WordPress Vulnerability Report � June 11, 2025

In this report, 306 vulnerabilities have been publicly disclosed. Security patches for 134 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 172 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8.1 was released on April 30, 2025. This maintenance release includes fixes for 15 bugs throughout Core and the Block Editor, addressing issues affecting multiple areas of WordPress, including the block editor, multisite, and REST API. For a full list, refer to the release candidate announcement.

WordPress Plugins � 120 Patched / 151 Unpatched

Plugin:: Widget Logic
Plugin Slug:: widget-logic
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32222

Plugin:: CubeWP � All-in-One Dynamic Content Framework
Plugin Slug:: cubewp-framework
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30994

Plugin:: PayU CommercePro Plugin
Plugin Slug:: payu-india
Installations: 5,000+
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31022

Plugin:: WP Shopify
Plugin Slug:: wp-shopify
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30999

Plugin:: Easy Mega Menu Plugin for WordPress � ThemeHunk
Plugin Slug:: themehunk-megamenu-plus
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30990

Plugin:: Widgetize Pages Light
Plugin Slug:: widgetize-pages-light
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30995

Plugin:: Premium Packages � Sell Digital Products Securely
Plugin Slug:: wpdm-premium-packages
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30991

Plugin:: Category Icon
Plugin Slug:: category-icon
Installations: 2,000+
Vulnerability:: XML External Entity (XXE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31039

Plugin:: WP Live Chat + Chatbots Plugin for WordPress � Chaport
Plugin Slug:: chaport
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30977

Plugin:: Post Grid Master � Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:: ajax-filter-posts
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30974

Plugin:: Booqable Rental Plugin
Plugin Slug:: booqable-rental-reservations
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30956

Plugin:: Activity Plus Reloaded for BuddyPress
Plugin Slug:: bp-activity-plus-reloaded
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30957

Plugin:: Nexa Blocks � Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: nexa-blocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30952

Plugin:: Nexa Blocks � Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: nexa-blocks
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30976

Plugin:: onOffice for WP-Websites
Plugin Slug:: onoffice-for-wp-websites
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30958

Plugin:: Simple Keyword to Link
Plugin Slug:: simple-keyword-to-link
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30980

Plugin:: All Currencies for WooCommerce
Plugin Slug:: woocommerce-all-currencies
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30950

Plugin:: Taskbuilder � WordPress Project & Task Management plugin
Plugin Slug:: taskbuilder
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30945

Plugin:: WP Compress for MainWP
Plugin Slug:: wp-compress-mainwp
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30932

Plugin:: ???????????????
Plugin Slug:: os-diagnosis-generator
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30934

Plugin:: Spice Blocks
Plugin Slug:: spice-blocks
Installations: 800+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-48130

Plugin:: ACF: Yandex Maps Field
Plugin Slug:: acf-yandex-maps-field
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30930

Plugin:: Broadly for WordPress
Plugin Slug:: broadly
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30938

Plugin:: Bitly URL Shortener
Plugin Slug:: codehaveli-bitly-url-shortener
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30629

Plugin:: �?????????� ?? DaData.ru
Plugin Slug:: dadata-ru
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30931

Plugin:: IFrame Widget
Plugin Slug:: iframe-widget
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30939

Plugin:: Melipayamak
Plugin Slug:: melipayamak
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30940

Plugin:: Accessibility Suite by Ability, Inc
Plugin Slug:: online-accessibility
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30636

Plugin:: Pinterest Verify Meta Tag
Plugin Slug:: pinterest-verify-meta-tag
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30941

Plugin:: Responsify WP
Plugin Slug:: responsify-wp
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30937

Plugin:: Wordapp
Plugin Slug:: wordapp
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30927

Plugin:: Spreadsheet Price Changer for WooCommerce and WP E-commerce � Light
Plugin Slug:: excel-like-price-change-for-woocommerce-and-wp-e-commerce-light
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-48122

Plugin:: WordLift � AI powered SEO � Schema
Plugin Slug:: wordlift
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30624

Plugin:: Behance Portfolio Manager
Plugin Slug:: portfolio-manager-powered-by-behance
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-29010

Plugin:: Wishlist
Plugin Slug:: wishlist
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31061

Plugin:: HR Management Lite
Plugin Slug:: hr-management-lite
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-29005

Plugin:: Multi CryptoCurrency Payments
Plugin Slug:: multi-crypto-currency-payment
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-48141

Plugin:: WP AutoKeyword
Plugin Slug:: wp-autokeyword
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28997

Plugin:: GPP Slideshow
Plugin Slug:: gpp-slideshow
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28996

Plugin:: Viral Loops WP Integration
Plugin Slug:: viral-loops-wp-integration
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28994

Plugin:: Viral Loops WP Integration
Plugin Slug:: viral-loops-wp-integration
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28995

Plugin:: Elastic Email Subscribe Form
Plugin Slug:: elastic-email-subscribe-form
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28985

