Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a blue gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � April 16, 2025

[email protected]

In this report, 374 vulnerabilities have been publicly disclosed. Security patches for 90 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 284 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8 “Cecil” is here! Launched April 15, 2025, it honors jazz legend Cecil Taylor, whose pioneering piano fused chaos and harmony. Explore its bold features with the same experimental spirit.

Plus, WordCamp Europe 2025 lands in Basel, Switzerland, June 5-7! Connect with WordPress enthusiasts, developers, and pros for three days of learning, networking, and collaboration with the global community.

WordPress Plugins � 87 Patched / 272 Unpatched

Plugin:: Ally � Web Accessibility & Usability
Plugin Slug:: pojo-accessibility
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32640

Plugin:: WP Table Builder � WordPress Table Plugin
Plugin Slug:: wp-table-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32598

Plugin:: MapGeo � Interactive Geo Maps
Plugin Slug:: interactive-geo-maps
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32525

Plugin:: PowerPress Podcasting plugin by Blubrry
Plugin Slug:: powerpress
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32691

Plugin:: Accordion � AI FAQ, Accordion, Tabs, Image Accordion, Product FAQ, FAQ Builder, FAQ Grid
Plugin Slug:: accordions
Installations: 20,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32143

Plugin:: Asgaros Forum
Plugin Slug:: asgaros-forum
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32227

Plugin:: Flo Forms � Easy Drag & Drop Form Builder
Plugin Slug:: flo-forms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32213

Plugin:: Ray Enterprise Translation
Plugin Slug:: lingotek-translation
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31030

Plugin:: Motors � Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32654

Plugin:: Store Exporter � Export WooCommerce Products, Orders, Subscriptions, Customers
Plugin Slug:: woocommerce-exporter
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32539

Plugin:: Arconix FAQ
Plugin Slug:: arconix-faq
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32531

Plugin:: Event Manager and Tickets Selling Plugin for WooCommerce � WpEvently � WordPress Plugin
Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32145

Plugin:: Ultimate Bootstrap Elements for Elementor
Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Installations: 7,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32672

Plugin:: EventON � Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32614

Plugin:: Cool Flipbox � Shortcode & Gutenberg Block
Plugin Slug:: flip-boxes
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32521

Plugin:: Specia Companion
Plugin Slug:: specia-companion
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32212

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32275

Plugin:: Swatchly � WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)
Plugin Slug:: swatchly
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2719

Plugin:: License For Envato
Plugin Slug:: license-envato
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32566

Plugin:: Affiliate Links: WordPress Plugin for Link Cloaking and Link Management
Plugin Slug:: affiliate-links
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32639

Plugin:: Logo Showcase Ultimate � Logo Carousel, Logo Slider & Logo Grid
Plugin Slug:: logo-showcase-ultimate
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32499

Plugin:: Widgetize Pages Light
Plugin Slug:: widgetize-pages-light
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32117

Plugin:: EazyDocs � Most Powerful Knowledge base, wiki, Documentation Builder Plugin
Plugin Slug:: eazydocs
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32221

Plugin:: Piotnet Forms
Plugin Slug:: piotnetforms
Installations: 3,000+
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2025-32205

Plugin:: Simple Spoiler
Plugin Slug:: simple-spoiler
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31020

Plugin:: Wallet System for WooCommerce
Plugin Slug:: wallet-system-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32530

Plugin:: WooCommerce � Payphone Gateway
Plugin Slug:: wc-payphone-gateway
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32523

Plugin:: Insert or Embed Articulate Content into WordPress
Plugin Slug:: insert-or-embed-articulate-content-into-wordpress
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32202

Plugin:: Solace Extra
Plugin Slug:: solace-extra
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32652

Plugin:: RestroPress � Online Food Ordering System
Plugin Slug:: restropress
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32553

Plugin:: Ultimate WP Mail
Plugin Slug:: ultimate-wp-mail
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32694

Plugin:: WordPress Webinar Plugin � WebinarPress
Plugin Slug:: wp-webinarsystem
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32693

Plugin:: Real Estate Manager � Property Listing and Agent Management
Plugin Slug:: real-estate-manager
Installations: 900+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32668

Plugin:: WP-Hijri
Plugin Slug:: wp-hijri
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32560

Plugin:: Database Toolset
Plugin Slug:: database-toolset
Installations: 800+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32633

Plugin:: FraudLabs Pro for WooCommerce
Plugin Slug:: fraudlabs-pro-for-woocommerce
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32659

Plugin:: JS Job Manager
Plugin Slug:: js-jobs
Installations: 800+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32660

Plugin:: JS Job Manager
Plugin Slug:: js-jobs
Installations: 800+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32627

Plugin:: Mergado Pack
Plugin Slug:: mergado-marketing-pack
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32669

Plugin:: Nepali Date Utilities
Plugin Slug:: nepali-date-utilities
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32664

Plugin:: Waymark
Plugin Slug:: waymark
Installations: 800+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32487

Plugin:: Waymark
Plugin Slug:: waymark
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32495

Plugin:: Broadstreet
Plugin Slug:: broadstreet
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32211

Plugin:: Doppler Forms
Plugin Slug:: doppler-form
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32620

Plugin:: Doppler Forms
Plugin Slug:: doppler-form
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32667

Plugin:: MapSVG � Vector maps, Image maps, Google Maps
Plugin Slug:: mapsvg-lite-interactive-vector-maps
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32683

Plugin:: MapSVG � Vector maps, Image maps, Google Maps
Plugin Slug:: mapsvg-lite-interactive-vector-maps
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32684

