Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark orange to black gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � February 11, 2026

[email protected]

In this report, 467 vulnerabilities have been publicly disclosed. Security patches for 386 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Currently, 81 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.9.1 was released on February 3, 2026, as a short-cycle maintenance update, addressing 49 bugs across WordPress Core and the Block Editor, including fixes affecting the editor, mail functionality, and classic themes. Sites with automatic background updates may already be updated. We recommend reviewing the details and updating as part of your regular maintenance cycle.

The next major WordPress release, version 7.0, is scheduled for April 9, 2026, during WordCamp Asia.

WordPress Plugins � 372 Patched / 76 Unpatched

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12159

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-13463

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15267

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12803

Plugin:: SportsPress � Sports Club & League Manager
Plugin Slug:: sportspress
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-15368

Plugin:: AWCA � The Great Analytics Insights for Your eStore
Plugin Slug:: advance-wc-analytics
Installations: 3,000+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68032

Plugin:: Advanced Country Blocker
Plugin Slug:: advanced-country-blocker
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1675

Plugin:: Plugin BlueX for WooCommerce
Plugin Slug:: bluex-for-woocommerce
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68022

Plugin:: Cliengo � Chatbot
Plugin Slug:: cliengo
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-69388

Plugin:: GA4WP � Analytics Dashboard for the Website
Plugin Slug:: ga-for-wp
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68028

Plugin:: Addonify � Compare Products For WooCommerce
Plugin Slug:: addonify-compare-products
Installations: 1,000+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68023

Plugin:: Addonify Floating Cart For WooCommerce
Plugin Slug:: addonify-floating-cart
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68025

Plugin:: Addonify � WooCommerce Wishlist
Plugin Slug:: addonify-wishlist
Installations: 1,000+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-68024

Plugin:: TopperPack � Complete Elementor Addons, Theme & CPT Builder
Plugin Slug:: topper-pack
Installations: 300+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68841

Plugin:: WP Duplicate � WordPress Migration Plugin
Plugin Slug:: local-sync
Installations: 200+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-1499

Plugin:: Contact Manager
Plugin Slug:: contact-manager
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68853

Plugin:: Court Reservation � Manage Your Court Bookings Online
Plugin Slug:: court-reservation
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68852

Plugin:: RVCFDI para Woocommerce
Plugin Slug:: rvcfdi-para-woocommerce
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69386

Plugin:: Simple Retail Menus
Plugin Slug:: simple-retail-menus
Installations: 90+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69387

Plugin:: iContact for Gravity Forms
Plugin Slug:: gravity-forms-icontact
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68863

Plugin:: Optimize More! � Images
Plugin Slug:: optimize-more-images
Installations: 80+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-67624

Plugin:: WPshop 2 � E-Commerce
Plugin Slug:: wpshop
Installations: 70+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69383

Plugin:: All push notification for WP
Plugin Slug:: all-push-notification
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-0816

Plugin:: Bulk Edit Post Titles
Plugin Slug:: bulk-edit-post-titles
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0369

Plugin:: Buy one click WooCommerce
Plugin Slug:: buy-one-click-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10853

Plugin:: Buy one click WooCommerce
Plugin Slug:: buy-one-click-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10854

Plugin:: Catch Popup
Plugin Slug:: catch-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11427

Plugin:: Chapa Payment Gateway Plugin for WooCommerce
Plugin Slug:: chapa-payment-gateway-for-woocommerce
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15482

Plugin:: Code Explorer
Plugin Slug:: code-explorer
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15487

Plugin:: CommentTweets
Plugin Slug:: commenttweets
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6845

Plugin:: Eleblog � Elementor Blog And Magazine Addons
Plugin Slug:: ele-blog
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69374

Plugin:: Elegant Addons for elementor
Plugin Slug:: elegant-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5092

Plugin:: Extended Random Number Generator
Plugin Slug:: extended-random-number-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0681

Plugin:: Font Farsi
Plugin Slug:: font-farsi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2657

Plugin:: Fortis for WooCommerce
Plugin Slug:: fortis-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0679

Plugin:: Image Hover Effects – Caption Hover with Carousel
Plugin Slug:: image-hover-effects-with-carousel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5001

Plugin:: Infility Global
Plugin Slug:: infility-global
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-15268

Plugin:: Login Logout Register Menu
Plugin Slug:: login-logout-register-menu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3726

Plugin:: SEO Flow by LupsOnline
Plugin Slug:: lupsonline-link-netwerk
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-15285

Plugin:: Magic Import Document Extractor
Plugin Slug:: magic-import-document-extractor
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15508

Plugin:: Magic Import Document Extractor
Plugin Slug:: magic-import-document-extractor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15507

Plugin:: Newsletter Popup
Plugin Slug:: newsletter-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3641

Plugin:: Okay Toolkit
Plugin Slug:: okay-toolkit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68851

Plugin:: OMIGO
Plugin Slug:: omigo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1573

Plugin:: Product Filter for WooCommerce
Plugin Slug:: prdctfltr
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69378

Plugin:: Redirects
Plugin Slug:: redirects
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1566

Plugin:: SIBS woocommerce payment gateway
Plugin Slug:: sibs-woocommerce
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1370

Plugin:: Simple Bible Verse via Shortcode
Plugin Slug:: simple-bible-verse-via-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1570

Plugin:: Smart PopUp Blaster
Plugin Slug:: smart-popup-blaster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12458

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3749

Plugin:: Store Locator
Plugin Slug:: store-locator
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12571

Plugin:: SVS Pricing Tables
Plugin Slug:: svs-pricing-tables
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2960

Plugin:: Portfolio Builder
Plugin Slug:: swp-portfolio
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69375

Plugin:: Tabs Maker
Plugin Slug:: tabs-maker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11865

Plugin:: Testimonials Widget
Plugin Slug:: testimonials-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4705

Plugin:: The Bucketlister
Plugin Slug:: the-bucketlister
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15476

Plugin:: The Bucketlister
Plugin Slug:: the-bucketlister
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-15477

Plugin:: Themesflat Elementor
Plugin Slug:: themesflat-elementor
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69382