Plugin:: Epicwin Plugin
Plugin Slug:: epicwin-subscribers
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28986

Plugin:: Read More Login
Plugin Slug:: read-more-login
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28989

Plugin:: Subscription Renewal Reminders for WooCommerce
Plugin Slug:: subscriptions-renewal-reminders
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28984

Plugin:: Pay with Contact Form 7
Plugin Slug:: pay-with-contact-form-7
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-24772

Plugin:: Quick Event Calendar
Plugin Slug:: quick-event-calendar
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27360

Plugin:: Recover abandoned cart for WooCommerce
Plugin Slug:: recover-wc-abandoned-cart
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-47608

Plugin:: WP Media File Type Manager
Plugin Slug:: wp-media-file-type-manager
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27359

Plugin:: TicketBAI Facturas para WooCommerce
Plugin Slug:: wp-ticketbai
Installations: 80+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-24767

Plugin:: TicketBAI Facturas para WooCommerce
Plugin Slug:: wp-ticketbai
Installations: 80+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-24762

Plugin:: One-Login
Plugin Slug:: one-login
Installations: 70+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23974

Plugin:: Next Event Calendar
Plugin Slug:: next-event-calendar
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-26001

Plugin:: WP Post Corrector
Plugin Slug:: wp-post-corrector
Installations: 60+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-26003

Plugin:: 6Storage Rentals
Plugin Slug:: 6storage-rentals
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-26002

Plugin:: Aeroscroll Gallery � Infinite Scroll Image Gallery & Post Grid with Photo Gallery
Plugin Slug:: aeroscroll-gallery
Installations: 50+
Vulnerability:: Directory Traversal
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-49451

Plugin:: Bang tinh vay
Plugin Slug:: bang-tinh-lai-suat
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-26000

Plugin:: Sola Support Tickets
Plugin Slug:: sola-support-tickets
Installations: 50+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-25997

Plugin:: Interactive Regional Map of Africa
Plugin Slug:: interactive-map-of-africa
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49449

Plugin:: SEPA Girocode
Plugin Slug:: sepa-girocode
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49450

Plugin:: Admin Notes
Plugin Slug:: admin-note
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49446

Plugin:: Interactive UK Regional Map
Plugin Slug:: interactive-uk-regional-map
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49445

Plugin:: Bacon Ipsum
Plugin Slug:: bacon-ipsum
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49443

Plugin:: Interactive Regional Map of Florida
Plugin Slug:: interactive-map-of-florida
Installations: 10+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49441

Plugin:: Team Builder
Plugin Slug:: a-team-showcase
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32308

Plugin:: Abbie Expander
Plugin Slug:: abbie-expander
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49427

Plugin:: Advanced Post List
Plugin Slug:: advanced-post-list
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30968

Plugin:: AI Mortgage Calculator
Plugin Slug:: ai-mortgage-calculator
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-25995

Plugin:: AppBanners
Plugin Slug:: appbanners
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30625

Plugin:: Atelier Create CV
Plugin Slug:: atelier-create-cv
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49439

Plugin:: Backwp
Plugin Slug:: backwp
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28954

Plugin:: bbPress API
Plugin Slug:: bbp-api
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-24763

Plugin:: Bg Orthodox Calendar
Plugin Slug:: bg-orthodox-calendar
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28958

Plugin:: BNS Featured Category
Plugin Slug:: bns-featured-category
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5538

Plugin:: BP Profile as Homepage
Plugin Slug:: bp-profile-as-homepage
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-49453

Plugin:: Bunny�s Print CSS
Plugin Slug:: bunnys-print-css
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5925

Plugin:: WPCHURCH
Plugin Slug:: church-management
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32303

Plugin:: HyperComments
Plugin Slug:: comments-with-hypercommentscom
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-5701

Plugin:: Complete Google Seo Scan
Plugin Slug:: complete-google-seo-scan
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26590

Plugin:: Contact Form
Plugin Slug:: contact-form-ready
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30935

Plugin:: WordPress Ajax Load More and Infinite Scroll
Plugin Slug:: cpt-ajax-load-more
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5586

Plugin:: CubePoints
Plugin Slug:: cubepoints
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28952

Plugin:: Custom Bulk/Quick Edit
Plugin Slug:: custom-bulkquick-edit
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30946

Plugin:: Custom Category/Post Type Post order
Plugin Slug:: custom-post-order-category
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-29013

Plugin:: Developer Formatter
Plugin Slug:: devformatter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5699

Plugin:: Slack Notifications by dorzki
Plugin Slug:: dorzki-notifications-to-slack
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30978

Plugin:: ZoomSounds
Plugin Slug:: dzs-zoomsounds
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-47566

Plugin:: Elegant Visitor Counter
Plugin Slug:: elegant-visitor-counter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30627

Plugin:: Universal Video Player
Plugin Slug:: elementor_widget_universal_video_player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31057