Plugin:: Movylo Marketing Automation
Plugin Slug:: movylo-widget
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32608

Plugin:: Accessibility Suite by Ability, Inc
Plugin Slug:: online-accessibility
Installations: 700+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32650

Plugin:: Accessibility Suite by Ability, Inc
Plugin Slug:: online-accessibility
Installations: 700+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32215

Plugin:: Bulk Product Sync � Bulk Product Editor for WooCommerce with Google Sheets�
Plugin Slug:: sync-wc-google
Installations: 700+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31599

Plugin:: Build App Online
Plugin Slug:: build-app-online
Installations: 600+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32577

Plugin:: Question Answer
Plugin Slug:: question-answer
Installations: 600+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32647

Plugin:: Question Answer
Plugin Slug:: question-answer
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32646

Plugin:: Request Call Back
Plugin Slug:: request-call-back
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32483

Plugin:: Canonical Attachments
Plugin Slug:: canonical-attachments
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32543

Plugin:: Interactive US Map
Plugin Slug:: interactive-us-map
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32661

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Installations: 500+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32144

Plugin:: Eazy Plugin Manager � Powerful Plugin Management Solution for WordPress
Plugin Slug:: plugins-on-steroids
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32542

Plugin:: Review Stream
Plugin Slug:: review-stream
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32680

Plugin:: RS Elements Elementor Addon
Plugin Slug:: rselements-lite
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26745

Plugin:: User Registration Using Contact Form 7
Plugin Slug:: user-registration-using-contact-form-7
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32679

Plugin:: Wishlist
Plugin Slug:: wishlist
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32618

Plugin:: WP Show Stats
Plugin Slug:: wp-show-stats
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32678

Plugin:: Anant Addons for Elementor
Plugin Slug:: anant-addons-for-elementor
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32641

Plugin:: WordPress Spam Blocker | Stop Spam for Contact Form 7, WP Forms and Formidable Forms
Plugin Slug:: cf7-manual-spam-blocker
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32581

Plugin:: Coming Soon Countdown
Plugin Slug:: coming-soon-countdown
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32578

Plugin:: DeBounce Email Validator
Plugin Slug:: debounce-io-email-validator
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32580

Plugin:: Duplicate Title Checker
Plugin Slug:: duplicate-title-checker
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32558

Plugin:: Epeken All Kurir Plugin for Woocommerce Full Version
Plugin Slug:: epeken-all-kurir
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32673

Plugin:: Projectopia � WordPress Project Management
Plugin Slug:: projectopia-core
Installations: 400+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32648

Plugin:: SERPed.net
Plugin Slug:: serped-net
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32651

Plugin:: Spider Elements � Crafted UX First Addons for Elementor
Plugin Slug:: spider-elements
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32216

Plugin:: WP AutoKeyword
Plugin Slug:: wp-autokeyword
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32582

Plugin:: WPSmartContracts
Plugin Slug:: wp-smart-contracts
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31565

Plugin:: WP w3all phpBB
Plugin Slug:: wp-w3all-phpbb-integration
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32575

Plugin:: Custom Posts Order
Plugin Slug:: custom-posts-order
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32645

Plugin:: Czater.pl � live chat i telefon
Plugin Slug:: czater
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32624

Plugin:: Lock Your Updates Plugins/Themes Manager
Plugin Slug:: lock-your-updates
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32537

Plugin:: TableOn � WordPress Posts Table Filterable�
Plugin Slug:: posts-table-filterable
Installations: 300+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32569

Plugin:: Print Science Designer
Plugin Slug:: print-science-designer
Installations: 300+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32671

Plugin:: Silvasoft boekhouden
Plugin Slug:: silvasoft-boekhouden
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32504

Plugin:: Task Scheduler
Plugin Slug:: task-scheduler
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32599

Plugin:: WP Abstracts
Plugin Slug:: wp-abstracts-manuscripts-manager
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32591

Plugin:: ABA PayWay Payment Gateway for WooCommerce
Plugin Slug:: aba-payway-woocommerce-payment-gateway
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32586

Plugin:: Connector to CiviCRM with CiviMcRestFace
Plugin Slug:: connector-civicrm-mcrestface
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32551

Plugin:: Foliopress WYSIWYG
Plugin Slug:: foliopress-wysiwyg
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32610

Plugin:: Multiple Location Google Map
Plugin Slug:: multiple-location-google-map
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32617

Plugin:: Nimbata Call Tracking
Plugin Slug:: nimbata-call-tracking
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32616

Plugin:: Oxygen MyData for WooCommerce
Plugin Slug:: oxygen-mydata
Installations: 200+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32631

Plugin:: REVE Chat � AI-powered Chatbot & Live Chat Plugin for WordPress
Plugin Slug:: revechat
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32559

Plugin:: Service Booking & Scheduling Solution | All-in-one Booking Systems
Plugin Slug:: service-booking-manager
Installations: 200+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32607

Plugin:: Total processing card payments for WooCommerce
Plugin Slug:: totalprocessing-card-payments
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32513

Plugin:: Tournamatch
Plugin Slug:: tournamatch
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32600

Plugin:: User Session Synchronizer
Plugin Slug:: user-session-synchronizer
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32612

Plugin:: Product Excel Import Export & Bulk Edit for WooCommerce
Plugin Slug:: webd-woocommerce-product-excel-importer-bulk-edit
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32674

Plugin:: WooCommerce Sales MIS Report
Plugin Slug:: woocommerce-mis-report
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32541

