and Templates for Elementor
Plugin Slug:: sastra-essential-addons-for-elementor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.24
Severity Score:: Medium
CVE:: 2025-8208

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2181

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2185

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2186

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2187

Plugin:: AVIF Uploader
Plugin Slug:: avif-support
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-9238

Plugin:: MultiVendorX � WooCommerce Multivendor Marketplace Solutions
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.23
Severity Score:: Medium
CVE:: 2025-4101

Plugin:: Gallery PhotoBlocks
Plugin Slug:: photoblocks-grid-gallery
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2026-24389

Plugin:: Tickera � Sell Tickets & Manage Events
Plugin Slug:: tickera-event-ticketing-system
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.5.4.9
Severity Score:: Medium
CVE:: 2024-12578

Plugin:: WP-DownloadManager
Plugin Slug:: wp-downloadmanager
Installations: 3,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.68.11
Severity Score:: Medium
CVE:: 2025-4799

Plugin:: WP-WebAuthn
Plugin Slug:: wp-webauthn
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-9023

Plugin:: WPB Addons for Elementor � News Ticker, Timeline, Team, Services, Testimonials, and Much More
Plugin Slug:: wpb-elementor-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2024-3063

Plugin:: WP Directory Kit
Plugin Slug:: wpdirectorykit
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2025-13920

Plugin:: Frontend Post Submission Manager Lite � Frontend Posting WordPress Plugin
Plugin Slug:: frontend-post-submission-manager-lite
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2025-14080

Plugin:: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor � Funnelforms Free
Plugin Slug:: funnelforms-free
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4.1
Severity Score:: Medium
CVE:: 2024-5857

Plugin:: KiviCare � Clinic & Patient Management System (EHR)
Plugin Slug:: kivicare-clinic-management-system
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.0.0
Severity Score:: High
CVE:: 2026-25022

Plugin:: Markup Markdown
Plugin Slug:: markup-markdown
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.20.10
Severity Score:: Medium
CVE:: 2025-9541

Plugin:: Melapress Login Security
Plugin Slug:: melapress-login-security
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2025-2876

Plugin:: RSS Feed Widget
Plugin Slug:: rss-feed-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2024-9836

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2024-2129

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2025-9082

Plugin:: Visual Feedback, Review & AI Collaboration Tool For WordPress � Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.2
Severity Score:: Medium
CVE:: 2026-25019

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1650

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1652

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1653

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1907

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1909

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1910

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1912

Plugin:: Geo Controller
Plugin Slug:: cf-geoplugin
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 8.7.0
Severity Score:: Medium
CVE:: 2024-7381

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.7
Severity Score:: Medium
CVE:: 2024-7030

Plugin:: Web3 Crypto Payments by DePay for WooCommerce
Plugin Slug:: depay-payments-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.18
Severity Score:: Medium
CVE:: 2024-12265

Plugin:: Double the Donation � A workplace giving tool
Plugin Slug:: double-the-donation
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.0
Severity Score:: Medium
CVE:: 2025-12020

Plugin:: Educare � Students & Result Management System
Plugin Slug:: educare
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2025-67978

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.3
Severity Score:: Medium
CVE:: 2026-25014

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-3680

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-7611

Plugin:: EPROLO-Dropshipping
Plugin Slug:: eprolo-dropshipping
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2025-12133

Plugin:: Flamix: Bitrix24 and Contact Form 7 integrations
Plugin Slug:: flamix-bitrix24-and-contact-forms-7-integrations
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-6568

Plugin:: Friendly Functions for Welcart
Plugin Slug:: friendly-functions-for-welcart
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2026-1208

Plugin:: Mizan Demo Importer
Plugin Slug:: mizan-demo-importer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.1.4
Severity Score:: Medium
CVE:: 2026-25021

Plugin:: Nelio Popups
Plugin Slug:: nelio-popups
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2026-25016