Plugin:: elfsight Contact Form widget
Plugin Slug:: elfsight-contact-form
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31045

Plugin:: Elite Video Player
Plugin Slug:: elite-video-player
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30986

Plugin:: Foxit eSign for WordPress
Plugin Slug:: esign-genie-for-wp
Vulnerability:: Other Vulnerability Type
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49419

Plugin:: ESV Bible Shortcode for WordPress
Plugin Slug:: esv-bible-shortcode-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5534

Plugin:: FastBook
Plugin Slug:: fastbook-responsive-appointment-booking-and-scheduling-system
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26593

Plugin:: File Provider
Plugin Slug:: file-provider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-4580

Plugin:: File Provider
Plugin Slug:: file-provider
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-4578

Plugin:: Free WP Mail SMTP
Plugin Slug:: free-wp-mail-smtp
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28974

Plugin:: Global Translator
Plugin Slug:: global-translator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30630

Plugin:: Global Translator
Plugin Slug:: global-translator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30632

Plugin:: Hide It
Plugin Slug:: hide-it
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5565

Plugin:: Hive Support
Plugin Slug:: hive-support
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-5018

Plugin:: Hive Support
Plugin Slug:: hive-support
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5019

Plugin:: Image Hover Effects Block
Plugin Slug:: image-hover-effects-block
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31025

Plugin:: InWave Jobs
Plugin Slug:: iwjob
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-39477

Plugin:: KI Live Video Conferences
Plugin Slug:: ki-live-video-conferences
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23969

Plugin:: KI Live Video Conferences
Plugin Slug:: ki-live-video-conferences
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23971

Plugin:: Konami Easter Egg
Plugin Slug:: konami-easter-egg
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-49425

Plugin:: Layouts for Elementor
Plugin Slug:: layouts-for-elementor
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30948

Plugin:: CLEVER
Plugin Slug:: lbg-audio11-html5-shoutcast_history
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31635

Plugin:: Sticky Radio Player
Plugin Slug:: lbg-audio5-html5-shoutcast_sticky
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31426

Plugin:: SHOUT
Plugin Slug:: lbg-audio8-html5-radio_ads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31925

Plugin:: WP Lead Capturing Pages
Plugin Slug:: leadcapture
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31424

Plugin:: MapSVG
Plugin Slug:: mapsvg
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-47561

Plugin:: Mediabay – WordPress Media Library Folders
Plugin Slug:: mediabay
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28948

Plugin:: No Spam At All
Plugin Slug:: no-spam-at-all
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-24778

Plugin:: Paged Gallery
Plugin Slug:: paged-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5686

Plugin:: Payment QR WooCommerce
Plugin Slug:: payment-qr-woo
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31000

Plugin:: Personal Favicon
Plugin Slug:: personal-favicon
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28964

Plugin:: Post Author
Plugin Slug:: post-author
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28950

Plugin:: Post Custom Templates Lite
Plugin Slug:: post-custom-templates-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30942

Plugin:: Powie’s Uptime Robot
Plugin Slug:: powies-uptime-robot
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30638

Plugin:: Recent Posts Slider Responsive
Plugin Slug:: recent-posts-slider-responsive
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28966

Plugin:: Responsive Flipbooks
Plugin Slug:: responsive-flipbooks
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-24776

Plugin:: Revolution Video Player
Plugin Slug:: revolution_video_player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31058

Plugin:: Runners Log
Plugin Slug:: runners-log
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5541

Plugin:: Seofy Core
Plugin Slug:: seofy-core
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39473

Plugin:: Simple Google Static Map
Plugin Slug:: simple-google-static-map
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27334

Plugin:: Simple Nested Menu
Plugin Slug:: simple-nested-menu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49442

Plugin:: SocialMark
Plugin Slug:: socialmark
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-29008

Plugin:: StageShow
Plugin Slug:: stageshow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5703

Plugin:: Motors – Events
Plugin Slug:: stm-motors-events
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-47586

Plugin:: Stop Spammers
Plugin Slug:: stop-spammer-registrations-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2935

Plugin:: The Holiday Calendar
Plugin Slug:: the-holiday-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-29003

Plugin:: Universal Video Player
Plugin Slug:: universal_video_player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31917

Plugin:: Video Embeds
Plugin Slug:: video-embeds
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49429

Plugin:: Direct Checkout for WooCommerce Lite
Plugin Slug:: woo-direct-checkout-lite
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-29006

Plugin:: WooCommerce Photo Reviews – Review Reminders – Review for Discounts
Plugin Slug:: woocommerce-photo-reviews
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-47570

Plugin:: WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates
Plugin Slug:: woocommerce-ultimate-gift-card
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-47569

Plugin:: WooBeWoo Product Filter Pro
Plugin Slug:: woofilter-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-39496

Plugin:: Wp Easy Allopass
Plugin Slug:: wordpress-easy-allopass
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49435