Plugin:: Timeline Event History
Plugin Slug:: timeline-event-history
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69384

Plugin:: TITLE ANIMATOR
Plugin Slug:: title-animator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1082

Plugin:: WordPress form builder plugin for contact forms, surveys and quizzes � Tripetto
Plugin Slug:: tripetto
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10260

Plugin:: UserPlus
Plugin Slug:: userplus
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9520

Plugin:: Video Onclick
Plugin Slug:: video-onclick
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1608

Plugin:: WebPurify Profanity Filter
Plugin Slug:: webpurifytextreplace
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0572

Plugin:: Wikiloops Track Player
Plugin Slug:: wikiloops-track-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1611

Plugin:: Wonka Slide
Plugin Slug:: wonka-slide
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1613

Plugin:: Woo File Dropzone
Plugin Slug:: woo-file-dropzone
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68862

Plugin:: Xendit Payment
Plugin Slug:: woo-xendit-virtual-accounts
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14461

Plugin:: WooCommerce Bulk Product Editor
Plugin Slug:: woocommerce-quick-product-editor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69381

Plugin:: MyRewards
Plugin Slug:: woorewards
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-15260

Plugin:: WP Content Permission
Plugin Slug:: wp-content-permission
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-0743

Plugin:: WP-Revive Adserver
Plugin Slug:: wp-revive-adserver
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12461

Plugin:: Upload Files Anywhere
Plugin Slug:: wp-upload-files-anywhere
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69380

Plugin:: Upload Files Anywhere
Plugin Slug:: wp-upload-files-anywhere
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69379

Plugin:: User Extra Fields
Plugin Slug:: wp-user-extra-fields
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69377

Plugin:: User Extra Fields
Plugin Slug:: wp-user-extra-fields
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69376

Plugin:: Yoast SEO � Advanced SEO with real-time guidance and built-in AI
Plugin Slug:: wordpress-seo
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 26.9
Severity Score:: Medium
CVE:: 2026-1293

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.12
Severity Score:: Medium
CVE:: 2024-2650

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.16
Severity Score:: Medium
CVE:: 2024-3728

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.20
Severity Score:: Medium
CVE:: 2024-4448

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.20
Severity Score:: Medium
CVE:: 2024-4449

Plugin:: Essential Addons for Elementor � Popular Elementor Templates & Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-8742

Plugin:: Code Snippets
Plugin Slug:: code-snippets
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.9.5
Severity Score:: Medium
CVE:: 2026-1785

Plugin:: Spectra Gutenberg Blocks � Website Builder for the Block Editor
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.19.18
Severity Score:: Medium
CVE:: 2026-0950

Plugin:: Spectra Gutenberg Blocks � Website Builder for the Block Editor
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.9
Severity Score:: Medium
CVE:: 2024-1815

Plugin:: Premium Addons for Elementor � Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.29
Severity Score:: Medium
CVE:: 2024-3647

Plugin:: Premium Addons for Elementor � Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.32
Severity Score:: Medium
CVE:: 2024-4376

Plugin:: Premium Addons for Elementor � Powerful Elementor Templates & Widgets
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.32
Severity Score:: Medium
CVE:: 2024-4379

Plugin:: Fluent Forms � Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-6518

Plugin:: Fluent Forms � Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-6521

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0516

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0515

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0514

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0513

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-2798

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-2799

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-3889

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.976
Severity Score:: Medium
CVE:: 2024-4087

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-9059

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-9668

Plugin:: Easy WP SMTP � WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more
Plugin Slug:: easy-wp-smtp
Installations: 500,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.1
Severity Score:: Low
CVE:: 2024-3073

Plugin:: Kadence Blocks � Page Builder Toolkit for Gutenberg Editor
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.38
Severity Score:: Medium
CVE:: 2024-4208

Plugin:: Kadence Blocks � Page Builder Toolkit for Gutenberg Editor
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.37
Severity Score:: Medium
CVE:: 2024-4209

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.20.8
Severity Score:: Medium
CVE:: 2026-1210

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.4
Severity Score:: Medium
CVE:: 2024-1498

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2786

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2787

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2788

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-2789

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-3724

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.8
Severity Score:: Medium
CVE:: 2024-4391

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.0
Severity Score:: Medium
CVE:: 2024-5041

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.9
Severity Score:: Medium
CVE:: 2024-5088

Plugin:: Jeg Kit for Elementor � Powerful Addons for Elementor, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-0334

Plugin:: Jeg Kit for Elementor � Powerful Addons for Elementor, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-3161

Plugin:: Jeg Kit for Elementor � Powerful Addons for Elementor, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-3162

Plugin:: Post SMTP � Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App
Plugin Slug:: post-smtp
Installations: 300,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.7
Severity Score:: High
CVE:: 2023-6620

Plugin:: ShortPixel Image Optimizer � Optimize Images, Convert WebP & AVIF
Plugin Slug:: shortpixel-image-optimiser
Installations: 300,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 6.4.3
Severity Score:: Medium
CVE:: 2026-1246

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2025-14274

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.113
Severity Score:: Medium
CVE:: 2024-6170

Plugin:: SEOPress � On-site SEO & Analytics
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1134

Plugin:: Gutenberg Essential Blocks � Page Builder for Gutenberg Blocks & Patterns
Plugin Slug:: essential-blocks
Installations: 200,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.4.3
Severity Score:: High
CVE:: 2023-6623

Plugin:: Gutenberg Essential Blocks � Page Builder for Gutenberg Blocks & Patterns
Plugin Slug:: essential-blocks
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.4
Severity Score:: Medium
CVE:: 2024-2255

Plugin:: FileOrganizer � WordPress File Manager
Plugin Slug:: fileorganizer
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.8
Severity Score:: High
CVE:: 2024-5599

Plugin:: Dear Flipbook � PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer
Plugin Slug:: 3d-flipbook-dflip-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.27
Severity Score:: Medium
CVE:: 2024-0895

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.2
Severity Score:: Medium
CVE:: 2024-10310

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-1426

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-1429

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.12
Severity Score:: Medium
CVE:: 2024-5554

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.3
Severity Score:: Medium
CVE:: 2024-9867

