Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a red gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � April 9, 2025

[email protected]

In this report, 612 vulnerabilities have been publicly disclosed. Security patches for 108 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 504 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

The third release candidate (�RC3�) for WordPress 6.8 is ready for download and testing. This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it�s recommended that you evaluate RC3 on a test server and site.

WordPress Plugins � 103 Patched / 480 Unpatched

Plugin:: CMP � Coming Soon & Maintenance Plugin by NiteoThemes
Plugin Slug:: cmp-coming-soon-maintenance
Installations: 200,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32118

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32185

Plugin:: ShareThis Dashboard for Google Analytics
Plugin Slug:: googleanalytics
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32282

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32230

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32198

Plugin:: WP ULike � All-in-One Engagement Toolkit
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Content Spoofing
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32259

Plugin:: ActiveCampaign � Forms, Site Tracking, Live Chat
Plugin Slug:: activecampaign-subscription-forms
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32136

Plugin:: DethemeKit for Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32260

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32197

Plugin:: Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery
Plugin Slug:: simply-gallery-block
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32176

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31567

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12278

Plugin:: Advanced WordPress Backgrounds
Plugin Slug:: advanced-backgrounds
Installations: 30,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32200

Plugin:: WP Event Manager � Events Calendar, Registrations, Sell Tickets with WooCommerce
Plugin Slug:: wp-event-manager
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32225

Plugin:: Ecwid by Lightspeed Ecommerce Shopping Cart
Plugin Slug:: ecwid-shopping-cart
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32195

Plugin:: Read More & Accordion
Plugin Slug:: expand-maker
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-0810

Plugin:: Easy Google Maps
Plugin Slug:: google-maps-easy
Installations: 20,000+
Vulnerability:: XML External Entity (XXE)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32138

Plugin:: MP3 Audio Player � Music Player, Podcast Player & Radio by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32235

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32133

Plugin:: 140+ Widgets | Xpro Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32163

Plugin:: Advanced Woo Labels � Product Labels for WooCommerce
Plugin Slug:: advanced-woo-labels
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32188

Plugin:: Asgaros Forum
Plugin Slug:: asgaros-forum
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32227

Plugin:: Flo Forms � Easy Drag & Drop Form Builder
Plugin Slug:: flo-forms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32213

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32194

Plugin:: MasterStudy LMS WordPress Plugin � for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32237

Plugin:: MasterStudy LMS WordPress Plugin � for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32141

Plugin:: Motors � Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32170

Plugin:: Motors � Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32142

Plugin:: OSM � OpenStreetMap
Plugin Slug:: osm
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31557

Plugin:: s2Member � Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32137

Plugin:: URL Shortify � Simple, Powerful and Easy URL Shortener Plugin For WordPress
Plugin Slug:: url-shortify
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32134

Plugin:: WDesignKit � Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
Plugin Slug:: wdesignkit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12189

Plugin:: WP-LESS
Plugin Slug:: wp-less
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31550

Plugin:: WPCargo Track & Trace
Plugin Slug:: wpcargo
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31609

Plugin:: Xpro Theme Builder For Elementor � FREE
Plugin Slug:: xpro-theme-builder
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32201

Plugin:: YaMaps for WordPress Plugin
Plugin Slug:: yamaps
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32172

Plugin:: WP Mobile Bottom Menu
Plugin Slug:: mobile-bottom-menu-for-wp
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31525

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32280

Plugin:: Gutenify � Visual Site Builder Blocks & Site Templates.
Plugin Slug:: gutenify
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32168

Plugin:: IMPress for IDX Broker
Plugin Slug:: idx-broker-platinum
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31556

Plugin:: WordPress Header Builder Plugin � Pearl
Plugin Slug:: pearl-header-builder
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31881

Plugin:: WordPress Header Builder Plugin � Pearl
Plugin Slug:: pearl-header-builder
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31880

Plugin:: EventON � Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32160

Plugin:: Sliced Invoices � WordPress Invoice Plugin
Plugin Slug:: sliced-invoices
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31628

Plugin:: Specia Companion
Plugin Slug:: specia-companion
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32212

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32275

Plugin:: VK Filter Search
Plugin Slug:: vk-filter-search
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32175

Plugin:: Directorist AddonsKit for Elementor
Plugin Slug:: addonskit-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31857

Plugin:: aThemes Addons for Elementor
Plugin Slug:: athemes-addons-for-elementor-lite
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32158

Plugin:: Fusion Page Builder
Plugin Slug:: fusion
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31549

Plugin:: Hyperlink Group Block
Plugin Slug:: hyperlink-group-block
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31885

Plugin:: Flag Icons
Plugin Slug:: language-icons-flags-switcher
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31575

Plugin:: Privyr CRM � Instant Lead Alerts for Contact Forms
Plugin Slug:: privy-crm-integration
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32224

Plugin:: Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
Plugin Slug:: salon-booking-system
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32220

Plugin:: Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
Plugin Slug:: salon-booking-system
Installations: 4,000+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31560

Plugin:: Popular Brand Icons � Simple Icons
Plugin Slug:: simple-icons
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31786

Plugin:: Split Test For Elementor
Plugin Slug:: split-test-for-elementor
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32204

Plugin:: Split Test For Elementor
Plugin Slug:: split-test-for-elementor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32135

Plugin:: Widgetize Pages Light
Plugin Slug:: widgetize-pages-light
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32117

Plugin:: Zoho Flow � Integrate 100+ plugins with 1000+ business apps, no-code workflow automation
Plugin Slug:: zoho-flow
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31408

Plugin:: EazyDocs � Most Powerful Knowledge base, wiki, Documentation Builder Plugin
Plugin Slug:: eazydocs
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32221

Plugin:: Fonto � Custom Web Fonts Manager
Plugin Slug:: fonto
Installations: 3,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31827

Plugin:: Libro de Reclamaciones y Quejas
Plugin Slug:: libro-de-reclamaciones-y-quejas
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32113

Plugin:: News Kit Elementor Addons
Plugin Slug:: news-kit-elementor-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32196

Plugin:: Piotnet Forms
Plugin Slug:: piotnetforms
Installations: 3,000+
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2025-32205

Plugin:: Piotnet Forms
Plugin Slug:: piotnetforms
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31793

Plugin:: Piotnet Forms
Plugin Slug:: piotnetforms
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31792

Plugin:: Slider a SlidersPack � Image Slider, Post Slider, ACF Gallery Slider
Plugin Slug:: sliderspack-all-in-one-image-sliders
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32152

Plugin:: Social Share Buttons & Analytics Plugin � GetSocial.io
Plugin Slug:: wp-share-buttons-analytics-by-getsocial
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32239

Plugin:: WebberZone Snippetz � Header, Body and Footer manager
Plugin Slug:: add-to-all
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31874

Plugin:: Ai Image Alt Text Generator for WP
Plugin Slug:: ai-image-alt-text-generator-for-wp
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32228

Plugin:: Ai Image Alt Text Generator for WP
Plugin Slug:: ai-image-alt-text-generator-for-wp
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32217

Plugin:: Beam me up Scotty � Back to Top Button
Plugin Slug:: beam-me-up-scotty
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31864

Plugin:: Beds24 Online Booking
Plugin Slug:: beds24-online-booking
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32155

Plugin:: Bulk NoIndex & NoFollow Toolkit
Plugin Slug:: bulk-noindex-nofollow-toolkit-by-mad-fish
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31537

Plugin:: Category Icon
Plugin Slug:: category-icon
Installations: 2,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31825

Plugin:: Docxpresso
Plugin Slug:: docxpresso
Installations: 2,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31554

Plugin:: Gallery � Photo Albums Plugin
Plugin Slug:: easy-media-gallery
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31586

Plugin:: ELEX WooCommerce Request a Quote
Plugin Slug:: elex-request-a-quote
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31406

Plugin:: Online Booking & Scheduling Calendar for WordPress by vcita
Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32238

Plugin:: MX Time Zone Clocks
Plugin Slug:: mx-time-zone-clocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31801

Plugin:: Safe Ai Malware Protection for WP
Plugin Slug:: safe-ai-malware-protection-for-wp
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31545

Plugin:: SrbTransLatin � Serbian Latinisation
Plugin Slug:: srbtranslatin
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31421

Plugin:: Timeline Event History
Plugin Slug:: timeline-event-history
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31595

Plugin:: Tockify Events Calendar
Plugin Slug:: tockify-events-calendar
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32174