Plugin:: Workbox Video from Vimeo & Youtube Plugin
Plugin Slug:: workbox-video-from-vimeo-youtube-plugin
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32534

Plugin:: AWSA Shipping � Advanced Shipping for Woocommerce and Dokan
Plugin Slug:: awsa-shipping
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32604

Plugin:: Chat2
Plugin Slug:: chat2
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32584

Plugin:: ChillPay WooCommerce
Plugin Slug:: chillpay-payment-gateway
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32570

Plugin:: Clinked Client Portal
Plugin Slug:: clinked-client-portal
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32615

Plugin:: Codescar Radio Widget
Plugin Slug:: codescar-radio-widget
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32500

Plugin:: WordPress Events Calendar Plugin � connectDaily
Plugin Slug:: connect-daily-web-calendar
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32597

Plugin:: Course Booking System
Plugin Slug:: course-booking-system
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32508

Plugin:: Credova Financial
Plugin Slug:: credova-financial
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32588

Plugin:: EmpikPlace for Woocommerce
Plugin Slug:: empik-for-woocommerce
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32568

Plugin:: Error Log Viewer By WP Guru
Plugin Slug:: error-log-viewer-wp
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32681

Plugin:: FAT Cooming Soon
Plugin Slug:: fat-coming-soon
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32663

Plugin:: Flexi � Guest Submit
Plugin Slug:: flexi
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32589

Plugin:: GB Gallery Slideshow
Plugin Slug:: gb-gallery-slideshow
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32649

Plugin:: iCal Feeds
Plugin Slug:: ical-feeds
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32528

Plugin:: KeyCAPTCHA � Social WordPress CAPTCHA
Plugin Slug:: keycaptcha
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32619

Plugin:: Listings for Buildium
Plugin Slug:: listings-for-buildium
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32606

Plugin:: Local Magic
Plugin Slug:: local-magic
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32636

Plugin:: Popping Content Light
Plugin Slug:: popping-content-light
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32115

Plugin:: QR Master
Plugin Slug:: qr-master
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32116

Plugin:: RentSyst � CRM solution for fleet management
Plugin Slug:: rentsyst
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32501

Plugin:: Download Manager and Payment Form WordPress Plugin � WP SmartPay
Plugin Slug:: smartpay
Installations: 100+
Vulnerability:: Other Vulnerability Type
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32689

Plugin:: Sync Posts
Plugin Slug:: sync-posts
Installations: 100+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32579

Plugin:: UXsniff AI-powered Heatmaps and Session Recordings
Plugin Slug:: ux-sniff
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32532

Plugin:: Web2application Convert your website to android and IOS apps with push notifications , web push , free ajax products search for woocommerce and many more advanced features
Plugin Slug:: web2application
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32590

Plugin:: WooCommerce Products without featured images
Plugin Slug:: woocommerce-products-without-featured-images
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32545

Plugin:: WP Featured Screenshot
Plugin Slug:: wp-featured-screenshot
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32557

Plugin:: WP Map Route Planner
Plugin Slug:: wp-map-route-planner
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32621

Plugin:: WP Online Users Stats
Plugin Slug:: wp-online-users-stats
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32603

Plugin:: WP Remote Thumbnail
Plugin Slug:: wp-remote-thumbnail
Installations: 100+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32140

Plugin:: WPshop 2 � E-Commerce
Plugin Slug:: wpshop
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32576

Plugin:: PlainInventory � Inventory Management Plugin
Plugin Slug:: z-inventory-manager
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32623

Plugin:: 5sterrenspecialist
Plugin Slug:: 5-sterrenspecialist
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32114

Plugin:: Add Product Frontend for WooCommerce
Plugin Slug:: add-product-frontend-for-woocommerce
Installations: 90+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32593

Plugin:: Easy Post Duplicator
Plugin Slug:: easy-post-duplicator
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32538

Plugin:: Easy Post Duplicator
Plugin Slug:: easy-post-duplicator
Installations: 90+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32567

Plugin:: Neon Product Designer
Plugin Slug:: neon-product-designer-for-woocommerce
Installations: 90+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32565

Plugin:: Restrict User Registration
Plugin Slug:: restrict-user-registration
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32655

Plugin:: Verowa Connect
Plugin Slug:: verowa-connect
Installations: 90+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32676

Plugin:: WP Easy Poll
Plugin Slug:: wp-easy-poll-afo
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32562

Plugin:: CM Registration � Tailored tool for seamless login and invitation-based registrations
Plugin Slug:: cm-invitation-codes
Installations: 80+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32210

Plugin:: Flags Widget
Plugin Slug:: flags-widget
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32479

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32214

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 80+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32242

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 80+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32208

Plugin:: Review Stars Count For WooCommerce
Plugin Slug:: review-stars-count-for-woocommerce
Installations: 80+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32687

Plugin:: Spark GF Failed Submissions
Plugin Slug:: spark-gf-failed-submissions
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32670

Plugin:: T&P Gallery Slider
Plugin Slug:: tp-gallery-slider
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32527

Plugin:: WP-Planification � WP-Planning
Plugin Slug:: wp-planification
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32484

Plugin:: Custom Smilies
Plugin Slug:: custom-smilies
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32482

Plugin:: Nino Social Connect
Plugin Slug:: nino-social-connect
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32481

Plugin:: AI Content Writer, Autoblogging, Youtube Subtitle to Article � SEO Help
Plugin Slug:: seo-help
Installations: 70+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32675