Plugin:: Prime Slider � Addons for Elementor
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.2
Severity Score:: Medium
CVE:: 2024-3997

Plugin:: Beaver Builder Page Builder � Drag and Drop Website Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4.3
Severity Score:: Medium
CVE:: 2024-0896

Plugin:: EmbedPress � PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.11
Severity Score:: Medium
CVE:: 2024-1565

Plugin:: EmbedPress � PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.13
Severity Score:: Medium
CVE:: 2024-2688

Plugin:: EmbedPress � PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.15
Severity Score:: Medium
CVE:: 2024-3245

Plugin:: Gallery by FooGallery
Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.15
Severity Score:: Medium
CVE:: 2024-2081

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.14.2
Severity Score:: Critical
CVE:: 2024-5932

Plugin:: LatePoint � Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.6
Severity Score:: High
CVE:: 2026-0617

Plugin:: Menu Icons by ThemeIsle
Plugin Slug:: menu-icons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.13.21
Severity Score:: Medium
CVE:: 2026-1755

Plugin:: Modula Image Gallery � Photo Grid & Video Gallery
Plugin Slug:: modula-best-grid-gallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.13.5
Severity Score:: Medium
CVE:: 2026-23976

Plugin:: WebSub (FKA. PubSubHubbub)
Plugin Slug:: pubsubhubbub
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-0688

Plugin:: Relevanssi � A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.22.0
Severity Score:: Medium
CVE:: 2023-7199

Plugin:: Relevanssi � A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.22.1
Severity Score:: Medium
CVE:: 2024-1380

Plugin:: Robin Image Optimizer � Unlimited Image Optimization & WebP Converter
Plugin Slug:: robin-image-optimizer
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.3
Severity Score:: Medium
CVE:: 2026-1319

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-0445

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.4.2
Severity Score:: High
CVE:: 2024-2210

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.5
Severity Score:: Medium
CVE:: 2024-2784

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-2785

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-3197

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-3199

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.3
Severity Score:: Medium
CVE:: 2024-4484

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.3
Severity Score:: Medium
CVE:: 2024-4485

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-6575

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-5583

Plugin:: Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
Plugin Slug:: themeisle-companion
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.31
Severity Score:: Medium
CVE:: 2024-1497

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.9.6
Severity Score:: High
CVE:: 2026-1375

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.9.6
Severity Score:: Medium
CVE:: 2026-1371

Plugin:: WP All Import � Drag & Drop Import for CSV, XML, Excel & Google Sheets
Plugin Slug:: wp-all-import
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.7.3
Severity Score:: Critical
CVE:: 2023-7082

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13
Severity Score:: Medium
CVE:: 2024-1391

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13
Severity Score:: Medium
CVE:: 2024-1392

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.3
Severity Score:: Medium
CVE:: 2024-2091

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.4
Severity Score:: Medium
CVE:: 2024-2092

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.6
Severity Score:: Medium
CVE:: 2024-4570

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.6
Severity Score:: Medium
CVE:: 2024-4401

Plugin:: Addon Elements for Elementor (formerly Elementor Addon Elements)
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.7
Severity Score:: Medium
CVE:: 2024-7122

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.17.3
Severity Score:: Medium
CVE:: 2024-12588

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1348

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1357

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1396

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-1533

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.8
Severity Score:: Medium
CVE:: 2024-3341

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.17.1
Severity Score:: Medium
CVE:: 2024-9545

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.274
Severity Score:: Medium
CVE:: 2024-3337

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.277
Severity Score:: Medium
CVE:: 2024-4451

Plugin:: ShopLentor � All-in-One WooCommerce Builder Solution for Elementor & Gutenberg
Plugin Slug:: woolentor-addons
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-1057

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2024-2084

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-3308

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-3989

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.6
Severity Score:: Medium
CVE:: 2024-5173

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.7
Severity Score:: Medium
CVE:: 2024-4734

Plugin:: Advanced Contact form 7 DB
Plugin Slug:: advanced-cf7-db
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.3
Severity Score:: Medium
CVE:: 2024-3723

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.44
Severity Score:: Medium
CVE:: 2024-1164

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.44
Severity Score:: Medium
CVE:: 2024-1161

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.41
Severity Score:: Medium
CVE:: 2024-1293

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.42
Severity Score:: Medium
CVE:: 2024-1940

Plugin:: WP ULike � Like & Dislike Buttons for Engagement and Feedback
Plugin Slug:: wp-ulike
Installations: 70,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.0.0
Severity Score:: Medium
CVE:: 2026-0909

Plugin:: Email Subscribers & Newsletters � Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.18
Severity Score:: Medium
CVE:: 2024-3626

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.3
Severity Score:: Medium
CVE:: 2024-2503

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.5
Severity Score:: Medium
CVE:: 2024-3985

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 12.6
Severity Score:: Medium
CVE:: 2026-1927

Plugin:: Post and Page Builder by BoldGrid � Visual Drag and Drop Editor
Plugin Slug:: post-and-page-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.7
Severity Score:: Medium
CVE:: 2024-6848

Plugin:: Popup Box � Create Countdown, Coupon, Video, Contact Form Popups
Plugin Slug:: ays-popup-box
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.1.2
Severity Score:: Medium
CVE:: 2026-1165

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium
CVE:: 2024-3266

Plugin:: Getwid � Gutenberg Blocks
Plugin Slug:: getwid
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.11
Severity Score:: Medium
CVE:: 2024-6489

Plugin:: ?????? ????? ??????? Persian WooCommerce SMS
Plugin Slug:: persian-woocommerce-sms
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.6
Severity Score:: High
CVE:: 2024-10046

Plugin:: Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Plugin Slug:: popup-builder-block
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2025-14895

Plugin:: Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Plugin Slug:: popup-builder-block
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.1
Severity Score:: High
CVE:: 2025-13192

Plugin:: User Profile Builder � Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.15.2
Severity Score:: Critical
CVE:: 2025-15030

Plugin:: Sina Extension for Elementor
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2024-4333

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-2922

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4458

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4459

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-4212

Plugin:: Ultimate Blocks � 25+ Gutenberg Blocks for Block Editor
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-4268

