WordPress Vulnerability Report � April 30, 2025

In this report, 241 vulnerabilities have been publicly disclosed. Security patches for 91 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 150 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

SolidWP Patches Multiple Plugin Vulnerabilities

On April 29, SolidWP released important security updates across several plugins, including Solid Mail, Solid Performance, Solid Security, and Solid Backups Legacy. These address an unauthenticated XSS (CVE-2025-1123), a serialized injection risk, and a telemetry privilege issue. Users are strongly urged to update immediately.

Read the full advisory and update instructions.

WordPress Core

WordPress 6.8 “Cecil” is here! Launched April 15, 2025, it honors jazz legend Cecil Taylor, whose pioneering piano fused chaos and harmony. Explore its bold features with the same experimental spirit.

Plus, WordCamp Europe 2025 lands in Basel, Switzerland, June 5-7! Connect with WordPress enthusiasts, developers, and pros for three days of learning, networking, and collaboration with the global community.

WordPress Plugins � 85 Patched / 137 Unpatched

Plugin:: Advanced Accordion Gutenberg Block
Plugin Slug:: advanced-accordion-block
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2543

Plugin:: Lottie Player- Great Lottie Player Solution
Plugin Slug:: embed-lottie-player
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2579

Plugin:: ACF: Google Font Selector
Plugin Slug:: acf-google-font-selector-field
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39382

Plugin:: Anything Popup
Plugin Slug:: anything-popup
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39397

Plugin:: The Pack Elementor addon
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46472

Plugin:: WPMasterToolKit (WPMTK) � All in one plugin
Plugin Slug:: wpmastertoolkit
Installations: 2,000+
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3300

Plugin:: Spreadsheet Price Changer for WooCommerce and WP E-commerce � Light
Plugin Slug:: excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
Installations: 700+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39378

Plugin:: Capturly
Plugin Slug:: capturly-optimize-your-website
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39379

Plugin:: Checkout Field Visibility for WooCommerce
Plugin Slug:: checkout-field-visibility-for-woocommerce
Installations: 80+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39391

Plugin:: Product Lister for eBay
Plugin Slug:: product-lister-ebay
Installations: 70+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39384

Plugin:: FuseDesk
Plugin Slug:: fusedesk
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3832

Plugin:: Appsero Helper
Plugin Slug:: appsero-helper
Installations: 50+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39377

Plugin:: 1 Decembrie 1918
Plugin Slug:: 1-decembrie-1918
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3870

Plugin:: 360 View
Plugin Slug:: 360-view
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46509

Plugin:: Form Builder
Plugin Slug:: abcsubmit
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2801

Plugin:: Absolute Links
Plugin Slug:: absolute-links
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-43833

Plugin:: Add custom page template
Plugin Slug:: add-custom-page-template
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3491

Plugin:: Add Google +1 (Plus one) social share Button
Plugin Slug:: add-google-plus-one-social-share-button
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3866

Plugin:: Custom Admin-Bar Favorites
Plugin Slug:: admin-bookmarks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3868

Plugin:: Advanced lazy load
Plugin Slug:: advanced-lazy-load
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46508

Plugin:: All in One Time Clock Lite
Plugin Slug:: aio-time-clock-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46513

Plugin:: Ajax Comment Form CST
Plugin Slug:: ajax-comment-form-cst
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3867

Plugin:: Configurator Theme Core
Plugin Slug:: amz-configurator-core
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3101

Plugin:: Animate
Plugin Slug:: animate
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46443

Plugin:: Author Box After Posts
Plugin Slug:: author-box-after-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46263

Plugin:: Author Box Plugin With Different Description
Plugin Slug:: author-box-with-different-description
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39371

Plugin:: Availability Calendar
Plugin Slug:: availability
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46528

Plugin:: Awesome Wp Image Gallery
Plugin Slug:: awesome-wp-post-459209 wp-image-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46476

Plugin:: BBCode Deluxe
Plugin Slug:: bbcode-deluxe
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46479

