Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark blue gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � April 2, 2025

[email protected]

In this report, 542 vulnerabilities have been publicly disclosed. Security patches for 267 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 275 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8 Release Candidate 2 is ready for download and testing! This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it�s recommended that you evaluate RC2 on a test server and site.

WordPress Plugins � 263 Patched / 257 Unpatched

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31567

Plugin:: GTM Kit � Google Tag Manager & GA4 integration
Plugin Slug:: gtm-kit
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31001

Plugin:: OSM � OpenStreetMap
Plugin Slug:: osm
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31557

Plugin:: WDesignKit � Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
Plugin Slug:: wdesignkit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12189

Plugin:: WPCargo Track & Trace
Plugin Slug:: wpcargo
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31609

Plugin:: WP Mobile Bottom Menu
Plugin Slug:: mobile-bottom-menu-for-wp
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31525

Plugin:: IMPress for IDX Broker
Plugin Slug:: idx-broker-platinum
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31556

Plugin:: Sliced Invoices � WordPress Invoice Plugin
Plugin Slug:: sliced-invoices
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31628

Plugin:: Flag Icons
Plugin Slug:: language-icons-flags-switcher
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31575

Plugin:: Fusion Page Builder
Plugin Slug:: fusion
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31549

Plugin:: Gallery � Photo Albums Plugin
Plugin Slug:: easy-media-gallery
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31586

Plugin:: ELEX WooCommerce Request a Quote
Plugin Slug:: elex-request-a-quote
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31406

Plugin:: Quick Interest Slider
Plugin Slug:: quick-interest-slider
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26738

Plugin:: Safe Ai Malware Protection for WP
Plugin Slug:: safe-ai-malware-protection-for-wp
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31545

Plugin:: teachPress
Plugin Slug:: teachpress
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1320

Plugin:: Timeline Event History
Plugin Slug:: timeline-event-history
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31595

Plugin:: Directory Listings WordPress plugin � uListing
Plugin Slug:: ulisting
Installations: 2,000+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1653

Plugin:: Cal.com
Plugin Slug:: cal-com
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31604

Plugin:: Cryptocurrency Widgets Pack
Plugin Slug:: cryptocurrency-widgets-pack
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31539

Plugin:: Click to Chat � WP Support All-in-One Floating Widget
Plugin Slug:: support-chat
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31092

Plugin:: Swiss Toolkit For WP
Plugin Slug:: swiss-toolkit-for-wp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31546

Plugin:: Swiss Toolkit For WP
Plugin Slug:: swiss-toolkit-for-wp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31544

Plugin:: Price by Quantity & Bulk Quantity Discounts for WooCommerce
Plugin Slug:: wholesale-pricing-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31598

Plugin:: Group Chat & Video Chat by AtomChat
Plugin Slug:: atomchat
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31532

Plugin:: Simple Owl Carousel
Plugin Slug:: simple-owl-carousel
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31535

Plugin:: Slider Path for Elementor
Plugin Slug:: slider-path
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31529

Plugin:: StaticPress
Plugin Slug:: staticpress
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31528

Plugin:: Custom Database Applications by Caspio
Plugin Slug:: custom-database-applications-by-caspio
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31559

Plugin:: Google SEO Pressor for Rich snippets
Plugin Slug:: google-seo-author-snippets
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31530

Plugin:: History Log by click5
Plugin Slug:: history-log-by-click5
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31531

Plugin:: My auctions allegro
Plugin Slug:: my-auctions-allegro-free-edition
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31542

Plugin:: Behance Portfolio Manager
Plugin Slug:: portfolio-manager-powered-by-behance
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31526

Plugin:: TGG � WP Optimizer
Plugin Slug:: tgg-wp-optimizer
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31463

Plugin:: Uptime Robot Plugin for WordPress
Plugin Slug:: uptime-robot-monitor
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31562

Plugin:: Uptime Robot Plugin for WordPress
Plugin Slug:: uptime-robot-monitor
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31547

Plugin:: WP Link Preview
Plugin Slug:: wp-link-preview
Installations: 600+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31527

Plugin:: ACME Divi Modules
Plugin Slug:: acme-divi-modules
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31540

Plugin:: WordPress Appointment Booking and Online Scheduling Plugin by Appointy
Plugin Slug:: appointy-appointment-scheduler
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31601

Plugin:: CF7 Spreadsheets
Plugin Slug:: cf7-spreadsheets
Installations: 500+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31603

Plugin:: Checklist
Plugin Slug:: checklist
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31538

Plugin:: EZ SQL Reports Shortcode Widget and DB Backup
Plugin Slug:: elisqlreports
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-2319

Plugin:: Twice Commerce � Easy Rental Booking System
Plugin Slug:: embed-rentle
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31543

Plugin:: Flipdish Ordering System
Plugin Slug:: flipdish-ordering-system
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30601

Plugin:: Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Plugin Slug:: ai-auto-tool
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31564

Plugin:: Appointify
Plugin Slug:: appointify
Installations: 400+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31577

Plugin:: RSVPMaker
Plugin Slug:: rsvpmaker
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31552

Plugin:: Advanced WooCommerce Product Sales Reporting � Statistics & Forecast
Plugin Slug:: webd-woocommerce-advanced-reporting-statistics
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31553

Plugin:: WP AutoKeyword
Plugin Slug:: wp-autokeyword
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31579

Plugin:: SimplyRETS Real Estate IDX
Plugin Slug:: simply-rets
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31010

Plugin:: Auto Post After Image Upload
Plugin Slug:: auto-post-after-image-upload
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31611

Plugin:: Connector to CiviCRM with CiviMcRestFace
Plugin Slug:: connector-civicrm-mcrestface
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31618

Plugin:: Leadfox for WordPress
Plugin Slug:: leadfox
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31585

Plugin:: Ni WooCommerce Product Enquiry
Plugin Slug:: ni-woocommerce-product-enquiry
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31580

Plugin:: Send E-mail
Plugin Slug:: send-e-mail
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31592

Plugin:: Welcome Popup
Plugin Slug:: welcome-popup
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31605

Plugin:: WP Copy Media URL
Plugin Slug:: wp-copy-media-url
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31583

Plugin:: Related Posts Widget with Thumbnails
Plugin Slug:: advanced-css3-related-posts-widget
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31570

Plugin:: Apimo Connector
Plugin Slug:: apimo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31602

Plugin:: CBX Poll
Plugin Slug:: cbxpoll
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31612

Plugin:: ContentMX Content Publisher
Plugin Slug:: contentmx-content-publisher
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31555

Plugin:: CookieHint WP
Plugin Slug:: cookiehint-wp
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31608

Plugin:: Custom Content Scrollbar
Plugin Slug:: custom-content-scrollbar
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31574

Plugin:: WordPress Testimonials Slider
Plugin Slug:: elfsight-testimonials-slider
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31588

Plugin:: WordPress Testimonials Slider
Plugin Slug:: elfsight-testimonials-slider
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31587

Plugin:: WordPress Testimonials Slider
Plugin Slug:: elfsight-testimonials-slider
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31584

Plugin:: Rio Video Gallery
Plugin Slug:: rio-video-gallery
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31566

Plugin:: Shopper � Affiliate Link Management, 25000+ Brand Partnerships & Creative Product Displays
Plugin Slug:: shopper
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31534

Plugin:: Simple-Audioplayer
Plugin Slug:: simple-audioplayer
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31607

Plugin:: SP Blog Designer
Plugin Slug:: sp-blog-designer
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31606

Plugin:: Ultimate Live Cricket WordPress Lite
Plugin Slug:: ultimate-live-cricket-lite
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31597

Plugin:: AB Google Map Travel (AB-MAP)
Plugin Slug:: ab-google-map-travel
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31613

Plugin:: byBrick Accordion
Plugin Slug:: bybrick-accordion
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31621

Plugin:: CoverManager
Plugin Slug:: covermanager
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31620

Plugin:: OpenMenu � The official plugin for OpenMenu
Plugin Slug:: open-menu
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31593

Plugin:: wordpress related Posts with thumbnails
Plugin Slug:: related-posts-list-grid-and-slider-all-in-one
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31569

Plugin:: Terms Before Download
Plugin Slug:: terms-before-download
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31614

Plugin:: Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More
Plugin Slug:: ultimate-push-notifications
Installations: 80+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31561