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-0383

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-0381

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1458

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1461

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1464

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1465

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-1466

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.4
Severity Score:: Medium
CVE:: 2024-2926

Plugin:: Livemesh Addons by Elementor
Plugin Slug:: addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.4
Severity Score:: Medium
CVE:: 2024-3639

Plugin:: Contact Form by BestWebSoft � Advanced WP Contact Form Builder for WordPress
Plugin Slug:: contact-form-plugin
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.9
Severity Score:: High
CVE:: 2024-2200

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-6691

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.36
Severity Score:: High
CVE:: 2026-1058

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.36
Severity Score:: High
CVE:: 2026-1065

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 12.3.20
Severity Score:: High
CVE:: 2024-6497

Plugin:: Post Grid Gutenberg Blocks for News, Magazines, Blog Websites � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.3
Severity Score:: High
CVE:: 2024-5326

Plugin:: ACF Quick Edit Fields
Plugin Slug:: acf-quickedit-fields
Installations: 30,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2023-7286

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.29
Severity Score:: Medium
CVE:: 2024-4262

Plugin:: Post Grid
Plugin Slug:: post-grid
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-1988

Plugin:: Post Grid
Plugin Slug:: post-grid
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-4042

Plugin:: Hubbub Lite � Fast, free social sharing and follow buttons
Plugin Slug:: social-pug
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.32.0
Severity Score:: Medium
CVE:: 2023-7154

Plugin:: ThirstyAffiliates � Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
Plugin Slug:: thirstyaffiliates
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.11.10
Severity Score:: Medium
CVE:: 2026-25024

Plugin:: Tutor LMS Elementor Addons
Plugin Slug:: tutor-lms-elementor-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-10897

Plugin:: Tutor LMS Elementor Addons
Plugin Slug:: tutor-lms-elementor-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-5576

Plugin:: Print Invoice & Delivery Notes for WooCommerce
Plugin Slug:: woocommerce-delivery-notes
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.0
Severity Score:: Medium
CVE:: 2026-24946

Plugin:: All-in-One Video Gallery
Plugin Slug:: all-in-one-video-gallery
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.6.4
Severity Score:: Critical
CVE:: 2025-12957

Plugin:: Subscribe2 � Form, Email Subscribers & Newsletters
Plugin Slug:: subscribe2
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.45
Severity Score:: Medium
CVE:: 2026-24944

Plugin:: The Events Calendar Shortcode & Block
Plugin Slug:: the-events-calendar-shortcode
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2026-1922

Plugin:: The Events Calendar Shortcode & Block
Plugin Slug:: the-events-calendar-shortcode
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.2
Severity Score:: Medium
CVE:: 2026-24988

Plugin:: Ultimate Addons for Beaver Builder � Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2140

Plugin:: Ultimate Addons for Beaver Builder � Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2142

Plugin:: Ultimate Addons for Beaver Builder � Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2143

Plugin:: Ultimate Addons for Beaver Builder � Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2144

Plugin:: WCFM � Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
Plugin Slug:: wc-frontend-manager
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.7.25
Severity Score:: High
CVE:: 2026-0845

Plugin:: WCFM Marketplace � Multivendor Marketplace for WooCommerce
Plugin Slug:: wc-multivendor-marketplace
Installations: 20,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.7.1
Severity Score:: Medium
CVE:: 2026-1722

Plugin:: Frontend Admin by DynamiApps
Plugin Slug:: acf-frontend-form-element
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.25.1
Severity Score:: High
CVE:: 2024-11720

Plugin:: Frontend Admin by DynamiApps
Plugin Slug:: acf-frontend-form-element
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.25.1
Severity Score:: High
CVE:: 2024-11721

Plugin:: BlockSpare � News, Magazine and Blog Addons for (Gutenberg) Block Editor
Plugin Slug:: blockspare
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2024-8325

Plugin:: Content Blocks (Custom Post Widget)
Plugin Slug:: custom-post-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2024-3565

Plugin:: WP Customer Area
Plugin Slug:: customer-area
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.2.1
Severity Score:: Medium
CVE:: 2023-6741

Plugin:: Essential Widgets
Plugin Slug:: essential-widgets
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2026-0867

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.9
Severity Score:: High
CVE:: 2024-5349

Plugin:: Child Theme Creator by Orbisius
Plugin Slug:: orbisius-child-theme-creator
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-12263

Plugin:: OSM � OpenStreetMap
Plugin Slug:: osm
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-3603

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.11.2
Severity Score:: Medium
CVE:: 2024-1389

Plugin:: SupportCandy � Helpdesk & Customer Support Ticket System
Plugin Slug:: supportcandy
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.5
Severity Score:: High
CVE:: 2026-0683

Plugin:: Testimonial Carousel For Elementor
Plugin Slug:: testimonials-carousel-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.2.0
Severity Score:: Medium
CVE:: 2024-4698

Plugin:: Ultimate Maps by Supsystic
Plugin Slug:: ultimate-maps-by-supsystic
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.16
Severity Score:: Medium
CVE:: 2023-6732

Plugin:: WCFM Membership � WooCommerce Memberships for Multivendor Marketplace
Plugin Slug:: wc-multivendor-membership
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.11.9
Severity Score:: Medium
CVE:: 2025-15147

Plugin:: Eventin � Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.9
Severity Score:: High
CVE:: 2024-7149

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-9705

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-9706

Plugin:: GSheetConnector For WPForms � WPForms Google Sheets Integration (Real-Time Sync)
Plugin Slug:: gsheetconnector-wpforms
Installations: 8,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 4.0.2
Severity Score:: Critical
CVE:: 2025-67979

Plugin:: NEX-Forms � Ultimate Forms Plugin for WordPress
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.8
Severity Score:: High
CVE:: 2025-69326

Plugin:: NEX-Forms � Ultimate Forms Plugin for WordPress
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.8
Severity Score:: High
CVE:: 2025-69324

Plugin:: NEX-Forms � Ultimate Forms Plugin for WordPress
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.5.7
Severity Score:: Medium
CVE:: 2024-0907

