WordPress Vulnerability Report � March 26, 2025

In this report, 240 vulnerabilities have been publicly disclosed. Security patches for 51 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 189 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8 Release Candidate 1 is ready for download and testing! This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it�s recommended that you evaluate RC1 on a test server and site.

WordPress Plugins � 46 Patched / 180 Unpatched

Plugin:: teachPress
Plugin Slug:: teachpress
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1320

Plugin:: GlobalPayments WooCommerce
Plugin Slug:: global-payments-woocommerce
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22767

Plugin:: EZ SQL Reports Shortcode Widget and DB Backup
Plugin Slug:: elisqlreports
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-2319

Plugin:: WP Email Delivery
Plugin Slug:: wp-email-delivery
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Plugin:: AdSense Privacy Policy
Plugin Slug:: adsense-privacy-policy
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30578

Plugin:: Advanced Dewplayer
Plugin Slug:: advanced-dewplayer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30592

Plugin:: AHAthat
Plugin Slug:: ahathat
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2511

Plugin:: AI Preloader
Plugin Slug:: ai-preloader
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30530

Plugin:: Alert Box Block � Display notice/alerts in the front end
Plugin Slug:: alert-box-block
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13731

Plugin:: AlphaOmega Captcha & Anti-Spam Filter
Plugin Slug:: alphaomega-captcha-anti-spam
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30584

Plugin:: ANAC XML Render
Plugin Slug:: anac-xml-render
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30558

Plugin:: Arrow Maps
Plugin Slug:: ap-google-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28858

Plugin:: AppExperts � WordPress to Mobile App � WooCommerce to iOs and Android Apps
Plugin Slug:: appexperts
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30609

Plugin:: AppReview
Plugin Slug:: appreview
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23714

Plugin:: Are you robot google recaptcha for wordpress
Plugin Slug:: are-you-robot-recaptcha
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28928

Plugin:: ARPrice
Plugin Slug:: arprice
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26731

Plugin:: AuMenu
Plugin Slug:: aumenu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23728

Plugin:: Auto Load Next Post
Plugin Slug:: auto-load-next-post
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30529

Plugin:: AvaiBook
Plugin Slug:: avaibook
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30540

Plugin:: Awesome Logos
Plugin Slug:: awesome-logos
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30528

Plugin:: banner-manager
Plugin Slug:: banner-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30565

Plugin:: Beautiful Link Preview
Plugin Slug:: beautiful-link-preview
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30536

Plugin:: Block Logic
Plugin Slug:: block-logic
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-2303

Plugin:: Blue Captcha
Plugin Slug:: blue-captcha
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28880

Plugin:: BMo Expo
Plugin Slug:: bmo-expo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30539

Plugin:: Browser Address Bar Color
Plugin Slug:: browser-address-bar-color
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30577

Plugin:: Cackle
Plugin Slug:: cackle
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30546

Plugin:: CallPhone’r
Plugin Slug:: callphoner
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30550

Plugin:: CAS Maestro
Plugin Slug:: cas-maestro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30561

Plugin:: Cazamba
Plugin Slug:: cazamba
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25100

Plugin:: Contact Form 7 Material Design
Plugin Slug:: cf7-material-design
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30522

Plugin:: UTM tags tracking for Contact Form 7
Plugin Slug:: cf7-utm-tracking
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26544

Plugin:: cits-support-svg-webp-media-upload
Plugin Slug:: cits-support-svg-webp-media-upload
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13768

Plugin:: Clink
Plugin Slug:: clink
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30566

Plugin:: Code Clone
Plugin Slug:: code-clone
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2478

Plugin:: CG Button
Plugin Slug:: content-glass-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23632

Plugin:: Cookies Pro
Plugin Slug:: cookies-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26546

Plugin:: CopyLink
Plugin Slug:: copy-link
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30603

Plugin:: Menu Duplicator
Plugin Slug:: copy-menu
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30543

Plugin:: CryoKey
Plugin Slug:: cryokey
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2477

Plugin:: CSV to Responsive Tables
Plugin Slug:: csv-to-webpage-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56012

Plugin:: cTabs
Plugin Slug:: ctabs
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30586

Plugin:: custom-field-list-widget
Plugin Slug:: custom-field-list-widget
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23952

Plugin:: Custom Product Stickers for Woocommerce
Plugin Slug:: custom-product-stickers-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28889

Plugin:: Custom Script Integration
Plugin Slug:: custom-script-integration
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30564