Plugin:: Directory Listings WordPress plugin � uListing
Plugin Slug:: ulisting
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32122

Plugin:: WP Modal Popup with Cookie Integration
Plugin Slug:: wp-modal-popup-with-cookie-integration
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31772

Plugin:: WP Optin Wheel � Gamified Optin Email Marketing Tool for WordPress and WooCommerce
Plugin Slug:: wp-optin-wheel
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31824

Plugin:: WordPress Simple HTML Sitemap
Plugin Slug:: wp-simple-html-sitemap
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31822

Plugin:: WPoperation Elementor Addons
Plugin Slug:: wpop-elementor-addons
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31823

Plugin:: Black Widgets For Elementor
Plugin Slug:: black-widgets
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31869

Plugin:: Post Form � Registration Form � Profile Form for User Profiles � Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32151

Plugin:: BuddyPress Members Only
Plugin Slug:: buddypress-members-only
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31812

Plugin:: Cal.com
Plugin Slug:: cal-com
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31604

Plugin:: CLP � Custom Login Page by NiteoThemes
Plugin Slug:: clp-custom-login-page
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31769

Plugin:: Contact Form Builder by vcita
Plugin Slug:: contact-form-with-a-meeting-scheduler-by-vcita
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32199

Plugin:: Cryptocurrency Widgets Pack
Plugin Slug:: cryptocurrency-widgets-pack
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31539

Plugin:: DirectoryPress � Business Directory And Classified Ad Listing
Plugin Slug:: directorypress
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32249

Plugin:: Astra Security Suite � Firewall & Malware Scan
Plugin Slug:: getastra
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31774

Plugin:: Gutena Kit � Gutenberg Blocks and Templates
Plugin Slug:: gutena-kit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31805

Plugin:: JobWP � Job Board, Job Listing, Career Page and Recruitment Plugin
Plugin Slug:: jobwp
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32265

Plugin:: Nova Blocks by Pixelgrade
Plugin Slug:: nova-blocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31819

Plugin:: onOffice for WP-Websites
Plugin Slug:: onoffice-for-wp-websites
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32127

Plugin:: PDF Generator Addon for Elementor Page Builder
Plugin Slug:: pdf-generator-addon-for-elementor-page-builder
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31850

Plugin:: RestroPress � Online Food Ordering System
Plugin Slug:: restropress
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31877

Plugin:: Table Block by RioVizual � Comparison Table, Pricing Table, and Pros & Cons Box for Gutenberg
Plugin Slug:: riovizual
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32278

Plugin:: Sequential Order Numbers for WooCommerce
Plugin Slug:: sequential-order-numbers-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32263

Plugin:: Sidebar Manager Light
Plugin Slug:: sidebar-manager-light
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32112

Plugin:: Simple Sticky Add To Cart For WooCommerce
Plugin Slug:: sticky-add-to-cart-woo
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31854

Plugin:: Swiss Toolkit For WP
Plugin Slug:: swiss-toolkit-for-wp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31546

Plugin:: Swiss Toolkit For WP
Plugin Slug:: swiss-toolkit-for-wp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31544

Plugin:: Table Block by Tableberg � Best WordPress Table Plugin
Plugin Slug:: tableberg
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32171

Plugin:: Video Playlist For YouTube
Plugin Slug:: video-playlist-for-youtube
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32183

Plugin:: Price by Quantity & Bulk Quantity Discounts for WooCommerce
Plugin Slug:: wholesale-pricing-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31598

Plugin:: WordPress Webinar Plugin � WebinarPress
Plugin Slug:: wp-webinarsystem
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31883

Plugin:: WordPress Webinar Plugin � WebinarPress
Plugin Slug:: wp-webinarsystem
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31882

Plugin:: WP AdCenter � Ad Manager & Adsense Ads
Plugin Slug:: wpadcenter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31860

Plugin:: mb.YTPlayer for background videos
Plugin Slug:: wpmbytplayer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31782

Plugin:: Follow Us Badges
Plugin Slug:: wpsite-follow-us-badges
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31804

Plugin:: B Blocks � The ultimate block collection
Plugin Slug:: b-blocks
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32173

Plugin:: ContentBot AI Writer (ChatGPT, GPT4)
Plugin Slug:: content-bot
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31818

Plugin:: FancyPost � Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor
Plugin Slug:: post-block
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31875

Plugin:: Post Custom Templates Lite
Plugin Slug:: post-custom-templates-lite
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31767

Plugin:: Real Estate Manager � Property Listing and Agent Management
Plugin Slug:: real-estate-manager
Installations: 900+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32150

Plugin:: Rollbar
Plugin Slug:: rollbar
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32250

Plugin:: Ultimate Store Kit � Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
Plugin Slug:: ultimate-store-kit
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32184

Plugin:: UltraAddons � Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)
Plugin Slug:: ultraaddons-elementor-lite
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32264

Plugin:: 404 Image Redirection (Replace Broken Images)
Plugin Slug:: broken-images-redirection
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32266

Plugin:: Doppler Forms
Plugin Slug:: doppler-form
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32165

Plugin:: JS Job Manager
Plugin Slug:: js-jobs
Installations: 800+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32146

Plugin:: JS Job Manager
Plugin Slug:: js-jobs
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31868

Plugin:: JS Job Manager
Plugin Slug:: js-jobs
Installations: 800+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31867

Plugin:: Product Notices for WooCommerce
Plugin Slug:: product-notices-for-woocommerce
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31807

Plugin:: Query Wrangler
Plugin Slug:: query-wrangler
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31779

Plugin:: Revive.so � Bulk Rewrite and Republish Blog Posts
Plugin Slug:: revive-so
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32233

Plugin:: SheetDB � get your Google Spreadsheet data
Plugin Slug:: sheetdb
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31873

Plugin:: TailPress � Tailwind for WordPress
Plugin Slug:: tailpress
Installations: 800+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31558

Plugin:: TuriTop Booking System
Plugin Slug:: turitop-booking-system
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31541

Plugin:: Widget Manager Light
Plugin Slug:: widget-manager-light
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31768

Plugin:: AI Content Creator � Easy ChatGPT powered article generator
Plugin Slug:: ai-content-creator
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32247

Plugin:: Group Chat & Video Chat by AtomChat
Plugin Slug:: atomchat
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31831

Plugin:: Group Chat & Video Chat by AtomChat
Plugin Slug:: atomchat
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31532

Plugin:: Broadstreet
Plugin Slug:: broadstreet
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32211

Plugin:: Broadstreet
Plugin Slug:: broadstreet
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32270

Plugin:: Easy!Appointments
Plugin Slug:: easyappointments
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31828

Plugin:: Magical Blocks � Premium Gutenberg Blocks
Plugin Slug:: magical-blocks
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31844

Plugin:: Accessibility Suite by Ability, Inc
Plugin Slug:: online-accessibility
Installations: 700+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32215

Plugin:: QR Code Tag for WC order emails, POS receipt emails, PDF invoices, PDF packing slips, Blog posts, Custom post types and Pages (from goaskle.com)
Plugin Slug:: qr-code-tag-for-wc-from-goaskle-com
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32268

Plugin:: SCSS WP Editor
Plugin Slug:: scss-wp-editor
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31808

Plugin:: Simple Owl Carousel
Plugin Slug:: simple-owl-carousel
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31535

Plugin:: Slider Path for Elementor
Plugin Slug:: slider-path
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31529

Plugin:: SnapWidget Social Photo Feed Widget
Plugin Slug:: snapwidget-wp-instagram-widget
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31760

Plugin:: StaticPress
Plugin Slug:: staticpress
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31528

Plugin:: Bulk Product Sync � Bulk Product Editor for WooCommerce with Google Sheets�
Plugin Slug:: sync-wc-google
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31852

Plugin:: WP Plugin Info Card
Plugin Slug:: wp-plugin-info-card
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31835

Plugin:: SMS Abandoned Cart Recovery ? CartBoss
Plugin Slug:: cartboss
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31865

Plugin:: Custom Database Applications by Caspio
Plugin Slug:: custom-database-applications-by-caspio
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31559

Plugin:: Daisycon prijsvergelijkers
Plugin Slug:: daisycon
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32148

Plugin:: Embed Chessboard
Plugin Slug:: embed-chessboard
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32177

Plugin:: Embed Extended � Embed Maps, Videos, Websites, Source Codes, and more
Plugin Slug:: embed-extended
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31784