Plugin:: Varnish WordPress
Plugin Slug:: varnish-wp
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31616

Plugin:: PostmarkApp Email Integrator
Plugin Slug:: postmarkapp-email-integrator
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31617

Plugin:: PostmarkApp Email Integrator
Plugin Slug:: postmarkapp-email-integrator
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31576

Plugin:: Rich Text Editor
Plugin Slug:: richtexteditor
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31623

Plugin:: Simple Contact Forms
Plugin Slug:: simple-contact-forms
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31615

Plugin:: Actionwear products sync
Plugin Slug:: actionwear-products-sync
Installations: 60+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31619

Plugin:: Infusionsoft Web Form JavaScript
Plugin Slug:: infusionsoft-web-form-javascript
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31629

Plugin:: Processing Projects
Plugin Slug:: processing-projects
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31624

Plugin:: Useinfluence
Plugin Slug:: useinfluence
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31625

Plugin:: Chat by Chatwee
Plugin Slug:: chatwee
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31596

Plugin:: DesignO
Plugin Slug:: designo
Installations: 50+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31600

Plugin:: Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme
Plugin Slug:: gp-notification-bar
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31610

Plugin:: Salesmate Add-On for Gravity Forms
Plugin Slug:: gf-salesmate-add-on
Installations: 40+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31551

Plugin:: Salesmate Add-On for Gravity Forms
Plugin Slug:: gf-salesmate-add-on
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31533

Plugin:: Ethiopian Calendar
Plugin Slug:: ethiopian-calendar
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31589

Plugin:: AdSense Privacy Policy
Plugin Slug:: adsense-privacy-policy
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30578

Plugin:: Advanced Dewplayer
Plugin Slug:: advanced-dewplayer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30592

Plugin:: Advanced Post Search
Plugin Slug:: advanced-post-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30548

Plugin:: AI Preloader
Plugin Slug:: ai-preloader
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30530

Plugin:: Alert Box Block � Display notice/alerts in the front end
Plugin Slug:: alert-box-block
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13731

Plugin:: AlphaOmega Captcha & Anti-Spam Filter
Plugin Slug:: alphaomega-captcha-anti-spam
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30584

Plugin:: Amazing service box Addons For WPBakery Page Builder
Plugin Slug:: amazing-service-box-visual-composer-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2573

Plugin:: ANAC XML Render
Plugin Slug:: anac-xml-render
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30558

Plugin:: Arrow Maps
Plugin Slug:: ap-google-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28858

Plugin:: AppExperts
Plugin Slug:: appexperts
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30609

Plugin:: ARPrice
Plugin Slug:: arprice
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26731

Plugin:: Auto Load Next Post
Plugin Slug:: auto-load-next-post
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30529

Plugin:: AvaiBook
Plugin Slug:: avaibook
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30540

Plugin:: Awesome Logos
Plugin Slug:: awesome-logos
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30528

Plugin:: Ayyash Studio
Plugin Slug:: ayyash-studio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2576

Plugin:: banner-manager
Plugin Slug:: banner-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30565

Plugin:: Beautiful Link Preview
Plugin Slug:: beautiful-link-preview
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30536

Plugin:: Blue Captcha
Plugin Slug:: blue-captcha
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28880

Plugin:: BMo Expo
Plugin Slug:: bmo-expo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30539

Plugin:: Breezing Forms
Plugin Slug:: breezing-forms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30520

Plugin:: Browser Address Bar Color
Plugin Slug:: browser-address-bar-color
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30577

Plugin:: Browser Caching with .htaccess
Plugin Slug:: browser-caching-with-htaccess
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31439

Plugin:: Cackle
Plugin Slug:: cackle
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30546

Plugin:: CallPhone’r
Plugin Slug:: callphoner
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30550

Plugin:: CAS Maestro
Plugin Slug:: cas-maestro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30561

Plugin:: Cazamba
Plugin Slug:: cazamba
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25100

Plugin:: Contact Form 7 Material Design
Plugin Slug:: cf7-material-design
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30522

Plugin:: Clear Sucuri Cache
Plugin Slug:: clear-sucuri-cache
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31469

Plugin:: Clink
Plugin Slug:: clink
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30566

Plugin:: CopyLink
Plugin Slug:: copy-link
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30603

Plugin:: Menu Duplicator
Plugin Slug:: copy-menu
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30543

Plugin:: CSV to Responsive Tables
Plugin Slug:: csv-to-webpage-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56012

Plugin:: cTabs
Plugin Slug:: ctabs
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30586

Plugin:: Custom Product Stickers for Woocommerce
Plugin Slug:: custom-product-stickers-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28889

Plugin:: Custom Script Integration
Plugin Slug:: custom-script-integration
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30564

Plugin:: DAP to Autoresponders Email Syncing
Plugin Slug:: dap-to-autoresponders-daar
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2840

Plugin:: Driving Directions
Plugin Slug:: ddirections
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28903

Plugin:: DesignThemes Core Features
Plugin Slug:: designthemes-core-features
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0845

Plugin:: Product Catalog
Plugin Slug:: displayproduct
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30524

Plugin:: ????? ???? ??????? ????
Plugin Slug:: dokme
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30570

Plugin:: Multi Days Events and Multi Events in One Day Calendar
Plugin Slug:: dragon-calendar-free-version
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31572

Plugin:: Duplicate Page and Post
Plugin Slug:: duplicate-post-and-page
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31466

Plugin:: Duplicate Page and Post
Plugin Slug:: duplicate-post-and-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31471

Plugin:: Easy Page Transition
Plugin Slug:: easy-page-transition
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30606

Plugin:: Exit Popup Free
Plugin Slug:: exit-popup-free
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31591

Plugin:: External image replace
Plugin Slug:: external-image-replace
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30535

Plugin:: Secret Meta
Plugin Slug:: facebook-secret-meta
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25086

Plugin:: Fiverr.com Official Search Box
Plugin Slug:: fiverr-official-search-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28885

Plugin:: Fix Rss Feeds
Plugin Slug:: fix-rss-feed
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30556

Plugin:: Flatty
Plugin Slug:: flatty-flat-admin-theme
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31472

Plugin:: Flickr set slideshows
Plugin Slug:: flickr-set-slideshows
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30589

Plugin:: Flickr set slideshows
Plugin Slug:: flickr-set-slideshows
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30590

Plugin:: Frndzk Expandable Bottom Bar
Plugin Slug:: frndzk-expandable-bottom-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2510

Plugin:: Generate Post Thumbnails
Plugin Slug:: generate-post-thumbnails
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30585

Plugin:: GMO Font Agent
Plugin Slug:: gmo-font-agent
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30553

Plugin:: Google Font Fix
Plugin Slug:: google-font-fix
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30614

Plugin:: GP Back To Top
Plugin Slug:: gp-back-to-top
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30521

Plugin:: Hacklog Remote Image Autosave
Plugin Slug:: hacklog-remote-image-autosave
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30576

Plugin:: IG Shortcodes
Plugin Slug:: ig-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30597

Plugin:: Image Captcha
Plugin Slug:: image-captcha
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30534

Plugin:: Image Slider / Slideshow Pearlbells
Plugin Slug:: image-slider-pearlbells
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56012

Plugin:: Photo Slideshow (Responsive)
Plugin Slug:: image-slideshow-pearlbells
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56012

Plugin:: include-file
Plugin Slug:: include-file
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30595

Plugin:: Include URL
Plugin Slug:: include-url
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30594

Plugin:: Include URL
Plugin Slug:: include-url
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30593

Plugin:: Info Boxes Shortcode and Widget
Plugin Slug:: info-boxes-shortcode-and-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30541

Plugin:: issuuPress
Plugin Slug:: issuupress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30545

Plugin:: JiangQie Official Website Mini Program
Plugin Slug:: jiangqie-official-website-mini-program
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30604

Plugin:: jQuery Dropdown Menu
Plugin Slug:: jquery-drop-down-menu-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30560

Plugin:: Kento WordPress Stats
Plugin Slug:: kento-wp-stats
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30559

Plugin:: Key4ce osTicket Bridge
Plugin Slug:: key4ce-osticket-bridge
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28877

Plugin:: KK I Like It
Plugin Slug:: kk-i-like-it
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31443

Plugin:: LH OGP Meta
Plugin Slug:: lh-ogp-meta-tags
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30587

Plugin:: Lightview Plus
Plugin Slug:: lightview-plus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28890