Plugin:: Best Posts Summary
Plugin Slug:: best-posts-summary
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39374

Plugin:: Blog Manager WP
Plugin Slug:: blog-manager-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46517

Plugin:: Buddypress Force Password Change
Plugin Slug:: buddy-press-force-password-change
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3793

Plugin:: Business Contact Widget
Plugin Slug:: business-contact-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46529

Plugin:: Call Now PHT Blog
Plugin Slug:: call-now-coccoc-pht-blog
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46492

Plugin:: Car Park Booking System for WordPress
Plugin Slug:: car-park-booking-system-for-wordpress
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39376

Plugin:: Carousel-of-post-images
Plugin Slug:: carousel-of-post-images
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46536

Plugin:: Contact Form 7 Calendar
Plugin Slug:: cf7-calendar
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46510

Plugin:: CheckBot
Plugin Slug:: checkbot
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-43840

Plugin:: Confirm User Registration
Plugin Slug:: confirm-user-registration
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46459

Plugin:: COVID-19 (Coronavirus) Update Your Customers
Plugin Slug:: covid-19-alert
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46523

Plugin:: Custom Functions Plugin
Plugin Slug:: custom-functions
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46512

Plugin:: WP Custom Post Popup
Plugin Slug:: custom-post-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46471

Plugin:: LSD Custom taxonomy and category meta
Plugin Slug:: custom-taxonomy-category-and-term-fields
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46502

Plugin:: Document Management System
Plugin Slug:: dms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46448

Plugin:: Drop Caps
Plugin Slug:: drop-caps
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46495

Plugin:: Dropdown Content
Plugin Slug:: dropdown-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46478

Plugin:: Easy Child Theme Creator
Plugin Slug:: easy-child-theme-creator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39375

Plugin:: Enhanced Paypal Shortcodes
Plugin Slug:: enhanced-paypal-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46543

Plugin:: External Markdown
Plugin Slug:: external-markdown
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46445

Plugin:: FAT Services Booking
Plugin Slug:: fat-services-booking
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39355

Plugin:: Flickr Shortcode Importer
Plugin Slug:: flickr-shortcode-importer
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46481

Plugin:: Floating Social Bar
Plugin Slug:: floating-social-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46451

Plugin:: Flynax Bridge
Plugin Slug:: flynax-bridge
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-3603

Plugin:: Flynax Bridge
Plugin Slug:: flynax-bridge
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-3604

Plugin:: Foodbakery Sticky Cart
Plugin Slug:: foodbakery-sticky-cart
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-39356

Plugin:: Front End Users
Plugin Slug:: front-end-only-users
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13569

Plugin:: Frontend Login and Registration Blocks
Plugin Slug:: frontend-login-and-registration-blocks
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3607

Plugin:: GNA Search Shortcode
Plugin Slug:: gna-search-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46540

Plugin:: Peadig�s Google +1 Button
Plugin Slug:: google-1
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46483

Plugin:: Google News
Plugin Slug:: google-news
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46452

Plugin:: Grand Conference
Plugin Slug:: grandconference
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-39354

Plugin:: Tabs
Plugin Slug:: gt-tabs
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46522

Plugin:: GTDB Guitar Tuners
Plugin Slug:: guitar-tuner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46438

Plugin:: Hacklog Remote Attachment
Plugin Slug:: hacklog-remote-attachment
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46530

Plugin:: Smart Hashtags [#hashtagger]
Plugin Slug:: hashtagger
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46470

Plugin:: Hospital Management System
Plugin Slug:: hospital-management
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-39380

Plugin:: Hospital Management System
Plugin Slug:: hospital-management
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-39386

Plugin:: Hospital Management System
Plugin Slug:: hospital-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39393

Plugin:: Hospital Management System
Plugin Slug:: hospital-management
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39357

Plugin:: iCafe Library
Plugin Slug:: icafe-library
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39370

Plugin:: Image Style Hover
Plugin Slug:: image-content-show-hover
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46534