Plugin:: FPW Category Thumbnails
Plugin Slug:: fpw-category-thumbnails
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31841

Plugin:: Google SEO Pressor for Rich snippets
Plugin Slug:: google-seo-author-snippets
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31775

Plugin:: Google SEO Pressor for Rich snippets
Plugin Slug:: google-seo-author-snippets
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31530

Plugin:: History Log by click5
Plugin Slug:: history-log-by-click5
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31531

Plugin:: Integration of Zoho CRM and Contact Form 7
Plugin Slug:: integration-of-zoho-crm-and-contact-form-7
Installations: 600+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31821

Plugin:: Contact Form, Drag and Drop Form Builder Plugin � Live Forms
Plugin Slug:: liveforms
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32279

Plugin:: My auctions allegro
Plugin Slug:: my-auctions-allegro-free-edition
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31542

Plugin:: OwnerRez
Plugin Slug:: ownerrez
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31814

Plugin:: Behance Portfolio Manager
Plugin Slug:: portfolio-manager-powered-by-behance
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32124

Plugin:: Behance Portfolio Manager
Plugin Slug:: portfolio-manager-powered-by-behance
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31526

Plugin:: Publitio
Plugin Slug:: publitio
Installations: 600+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31800

Plugin:: Publitio
Plugin Slug:: publitio
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31799

Plugin:: Publitio
Plugin Slug:: publitio
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31798

Plugin:: Question Answer
Plugin Slug:: question-answer
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31810

Plugin:: Sheet2Site
Plugin Slug:: sheet2site
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31762

Plugin:: Showeblogin Social Plugin
Plugin Slug:: showeblogin-facebook-page-like-box
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32169

Plugin:: Simple Post Expiration
Plugin Slug:: simple-post-expiration
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31734

Plugin:: SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
Plugin Slug:: surveyjs
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32256

Plugin:: SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
Plugin Slug:: surveyjs
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32167

Plugin:: TextMe SMS
Plugin Slug:: textme-sms-integration
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31789

Plugin:: UPC/EAN/GTIN Code Generator
Plugin Slug:: upc-ean-barcode-generator
Installations: 600+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31878

Plugin:: Uptime Robot Plugin for WordPress
Plugin Slug:: uptime-robot-monitor
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31776

Plugin:: Uptime Robot Plugin for WordPress
Plugin Slug:: uptime-robot-monitor
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31562

Plugin:: Uptime Robot Plugin for WordPress
Plugin Slug:: uptime-robot-monitor
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31547

Plugin:: Woocommerce Role Pricing
Plugin Slug:: woocommerce-role-pricing
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32271

Plugin:: WP Link Preview
Plugin Slug:: wp-link-preview
Installations: 600+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31527

Plugin:: WP Proposals
Plugin Slug:: wp-proposals
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31837

Plugin:: 1 Click WordPress Migration Plugin � 100% FREE for a limited time
Plugin Slug:: 1-click-migration
Installations: 500+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32257

Plugin:: ACME Divi Modules
Plugin Slug:: acme-divi-modules
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31540

Plugin:: Advanced Speed Increaser
Plugin Slug:: advanced-speed-increaser
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31753

Plugin:: WordPress Appointment Booking and Online Scheduling Plugin by Appointy
Plugin Slug:: appointy-appointment-scheduler
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31601

Plugin:: Cache control by Cacholong
Plugin Slug:: cache-control-by-cacholong
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31764

Plugin:: Cache control by Cacholong
Plugin Slug:: cache-control-by-cacholong
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31763

Plugin:: CF7 Spreadsheets
Plugin Slug:: cf7-spreadsheets
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31536

Plugin:: CF7 Spreadsheets
Plugin Slug:: cf7-spreadsheets
Installations: 500+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31603

Plugin:: Checklist
Plugin Slug:: checklist
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31538

Plugin:: Official CleverReach� Plugin for WooCommerce
Plugin Slug:: cleverreach-wc
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32241

Plugin:: Display product variations dropdown on shop page
Plugin Slug:: display-product-variations-dropdown-on-shop-page
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32226

Plugin:: Twice Commerce � Easy Rental Booking System
Plugin Slug:: embed-rentle
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31543

Plugin:: Freetobook Responsive Widget
Plugin Slug:: freetobook-responsive-widget
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32273

Plugin:: FunnelCockpit
Plugin Slug:: funnelcockpit
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32132

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31862

Plugin:: Leartes TRY Exchange Rates
Plugin Slug:: leartes-try-exchange-rates
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31783

Plugin:: Social Intents � Live Chat and ChatGPT Chatbots
Plugin Slug:: live-chat-support-by-social-intents
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32131

Plugin:: m1.DownloadList
Plugin Slug:: m1downloadlist
Installations: 500+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32164

Plugin:: Ni WooCommerce Cost Of Goods
Plugin Slug:: ni-woocommerce-cost-of-goods
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32207

Plugin:: Ni WooCommerce Cost Of Goods
Plugin Slug:: ni-woocommerce-cost-of-goods
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31826

Plugin:: RDP Wiki Embed
Plugin Slug:: rdp-wiki-embed
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32262

Plugin:: Theme Duplicator
Plugin Slug:: theme-duplicator
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31845

Plugin:: VG WooCarousel
Plugin Slug:: vg-woocarousel
Installations: 500+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32153

Plugin:: Webling
Plugin Slug:: webling
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31806

Plugin:: Wishlist
Plugin Slug:: wishlist
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32272

Plugin:: WP Clone any post type
Plugin Slug:: wp-clone-any-post-type
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31872

Plugin:: WP Clone any post type
Plugin Slug:: wp-clone-any-post-type
Installations: 500+
Vulnerability:: Unvalidated Redirects and Forwards
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31871

Plugin:: Administrator Z
Plugin Slug:: administrator-z
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32276

Plugin:: Administrator Z
Plugin Slug:: administrator-z
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32187

Plugin:: Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Plugin Slug:: ai-auto-tool
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31564

Plugin:: Appointify
Plugin Slug:: appointify
Installations: 400+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31577

Plugin:: Auto scroll for reading
Plugin Slug:: auto-scroll-for-reading
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31594

Plugin:: Breaking News WP
Plugin Slug:: breaking-news-wp
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31751

Plugin:: Breaking News WP
Plugin Slug:: breaking-news-wp
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31750

Plugin:: Chamber Dashboard Business Directory
Plugin Slug:: chamber-dashboard-business-directory
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32162

Plugin:: CRM WordPress Plugin � RepairBuddy
Plugin Slug:: computer-repair-shop
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32277

Plugin:: Dima Take Action
Plugin Slug:: dima-take-action
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31742

Plugin:: Pin Generator
Plugin Slug:: pin-generator
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31791

Plugin:: Planyo online reservation system
Plugin Slug:: planyo-online-reservation-system
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31811

Plugin:: RSVPMaker
Plugin Slug:: rsvpmaker
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31552

Plugin:: Spider Elements � Crafted UX First Addons for Elementor
Plugin Slug:: spider-elements
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32216

Plugin:: Spider Elements � Crafted UX First Addons for Elementor
Plugin Slug:: spider-elements
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32182

Plugin:: TZ Plus Gallery
Plugin Slug:: tz-plus-gallery
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31756

Plugin:: Woocommerce Advanced Product Organizer � Dynamic Sorting & Reordering
Plugin Slug:: vagonic-sortable
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32236

Plugin:: Advanced WooCommerce Product Sales Reporting � Statistics & Forecast
Plugin Slug:: webd-woocommerce-advanced-reporting-statistics
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31553

Plugin:: WP AutoKeyword
Plugin Slug:: wp-autokeyword
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31870

Plugin:: WP AutoKeyword
Plugin Slug:: wp-autokeyword
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31579

Plugin:: WP w3all phpBB
Plugin Slug:: wp-w3all-phpbb-integration
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32274

Plugin:: BWD Elementor Addons (2500+ presets, Meet The Team, Lottie, Lord Icon, Masking, Woocommerce, Theme Builder, Products, Blogs, CV, Contact Form 7 Styler, Header, Slider, Hero Section)
Plugin Slug:: bwd-elementor-addons
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32189

Plugin:: Contact Form vCard Generator
Plugin Slug:: contact-form-vcard-generator
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31582

Plugin:: ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons)
Plugin Slug:: css-for-elementor
Installations: 300+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31796