Plugin:: Login Alert
Plugin Slug:: login-alert
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31459

Plugin:: Login Redirect
Plugin Slug:: login-redirect
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30575

Plugin:: LWS SMS
Plugin Slug:: lws-sms
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31457

Plugin:: Map Contact
Plugin Slug:: map-contact
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30588

Plugin:: Message ticker
Plugin Slug:: message-ticker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30533

Plugin:: Microblog Poster
Plugin Slug:: microblog-poster
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31435

Plugin:: Mobile Navigation
Plugin Slug:: mobile-navigation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30574

Plugin:: Music Press Pro
Plugin Slug:: music-press-pro
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30591

Plugin:: My Bootstrap Menu
Plugin Slug:: my-bootstrap-menu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30527

Plugin:: My Default Post Content
Plugin Slug:: my-default-post-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30573

Plugin:: NanoSupport
Plugin Slug:: nanosupport
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31376

Plugin:: NertWorks All in One Social Share Tools
Plugin Slug:: nertworks-all-in-one-social-share-tools
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31447

Plugin:: NextGEN Gallery Voting
Plugin Slug:: nextgen-gallery-voting
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28869

Plugin:: Nmedia MailChimp
Plugin Slug:: nmedia-mailchimp-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30613

Plugin:: Easy 301 Redirects
Plugin Slug:: odihost-easy-redirect-301
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30557

Plugin:: OK Poster Group
Plugin Slug:: ok-poster-group
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30544

Plugin:: Omnify
Plugin Slug:: omnify-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28882

Plugin:: OmniLeads Scripts and Tags Manager
Plugin Slug:: omnileads-scripts-and-tags-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31460

Plugin:: OSS Upload
Plugin Slug:: oss-upload
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30598

Plugin:: Page Takeover
Plugin Slug:: page-takeover
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31470

Plugin:: Pesapal Gateway for Woocommerce
Plugin Slug:: pesapal-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30579

Plugin:: Pop-Up Chop Chop
Plugin Slug:: pop-up
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31432

Plugin:: PostMash
Plugin Slug:: postmash-custom
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30622

Plugin:: Pretty file links
Plugin Slug:: pretty-file-links
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30551

Plugin:: Pro Rank Tracker
Plugin Slug:: proranktracker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30583

Plugin:: Quick Localization
Plugin Slug:: quick-localization
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30607

Plugin:: Related Posts via Categories
Plugin Slug:: related-posts-via-categories
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30602

Plugin:: Replace Default Words
Plugin Slug:: replace-default-words
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30612

Plugin:: Rewrite
Plugin Slug:: rewrite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30617

Plugin:: RJ Quickcharts
Plugin Slug:: rj-quickcharts
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31024

Plugin:: SH Email Alert
Plugin Slug:: sh-email-alert
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2165

Plugin:: ShowTime Slideshow
Plugin Slug:: showtime-slideshow
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31444

Plugin:: Shuffle
Plugin Slug:: shuffle
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28873

Plugin:: Simple Optimizer
Plugin Slug:: simple-optimizer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30538

Plugin:: Simple Rating
Plugin Slug:: simple-rating
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30572

Plugin:: Simple Trackback Disabler
Plugin Slug:: simple-trackback-disabler
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31448

Plugin:: Simple:Press
Plugin Slug:: simplepress
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31386

Plugin:: Smart Maintenance Mode
Plugin Slug:: smart-maintenance-mode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1490

Plugin:: So-Called Air Quotes
Plugin Slug:: so-called-air-quotes
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2803

Plugin:: SoJ SoundSlides
Plugin Slug:: soj-soundslides
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2249

Plugin:: SoundCloud Ultimate
Plugin Slug:: soundcloud-ultimate
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30542

Plugin:: sourceplay-navermap
Plugin Slug:: sourceplay-navermap
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30605

Plugin:: SpeakPipe
Plugin Slug:: speakpipe-voicemail-for-websites
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30619

Plugin:: STEdb Forms
Plugin Slug:: stedb-forms
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30571

Plugin:: Super Simple Subscriptions
Plugin Slug:: super-simple-subscriptions
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30523

Plugin:: Super Static Cache
Plugin Slug:: super-static-cache
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30568

Plugin:: Teleport
Plugin Slug:: teleport
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28855

Plugin:: Terms of Use
Plugin Slug:: terms-of-use-2
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31440

Plugin:: Text Selection Color
Plugin Slug:: text-selection-color
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31464

Plugin:: The Visitor Counter
Plugin Slug:: the-visitor-counter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31449

Plugin:: Tidekey
Plugin Slug:: tidekey
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30563

Plugin:: Toggle Box
Plugin Slug:: toggle-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31450

Plugin:: Trackserver
Plugin Slug:: trackserver
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30961

Plugin:: Translator
Plugin Slug:: translator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30621

Plugin:: Typekit plugin for WordPress
Plugin Slug:: typekit
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30526

Plugin:: Top Bar
Plugin Slug:: ultimate-bar
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30581

Plugin:: Ultimate Security Checker
Plugin Slug:: ultimate-security-checker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31456

Plugin:: Upload Quota per User
Plugin Slug:: upload-quota-per-user
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30537

Plugin:: Video Embedder
Plugin Slug:: video-embedder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31458

Plugin:: Visual Text Editor
Plugin Slug:: visual-text-editor
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-28893

Plugin:: wA11y � The Web Accessibility Toolbox
Plugin Slug:: wa11y
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30623

Plugin:: wBounce
Plugin Slug:: wbounce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31451

Plugin:: Weather Layer
Plugin Slug:: weather-layer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30532

Plugin:: WordPress Admin Bar Improved
Plugin Slug:: wordpress-admin-bar-improved
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30552

Plugin:: WordPress SQL Backup
Plugin Slug:: wordpress-sql-backup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30608

Plugin:: WP Cards
Plugin Slug:: wp-cards
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30547

Plugin:: WP Church Donation
Plugin Slug:: wp-church-donation
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31410

Plugin:: WP Colorful Tag Cloud
Plugin Slug:: wp-colorful-tag-cloud
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28865

Plugin:: WP Database Optimizer
Plugin Slug:: wp-database-optimizer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31473

Plugin:: WP Database Optimizer
Plugin Slug:: wp-database-optimizer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31474

Plugin:: WP e-Commerce Style Email
Plugin Slug:: wp-e-commerce-style-email
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30615

Plugin:: Magic Embeds
Plugin Slug:: wp-embed-facebook
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31433

Plugin:: WP Featured Entries
Plugin Slug:: wp-featured-entries
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30569

Plugin:: WP Hotjar
Plugin Slug:: wp-hotjar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30600

Plugin:: Job Colors for WP Job Manager
Plugin Slug:: wp-job-manager-colors
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31031

Plugin:: WP Multistore Locator
Plugin Slug:: wp-multi-store-locator
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-28898

Plugin:: WP Odoo Form Integrator
Plugin Slug:: wp-odoo-form-integrator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30620

Plugin:: WP-OGP
Plugin Slug:: wp-ogp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31437

Plugin:: WP Parallax Content Slider
Plugin Slug:: wp-parallax-content-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30599

Plugin:: VaultRE Contact Form 7
Plugin Slug:: wp-plugin-contact-form-7
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31101

Plugin:: WP Profitshare
Plugin Slug:: wp-profitshare
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30525

Plugin:: WP Ride Booking
Plugin Slug:: wp-ride-booking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30531

Plugin:: WP Social Widget
Plugin Slug:: wp-social-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30610

Plugin:: WP Supersized
Plugin Slug:: wp-supersized
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31438

Plugin:: WP Ultimate Search
Plugin Slug:: wp-ultimate-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31452

Plugin:: WP01
Plugin Slug:: wp01
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30567

Plugin:: WordPres ????
Plugin Slug:: wp2wb
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30555

Plugin:: WP Event Ticketing
Plugin Slug:: wpeventticketing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28899

Plugin:: XV Random Quotes
Plugin Slug:: xv-random-quotes
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30971

Plugin:: YouTube SimpleGallery
Plugin Slug:: youtube-simplegallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31453

Plugin:: Yummly Rich Recipes
Plugin Slug:: yummly-rich-recipes
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30549

Plugin:: WordPress Importer
Plugin Slug:: wordpress-importer
Installations: 3,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 0.8.4
Severity Score:: High
CVE:: 2024-13889