Plugin:: Frontend File Manager Plugin
Plugin Slug:: nmedia-user-file-uploader
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 23.5
Severity Score:: High
CVE:: 2025-14804

Plugin:: PDF Generator Addon for Elementor Page Builder
Plugin Slug:: pdf-generator-addon-for-elementor-page-builder
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.0.1
Severity Score:: High
CVE:: 2024-9935

Plugin:: Post Grid, Slider & Carousel Ultimate � with Shortcode, Gutenberg Block & Elementor Widget
Plugin Slug:: post-grid-carousel-ultimate
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7
Severity Score:: High
CVE:: 2024-13408

Plugin:: Private Google Calendars
Plugin Slug:: private-google-calendars
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 20251128
Severity Score:: Medium
CVE:: 2025-12526

Plugin:: Save as PDF Plugin by PDFCrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.6
Severity Score:: High
CVE:: 2026-0862

Plugin:: Simple Popup Plugin
Plugin Slug:: simple-popup-plugin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6
Severity Score:: Medium
CVE:: 2024-8547

Plugin:: Squelch Tabs and Accordions Shortcodes
Plugin Slug:: squelch-tabs-and-accordions-shortcodes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.4.4
Severity Score:: Medium
CVE:: 2024-2499

Plugin:: Subscriptions & Memberships for PayPal
Plugin Slug:: subscriptions-memberships-for-paypal
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.8
Severity Score:: Medium
CVE:: 2025-12752

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.7.1
Severity Score:: Medium
CVE:: 2025-67973

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2025-14043

Plugin:: Tutor LMS � Migration Tool
Plugin Slug:: tutor-lms-migration-tool
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-1804

Plugin:: WC Builder � WooCommerce Page Builder for WPBakery
Plugin Slug:: wc-builder
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2025-14054

Plugin:: WishSuite � Wishlist for WooCommerce
Plugin Slug:: wishsuite
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2025-13838

Plugin:: Easy 3D Viewer
Plugin Slug:: woo-3d-viewer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.6.7
Severity Score:: Medium
CVE:: 2025-2540

Plugin:: WP Sync for Notion � Notion to WordPress
Plugin Slug:: wp-sync-for-notion
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2026-25020

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.102
Severity Score:: High
CVE:: 2024-7624

Plugin:: CBX Map for Google Map & OpenStreetMap
Plugin Slug:: cbxgooglemap
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2025-9123

Plugin:: ContentStudio
Plugin Slug:: contentstudio
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2025-13144

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8015
Severity Score:: High
CVE:: 2025-8113

Plugin:: Omnipress
Plugin Slug:: omnipress
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.6
Severity Score:: Medium
CVE:: 2025-12163

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3.7
Severity Score:: High
CVE:: 2025-3427

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3.7
Severity Score:: High
CVE:: 2025-3428

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3.7
Severity Score:: High
CVE:: 2025-3429

Plugin:: Frontis Blocks � Block Library for the Block Editor
Plugin Slug:: frontis-blocks
Installations: 800+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.1.7
Severity Score:: High
CVE:: 2026-0807

Plugin:: RapidLoad AI � Optimize Web Vitals Automatically
Plugin Slug:: unusedcss
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2024-13651

Plugin:: Confetti Fall Animation
Plugin Slug:: confetti-fall-animation
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-8919

Plugin:: Frontend Dashboard
Plugin Slug:: frontend-dashboard
Installations: 600+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.2.8
Severity Score:: High
CVE:: 2025-4473

Plugin:: Simplebooklet PDF Viewer and Embedder
Plugin Slug:: simplebooklet
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-13588

Plugin:: eMagicOne Store Manager for WooCommerce
Plugin Slug:: store-manager-connector
Installations: 600+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.0
Severity Score:: Critical
CVE:: 2025-5058

Plugin:: aDirectory � WP Business Directory Plugin and Classified Ads Listings Directory
Plugin Slug:: adirectory
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.4
Severity Score:: Medium
CVE:: 2025-67975