Plugin:: NEX-Forms � Ultimate Forms Plugin for WordPress
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.5.7
Severity Score:: Medium
CVE:: 2024-1129

Plugin:: WP Job Portal � AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.5
Severity Score:: High
CVE:: 2026-24941

Plugin:: WP Job Portal � AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.3
Severity Score:: High
CVE:: 2024-11710

Plugin:: WP Job Portal � AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.3
Severity Score:: Critical
CVE:: 2024-11711

Plugin:: WP Job Portal � AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2024-11712

Plugin:: WP Job Portal � AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.3
Severity Score:: High
CVE:: 2024-11713

Plugin:: WP Job Portal � AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.3
Severity Score:: High
CVE:: 2024-11714

Plugin:: WP Job Portal � AI-Powered Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2024-11715

Plugin:: Awesome Support � WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.8
Severity Score:: Medium
CVE:: 2024-0596

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.4
Severity Score:: Medium
CVE:: 2024-1125

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.2
Severity Score:: Medium
CVE:: 2024-1127

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium
CVE:: 2024-1321

Plugin:: LottieFiles
Plugin Slug:: lottiefiles
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.0
Severity Score:: High
CVE:: 2025-68043

Plugin:: OAuth Single Sign On � SSO (OAuth Client)
Plugin Slug:: miniorange-login-with-eve-online-google-facebook
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.26.15
Severity Score:: Medium
CVE:: 2025-10753

Plugin:: Schema App Structured Data
Plugin Slug:: schema-app-structured-data-for-schemaorg
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-0893

Plugin:: Schema App Structured Data
Plugin Slug:: schema-app-structured-data-for-schemaorg
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.5
Severity Score:: High
CVE:: 2024-11279

Plugin:: YayCurrency � WooCommerce Multi-Currency Switcher
Plugin Slug:: yaycurrency
Installations: 7,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 3.3.1
Severity Score:: High
CVE:: 2025-67994

Plugin:: WPBot � AI ChatBot for Live Support, Lead Generation, AI Services
Plugin Slug:: chatbot
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.6
Severity Score:: Medium
CVE:: 2024-0453

Plugin:: WPBot � AI ChatBot for Live Support, Lead Generation, AI Services
Plugin Slug:: chatbot
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.6
Severity Score:: Medium
CVE:: 2024-0451

Plugin:: ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support
Plugin Slug:: erp
Installations: 6,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.13.1
Severity Score:: High
CVE:: 2024-0913

Plugin:: Export Media URLs
Plugin Slug:: export-media-urls
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3
Severity Score:: High
CVE:: 2025-68037

Plugin:: Mail Mint � Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Plugin Slug:: mail-mint
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.19.3
Severity Score:: High
CVE:: 2026-1447

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.9.7.3
Severity Score:: Medium
CVE:: 2026-1271

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.7.3
Severity Score:: Medium
CVE:: 2025-13416

Plugin:: Contact Form 7 Connector
Plugin Slug:: ari-cf7-connector
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: High
CVE:: 2024-0239

Plugin:: easy.jobs � AI powered Job Listing, Job Board, Career Page, Recruitment & Hiring Solution
Plugin Slug:: easyjobs
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2023-6843

Plugin:: Shortcodes for Elementor
Plugin Slug:: shortcode-elementor
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.5
Severity Score:: Medium
CVE:: 2024-10690

Plugin:: Simple File List
Plugin Slug:: simple-file-list
Installations: 5,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 6.1.16
Severity Score:: Medium
CVE:: 2026-24953

Plugin:: Ultimate Store Kit � Addon For WooCommerce, EDD and Elementor
Plugin Slug:: ultimate-store-kit
Installations: 5,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.0.0
Severity Score:: Critical
CVE:: 2024-5335

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-12059

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2026-25028

Plugin:: HelloAsso
Plugin Slug:: helloasso
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.11
Severity Score:: Medium
CVE:: 2024-7605

Plugin:: Snippet Shortcodes
Plugin Slug:: shortcode-variables
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.7
Severity Score:: Medium
CVE:: 2024-12018

Plugin:: Payment Button for PayPal
Plugin Slug:: wp-paypal
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3.42
Severity Score:: Medium
CVE:: 2025-14463

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2181

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2185

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2186

Plugin:: WPZOOM Addons for Beaver Builder
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2187

Plugin:: Classic Addons � WPBakery Page Builder
Plugin Slug:: classic-addons-wpbakery-page-builder-addons
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1
Severity Score:: High
CVE:: 2024-11952

Plugin:: Product Enquiry for WooCommerce
Plugin Slug:: gm-woocommerce-quote-popup
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1
Severity Score:: Medium
CVE:: 2023-6626

Plugin:: Salon Booking System � Free Version
Plugin Slug:: salon-booking-system
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.3
Severity Score:: High
CVE:: 2024-2102

Plugin:: Tickera � Sell Tickets & Manage Events
Plugin Slug:: tickera-event-ticketing-system
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.5.4.9
Severity Score:: Medium
CVE:: 2024-12578

Plugin:: Timeline Block � Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)
Plugin Slug:: timeline-block-block
Installations: 3,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2026-1228

Plugin:: WP-WebAuthn
Plugin Slug:: wp-webauthn
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-9023

Plugin:: WPB Addons for Elementor � News Ticker, Timeline, Team, Services, Testimonials, and Much More
Plugin Slug:: wpb-elementor-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2024-3063

Plugin:: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor � Funnelforms Free
Plugin Slug:: funnelforms-free
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4.1
Severity Score:: Medium
CVE:: 2024-5857

Plugin:: GS Pinterest Portfolio � Pins Grid, Masonry, User Profile, Popup & Board Widgets
Plugin Slug:: gs-pinterest-portfolio
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.9
Severity Score:: Medium
CVE:: 2024-11453

Plugin:: PeproDev WooCommerce Receipt Uploader
Plugin Slug:: pepro-bacs-receipt-upload-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: High
CVE:: 2024-8873

Plugin:: PDF Builder for WooCommerce. Create invoices,packing slips and more
Plugin Slug:: woo-pdf-invoice-builder
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.137
Severity Score:: High
CVE:: 2024-11276