Plugin:: ElementsKit Elementor Addons and Templates
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.8
Severity Score:: Medium
CVE:: 2024-11180

Plugin:: Spectra Gutenberg Blocks � Website Builder for the Block Editor
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.19.1
Severity Score:: Medium
CVE:: 2025-1784

Plugin:: Smush Image Optimization � Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN
Plugin Slug:: wp-smushit
Installations: 1,000,000+
Vulnerability:: Directory Traversal
Patched in Version:: 3.17.1
Severity Score:: Medium
CVE:: 2025-22288

Plugin:: TablePress � Tables in WordPress made easy
Plugin Slug:: tablepress
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1
Severity Score:: Medium
CVE:: 2025-2685

Plugin:: Slider, Gallery, and Carousel by MetaSlider � Image Slider, Video Slider
Plugin Slug:: ml-slider
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.95.0
Severity Score:: Medium
CVE:: 2025-1062

Plugin:: MetForm � Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Plugin Slug:: metform
Installations: 500,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.9.3
Severity Score:: Medium
CVE:: 2025-30914

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.16.3
Severity Score:: Medium
CVE:: 2025-30766

Plugin:: GDPR Cookie Compliance � Cookie Banner, Cookie Consent, Cookie Notice � CCPA, DSGVO, RGPD
Plugin Slug:: gdpr-cookie-compliance
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.9
Severity Score:: Medium
CVE:: 2025-1623

Plugin:: Translate Multilingual sites � TranslatePress
Plugin Slug:: translatepress-multilingual
Installations: 300,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.9.7
Severity Score:: High
CVE:: 2025-30773

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.34
Severity Score:: High
CVE:: 2025-0613

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.33
Severity Score:: Medium
CVE:: 2024-13124

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.22.2
Severity Score:: Medium
CVE:: 2025-2331

Plugin:: Pods � Custom Content Types and Fields
Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.8.2
Severity Score:: High
CVE:: 2025-1446

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 12.4.06
Severity Score:: High
CVE:: 2025-22783

Plugin:: The Post Grid � Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 7.7.18
Severity Score:: High
CVE:: 2025-30814

Plugin:: Event Tickets and Registration
Plugin Slug:: event-tickets
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.20.1
Severity Score:: High
CVE:: 2025-30794

Plugin:: Kubio AI Page Builder
Plugin Slug:: kubio
Installations: 90,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.5.2
Severity Score:: Critical
CVE:: 2025-2294

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.7.6
Severity Score:: Medium
CVE:: 2025-22739

Plugin:: PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.1
Severity Score:: Medium
CVE:: 2025-1512

Plugin:: Product Import Export for WooCommerce � Import Export Product CSV Suite
Plugin Slug:: product-import-export-for-woo
Installations: 90,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.5.1
Severity Score:: High
CVE:: 2025-1913

Plugin:: Product Import Export for WooCommerce � Import Export Product CSV Suite
Plugin Slug:: product-import-export-for-woo
Installations: 90,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2025-1912

Plugin:: Product Import Export for WooCommerce � Import Export Product CSV Suite
Plugin Slug:: product-import-export-for-woo
Installations: 90,000+
Vulnerability:: Directory Traversal
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2025-1769

Plugin:: Nested Pages
Plugin Slug:: wp-nested-pages
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.13
Severity Score:: Medium
CVE:: 2025-0718

Plugin:: Booking for Appointments and Events Calendar � Amelia
Plugin Slug:: ameliabooking
Installations: 80,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 1.2.20
Severity Score:: Medium
CVE:: 2025-2578

Plugin:: Advanced Woo Search
Plugin Slug:: advanced-woo-search
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.29
Severity Score:: Medium
CVE:: 2025-2302

Plugin:: Total Upkeep � WordPress Backup Plugin plus Restore & Migrate by BoldGrid
Plugin Slug:: boldgrid-backup
Installations: 70,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.17.0
Severity Score:: High
CVE:: 2025-2257

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.25
Severity Score:: Medium
CVE:: 2025-31627

Plugin:: Drag and Drop Multiple File Upload for Contact Form 7
Plugin Slug:: drag-and-drop-multiple-file-upload-contact-form-7
Installations: 60,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.3.8.8
Severity Score:: Critical
CVE:: 2025-2485

Plugin:: Drag and Drop Multiple File Upload for Contact Form 7
Plugin Slug:: drag-and-drop-multiple-file-upload-contact-form-7
Installations: 60,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.3.8.8
Severity Score:: High
CVE:: 2025-2328

Plugin:: Ultimate Dashboard � Custom WordPress Dashboard
Plugin Slug:: ultimate-dashboard
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.8
Severity Score:: Medium
CVE:: 2025-2276

Plugin:: User Registration & Membership � Custom Registration Form, Login Form, and User Profile
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.4
Severity Score:: Medium
CVE:: 2025-30899

Plugin:: User Registration & Membership � Custom Registration Form, Login Form, and User Profile
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 4.1.2
Severity Score:: Critical
CVE:: 2025-2563

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 60,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.6.3
Severity Score:: Low
CVE:: 2025-1973

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 60,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.3
Severity Score:: High
CVE:: 2025-1971

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 60,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.6.3
Severity Score:: Low
CVE:: 2025-1972

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 60,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2025-1970

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2025.0
Severity Score:: Medium
CVE:: 2025-1440

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2025.0
Severity Score:: Medium
CVE:: 2025-1437

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.3.7
Severity Score:: Medium
CVE:: 2025-2252

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.30
Severity Score:: Medium
CVE:: 2024-10558

Plugin:: Simple Banner � Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website
Plugin Slug:: simple-banner
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.4
Severity Score:: Medium
CVE:: 2024-12769

Plugin:: Structured Content (JSON-LD) #wpsc
Plugin Slug:: structured-content
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.4
Severity Score:: Medium
CVE:: 2025-30918

Plugin:: Ultimate Blocks � WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.8
Severity Score:: Medium
CVE:: 2025-31077

Plugin:: Zapier for WordPress
Plugin Slug:: zapier
Installations: 50,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-13411

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.1
Severity Score:: Medium
CVE:: 2025-30873

Plugin:: Contact Form & SMTP Plugin for WordPress by PirateForms
Plugin Slug:: pirate-forms
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.0
Severity Score:: Medium
CVE:: 2024-11272

Plugin:: Quiz and Survey Master (QSM) � Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.2.1
Severity Score:: Medium
CVE:: 2024-10679

Plugin:: SecuPress Free � WordPress Security
Plugin Slug:: secupress
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.5.4
Severity Score:: Medium
CVE:: 2025-30907

Plugin:: Post Grid Gutenberg Blocks for News, Magazines, Blog Websites � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.26
Severity Score:: Medium
CVE:: 2025-31096

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.6
Severity Score:: High
CVE:: 2024-12278

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.66
Severity Score:: Medium
CVE:: 2025-31414

Plugin:: Float menu � awesome floating side menu
Plugin Slug:: float-menu
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.1.3
Severity Score:: Medium
CVE:: 2025-30912

Plugin:: LeadConnector
Plugin Slug:: leadconnector
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.3
Severity Score:: Medium
CVE:: 2025-30893

Plugin:: Ads by WPQuads � Adsense Ads, Banner Ads, Popup Ads
Plugin Slug:: quick-adsense-reloaded
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.88
Severity Score:: High
CVE:: 2025-30855

Plugin:: Ads by WPQuads � Adsense Ads, Banner Ads, Popup Ads
Plugin Slug:: quick-adsense-reloaded
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.0.88
Severity Score:: Critical
CVE:: 2025-30876

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 30,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.5.5
Severity Score:: Critical
CVE:: 2025-30911

Plugin:: Analytify � Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 30,000+
Vulnerability:: Settings Change
Patched in Version:: 6.0.0
Severity Score:: Medium
CVE:: 2025-30897

Plugin:: WP Google Review Slider
Plugin Slug:: wp-google-places-review-slider
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 16.1
Severity Score:: High
CVE:: 2025-30783

Plugin:: Conversios: Google Analytics GA4, Google Ads, GTM & Multiple Pixel Tracking
Plugin Slug:: enhanced-e-commerce-for-woocommerce-store
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.2.4
Severity Score:: Medium
CVE:: 2025-30909

Plugin:: Gum Elementor Addon
Plugin Slug:: gum-elementor-addon
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.11
Severity Score:: Medium
CVE:: 2025-30800