Plugin:: Custom Smilies
Plugin Slug:: custom-smilies-se
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28917

Plugin:: Management-screen-droptiles
Plugin Slug:: cxc-sawa
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23666

Plugin:: WP Database Audit
Plugin Slug:: database-audit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23633

Plugin:: Driving Directions
Plugin Slug:: ddirections
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28903

Plugin:: DesignThemes Core Features
Plugin Slug:: designthemes-core-features
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0845

Plugin:: Display Post Meta
Plugin Slug:: display-post-meta
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26575

Plugin:: Docpro
Plugin Slug:: docpro
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-28916

Plugin:: ????? ???? ??????? ????
Plugin Slug:: dokme
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30570

Plugin:: Easy Custom Admin Bar
Plugin Slug:: easy-custom-admin-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2479

Plugin:: Easy Page Transition
Plugin Slug:: easy-page-transition
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30606

Plugin:: En Masse
Plugin Slug:: en-masse-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23707

Plugin:: External image replace
Plugin Slug:: external-image-replace
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30535

Plugin:: Secret Meta
Plugin Slug:: facebook-secret-meta
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25086

Plugin:: Fancybox Plus
Plugin Slug:: fancybox-plus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28935

Plugin:: File Away
Plugin Slug:: file-away
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2539

Plugin:: File Away
Plugin Slug:: file-away
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-2512

Plugin:: Fiverr.com Official Search Box
Plugin Slug:: fiverr-official-search-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28885

Plugin:: Fix Rss Feeds
Plugin Slug:: fix-rss-feed
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30556

Plugin:: Flickr set slideshows
Plugin Slug:: flickr-set-slideshows
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30590

Plugin:: Flipdish Ordering System
Plugin Slug:: flipdish-ordering-system
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30601

Plugin:: FOMO Pay Chinese Payment Solution
Plugin Slug:: fomo-payment-gateway-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23543

Plugin:: Frndzk Expandable Bottom Bar
Plugin Slug:: frndzk-expandable-bottom-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2510

Plugin:: custom-post-edit
Plugin Slug:: front-end-post-edit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23667

Plugin:: Frontend Post Submission
Plugin Slug:: frontend-post-submission
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23638

Plugin:: GDPR Tools
Plugin Slug:: gdpr-tools
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26537

Plugin:: Generate Post Thumbnails
Plugin Slug:: generate-post-thumbnails
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30585

Plugin:: GetShop ecommerce
Plugin Slug:: getshop-ecommerce
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54362

Plugin:: Gravity 2 PDF
Plugin Slug:: gf2pdf
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28911

Plugin:: GMO Font Agent
Plugin Slug:: gmo-font-agent
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30553

Plugin:: Google Plus
Plugin Slug:: google-plus-google
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23964

Plugin:: Gotcha
Plugin Slug:: gotcha-gesture-based-captcha
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2482

Plugin:: GP Back To Top
Plugin Slug:: gp-back-to-top
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30521

Plugin:: Hacklog Remote Image Autosave
Plugin Slug:: hacklog-remote-image-autosave
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30576

Plugin:: IG Shortcodes
Plugin Slug:: ig-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30597

Plugin:: Image Captcha
Plugin Slug:: image-captcha
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30534

Plugin:: Image Slider / Slideshow Pearlbells
Plugin Slug:: image-slider-pearlbells
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56012

Plugin:: Improve My City
Plugin Slug:: improve-my-city
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22501

Plugin:: include-file
Plugin Slug:: include-file
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30595

Plugin:: Include URL
Plugin Slug:: include-url
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30593

Plugin:: Info Boxes Shortcode and Widget
Plugin Slug:: info-boxes-shortcode-and-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30541

Plugin:: Infugrator
Plugin Slug:: infugrator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23735

Plugin:: Instant Appointment
Plugin Slug:: instant-appointment
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical

Plugin:: issuuPress
Plugin Slug:: issuupress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30545

Plugin:: JiangQie Official Website Mini Program
Plugin Slug:: jiangqie-official-website-mini-program
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30604

Plugin:: jQuery Dropdown Menu
Plugin Slug:: jquery-drop-down-menu-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30560

Plugin:: Key4ce osTicket Bridge
Plugin Slug:: key4ce-osticket-bridge
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28877

Plugin:: LH OGP Meta
Plugin Slug:: lh-ogp-meta-tags
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30587