Plugin:: Image Hover Effects For WPBakery Page Builder
Plugin Slug:: image-hover-effects-for-visual-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46484

Plugin:: Inline Text Popup
Plugin Slug:: inline-text-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46538

Plugin:: Integra��o entre Eduzz e Woocommerce
Plugin Slug:: integracao-entre-eduzz-e-wc-powers
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3906

Plugin:: Landing pages and Domain aliases for WordPress
Plugin Slug:: landing-pages-and-domain-aliases
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46533

Plugin:: Libro de Reclamaciones
Plugin Slug:: libro-de-reclamaciones
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46446

Plugin:: License For Envato
Plugin Slug:: license-envato
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39399

Plugin:: Mad Mimi for WordPress
Plugin Slug:: mad-mimi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46262

Plugin:: Milat jQuery Automatic Popup
Plugin Slug:: milat-jquery-automatic-popup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46514

Plugin:: Mini twitter feed
Plugin Slug:: mini-twitter-feed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46496

Plugin:: Mixcloud Embed
Plugin Slug:: mixcloud-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46501

Plugin:: Modern Polls
Plugin Slug:: modern-polls
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46466

Plugin:: Custom Login and Registration
Plugin Slug:: ms-registration
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46535

Plugin:: Multi-Column Taxonomy List
Plugin Slug:: multi-column-taxonomy-list
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46491

Plugin:: My Custom Widgets
Plugin Slug:: mycustomwidget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46526

Plugin:: Navegg Analytics
Plugin Slug:: navegg
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46497

Plugin:: Nepali Post Date
Plugin Slug:: nepali-post-date
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46480

Plugin:: occupancyplan
Plugin Slug:: occupancyplan
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46450

Plugin:: PayPal Express Checkout
Plugin Slug:: paypal-express-checkout
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46499

Plugin:: Peekaboo
Plugin Slug:: peekaboo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46505

Plugin:: Plugin Central
Plugin Slug:: plugin-central
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46439

Plugin:: Posts for Page
Plugin Slug:: posts-for-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39369

Plugin:: Print Science Designer
Plugin Slug:: print-science-designer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46465

Plugin:: RAphicon
Plugin Slug:: raphicon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46467

Plugin:: Related Posts via Taxonomies
Plugin Slug:: related-posts-via-taxonomies
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46520

Plugin:: Loan Calculator
Plugin Slug:: repayment-calculator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46442

Plugin:: Revy
Plugin Slug:: revy
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32924

Plugin:: SUMO Reward Points
Plugin Slug:: rewardsystem
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32925

Plugin:: RRSSB
Plugin Slug:: rrssb
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46461

Plugin:: SCSS-Library
Plugin Slug:: scss-library
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46436

Plugin:: Send From
Plugin Slug:: send-from
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46469

Plugin:: SEUR Oficial
Plugin Slug:: seur
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46474

Plugin:: Simple Google Photos Grid
Plugin Slug:: simple-google-photos-grid
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46503

Plugin:: Social Counter
Plugin Slug:: social-counter
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46473

Plugin:: Tayori Form
Plugin Slug:: tayori
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46437

Plugin:: Time Based Greeting
Plugin Slug:: time-based-greeting
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46435

Plugin:: Twitter Card Generator
Plugin Slug:: twitter-card-generator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46516

Plugin:: Unsafe Mimetypes
Plugin Slug:: unsafe-mimetypes
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46507

Plugin:: Vasaio QR Code
Plugin Slug:: vasaio-qr-code
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46504

Plugin:: WP Vegas
Plugin Slug:: vegas-fullscreen-background-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-43841

Plugin:: Verification SMS with TargetSMS
Plugin Slug:: verification-sms-targetsms
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-3776

Plugin:: Bulk Assign Linked Products For WooCommerce
Plugin Slug:: wc-bulk-assign-linked-products
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46489

Plugin:: WP AVCL Automation Helper (formerly WPFlyLeads)
Plugin Slug:: woozap
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46531