Plugin:: InstaWP Connect � 1-click WP Staging & Migration
Plugin Slug:: instawp-connect
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 0.1.0.83
Severity Score:: High
CVE:: 2025-31387

Plugin:: King Addons for Elementor � Free Elements, Widgets, Templates, and Features for Elementor
Plugin Slug:: king-addons
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 24.12.59
Severity Score:: Medium
CVE:: 2025-30926

Plugin:: ?????? ??? ? ??? ??????? (??? ?????? ? ??????? ??? ??????)
Plugin Slug:: persian-woocommerce-shipping
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.4
Severity Score:: Medium
CVE:: 2025-30898

Plugin:: Quiz Maker
Plugin Slug:: quiz-maker
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.6.8.8
Severity Score:: High
CVE:: 2025-30774

Plugin:: Slider by 10Web � Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.62
Severity Score:: Medium
CVE:: 2024-10566

Plugin:: Slider by 10Web � Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.62
Severity Score:: Medium
CVE:: 2024-10565

Plugin:: SyntaxHighlighter Evolved
Plugin Slug:: syntaxhighlighter
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2025-30903

Plugin:: FunnelKit Automations � Email Marketing Automation and CRM for WordPress & WooCommerce
Plugin Slug:: wp-marketing-automations
Installations: 20,000+
Vulnerability:: Open Redirection
Patched in Version:: 3.5.2
Severity Score:: Medium
CVE:: 2025-30795

Plugin:: FunnelKit Automations � Email Marketing Automation and CRM for WordPress & WooCommerce
Plugin Slug:: wp-marketing-automations
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.5.2
Severity Score:: Critical
CVE:: 2025-2186

Plugin:: WP Travel Engine � Tour Booking Plugin � Tour Operator Software
Plugin Slug:: wp-travel-engine
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 6.3.6
Severity Score:: High
CVE:: 2025-30870

Plugin:: WP Travel Engine � Tour Booking Plugin � Tour Operator Software
Plugin Slug:: wp-travel-engine
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 6.3.6
Severity Score:: High
CVE:: 2025-30871

Plugin:: Import Export Suite for CSV and XML Datafeed
Plugin Slug:: wp-ultimate-csv-importer
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.19.1
Severity Score:: High
CVE:: 2025-2008

Plugin:: Import Export Suite for CSV and XML Datafeed
Plugin Slug:: wp-ultimate-csv-importer
Installations: 20,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 7.19.1
Severity Score:: High
CVE:: 2025-2007

Plugin:: Product Labels For Woocommerce (Sale Badges)
Plugin Slug:: aco-product-labels-for-woocommerce
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.9
Severity Score:: High
CVE:: 2024-12109

Plugin:: Product Labels For Woocommerce (Sale Badges)
Plugin Slug:: aco-product-labels-for-woocommerce
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.11
Severity Score:: High
CVE:: 2024-10638

Plugin:: AFI � The Easiest Integration Plugin
Plugin Slug:: advanced-form-integration
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.100.0
Severity Score:: Medium
CVE:: 2024-13122

Plugin:: Webhook Automator & Contact Form Integration to Automate 280+ Platforms � Bit Integrations
Plugin Slug:: bit-integrations
Installations: 10,000+
Vulnerability:: Open Redirection
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2025-30884

Plugin:: Charitable � Donation Plugin for WordPress � Fundraising with Recurring Donations & More
Plugin Slug:: charitable
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.4.8
Severity Score:: Medium
CVE:: 2025-30770

Plugin:: Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
Plugin Slug:: directorist
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.3
Severity Score:: Medium
CVE:: 2025-2224

Plugin:: Favorites
Plugin Slug:: favorites
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.5
Severity Score:: Medium
CVE:: 2025-1452

Plugin:: Social Reviews & Recommendations
Plugin Slug:: fb-reviews-widget
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4
Severity Score:: Medium
CVE:: 2025-30883

Plugin:: Job Postings
Plugin Slug:: job-postings
Installations: 10,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.7.12
Severity Score:: Medium
CVE:: 2025-1310

Plugin:: Job Postings
Plugin Slug:: job-postings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.11
Severity Score:: Medium
CVE:: 2024-10105

Plugin:: LatePoint � Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.7
Severity Score:: Medium
CVE:: 2025-30836

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.14.4
Severity Score:: Medium
CVE:: 2025-31088

Plugin:: Five Star Restaurant Reservations � WordPress Booking Plugin
Plugin Slug:: restaurant-reservations
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.30
Severity Score:: Medium
CVE:: 2025-30861

Plugin:: Sensei LMS � Online Courses, Quizzes, & Learning
Plugin Slug:: sensei-lms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.24.5
Severity Score:: Medium
CVE:: 2025-22740

Plugin:: WP Date and Time Shortcode
Plugin Slug:: wp-date-and-time-shortcode
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.8
Severity Score:: Medium
CVE:: 2025-31590

Plugin:: WP Tabs � Responsive Tabs and Custom Product Tabs
Plugin Slug:: wp-expand-tabs-free
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-11503

Plugin:: ?=== Export All Posts, Products, Orders, Refunds & Users
Plugin Slug:: wp-ultimate-exporter
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.14
Severity Score:: Critical
CVE:: 2025-2332

Plugin:: Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button � Bit Assist
Plugin Slug:: bit-assist
Installations: 9,000+
Vulnerability:: Path Traversal
Patched in Version:: 1.5.5
Severity Score:: High
CVE:: 2025-30834

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 9,000+
Vulnerability:: Open Redirection
Patched in Version:: 2.18.1
Severity Score:: Medium
CVE:: 2025-30885

Plugin:: Essential Real Estate
Plugin Slug:: essential-real-estate
Installations: 9,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.2.1
Severity Score:: High
CVE:: 2025-30849

Plugin:: Registrations for the Events Calendar � Event Registration Plugin
Plugin Slug:: registrations-for-the-events-calendar
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.13.4
Severity Score:: Medium
CVE:: 2024-10703

Plugin:: WP Compress � Instant Performance & Speed Optimization
Plugin Slug:: wp-compress-image-optimizer
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.30.16
Severity Score:: High
CVE:: 2025-2110

Plugin:: WP Compress � Instant Performance & Speed Optimization
Plugin Slug:: wp-compress-image-optimizer
Installations: 9,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 6.30.16
Severity Score:: Medium
CVE:: 2025-2109

Plugin:: Awesome Support � WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 8,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.3.2
Severity Score:: High
CVE:: 2024-13567

Plugin:: Cozy Blocks � Page Builder for Gutenberg & Site Editor with Post Blocks, WooCommerce Blocks, Magazine Blocks & WordPress Gutenberg Blocks
Plugin Slug:: cozy-addons
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.7
Severity Score:: Medium
CVE:: 2025-30838

Plugin:: Event Manager and Tickets Selling Plugin for WooCommerce � WpEvently � WordPress Plugin
Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.3.0
Severity Score:: High
CVE:: 2025-30895

Plugin:: Event Manager and Tickets Selling Plugin for WooCommerce � WpEvently � WordPress Plugin
Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.0
Severity Score:: Medium
CVE:: 2025-30887

Plugin:: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Plugin Slug:: erp
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.14.0
Severity Score:: Medium
CVE:: 2025-30896

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.3
Severity Score:: High
CVE:: 2025-30880

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.9.3
Severity Score:: Critical
CVE:: 2025-30886

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 7,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.9.2
Severity Score:: High
CVE:: 2025-30882

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 7,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.9.3
Severity Score:: High
CVE:: 2025-30878

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 7,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.9.3
Severity Score:: High
CVE:: 2025-30901

Plugin:: Shipmondo � A complete shipping solution for WooCommerce
Plugin Slug:: pakkelabels-for-woocommerce
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.0.4
Severity Score:: Medium
CVE:: 2025-27001

Plugin:: WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Plugin Slug:: smart-wishlist-for-more-convert
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.9.0
Severity Score:: High
CVE:: 2025-30879

Plugin:: Quiz Cat � WordPress Quiz Plugin
Plugin Slug:: quiz-cat
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.9
Severity Score:: Low
CVE:: 2025-30877

Plugin:: WPCafe � Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Plugin Slug:: wp-cafe
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.32
Severity Score:: High
CVE:: 2025-30829

Plugin:: Audio Album
Plugin Slug:: audio-album
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2025-30780