Plugin:: Lightview Plus
Plugin Slug:: lightview-plus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28890

Plugin:: LinkedIn Lite
Plugin Slug:: linkedin-lite
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23937

Plugin:: LIVE TV
Plugin Slug:: live-tv
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23608

Plugin:: Login Redirect
Plugin Slug:: login-redirect
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30575

Plugin:: Map Contact
Plugin Slug:: map-contact
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30588

Plugin:: Message ticker
Plugin Slug:: message-ticker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30533

Plugin:: Mobile Navigation
Plugin Slug:: mobile-navigation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30574

Plugin:: Multi Video Box
Plugin Slug:: multi-video-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2484

Plugin:: Music Press Pro
Plugin Slug:: music-press-pro
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30591

Plugin:: My Bootstrap Menu
Plugin Slug:: my-bootstrap-menu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30527

Plugin:: My Default Post Content
Plugin Slug:: my-default-post-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30573

Plugin:: Narnoo Operator
Plugin Slug:: narnoo-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23680

Plugin:: NextGEN Gallery Voting
Plugin Slug:: nextgen-gallery-voting
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28869

Plugin:: NS Simple Intro Loader
Plugin Slug:: ns-simple-intro-loader
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23459

Plugin:: Easy 301 Redirects
Plugin Slug:: odihost-easy-redirect-301
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30557

Plugin:: Off Page SEO
Plugin Slug:: off-page-seo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23554

Plugin:: Omnify
Plugin Slug:: omnify-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28882

Plugin:: OSS Upload
Plugin Slug:: oss-upload
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30598

Plugin:: Pixobe Cartography
Plugin Slug:: pixobe-cartography
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23612

Plugin:: Pretty file links
Plugin Slug:: pretty-file-links
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30551

Plugin:: Product Puller
Plugin Slug:: product-puller
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23550

Plugin:: Pro Rank Tracker
Plugin Slug:: proranktracker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30583

Plugin:: Random Quotes
Plugin Slug:: random-quotes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27267

Plugin:: RDP inGroups+
Plugin Slug:: rdp-ingroups
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23546

Plugin:: RDP Linkedin Login
Plugin Slug:: rdp-linkedin-login
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23542

Plugin:: Related Posts via Categories
Plugin Slug:: related-posts-via-categories
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30602

Plugin:: Replace Default Words
Plugin Slug:: replace-default-words
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30612

Plugin:: Rewrite
Plugin Slug:: rewrite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30617

Plugin:: Rizzi Guestbook
Plugin Slug:: rizzi-guestbook
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26573

Plugin:: RWS Enquiry And Lead Follow-up
Plugin Slug:: rws-enquiry
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23460

Plugin:: s2Member Pro
Plugin Slug:: s2member-pro
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12563

Plugin:: Schedule
Plugin Slug:: schedule
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-22523

Plugin:: Shuffle
Plugin Slug:: shuffle
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28873

Plugin:: Simple Optimizer
Plugin Slug:: simple-optimizer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30538

Plugin:: Simple Post Series
Plugin Slug:: simple-post-series
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28934

Plugin:: Simple Rating
Plugin Slug:: simple-rating
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30572

Plugin:: Site Editor Google Map
Plugin Slug:: site-editor-google-map
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23466

Plugin:: Sleekplan
Plugin Slug:: sleekplan
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23469

Plugin:: SoundCloud Ultimate
Plugin Slug:: soundcloud-ultimate
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30542

Plugin:: sourceplay-navermap
Plugin Slug:: sourceplay-navermap
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30605

Plugin:: SpatialMatch IDX
Plugin Slug:: spatialmatch-free-lifestyle-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28921

Plugin:: SpeakPipe
Plugin Slug:: speakpipe-voicemail-for-websites
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30619

Plugin:: STEdb Forms
Plugin Slug:: stedb-forms
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30571

Plugin:: Stencies
Plugin Slug:: stencies
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22356

Plugin:: Super Simple Subscriptions
Plugin Slug:: super-simple-subscriptions
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30523

Plugin:: SUPER RESPONSIVE SLIDER
Plugin Slug:: super-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22575

Plugin:: Super Static Cache
Plugin Slug:: super-static-cache
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30568

Plugin:: Teleport
Plugin Slug:: teleport
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28855

Plugin:: Translator
Plugin Slug:: translator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30621

Plugin:: Trust Payments Gateway for WooCommerce
Plugin Slug:: trust-payments-hosted-payment-pages-integration
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-28942