Plugin:: WP-Addpub
Plugin Slug:: wp-addpub
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-5563

Plugin:: WP Biographia
Plugin Slug:: wp-biographia
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30928

Plugin:: WP Email Debug
Plugin Slug:: wp-email-debug
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-5486

Plugin:: WP Featured Content Slider
Plugin Slug:: wp-featured-content-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30634

Plugin:: Freemind Viewer
Plugin Slug:: wp-freemind
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5536

Plugin:: WP Mail Options
Plugin Slug:: wp-mail-options
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28981

Plugin:: WP Online Users Stats
Plugin Slug:: wp-online-users-stats
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-4966

Plugin:: WP-Recall
Plugin Slug:: wp-recall
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30981

Plugin:: WP Security Master
Plugin Slug:: wp-security-master
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49440

Plugin:: WP Text Expander
Plugin Slug:: wp-text-expander
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-49421

Plugin:: YouTube Simple Gallery
Plugin Slug:: youtube-simple-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-29011

Plugin:: Essential Addons for Elementor � Popular Elementor Templates and Widgets
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.13
Severity Score:: Medium
CVE:: 2024-9994

Plugin:: WP-Optimize � Cache, Compress images, Minify & Clean database to boost page speed & performance
Plugin Slug:: wp-optimize
Installations: 1,000,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.2.0
Severity Score:: High
CVE:: 2025-3951

Plugin:: Popup Maker � Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.20.5
Severity Score:: Medium
CVE:: 2025-4205

Plugin:: Broken Link Checker
Plugin Slug:: broken-link-checker
Installations: 600,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2025-4047

Plugin:: Forminator Forms � Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.44.2
Severity Score:: Medium
CVE:: 2025-5341

Plugin:: Ocean Extra
Plugin Slug:: ocean-extra
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.9
Severity Score:: Medium
CVE:: 2025-49068

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.0
Severity Score:: Medium
CVE:: 2025-49244

Plugin:: Simple History � Track, Log, and Audit WordPress Changes
Plugin Slug:: simple-history
Installations: 300,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.8.2
Severity Score:: Medium
CVE:: 2025-5760

Plugin:: Real Cookie Banner: GDPR & ePrivacy Cookie Consent
Plugin Slug:: real-cookie-banner
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.6
Severity Score:: Medium
CVE:: 2025-1485

Plugin:: Social Sharing Plugin � Sassy Social Share
Plugin Slug:: sassy-social-share
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.76
Severity Score:: High
CVE:: 2025-5528

Plugin:: Ninja Tables � Easy Data Table Builder
Plugin Slug:: ninja-tables
Installations: 80,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.0.19
Severity Score:: Critical
CVE:: 2025-2939

Plugin:: WP Table Builder � WordPress Table Plugin
Plugin Slug:: wp-table-builder
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2025-49286

Plugin:: WPtouch � Make your WordPress Website Mobile-Friendly
Plugin Slug:: wptouch
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.61
Severity Score:: Medium
CVE:: 2025-49318

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.3.59
Severity Score:: Medium
CVE:: 2025-49291

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.5.7
Severity Score:: Medium
CVE:: 2025-49301

Plugin:: User Profile Builder � Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Content Spoofing
Patched in Version:: 3.13.9
Severity Score:: Medium
CVE:: 2025-49292

Plugin:: User Profile Builder � Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.9
Severity Score:: Medium
CVE:: 2025-4671

Plugin:: Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0
Severity Score:: High
CVE:: 2025-49262

Plugin:: Uncanny Automator � Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Plugin Slug:: uncanny-automator
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.5.0
Severity Score:: Medium
CVE:: 2025-48133

Plugin:: FancyBox for WordPress
Plugin Slug:: fancybox-for-wordpress
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.6
Severity Score:: High
CVE:: 2025-3662

Plugin:: ?????? ????? ??????? Persian WooCommerce SMS
Plugin Slug:: persian-woocommerce-sms
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.1.0
Severity Score:: High
CVE:: 2025-49315

Plugin:: Simple Membership
Plugin Slug:: simple-membership
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.4
Severity Score:: Medium
CVE:: 2025-49333

Plugin:: RTMKit Addons for Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.1
Severity Score:: Medium
CVE:: 2025-49235

Plugin:: Print Invoice & Delivery Notes for WooCommerce
Plugin Slug:: woocommerce-delivery-notes
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.6.0
Severity Score:: Medium
CVE:: 2025-49239

Plugin:: Bit File Manager � 100% Free & Open Source File Manager and Code Editor for WordPress
Plugin Slug:: file-manager
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.8
Severity Score:: Medium
CVE:: 2025-1725

Plugin:: Welcart e-Commerce
Plugin Slug:: usc-e-shop
Installations: 20,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.11.14
Severity Score:: Medium
CVE:: 2025-47511