Plugin:: Specific Content For Mobile � Customize the mobile version without redirections
Plugin Slug:: specific-content-for-mobile
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.5.4
Severity Score:: Medium
CVE:: 2025-30874

Plugin:: AliExpress Dropshipping Plugin for WooCommerce � AliNext
Plugin Slug:: ali2woo-lite
Installations: 4,000+
Vulnerability:: Open Redirection
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2025-30859

Plugin:: Doneren met Mollie
Plugin Slug:: doneren-met-mollie
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.8
Severity Score:: Medium
CVE:: 2025-30779

Plugin:: Inline Image Upload for BBPress
Plugin Slug:: image-upload-for-bbpress
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.20
Severity Score:: High
CVE:: 2025-2006

Plugin:: Stylish Price List � Price Table Builder & QR Code Restaurant Menu
Plugin Slug:: stylish-price-list
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.12
Severity Score:: Medium
CVE:: 2024-10472

Plugin:: WP Posts Carousel
Plugin Slug:: wp-posts-carousel
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2025-31094

Plugin:: WP Posts Carousel
Plugin Slug:: wp-posts-carousel
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2025-30920

Plugin:: Chartify � WordPress Chart Plugin
Plugin Slug:: chart-builder
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.9
Severity Score:: Medium
CVE:: 2025-30904

Plugin:: Restaurant Menu and Food Ordering
Plugin Slug:: mp-restaurant-menu
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.4.5
Severity Score:: High
CVE:: 2025-30846

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.9.9.8
Severity Score:: High
CVE:: 2025-30921

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.9.8
Severity Score:: High
CVE:: 2025-2009

Plugin:: Themify Event Post
Plugin Slug:: themify-event-post
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2025-30832

Plugin:: Themify Event Post
Plugin Slug:: themify-event-post
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.3
Severity Score:: High
CVE:: 2025-30831

Plugin:: Tickera � WordPress Event Ticketing
Plugin Slug:: tickera-event-ticketing-system
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.5.3
Severity Score:: Medium
CVE:: 2025-30851

Plugin:: Vimeotheque: Vimeo WordPress Plugin
Plugin Slug:: codeflavors-vimeo-video-post-lite
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.3.4.3
Severity Score:: High
CVE:: 2025-30806

Plugin:: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner � Groundhogg
Plugin Slug:: groundhogg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0
Severity Score:: Medium
CVE:: 2025-1267

Plugin:: Scheduled & Automatic Order Status Controller for WooCommerce
Plugin Slug:: order-status-rules-for-woocommerce
Installations: 2,000+
Vulnerability:: Open Redirection
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2025-30781

Plugin:: Active Products Tables for WooCommerce. Use constructor to create tables�
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Content Injection
Patched in Version:: 1.0.6.8
Severity Score:: High
CVE:: 2025-1514

Plugin:: Responsive Addons for Elementor � Free Elementor Addons Plugin and Elementor Templates
Plugin Slug:: responsive-addons-for-elementor
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.6.9
Severity Score:: Medium
CVE:: 2025-2228

Plugin:: Sitekit
Plugin Slug:: sitekit
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9
Severity Score:: Medium
CVE:: 2025-30776

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2025-30925

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1.2
Severity Score:: High
CVE:: 2025-30845

Plugin:: Appointment Booking and Scheduling Calendar Plugin � WP Timetics
Plugin Slug:: timetics
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.30
Severity Score:: Medium
CVE:: 2025-30828

Plugin:: Vitepos � Point of sale (POS) plugin for WooCommerce
Plugin Slug:: vitepos-lite
Installations: 2,000+
Vulnerability:: Broken Authentication
Patched in Version:: 3.1.5
Severity Score:: High
CVE:: 2025-22277

Plugin:: WP-Recall � Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 16.26.12
Severity Score:: High
CVE:: 2024-9770

Plugin:: Currency Switcher for WooCommerce
Plugin Slug:: currency-switcher-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.0.8
Severity Score:: High
CVE:: 2025-30857

Plugin:: Custom Field For WP Job Manager
Plugin Slug:: custom-field-for-wp-job-manager
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2025-30856

Plugin:: Dr. Flex
Plugin Slug:: dr-flex
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2025-30850

Plugin:: Dropdown multisite selector
Plugin Slug:: dropdown-multisite-selector
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.4
Severity Score:: Medium
CVE:: 2025-31090

Plugin:: Taxi Booking Manager for WooCommerce � WordPress plugin | Ecab
Plugin Slug:: ecab-taxi-booking-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2025-30839

Plugin:: Event post
Plugin Slug:: event-post
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.10
Severity Score:: Medium
CVE:: 2025-2167

Plugin:: Event Tickets with Ticket Scanner
Plugin Slug:: event-tickets-with-ticket-scanner
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.5.4
Severity Score:: Medium
CVE:: 2025-1762

Plugin:: Flexible Cookies
Plugin Slug:: flexible-cookies
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2025-30805

Plugin:: WP Fast Total Search � The Power of Indexed Search
Plugin Slug:: fulltext-search
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.79.264
Severity Score:: Medium
CVE:: 2025-30894

Plugin:: Greek Multi Tool � Ultimate Greek Language Toolkit for WordPress
Plugin Slug:: greek-multi-tool
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.2
Severity Score:: High
CVE:: 2025-30797

Plugin:: Just Writing Statistics
Plugin Slug:: just-writing-statistics
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.4
Severity Score:: Medium
CVE:: 2025-30803

Plugin:: Novelist
Plugin Slug:: novelist
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2025-30847

Plugin:: Off-Canvas Sidebars & Menus (Slidebars)
Plugin Slug:: off-canvas-sidebars
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.5.8.4
Severity Score:: Medium
CVE:: 2025-30860

Plugin:: Quotes llama
Plugin Slug:: quotes-llama
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.1
Severity Score:: Medium
CVE:: 2025-30786

Plugin:: SearchIQ � The Search Solution
Plugin Slug:: searchiq
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8
Severity Score:: Medium
CVE:: 2025-30867

Plugin:: SKT Addons for Elementor
Plugin Slug:: skt-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6
Severity Score:: Medium
CVE:: 2025-30812

Plugin:: SKU Generator for WooCommerce
Plugin Slug:: sku-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.3
Severity Score:: High
CVE:: 2025-30917

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.4.11
Severity Score:: Critical
CVE:: 2025-31084

Plugin:: WordPress Tour & Travel Booking Plugin for WooCommerce � WpTravelly
Plugin Slug:: tour-booking-manager
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.8.8
Severity Score:: High
CVE:: 2025-30891

Plugin:: WishSuite � Wishlist for WooCommerce
Plugin Slug:: wishsuite
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.5
Severity Score:: High
CVE:: 2025-30820

Plugin:: WP Docs
Plugin Slug:: wp-docs
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2025-31417

Plugin:: Team Manager � Team Member Showcase with grid, slider, table Elementor widget & shortcode
Plugin Slug:: wp-team-manager
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.0
Severity Score:: High
CVE:: 2025-30868

Plugin:: The Ultimate WordPress Toolkit � WP Extended
Plugin Slug:: wpextended
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.15
Severity Score:: High
CVE:: 2025-30796

Plugin:: YayExtra � WooCommerce Extra Product Options
Plugin Slug:: yayextra
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.3
Severity Score:: High
CVE:: 2025-31415

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.3.6
Severity Score:: Medium
CVE:: 2025-30865

Plugin:: Exchange Rates
Plugin Slug:: exchange-rates
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2025-30864

Plugin:: Football Pool
Plugin Slug:: football-pool
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.12.3
Severity Score:: Medium
CVE:: 2025-30764

Plugin:: Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:: integration-for-contact-form-7-and-google-sheets
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-30863

Plugin:: RPS Include Content
Plugin Slug:: rps-include-content
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2025-31093

Plugin:: Serial Codes Generator and Validator with WooCommerce Support
Plugin Slug:: serial-codes-generator-and-validator
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.8
Severity Score:: Medium
CVE:: 2025-30854

Plugin:: Usermaven
Plugin Slug:: usermaven
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2025-31079

Plugin:: One to one user Chat by WPGuppy
Plugin Slug:: wpguppy-lite
Installations: 900+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.4
Severity Score:: High
CVE:: 2025-30775

