Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark purple gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � February 5, 2025

In this report, 345 vulnerabilities have been publicly disclosed. Security patches for 148 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 197 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

WordPress Plugins � 146 Patched / 195 Unpatched

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-50500

Plugin:: Meta Tag Manager
Plugin Slug:: meta-tag-manager
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22260

Plugin:: Dynamic Conditions
Plugin Slug:: dynamicconditions
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22642

Plugin:: Hide Shipping Method For WooCommerce
Plugin Slug:: hide-shipping-method-for-woocommerce
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22694

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22649

Plugin:: Youzify � BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:: youzify
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13368

Plugin:: Youzify � BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:: youzify
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12113

Plugin:: Borderless � Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
Plugin Slug:: borderless
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10867

Plugin:: Borderless � Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
Plugin Slug:: borderless
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11583

Plugin:: Borderless � Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
Plugin Slug:: borderless
Installations: 7,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-11600

Plugin:: WP Travel � Ultimate Travel Booking System, Tour Management Engine
Plugin Slug:: wp-travel
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22691

Plugin:: Payment Forms for Paystack
Plugin Slug:: payment-forms-for-paystack
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22652

Plugin:: Eventer
Plugin Slug:: eventer
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11133

Plugin:: Eventer
Plugin Slug:: eventer
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11133

Plugin:: Eventer
Plugin Slug:: eventer
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11133

Plugin:: Blog, Posts and Category Filter for Elementor
Plugin Slug:: blog-posts-and-category-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22648

Plugin:: Document Block � Upload & Embed Docs, PDF, PPT, XLS or Any Documents
Plugin Slug:: document
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22696

Plugin:: Nirweb support
Plugin Slug:: nirweb-support
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22695

Plugin:: Scroll Styler
Plugin Slug:: scroll-styler
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23990

Plugin:: Vayu Blocks � Gutenberg Blocks for WordPress & WooCommerce
Plugin Slug:: vayu-blocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22644

Plugin:: Broadstreet
Plugin Slug:: broadstreet
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11825

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22679

Plugin:: Paytm Payment Donation
Plugin Slug:: paytm-donation
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22640

Plugin:: Designer � Elementor Addons
Plugin Slug:: designer
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23987

Plugin:: Internal Link Builder
Plugin Slug:: internal-link-builder
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23989

Plugin:: Music Press Pro
Plugin Slug:: music-press-pro
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22653

Plugin:: Image Rotator
Plugin Slug:: appten-image-rotator
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25073

Plugin:: All push notification for WP
Plugin Slug:: all-push-notification
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25073

Plugin:: Linear
Plugin Slug:: linear
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13709

Plugin:: CWD � Stealth Links
Plugin Slug:: cwd-stealth-links
Installations: 50+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-22655

Plugin:: HT Event � WordPress Event Manager Plugin for Elementor
Plugin Slug:: ht-event
Installations: 50+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13216

Plugin:: Print PDF Generator and Publisher
Plugin Slug:: nopeamedia
Installations: 50+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22637

Plugin:: AIO Performance Profiler, Monitor, Optimize, Compress & Debug
Plugin Slug:: all-in-one-performance-accelerator
Installations: 20+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22647

Plugin:: Appointment Buddy Widget By Accrete
Plugin Slug:: appointment-buddy-online-appointment-booking-by-accrete
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25081

Plugin:: Notification Bar � Top Bar � Easy Sticky Notification Bar | FM Notification Bar
Plugin Slug:: fm-notification-bar
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22641

Plugin:: ABC Notation
Plugin Slug:: abc-notation
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13550

Plugin:: Altra Side Menu
Plugin Slug:: altra-side-menu
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12774

Plugin:: Altra Side Menu
Plugin Slug:: altra-side-menu
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12773

Plugin:: AnimateGL – Advanced Animation Plugin for WordPress
Plugin Slug:: animategl
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12620

Plugin:: Ask Me Anything (Anonymously)
Plugin Slug:: ask-me-anything-anonymously
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12512

Plugin:: Auto SEO
Plugin Slug:: auto-seo
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25147

Plugin:: BookPress � For Book Authors
Plugin Slug:: book-press
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25167

Plugin:: BookPress � For Book Authors
Plugin Slug:: book-press
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25168

Plugin:: Breaking News Ticker
Plugin Slug:: breaking-news-ticker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25094

Plugin:: brodos.net Onlineshop Plugin
Plugin Slug:: brodos-net-onlineshop
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12529

Plugin:: Bulk Me Now!
Plugin Slug:: bulk-me-now
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12709

Plugin:: Bulk Me Now!
Plugin Slug:: bulk-me-now
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12708

Plugin:: Bulk Me Now!
Plugin Slug:: bulk-me-now
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12638

Plugin:: CanvasFlow
Plugin Slug:: canvasflow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12275

Plugin:: Child Themes Helper
Plugin Slug:: child-themes-helper
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25093

Plugin:: Competition Form
Plugin Slug:: competition-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12749

Plugin:: Connections
Plugin Slug:: connections1
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12885