Plugin:: AI Content Writer, Autoblogging, Youtube Subtitle to Article � SEO Help
Plugin Slug:: seo-help
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32244

Plugin:: Windows Live Writer
Plugin Slug:: windows-live-writer
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32480

Plugin:: WP-BusinessDirectory � Business directory plugin for WordPress
Plugin Slug:: wp-businessdirectory
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32630

Plugin:: WP-BusinessDirectory � Business directory plugin for WordPress
Plugin Slug:: wp-businessdirectory
Installations: 70+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32629

Plugin:: WP-Easy Menu
Plugin Slug:: wp-easy-menu
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32477

Plugin:: All push notification for WP
Plugin Slug:: all-push-notification
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32546

Plugin:: All push notification for WP
Plugin Slug:: all-push-notification
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32547

Plugin:: Automatic Ban IP
Plugin Slug:: automatic-ban-ip
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32632

Plugin:: WP_DEBUG Toggle
Plugin Slug:: enable-wp-debug-toggle
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32561

Plugin:: HTML5 Video Player with Playlist
Plugin Slug:: html5-video-player-with-playlist
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32536

Plugin:: ePaper Lister for Yumpu
Plugin Slug:: magazine-lister-for-yumpu
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32502

Plugin:: Processing Projects
Plugin Slug:: processing-projects
Installations: 60+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32206

Plugin:: Terminal Africa
Plugin Slug:: terminal-africa
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32515

Plugin:: WooCommerce TBC Credit Card Payment Gateway (Free)
Plugin Slug:: woo-tbc-payment-gateway
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32611

Plugin:: WP SexyLightBox
Plugin Slug:: wp-sexylightbox
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32478

Plugin:: WP Calais Auto Tagger
Plugin Slug:: calais-auto-tagger
Installations: 50+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32563

Plugin:: Link Shield
Plugin Slug:: link-shield
Installations: 50+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32503

Plugin:: ShopApper: Mobile App for WooCommerce
Plugin Slug:: mobile-app-for-woocommerce
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32638

Plugin:: Mobile Blocks
Plugin Slug:: mobile-pages
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32625

Plugin:: Paid Videochat Turnkey Site � HTML5 PPV Live Webcams
Plugin Slug:: ppv-live-webcams
Installations: 50+
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31380

Plugin:: Shop Products Filter
Plugin Slug:: trusty-woo-products-filter
Installations: 50+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32585

Plugin:: WooCommerce Pickupp
Plugin Slug:: wc-pickupp
Installations: 50+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32587

Plugin:: WooCommerce Loyal Customers
Plugin Slug:: woocommerce-loyal-customer
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32544

Plugin:: IDonate � Blood Donation, Request And Donor Management System
Plugin Slug:: idonate
Installations: 40+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32519

Plugin:: SEO, Nutrition and Print for Recipes by Edamam
Plugin Slug:: seo-nutrition-and-print-for-recipes-by-edamam
Installations: 40+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32555

Plugin:: Simple Post Meta Manager
Plugin Slug:: simple-post-meta-manager
Installations: 40+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32556

Plugin:: WP Social Stream Designer
Plugin Slug:: social-stream-design
Installations: 40+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32677

Plugin:: iONE360 configurator
Plugin Slug:: ione360-configurator
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32529

Plugin:: MultiMailer
Plugin Slug:: scand-multi-mailer
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32517

Plugin:: MultiMailer
Plugin Slug:: scand-multi-mailer
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32505

Plugin:: AT Internet SmartTag
Plugin Slug:: at-internet
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32506

Plugin:: Event Espresso � Custom Email Template Shortcode
Plugin Slug:: email-shortcode
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32507

Plugin:: Make Email Customizer for WooCommerce
Plugin Slug:: make-email-customizer-for-woocommerce
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32511

Plugin:: Nearby Locations
Plugin Slug:: nearby-locations
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32128

Plugin:: Related Videos for JW Player
Plugin Slug:: related-videos-for-jw-player
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32516

Plugin:: Revamp CRM for WooCommerce
Plugin Slug:: revampcrm-woocommerce
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32512

Plugin:: WooCommerce Estimate and Quote � Live Product Cost Estimation and Quotation system for WordPress
Plugin Slug:: wc-estimate-and-quote
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32514

Plugin:: WordPress Health and Server Condition � Integrated with Google Page Speed
Plugin Slug:: wp-condition
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32520

Plugin:: WP Inquiries
Plugin Slug:: wp-inquiries
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32685

Plugin:: ZooEffect
Plugin Slug:: 1-jquery-photo-gallery-slideshow-flash
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26954

Plugin:: AAWP Obfuscator
Plugin Slug:: aawp-obfuscator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3432

Plugin:: Accredible Certificates & Open Badges
Plugin Slug:: accredible-certificates
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13909

Plugin:: Advanced Custom Fields: Link Picker Field
Plugin Slug:: acf-link-picker-field
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26746

Plugin:: Activity Reactions For Buddypress
Plugin Slug:: activity-reactions-for-buddypress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31006

Plugin:: Admin Menu Post List
Plugin Slug:: admin-menu-post-list
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32492

Plugin:: Advance WP Query Search Filter
Plugin Slug:: advance-wp-query-search-filter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26743

Plugin:: Advanced Advertising System
Plugin Slug:: advanced-advertising-system
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3433

Plugin:: Advanced Tag Lists
Plugin Slug:: advanced-tag-list
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32476

Plugin:: AF Tell a Friend
Plugin Slug:: af-tell-a-friend
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31404