Plugin:: Barcode Generator for WooCommerce � Show barcodes on products, orders, invoices and other pages
Plugin Slug:: embedding-barcodes-into-product-pages-and-orders
Installations: 300+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31879

Plugin:: Labinator Content Types Duplicator
Plugin Slug:: labinator-content-types-duplicator
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31809

Plugin:: Musician’s Pack for Elementor � Music Website Widgets & Templates
Plugin Slug:: music-pack-for-elementor
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32190

Plugin:: PhotoShelter for Photographers Blog Feed Plugin
Plugin Slug:: photoshelter-official-plugin
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31766

Plugin:: TableOn � WordPress Posts Table Filterable�
Plugin Slug:: posts-table-filterable
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32218

Plugin:: Silvasoft boekhouden
Plugin Slug:: silvasoft-boekhouden
Installations: 300+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32125

Plugin:: SimplyRETS Real Estate IDX
Plugin Slug:: simply-rets
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31011

Plugin:: Viral Loops WP Integration
Plugin Slug:: viral-loops-wp-integration
Installations: 300+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31842

Plugin:: ACF City Selector
Plugin Slug:: acf-city-selector
Installations: 200+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31832

Plugin:: Auto Post After Image Upload
Plugin Slug:: auto-post-after-image-upload
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31611

Plugin:: Connector to CiviCRM with CiviMcRestFace
Plugin Slug:: connector-civicrm-mcrestface
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31618

Plugin:: Footer Contacts Bar
Plugin Slug:: dn-footer-contacts
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31839

Plugin:: Export All Post Meta
Plugin Slug:: export-all-post-meta
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31856

Plugin:: Fonts Manager | Custom Fonts
Plugin Slug:: fonts-manager-custom-fonts
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31578

Plugin:: Leadfox for WordPress
Plugin Slug:: leadfox
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31585

Plugin:: News Element Elementor Blog Magazine
Plugin Slug:: news-element
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32191

Plugin:: Ni WooCommerce Product Enquiry
Plugin Slug:: ni-woocommerce-product-enquiry
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31580

Plugin:: PeproDev CF7 Database
Plugin Slug:: pepro-cf7-database
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31573

Plugin:: Send E-mail
Plugin Slug:: send-e-mail
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31592

Plugin:: Shiptimize for WooCommerce
Plugin Slug:: shiptimize-for-woocommerce
Installations: 200+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31802

Plugin:: SMM API
Plugin Slug:: smm-api
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31855

Plugin:: SwiftXR (3D/AR/VR) Viewer
Plugin Slug:: swiftxr-3darvr-viewer
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32248

Plugin:: Variable Inspector
Plugin Slug:: variable-inspector
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32229

Plugin:: Welcome Popup
Plugin Slug:: welcome-popup
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31605

Plugin:: Gift Cards for WooCommerce
Plugin Slug:: woo-giftcards
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31781

Plugin:: WP Copy Media URL
Plugin Slug:: wp-copy-media-url
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31583

Plugin:: 5sterrenspecialist
Plugin Slug:: 5-sterrenspecialist
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32114

Plugin:: AdMail � Multilingual Back in-Stock Notifier for WooCommerce
Plugin Slug:: admail
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32234

Plugin:: Related Posts Widget with Thumbnails
Plugin Slug:: advanced-css3-related-posts-widget
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31570

Plugin:: Agency Toolkit
Plugin Slug:: agency-toolkit
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31863

Plugin:: Apimo Connector
Plugin Slug:: apimo
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31602

Plugin:: Author Bio Shortcode
Plugin Slug:: author-bio-shortcode
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31731

Plugin:: CBX Poll
Plugin Slug:: cbxpoll
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31612

Plugin:: Clockinator Lite
Plugin Slug:: clockify-lite
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31777

Plugin:: Content Manager Light
Plugin Slug:: content-manager-light
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31770

Plugin:: ContentMX Content Publisher
Plugin Slug:: contentmx-content-publisher
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31555

Plugin:: Course Booking System
Plugin Slug:: course-booking-system
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32253

Plugin:: Custom Content Scrollbar
Plugin Slug:: custom-content-scrollbar
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31574

Plugin:: DobsonDev Shortcodes
Plugin Slug:: dobsondev-shortcodes
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31754

Plugin:: Free Booking Plugin for Hotels, Restaurants and Car Rentals � eaSYNC Booking
Plugin Slug:: easync-booking
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32219

Plugin:: WordPress Testimonials Slider
Plugin Slug:: elfsight-testimonials-slider
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31588

Plugin:: WordPress Testimonials Slider
Plugin Slug:: elfsight-testimonials-slider
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31587

Plugin:: WordPress Testimonials Slider
Plugin Slug:: elfsight-testimonials-slider
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31584

Plugin:: Footnotes for WordPress
Plugin Slug:: footnotes-for-wordpress
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31735

Plugin:: Free Woocommerce Product Table View � Woo Table Pro
Plugin Slug:: free-product-table-for-woocommerce
Installations: 100+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31758

Plugin:: Free Woocommerce Product Table View � Woo Table Pro
Plugin Slug:: free-product-table-for-woocommerce
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31757

Plugin:: Video & Photo Gallery for Ultimate Member
Plugin Slug:: gallery-for-ultimate-member
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32121

Plugin:: GB Gallery Slideshow
Plugin Slug:: gb-gallery-slideshow
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31732

Plugin:: GDPR Cookie Notice
Plugin Slug:: gdpr-cookie-notice
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31765

Plugin:: JobBoard Job listing plugin
Plugin Slug:: job-board-light
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31834

Plugin:: JobBoard Job listing plugin
Plugin Slug:: job-board-light
Installations: 100+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31833

Plugin:: Local Magic
Plugin Slug:: local-magic
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31858

Plugin:: Opal Portfolio
Plugin Slug:: opal-portfolios
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31748

Plugin:: OpenAI Tools for WordPress & WooCommerce
Plugin Slug:: openai-tools-for-wp-wc
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31843

Plugin:: Pay with Contact Form 7
Plugin Slug:: pay-with-contact-form-7
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32126

Plugin:: Payday
Plugin Slug:: payday
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31876

Plugin:: Popping Content Light
Plugin Slug:: popping-content-light
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32115

Plugin:: QR Master
Plugin Slug:: qr-master
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32116

Plugin:: Review Manager
Plugin Slug:: review-manager
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31836

Plugin:: Rio Video Gallery
Plugin Slug:: rio-video-gallery
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31566

Plugin:: Ship Per Product
Plugin Slug:: ship-per-product
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31773

Plugin:: Simple-Audioplayer
Plugin Slug:: simple-audioplayer
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31607

Plugin:: Simple Website Logo
Plugin Slug:: simple-website-logo
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32258

Plugin:: SP Blog Designer
Plugin Slug:: sp-blog-designer
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31606

Plugin:: StaffList
Plugin Slug:: stafflist
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32255

Plugin:: StaffList
Plugin Slug:: stafflist
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32232

Plugin:: Team Members for Elementor Page Builder
Plugin Slug:: team-members-for-elementor
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31771

Plugin:: The Logo Slider
Plugin Slug:: the-logo-slider
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31571

Plugin:: Ultimate Live Cricket WordPress Lite
Plugin Slug:: ultimate-live-cricket-lite
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31597

Plugin:: LeadLab by wiredminds
Plugin Slug:: wiredminds-leadlab
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31568

Plugin:: WooTumblog
Plugin Slug:: woo-tumblog
Installations: 100+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31729

Plugin:: WP Video Playlist
Plugin Slug:: wp-post-459206 wp-video-playlist
Installations: 100+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31581

Plugin:: WP Sitemap
Plugin Slug:: wpsitemap
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31733

Plugin:: AB Google Map Travel (AB-MAP)
Plugin Slug:: ab-google-map-travel
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31613

Plugin:: WordPress Adverts Plugin � Adverts Click Tracker
Plugin Slug:: adverts-click-tracker
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31848

Plugin:: Clients
Plugin Slug:: clients
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31746

Plugin:: CookieHint WP
Plugin Slug:: cookiehint-wp
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31608

Plugin:: CoverManager
Plugin Slug:: covermanager
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31620

Plugin:: Minimalistic Event Manager
Plugin Slug:: minimalistic-event-manager
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31739

Plugin:: AI Search Bar
Plugin Slug:: open-ai-search-bar
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31563

Plugin:: WR Price List Manager For Woocommerce
Plugin Slug:: wr-price-list-for-woocommerce
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31794