Plugin:: Plugin Upgrade Time Out
Plugin Slug:: wordpressplugin-upgrade-time-out-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8243

Plugin:: WoWHead Tooltips
Plugin Slug:: wowhead-tooltips
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46449

Plugin:: WP Cookie Consent
Plugin Slug:: wp-cookie-consent
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46525

Plugin:: Wp Custom CMS Block
Plugin Slug:: wp-custom-cms-block
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46457

Plugin:: WP Customize Login Page
Plugin Slug:: wp-customize-login-page
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46485

Plugin:: WP Customize Login Page
Plugin Slug:: wp-customize-login-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46477

Plugin:: wp-cyr-cho
Plugin Slug:: wp-cyr-cho
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-43835

Plugin:: Easy Guide
Plugin Slug:: wp-easy-guide
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-46460

Plugin:: WP Filter Post Category
Plugin Slug:: wp-filter-post-categories
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46524

Plugin:: FoodBakery
Plugin Slug:: wp-foodbakery
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32927

Plugin:: WP HRM LITE
Plugin Slug:: wp-hrm-lite-human-resource-management-system
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-46455

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11917

Plugin:: Meta Keywords & Description
Plugin Slug:: wp-meta-keywords-meta-description
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46454

Plugin:: WP Quiz
Plugin Slug:: wp-quiz
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46482

Plugin:: WP-reCAPTCHA-bp
Plugin Slug:: wp-recaptcha-bp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46541

Plugin:: Tooltip
Plugin Slug:: wp-tooltip
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46532

Plugin:: WordPress Events Calendar Registration & Tickets
Plugin Slug:: wpeventplus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39372

Plugin:: WPVN
Plugin Slug:: wpvn-username-changer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46462

Plugin:: WpZon � Amazon Affiliate Plugin
Plugin Slug:: wpzon
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46506

Plugin:: WS Force Login Page
Plugin Slug:: ws-force-login-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46521

Plugin:: Woocommerce Automatic Order Printing
Plugin Slug:: xc-woo-google-cloud-print
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1284

Plugin:: Xpert Tab
Plugin Slug:: xpert-tab
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46542

Plugin:: Zalo Official Live Chat
Plugin Slug:: zalo-official-live-chat
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46498

Plugin:: Zoho Creator Forms
Plugin Slug:: zohocreator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46453

Plugin:: Ocean Extra
Plugin Slug:: ocean-extra
Installations: 600,000+
Vulnerability:: Content Injection
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-3472

Plugin:: Ocean Extra
Plugin Slug:: ocean-extra
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-3457

Plugin:: Admin and Site Enhancements (ASE)
Plugin Slug:: admin-site-enhancements
Installations: 100,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 7.6.10
Severity Score:: Medium
CVE:: 2024-13688

Plugin:: Element Pack Addons for Elementor � Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.30
Severity Score:: Medium
CVE:: 2025-1458

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +20 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2025-3775

Plugin:: Jupiter X Core
Plugin Slug:: jupiterx-core
Installations: 90,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.8.12
Severity Score:: Critical
CVE:: 2025-2105

Plugin:: Icegram Express � email subscribers, optin forms, newsletters and marketing automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.50
Severity Score:: Medium
CVE:: 2025-0671

Plugin:: User Registration & Membership � Custom Registration Form, Login Form, and User Profile
Plugin Slug:: user-registration
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.0
Severity Score:: High
CVE:: 2025-39400

Plugin:: Category Posts Widget
Plugin Slug:: category-posts
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.20
Severity Score:: Medium
CVE:: 2025-1453

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 50,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 11.4.6
Severity Score:: High
CVE:: 2025-3616

Plugin:: WordPress Tag, Category, and Taxonomy Manager � AI Autotagger
Plugin Slug:: simple-tags
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.30.0
Severity Score:: Medium
CVE:: 2025-0627

Plugin:: Visual Composer Website Builder
Plugin Slug:: visualcomposer
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 45.11.0
Severity Score:: Medium
CVE:: 2025-46254