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2024-2129

Plugin:: Visual Feedback, Review & AI Collaboration Tool For WordPress � Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.2
Severity Score:: Medium
CVE:: 2025-67993

Plugin:: Authorsy � Author Box, Multiple Authors, Guest Authors & Post Rating
Plugin Slug:: authorsy
Installations: 1,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.0.7
Severity Score:: High
CVE:: 2026-24950

Plugin:: Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Plugin Slug:: booking-and-rental-manager-for-woocommerce
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.0
Severity Score:: High
CVE:: 2025-69328

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-0385

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1650

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1652

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1653

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1907

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1909

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1910

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1912

Plugin:: Geo Controller
Plugin Slug:: cf-geoplugin
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 8.7.0
Severity Score:: Medium
CVE:: 2024-7381

Plugin:: Message Filter for Contact Form 7
Plugin Slug:: cf7-message-filter
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.3.1
Severity Score:: Medium
CVE:: 2024-12026

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.7
Severity Score:: Medium
CVE:: 2024-7030

Plugin:: Web3 Crypto Payments by DePay for WooCommerce
Plugin Slug:: depay-payments-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.18
Severity Score:: Medium
CVE:: 2024-12265

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-3680

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-7611

Plugin:: Flamix: Bitrix24 and Contact Form 7 integrations
Plugin Slug:: flamix-bitrix24-and-contact-forms-7-integrations
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-6568

Plugin:: Gestpay for WooCommerce
Plugin Slug:: gestpay-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 20240307
Severity Score:: Medium
CVE:: 2024-0433

Plugin:: Gestpay for WooCommerce
Plugin Slug:: gestpay-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 20240307
Severity Score:: Medium
CVE:: 2024-0432

Plugin:: Connector Wizard (formerly LC Wizard)
Plugin Slug:: ghl-wizard
Installations: 1,000+
Vulnerability:: Settings Change
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2025-68026

Plugin:: Keap Official Opt-in Forms
Plugin Slug:: infusionsoft-official-opt-in-forms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.12
Severity Score:: Medium
CVE:: 2023-6941

Plugin:: PDF Generator for WordPress Elementor
Plugin Slug:: pdf-generator-addon-for-elementor-page-builder
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.0.1
Severity Score:: High
CVE:: 2024-9935

Plugin:: Simple Popup Plugin
Plugin Slug:: simple-popup-plugin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6
Severity Score:: Medium
CVE:: 2024-8547

Plugin:: Squelch Tabs and Accordions Shortcodes
Plugin Slug:: squelch-tabs-and-accordions-shortcodes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.4.4
Severity Score:: Medium
CVE:: 2024-2499

Plugin:: Tutor LMS � Migration Tool
Plugin Slug:: tutor-lms-migration-tool
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-1804

Plugin:: Vayu Blocks � Website Builder for the Block Editor
Plugin Slug:: vayu-blocks
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.0
Severity Score:: Critical
CVE:: 2024-10124

Plugin:: Views for WPForms � Display & Edit WPForms Entries on your site frontend
Plugin Slug:: views-for-wpforms-lite
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2024-0374

Plugin:: Views for WPForms � Display & Edit WPForms Entries on your site frontend
Plugin Slug:: views-for-wpforms-lite
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2024-0373

Plugin:: Views for WPForms � Display & Edit WPForms Entries on your site frontend
Plugin Slug:: views-for-wpforms-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2024-0372

Plugin:: Views for WPForms � Display & Edit WPForms Entries on your site frontend
Plugin Slug:: views-for-wpforms-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2024-0371

Plugin:: WP AdCenter � Ad Manager & Adsense Ads
Plugin Slug:: wpadcenter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.8
Severity Score:: Medium
CVE:: 2024-10113

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.102
Severity Score:: High
CVE:: 2024-7624

Plugin:: Checkout Gateway for IRIS
Plugin Slug:: checkout-gateway-iris
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2025-68542

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8002
Severity Score:: High
CVE:: 2024-11287

Plugin:: ForumWP � Forum & Discussion Board
Plugin Slug:: forumwp
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: High
CVE:: 2024-11204

Plugin:: IdeaPush
Plugin Slug:: ideapush
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 8.72
Severity Score:: Medium
CVE:: 2024-11844

Plugin:: Koalendar � Easy Appointment Scheduling & Booking Plugin
Plugin Slug:: koalendar-free-booking-widget
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2024-11855

Plugin:: Confetti Fall Animation
Plugin Slug:: confetti-fall-animation
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-8919

Plugin:: Integrate Firebase
Plugin Slug:: integrate-firebase
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.10.0
Severity Score:: Medium
CVE:: 2024-11785

Plugin:: PowerBI Embed Reports
Plugin Slug:: embed-power-bi-reports
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.8
Severity Score:: Medium
CVE:: 2024-11901

Plugin:: GS Books Showcase � Display Books in Grid, Slider & More | Library for WordPress
Plugin Slug:: gs-books-showcase
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-11766

Plugin:: Sync Master Sheet � Product Sync with Google Sheet for WooCommerce
Plugin Slug:: product-sync-master-sheet
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.4
Severity Score:: High
CVE:: 2025-68834

Plugin:: WP Courses LMS � Online Courses Builder, eLearning Courses, Courses Solution, Education Courses
Plugin Slug:: wp-courses
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.22
Severity Score:: High
CVE:: 2024-12172

Plugin:: Dynamic Widget Content
Plugin Slug:: dynamic-widget-content
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2026-1268

Plugin:: Library Viewer
Plugin Slug:: library-viewer
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: High
CVE:: 2025-15396

Plugin:: SmartAgenda � Prise de rendez-vous en ligne
Plugin Slug:: smart-agenda-prise-de-rendez-vous-en-ligne
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7
Severity Score:: Medium
CVE:: 2024-11781

Plugin:: WaveSurfer-WP
Plugin Slug:: wavesurfer-wp
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.4
Severity Score:: Medium
CVE:: 2026-1909

Plugin:: JSM file_get_contents() Shortcode
Plugin Slug:: wp-file-get-contents
Installations: 400+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.7.1
Severity Score:: Medium
CVE:: 2023-6991