Plugin:: Advanced Typekit
Plugin Slug:: advanced-typekit
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31622

Plugin:: byBrick Accordion
Plugin Slug:: bybrick-accordion
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31621

Plugin:: CM Registration � Tailored tool for seamless login and invitation-based registrations
Plugin Slug:: cm-invitation-codes
Installations: 80+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32210

Plugin:: Subscription Form for Feedblitz
Plugin Slug:: feedblitz-email-subscription
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31745

Plugin:: LeadQuizzes
Plugin Slug:: leadquizzes
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31738

Plugin:: SWM � Shopify to WooCommerce Migration
Plugin Slug:: migrate-shopify-to-woocommerce
Installations: 80+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31795

Plugin:: News, Magazine and Blog Elements
Plugin Slug:: news-magazine-and-blog-elements
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31740

Plugin:: OpenMenu � The official plugin for OpenMenu
Plugin Slug:: open-menu
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31593

Plugin:: wordpress related Posts with thumbnails
Plugin Slug:: related-posts-list-grid-and-slider-all-in-one
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31569

Plugin:: ShopCred � WooCommerce Builder with Products Grid & Carousel Block
Plugin Slug:: shopcred
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31829

Plugin:: Terms Before Download
Plugin Slug:: terms-before-download
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31614

Plugin:: Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More
Plugin Slug:: ultimate-push-notifications
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31548

Plugin:: Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More
Plugin Slug:: ultimate-push-notifications
Installations: 80+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31561

Plugin:: Varnish WordPress
Plugin Slug:: varnish-wp
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31616

Plugin:: 6Storage Rentals
Plugin Slug:: 6storage-rentals
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32178

Plugin:: Append Content
Plugin Slug:: append-content
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31780

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32242

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32208

Plugin:: Hypotext
Plugin Slug:: hypotext
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31761

Plugin:: Marketer Addons
Plugin Slug:: marketer-addons
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31730

Plugin:: PostmarkApp Email Integrator
Plugin Slug:: postmarkapp-email-integrator
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31617

Plugin:: PostmarkApp Email Integrator
Plugin Slug:: postmarkapp-email-integrator
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31576

Plugin:: Radius Blocks � WordPress Gutenberg Blocks
Plugin Slug:: radius-blocks
Installations: 70+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32159

Plugin:: Rich Text Editor
Plugin Slug:: richtexteditor
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31736

Plugin:: Rich Text Editor
Plugin Slug:: richtexteditor
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31623

Plugin:: AI Content Writer, Autoblogging, Youtube Subtitle to Article � SEO Help
Plugin Slug:: seo-help
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32244

Plugin:: Simple Contact Forms
Plugin Slug:: simple-contact-forms
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31615

Plugin:: Actionwear products sync
Plugin Slug:: actionwear-products-sync
Installations: 60+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31619

Plugin:: Boo Recipes
Plugin Slug:: boo-recipes
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31759

Plugin:: Catch Dark Mode
Plugin Slug:: catch-dark-mode
Installations: 60+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32154

Plugin:: Easy Magazine
Plugin Slug:: filtr8-magazine
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31741

Plugin:: Infusionsoft Web Form JavaScript
Plugin Slug:: infusionsoft-web-form-javascript
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31629

Plugin:: pCloud Backup
Plugin Slug:: pcloud-backup
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31755

Plugin:: Processing Projects
Plugin Slug:: processing-projects
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31624

Plugin:: Sprout Clients � CRM and Lead Management
Plugin Slug:: sprout-clients
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31797

Plugin:: Turbo Addons Elementor
Plugin Slug:: turbo-addons-elementor
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32186

Plugin:: Useinfluence
Plugin Slug:: useinfluence
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31625

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32254

Plugin:: WP Genealogy � Your Family History Website
Plugin Slug:: wpgenealogy
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32252

Plugin:: Bulk Fields Editor
Plugin Slug:: bulk-user-editor
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31752

Plugin:: Chat by Chatwee
Plugin Slug:: chatwee
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31596

Plugin:: Easy WP Optimizer � Optimize DB & WordPress
Plugin Slug:: easy-wp-optimizer
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32147

Plugin:: Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme
Plugin Slug:: gp-notification-bar
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31610

Plugin:: Lightweight and Responsive Youtube Embed
Plugin Slug:: lightweight-and-responsive-youtube-embed
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31744

Plugin:: Lightweight and Responsive Youtube Embed
Plugin Slug:: lightweight-and-responsive-youtube-embed
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31743

Plugin:: Shopper Approved Reviews
Plugin Slug:: shopperapproved-reviews
Installations: 50+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3063

Plugin:: WP Chrono
Plugin Slug:: wp-chrono
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31747

Plugin:: BlockWheels
Plugin Slug:: blockwheels
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31817

Plugin:: Client Showcase
Plugin Slug:: client-showcase
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31737

Plugin:: DesignO
Plugin Slug:: designo
Installations: 40+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31600

Plugin:: Posts Footer Manager
Plugin Slug:: intelly-posts-footer-manager
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32130

Plugin:: Welcome Bar
Plugin Slug:: intelly-welcome-bar
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32129

Plugin:: Sparkle Elementor Kit
Plugin Slug:: sparkle-elementor-kit
Installations: 30+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32157

Plugin:: Simple Fixed Notice
Plugin Slug:: dn-cookie-notice
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31840

Plugin:: Donate Me
Plugin Slug:: donate-me
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31778

Plugin:: Design Blocks � Gutenberg Blocks collection
Plugin Slug:: exclusive-blocks
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31815

Plugin:: ShipDepot for WooCommerce
Plugin Slug:: ship-depot
Installations: 20+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31866

Plugin:: Smartarget Popup
Plugin Slug:: smartarget-popup
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31853

Plugin:: Turisbook Booking System
Plugin Slug:: turisbook-booking-system
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31803

Plugin:: AIO Performance Profiler, Monitor, Optimize, Compress & Debug
Plugin Slug:: all-in-one-performance-accelerator
Installations: 10+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31788

Plugin:: Ethiopian Calendar
Plugin Slug:: ethiopian-calendar
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31589

Plugin:: Eventbee RSVP Widget
Plugin Slug:: eventbee-rsvp-widget
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31838

Plugin:: HMH Footer Builder For Elementor
Plugin Slug:: hmh-footer-builder-for-elementor
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31749

Plugin:: Just Post Preview Widget
Plugin Slug:: just-post-preview
Installations: 10+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32156

Plugin:: Nearby Locations
Plugin Slug:: nearby-locations
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32128

Plugin:: Nemesis All-in-One | Newspaper Builder Elementor Extention
Plugin Slug:: nemesis-all-in-one
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31849

Plugin:: Support Helpdesk Ticket System Lite
Plugin Slug:: ticket-help-desk-system-lite
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31626

Plugin:: WPSHARE247 Elementor Addons
Plugin Slug:: wpshare247-elementor-addons
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31813

Plugin:: 1-Click Backup & Restore Database
Plugin Slug:: 1-click-backup-restore-database-by-sunbytes
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32246

Plugin:: AAWP Obfuscator
Plugin Slug:: aawp-obfuscator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3432

Plugin:: ABC Notation
Plugin Slug:: abc-notation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31895

Plugin:: Advanced Advertising System
Plugin Slug:: advanced-advertising-system
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3433

Plugin:: Advanced Search by My Solr Server
Plugin Slug:: advanced-search-by-my-solr-server
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3099

Plugin:: AI Content Pipelines
Plugin Slug:: ai-content-pipelines
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2544

Plugin:: Apptivo Business Site CRM
Plugin Slug:: apptivo-business-site
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31909

Plugin:: Arkhe Blocks
Plugin Slug:: arkhe-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32161

Plugin:: Arrow Custom Feed for Twitter
Plugin Slug:: arrow-twitter-feed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31897

Plugin:: Awesome Logos
Plugin Slug:: awesome-logos
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31899

Plugin:: Booking Calendar and Notification
Plugin Slug:: booking-calendar-and-notification
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31381

Plugin:: Booking Calendar and Notification
Plugin Slug:: booking-calendar-and-notification
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31403

Plugin:: WordPress Booking plugin for Appointment Calendar and Woocommcerce Booking � Bookingor
Plugin Slug:: bookingor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32231

Plugin:: BookingPress
Plugin Slug:: bookingpress-appointment-booking
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31910

Plugin:: Botnet Attack Blocker
Plugin Slug:: botnet-attack-blocker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31893