Plugin:: Polls CP
Plugin Slug:: cp-polls
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.77
Severity Score:: Medium
CVE:: 2024-8854

Plugin:: Dynamic AJAX Product Filters for WooCommerce
Plugin Slug:: dynamic-ajax-product-filters-for-woocommerce
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2025-6255

Plugin:: Easy Replace Image
Plugin Slug:: easy-replace-image
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.3
Severity Score:: Medium
CVE:: 2026-1298

Plugin:: EZ SQL Reports Shortcode Widget and DB Backup
Plugin Slug:: elisqlreports
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.25.25
Severity Score:: Medium
CVE:: 2025-6462

Plugin:: g-FFL Cockpit
Plugin Slug:: g-ffl-cockpit
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2025-12721

Plugin:: Simple calendar for Elementor
Plugin Slug:: simple-calendar-for-elementor
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.7
Severity Score:: Medium
CVE:: 2026-1310

Plugin:: SurveyJS: Drag & Drop Form Builder
Plugin Slug:: surveyjs
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.20.27
Severity Score:: Medium
CVE:: 2025-13140

Plugin:: VidShop � Shoppable Videos for WooCommerce
Plugin Slug:: vidshop-for-woocommerce
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.5
Severity Score:: Critical
CVE:: 2026-0702

Plugin:: CYAN Backup
Plugin Slug:: cyan-backup
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-9663

Plugin:: DeBounce Email Validator
Plugin Slug:: debounce-io-email-validator
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.8.1
Severity Score:: High
CVE:: 2024-13339

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2025-12022

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2025-12023

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2025-12085

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2025-68837

Plugin:: TableOn � WordPress Posts Table Filterable�
Plugin Slug:: posts-table-filterable
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.4.2
Severity Score:: Medium
CVE:: 2025-5143

Plugin:: Photo Contest | Competition | Video Contest
Plugin Slug:: totalcontest-lite
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.0
Severity Score:: High
CVE:: 2024-13822

Plugin:: Webcake � Landing Page Builder
Plugin Slug:: webcake
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2025-12165

Plugin:: Accept Stripe Payments Using Contact Form 7
Plugin Slug:: accept-stripe-payments-using-contact-form-7
Installations: 200+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6
Severity Score:: Medium
CVE:: 2024-12255

Plugin:: Autoship Cloud for WooCommerce Subscription Products
Plugin Slug:: autoship-cloud
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1
Severity Score:: Medium
CVE:: 2024-13461

Plugin:: Site.pro for WooCommerce
Plugin Slug:: b1-accounting
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.57
Severity Score:: High
CVE:: 2025-6717

Plugin:: NinjaTeam Header Footer Custom Code
Plugin Slug:: header-footer-code
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2024-6617

Plugin:: Link Invoice Payment for WooCommerce
Plugin Slug:: invoice-payment-for-woocommerce
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.1
Severity Score:: Medium
CVE:: 2025-14971

Plugin:: Premmerce Wishlist for WooCommerce
Plugin Slug:: premmerce-woocommerce-wishlist
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.11
Severity Score:: Medium
CVE:: 2025-13440

Plugin:: Simple User Registration
Plugin Slug:: wp-registration
Installations: 200+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.4
Severity Score:: Critical
CVE:: 2025-4334

Plugin:: Zigaform � Price Calculator & Cost Estimation Form Builder Lite
Plugin Slug:: zigaform-calculator-cost-estimation-form-builder-lite
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.8
Severity Score:: Medium
CVE:: 2024-13587

Plugin:: Run Contests, Raffles, and Giveaways with ContestsWP
Plugin Slug:: contest-code-checker
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2026-25023

Plugin:: Course Booking System
Plugin Slug:: course-booking-system
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.6
Severity Score:: Medium
CVE:: 2025-12042

Plugin:: IDonate � Blood Donation, Request And Donor Management System
Plugin Slug:: idonate
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.10
Severity Score:: Medium
CVE:: 2025-4523