Plugin:: Typekit plugin for WordPress
Plugin Slug:: typekit
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30526

Plugin:: Top Bar
Plugin Slug:: ultimate-bar
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30581

Plugin:: ULTIMATE VIDEO GALLERY
Plugin Slug:: ultimate-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22566

Plugin:: Upload Quota per User
Plugin Slug:: upload-quota-per-user
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30537

Plugin:: Visual Text Editor
Plugin Slug:: visual-text-editor
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-28893

Plugin:: wA11y � The Web Accessibility Toolbox
Plugin Slug:: wa11y
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30623

Plugin:: J�-J� Pagamentos for WooCommerce
Plugin Slug:: wc-ja-ja-pagamentos-multicaixa-express
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-51624

Plugin:: WooCommerce Multivendor Marketplace � REST API
Plugin Slug:: wcfm-marketplace-rest-api
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1311

Plugin:: Weather Layer
Plugin Slug:: weather-layer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30532

Plugin:: Bitcoin / AltCoin Payment Gateway for WooCommerce
Plugin Slug:: woo-altcoin-payment-gateway
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26541

Plugin:: WordPress Admin Bar Improved
Plugin Slug:: wordpress-admin-bar-improved
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30552

Plugin:: Secure Invites
Plugin Slug:: wordpress-mu-secure-invites
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26559

Plugin:: WordPress SQL Backup
Plugin Slug:: wordpress-sql-backup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30608

Plugin:: Theme Demo Bar
Plugin Slug:: wordpress-theme-demo-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25134

Plugin:: Ads24 Lite
Plugin Slug:: wp-ad-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23458

Plugin:: WP Azure offload
Plugin Slug:: wp-azure-offload
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22360

Plugin:: WP Colorful Tag Cloud
Plugin Slug:: wp-colorful-tag-cloud
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28865

Plugin:: WP Contact Form III
Plugin Slug:: wp-contact-form-iii
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26560

Plugin:: WP e-Commerce Style Email
Plugin Slug:: wp-e-commerce-style-email
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30615

Plugin:: WP Featured Entries
Plugin Slug:: wp-featured-entries
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30569

Plugin:: FoodBakery
Plugin Slug:: wp-foodbakery
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13933

Plugin:: WP Google Calendar Manager
Plugin Slug:: wp-gcalendar
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28939

Plugin:: WP Hotjar
Plugin Slug:: wp-hotjar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30600

Plugin:: WP Multistore Locator
Plugin Slug:: wp-multi-store-locator
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-28898

Plugin:: WP Odoo Form Integrator
Plugin Slug:: wp-odoo-form-integrator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30620

Plugin:: WP Parallax Content Slider
Plugin Slug:: wp-parallax-content-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30599

Plugin:: WP Profitshare
Plugin Slug:: wp-profitshare
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30525

Plugin:: WP Ride Booking
Plugin Slug:: wp-ride-booking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30531

Plugin:: WP Social Widget
Plugin Slug:: wp-social-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30610

Plugin:: WordPres ????
Plugin Slug:: wp2wb
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30555

Plugin:: WP Event Ticketing
Plugin Slug:: wpeventticketing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28899

Plugin:: Your Lightbox
Plugin Slug:: your-lightbox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23704

Plugin:: Yummly Rich Recipes
Plugin Slug:: yummly-rich-recipes
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30549

Plugin:: Zalo Live Chat
Plugin Slug:: zalo-live-chat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26542

Plugin:: ZD Scribd iPaper
Plugin Slug:: zd-scribd-ipaper
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23757

Plugin:: ZenphotoPress
Plugin Slug:: zenphotopress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28924

Plugin:: ZhinaTwitterWidget
Plugin Slug:: zhina-twitter-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23719

Plugin:: Zielke Design Project Gallery
Plugin Slug:: zielke-design-project-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23705

Plugin:: Slider, Gallery, and Carousel by MetaSlider � Image Slider, Video Slider
Plugin Slug:: ml-slider
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.95.0
Severity Score:: Medium
CVE:: 2025-1062

Plugin:: Fluent Forms � Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 500,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 6.0.0
Severity Score:: Medium
CVE:: 2024-13666

Plugin:: GDPR Cookie Compliance � Cookie Banner, Cookie Consent, Cookie Notice � CCPA, DSGVO, RGPD
Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.9
Severity Score:: Medium
CVE:: 2025-1623