Plugin:: AnyTrack Affiliate Link Manager
Plugin Slug:: anytrack-affiliate-link-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31041

Plugin:: Aria Font
Plugin Slug:: aria-font
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32488

Plugin:: azurecurve Shortcodes in Comments
Plugin Slug:: azurecurve-shortcodes-in-comments
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2809

Plugin:: BP Social Connect
Plugin Slug:: bp-social-connect
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32493

Plugin:: Brizy Pro
Plugin Slug:: brizy-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26902

Plugin:: Brizy Pro
Plugin Slug:: brizy-pro
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26901

Plugin:: Buddypress Humanity
Plugin Slug:: buddypress-humanity
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31033

Plugin:: C9 Blocks
Plugin Slug:: c9-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26951

Plugin:: Cart66 Cloud
Plugin Slug:: cart66-cloud
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2841

Plugin:: Cart66 Cloud
Plugin Slug:: cart66-cloud
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32653

Plugin:: CG Scroll To Top
Plugin Slug:: cg-scroll-to-top
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31399

Plugin:: Checkout Mestres WP
Plugin Slug:: checkout-mestres-wp
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32695

Plugin:: Comment Validation Reloaded
Plugin Slug:: comment-validation-reloaded
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31026

Plugin:: Customize Login Page
Plugin Slug:: customize-login-page
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31034

Plugin:: Developer Toolbar
Plugin Slug:: developer-toolbar
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2881

Plugin:: ZoomSounds
Plugin Slug:: dzs-zoomsounds
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3431

Plugin:: Easy Custom CSS
Plugin Slug:: easy-custom-css
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31395

Plugin:: Embedder
Plugin Slug:: embedder
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3417

Plugin:: Essential Breadcrumbs
Plugin Slug:: essential-breadcrumbs
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31038

Plugin:: FireDrum Email Marketing
Plugin Slug:: firedrum-email-marketing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31018

Plugin:: Sandwich Adsense
Plugin Slug:: firsth3tagadsense
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31042

Plugin:: FrescoChat Live Chat
Plugin Slug:: flexytalk-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31383

Plugin:: FS Poster
Plugin Slug:: fs-poster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30962

Plugin:: Global Gallery
Plugin Slug:: global-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22263

Plugin:: Hamburger Icon Menu Lite
Plugin Slug:: hamburger-icon-menu-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32548

Plugin:: Insert HTML Here
Plugin Slug:: insert-html-here
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31379

Plugin:: Language Field
Plugin Slug:: language-field
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31382

Plugin:: Linet ERP-Woocommerce Integration
Plugin Slug:: linet-erp-woocommerce-integration
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31411

Plugin:: Melhor Envio
Plugin Slug:: melhor-envio-cotacao
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13820

Plugin:: MMX – Make Me Christmas
Plugin Slug:: mmx-make-me-christmas
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31401

Plugin:: Mobile Smart
Plugin Slug:: mobile-smart
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31021

Plugin:: More Mime Type Filters
Plugin Slug:: more-mime-type-filters
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31394

Plugin:: My auctions allegro
Plugin Slug:: my-auctions-allegro-free-edition
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27009

Plugin:: NewsBoard Post and RSS Scroller
Plugin Slug:: newsboard
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31402

Plugin:: Oppso Unit Converter
Plugin Slug:: oppso-unit-converter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31378

Plugin:: ORDER POST
Plugin Slug:: order-post
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2805

Plugin:: Payment Forms for Paystack
Plugin Slug:: payment-forms-for-paystack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10894

Plugin:: Rankology SEO – On-site SEO
Plugin Slug:: rankology-seo-all-in-one-seo-analytics
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32491

Plugin:: reCAPTCHA Jetpack
Plugin Slug:: recaptcha-jetpack
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32494

Plugin:: Rich Table of Contents
Plugin Slug:: rich-table-of-content
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31004

Plugin:: Scheduled
Plugin Slug:: scheduled
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31375

Plugin:: Script Compressor
Plugin Slug:: script-compressor
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31391

Plugin:: Seo Meta Tags
Plugin Slug:: seo-meta-tags
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31023

Plugin:: Simple WP Events
Plugin Slug:: simple-wp-events
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32594

Plugin:: Simple WP Events
Plugin Slug:: simple-wp-events
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32509

Plugin:: Coming Soon, Maintenance Mode
Plugin Slug:: site-mode
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26894

Plugin:: Site Notify
Plugin Slug:: site-notify
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32240

Plugin:: Site Table of Contents
Plugin Slug:: site-table-of-contents
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31385

Plugin:: Smart Product Gallery Slider
Plugin Slug:: smart-product-gallery-slider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31392

Plugin:: Social Bookmarking RELOADED
Plugin Slug:: social-bookmarking-reloaded
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31393

Plugin:: Social Crowd
Plugin Slug:: social-crowd
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31390

Plugin:: Spoiler Block
Plugin Slug:: spoiler-block
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32497

Plugin:: Stop Registration Spam
Plugin Slug:: stop-registration-spam
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32564

Plugin:: Testimonial Slider And Showcase Pro
Plugin Slug:: testimonial-slider-showcase-pro
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32657

Plugin:: Testimonial Slider And Showcase Pro
Plugin Slug:: testimonial-slider-showcase-pro
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32656

Plugin:: The World
Plugin Slug:: the-world
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31388

Plugin:: TuriTop Booking System
Plugin Slug:: turitop-booking-system
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32571

Plugin:: Twispay Credit Card Payments
Plugin Slug:: twispay
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32601