Plugin:: Interactions � Create Interactive Experiences in the Block Editor
Plugin Slug:: interactions
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2025-12709

Plugin:: Feedify � Web Push Notifications
Plugin Slug:: push-notification-by-feedify
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.6
Severity Score:: High
CVE:: 2024-13874

Plugin:: Chatbot with ChatGPT WordPress
Plugin Slug:: smartsearchwp
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2024-6846

Plugin:: Uptodown APK Download Widget
Plugin Slug:: uptodown-apk-download-widget
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.1.11
Severity Score:: Medium
CVE:: 2024-12453

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3944

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3945

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3947

Plugin:: Pdf & Print to Post � Custom Post Type and Pages
Plugin Slug:: post-to-pdf
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2024-12446

Plugin:: Ganohrs Toggle Shortcode
Plugin Slug:: ganohrs-toggle-shortcode
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.2.5
Severity Score:: Medium
CVE:: 2024-12459

Plugin:: Linear
Plugin Slug:: linear
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2024-12496

Plugin:: TableMaster for Elementor � Advanced Responsive Tables for Elementor
Plugin Slug:: tablemaster-for-elementor
Installations: 80+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2025-14610

Plugin:: GeoDataSource Country Region DropDown
Plugin Slug:: geodatasource-country-region-dropdown
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2024-12474

Plugin:: Zigaform � Form Builder Lite
Plugin Slug:: zigaform-form-builder-lite
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.8
Severity Score:: Medium
CVE:: 2024-13573

Plugin:: Target Video Easy Publish
Plugin Slug:: brid-video-easy-publish
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.9
Severity Score:: Medium
CVE:: 2025-8072

Plugin:: IRM Newsroom
Plugin Slug:: irm-newsroom
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.20
Severity Score:: Medium
CVE:: 2025-4584

Plugin:: IRM Newsroom
Plugin Slug:: irm-newsroom
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.20
Severity Score:: Medium
CVE:: 2025-4586

Plugin:: Sertifier Certificate & Badge Maker for WordPress � Tutor LMS
Plugin Slug:: sertifier-certificates-open-badges
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.20
Severity Score:: Medium
CVE:: 2025-7841

Plugin:: Binary MLM Plan
Plugin Slug:: binary-mlm-plan
Installations: 50+
Vulnerability:: Privilege Escalation
Patched in Version:: 5.0
Severity Score:: Medium
CVE:: 2025-10038

Plugin:: ConvertForce Popup Builder
Plugin Slug:: convertforce-popup-builder
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.0.8
Severity Score:: Medium
CVE:: 2025-14506

Plugin:: Bread & Butter: Content Gating for Verified Leads
Plugin Slug:: bread-butter
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.0.1398
Severity Score:: Critical
CVE:: 2025-12189

Plugin:: Community Events
Plugin Slug:: community-events
Installations: 30+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.2
Severity Score:: Critical
CVE:: 2025-10586

Plugin:: Forms Bridge � Infinite integrations
Plugin Slug:: forms-bridge
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.0
Severity Score:: Medium
CVE:: 2026-1244

Plugin:: Magic Buttons for Elementor
Plugin Slug:: magic-buttons-for-elementor
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2025-6686

Plugin:: EKC Tournament Manager
Plugin Slug:: ekc-tournament-manager
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-9711

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Installations: 20+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7
Severity Score:: High
CVE:: 2025-9874

Plugin:: Buy Now Plus � Payments with Stripe
Plugin Slug:: buy-now-plus
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2026-1295

Plugin:: coreActivity: Activity Logging for WordPress
Plugin Slug:: coreactivity
Installations: 10+
Vulnerability:: Content Spoofing
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-0868

Plugin:: HAPPY � Helpdesk Support Ticket System
Plugin Slug:: happy-helpdesk-support-ticket-system
Installations: 10+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.9
Severity Score:: High
CVE:: 2025-67977