Plugin:: WP Import Export Lite
Plugin Slug:: wp-import-export-lite
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.28
Severity Score:: Medium
CVE:: 2025-2839

Plugin:: Contact Form & SMTP Plugin for WordPress by PirateForms
Plugin Slug:: pirate-forms
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.0
Severity Score:: Medium
CVE:: 2024-11273

Plugin:: SecuPress Free � WordPress Security
Plugin Slug:: secupress
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.10
Severity Score:: Medium
CVE:: 2025-3452

Plugin:: Gutenverse � Ultimate Block Addons and Page Builder for Site Editor
Plugin Slug:: gutenverse
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2025-2893

Plugin:: Social Slider Feed
Plugin Slug:: instagram-slider-widget
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.9
Severity Score:: Medium
CVE:: 2025-0717

Plugin:: PowerPress Podcasting plugin by Blubrry
Plugin Slug:: powerpress
Installations: 30,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 11.12.6
Severity Score:: Critical
CVE:: 2025-46264

Plugin:: UiCore Elements � Free Elementor widgets and templates
Plugin Slug:: uicore-elements
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2025-1054

Plugin:: Icegram Engage � Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.32
Severity Score:: Medium
CVE:: 2024-13486

Plugin:: Seriously Simple Podcasting
Plugin Slug:: seriously-simple-podcasting
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.0
Severity Score:: Medium
CVE:: 2025-46261

Plugin:: AFI � The Easiest Integration Plugin
Plugin Slug:: advanced-form-integration
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.100.0
Severity Score:: Medium
CVE:: 2024-13123

Plugin:: Alt Text AI � Automatically generate image alt text for SEO and accessibility
Plugin Slug:: alttext-ai
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.94
Severity Score:: Medium
CVE:: 2025-46232

Plugin:: GutenKit � Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor
Plugin Slug:: gutenkit-blocks-addon
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2025-46253

Plugin:: HTML Forms � Simple WordPress Forms Plugin
Plugin Slug:: html-forms
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2025-46236

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.8.1
Severity Score:: Medium
CVE:: 2025-46237

Plugin:: Mang Board WP
Plugin Slug:: mangboard
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.7
Severity Score:: Medium
CVE:: 2025-3435

Plugin:: Prevent Direct Access � Protect WordPress Files
Plugin Slug:: prevent-direct-access
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.8.8.1
Severity Score:: Medium
CVE:: 2025-3923

Plugin:: Prevent Direct Access � Protect WordPress Files
Plugin Slug:: prevent-direct-access
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.8.3
Severity Score:: Medium
CVE:: 2025-3861

Plugin:: WordPress Simple Shopping Cart
Plugin Slug:: wordpress-simple-paypal-shopping-cart
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2025-3530

Plugin:: WordPress Simple Shopping Cart
Plugin Slug:: wordpress-simple-paypal-shopping-cart
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2025-3529

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.18.4
Severity Score:: Medium
CVE:: 2025-2580

Plugin:: WS Form LITE � Drag & Drop Contact Form Builder for WordPress
Plugin Slug:: ws-form
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.10.36
Severity Score:: Medium
CVE:: 2025-3912

Plugin:: Theme Switcha � Easily Switch Themes for Development and Testing
Plugin Slug:: theme-switcha
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.1
Severity Score:: Medium
CVE:: 2025-46239

Plugin:: Custom Related Posts
Plugin Slug:: custom-related-posts
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.5
Severity Score:: Medium
CVE:: 2025-46227

Plugin:: Upsell Funnel Builder for WooCommerce
Plugin Slug:: upsell-order-bump-offer-for-woocommerce
Installations: 4,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2025-3743

Plugin:: Watu Quiz
Plugin Slug:: watu
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.4
Severity Score:: High
CVE:: 2025-46242

Plugin:: affiliate-toolkit � WP Affiliate Plugin with Amazon
Plugin Slug:: affiliate-toolkit-starter
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.7.4
Severity Score:: Medium
CVE:: 2025-46231