Plugin:: Ultra Demo Importer
Plugin Slug:: ut-demo-importer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32496

Plugin:: Vice Versa
Plugin Slug:: vice-versa
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27350

Plugin:: Vite Coupon
Plugin Slug:: vite-coupon
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32642

Plugin:: VKontakte Cross-Post
Plugin Slug:: vkontakte-cross-post
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32498

Plugin:: Wetterwarner
Plugin Slug:: wetterwarner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32489

Plugin:: Woo Product Feed For Marketing Channels
Plugin Slug:: woocommerce-to-google-merchant-center
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31377

Plugin:: WP Editor.md – The Perfect WordPress Markdown Editor
Plugin Slug:: wp-editormd
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31035

Plugin:: WP Food ordering and Restaurant Menu
Plugin Slug:: wp-food
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31040

Plugin:: WP-GeSHi-Highlight
Plugin Slug:: wp-geshi-highlight
Vulnerability:: Denial of Service Attack
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13896

Plugin:: WP Hide Categories
Plugin Slug:: wp-hide-categories
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31028

Plugin:: WP Performance Pack
Plugin Slug:: wp-performance-pack
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32485

Plugin:: wp secure
Plugin Slug:: wp-secure-by-sitesecuritymonitorcom
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32490

Plugin:: WP User Profiles
Plugin Slug:: wp-users-profiles
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31524

Plugin:: WPSolr
Plugin Slug:: wpsolr-free
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31036

Plugin:: WS Audio Player
Plugin Slug:: ws-audio-player
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31400

Plugin:: YouTube Embed
Plugin Slug:: youtube-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31008

Plugin:: Slider, Gallery, and Carousel by MetaSlider � Image Slider, Video Slider
Plugin Slug:: ml-slider
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.95.0
Severity Score:: Medium
CVE:: 2025-1203

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1013
Severity Score:: Medium
CVE:: 2025-1456

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 500,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.7.1007
Severity Score:: Medium
CVE:: 2025-26990

Plugin:: Broken Link Checker by AIOSEO � Easily Fix/Monitor Internal and External links
Plugin Slug:: broken-link-checker-seo
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.4
Severity Score:: High
CVE:: 2025-1264

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.35
Severity Score:: High
CVE:: 2025-2269

Plugin:: Everest Forms � Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
Plugin Slug:: everest-forms
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.2
Severity Score:: High
CVE:: 2025-3421

Plugin:: Everest Forms � Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
Plugin Slug:: everest-forms
Installations: 100,000+
Vulnerability:: Content Injection
Patched in Version:: 3.1.2
Severity Score:: Medium
CVE:: 2025-3422

Plugin:: Everest Forms � Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
Plugin Slug:: everest-forms
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1.2
Severity Score:: Critical
CVE:: 2025-3439

Plugin:: OttoKit: All-in-One Automation Platform (Formerly SureTriggers)
Plugin Slug:: suretriggers
Installations: 100,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.0.79
Severity Score:: High
CVE:: 2025-3102

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Content Injection
Patched in Version:: 3.4.1
Severity Score:: Medium
CVE:: 2025-32230

Plugin:: WooCommerce Multilingual & Multicurrency with WPML
Plugin Slug:: woocommerce-multilingual
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.9
Severity Score:: Medium
CVE:: 2025-26888

Plugin:: Clearfy Cache � WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.3
Severity Score:: Medium
CVE:: 2024-13337

Plugin:: User Registration & Membership � Custom Registration Form, Login Form, and User Profile
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.1.4
Severity Score:: Medium
CVE:: 2025-3282

Plugin:: User Registration & Membership � Custom Registration Form, Login Form, and User Profile
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.1.4
Severity Score:: Medium
CVE:: 2025-3292

Plugin:: Age Gate
Plugin Slug:: age-gate
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2025-31012

Plugin:: Real Testimonials � Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider
Plugin Slug:: testimonial-free
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.7
Severity Score:: Medium
CVE:: 2025-22269

Plugin:: WPFront User Role Editor
Plugin Slug:: wpfront-user-role-editor
Installations: 40,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.2
Severity Score:: High
CVE:: 2025-3064

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.68
Severity Score:: High
CVE:: 2025-2128

Plugin:: PowerPress Podcasting plugin by Blubrry
Plugin Slug:: powerpress
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.9.18
Severity Score:: Medium
CVE:: 2024-9230

Plugin:: PowerPress Podcasting plugin by Blubrry
Plugin Slug:: powerpress
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.12.16
Severity Score:: Medium
CVE:: 2025-32690

Plugin:: Uncanny Toolkit for LearnDash
Plugin Slug:: uncanny-learndash-toolkit
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0.2
Severity Score:: Medium
CVE:: 2025-22268

Plugin:: InstaWP Connect � 1-click WP Staging & Migration
Plugin Slug:: instawp-connect
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 0.1.0.86
Severity Score:: Critical
CVE:: 2025-2636

Plugin:: WordPress Mega Menu � QuadMenu
Plugin Slug:: quadmenu
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2025-2871

Plugin:: Motors � Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.67
Severity Score:: Medium
CVE:: 2025-3437

Plugin:: Motors � Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.65
Severity Score:: High
CVE:: 2025-2807

Plugin:: Motors � Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.64
Severity Score:: Medium
CVE:: 2025-2808

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.23
Severity Score:: Medium
CVE:: 2025-2541

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.23
Severity Score:: Medium
CVE:: 2025-3100