Plugin:: Simple Folio
Plugin Slug:: simple-folio
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2025-14039

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 10+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.0.3
Severity Score:: Critical
CVE:: 2025-3811

Plugin:: ARMember Premium
Plugin Slug:: armember
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.7.1
Severity Score:: Medium
CVE:: 2024-5596

Plugin:: Beaver Builder Plugin (Starter Version)
Plugin Slug:: bb-plugin
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.9.1.1
Severity Score:: High
CVE:: 2025-4102

Plugin:: BM Content Builder
Plugin Slug:: bm-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.16.3
Severity Score:: Medium
CVE:: 2025-1777

Plugin:: bodi0�s Easy Cache
Plugin Slug:: bodi0s-easy-cache
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9
Severity Score:: Medium
CVE:: 2024-12628

Plugin:: Bridge Core
Plugin Slug:: bridge-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3
Severity Score:: Medium
CVE:: 2024-9292

Plugin:: Buddyboss Platform
Plugin Slug:: buddyboss-platform
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.6.0
Severity Score:: Medium
CVE:: 2024-4886

Plugin:: Divi Builder
Plugin Slug:: divi-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.27.2
Severity Score:: Medium
CVE:: 2024-5647

Plugin:: Elementor Pro
Plugin Slug:: elementor-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.29.1
Severity Score:: Medium
CVE:: 2025-3076

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.5
Severity Score:: High
CVE:: 2024-0233

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.5.5
Severity Score:: Medium
CVE:: 2024-0235

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.5
Severity Score:: Medium
CVE:: 2024-0236

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.9
Severity Score:: Medium
CVE:: 2024-0237

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.6
Severity Score:: High
CVE:: 2024-0238

Plugin:: Favicon Generator
Plugin Slug:: favicon-generator
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.1
Severity Score:: High
CVE:: 2024-7864

Plugin:: Gyan Elements
Plugin Slug:: gyan-elements
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.2
Severity Score:: High
CVE:: 2026-23978

Plugin:: WPGYM
Plugin Slug:: gym-management
Vulnerability:: SQL Injection
Patched in Version:: 67.8.0
Severity Score:: Critical
CVE:: 2025-7442

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1841

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1842

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7
Severity Score:: Medium
CVE:: 2024-5265

Plugin:: MelaPress Login Security Premium
Plugin Slug:: melapress-login-security-premium
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2025-2876

Plugin:: Memberlite Shortcodes
Plugin Slug:: memberlite-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.1
Severity Score:: Medium
CVE:: 2025-10125

Plugin:: ModelTheme Addons for WPBakery and Elementor
Plugin Slug:: modeltheme-addons-for-wpbakery
Vulnerability:: PHP Object Injection
Patched in Version:: 1.5.6
Severity Score:: High
CVE:: 2025-68531

Plugin:: Paid Memberships Pro
Plugin Slug:: paid-memberships-pro
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.9
Severity Score:: Medium
CVE:: 2024-1279

Plugin:: Community by PeepSo
Plugin Slug:: peepso-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.6.0
Severity Score:: Medium
CVE:: 2024-7655

Plugin:: Community by PeepSo
Plugin Slug:: peepso-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.3.1.2
Severity Score:: High
CVE:: 2024-0187

Plugin:: Porto Theme – Functionality
Plugin Slug:: porto-functionality
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1.0
Severity Score:: High
CVE:: 2024-3809

Plugin:: Prague
Plugin Slug:: prague-plugins
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.9
Severity Score:: High
CVE:: 2025-67972

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-1997

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2000

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2237

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2238

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2239

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: Broken Access Control
Patched in Version:: 2.25.1
Severity Score:: Medium
CVE:: 2024-1380

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: SQL Injection
Patched in Version:: 2.29.0
Severity Score:: High
CVE:: 2025-14719

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.11
Severity Score:: Medium
CVE:: 2024-4581

