WordPress Vulnerability Report � October 29, 2025

In this report, 118 vulnerabilities have been publicly disclosed. Security patches for 66 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Currently, 52 plugin vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8.3 was released on September 30, 2025. This is a security release that features two fixes. As this is a security release, we recommend updating your sites immediately. For more information on WordPress 6.8.3, please visit the�version page on the HelpHub site.

WordPress 6.9 Beta 2 is now ready for testing! This beta version of WordPress is still under development, so please avoid using it on production or mission-critical sites. Instead, test Beta 2 on a staging or test site.

The final release of WordPress 6.9 is scheduled for December 2, 2025. You can find the full release schedule and testing information on the WordPress Core blog. Your help testing Beta and RC versions is essential to ensuring a stable and powerful release.

WordPress Plugins � 61 Patched / 52 Unpatched

Plugin:: ACF to REST API
Plugin Slug:: acf-to-rest-api
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-62979

Plugin:: Dynamic User Directory
Plugin Slug:: dynamic-user-directory
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-62982

Plugin:: Microsoft Azure Storage for WordPress
Plugin Slug:: windows-azure-storage
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10749

Plugin:: Builderall for WordPress
Plugin Slug:: builderall-cheetah-for-wp
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-62987

Plugin:: Posts By Tag
Plugin Slug:: posts-by-tag
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-62983

Plugin:: Simple Pull Quote
Plugin Slug:: simple-pull-quote
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-62985

Plugin:: Slider Templates
Plugin Slug:: slider-templates
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-62988

Plugin:: WP AdCenter � Ad Manager & Adsense Ads
Plugin Slug:: wpadcenter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-62984

Plugin:: KiotViet Sync
Plugin Slug:: kiotvietsync
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-62978

Plugin:: WP Gravity Forms Zoho CRM and Bigin
Plugin Slug:: gf-zoho
Installations: 500+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-62981

Plugin:: Persian Admnin Fonts
Plugin Slug:: persian-admin-fonts
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-62980

Plugin:: IndieAuth
Plugin Slug:: indieauth
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12028

Plugin:: WP-Force Images Download
Plugin Slug:: wp-force-images-download
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11809

Plugin:: FanBridge signup
Plugin Slug:: fanbridge-signup
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-62986

Plugin:: Cinza Grid
Plugin Slug:: cinza-grid
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11824

Plugin:: Disable Content Editor For Specific Template
Plugin Slug:: disable-contect-editor-for-specific-template
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12072

Plugin:: AIO Forms
Plugin Slug:: all-in-one-forms
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-11889

Plugin:: Bg Book Publisher
Plugin Slug:: bg-book-publisher
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11867

Plugin:: Check Plagiarism
Plugin Slug:: check-plagiarism
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11172

Plugin:: Email Tracker
Plugin Slug:: email-tracker
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-10047

Plugin:: URL Shortener
Plugin Slug:: exact-links
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10740

Plugin:: JB News Ticker
Plugin Slug:: jb-news-ticker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11804

Plugin:: LLM Hubspot Blog Import
Plugin Slug:: llm-hubspot-blog-import
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11257

Plugin:: Material Design Iconic Font Integration
Plugin Slug:: material-design-iconic-font-integration
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11872

Plugin:: Multi Item Responsive Slider
Plugin Slug:: mislider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-11992

Plugin:: Mixlr Shortcode
Plugin Slug:: mixlr-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11807

Plugin:: NGINX Cache Optimizer
Plugin Slug:: nginx-cache-optimizer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12014

Plugin:: NS Maintenance Mode for WP
Plugin Slug:: ns-maintenance-mode-for-wp
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-10638

Plugin:: Oboxmedia Ads
Plugin Slug:: oboxmedia-ads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11827

Plugin:: Originality.ai AI Checker
Plugin Slug:: originality-ai
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10901

Plugin:: Originality.ai AI Checker
Plugin Slug:: originality-ai
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10902

Plugin:: Photographers galleries
Plugin Slug:: photographers-galleries
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11866

Plugin:: Playerzbr
Plugin Slug:: playerzbr
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11825

Plugin:: Print Button Shortcode
Plugin Slug:: print-button-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11810

Plugin:: qnotsquiz
Plugin Slug:: qnotsquiz
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12016

Plugin:: Quickcreator � AI Blog Writer
Plugin Slug:: quickcreator
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-11504

Plugin:: RapidResult
Plugin Slug:: rapidresult
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-10748

Plugin:: Responsive iframe GoogleMap
Plugin Slug:: responsive-iframe-googlemap
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11813

Plugin:: Responsive Progress Bar
Plugin Slug:: responsive-progress-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11883

Plugin:: Simple Business Data
Plugin Slug:: simple-business-data
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11870

Plugin:: Simple Excel Pricelist for WooCommerce
Plugin Slug:: simple-excel-pricelist-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12096