Plugin:: Backup and Staging by WP Time Capsule
Plugin Slug:: wp-time-capsule
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.22.24
Severity Score:: High
CVE:: 2025-47477

Plugin:: WP Travel Engine � Tour Booking Plugin � Tour Operator Software
Plugin Slug:: wp-travel-engine
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 6.5.2
Severity Score:: High
CVE:: 2025-49308

Plugin:: Store Locator WordPress
Plugin Slug:: agile-store-locator
Installations: 10,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2025-49329

Plugin:: Store Locator WordPress
Plugin Slug:: agile-store-locator
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.2
Severity Score:: High
CVE:: 2025-49328

Plugin:: Bellows Accordion Menu
Plugin Slug:: bellows-accordion-menu
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2025-49242

Plugin:: GamiPress � Gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.4.6
Severity Score:: High
CVE:: 2025-49326

Plugin:: Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent
Plugin Slug:: gdpr-cookie-consent
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.1
Severity Score:: Medium
CVE:: 2025-49285

Plugin:: Music Player for Elementor � Audio Player & Podcast Player
Plugin Slug:: music-player-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-5340

Plugin:: Post Slider and Post Carousel with Post Vertical Scrolling Widget � A Responsive Post Slider
Plugin Slug:: post-slider-and-carousel
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.10
Severity Score:: Medium
CVE:: 2025-4567

Plugin:: ShiftNav � Responsive Mobile Menu
Plugin Slug:: shiftnav-responsive-mobile-menu
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2025-49243

Plugin:: WP Multilang � Translation and Multilingual Plugin
Plugin Slug:: wp-multilang
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.4.19.1
Severity Score:: High
CVE:: 2025-49307

Plugin:: Event Manager and Tickets Selling Plugin for WooCommerce � WpEvently � WordPress Plugin
Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.3
Severity Score:: Medium
CVE:: 2025-5568

Plugin:: WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Plugin Slug:: smart-wishlist-for-more-convert
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.2
Severity Score:: High
CVE:: 2025-47487

Plugin:: Ultimate Gift Cards for WooCommerce
Plugin Slug:: woo-gift-cards-lite
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.1.5
Severity Score:: High
CVE:: 2025-5103

Plugin:: Password Policy Manager | Password Manager
Plugin Slug:: password-policy-manager
Installations: 5,000+
Vulnerability:: Broken Authentication
Patched in Version:: 2.0.5
Severity Score:: High
CVE:: 2025-31019

Plugin:: WC Vendors � WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors
Plugin Slug:: wc-vendors
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.5.7
Severity Score:: High
CVE:: 2025-49263

Plugin:: WP Social Widget
Plugin Slug:: wp-social-widget
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.1
Severity Score:: Medium
CVE:: 2025-49306

Plugin:: MultiVendorX � WooCommerce Multivendor Marketplace Solutions
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.2.23
Severity Score:: High
CVE:: 2025-48261

Plugin:: Everest Backup � WordPress Cloud Backup, Migration, Restore & Cloning Plugin
Plugin Slug:: everest-backup
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.4
Severity Score:: Medium
CVE:: 2025-49238

Plugin:: Min Max Step Quantity Limits Manager for WooCommerce
Plugin Slug:: product-quantity-for-woocommerce
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.1.1
Severity Score:: Medium
CVE:: 2025-49510

Plugin:: Shared Files � Frontend File Upload Form & Secure File Sharing
Plugin Slug:: shared-files
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.49
Severity Score:: High
CVE:: 2025-4392

Plugin:: WordPress Comments Import & Export
Plugin Slug:: comments-import-export-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.4
Severity Score:: Medium
CVE:: 2025-3919

Plugin:: The Events Calendar Countdown Addon
Plugin Slug:: countdown-for-the-events-calendar
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.10
Severity Score:: Medium
CVE:: 2025-49311

Plugin:: Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant
Plugin Slug:: gdpr-compliant-recaptcha-for-all-forms
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.2
Severity Score:: Medium
CVE:: 2025-49283

Plugin:: Icegram Collect � Easy Form, Lead Collection and Subscription plugin
Plugin Slug:: icegram-rainmaker
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.19
Severity Score:: High
CVE:: 2025-47527

Plugin:: Libro de Reclamaciones y Quejas
Plugin Slug:: libro-de-reclamaciones-y-quejas
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.0
Severity Score:: High
CVE:: 2025-30989

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.10
Severity Score:: High
CVE:: 2025-4857

Plugin:: WP Maintenance Mode & Site Under Construction
Plugin Slug:: wp-maintenance-mode-site-under-construction
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.4
Severity Score:: Medium
CVE:: 2025-49284

Plugin:: BlockStrap Page Builder � Bootstrap Blocks
Plugin Slug:: blockstrap-page-builder-blocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.1.37
Severity Score:: Medium
CVE:: 2025-30951

Plugin:: oik
Plugin Slug:: oik
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.15.2
Severity Score:: Medium
CVE:: 2025-49241