Plugin:: License Manager for WooCommerce
Plugin Slug:: license-manager-for-woocommerce
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.10
Severity Score:: High
CVE:: 2025-32522

Plugin:: Raptive Ads
Plugin Slug:: adthrive-ads
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.4
Severity Score:: High
CVE:: 2025-32554

Plugin:: WooCommerce Sync for QuickBooks Online � by MyWorks
Plugin Slug:: myworks-woo-sync-for-quickbooks-online
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.2
Severity Score:: High
CVE:: 2025-32524

Plugin:: TS Poll � Survey, Versus Poll, Image Poll, Video Poll
Plugin Slug:: poll-wp
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.7
Severity Score:: High
CVE:: 2025-3470

Plugin:: Logo Carousel Gutenberg Block
Plugin Slug:: awesome-logo-carousel-block
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.7
Severity Score:: Medium
CVE:: 2025-2083

Plugin:: SMTP for Amazon SES � YaySMTP
Plugin Slug:: smtp-amazon-ses
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9
Severity Score:: High
CVE:: 2025-3434

Plugin:: Responsive Addons for Elementor � Free Elementor Addons Plugin and Elementor Templates
Plugin Slug:: responsive-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.9.1
Severity Score:: Medium
CVE:: 2025-2225

Plugin:: SKT Blocks � Gutenberg based Page Builder
Plugin Slug:: skt-blocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2025-3276

Plugin:: SKT Blocks � Gutenberg based Page Builder
Plugin Slug:: skt-blocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9
Severity Score:: Medium
CVE:: 2025-26998

Plugin:: SKT Skill Bar
Plugin Slug:: skt-skill-bar
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4
Severity Score:: Medium
CVE:: 2025-26880

Plugin:: DSGVO Youtube
Plugin Slug:: dsgvo-youtube
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2025-26982

Plugin:: InPost Gallery
Plugin Slug:: inpost-gallery
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.4.4
Severity Score:: Medium
CVE:: 2025-26903

Plugin:: Nav Menu Manager
Plugin Slug:: noakes-menu-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.6
Severity Score:: Medium
CVE:: 2025-31017

Plugin:: Vayu Blocks � Gutenberg Blocks for WordPress & WooCommerce
Plugin Slug:: vayu-blocks
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2025-2568

Plugin:: WP Delete User Accounts
Plugin Slug:: wp-delete-user-accounts
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2025-26906

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.102
Severity Score:: High
CVE:: 2025-32526

Plugin:: Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Plugin Slug:: booking-and-rental-manager-for-woocommerce
Installations: 900+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.9
Severity Score:: High
CVE:: 2025-27011

Plugin:: Local google fonts, host google fonts locally by Easyfonts
Plugin Slug:: easyfonts
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-31005

Plugin:: Landing Page Cat � Coming Soon Page, Maintenance Page & Squeeze Pages
Plugin Slug:: landing-page-cat
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.9
Severity Score:: High
CVE:: 2025-26992

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3.7
Severity Score:: High
CVE:: 2025-3430

Plugin:: Nepali Date Converter
Plugin Slug:: nepali-date-converter
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2025-26950

Plugin:: OTP-less one tap Sign in
Plugin Slug:: otpless
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.59
Severity Score:: High
CVE:: 2025-32622

Plugin:: WPC Admin Columns
Plugin Slug:: wpc-admin-columns
Installations: 700+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.1.1
Severity Score:: High
CVE:: 2025-3418

Plugin:: Additional Custom Product Tabs for WooCommerce
Plugin Slug:: product-tabs-for-woocommerce
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2025-26749

Plugin:: Deliver via Shipos for WooCommerce
Plugin Slug:: wc-shipos-delivery
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.0
Severity Score:: High
CVE:: 2025-32533

Plugin:: WP Subscription Forms � Subscription Form Plugin for WordPress
Plugin Slug:: wp-subscription-forms
Installations: 500+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.5
Severity Score:: High
CVE:: 2025-32692

Plugin:: Z Companion
Plugin Slug:: z-companion
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2025-2575

Plugin:: Administrator Z
Plugin Slug:: administrator-z
Installations: 400+
Vulnerability:: Privilege Escalation
Patched in Version:: 2025.03.27
Severity Score:: High
CVE:: 2025-26959

Plugin:: Team Circle Image Slider With Lightbox
Plugin Slug:: circle-image-slider-with-lightbox
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.5
Severity Score:: High
CVE:: 2019-25223

Plugin:: WordPress SMTP Service, Email Delivery Solved! � MailHawk
Plugin Slug:: mailhawk
Installations: 400+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.2
Severity Score:: High
CVE:: 2025-31015

Plugin:: Squeeze � Image Optimization & Compression, WebP Conversion
Plugin Slug:: squeeze
Installations: 400+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.6.1
Severity Score:: Critical
CVE:: 2025-31002

Plugin:: Squeeze � Image Optimization & Compression, WebP Conversion
Plugin Slug:: squeeze
Installations: 400+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 1.6.1
Severity Score:: Low
CVE:: 2025-31003

Plugin:: CardGate Payments for WooCommerce
Plugin Slug:: cardgate
Installations: 300+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.2
Severity Score:: High
CVE:: 2025-32119

Plugin:: Crowdfunding for WooCommerce
Plugin Slug:: crowdfunding-for-woocommerce
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.13
Severity Score:: High
CVE:: 2025-32628