Plugin:: Leaky Paywall
Plugin Slug:: leaky-paywall
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.21.8
Severity Score:: Medium
CVE:: 2025-31083

Plugin:: Login Widget for Ultimate Member
Plugin Slug:: login-widget-for-ultimate-member
Installations: 800+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2025-30890

Plugin:: Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack.
Plugin Slug:: recaptcha-for-all
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.23
Severity Score:: Medium
CVE:: 2025-30862

Plugin:: Terms & Conditions Per Product
Plugin Slug:: terms-and-conditions-per-product
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.16
Severity Score:: Medium
CVE:: 2025-30866

Plugin:: TWB Woocommerce Reviews
Plugin Slug:: twb-woocommerce-reviews
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.8
Severity Score:: Medium
CVE:: 2025-30801

Plugin:: ValidateCertify Free
Plugin Slug:: validar-certificados-de-cursos
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2025-30811

Plugin:: WooCommerce Fattureincloud
Plugin Slug:: woo-fattureincloud
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.8
Severity Score:: High
CVE:: 2025-30837

Plugin:: WP Cassify
Plugin Slug:: wp-cassify
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.6
Severity Score:: Medium
CVE:: 2025-30771

Plugin:: WP Compress for MainWP
Plugin Slug:: wp-compress-mainwp
Installations: 800+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 6.30.06
Severity Score:: Medium
CVE:: 2025-31076

Plugin:: Better Section Navigation
Plugin Slug:: better-section-navigation
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.0
Severity Score:: Medium
CVE:: 2025-31465

Plugin:: Custom Fields Account Registration For Woocommerce
Plugin Slug:: custom-fields-account-registration-for-woocommerce
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2025-30888

Plugin:: Houzez Property Feed
Plugin Slug:: houzez-property-feed
Installations: 700+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.5.5
Severity Score:: High
CVE:: 2025-30793

Plugin:: Custom Login Logo
Plugin Slug:: ideal-wp-login-logo-changer
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.8
Severity Score:: Medium
CVE:: 2025-30822

Plugin:: Our Team Members � Team Members WordPress Plugin
Plugin Slug:: our-team-members
Installations: 700+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3
Severity Score:: Medium
CVE:: 2025-30802

Plugin:: PDF for WPForms + Drag and Drop Template Builder
Plugin Slug:: pdf-for-wpforms
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.1
Severity Score:: Medium
CVE:: 2025-30767

Plugin:: wordpress publish post email notification
Plugin Slug:: publish-post-email-notification
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.2.4
Severity Score:: Medium
CVE:: 2025-30816

Plugin:: Stock Sync for WooCommerce with Google Sheets | WooCommerce Bulk Edit, Stock Management, Inventory Management System & more � FlexStock
Plugin Slug:: stock-sync-with-google-sheet-for-woocommerce
Installations: 700+
Vulnerability:: SQL Injection
Patched in Version:: 3.13.2
Severity Score:: High
CVE:: 2025-30765

Plugin:: Product Author for WooCommerce
Plugin Slug:: wc-product-author
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2025-30872

Plugin:: wpShopGermany IT-RECHT KANZLEI
Plugin Slug:: wpshopgermany-it-recht-kanzlei
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2025-30804

Plugin:: Anthologize
Plugin Slug:: anthologize
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.8.3
Severity Score:: Medium
CVE:: 2025-30823

Plugin:: Digital License Manager
Plugin Slug:: digital-license-manager
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.4
Severity Score:: High
CVE:: 2025-2635

Plugin:: FormLift for Infusionsoft Web Forms
Plugin Slug:: formlift
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.5.20
Severity Score:: Medium
CVE:: 2025-31434

Plugin:: Simple Giveaways � Grow your business, email lists and traffic with contests
Plugin Slug:: giveasap
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: 2.48.2
Severity Score:: High
CVE:: 2025-30819

Plugin:: SNORDIAN’s H5PxAPIkatchu
Plugin Slug:: h5pxapikatchu
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 0.4.15
Severity Score:: Medium
CVE:: 2025-30821

Plugin:: Cool Author Box � For Widget and Post Content
Plugin Slug:: hm-cool-author-box-widget
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2025-30830

Plugin:: IP Locator
Plugin Slug:: ip-locator
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.0
Severity Score:: Medium
CVE:: 2025-30826

Plugin:: jAlbum Bridge
Plugin Slug:: jalbum-bridge
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.18
Severity Score:: Medium
CVE:: 2025-30818

Plugin:: jAlbum Bridge
Plugin Slug:: jalbum-bridge
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.19
Severity Score:: Medium
CVE:: 2025-30768

Plugin:: Listamester
Plugin Slug:: listamester
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.6
Severity Score:: Medium
CVE:: 2025-30813

Plugin:: Contact Form, Drag and Drop Form Builder Plugin � Live Forms
Plugin Slug:: liveforms
Installations: 600+
Vulnerability:: Settings Change
Patched in Version:: 4.8.5
Severity Score:: Medium
CVE:: 2025-30809

Plugin:: Simplebooklet PDF Viewer and Embedder
Plugin Slug:: simplebooklet
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-30922

Plugin:: Verge3D Publishing and E-Commerce
Plugin Slug:: verge3d
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.8.3
Severity Score:: Medium
CVE:: 2025-30833

Plugin:: Textmetrics
Plugin Slug:: webtexttool
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.2
Severity Score:: Medium
CVE:: 2025-30824

Plugin:: Lead Form Data Collection to CRM
Plugin Slug:: wp-leads-builder-any-crm
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: 3.1
Severity Score:: High
CVE:: 2025-30810

Plugin:: Zoho Billing � Embed Payment Form
Plugin Slug:: zoho-subscriptions
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1
Severity Score:: Medium
CVE:: 2025-30900

Plugin:: Accounting for WooCommerce
Plugin Slug:: accounting-for-woocommerce
Installations: 500+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.6.9
Severity Score:: High
CVE:: 2025-30835

Plugin:: Christmas Panda
Plugin Slug:: christmas-panda
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-30842

Plugin:: Clearout Email Validator � Real-Time Email Verification on WordPress Forms
Plugin Slug:: clearout-email-validator
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2025-30789

Plugin:: Comment Approved Notifier Extended
Plugin Slug:: comment-approved-notifier-extended
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3
Severity Score:: Medium
CVE:: 2025-30792

Plugin:: EZ SQL Reports Shortcode Widget and DB Backup
Plugin Slug:: elisqlreports
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.25.10
Severity Score:: High
CVE:: 2025-30788

Plugin:: EZ SQL Reports Shortcode Widget and DB Backup
Plugin Slug:: elisqlreports
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.25.10
Severity Score:: High
CVE:: 2025-30787

Plugin:: Gallery for Social Photo
Plugin Slug:: feed-instagram-lite
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.0.37
Severity Score:: Medium
CVE:: 2025-26742

Plugin:: Hesabfa Accounting
Plugin Slug:: hesabfa-accounting
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2025-30815

Plugin:: Slider by BestWebSoft
Plugin Slug:: slider-bws
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.1
Severity Score:: High
CVE:: 2025-31099

Plugin:: Subscribe to Download Lite � Download after Email Subscription Form WordPress Plugin
Plugin Slug:: subscribe-to-download-lite
Installations: 500+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2025-30782

Plugin:: Subscribe to Download Lite � Download after Email Subscription Form WordPress Plugin
Plugin Slug:: subscribe-to-download-lite
Installations: 500+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2025-30785

Plugin:: Chatbox Manager
Plugin Slug:: wa-chatbox-manager
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2025-30790

Plugin:: Web Directory Free
Plugin Slug:: web-directory-free
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: 1.7.7
Severity Score:: Critical
CVE:: 2025-28904

Plugin:: WordPress WP-Advanced-Search
Plugin Slug:: wp-advanced-search
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.9.3
Severity Score:: Medium
CVE:: 2024-10554

Plugin:: WP Google Street View (with 360� virtual tour) & Google maps + Local SEO
Plugin Slug:: wp-google-street-view
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2025-30799

Plugin:: WP Subscription Forms � Subscription Form Plugin for WordPress
Plugin Slug:: wp-subscription-forms
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.4
Severity Score:: High
CVE:: 2025-30784

Plugin:: Z Companion
Plugin Slug:: z-companion
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-30817

Plugin:: Administrator Z
Plugin Slug:: administrator-z
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 2025.03.27
Severity Score:: High
CVE:: 2025-2815