Plugin:: Message Filter for Contact Form 7
Plugin Slug:: cf7-message-filter
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.6.33
Severity Score:: High
CVE:: 2025-46252

Plugin:: SKT Blocks � Gutenberg based Page Builder
Plugin Slug:: skt-blocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2025-46235

Plugin:: Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)
Plugin Slug:: sky-elementor-addons
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.3
Severity Score:: Medium
CVE:: 2025-46260

Plugin:: WP-Recall � Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 16.26.12
Severity Score:: Medium
CVE:: 2024-9771

Plugin:: Appointment Booking Calendar
Plugin Slug:: appointment-booking-calendar
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.93
Severity Score:: Medium
CVE:: 2025-46247

Plugin:: Appointment Booking Calendar
Plugin Slug:: appointment-booking-calendar
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.93
Severity Score:: High
CVE:: 2025-46241

Plugin:: Event post
Plugin Slug:: event-post
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.0
Severity Score:: Medium
CVE:: 2025-46228

Plugin:: Fable Extra
Plugin Slug:: fable-extra
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.7
Severity Score:: Critical
CVE:: 2025-46539

Plugin:: Fable Extra
Plugin Slug:: fable-extra
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.7
Severity Score:: Critical
CVE:: 2025-46468

Plugin:: Fable Extra
Plugin Slug:: fable-extra
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2025-46447

Plugin:: List Last Changes
Plugin Slug:: list-last-changes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2025-46238

Plugin:: Simple Download Counter
Plugin Slug:: simple-download-counter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2025-46240

Plugin:: Image Optimizer, Resizer and CDN � Sirv
Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.5.4
Severity Score:: Medium
CVE:: 2025-46233

Plugin:: Smart Maintenance Mode
Plugin Slug:: smart-maintenance-mode
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-12683

Plugin:: My Tickets � Accessible Event Ticketing
Plugin Slug:: my-tickets
Installations: 900+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.0.17
Severity Score:: High
CVE:: 2025-3761

Plugin:: MPL-Publisher � Ebook & Audiobook Creator
Plugin Slug:: mpl-publisher
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.18.1
Severity Score:: Medium
CVE:: 2025-46226

Plugin:: Frontend Dashboard
Plugin Slug:: frontend-dashboard
Installations: 700+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.6
Severity Score:: Critical
CVE:: 2025-46248

Plugin:: Media Library Downloader
Plugin Slug:: media-library-downloader
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2025-46519

Plugin:: Popup Builder
Plugin Slug:: easy-notify-lite
Installations: 600+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.1.37
Severity Score:: High
CVE:: 2025-46230

Plugin:: VikRestaurants Table Reservations and Take-Away
Plugin Slug:: vikrestaurants
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4
Severity Score:: High
CVE:: 2025-46251

Plugin:: Textmetrics
Plugin Slug:: webtexttool
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.3
Severity Score:: Medium
CVE:: 2025-46229

Plugin:: CM Answers � Easy-to-use forum to grow your WP community
Plugin Slug:: cm-answers
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.3.4
Severity Score:: Medium
CVE:: 2025-46246

Plugin:: Crossword Compiler Puzzles
Plugin Slug:: crossword-compiler-puzzles
Installations: 400+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.3
Severity Score:: Critical
CVE:: 2025-46490

Plugin:: Advanced Linked Variations for Woocommerce
Plugin Slug:: linked-variation
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2025-46244

Plugin:: Simple calendar for Elementor
Plugin Slug:: simple-calendar-for-elementor
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.5
Severity Score:: Medium
CVE:: 2025-46249

Plugin:: Tax Switch for WooCommerce
Plugin Slug:: tax-switch-for-woocommerce
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2025-3814

Plugin:: Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
Plugin Slug:: v-form
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.15
Severity Score:: Medium
CVE:: 2025-46250

Plugin:: CM Ad Changer � A simple tool to control and optimize your site’s banners
Plugin Slug:: cm-ad-changer
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2025-46245