Plugin:: Simple Tableau Viz
Plugin Slug:: simple-tableau-viz
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11817

Plugin:: Simple Youtube Shortcode
Plugin Slug:: simple-youtube-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11811

Plugin:: SM CountDown Widget
Plugin Slug:: smcountdown
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11880

Plugin:: ST Categories Widget
Plugin Slug:: st-category-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11878

Plugin:: This-or-That
Plugin Slug:: this-or-that
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10138

Plugin:: VNPAY Payment gateway
Plugin Slug:: vnpay-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12017

Plugin:: WooCommerce Designer Pro
Plugin Slug:: wc-designer-pro
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-6440

Plugin:: WP AD Gallery
Plugin Slug:: wp-ad-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11834

Plugin:: WP Responsive Meet The Team
Plugin Slug:: wp-responsive-meet-the-team
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11818

Plugin:: WP Restaurant Listings
Plugin Slug:: wp-restaurant-listings
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11830

Plugin:: WP-Thumbnail
Plugin Slug:: wp-thumbnail
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11819

Plugin:: BackWPup � WordPress Backup & Restore Plugin
Plugin Slug:: backwpup
Installations: 500,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.5.1
Severity Score:: Medium
CVE:: 2025-10579

Plugin:: PixelYourSite � Your smart PIXEL (TAG) & API Manager
Plugin Slug:: pixelyoursite
Installations: 500,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 11.1.2
Severity Score:: High
CVE:: 2025-10723

Plugin:: PixelYourSite � Your smart PIXEL (TAG) & API Manager
Plugin Slug:: pixelyoursite
Installations: 500,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 11.1.3
Severity Score:: Medium
CVE:: 2025-10588

Plugin:: Jeg Kit for Elementor � Powerful Elementor Addons, Widgets & Templates for WordPress
Plugin Slug:: jeg-elementor-kit
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2025-9978

Plugin:: Password Protected � Lock Entire Site, Pages, Posts, Categories, and Partial Content
Plugin Slug:: password-protected
Installations: 300,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.7.12
Severity Score:: Low
CVE:: 2025-11244

Plugin:: GenerateBlocks
Plugin Slug:: generateblocks
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2025-11879

Plugin:: User Feedback � Create Interactive Feedback Form, User Surveys, and Polls in Seconds
Plugin Slug:: userfeedback-lite
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.0
Severity Score:: Medium
CVE:: 2025-10694

Plugin:: Element Pack Addons for Elementor
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 8.2.6
Severity Score:: Medium
CVE:: 2025-11536

Plugin:: Real Cookie Banner: GDPR & ePrivacy Cookie Consent
Plugin Slug:: real-cookie-banner
Installations: 100,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 5.2.5
Severity Score:: Medium
CVE:: 2025-12136

Plugin:: Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
Plugin Slug:: themeisle-companion
Installations: 100,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.0.2
Severity Score:: Medium
CVE:: 2025-10874

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.0
Severity Score:: Medium
CVE:: 2025-6680

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.0
Severity Score:: Medium
CVE:: 2025-11564

Plugin:: Widget Options � Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.3
Severity Score:: Medium
CVE:: 2025-10580

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +21 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2025-11823

Plugin:: Social Feed Gallery
Plugin Slug:: insta-gallery
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.3
Severity Score:: Medium
CVE:: 2025-10637

Plugin:: Ajax Search Lite � Live Search & Filter
Plugin Slug:: ajax-search-lite
Installations: 80,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.13.4
Severity Score:: Medium
CVE:: 2025-48086

Plugin:: Meta Tag Manager
Plugin Slug:: meta-tag-manager
Installations: 80,000+
Vulnerability:: Open Redirection
Patched in Version:: 3.3
Severity Score:: Medium
CVE:: 2025-5983

Plugin:: ShopEngine Elementor WooCommerce Builder Addon � All in One WooCommerce Solution
Plugin Slug:: shopengine
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.8.5
Severity Score:: Low
CVE:: 2025-11888

Plugin:: Product Filter by WBW
Plugin Slug:: woo-product-filter
Installations: 60,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.9.8
Severity Score:: Critical
CVE:: 2025-8416

Plugin:: Product Filter by WBW
Plugin Slug:: woo-product-filter
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2025-11269

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.6
Severity Score:: Medium
CVE:: 2025-7730

Plugin:: RSS Aggregator by Feedzy � Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 5.1.1
Severity Score:: Medium
CVE:: 2025-11128

Plugin:: Simple Banner � Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website
Plugin Slug:: simple-banner
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.0
Severity Score:: Medium
CVE:: 2025-12033

Plugin:: Fast Velocity Minify
Plugin Slug:: fast-velocity-minify
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.2
Severity Score:: Medium
CVE:: 2025-12034

Plugin:: Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Plugin Slug:: popup-builder-block
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.1.5
Severity Score:: High
CVE:: 2025-10861