Plugin:: Custom Comment Notifications
Plugin Slug:: custom-comment-notifications
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25154

Plugin:: A5 Custom Login Page
Plugin Slug:: custom-login-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13226

Plugin:: Custom Links On Admin Dashboard Toolbar
Plugin Slug:: customize-wpadmin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25135

Plugin:: Delete Comments By Status
Plugin Slug:: delete-comments-by-status
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25097

Plugin:: Dental Optimizer Patient Generator App
Plugin Slug:: dental-optimizer-patient-generator-app
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13052

Plugin:: Dyn Business Panel
Plugin Slug:: dyn-business-panel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13057

Plugin:: Dyn Business Panel
Plugin Slug:: dyn-business-panel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13055

Plugin:: Easy Chart Builder for WordPress
Plugin Slug:: easy-chart-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25077

Plugin:: Easy Related Posts
Plugin Slug:: easy-related-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25123

Plugin:: Easy WP Tiles
Plugin Slug:: easy-wp-tiles
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25073

Plugin:: ECPay Ecommerce for WooCommerce
Plugin Slug:: ecpay-ecommerce-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13652

Plugin:: ECT Home Page Products
Plugin Slug:: ect-homepage-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13225

Plugin:: Embed RSS
Plugin Slug:: embed-rss
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25081

Plugin:: Embed Swagger UI
Plugin Slug:: embed-swagger-ui
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13700

Plugin:: Etsy Importer
Plugin Slug:: etsy-importer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12817

Plugin:: External Video For Everybody
Plugin Slug:: external-video-for-everybody
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25097

Plugin:: Facilita Form Tracker
Plugin Slug:: facilita-form-tracker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25128

Plugin:: Fami Sales Popup
Plugin Slug:: fami-sales-popup
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25141

Plugin:: Fantastic Elasticsearch
Plugin Slug:: fantastic-elasticsearch
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13221

Plugin:: Fare Calculator
Plugin Slug:: fare-calculator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23982

Plugin:: Status Updater
Plugin Slug:: fb-status-updater
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25111

Plugin:: FlashCounter
Plugin Slug:: flashcounter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23978

Plugin:: Post Title (TypeWriter)
Plugin Slug:: flashnews-typewriter-pearlbells
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-56012

Plugin:: FlexIDX Home Search
Plugin Slug:: flexidx-home-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25082

Plugin:: Forge � Front-End Page Builder
Plugin Slug:: forge
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22703

Plugin:: Frictionless
Plugin Slug:: frictionless
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13396

Plugin:: Full Circle
Plugin Slug:: full-circle
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23980

Plugin:: Fyrebox Quizzes
Plugin Slug:: fyrebox-shortcode
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25125

Plugin:: GlobalQuran
Plugin Slug:: globalquran
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25143

Plugin:: URL-Preview-Box
Plugin Slug:: good-url-preview-box
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25104

Plugin:: Google Earth Embed
Plugin Slug:: google-earth-tours
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25078

Plugin:: WordPress Google Map Professional
Plugin Slug:: google-map-professional
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13220

Plugin:: Graceful Email Obfuscation
Plugin Slug:: graceful-email-obfuscation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25076

Plugin:: HTML5 chat
Plugin Slug:: html5-chat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12451

Plugin:: Plugin A/B Image Optimizer
Plugin Slug:: images-optimizer
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25163

Plugin:: Implied Cookie Consent
Plugin Slug:: implied-cookie-consent
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25097

Plugin:: Indeed API
Plugin Slug:: indeed-api
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25103

Plugin:: Infusionsoft Analytics
Plugin Slug:: infusionsoft-web-tracker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25145

Plugin:: InLocation
Plugin Slug:: inlocation
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25166

Plugin:: Issuu Panel
Plugin Slug:: issuu-panel
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23976

Plugin:: WP Vehicle Manager
Plugin Slug:: js-vehicle-manager
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25081

Plugin:: Event Kikfyre
Plugin Slug:: kikfyre-events-calendar-tickets
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25110

Plugin:: Kona Gallery Block
Plugin Slug:: kona-instagram-feed-for-gutenberg
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25080

Plugin:: Contact Form and Calls To Action by vcita
Plugin Slug:: lead-capturing-call-to-actions-by-vcita
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13717

Plugin:: Like dislike plus counter
Plugin Slug:: like-dislike-plus-counter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25073

Plugin:: Link to URL / Post
Plugin Slug:: link-to-url-post
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25116

Plugin:: Links in Captions
Plugin Slug:: links-in-captions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25098

Plugin:: Live2DWebCanvas
Plugin Slug:: live-2d
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13767

Plugin:: Login-box
Plugin Slug:: login-box
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25149

Plugin:: MagicForm
Plugin Slug:: magicform
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0939

Plugin:: Masy Gallery
Plugin Slug:: masy-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13586

Plugin:: Munk Sites
Plugin Slug:: munk-sites
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-25101

Plugin:: Music Sheet Viewer
Plugin Slug:: music-sheet-viewer
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25155