Plugin:: Sell access, Automate, and add Engaging Exclusive Discord Access: Introducing the MemberPress Discord Addon � Elevate Your Community!
Plugin Slug:: expresstechsoftwares-memberpress-discord-add-on
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: High
CVE:: 2025-32605

Plugin:: IP2Location World Clock
Plugin Slug:: ip2location-world-clock
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.10
Severity Score:: High
CVE:: 2025-32644

Plugin:: MSRP (RRP) Pricing for WooCommerce
Plugin Slug:: msrp-for-woocommerce
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: High
CVE:: 2025-32552

Plugin:: TableOn � WordPress Posts Table Filterable�
Plugin Slug:: posts-table-filterable
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.4
Severity Score:: High
CVE:: 2025-32592

Plugin:: Click & Pledge Connect Plugin
Plugin Slug:: click-pledge-connect
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: 2.24120000-WP6.7.1
Severity Score:: High
CVE:: 2025-32550

Plugin:: Total processing card payments for WooCommerce
Plugin Slug:: totalprocessing-card-payments
Installations: 200+
Vulnerability:: Arbitrary File Download
Patched in Version:: 7.1.6
Severity Score:: Medium
CVE:: 2025-32209

Plugin:: GreenPay(tm) by Green.Money
Plugin Slug:: green-money-payment-gateway
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.0.10
Severity Score:: Medium
CVE:: 2025-2882

Plugin:: IndieBlocks
Plugin Slug:: indieblocks
Installations: 100+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 0.13.2
Severity Score:: Medium
CVE:: 2025-31009

Plugin:: WordPress Internal Link Optimiser
Plugin Slug:: internal-link-finder
Installations: 100+
Vulnerability:: Settings Change
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2025-32243

Plugin:: Kargo Entegrat�r � WooCommerce Kargo Entegrasyon Eklentisi
Plugin Slug:: kargo-entegrator
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.15
Severity Score:: High
CVE:: 2025-26908

Plugin:: Email Notifications for Updates
Plugin Slug:: wp-update-mail-notification
Installations: 100+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.2.0
Severity Score:: High
CVE:: 2025-26741

Plugin:: Verowa Connect
Plugin Slug:: verowa-connect
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.5
Severity Score:: High
CVE:: 2025-32609

Plugin:: Material Dashboard
Plugin Slug:: material-dashboard
Installations: 80+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.4.7
Severity Score:: Critical
CVE:: 2025-32486

Plugin:: Material Dashboard
Plugin Slug:: material-dashboard
Installations: 80+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.6
Severity Score:: High
CVE:: 2025-31014

Plugin:: Shipping by Weight for WooCommerce
Plugin Slug:: dn-shipping-by-weight
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: High
CVE:: 2025-32535

Plugin:: Accept SagePay Payments Using Contact Form 7
Plugin Slug:: accept-sagepay-payments-using-contact-form-7
Installations: 10+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2025-2883

Plugin:: ALD Login Page
Plugin Slug:: ald-login-page
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3
Severity Score:: High
CVE:: 2025-32518

Plugin:: coreActivity: Activity Logging for WordPress
Plugin Slug:: coreactivity
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2025-3436

Plugin:: JetBlog
Plugin Slug:: jet-blog
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3.1
Severity Score:: Medium
CVE:: 2025-26744

Plugin:: JetCompareWishlist
Plugin Slug:: jet-compare-wishlist
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.10
Severity Score:: High
CVE:: 2025-22279

Plugin:: JetEngine
Plugin Slug:: jet-engine
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.5
Severity Score:: Medium
CVE:: 2025-26870

Plugin:: Pagopar – WooCommerce Gateway
Plugin Slug:: pagopar-woocommerce-gateway
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.8.0
Severity Score:: High
CVE:: 2025-31032

Plugin:: WPJobBoard
Plugin Slug:: wpjobboard
Vulnerability:: Path Traversal
Patched in Version:: 5.11.1
Severity Score:: Medium
CVE:: 2025-30966

Plugin:: WPJobBoard
Plugin Slug:: wpjobboard
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.11.1
Severity Score:: Critical
CVE:: 2025-30967

Plugin:: WPJobBoard
Plugin Slug:: wpjobboard
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.11.1
Severity Score:: Medium
CVE:: 2025-30965

WordPress Themes � 3 Patched / 12 Unpatched

Theme:: Arkhe
Theme Slug:: arkhe
Downloads: 91,582
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26748

Theme:: Industrial Lite
Theme Slug:: industrial-lite
Downloads: 100,465
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26955

Theme:: SpaBiz
Theme Slug:: spabiz
Downloads: 21,133
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26740

Theme:: AI Hub
Theme Slug:: aihub
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26927

Theme:: Bulk
Theme Slug:: bulk
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26867

Theme:: Celestial Aura
Theme Slug:: celestial-aura
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26892

Theme:: Customify
Theme Slug:: customify-theme
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26920

Theme:: Eximius
Theme Slug:: eximius
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26872

Theme:: Fazyvo
Theme Slug:: fazyvo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31418

Theme:: Grip
Theme Slug:: grip
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26735

Theme:: Photography
Theme Slug:: photography
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30964

Theme:: Wireless Butler
Theme Slug:: wireless-butler
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26997

Theme:: Streamit
Theme Slug:: streamit
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2025-2519

Theme:: Streamit
Theme Slug:: streamit
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.0.2
Severity Score:: Critical
CVE:: 2025-2525

Theme:: Streamit
Theme Slug:: streamit
Vulnerability:: Privilege Escalation
Patched in Version:: 4.0.3
Severity Score:: High
CVE:: 2025-2526