Plugin:: CGM Event Calendar
Plugin Slug:: cgm-event-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31462

Plugin:: Clearbit Reveal
Plugin Slug:: clearbit
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31785

Plugin:: Delete Post Revision
Plugin Slug:: delete-post-revision
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31454

Plugin:: Demo Awesome
Plugin Slug:: demo-awesome
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13637

Plugin:: DigiWidgets Image Editor
Plugin Slug:: digiwidgets-image-editor
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30580

Plugin:: Multi Days Events and Multi Events in One Day Calendar
Plugin Slug:: dragon-calendar-free-version
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31572

Plugin:: DyaPress ERP/CRM
Plugin Slug:: dyapress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30582

Plugin:: ZoomSounds
Plugin Slug:: dzs-zoomsounds
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3431

Plugin:: ZoomSounds
Plugin Slug:: dzs-zoomsounds
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13776

Plugin:: ZoomSounds
Plugin Slug:: dzs-zoomsounds
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0839

Plugin:: Easy Contact
Plugin Slug:: easy-contact
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30970

Plugin:: Easy Query � WP Query Builder
Plugin Slug:: easy-query
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32120

Plugin:: Ebook Downloader
Plugin Slug:: ebook-downloader
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31904

Plugin:: Ebook Downloader
Plugin Slug:: ebook-downloader
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31894

Plugin:: Emma for WordPress
Plugin Slug:: emma-emarketing-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32166

Plugin:: Exit Popup Free
Plugin Slug:: exit-popup-free
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31591

Plugin:: Extensions for Elementor
Plugin Slug:: extensions-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31889

Plugin:: ez Form Calculator – WordPress plugin
Plugin Slug:: ez-form-calculator-premium
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22282

Plugin:: Fami WooCommerce Compare
Plugin Slug:: fami-woocommerce-compare
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31405

Plugin:: Flickr Photostream
Plugin Slug:: flickr-photostream
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31467

Plugin:: Frizzly
Plugin Slug:: frizzly
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30554

Plugin:: Front End Users
Plugin Slug:: front-end-only-users
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-2005

Plugin:: Front End Users
Plugin Slug:: front-end-only-users
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12410

Plugin:: GetBookingsWP
Plugin Slug:: get-bookings-wp
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31896

Plugin:: Salesmate Add-On for Gravity Forms
Plugin Slug:: gf-salesmate-add-on
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31551

Plugin:: Salesmate Add-On for Gravity Forms
Plugin Slug:: gf-salesmate-add-on
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31533

Plugin:: Gift Certificate Creator
Plugin Slug:: gift-certificate-creator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2483

Plugin:: Global Gallery
Plugin Slug:: global-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22263

Plugin:: GNUCommerce
Plugin Slug:: gnucommerce
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30985

Plugin:: Gosign � Posts Slider Block
Plugin Slug:: gosign-posts-slider-block
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31891

Plugin:: include-file
Plugin Slug:: include-file
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30596

Plugin:: Jetpack Feedback Exporter
Plugin Slug:: jetpack-feedback-exporter
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32251

Plugin:: JSON Structuring Markup
Plugin Slug:: json-structuring-markup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31908

Plugin:: KB Support
Plugin Slug:: kb-support
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13604

Plugin:: Search engine keywords highlighter
Plugin Slug:: keywords-highlight-tool
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31442

Plugin:: Lafka Plugin
Plugin Slug:: lafka-plugin
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1233

Plugin:: Latest Custom Post Type Updates
Plugin Slug:: latest-custom-post-type-updates
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30616

Plugin:: Lexicata
Plugin Slug:: lexicata
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31900

Plugin:: Limit Max IPs Per User
Plugin Slug:: limit-max-ips-per-user
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31455

Plugin:: MediaView
Plugin Slug:: mediaview
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31898

Plugin:: Melhor Envio
Plugin Slug:: melhor-envio-cotacao
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13820

Plugin:: mFolio Lite
Plugin Slug:: mfolio-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31847

Plugin:: MyBookProgress by Stormhill Media
Plugin Slug:: mybookprogress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30982

Plugin:: MyBookProgress by Stormhill Media
Plugin Slug:: mybookprogress
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31887

Plugin:: NanoSupport
Plugin Slug:: nanosupport
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31461

Plugin:: NanoSupport
Plugin Slug:: nanosupport
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31376

Plugin:: Pages Order
Plugin Slug:: pages-order
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31445

Plugin:: Posten � Gutenberg Post Block
Plugin Slug:: posten-post-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31790

Plugin:: Blubrry PowerPress Podcasting plugin MultiSite add-on
Plugin Slug:: powerpress-multisite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31436

Plugin:: RJ Quickcharts
Plugin Slug:: rj-quickcharts
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31024

Plugin:: Maps
Plugin Slug:: robo-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2279

Plugin:: SEO Tools
Plugin Slug:: seo-automatic-seo-tools
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30984

Plugin:: Sequel
Plugin Slug:: sequel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31389

Plugin:: Simple Map No Api
Plugin Slug:: simple-map-no-api
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31890

Plugin:: Simple WP Events
Plugin Slug:: simple-wp-events
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32193

Plugin:: Simple:Press
Plugin Slug:: simplepress
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31386

Plugin:: Smart Icons For WordPress
Plugin Slug:: smartifw
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2513

Plugin:: Social Share And Social Locker
Plugin Slug:: social-share-and-social-locker-arsocial
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31911

Plugin:: Social Share And Social Locker
Plugin Slug:: social-share-and-social-locker-arsocial
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31902

Plugin:: Team Builder
Plugin Slug:: team-display
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31907

Plugin:: Team Rosters
Plugin Slug:: team-rosters
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31905

Plugin:: Trackserver
Plugin Slug:: trackserver
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-30961

Plugin:: Video Url
Plugin Slug:: video-sidebar-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3098

Plugin:: Videos
Plugin Slug:: videos
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31384

Plugin:: Digihood HTML Sitemap
Plugin Slug:: wedesin-html-sitemap
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31901

Plugin:: WP Bookmarks
Plugin Slug:: wp-bookmarks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31431

Plugin:: WP Church Donation
Plugin Slug:: wp-church-donation
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31410

Plugin:: WP Crowdfunding
Plugin Slug:: wp-crowdfunding
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31892

Plugin:: WordPress Galleria
Plugin Slug:: wp-galleria
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31441

Plugin:: WP_Identicon
Plugin Slug:: wp-identicon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31468

Plugin:: WP Profitshare
Plugin Slug:: wp-profitshare
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31906

Plugin:: Advanced All in One Admin Search by WP Spotlight
Plugin Slug:: wp-spotlight-search
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32261

Plugin:: wp Time Machine
Plugin Slug:: wp-time-machine
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-3097

Plugin:: WP User Profiles
Plugin Slug:: wp-users-profiles
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31524

Plugin:: WP Cleaner
Plugin Slug:: wpcleaner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31446

Plugin:: Wptobe-signinup
Plugin Slug:: wptobe-signinup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30611

Plugin:: XV Random Quotes
Plugin Slug:: xv-random-quotes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31903

Plugin:: XV Random Quotes
Plugin Slug:: xv-random-quotes
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30971

Plugin:: Enable Media Replace
Plugin Slug:: enable-media-replace
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.6
Severity Score:: High
CVE:: 2025-31081

Plugin:: Slider, Gallery, and Carousel by MetaSlider � Image Slider, Video Slider
Plugin Slug:: ml-slider
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.95.0
Severity Score:: Medium
CVE:: 2025-1203

Plugin:: Unlimited Elements For Elementor
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.143
Severity Score:: Medium
CVE:: 2025-1663

Plugin:: Broken Link Checker by AIOSEO � Easily Fix/Monitor Internal and External links
Plugin Slug:: broken-link-checker-seo
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.4
Severity Score:: High
CVE:: 2025-1264

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.34
Severity Score:: High
CVE:: 2025-0613

Plugin:: Lightbox & Modal Popup WordPress Plugin � FooBox
Plugin Slug:: foobox-image-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.34
Severity Score:: Medium
CVE:: 2025-32139

Plugin:: LuckyWP Table of Contents
Plugin Slug:: luckywp-table-of-contents
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.11
Severity Score:: High
CVE:: 2025-2299

Plugin:: Modula Image Gallery
Plugin Slug:: modula-best-grid-gallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.2
Severity Score:: Medium
CVE:: 2024-9416