Plugin:: Music Sheet Viewer
Plugin Slug:: music-sheet-viewer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13670

Plugin:: NextGen Cooliris Gallery
Plugin Slug:: nextgen-cooliris-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25091

Plugin:: Ni Sales Commission For WooCommerce
Plugin Slug:: ni-woo-sales-commission
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13424

Plugin:: NOTICE BOARD BY TOWKIR
Plugin Slug:: notice-board-by-towkir
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12816

Plugin:: WordPress SEO Friendly Accordion FAQ
Plugin Slug:: notice-faq
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13458

Plugin:: OneStore Sites
Plugin Slug:: onestore-sites
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-25107

Plugin:: On Page SEO + Whatsapp Chat Button
Plugin Slug:: ops-robots-txt
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25138

Plugin:: Optimate Ads
Plugin Slug:: optimate-ads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25136

Plugin:: Link Fixer
Plugin Slug:: permalink-finder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-0809

Plugin:: Policy Genius
Plugin Slug:: policy-genius
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13219

Plugin:: Pop Up
Plugin Slug:: popup-seo-optimized
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25105

Plugin:: Post Carousel Slider
Plugin Slug:: post-carousel-slider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23977

Plugin:: Power Ups for Elementor
Plugin Slug:: power-ups-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13548

Plugin:: Quote Comments
Plugin Slug:: quote-comments
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25156

Plugin:: Read More Copy Link
Plugin Slug:: read-more-copy-link
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25148

Plugin:: Responsive iframe
Plugin Slug:: responsive-iframe
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12768

Plugin:: ReverbNation Widgets
Plugin Slug:: reverbnation-widgets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25095

Plugin:: Royal Core
Plugin Slug:: royal-core
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12129

Plugin:: RSS in Page
Plugin Slug:: rss-in-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25096

Plugin:: Safe Ai Malware Protection for WP
Plugin Slug:: safe-ai-malware-protection-for-wp
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12269

Plugin:: Social Share Buttons for WordPress
Plugin Slug:: share-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12807

Plugin:: Social Share Buttons for WordPress
Plugin Slug:: share-buttons
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13117

Plugin:: Show notice or message on admin area
Plugin Slug:: show-notice-or-message-on-admin-area
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25075

Plugin:: Simple Auto Tag
Plugin Slug:: simple-auto-tag
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25153

Plugin:: Simple Select All Text Box
Plugin Slug:: simple-select-all-text-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25079

Plugin:: Simple User Profile
Plugin Slug:: simple-user-profile
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25140

Plugin:: Single-user-chat
Plugin Slug:: single-user-chat
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13646

Plugin:: Slide Banners
Plugin Slug:: slide-banners
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25120

Plugin:: SlideDeck 1 Lite Content Slider
Plugin Slug:: slidedeck-lite-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13224

Plugin:: Smart Countdown FX
Plugin Slug:: smart-countdown-fx
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25117

Plugin:: Smart DoFollow
Plugin Slug:: smart-dofollow
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25152

Plugin:: Social Links
Plugin Slug:: social-links
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25128

Plugin:: Social Links
Plugin Slug:: social-links
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25098

Plugin:: Songkick Concerts and Festivals
Plugin Slug:: songkick-concerts-and-festivals
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25146

Plugin:: Sports Rankings and Lists
Plugin Slug:: sports-rankings-lists
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25148

Plugin:: StageShow
Plugin Slug:: stageshow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13705

Plugin:: Starter Templates by FancyWP
Plugin Slug:: starter-templates
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-25106

Plugin:: Starter Templates by FancyWP
Plugin Slug:: starter-templates
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Stockdio Historical Chart
Plugin Slug:: stockdio-historical-chart
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13349

Plugin:: Style Tweaker
Plugin Slug:: style-tweaker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25160

Plugin:: System Dashboard
Plugin Slug:: system-dashboard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12299

Plugin:: Tabulate
Plugin Slug:: tabulate
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13223

Plugin:: Theasys
Plugin Slug:: theasys
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25144

Plugin:: Theme Options Z
Plugin Slug:: theme-options-z
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25111

Plugin:: Traveler Code
Plugin Slug:: traveler-code
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22700

Plugin:: Traveler Code
Plugin Slug:: traveler-code
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-22699

Plugin:: Traveler Layout Essential For Elementor
Plugin Slug:: traveler-layout-essential-for-elementor
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22701

Plugin:: Typer Core
Plugin Slug:: typer-core
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12102

Plugin:: uListing
Plugin Slug:: ulisting
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-25146

Plugin:: uListing
Plugin Slug:: ulisting
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25151

Plugin:: User Messages
Plugin Slug:: user-messages
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13222

Plugin:: User Role
Plugin Slug:: user-roles
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25073

Plugin:: Media Manager for UserPro
Plugin Slug:: userpro-mediamanager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12821

Plugin:: Media Manager for UserPro
Plugin Slug:: userpro-mediamanager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12822

Plugin:: Vignette Ads
Plugin Slug:: vignete-ads
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25071