Plugin:: Trinity Audio � Text to Speech AI audio player to convert content into audio
Plugin Slug:: trinity-audio
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.20.1
Severity Score:: Medium
CVE:: 2025-49272

Plugin:: Product Feed for WooCommerce � Google Shopping Feed, Pinterest Feed, TikTok Ads & More
Plugin Slug:: webtoffee-product-feed
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.9
Severity Score:: Medium
CVE:: 2025-49287

Plugin:: WP Tools Repair, Javascript errors, Jquery errors, Increase Maximum Limits, File Permissions, Transients, Error Log
Plugin Slug:: wptools
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.25
Severity Score:: Medium
CVE:: 2025-49273

Plugin:: Event post
Plugin Slug:: event-post
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.2
Severity Score:: Medium
CVE:: 2025-49298

Plugin:: WP Gravity Forms Salesforce
Plugin Slug:: gf-salesforce-crmperks
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.4.8
Severity Score:: Medium
CVE:: 2025-30953

Plugin:: Hydra Booking � All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings
Plugin Slug:: hydra-booking
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.11
Severity Score:: High
CVE:: 2025-49323

Plugin:: Market Exporter
Plugin Slug:: market-exporter
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.23
Severity Score:: Medium
CVE:: 2025-49269

Plugin:: Membership For WooCommerce
Plugin Slug:: membership-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.2
Severity Score:: High
CVE:: 2025-49265

Plugin:: Newspack Newsletters
Plugin Slug:: newspack-newsletters
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: 3.14.0
Severity Score:: Medium
CVE:: 2025-49325

Plugin:: Product Catalog Simple
Plugin Slug:: post-type-x
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.2
Severity Score:: Medium
CVE:: 2025-49305

Plugin:: Raychat
Plugin Slug:: raychat
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2025-49236

Plugin:: Stock Locations for WooCommerce
Plugin Slug:: stock-locations-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.7
Severity Score:: High
CVE:: 2025-47463

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.4.12
Severity Score:: High
CVE:: 2025-5482

Plugin:: Vayu Blocks � Website Builder for the Block Editor
Plugin Slug:: vayu-blocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2025-4420

Plugin:: WordPress CRM Plugin � WP-CRM System
Plugin Slug:: wp-crm-system
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium
CVE:: 2025-49270

Plugin:: WP Time Slots Booking Form
Plugin Slug:: wp-time-slots-booking-form
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.31
Severity Score:: Medium
CVE:: 2025-49332

Plugin:: WordPress Contact Forms by Cimatti
Plugin Slug:: contact-forms
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.9
Severity Score:: Medium
CVE:: 2025-49069

Plugin:: WP Gravity Forms Constant Contact Plugin
Plugin Slug:: gf-constant-contact
Installations: 900+
Vulnerability:: Open Redirection
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2025-30954

Plugin:: PDF for WPForms + Drag and Drop Template Builder
Plugin Slug:: pdf-for-wpforms
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2025-49289

Plugin:: Ultimate WP Mail
Plugin Slug:: ultimate-wp-mail
Installations: 900+
Vulnerability:: Broken Authentication
Patched in Version:: 1.3.6
Severity Score:: High
CVE:: 2025-49288

Plugin:: FraudLabs Pro for WooCommerce
Plugin Slug:: fraudlabs-pro-for-woocommerce
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 2.22.12
Severity Score:: Medium
CVE:: 2025-49320

Plugin:: Booking Ultra Pro Appointments Booking Calendar Plugin
Plugin Slug:: booking-ultra-pro
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.21
Severity Score:: Medium
CVE:: 2025-30637

Plugin:: Broadstreet
Plugin Slug:: broadstreet
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.51.8
Severity Score:: High
CVE:: 2025-4652

Plugin:: Frontend Dashboard
Plugin Slug:: frontend-dashboard
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.9
Severity Score:: Medium
CVE:: 2025-49310

Plugin:: WP Team � WordPress Team Member Plugin
Plugin Slug:: ht-team-member
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.8
Severity Score:: Medium
CVE:: 2025-49309

Plugin:: POEditor
Plugin Slug:: poeditor
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.9.11
Severity Score:: High
CVE:: 2025-49237

Plugin:: WC MyParcel Belgium
Plugin Slug:: wc-myparcel-belgium
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.6
Severity Score:: High
CVE:: 2025-48279

Plugin:: WP Page Loading
Plugin Slug:: wp-page-loading
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2025-49317

Plugin:: WP Plugin Info Card
Plugin Slug:: wp-plugin-info-card
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.0
Severity Score:: Medium
CVE:: 2025-5116

Plugin:: Search with Typesense
Plugin Slug:: search-with-typesense
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.11
Severity Score:: Medium
CVE:: 2025-49304

Plugin:: Verge3D Publishing and E-Commerce
Plugin Slug:: verge3d
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.5
Severity Score:: Medium
CVE:: 2025-49268