Plugin:: Gutenberg Blocks � PublishPress Blocks Controls, Visibility, Reusable Blocks
Plugin Slug:: advanced-gutenberg
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2025-8588

Plugin:: Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
Plugin Slug:: directorist
Installations: 20,000+
Vulnerability:: Path Traversal
Patched in Version:: 8.4.9
Severity Score:: High
CVE:: 2025-10488

Plugin:: Welcart e-Commerce
Plugin Slug:: usc-e-shop
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.23
Severity Score:: Medium
CVE:: 2025-10651

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.9
Severity Score:: Critical
CVE:: 2025-4203

Plugin:: Web Accessibility by accessiBe
Plugin Slug:: accessibe
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.11
Severity Score:: Medium
CVE:: 2025-49920

Plugin:: Charitable � Donation Plugin for WordPress � Fundraising with Recurring Donations & More
Plugin Slug:: charitable
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.8.8.5
Severity Score:: High
CVE:: 2025-11893

Plugin:: King Addons for Elementor � 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor
Plugin Slug:: king-addons
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 51.1.37
Severity Score:: Critical
CVE:: 2025-6325

Plugin:: King Addons for Elementor � 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor
Plugin Slug:: king-addons
Installations: 10,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 51.1.37
Severity Score:: Critical
CVE:: 2025-6327

Plugin:: Testimonial Carousel For Elementor
Plugin Slug:: testimonials-carousel-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.7.0
Severity Score:: Medium
CVE:: 2025-8666

Plugin:: WP VR � 360 Panorama and Free Virtual Tour Builder For WordPress
Plugin Slug:: wpvr
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.5.42
Severity Score:: Medium
CVE:: 2025-12005

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.3
Severity Score:: Medium
CVE:: 2025-5803

Plugin:: Stripe Payment Forms by WP Full Pay � Accept Credit Card Payments, Donations & Subscriptions
Plugin Slug:: wp-full-stripe-free
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: 8.3.2
Severity Score:: Critical
CVE:: 2025-9322

Plugin:: Password Policy Manager | Password Manager
Plugin Slug:: password-policy-manager
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2025-11255

Plugin:: Simple Registration for WooCommerce
Plugin Slug:: woocommerce-simple-registration
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.9
Severity Score:: High
CVE:: 2025-12095

Plugin:: Watu Quiz
Plugin Slug:: watu
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.5
Severity Score:: High
CVE:: 2025-11238

Plugin:: WPMobile.App
Plugin Slug:: wpappninja
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.72
Severity Score:: High
CVE:: 2025-62074

Plugin:: Email Subscription Popup
Plugin Slug:: email-subscribe
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.27
Severity Score:: Medium
CVE:: 2025-49912

Plugin:: Discussion Board � WordPress Forum Plugin
Plugin Slug:: wp-discussion-board
Installations: 2,000+
Vulnerability:: Content Injection
Patched in Version:: 2.5.6
Severity Score:: Medium
CVE:: 2025-8483

Plugin:: Flexible Refund and Return Order for WooCommerce
Plugin Slug:: flexible-refund-and-return-order-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.39
Severity Score:: Medium
CVE:: 2025-10570

Plugin:: Range Slider Addon for Gravity Forms
Plugin Slug:: range-slider-addon-for-gravity-forms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.7
Severity Score:: High
CVE:: 2025-49905

Plugin:: MDTF � Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2025-49907

Plugin:: WPComplete
Plugin Slug:: wpcomplete
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.5.4
Severity Score:: Medium
CVE:: 2025-49906

Plugin:: ZoloBlocks � Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns
Plugin Slug:: zoloblocks
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.12
Severity Score:: Medium
CVE:: 2025-12134

Plugin:: All in One Time Clock Lite � Tracking Employee Time Has Never Been Easier
Plugin Slug:: aio-time-clock-lite
Installations: 800+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2025-6833

Plugin:: FormGent � Next-Gen AI Form Builder for WordPress with Multi-Step, Quizzes, Payments & More
Plugin Slug:: formgent
Installations: 800+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.0.4
Severity Score:: High
CVE:: 2025-10916

Plugin:: MxChat � AI Chatbot for WordPress
Plugin Slug:: mxchat-basic
Installations: 800+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-10705

Plugin:: WhyDonate � FREE Donate button � Crowdfunding � Fundraising
Plugin Slug:: wp-whydonate
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.16
Severity Score:: Medium
CVE:: 2025-49899

Plugin:: Time Clock � A WordPress Employee & Volunteer Time Clock Plugin
Plugin Slug:: time-clock
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2025-10701

Plugin:: AI Chatbot Free Models � Customer Support, Live Chat, Virtual Assistant
Plugin Slug:: chatbot-ai-free-models
Installations: 100+
Vulnerability:: CSV Injection
Patched in Version:: 1.6.6
Severity Score:: Medium
CVE:: 2025-11576