Plugin:: VR-Frases
Plugin Slug:: vr-frases
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22636

Plugin:: VR-Frases
Plugin Slug:: vr-frases
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-0860

Plugin:: VR-Frases
Plugin Slug:: vr-frases
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-0861

Plugin:: WE � Testimonial Slider
Plugin Slug:: we-testimonial-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13460

Plugin:: WizShop
Plugin Slug:: wizshop
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25111

Plugin:: Wonder FontAwesome
Plugin Slug:: wonder-fontawesome
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13512

Plugin:: Woocommerce osCommerce Sync
Plugin Slug:: woo-oscommerce-sync
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25073

Plugin:: WordPress Signature
Plugin Slug:: wordpress-signature
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22704

Plugin:: WP Admin Custom Page
Plugin Slug:: wp-admin-custom-page
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25072

Plugin:: WP Contact Form7 Email Spam Blocker
Plugin Slug:: wp-contact-form7-email-spam-blocker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13467

Plugin:: WP Custom Post RSS Feed
Plugin Slug:: wp-custom-post-rss-feed
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25139

Plugin:: WP Dispensary
Plugin Slug:: wp-dispensary
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12444

Plugin:: WP Email Newsletter
Plugin Slug:: wp-email-newsletter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13098

Plugin:: WP Finance
Plugin Slug:: wp-finance
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13097

Plugin:: WP Finance
Plugin Slug:: wp-finance
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13096

Plugin:: WP Find Your Nearest
Plugin Slug:: wp-find-your-nearest
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25143

Plugin:: WP Frontend Submit
Plugin Slug:: wp-frontend-submit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25103

Plugin:: WP Image Uploader
Plugin Slug:: wp-post-447765 wp-image-uploader
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13706

Plugin:: WP Image Uploader
Plugin Slug:: wp-post-447765 wp-image-uploader
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13720

Plugin:: WP Image Uploader
Plugin Slug:: wp-post-447765 wp-image-uploader
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13707

Plugin:: WP Keyword Monitor
Plugin Slug:: wp-keyword-monitor
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25088

Plugin:: WP MediaTagger
Plugin Slug:: wp-mediatagger
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13112

Plugin:: WP MediaTagger
Plugin Slug:: wp-mediatagger
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13101

Plugin:: WP SimpleWeather
Plugin Slug:: wp-simpleweather
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25085

Plugin:: WP Social Stream
Plugin Slug:: wp-social-stream
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25074

Plugin:: WP Spell Check
Plugin Slug:: wp-spell-check
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-25111

Plugin:: WordPress Survey & Poll
Plugin Slug:: wp-survey-and-poll
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13596

Plugin:: WP Triggers Lite
Plugin Slug:: wp-triggers-lite
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13095

Plugin:: WP Triggers Lite
Plugin Slug:: wp-triggers-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13094

Plugin:: WP doodlez
Plugin Slug:: wpdoodlez
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25159

Plugin:: Top Bar � PopUps � by WPOptin
Plugin Slug:: wpoptin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25073

Plugin:: WPRadio
Plugin Slug:: wpradio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13397

Plugin:: Zalomen�
Plugin Slug:: zalomeni
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12872

Plugin:: ZMSEO
Plugin Slug:: zmseo
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25126

Plugin:: zStore Manager Basic
Plugin Slug:: zstore-manager-basic
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13715

Plugin:: WPForms � Easy Form Builder for WordPress � Contact Forms, Payment Forms, Surveys, & More
Plugin Slug:: wpforms-lite
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.3.2
Severity Score:: Medium
CVE:: 2024-13403

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.25
Severity Score:: Medium
CVE:: 2024-13470

Plugin:: Forminator Forms � Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.38.3
Severity Score:: High
CVE:: 2025-0470

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.45
Severity Score:: Medium
CVE:: 2025-22659

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.2.0
Severity Score:: Medium
CVE:: 2024-11829

Plugin:: Tracking Code Manager
Plugin Slug:: tracking-code-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2024-10309

Plugin:: Import any XML, CSV or Excel File to WordPress
Plugin Slug:: wp-all-import
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.0
Severity Score:: Medium
CVE:: 2024-9661

Plugin:: Import any XML, CSV or Excel File to WordPress
Plugin Slug:: wp-all-import
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.8.0
Severity Score:: High
CVE:: 2024-9664

Plugin:: Event Tickets and Registration
Plugin Slug:: event-tickets
Installations: 90,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.18.1.1
Severity Score:: Medium
CVE:: 2024-13457

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7
Severity Score:: Medium
CVE:: 2024-12597

Plugin:: Jupiter X Core
Plugin Slug:: jupiterx-core
Installations: 90,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.8.8
Severity Score:: High
CVE:: 2025-0366

Plugin:: Jupiter X Core
Plugin Slug:: jupiterx-core
Installations: 90,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.8.8
Severity Score:: Medium
CVE:: 2025-0365

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.7.5.1
Severity Score:: Medium
CVE:: 2024-13599

