WordPress Vulnerability Report � January 22, 2025

In this report, 486 vulnerabilities have been publicly disclosed. Security patches for 93 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 393 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

WordPress Plugins � 90 Patched / 371 Unpatched

Plugin:: Post and Page Builder by BoldGrid � Visual Drag and Drop Editor
Plugin Slug:: post-and-page-builder
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22759

Plugin:: CoDesigner � All in One Elementor WooCommerce Builder
Plugin Slug:: woolementor
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22788

Plugin:: Bold pagos en linea
Plugin Slug:: bold-pagos-en-linea
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22793

Plugin:: GSheetConnector for Forminator Forms
Plugin Slug:: gsheetconnector-forminator
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22752

Plugin:: Post Carousel & Slider
Plugin Slug:: post-types-carousel-slider
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22750

Plugin:: Product Carousel For WooCommerce � WoorouSell
Plugin Slug:: woorousell
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22724

Plugin:: WP Headmaster
Plugin Slug:: wp-headmaster
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22755

Plugin:: Course Booking System
Plugin Slug:: course-booking-system
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-22785

Plugin:: Neon Product Designer
Plugin Slug:: neon-product-designer-for-woocommerce
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22799

Plugin:: Partners
Plugin Slug:: partners
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22751

Plugin:: Online Payments � Get Paid with PayPal, Square & Stripe
Plugin Slug:: paypal-payment-button-by-vcita
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22661

Plugin:: WP Order By
Plugin Slug:: wp-order-by
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22765

Plugin:: WR Price List Manager For Woocommerce
Plugin Slug:: wr-price-list-for-woocommerce
Installations: 100+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-22782

Plugin:: Estatebud � Properties & Listings
Plugin Slug:: estatebud-properties-listings
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23994

Plugin:: Amber
Plugin Slug:: amberlink
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22754

Plugin:: Multilang Contact Form
Plugin Slug:: multilang-contact-form
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22795

Plugin:: Responsive jQuery Slider
Plugin Slug:: responsive-jquery-slider
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22798

Plugin:: Gallery and Lightbox
Plugin Slug:: gallery-and-lightbox
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22797

Plugin:: User Management
Plugin Slug:: user-management
Installations: 70+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22736

Plugin:: WP Post Corrector
Plugin Slug:: wp-post-corrector
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22764

Plugin:: Foundation Columns
Plugin Slug:: foundation-columns
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22747

Plugin:: Navigation Du Lapin Blanc
Plugin Slug:: navigation-du-lapin-blanc
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22745

Plugin:: WordPress HelpDesk & Support Ticket System Plugin � Octrace Support
Plugin Slug:: octrace-support
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22762

Plugin:: S-DEV SEO
Plugin Slug:: s-dev-seo
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22744

Plugin:: SetMore Theme � Custom Post Types
Plugin Slug:: service-provider-profile-cpt
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22748

Plugin:: Social Media Engine
Plugin Slug:: social-media-engine
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22749

Plugin:: WP ViewSTL
Plugin Slug:: wp-viewstl
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22742

Plugin:: HireHive Job Plugin
Plugin Slug:: zartis-job-plugin
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22746

Plugin:: Ajax Contact Form
Plugin Slug:: fws-ajax-contact-form
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22761

Plugin:: Related Post Shortcode
Plugin Slug:: related-post-shortcode
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22276

Plugin:: CodeBard Help Desk
Plugin Slug:: codebard-help-desk
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22760

Plugin:: 1003 Mortgage Application
Plugin Slug:: 1003-mortgage-application
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13536

Plugin:: a Gateway for Pasargad Bank on WooCommerce
Plugin Slug:: a-gateway-for-pasargad-bank-on-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23966

Plugin:: Ad Blocking Detector
Plugin Slug:: ad-blocking-detector
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22732

Plugin:: add custom google tag manager
Plugin Slug:: add-custom-google-tag-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23537

Plugin:: Add RSS
Plugin Slug:: add-rss
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23895

Plugin:: Admin Cleanup
Plugin Slug:: admin-cleanup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23832

Plugin:: Admin Menu Organizer
Plugin Slug:: admin-menu-organizer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23686

Plugin:: Elementor AI Addons
Plugin Slug:: ai-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22758

Plugin:: AI Responsive Gallery Album
Plugin Slug:: ai-responsive-gallery-album
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23785

Plugin:: Ajax WP Query Search Filter
Plugin Slug:: ajax-wp-query-search-filter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23926