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.18.0
Severity Score:: Medium
CVE:: 2024-11782

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2025-14079

Plugin:: Awesome FAQ � Modern Accordion, Tabs,Responsive & Super Fast FAQ Builder.
Plugin Slug:: faq-and-answers
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2024-11882

Plugin:: GS Portfolio � A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more
Plugin Slug:: gs-portfolio
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.4
Severity Score:: Medium
CVE:: 2024-11765

Plugin:: Accept Stripe Payments Using Contact Form 7
Plugin Slug:: accept-stripe-payments-using-contact-form-7
Installations: 200+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6
Severity Score:: Medium
CVE:: 2024-12255

Plugin:: Arena.IM � Live Blogging for real-time events
Plugin Slug:: arena-liveblog-and-chat-tool
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.4.0
Severity Score:: Medium
CVE:: 2024-11384

Plugin:: Bukza
Plugin Slug:: bukza
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-11759

Plugin:: Eveeno
Plugin Slug:: eveeno
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8
Severity Score:: Medium
CVE:: 2024-11752

Plugin:: All In One Image Viewer Block � Gutenberg block to create image viewer with hyperlink
Plugin Slug:: image-viewer
Installations: 200+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.0.3
Severity Score:: High
CVE:: 2026-1294

Plugin:: OS DataHub Maps
Plugin Slug:: os-datahub-maps
Installations: 200+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.8.4
Severity Score:: Critical
CVE:: 2026-1730

Plugin:: Password for WP
Plugin Slug:: password-for-wp
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6
Severity Score:: High
CVE:: 2024-11419

Plugin:: Plezi
Plugin Slug:: plezi
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-11763

Plugin:: WP GeoNames
Plugin Slug:: wp-geonames
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-11757

Plugin:: Add infos to The Events Calendar
Plugin Slug:: add-infos-to-the-events-calendar
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-11875

Plugin:: Run Contests, Raffles, and Giveaways with ContestsWP
Plugin Slug:: contest-code-checker
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2026-25023

Plugin:: IMS Countdown
Plugin Slug:: ims-countdown
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-11755

Plugin:: Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms
Plugin Slug:: kudos-donations
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: High
CVE:: 2024-11685

Plugin:: My IDX Home Search
Plugin Slug:: my-idx-home-search
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-11889

Plugin:: Primer MyData for Woocommerce
Plugin Slug:: primer-mydata
Installations: 100+
Vulnerability:: Path Traversal
Patched in Version:: 4.2.9
Severity Score:: Medium
CVE:: 2025-69325

Plugin:: Sigmize: A/B Testing, Session Recordings, Heatmaps & Revenue Tracking for WooCommerce, SureCart & EDD
Plugin Slug:: sigmize
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.0.10
Severity Score:: Medium
CVE:: 2026-24962

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3944

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3945

Plugin:: WP To Do
Plugin Slug:: wp-todo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-3947

Plugin:: GMap Targeting � Simple Targeting Inside Google Maps
Plugin Slug:: gmap-targeting
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.8
Severity Score:: High
CVE:: 2025-67990

Plugin:: ONLYOFFICE DocSpace
Plugin Slug:: onlyoffice-docspace
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-11750

Plugin:: Pdf & Print to Post � Custom Post Type and Pages
Plugin Slug:: post-to-pdf
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2024-12446

Plugin:: Ganohrs Toggle Shortcode
Plugin Slug:: ganohrs-toggle-shortcode
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.2.5
Severity Score:: Medium
CVE:: 2024-12459

Plugin:: Events Listing Widget
Plugin Slug:: events-listing-widget
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2026-1252

Plugin:: GeoDataSource Country Region DropDown
Plugin Slug:: geodatasource-country-region-dropdown
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2024-12474

Plugin:: NPS computy
Plugin Slug:: nps-computy
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3
Severity Score:: High
CVE:: 2025-67984

Plugin:: Social Media Shortcodes
Plugin Slug:: social-media-shortcodes
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-11871

Plugin:: Employee Directory � Staff Directory and Listing
Plugin Slug:: employee-staff-directory
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2026-1279

Plugin:: Sell BTC � Cryptocurrency Selling Calculator
Plugin Slug:: sell-btc-by-hayyatapps
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: High
CVE:: 2025-14554

Plugin:: Docus � YouTube Video Playlist
Plugin Slug:: docus
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2026-1888

Plugin:: Orange Comfort+ accessibility toolbar for WordPress
Plugin Slug:: orange-confort-plus
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.7.1
Severity Score:: Medium
CVE:: 2026-1808

Plugin:: Peter�s Date Countdown
Plugin Slug:: peters-date-countdown
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: High
CVE:: 2026-1654

Plugin:: WP FOFT Loader
Plugin Slug:: wp-foft-loader
Installations: 10+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.1.40
Severity Score:: High
CVE:: 2026-1756

Plugin:: Aiomatic
Plugin Slug:: aiomatic-automatic-ai-content-writer
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-5969

Plugin:: ARMember Premium
Plugin Slug:: armember
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.7.1
Severity Score:: Medium
CVE:: 2024-5596

Plugin:: Bit Form
Plugin Slug:: bit-form
Vulnerability:: SQL Injection
Patched in Version:: 2.13.10
Severity Score:: High
CVE:: 2024-7780

Plugin:: bodi0�s Easy Cache
Plugin Slug:: bodi0s-easy-cache
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9
Severity Score:: Medium
CVE:: 2024-12628

Plugin:: Bridge Core
Plugin Slug:: bridge-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3
Severity Score:: Medium
CVE:: 2024-9292

Plugin:: EventON-RSVP
Plugin Slug:: eventon-rsvp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.5
Severity Score:: High
CVE:: 2023-7170

Plugin:: Fluent Forms Pro Add On Pack
Plugin Slug:: fluentformpro
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 6.1.13
Severity Score:: Medium
CVE:: 2026-0632

Plugin:: Integrate Google Drive
Plugin Slug:: integrate-google-drive
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.9
Severity Score:: Critical
CVE:: 2024-2086

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1841

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1842

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7
Severity Score:: Medium
CVE:: 2024-5265