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.27.13
Severity Score:: Medium
CVE:: 2025-24689

Plugin:: Ninja Tables � Easy Data Table Builder
Plugin Slug:: ninja-tables
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.17
Severity Score:: Medium
CVE:: 2024-12772

Plugin:: Drag and Drop Multiple File Upload for Contact Form 7
Plugin Slug:: drag-and-drop-multiple-file-upload-contact-form-7
Installations: 60,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.3.8.6
Severity Score:: Medium
CVE:: 2024-12267

Plugin:: Divi Torque Lite
Plugin Slug:: addons-for-divi
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.1
Severity Score:: Medium
CVE:: 2025-0353

Plugin:: Better Find and Replace
Plugin Slug:: real-time-auto-find-and-replace
Installations: 50,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.6.8
Severity Score:: High
CVE:: 2025-24734

Plugin:: CF7 Google Sheets Connector
Plugin Slug:: cf7-google-sheets-connector
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.18
Severity Score:: Medium
CVE:: 2025-22686

Plugin:: NotificationX � FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar
Plugin Slug:: notificationx
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2025-22683

Plugin:: Contact Form & SMTP Plugin for WordPress by PirateForms
Plugin Slug:: pirate-forms
Installations: 40,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2024-13453

Plugin:: Gwolle Guestbook
Plugin Slug:: gwolle-gb
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.2
Severity Score:: High
CVE:: 2025-24710

Plugin:: Stratum � Elementor Widgets
Plugin Slug:: stratum
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-13642

Plugin:: Divi Carousel Maker
Plugin Slug:: wow-carousel-for-divi-lite
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2025-0350

Plugin:: DSGVO All in one for WP
Plugin Slug:: dsgvo-all-in-one-for-wp
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.7
Severity Score:: Medium
CVE:: 2024-13356

Plugin:: Photo Gallery � GT3 Image Gallery & Gutenberg Block Gallery
Plugin Slug:: gt3-photo-video-gallery
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7.25
Severity Score:: High
CVE:: 2025-24707

Plugin:: MP3 Audio Player � Music Player, Podcast Player & Radio by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.4
Severity Score:: Medium
CVE:: 2024-13157

Plugin:: Better Messages � Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
Plugin Slug:: bp-better-messages
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2024-13612

Plugin:: RegistrationMagic � Custom Registration Forms, User Registration, Payment, and User Login
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.3.4
Severity Score:: High
CVE:: 2025-24686

Plugin:: WP Customer Area
Plugin Slug:: customer-area
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.2.5
Severity Score:: Medium
CVE:: 2024-12280

Plugin:: Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
Plugin Slug:: directorist
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 8.1
Severity Score:: Medium
CVE:: 2024-12041

Plugin:: EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory
Plugin Slug:: ean-for-woocommerce
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.4.0
Severity Score:: Medium
CVE:: 2025-22673

Plugin:: Membership Plugin � Restrict Content
Plugin Slug:: restrict-content
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.14
Severity Score:: Medium
CVE:: 2024-11090

Plugin:: WooCommerce Product Table Lite
Plugin Slug:: wc-product-table-lite
Installations: 10,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.9.5
Severity Score:: High
CVE:: 2024-13472

Plugin:: WS Form LITE � Drag & Drop Contact Form Builder for WordPress
Plugin Slug:: ws-form
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.10.14
Severity Score:: High
CVE:: 2024-13509

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 8,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.17.5
Severity Score:: Low
CVE:: 2024-13450

Plugin:: MWB HubSpot for WooCommerce � CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics
Plugin Slug:: makewebbetter-hubspot-for-woocommerce
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.0
Severity Score:: High
CVE:: 2024-10591

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.3
Severity Score:: Medium
CVE:: 2025-22670

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.3
Severity Score:: High
CVE:: 2024-11641

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-13372

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-13425

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-13371

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-13428

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.8.9
Severity Score:: Medium
CVE:: 2024-13607

Plugin:: WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Plugin Slug:: smart-wishlist-for-more-convert
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.8.8
Severity Score:: Medium
CVE:: 2024-13694

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.3.6
Severity Score:: Medium
CVE:: 2025-22664

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.3.4
Severity Score:: Medium
CVE:: 2024-13505

Plugin:: B Slider- Gutenberg Slider Block for WP
Plugin Slug:: b-slider
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.24
Severity Score:: Medium
CVE:: 2024-13514

Plugin:: MultiVendorX � The Ultimate WooCommerce Multivendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.2.15
Severity Score:: High
CVE:: 2025-0493

Plugin:: Product Blocks for WooCommerce
Plugin Slug:: product-blocks-for-woocommerce
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2025-22674

Plugin:: Custom Product Tabs Lite for WooCommerce
Plugin Slug:: woocommerce-custom-product-tabs-lite
Installations: 5,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.9.1
Severity Score:: High
CVE:: 2024-12600

Plugin:: All Bootstrap Blocks
Plugin Slug:: all-bootstrap-blocks
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.27
Severity Score:: Medium
CVE:: 2024-13549