Plugin:: PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.1
Severity Score:: Medium
CVE:: 2025-1512

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.25
Severity Score:: Medium
CVE:: 2025-31627

Plugin:: User Registration & Membership � Custom Registration Form, Login Form, and User Profile
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Broken Authentication
Patched in Version:: 4.1.3
Severity Score:: Critical
CVE:: 2025-2594

Plugin:: Product Filter by WBW
Plugin Slug:: woo-product-filter
Installations: 60,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.0
Severity Score:: Critical
CVE:: 2025-2317

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.64
Severity Score:: Medium
CVE:: 2024-13382

Plugin:: Simple Banner � Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website
Plugin Slug:: simple-banner
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.5
Severity Score:: Medium
CVE:: 2024-13898

Plugin:: Uncanny Automator � Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Plugin Slug:: uncanny-automator
Installations: 50,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.4.0
Severity Score:: High
CVE:: 2025-2075

Plugin:: Gutentor � Gutenberg Blocks � Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.7
Severity Score:: High
CVE:: 2025-1986

Plugin:: MapPress Maps for WordPress
Plugin Slug:: mappress-google-maps-for-wordpress
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.94.9
Severity Score:: Medium
CVE:: 2025-2055

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.5
Severity Score:: High
CVE:: 2024-13708

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 40,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.2.5
Severity Score:: High
CVE:: 2024-13744

Plugin:: WPFront User Role Editor
Plugin Slug:: wpfront-user-role-editor
Installations: 40,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.2
Severity Score:: High
CVE:: 2025-3064

Plugin:: Blog Grid & Post Grid � Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer Pack
Plugin Slug:: blog-designer-pack
Installations: 30,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.1
Severity Score:: High
CVE:: 2025-31082

Plugin:: GTM Kit � Google Tag Manager & GA4 integration
Plugin Slug:: gtm-kit
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.1
Severity Score:: High
CVE:: 2025-31001

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.5
Severity Score:: High
CVE:: 2025-30905

Plugin:: User Submitted Posts � Enable Users to Submit Posts from the Front End
Plugin Slug:: user-submitted-posts
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20250327
Severity Score:: Medium
CVE:: 2025-2874

Plugin:: Import Export Suite for CSV and XML Datafeed
Plugin Slug:: wp-ultimate-csv-importer
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.19.1
Severity Score:: High
CVE:: 2025-2008

Plugin:: Import Export Suite for CSV and XML Datafeed
Plugin Slug:: wp-ultimate-csv-importer
Installations: 20,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 7.19.1
Severity Score:: High
CVE:: 2025-2007

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.4.4
Severity Score:: High
CVE:: 2025-31420

Plugin:: Countdown, Coming Soon, Maintenance � Countdown & Clock
Plugin Slug:: countdown-builder
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.9.0
Severity Score:: High
CVE:: 2025-2270

Plugin:: Countdown, Coming Soon, Maintenance � Countdown & Clock
Plugin Slug:: countdown-builder
Installations: 10,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.8.9
Severity Score:: Critical
CVE:: 2025-30841

Plugin:: RegistrationMagic � Custom Registration Forms, User Registration, Payment, and User Login
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4.4
Severity Score:: Medium
CVE:: 2025-2836

Plugin:: HTML Forms � Simple WordPress Forms Plugin
Plugin Slug:: html-forms
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.2
Severity Score:: High
CVE:: 2025-31080

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.8
Severity Score:: Medium
CVE:: 2025-2889

Plugin:: Motors � Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.67
Severity Score:: Medium
CVE:: 2025-3437

Plugin:: Motors � Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.65
Severity Score:: High
CVE:: 2025-2807

Plugin:: Motors � Car Dealership & Classified Listings Plugin
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.64
Severity Score:: Medium
CVE:: 2025-2808

Plugin:: ShortPixel Adaptive Images � WebP, AVIF, CDN, Image Optimization
Plugin Slug:: shortpixel-adaptive-images
Installations: 10,000+
Vulnerability:: Broken Authentication
Patched in Version:: 3.10.1
Severity Score:: Medium
CVE:: 2025-30853

Plugin:: WP Date and Time Shortcode
Plugin Slug:: wp-date-and-time-shortcode
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.8
Severity Score:: Medium
CVE:: 2025-31590

Plugin:: Automatic Featured Images from Videos
Plugin Slug:: automatic-featured-images-from-videos
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2025-31820

Plugin:: Awesome Support � WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 8,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.3.2
Severity Score:: High
CVE:: 2024-13567

Plugin:: Cue by AudioTheme.com
Plugin Slug:: cue
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2025-31787

Plugin:: Insert Headers and Footers Code � HT Script
Plugin Slug:: insert-headers-and-footers-script
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-2779

Plugin:: Drag and Drop Multiple File Upload for WooCommerce
Plugin Slug:: drag-and-drop-multiple-file-upload-for-woocommerce
Installations: 6,000+
Vulnerability:: Directory Traversal
Patched in Version:: 1.1.5
Severity Score:: Critical
CVE:: 2025-2941

Plugin:: MultiVendorX � Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace � Build the Next Amazon, eBay, Etsy
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.20
Severity Score:: Medium
CVE:: 2025-2789

Plugin:: SMS Alert Order Notifications � WooCommerce
Plugin Slug:: sms-alert
Installations: 5,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.8.0
Severity Score:: Critical
CVE:: 2024-13553

Plugin:: Watu Quiz
Plugin Slug:: watu
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.3
Severity Score:: High
CVE:: 2025-30844

Plugin:: Lana Downloads Manager
Plugin Slug:: lana-downloads-manager
Installations: 3,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.10.0
Severity Score:: Medium
CVE:: 2025-2048

Plugin:: Beds24 Online Booking
Plugin Slug:: beds24-online-booking
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.28
Severity Score:: Medium
CVE:: 2025-31851

Plugin:: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner � Groundhogg
Plugin Slug:: groundhogg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0
Severity Score:: Medium
CVE:: 2025-1267

Plugin:: teachPress
Plugin Slug:: teachpress
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 9.0.12
Severity Score:: High
CVE:: 2025-32149

Plugin:: Product Table by WBW
Plugin Slug:: woo-product-tables
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.5
Severity Score:: High
CVE:: 2025-31086

Plugin:: CM Header and Footer � Add custom scripts and styles to your header and footer with ease
Plugin Slug:: cm-header-footer-script-loader
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2025-31091

Plugin:: Social proof testimonials and reviews by Repuso
Plugin Slug:: social-testimonials-and-reviews-widget
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.22
Severity Score:: Medium
CVE:: 2025-31886

Plugin:: WordPress Tour & Travel Booking Plugin for WooCommerce � WpTravelly
Plugin Slug:: tour-booking-manager
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.8.8
Severity Score:: High
CVE:: 2025-30892

Plugin:: YayExtra � WooCommerce Extra Product Options
Plugin Slug:: yayextra
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.3
Severity Score:: High
CVE:: 2025-31415

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 900+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3.7
Severity Score:: High
CVE:: 2025-3430

Plugin:: Ultra Addons Lite for Elementor
Plugin Slug:: ut-elementor-addons-lite
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2025-32192

Plugin:: xili-language
Plugin Slug:: xili-language
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.21.3
Severity Score:: High
CVE:: 2025-31085

Plugin:: Feedbucket � Website Feedback Tool
Plugin Slug:: feedbucket
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2025-31859

Plugin:: WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Plugin Slug:: cf7-zendesk
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2025-32269

Plugin:: Printus � Automatic Printing Plugin for WooCommerce � Print WooCommerce Orders, PDF Invoices, Packaging Slips & More
Plugin Slug:: printus-cloud-printing-for-woocommerce
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2025-31830

Plugin:: WPC Smart Linked Products � Upsells & Cross-sells for WooCommerce
Plugin Slug:: wpc-smart-linked-products
Installations: 700+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.3.6
Severity Score:: High
CVE:: 2025-30825

Plugin:: Maps for WP
Plugin Slug:: maps-for-wp
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2025-32179

Plugin:: Theater for WordPress
Plugin Slug:: theatre
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 0.18.8
Severity Score:: Medium
CVE:: 2025-31846

Plugin:: Snow Storm
Plugin Slug:: snow-storm
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.7
Severity Score:: High
CVE:: 2025-30858

Plugin:: Testimonial � Testimonial Slider, Reviews Slider, Testimonial By AI
Plugin Slug:: testimonial
Installations: 500+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.0.14
Severity Score:: High
CVE:: 2025-30889