Plugin:: AlT Report
Plugin Slug:: alt-report
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23432

Plugin:: Altima Lookbook Free for WooCommerce
Plugin Slug:: altima-lookbook-free-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23429

Plugin:: amr personalise
Plugin Slug:: amr-personalise
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23880

Plugin:: Annie
Plugin Slug:: annie
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23884

Plugin:: Annie
Plugin Slug:: annie
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23886

Plugin:: Anonymize Links
Plugin Slug:: anonymize-links
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23702

Plugin:: AnyRoad
Plugin Slug:: anyguide
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23996

Plugin:: Apply with LinkedIn buttons
Plugin Slug:: apply-with-linkedin-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23897

Plugin:: Apply with LinkedIn buttons
Plugin Slug:: apply-with-linkedin-buttons
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23898

Plugin:: Auphonic Importer
Plugin Slug:: auphonic-importer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23649

Plugin:: Auto FTP
Plugin Slug:: auto-ftp
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23793

Plugin:: Background animation blocks
Plugin Slug:: background-animation-blocks
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23948

Plugin:: Background Control
Plugin Slug:: background-control
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22784

Plugin:: Better Protected Pages
Plugin Slug:: better-protected-pages
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23875

Plugin:: Bible Embed
Plugin Slug:: bible-embed
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23513

Plugin:: Bit.ly linker
Plugin Slug:: bitly-linker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23674

Plugin:: BizLibrary
Plugin Slug:: bizlibrary
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23580

Plugin:: Blog Summary
Plugin Slug:: blog-summary
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23887

Plugin:: Blogger Image Import
Plugin Slug:: blogger-image-import
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23689

Plugin:: Blrt WP Embed
Plugin Slug:: blrt-wp-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23507

Plugin:: Blue Wrench Video Widget
Plugin Slug:: blue-wrench-videos-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23809

Plugin:: Board Election
Plugin Slug:: board-election
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23499

Plugin:: Bonjour Bar
Plugin Slug:: bonjour-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22262

Plugin:: Book a Place
Plugin Slug:: book-a-place
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23690

Plugin:: Bookalet
Plugin Slug:: bookalet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23899

Plugin:: Brizy Pro
Plugin Slug:: brizy-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22763

Plugin:: Calendi
Plugin Slug:: calendi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23606

Plugin:: Call me Now
Plugin Slug:: call-me-now
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23745

Plugin:: Call To Action Popup
Plugin Slug:: call-to-action-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23605

Plugin:: CAMOO SMS
Plugin Slug:: camoo-sms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23607

Plugin:: Captchelfie � Captcha by Selfie
Plugin Slug:: captchelfie-captcha-by-selfie
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23620

Plugin:: Car Demon
Plugin Slug:: car-demon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13334

Plugin:: Category D3 Tree
Plugin Slug:: category-d3-tree
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23873

Plugin:: Category Custom Fields
Plugin Slug:: categorycustomfields
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23822

Plugin:: CC Circle Progress Bar
Plugin Slug:: cc-circle-progress-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23936

Plugin:: Contact Form 7 � CCAvenue Add-on
Plugin Slug:: cf7-cc-avenue-add-on
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23623

Plugin:: Charity-thermometer
Plugin Slug:: charitydonation-thermometer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23860

Plugin:: Chatter
Plugin Slug:: chatter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23760

Plugin:: Chess Tempo Viewer
Plugin Slug:: chesstempoviewer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23868

Plugin:: CJ Custom Content
Plugin Slug:: cj-custom-content
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23869

Plugin:: CMC MIGRATE
Plugin Slug:: cmc-migrate
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23746

Plugin:: CNZZ&51LA for WordPress
Plugin Slug:: cnzz51la-for-wordpress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23823

Plugin:: Comment-Emailer
Plugin Slug:: comment-emailer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23627

Plugin:: HyperComments
Plugin Slug:: comments-with-hypercommentscom
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23509

Plugin:: Compare Ninja
Plugin Slug:: compare-ninja-comparison-tables
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23909

Plugin:: Contact Form 7 Anti Spambot
Plugin Slug:: contact-form-7-anti-spambot
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23862

Plugin:: Contact Form 7 Round Robin Lead Distribution
Plugin Slug:: contact-form-7-round-robin-lead-distribution
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23812

Plugin:: Contact Form 7 Round Robin Lead Distribution
Plugin Slug:: contact-form-7-round-robin-lead-distribution
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23784