Plugin:: 404 Page by SeedProd
Plugin Slug:: 404-page
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2025-49322

Plugin:: DocsPress � Online Documentation
Plugin Slug:: docspress
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2025-49240

Plugin:: Domain For Sale, Domain appraisal, Domain auction, Domain marketplace � Best Domain For sale Plugin for WordPress
Plugin Slug:: domain-for-sale
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.11
Severity Score:: Medium
CVE:: 2025-5239

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.61
Severity Score:: Medium
CVE:: 2025-49324

Plugin:: WebHotelier for WordPress
Plugin Slug:: webhotelier
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.10.0
Severity Score:: Medium
CVE:: 2025-49299

Plugin:: Audio Editor & Recorder
Plugin Slug:: audio-editor-recorder
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2025-49509

Plugin:: Employee Directory � Staff Listing & Team Directory Plugin for WordPress
Plugin Slug:: employee-directory
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.1
Severity Score:: Medium
CVE:: 2025-5531

Plugin:: Knowledge Base
Plugin Slug:: knowledgebase
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.1
Severity Score:: Medium
CVE:: 2025-5533

Plugin:: Campus Directory � Faculty, Staff & Student Directory Plugin for WordPress
Plugin Slug:: campus-directory
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2025-5532

Plugin:: MyStyle Custom Product Designer
Plugin Slug:: mystyle-custom-product-designer
Installations: 80+
Vulnerability:: SQL Injection
Patched in Version:: 3.21.2
Severity Score:: Critical
CVE:: 2025-48281

Plugin:: Simple Contact Form Plugin for WordPress � WP Easy Contact
Plugin Slug:: wp-easy-contact
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.1
Severity Score:: Medium
CVE:: 2025-5539

Plugin:: ShortLinks Pro � Affiliate Links, Link Shortening, Click Tracking & Marketing
Plugin Slug:: shortlinkspro
Installations: 20+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.8
Severity Score:: High
CVE:: 2025-49327

Plugin:: LTL Freight Quotes � Day & Ross Edition
Plugin Slug:: ltl-freight-quotes-day-ross-edition
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.11
Severity Score:: High
CVE:: 2025-5303

Plugin:: Art Theme
Plugin Slug:: art-theme
Vulnerability:: Broken Access Control
Patched in Version:: 3.12.3
Severity Score:: Medium
CVE:: 2025-1778

Plugin:: Civi Framework
Plugin Slug:: civi-framework
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.6.4
Severity Score:: High
CVE:: 2025-49511

Plugin:: Crawlomatic Multisite Scraper Post Generator
Plugin Slug:: crawlomatic-multipage-scraper-post-generator
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2025-49294

Plugin:: Crawlomatic Multisite Scraper Post Generator
Plugin Slug:: crawlomatic-multipage-scraper-post-generator
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2025-49293

Plugin:: LTL Freight Quotes � Daylight Edition
Plugin Slug:: ltl-freight-quotes-daylight-edition
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.7
Severity Score:: High
CVE:: 2025-5303

Plugin:: LTL Freight Quotes � Freightview Edition
Plugin Slug:: ltl-freight-quotes-freightview-edition
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.12
Severity Score:: High
CVE:: 2025-5303

Plugin:: Modern Events Calendar Lite
Plugin Slug:: modern-events-calendar-lite
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.22
Severity Score:: Medium
CVE:: 2025-5733

Plugin:: Nasa Core
Plugin Slug:: nasa-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.1
Severity Score:: Medium
CVE:: 2025-49067

Plugin:: BRW
Plugin Slug:: ova-brw
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.7
Severity Score:: Medium
CVE:: 2025-49314

Plugin:: BRW
Plugin Slug:: ova-brw
Vulnerability:: Local File Inclusion
Patched in Version:: 1.8.7
Severity Score:: High
CVE:: 2025-49313

Plugin:: NewsLetter
Plugin Slug:: plugin-newsletter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.8.5
Severity Score:: Medium
CVE:: 2025-3581

Plugin:: NewsLetter
Plugin Slug:: plugin-newsletter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.8.2
Severity Score:: Medium
CVE:: 2025-3584

Plugin:: Real Cookie Banner Pro
Plugin Slug:: real-cookie-banner-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.6
Severity Score:: Medium
CVE:: 2025-1485

Plugin:: Team Showcase
Plugin Slug:: team-showcase-cm
Vulnerability:: Content Injection
Patched in Version:: 25.05.13
Severity Score:: Medium
CVE:: 2025-49250

Plugin:: Team Showcase
Plugin Slug:: team-showcase-cm
Vulnerability:: Broken Access Control
Patched in Version:: 25.05.13
Severity Score:: Medium
CVE:: 2025-49248

Plugin:: Testimonials Showcase
Plugin Slug:: testimonials-showcase
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.18
Severity Score:: Medium
CVE:: 2025-49246