Plugin:: Custom Related Posts
Plugin Slug:: custom-related-posts
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2024-12825

Plugin:: Import WP � Export and Import CSV and XML files to WordPress
Plugin Slug:: jc-importer
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.14.6
Severity Score:: High
CVE:: 2024-13562

Plugin:: Custom Login Page Styler � Limit Login Attempts � Restrict Content With Login � Redirect After Login � Change Login URL � Sign in , Sign out
Plugin Slug:: login-page-styler
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.1.2
Severity Score:: Medium
CVE:: 2024-13530

Plugin:: Responsive Blocks � WordPress Gutenberg Blocks
Plugin Slug:: responsive-block-editor-addons
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2025-22697

Plugin:: Responsive Blocks � WordPress Gutenberg Blocks
Plugin Slug:: responsive-block-editor-addons
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-13732

Plugin:: aThemes Addons for Elementor
Plugin Slug:: athemes-addons-for-elementor-lite
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.9
Severity Score:: Medium
CVE:: 2025-22646

Plugin:: aThemes Addons for Elementor
Plugin Slug:: athemes-addons-for-elementor-lite
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.13
Severity Score:: Medium
CVE:: 2024-13547

Plugin:: Automatically Hierarchic Categories in Menu
Plugin Slug:: automatically-hierarchic-categories-in-menu
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-13466

Plugin:: Multiple Page Generator Plugin � MPG
Plugin Slug:: multiple-pages-generator-by-porthas
Installations: 3,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.0.6
Severity Score:: Medium
CVE:: 2024-10705

Plugin:: Shared Files � Frontend File Upload Form & Secure File Sharing
Plugin Slug:: shared-files
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.43
Severity Score:: High
CVE:: 2024-13504

Plugin:: Food Menu � Restaurant Menu & Online Ordering for WooCommerce
Plugin Slug:: tlp-food-menu
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.0
Severity Score:: Medium
CVE:: 2024-13415

Plugin:: Eventer
Plugin Slug:: eventer
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.9
Severity Score:: Critical
CVE:: 2024-11135

Plugin:: Medical Addon for Elementor
Plugin Slug:: medical-addon-for-elementor
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-12046

Plugin:: Order Export for WooCommerce
Plugin Slug:: order-export-and-more-for-woocommerce
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.25
Severity Score:: Medium
CVE:: 2024-13623

Plugin:: Plethora Plugins Tabs + Accordions
Plugin Slug:: plethora-tabs-accordions
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2024-13721

Plugin:: SendPulse Email Marketing Newsletter
Plugin Slug:: sendpulse-email-marketing-newsletter
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2025-22662

Plugin:: Ai Image Alt Text Generator for WP
Plugin Slug:: ai-image-alt-text-generator-for-wp
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: High
CVE:: 2024-12177

Plugin:: Post Form � Registration Form � Profile Form for User Profiles � Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.14
Severity Score:: Medium
CVE:: 2024-12037

Plugin:: WordPress Contact Forms by Cimatti
Plugin Slug:: contact-forms
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.5
Severity Score:: Medium
CVE:: 2024-12184

Plugin:: Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery � Upload, Vote, Sell via PayPal, Social Share Buttons
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 25.1.2
Severity Score:: High
CVE:: 2025-22693

Plugin:: CP Contact Form with PayPal
Plugin Slug:: cp-contact-form-with-paypal
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.53
Severity Score:: Medium
CVE:: 2024-13758

Plugin:: Flexible Wishlist for WooCommerce � Ecommerce Wishlist & Save for later
Plugin Slug:: flexible-wishlist
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.26
Severity Score:: High
CVE:: 2024-13696

Plugin:: Flexmls� IDX Plugin
Plugin Slug:: flexmls-idx
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.27
Severity Score:: Medium
CVE:: 2024-10552

Plugin:: GoHero Store Customizer for WooCommerce
Plugin Slug:: personalize-woocommerce-cart-page
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0
Severity Score:: Medium
CVE:: 2024-12826

Plugin:: Post Grid, Slider & Carousel Ultimate � with Shortcode, Gutenberg Block & Elementor Widget
Plugin Slug:: post-grid-carousel-ultimate
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2025-24782

Plugin:: RapidLoad � Optimize Web Vitals Automatically
Plugin Slug:: unusedcss
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2025-22665

Plugin:: W2S � Migrate WooCommerce to Shopify
Plugin Slug:: w2s-migrate-woo-to-shopify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-12861

Plugin:: iControlWP
Plugin Slug:: worpit-admin-dashboard-plugin
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.5.0
Severity Score:: Critical
CVE:: 2024-13742

Plugin:: AI Infographic Maker
Plugin Slug:: infographic-and-list-builder-ilist
Installations: 900+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 5.0.0
Severity Score:: Medium
CVE:: 2024-12415

Plugin:: Include Mastodon Feed
Plugin Slug:: include-mastodon-feed
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.10
Severity Score:: Medium
CVE:: 2025-22660