Plugin:: WP Ghost (Hide My WP Ghost) � Security & Firewall
Plugin Slug:: hide-my-wp
Installations: 200,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.4.02
Severity Score:: Critical
CVE:: 2025-26909

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.33
Severity Score:: Medium
CVE:: 2024-13124

Plugin:: Custom Twitter Feeds � A Tweets Widget or X Feed Widget
Plugin Slug:: custom-twitter-feeds
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2025-1314

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.22.2
Severity Score:: Medium
CVE:: 2025-2331

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.22.1
Severity Score:: Medium
CVE:: 2025-2025

Plugin:: Pods � Custom Content Types and Fields
Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.8.2
Severity Score:: High
CVE:: 2025-1446

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.4
Severity Score:: Medium
CVE:: 2025-1802

Plugin:: Nested Pages
Plugin Slug:: wp-nested-pages
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.13
Severity Score:: Medium
CVE:: 2025-0718

Plugin:: Site Reviews
Plugin Slug:: site-reviews
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.5
Severity Score:: High
CVE:: 2025-1232

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 60,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.6.3
Severity Score:: Low
CVE:: 2025-1973

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 60,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.3
Severity Score:: High
CVE:: 2025-1971

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 60,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.6.3
Severity Score:: Low
CVE:: 2025-1972

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 60,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2025-1970

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.3.7
Severity Score:: Medium
CVE:: 2025-2252

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.30
Severity Score:: Medium
CVE:: 2024-10558

Plugin:: Order Export & Order Import for WooCommerce
Plugin Slug:: order-import-export-for-woocommerce
Installations: 50,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.6.1
Severity Score:: Medium
CVE:: 2024-13920

Plugin:: Order Export & Order Import for WooCommerce
Plugin Slug:: order-import-export-for-woocommerce
Installations: 50,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2024-13921

Plugin:: Order Export & Order Import for WooCommerce
Plugin Slug:: order-import-export-for-woocommerce
Installations: 50,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.6.1
Severity Score:: Low
CVE:: 2024-13922

Plugin:: Order Export & Order Import for WooCommerce
Plugin Slug:: order-import-export-for-woocommerce
Installations: 50,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.6.1
Severity Score:: Medium
CVE:: 2024-13923

Plugin:: Age Gate
Plugin Slug:: age-gate
Installations: 40,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.5.4
Severity Score:: Critical
CVE:: 2025-2505

Plugin:: Logo Slider � Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Plugin Slug:: gs-logo-slider
Installations: 30,000+
Vulnerability:: Content Injection
Patched in Version:: 3.7.4
Severity Score:: High
CVE:: 2025-2262

Plugin:: FunnelKit Automations � Email Marketing Automation and CRM for WordPress & WooCommerce
Plugin Slug:: wp-marketing-automations
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.5.2
Severity Score:: Critical
CVE:: 2025-2186

Plugin:: Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
Plugin Slug:: directorist
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.3
Severity Score:: Medium
CVE:: 2025-2224

Plugin:: LifterLMS � WP LMS for eLearning, Online Courses, & Quizzes
Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.0.2
Severity Score:: Medium
CVE:: 2025-2290

Plugin:: Event Manager, Events Calendar, Tickets, Registrations � Eventin
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.25
Severity Score:: Medium
CVE:: 2025-1766

Plugin:: Event Manager, Events Calendar, Tickets, Registrations � Eventin
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.25
Severity Score:: High
CVE:: 2025-1770

Plugin:: NP Quote Request for WooCommerce
Plugin Slug:: woo-rfq-for-woocommerce
Installations: 9,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.9.180
Severity Score:: High
CVE:: 2024-13558

Plugin:: WP Compress � Instant Performance & Speed Optimization
Plugin Slug:: wp-compress-image-optimizer
Installations: 8,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 6.30.16
Severity Score:: Medium
CVE:: 2025-2109

Plugin:: Poll Maker � Versus Polls, Anonymous Polls, Image Polls
Plugin Slug:: poll-maker
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.4
Severity Score:: Medium
CVE:: 2024-13602

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.9.4.8
Severity Score:: High
CVE:: 2025-0723

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.9.8
Severity Score:: High
CVE:: 2024-13739

Plugin:: WordPress form builder plugin for contact forms, surveys and quizzes � Tripetto
Plugin Slug:: tripetto
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.0.10
Severity Score:: Medium
CVE:: 2025-1530