Plugin:: Abandoned Cart Pro for WooCommerce
Plugin Slug:: woocommerce-abandon-cart-pro
Vulnerability:: Arbitrary File Upload
Patched in Version:: 9.17.0
Severity Score:: Critical
CVE:: 2025-4387

Plugin:: WP User Frontend Pro
Plugin Slug:: wp-user-frontend-pro
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.1.4
Severity Score:: Critical
CVE:: 2025-3054

Plugin:: WP User Frontend Pro
Plugin Slug:: wp-user-frontend-pro
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 4.1.4
Severity Score:: High
CVE:: 2025-3055

Plugin:: wpForo Advanced Attachments
Plugin Slug:: wpforo-advanced-attachments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: High
CVE:: 2025-4224

WordPress Themes � 14 Patched / 21 Unpatched

Theme:: Arlo
Theme Slug:: arlo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39475

Theme:: BodyCenter – Gym, Fitness WooCommerce WordPress Theme
Theme Slug:: bodycenter
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-25999

Theme:: CraftXtore
Theme Slug:: bw-craftxtore
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-24770

Theme:: Fitrush
Theme Slug:: bw-fitrush
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-26005

Theme:: GiftXtore
Theme Slug:: bw-giftxtore
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28888

Theme:: Petito
Theme Slug:: bw-petito
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27362

Theme:: Car Repair Services
Theme Slug:: car-repair-services
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30997

Theme:: Themify Edmin
Theme Slug:: edmin
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31047

Theme:: FLAP – Business WordPress Theme
Theme Slug:: flap
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31396

Theme:: FlatNews
Theme Slug:: flatnews
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32305

Theme:: Inset
Theme Slug:: inset
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Krowd
Theme Slug:: krowd
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32595

Theme:: PIMP – Creative MultiPurpose
Theme Slug:: pimp
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31398

Theme:: PressGrid – Frontend Publish Reaction & Multimedia Theme
Theme Slug:: press-grid
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31429

Theme:: Revo
Theme Slug:: revo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39476

Theme:: SNS Anton
Theme Slug:: snsanton
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28992

Theme:: Avaz
Theme Slug:: snsavaz
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28944

Theme:: Nitan
Theme Slug:: snsnitan
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-24768

Theme:: Soho Hotel
Theme Slug:: soho-hotel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39539

Theme:: Spare
Theme Slug:: spare
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31638

Theme:: Valen – Sport, Fashion WooCommerce WordPress Theme
Theme Slug:: valen
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28945

Theme:: Courtney
Theme Slug:: courtney
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.1
Severity Score:: High
CVE:: 2025-48290

Theme:: CozyStay
Theme Slug:: cozystay
Vulnerability:: PHP Object Injection
Patched in Version:: 1.7.1
Severity Score:: Critical
CVE:: 2025-49507

Theme:: GrandPrix
Theme Slug:: grandprix
Vulnerability:: Local File Inclusion
Patched in Version:: 1.6.1
Severity Score:: High
CVE:: 2025-49296

Theme:: Grill and Chow
Theme Slug:: grillandchow
Vulnerability:: Local File Inclusion
Patched in Version:: 1.6.1
Severity Score:: High
CVE:: 2025-49297

Theme:: Lesya
Theme Slug:: lesya
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7.3
Severity Score:: High
CVE:: 2025-48290

Theme:: Lettery
Theme Slug:: lettery
Vulnerability:: Local File Inclusion
Patched in Version:: 1.1.8
Severity Score:: High
CVE:: 2025-48290

Theme:: MediClinic
Theme Slug:: mediclinic
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2
Severity Score:: High
CVE:: 2025-49295

Theme:: Minterio
Theme Slug:: minterio
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.1
Severity Score:: High
CVE:: 2025-48290

Theme:: Mr. Murphy
Theme Slug:: mr-murphy
Vulnerability:: PHP Object Injection
Patched in Version:: 1.2.12.1
Severity Score:: Critical
CVE:: 2025-49072

Theme:: RealHomes
Theme Slug:: realhomes
Vulnerability:: Privilege Escalation
Patched in Version:: 4.4.1
Severity Score:: High
CVE:: 2025-4601

Theme:: Starbelly
Theme Slug:: starbelly
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.7
Severity Score:: High
CVE:: 2025-48290

Theme:: Sweet Dessert
Theme Slug:: sweet-dessert
Vulnerability:: PHP Object Injection
Patched in Version:: 1.1.13
Severity Score:: Critical
CVE:: 2025-49073

Theme:: TinySalt
Theme Slug:: tinysalt
Vulnerability:: PHP Object Injection
Patched in Version:: 3.10.0
Severity Score:: Critical
CVE:: 2025-49455

Theme:: TinySalt
Theme Slug:: tinysalt
Vulnerability:: Local File Inclusion
Patched in Version:: 3.10.0
Severity Score:: High
CVE:: 2025-49454