Plugin:: Paid Memberships Pro
Plugin Slug:: paid-memberships-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.12.8
Severity Score:: Medium
CVE:: 2024-0624

Plugin:: Community by PeepSo
Plugin Slug:: peepso-core
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3.1.2
Severity Score:: Medium
CVE:: 2023-7125

Plugin:: Community by PeepSo
Plugin Slug:: peepso-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.6.0
Severity Score:: Medium
CVE:: 2024-7655

Plugin:: Porto Theme – Functionality
Plugin Slug:: porto-functionality
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1.0
Severity Score:: High
CVE:: 2024-3809

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-1997

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2000

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2237

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2238

Plugin:: Premium Addons PRO
Plugin Slug:: premium-addons-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.13
Severity Score:: Medium
CVE:: 2024-2239

Plugin:: Reflector
Plugin Slug:: reflector-plugins
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: High
CVE:: 2026-24948

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.25.0
Severity Score:: Medium
CVE:: 2023-7199

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: Broken Access Control
Patched in Version:: 2.25.1
Severity Score:: Medium
CVE:: 2024-1380

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.11
Severity Score:: Medium
CVE:: 2024-4581

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.11
Severity Score:: Medium
CVE:: 2024-4637

Plugin:: Salient Core
Plugin Slug:: salient-core
Vulnerability:: Local File Inclusion
Patched in Version:: 2.0.8
Severity Score:: High
CVE:: 2024-3812

Plugin:: Salient Shortcodes
Plugin Slug:: salient-shortcodes
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2024-3810

Plugin:: Salient Shortcodes
Plugin Slug:: salient-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-3811

Plugin:: School Management
Plugin Slug:: school-management
Vulnerability:: Arbitrary File Upload
Patched in Version:: 92.0.0
Severity Score:: Critical
CVE:: 2024-9660

Plugin:: Simple Locator
Plugin Slug:: simple-locator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.4
Severity Score:: Medium
CVE:: 2024-12501

Plugin:: Smart Appointment & Booking
Plugin Slug:: smart-appointment-booking
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2026-0742

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5252

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5253

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5254

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.20.1
Severity Score:: Medium
CVE:: 2024-5255

Plugin:: Whizz Plugins
Plugin Slug:: whizz-plugins
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: High
CVE:: 2026-24955

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Broken Authentication
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-6635

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Privilege Escalation
Patched in Version:: 2.7.4
Severity Score:: Critical
CVE:: 2024-6636

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Privilege Escalation
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-6637

Plugin:: WooCommerce PDF Vouchers
Plugin Slug:: woocommerce-pdf-vouchers
Vulnerability:: Broken Authentication
Patched in Version:: 4.9.4
Severity Score:: High
CVE:: 2024-7027

Plugin:: WooCommerce Support Ticket System
Plugin Slug:: woocommerce-support-ticket-system
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 17.8
Severity Score:: High
CVE:: 2024-10626

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5281

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5282

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5283

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5286

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6073

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6074

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6076

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.6
Severity Score:: High
CVE:: 2024-6134

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.6
Severity Score:: High
CVE:: 2024-5075

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.7
Severity Score:: High
CVE:: 2024-5744

Plugin:: User Extra Fields
Plugin Slug:: wp-user-extra-fields
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 16.9
Severity Score:: High
CVE:: 2025-67991

Plugin:: WPB Show Core
Plugin Slug:: wpb-show-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7
Severity Score:: High
CVE:: 2024-1958

WordPress Themes � 14 Patched / 5 Unpatched

Theme:: WordPress Dating Theme
Theme Slug:: DA10
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22343

Theme:: Cartify – WooCommerce Gutenberg WordPress Theme
Theme Slug:: cartify
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-69385

Theme:: Meris
Theme Slug:: meris
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-7194

Theme:: SevenHills
Theme Slug:: sevenhills
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-69372

Theme:: VidoRev
Theme Slug:: vidorev
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-69373

Theme:: Royal Elementor Kit
Theme Slug:: royal-elementor-kit
Downloads: 986,469
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.117
Severity Score:: Medium
CVE:: 2024-0835

Theme:: Besa
Theme Slug:: besa
Vulnerability:: Local File Inclusion
Patched in Version:: 2.3.16
Severity Score:: High
CVE:: 2025-67981

Theme:: CozyStay
Theme Slug:: cozystay
Vulnerability:: Local File Inclusion
Patched in Version:: 1.9.1
Severity Score:: High
CVE:: 2025-67988

Theme:: Golo
Theme Slug:: golo
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.5
Severity Score:: Medium
CVE:: 2026-23974

Theme:: Golo
Theme Slug:: golo
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7.5
Severity Score:: High
CVE:: 2026-23975

Theme:: Grand Conference
Theme Slug:: grandconference
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.5
Severity Score:: High
CVE:: 2026-24943

Theme:: Hara
Theme Slug:: hara
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.18
Severity Score:: High
CVE:: 2025-67980

Theme:: Nestin
Theme Slug:: nestin
Vulnerability:: PHP Object Injection
Patched in Version:: 1.2.6
Severity Score:: Critical
CVE:: 2025-67996

Theme:: PatioTime
Theme Slug:: patiotime
Vulnerability:: PHP Object Injection
Patched in Version:: 2.1
Severity Score:: Critical
CVE:: 2025-67995

Theme:: PatioTime
Theme Slug:: patiotime
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1
Severity Score:: High
CVE:: 2025-67992

Theme:: PhotoMe
Theme Slug:: photome
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.2
Severity Score:: High
CVE:: 2026-24949

Theme:: Travelicious
Theme Slug:: travelicious
Vulnerability:: PHP Object Injection
Patched in Version:: 1.6.7
Severity Score:: Critical
CVE:: 2025-67997

Theme:: Unicamp
Theme Slug:: unicamp
Vulnerability:: Local File Inclusion
Patched in Version:: 2.7.2
Severity Score:: High
CVE:: 2026-25027

Theme:: Urna
Theme Slug:: urna
Vulnerability:: Local File Inclusion
Patched in Version:: 2.5.13
Severity Score:: High
CVE:: 2025-67982