Plugin:: Contact Form Master � by Edmon
Plugin Slug:: contact-form-master
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12587

Plugin:: Content Mirror
Plugin Slug:: content-mirror
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23769

Plugin:: Content Planner
Plugin Slug:: content-planner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23631

Plugin:: Content Security Policy Pro
Plugin Slug:: content-security-policy-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23820

Plugin:: ContentOptin Lite
Plugin Slug:: contentoptin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23589

Plugin:: Cookie Consent & Autoblock for GDPR/CCPA
Plugin Slug:: cookie-consent-autoblock
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23501

Plugin:: Copy Move Posts
Plugin Slug:: copy-move-posts
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23764

Plugin:: Copyright Safeguard Footer Notice
Plugin Slug:: copyright-safeguard-footer-notice
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23870

Plugin:: Custom CSS Addons
Plugin Slug:: css-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23578

Plugin:: Custom List Table Example
Plugin Slug:: custom-list-table-example
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23808

Plugin:: Custom Post
Plugin Slug:: custom-post-type-gui
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23566

Plugin:: Custom Post Type Lockdown
Plugin Slug:: custom-post-type-lockdown
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23530

Plugin:: Custom Widget Classes
Plugin Slug:: custom-widget-classes
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23844

Plugin:: Customizable Captcha and Contact Us
Plugin Slug:: customizable-captcha-and-contact-us-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23503

Plugin:: Cyber Slider
Plugin Slug:: cyber-new-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23630

Plugin:: Daily Proverb
Plugin Slug:: daily-proverb
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23859

Plugin:: Database Sync
Plugin Slug:: database-sync
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23486

Plugin:: DD Roles
Plugin Slug:: dd-roles
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23528

Plugin:: Debt Calculator
Plugin Slug:: debt-calculator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23861

Plugin:: Debug Tool
Plugin Slug:: debug-tool
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23684

Plugin:: DF Draggable
Plugin Slug:: df-draggable
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23708

Plugin:: dForms
Plugin Slug:: dforms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23592

Plugin:: WordPress Local SEO
Plugin Slug:: dh-local-seo
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-23931

Plugin:: REAL WordPress Sidebar
Plugin Slug:: drag-and-drop-custom-sidebar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23535

Plugin:: EU DSGVO Helper
Plugin Slug:: dsgvo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23866

Plugin:: Easy Automatic Newsletter Lite
Plugin Slug:: easy-automatic-newsletter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23879

Plugin:: Easy Code Snippets
Plugin Slug:: easy-code-snippets
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23780

Plugin:: Easy EU Cookie law
Plugin Slug:: easy-eu-cookie-law
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23434

Plugin:: Easy FAQs
Plugin Slug:: easy-faqs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23795

Plugin:: Easy Filtering
Plugin Slug:: easy-filtering
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23732

Plugin:: Easy Portfolio
Plugin Slug:: easy-portfolio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23796

Plugin:: Post-to-Post Links
Plugin Slug:: easy-post-to-post-links
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23878

Plugin:: Easy Real Estate
Plugin Slug:: easy-real-estate
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32555

Plugin:: Easy Shortcode Buttons
Plugin Slug:: easy-shortcode-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23825

Plugin:: Easy Tweet Embed
Plugin Slug:: easy-tweet-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23890

Plugin:: Easy Tynt
Plugin Slug:: easy-tynt
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23445

Plugin:: ECT Add to Cart Button
Plugin Slug:: ect-add-to-cart-button
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23471

Plugin:: EditionGuard for WooCommerce � eBook Sales with DRM
Plugin Slug:: editionguard-for-woocommerce-ebook-sales-with-drm
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23452

Plugin:: EELV Newsletter
Plugin Slug:: eelv-newsletter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23602

Plugin:: Email Capture & Lead Generation
Plugin Slug:: email-capture-lead-generation
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23929

Plugin:: Email on Publish
Plugin Slug:: email-on-publish
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23673

Plugin:: EmailShroud
Plugin Slug:: emailshroud
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23456

Plugin:: iSpring Embedder
Plugin Slug:: embed-ispring
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-23922

Plugin:: Enhanced YouTube Shortcode
Plugin Slug:: enhanced-youtube-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23946

Plugin:: Error Notification
Plugin Slug:: error-notification
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23902

Plugin:: Event Countdown Timer Plugin by TechMix
Plugin Slug:: event-countdown-timer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23699

Plugin:: Event Registration Calendar By vcita
Plugin Slug:: event-registration-calendar-by-vcita
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11870