Plugin:: Web Directory Free
Plugin Slug:: web-directory-free
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.8
Severity Score:: High
CVE:: 2025-30908

Plugin:: WordPress Access Areas
Plugin Slug:: wp-access-areas
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.20
Severity Score:: High
CVE:: 2025-30913

Plugin:: Post to Social Media � WordPress to Hootsuite
Plugin Slug:: wp-to-hootsuite
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2025-32267

Plugin:: Team Circle Image Slider With Lightbox
Plugin Slug:: circle-image-slider-with-lightbox
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.5
Severity Score:: High
CVE:: 2019-25223

Plugin:: DeBounce Email Validator
Plugin Slug:: debounce-io-email-validator
Installations: 400+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.71
Severity Score:: High
CVE:: 2025-31098

Plugin:: Plugin Oficial � Getnet para WooCommerce
Plugin Slug:: wc-checkout-getnet
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.0
Severity Score:: High
CVE:: 2025-30906

Plugin:: Order Splitter for WooCommerce
Plugin Slug:: woo-order-splitter
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 5.3.1
Severity Score:: High
CVE:: 2025-31089

Plugin:: CardGate Payments for WooCommerce
Plugin Slug:: cardgate
Installations: 300+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.2
Severity Score:: High
CVE:: 2025-32119

Plugin:: Falling Things
Plugin Slug:: falling-things
Installations: 300+
Vulnerability:: SQL Injection
Patched in Version:: 1.09
Severity Score:: High
CVE:: 2025-32203

Plugin:: Search, Filters & Merchandising for WooCommerce
Plugin Slug:: instantsearch-for-woocommerce
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.59
Severity Score:: Medium
CVE:: 2025-32181

Plugin:: Mobile App Canvas � Convert your Website Into an App for iOS and Android
Plugin Slug:: mobile-app
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.3
Severity Score:: Medium
CVE:: 2025-31816

Plugin:: Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
Plugin Slug:: v-form
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.10
Severity Score:: High
CVE:: 2025-30778

Plugin:: Next-Cart Store to WooCommerce Migration
Plugin Slug:: nextcart-woocommerce-migration
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.5
Severity Score:: Critical
CVE:: 2025-30807

Plugin:: Oracle Cards Lite
Plugin Slug:: oracle-cards
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2025-30852

Plugin:: Perfect Font Awesome Integration
Plugin Slug:: perfect-font-awesome-integration
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.1
Severity Score:: Medium
CVE:: 2025-31861

Plugin:: Residential Address Detection
Plugin Slug:: residential-address-detection
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.5
Severity Score:: Medium
CVE:: 2025-30916

Plugin:: Total processing card payments for WooCommerce
Plugin Slug:: totalprocessing-card-payments
Installations: 200+
Vulnerability:: Arbitrary File Download
Patched in Version:: 7.1.6
Severity Score:: Medium
CVE:: 2025-32209

Plugin:: Big Boom Directory
Plugin Slug:: big-boom-directory
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-13673

Plugin:: GreenPay(tm) by Green.Money
Plugin Slug:: green-money-payment-gateway
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.0.10
Severity Score:: Medium
CVE:: 2025-2882

Plugin:: WordPress Internal Link Optimiser
Plugin Slug:: internal-link-finder
Installations: 100+
Vulnerability:: Settings Change
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2025-32243

Plugin:: Shopper � Affiliate Link Management, 25000+ Brand Partnerships & Creative Product Displays
Plugin Slug:: shopper
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.6
Severity Score:: Critical
CVE:: 2025-31534

Plugin:: Material Dashboard
Plugin Slug:: material-dashboard
Installations: 80+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.6
Severity Score:: High
CVE:: 2025-31097

Plugin:: Norse Rune Oracle Plugin
Plugin Slug:: norse-runes-oracle
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2025-31884

Plugin:: Small Package Quotes � Worldwide Express Edition
Plugin Slug:: small-package-quotes-wwe-edition
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.20
Severity Score:: Medium
CVE:: 2025-30915

Plugin:: Small Package Quotes � Worldwide Express Edition
Plugin Slug:: small-package-quotes-wwe-edition
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.19
Severity Score:: High
CVE:: 2025-31078

Plugin:: Awesome Event Booking
Plugin Slug:: awesome-event-booking
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.5
Severity Score:: High
CVE:: 2025-31416

Plugin:: Accept SagePay Payments Using Contact Form 7
Plugin Slug:: accept-sagepay-payments-using-contact-form-7
Installations: 10+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2025-2883

Plugin:: coreActivity: Activity Logging for WordPress
Plugin Slug:: coreactivity
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2025-3436

Plugin:: Bridge Core
Plugin Slug:: bridge-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2025-31409

Plugin:: Contempo Real Estate Core
Plugin Slug:: ct-real-estate-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.4
Severity Score:: Medium
CVE:: 2025-2906

Plugin:: Fusion Builder
Plugin Slug:: fusion-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.15
Severity Score:: Medium
CVE:: 2025-1665

Plugin:: tagDiv Composer
Plugin Slug:: td-composer
Vulnerability:: PHP Object Injection
Patched in Version:: 5.4
Severity Score:: Critical
CVE:: 2024-13645

Plugin:: User Registration & Membership Pro
Plugin Slug:: user-registration-pro
Vulnerability:: Broken Authentication
Patched in Version:: 5.1.3
Severity Score:: Critical
CVE:: 2025-2594

Plugin:: Vehica Core
Plugin Slug:: vehica-core
Vulnerability:: Privilege Escalation
Patched in Version:: 1.0.98
Severity Score:: High
CVE:: 2025-3105

Plugin:: Vitepos
Plugin Slug:: vitepos-lite
Vulnerability:: Broken Authentication
Patched in Version:: 3.1.5
Severity Score:: High
CVE:: 2025-22277

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.4.22
Severity Score:: Medium
CVE:: 2025-2797

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.4.22
Severity Score:: Critical
CVE:: 2025-2780

Plugin:: WP RealEstate
Plugin Slug:: wp-realestate
Vulnerability:: Privilege Escalation
Patched in Version:: 1.6.27
Severity Score:: Critical
CVE:: 2025-2237

WordPress Themes � 5 Patched / 24 Unpatched

Theme:: Glossy Blog
Theme Slug:: glossy-blog
Downloads: 5,059
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26934

Theme:: Home Services
Theme Slug:: home-services
Downloads: 19,959
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26930

Theme:: Simplish
Theme Slug:: simplish
Downloads: 28,664
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22281

Theme:: Tain�
Theme Slug:: taina
Downloads: 1,311
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26919

Theme:: Bloggie
Theme Slug:: bloggie
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Themify Edmin
Theme Slug:: edmin
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Themify Edmin
Theme Slug:: edmin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Themify Folo
Theme Slug:: folo
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Themify Folo
Theme Slug:: folo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Gravel
Theme Slug:: gravel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31418

Theme:: Themify Newsy
Theme Slug:: newsy
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Themify Newsy
Theme Slug:: newsy
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Photobox
Theme Slug:: photobox
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Photobox
Theme Slug:: photobox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Rezo
Theme Slug:: rezo
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Rezo
Theme Slug:: rezo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Shopo
Theme Slug:: shopo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Themify Sidepane WordPress Theme
Theme Slug:: sidepane
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Themify Sidepane WordPress Theme
Theme Slug:: sidepane
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Slide
Theme Slug:: slide
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Slide
Theme Slug:: slide
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31013

Theme:: Tiger
Theme Slug:: tiger
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31407

Theme:: Tiger
Theme Slug:: tiger
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31027

Theme:: Wigi
Theme Slug:: wigi
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-30996

Theme:: Real Estate 7
Theme Slug:: realestate-7
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.5.5
Severity Score:: High
CVE:: 2025-2891

Theme:: Streamit
Theme Slug:: streamit
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2025-2519

Theme:: Streamit
Theme Slug:: streamit
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.0.2
Severity Score:: Critical
CVE:: 2025-2525

Theme:: Streamit
Theme Slug:: streamit
Vulnerability:: Privilege Escalation
Patched in Version:: 4.0.3
Severity Score:: High
CVE:: 2025-2526

Theme:: Woffice
Theme Slug:: woffice
Vulnerability:: Privilege Escalation
Patched in Version:: 5.4.22
Severity Score:: Critical
CVE:: 2025-2798