Plugin:: Store Locator Widget
Plugin Slug:: store-locator-widget
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2025r3
Severity Score:: High
CVE:: 2025-30919

Plugin:: Support Genix � Helpdesk & Customer Support Ticket System
Plugin Slug:: support-genix-lite
Installations: 400+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.4.12
Severity Score:: Medium
CVE:: 2025-30777

Plugin:: WIP WooCarousel Lite
Plugin Slug:: wip-woocarousel-lite
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.8
Severity Score:: High
CVE:: 2025-30769

Plugin:: About Author
Plugin Slug:: about-author
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.3
Severity Score:: High
CVE:: 2025-30808

Plugin:: Better WishList API
Plugin Slug:: better-wlm-api
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: High
CVE:: 2025-30798

Plugin:: Gift Message for WooCommerce
Plugin Slug:: gift-message-for-woocommerce
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.9
Severity Score:: Medium
CVE:: 2025-30923

Plugin:: Stylish Google Sheet Reader 4.0 � Seamlessly Embed Google Sheets as Responsive Data Tables
Plugin Slug:: stylish-google-sheet-reader
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1
Severity Score:: High
CVE:: 2024-13863

Plugin:: CM Download Manager � Simplify file sharing with powerful download management
Plugin Slug:: cm-download-manager
Installations: 200+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.0.0
Severity Score:: High
CVE:: 2025-30910

Plugin:: Multiple Shipping And Billing Address For Woocommerce
Plugin Slug:: different-shipping-and-billing-address-for-woocommerce
Installations: 200+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.6
Severity Score:: Critical
CVE:: 2025-31087

Plugin:: Image Wall
Plugin Slug:: image-wall
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1
Severity Score:: High
CVE:: 2025-30869

Plugin:: Next-Cart Store to WooCommerce Migration
Plugin Slug:: nextcart-woocommerce-migration
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.5
Severity Score:: Critical
CVE:: 2025-30807

Plugin:: Cart tracking for WooCommerce
Plugin Slug:: cart-tracking-for-woocommerce
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.17
Severity Score:: High
CVE:: 2025-30791

Plugin:: CRM and Lead Management by vcita
Plugin Slug:: crm-customer-relationship-management-by-vcita
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.5
Severity Score:: Medium
CVE:: 2024-13702

Plugin:: DICOM Support
Plugin Slug:: dicom-support
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.10.7
Severity Score:: Medium
CVE:: 2024-12623

Plugin:: Primer MyData for Woocommerce
Plugin Slug:: primer-mydata
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.4
Severity Score:: High
CVE:: 2025-30924

Plugin:: WP2LEADS | WordPress und KlickTipp einfach verbinden � WooCommerce und KlickTipp einfach verbinden
Plugin Slug:: wp2leads
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.7
Severity Score:: High
CVE:: 2025-30827

Plugin:: xili-dictionary
Plugin Slug:: xili-dictionary
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.5.1
Severity Score:: High
CVE:: 2025-30840

Plugin:: MDJM Event Management
Plugin Slug:: mobile-dj-manager
Installations: 90+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.7.5.3
Severity Score:: High
CVE:: 2025-31074

Plugin:: WPC Smart Upsell Funnel for WooCommerce
Plugin Slug:: wpc-smart-upsell-funnel
Installations: 90+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.0.5
Severity Score:: High
CVE:: 2025-30772

Plugin:: Material Dashboard
Plugin Slug:: material-dashboard
Installations: 80+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.4.6
Severity Score:: Critical
CVE:: 2025-31095

Plugin:: Hostel
Plugin Slug:: hostel
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5.6
Severity Score:: High
CVE:: 2025-31102

Plugin:: Hostel
Plugin Slug:: hostel
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5.5
Severity Score:: High
CVE:: 2025-30848

Plugin:: AEC Kiosque
Plugin Slug:: aec-kiosque
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.4
Severity Score:: High
CVE:: 2025-30902

Plugin:: BizCalendar Web
Plugin Slug:: bizcalendar-web
Installations: 30+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.0.35
Severity Score:: High
CVE:: 2025-30843

Plugin:: EO4WP: EmailOctopus for WordPress
Plugin Slug:: fw-integration-for-emailoctopus
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8.5
Severity Score:: Medium
CVE:: 2025-30763

Plugin:: MicroPayments � Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet
Plugin Slug:: paid-membership
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.30
Severity Score:: Medium
CVE:: 2025-31075

Plugin:: Your Simple SVG Support
Plugin Slug:: your-simple-svg-support
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2025-2542

Plugin:: Bitspecter Suite
Plugin Slug:: bitspecter-suite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-2577

Plugin:: Booknetic
Plugin Slug:: booknetic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.5
Severity Score:: Medium
CVE:: 2024-13146

Plugin:: Bridge Core
Plugin Slug:: bridge-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2025-31409

Plugin:: BWL Advanced FAQ Manager
Plugin Slug:: bwl-advanced-faq-manager
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-13801

Plugin:: Fusion Builder
Plugin Slug:: fusion-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.15
Severity Score:: Medium
CVE:: 2025-1665

Plugin:: JetBlocks For Elementor
Plugin Slug:: jet-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.16.1
Severity Score:: Medium
CVE:: 2025-30987

Plugin:: JetSearch
Plugin Slug:: jet-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.7.1
Severity Score:: Medium
CVE:: 2025-31043

Plugin:: JetSmartFilters
Plugin Slug:: jet-smart-filters
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.4
Severity Score:: Medium
CVE:: 2025-30963

Plugin:: JetWooBuilder
Plugin Slug:: jet-woo-builder
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1.18.1
Severity Score:: High
CVE:: 2025-31016

Plugin:: JetProductGallery
Plugin Slug:: jet-woo-product-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.22.1
Severity Score:: Medium
CVE:: 2025-31412

Plugin:: Smart Maintenance Mode
Plugin Slug:: smart-maintenance-mode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-12682

Plugin:: tagDiv Composer
Plugin Slug:: td-composer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.4
Severity Score:: High
CVE:: 2025-1705

Plugin:: tagDiv Composer
Plugin Slug:: td-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4
Severity Score:: High
CVE:: 2025-2804

Plugin:: Shortcodes by United Themes
Plugin Slug:: ut-shortcodes
Vulnerability:: Content Injection
Patched in Version:: 5.1.7
Severity Score:: Medium
CVE:: 2024-13557

WordPress Themes � 4 Patched / 18 Unpatched

Theme:: AuraMart
Theme Slug:: auramart
Downloads: 804
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26922

Theme:: Hester
Theme Slug:: hester
Downloads: 7,289
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26734

Theme:: MorningTime Lite
Theme Slug:: morningtime-lite
Downloads: 40,088
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26736

Theme:: StoreBiz
Theme Slug:: storebiz
Downloads: 102,376
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26732

Theme:: Build
Theme Slug:: build
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26869

Theme:: Churel
Theme Slug:: churel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31419

Theme:: City Store
Theme Slug:: city-store
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26737

Theme:: Navigation Tree Elementor
Theme Slug:: navigation-tree-elementor
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30562

Theme:: newseqo
Theme Slug:: newseqo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26739

Theme:: RainbowNews
Theme Slug:: rainbownews
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26747

Theme:: Rapyd Payment Extension for WooCommerce
Theme Slug:: rapyd-payments
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30618

Theme:: Shopo
Theme Slug:: shopo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Themify Sidepane WordPress Theme
Theme Slug:: sidepane
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Traveler
Theme Slug:: traveler
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26956

Theme:: Traveler
Theme Slug:: traveler
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26733

Theme:: Traveler
Theme Slug:: traveler
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26898

Theme:: Traveler
Theme Slug:: traveler
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26873

Theme:: Whitish Lite
Theme Slug:: whitish-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22278

Theme:: Big Store
Theme Slug:: big-store
Downloads: 135,572
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.9
Severity Score:: Medium
CVE:: 2025-30881

Theme:: Unlimited
Theme Slug:: unlimited
Downloads: 66,367
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.46
Severity Score:: Medium
CVE:: 2025-31073

Theme:: Real Estate 7
Theme Slug:: realestate-7
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.5.5
Severity Score:: High
CVE:: 2025-2891

Theme:: WP Weixin
Theme Slug:: wp-weixin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.17
Severity Score:: Medium
CVE:: 2025-30875