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.11
Severity Score:: Medium
CVE:: 2024-4637

Plugin:: Salient Core
Plugin Slug:: salient-core
Vulnerability:: Local File Inclusion
Patched in Version:: 2.0.8
Severity Score:: High
CVE:: 2024-3812

Plugin:: Salient Shortcodes
Plugin Slug:: salient-shortcodes
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2024-3810

Plugin:: Salient Shortcodes
Plugin Slug:: salient-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-3811

Plugin:: Schedula � Smart Appointment Booking
Plugin Slug:: schedula-smart-appointment-booking
Vulnerability:: Broken Access Control
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2025-67970

Plugin:: Service Finder Booking
Plugin Slug:: sf-booking
Vulnerability:: Privilege Escalation
Patched in Version:: 6.1
Severity Score:: High
CVE:: 2025-5949

Plugin:: Service Finder Booking
Plugin Slug:: sf-booking
Vulnerability:: Privilege Escalation
Patched in Version:: 6.1
Severity Score:: High
CVE:: 2025-6574

Plugin:: Simple Locator
Plugin Slug:: simple-locator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.4
Severity Score:: Medium
CVE:: 2024-12501

Plugin:: The Grid
Plugin Slug:: the-grid
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2026-24368

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5252

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5253

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5254

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5255

Plugin:: Web to SugarCRM Lead
Plugin Slug:: web-to-sugarcrm-lead
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.1
Severity Score:: Medium
CVE:: 2025-13361

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Broken Authentication
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-6635

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Privilege Escalation
Patched in Version:: 2.7.4
Severity Score:: Critical
CVE:: 2024-6636

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Privilege Escalation
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-6637

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 30.1
Severity Score:: Medium
CVE:: 2024-3983

Plugin:: WooCommerce PDF Vouchers
Plugin Slug:: woocommerce-pdf-vouchers
Vulnerability:: Broken Authentication
Patched in Version:: 4.9.4
Severity Score:: High
CVE:: 2024-7027

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5281

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5282

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5283

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5286

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6073

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6074

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6076

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.6
Severity Score:: High
CVE:: 2024-6134

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.6
Severity Score:: High
CVE:: 2024-5075

WordPress Themes � 9 Patched / 14 Unpatched

Theme:: Oxygen
Theme Slug:: oxygen
Downloads: 403,132
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69299

Theme:: Aardvark
Theme Slug:: aardvark
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69296

Theme:: Capella
Theme Slug:: capella
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69370

Theme:: Cas
Theme Slug:: cas
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4388

Theme:: Cas
Theme Slug:: cas
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4399

Theme:: Gauge
Theme Slug:: gauge
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69298

Theme:: KindlyCare
Theme Slug:: kindlycare
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69371

Theme:: Outdoor
Theme Slug:: outdoor
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-10743

Theme:: Oyster – Photography WordPress Theme
Theme Slug:: oyster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69367

Theme:: PhotoMe
Theme Slug:: photome
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69301

Theme:: SOHO – Photography WordPress Theme
Theme Slug:: soho
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69368

Theme:: The Wound
Theme Slug:: the-wound
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2558

Theme:: WPJobster
Theme Slug:: wpjobster
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22340

Theme:: WPJobster
Theme Slug:: wpjobster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22339

Theme:: OceanWP
Theme Slug:: oceanwp
Downloads: 9,187,846
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: Medium
CVE:: 2024-5647

Theme:: Divi
Theme Slug:: divi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.27.2
Severity Score:: Medium
CVE:: 2024-5647

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-2040

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: CVE-2024-2231

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-2232

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-2235

Theme:: Jobify
Theme Slug:: jobify
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.8
Severity Score:: Medium
CVE:: 2024-13698

Theme:: Konte
Theme Slug:: konte
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-67547

Theme:: Travel Tour
Theme Slug:: traveltour
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.4
Severity Score:: High
CVE:: 2024-11846