Plugin:: WP Sessions Time Monitoring Full Automatic
Plugin Slug:: activitytime
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: High
CVE:: 2025-24718

Plugin:: Product Table For WooCommerce
Plugin Slug:: product-table-for-woocommerce
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2025-22638

Plugin:: ClickWhale � Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages
Plugin Slug:: clickwhale
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2025-0804

Plugin:: Simple:Press Forum
Plugin Slug:: simplepress
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.10.12
Severity Score:: High
CVE:: 2024-12409

Plugin:: WP DataTable
Plugin Slug:: wp-datatable
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.2.7
Severity Score:: Medium
CVE:: 2024-13566

Plugin:: Alert Box Block � Display notice/alerts in the front end.
Plugin Slug:: alert-box-block
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2025-22675

Plugin:: ELEX WordPress HelpDesk & Customer Ticketing System
Plugin Slug:: elex-helpdesk-customer-support-ticket-system
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.7
Severity Score:: High
CVE:: 2024-12171

Plugin:: Hesabfa Accounting
Plugin Slug:: hesabfa-accounting
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: High
CVE:: 2025-22682

Plugin:: SeatReg
Plugin Slug:: seatreg
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.56.1
Severity Score:: Medium
CVE:: 2024-13463

Plugin:: Site Search 360
Plugin Slug:: site-search-360
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.7
Severity Score:: Medium
CVE:: 2024-11780

Plugin:: Uix Shortcodes
Plugin Slug:: uix-shortcodes
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.4
Severity Score:: Medium
CVE:: 2025-22677

Plugin:: WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Plugin Slug:: cf7-dynamics-crm
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.7
Severity Score:: High
CVE:: 2025-24708

Plugin:: Disable Elementor Editor Translation
Plugin Slug:: disable-elementor-editor-translation
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2025-22671

Plugin:: OPSI Israel Domestic Shipments
Plugin Slug:: woo-ups-pickup
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.6
Severity Score:: High
CVE:: 2024-13100

Plugin:: Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets
Plugin Slug:: wpsyncsheets-woocommerce
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9
Severity Score:: Medium
CVE:: 2025-22667

Plugin:: Alex Reservations: Smart Restaurant Booking
Plugin Slug:: alex-reservations
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-13380

Plugin:: Listings for Appfolio
Plugin Slug:: listings-for-appfolio
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.1
Severity Score:: High
CVE:: 2025-22658

Plugin:: Tags to Keywords
Plugin Slug:: tags-to-meta-keywords
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.2
Severity Score:: High
CVE:: 2025-22685

Plugin:: WP BASE Booking of Appointments, Services and Events
Plugin Slug:: wp-base-booking-of-appointments-services-and-events
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.0
Severity Score:: High
CVE:: 2025-22684

Plugin:: Awesome Responsive Photo Gallery � Image & Video Lightbox Gallery
Plugin Slug:: awesome-responsive-photo-gallery
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2025-24697

Plugin:: Target Video Easy Publish
Plugin Slug:: brid-video-easy-publish
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.4
Severity Score:: Medium
CVE:: 2024-13561

Plugin:: Target Video Easy Publish
Plugin Slug:: brid-video-easy-publish
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.4
Severity Score:: High
CVE:: 2024-12076

Plugin:: Clinked Client Portal
Plugin Slug:: clinked-client-portal
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.10
Severity Score:: Medium
CVE:: 2024-12524

Plugin:: DigiTimber cPanel Integration
Plugin Slug:: digitimber-cpanel-integration
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.8
Severity Score:: High
CVE:: 2025-22690

Plugin:: Video & Photo Gallery for Ultimate Member
Plugin Slug:: gallery-for-ultimate-member
Installations: 100+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-22672

Plugin:: Media Downloader
Plugin Slug:: media-downloader
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.4.7.6
Severity Score:: High
CVE:: 2025-24684

Plugin:: Morkva UA Shipping
Plugin Slug:: morkva-ua-shipping
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.20
Severity Score:: High
CVE:: 2025-24685

Plugin:: Content Cloner
Plugin Slug:: super-seo-content-cloner
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2025-22681

Plugin:: Unlimited Page Sidebars
Plugin Slug:: unlimited-page-sidebars
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.2.7
Severity Score:: High
CVE:: 2025-22688

Plugin:: WC Affiliate � A Complete WooCommerce Affiliate Plugin
Plugin Slug:: wc-affiliate
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4
Severity Score:: High
CVE:: 2024-12321

Plugin:: WC Affiliate � A Complete WooCommerce Affiliate Plugin
Plugin Slug:: wc-affiliate
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5
Severity Score:: High
CVE:: 2024-12334

Plugin:: WP Post List Table
Plugin Slug:: wp-post-list-table
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2024-13664

Plugin:: Table Editor
Plugin Slug:: wp-table-editor
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2024-13661

Plugin:: Dynamic URL SEO
Plugin Slug:: dynamic-url-seo
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: High
CVE:: 2025-23984

Plugin:: Dynamic URL SEO
Plugin Slug:: dynamic-url-seo
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2025-23985

Plugin:: EthereumICO
Plugin Slug:: ethereumico
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2024-12921

Plugin:: MailUp Auto Subscription
Plugin Slug:: mailup-auto-subscribtion
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.0
Severity Score:: High
CVE:: 2024-13521

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 80+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.6.10
Severity Score:: Critical
CVE:: 2025-0357

Plugin:: Infility Global
Plugin Slug:: infility-global
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.9
Severity Score:: High
CVE:: 2024-12723

Plugin:: Philantro � Donations and Donor Management
Plugin Slug:: philantro
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4
Severity Score:: Medium
CVE:: 2024-13527

Plugin:: Bilingual Linker
Plugin Slug:: bilingual-linker
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: Medium
CVE:: 2024-13441

Plugin:: Ticketmeo � Sell Tickets � Event Ticketing
Plugin Slug:: ploxel
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2025-0507

Plugin:: ShopSite
Plugin Slug:: shopsite-plugin
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.11
Severity Score:: High
CVE:: 2024-13510

Plugin:: eHive Objects Image Grid
Plugin Slug:: ehive-objects-image-grid
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-13662

Plugin:: Awesome Event Booking
Plugin Slug:: awesome-event-booking
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.5
Severity Score:: Medium
CVE:: 2025-22668

Plugin:: Awesome Event Booking
Plugin Slug:: awesome-event-booking
Installations: 40+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2025-22669

Plugin:: Boom Fest
Plugin Slug:: boom-fest
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-13449

Plugin:: Admin and Site Enhancements (ASE) Pro
Plugin Slug:: admin-site-enhancements-pro
Vulnerability:: Privilege Escalation
Patched in Version:: 7.6.3
Severity Score:: High
CVE:: 2024-43333

Plugin:: BoomBox Theme Extensions
Plugin Slug:: boombox-theme-extensions
Vulnerability:: Local File Inclusion
Patched in Version:: 1.8.1
Severity Score:: High
CVE:: 2024-12859

Plugin:: Elementor Pro
Plugin Slug:: elementor-pro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.25.11
Severity Score:: Medium
CVE:: 2024-8494

Plugin:: ElementsKit Pro
Plugin Slug:: elementskit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.9
Severity Score:: Medium
CVE:: 2025-0321

Plugin:: Goodlayers Core
Plugin Slug:: goodlayers-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-12163

Plugin:: Oshine Modules
Plugin Slug:: oshine-modules
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.3.8
Severity Score:: Medium
CVE:: 2024-44055

Plugin:: Tourmaster
Plugin Slug:: tourmaster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.5
Severity Score:: High
CVE:: 2024-12400

Plugin:: ThemeREX Addons
Plugin Slug:: trx_addons
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.34.0
Severity Score:: Critical
CVE:: 2024-13448

Plugin:: ThemeREX Addons
Plugin Slug:: trx_addons
Vulnerability:: Local File Inclusion
Patched in Version:: 2.34.0
Severity Score:: High
CVE:: 2025-0682

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: Broken Access Control
Patched in Version:: 31.4
Severity Score:: High
CVE:: 2024-13343

Plugin:: MultiLoca – WooCommerce Multi Locations Inventory Management
Plugin Slug:: woocommerce-multi-locations-inventory-management
Vulnerability:: SQL Injection
Patched in Version:: 4.1.12
Severity Score:: High
CVE:: 2024-13341

Plugin:: WooCommerce Support Ticket System
Plugin Slug:: woocommerce-support-ticket-system
Vulnerability:: Broken Access Control
Patched in Version:: 17.9
Severity Score:: Medium
CVE:: 2024-13775

Plugin:: WP ALL Export Pro
Plugin Slug:: wp-all-export-pro
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.9.2
Severity Score:: Critical
CVE:: 2024-7419

Plugin:: WP ALL Export Pro
Plugin Slug:: wp-all-export-pro
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.9.2
Severity Score:: Critical
CVE:: 2024-7425

Plugin:: WP All Import Pro
Plugin Slug:: wp-all-import-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.9.8
Severity Score:: Medium
CVE:: 2024-9661

Plugin:: WP All Import Pro
Plugin Slug:: wp-all-import-pro
Vulnerability:: PHP Object Injection
Patched in Version:: 4.9.8
Severity Score:: High
CVE:: 2024-9664

Plugin:: WPJobBoard
Plugin Slug:: wpjobboard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.11.1
Severity Score:: High
CVE:: 2025-24781

WordPress Themes � 2 Patched / 2 Unpatched

Theme:: OnePress
Theme Slug:: onepress
Downloads: 2,352,920
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22643

Theme:: Storely
Theme Slug:: storely
Downloads: 470,680
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10847

Theme:: SocialV
Theme Slug:: socialv
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.16
Severity Score:: Medium
CVE:: 2024-13529

Theme:: Zox News
Theme Slug:: zox-news
Vulnerability:: Broken Access Control
Patched in Version:: 3.17.0
Severity Score:: High
CVE:: 2024-11936