Plugin:: Explara Membership
Plugin Slug:: explara-membership
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23583

Plugin:: Explore pages
Plugin Slug:: explore-pages
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23563

Plugin:: Extra Options � Favicons
Plugin Slug:: extra-options-favicons
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23508

Plugin:: EZPlayer
Plugin Slug:: ezplayer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23950

Plugin:: Fast Tube
Plugin Slug:: fast-tube
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23770

Plugin:: FAT Event Lite
Plugin Slug:: fat-event-lite
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23915

Plugin:: FAT Event Lite
Plugin Slug:: fat-event-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22718

Plugin:: Feedburner Optin Form
Plugin Slug:: feedburner-optin-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23925

Plugin:: Find Your Reps
Plugin Slug:: find-your-reps
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23557

Plugin:: Flexible Blogtitle
Plugin Slug:: flexible-blogtitle
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23846

Plugin:: Floatbox Plus
Plugin Slug:: floatbox-plus
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23617

Plugin:: Flying Twitter Birds
Plugin Slug:: flying-twitter-birds
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23710

Plugin:: FontAwesome.io ShortCodes
Plugin Slug:: fontawesomeio-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23824

Plugin:: Formatted post
Plugin Slug:: formatted-post
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23709

Plugin:: FP RSS Category Excluder
Plugin Slug:: fp-rss-category-excluder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23679

Plugin:: FWD Slider
Plugin Slug:: fwd-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23462

Plugin:: GDPR Personal Data Reports
Plugin Slug:: gdpr-personal-data-reports
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23777

Plugin:: GDReseller
Plugin Slug:: gdreseller
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23567

Plugin:: Genki Announcement
Plugin Slug:: genki-announcement
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23900

Plugin:: Geotagged Media
Plugin Slug:: geotagged-media
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23558

Plugin:: Multi Uploader for Gravity Forms
Plugin Slug:: gf-multi-uploader
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-23921

Plugin:: Giveaways and Contests by PromoSimple
Plugin Slug:: giveaways-contests-by-promosimple
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23934

Plugin:: Glofox Shortcodes
Plugin Slug:: glofox-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12508

Plugin:: GMap Shortcode
Plugin Slug:: gmap-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23893

Plugin:: GMAPS for WPBakery Page Builder Free
Plugin Slug:: gmaps-for-visual-composer-free
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23775

Plugin:: go Social
Plugin Slug:: go-social
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23426

Plugin:: Goldstar
Plugin Slug:: goldstar
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23962

Plugin:: Good Old Gallery
Plugin Slug:: good-old-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23959

Plugin:: WordPress Google Map Professional
Plugin Slug:: google-map-professional
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23913

Plugin:: Google Org Chart
Plugin Slug:: google-org-chart
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23928

Plugin:: WordPress Graphs & Charts
Plugin Slug:: graph-lite
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23961

Plugin:: GravatarLocalCache
Plugin Slug:: gravatarlocalcache
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23901

Plugin:: Greek Namedays Widget From Eortologio.Net
Plugin Slug:: greek-namedays-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23783

Plugin:: Group category creator
Plugin Slug:: group-category-creator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23603

Plugin:: Hack me if you can
Plugin Slug:: hack-me-if-you-can
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23713

Plugin:: History timeline
Plugin Slug:: history-timeline
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23475

Plugin:: Horizontal Line Shortcode
Plugin Slug:: horizontal-line-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23791

Plugin:: Hotspots Analytics
Plugin Slug:: hotspots
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23848

Plugin:: HTTP to HTTPS link changer by Eyga.net
Plugin Slug:: https-links-in-content
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23677

Plugin:: Gallery: Hybrid � Advanced Visual Gallery
Plugin Slug:: hybrid-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23951

Plugin:: CtyGrid Hyp3rL0cal Search
Plugin Slug:: hyp3rl0cal-city-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23695

Plugin:: Image Gallery Box by CRUDLab
Plugin Slug:: image-gallery-box-by-crudlab
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23938

Plugin:: Image Switcher
Plugin Slug:: image-switcher
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23939

Plugin:: Image Switcher
Plugin Slug:: image-switcher
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23940

Plugin:: imaGenius
Plugin Slug:: imagenius
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23772

Plugin:: Import Users to MailChimp
Plugin Slug:: import-users-to-mailchimp
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23675

Plugin:: Improved Sale Badges � Free Version
Plugin Slug:: improved-sale-badges-free-version
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23949

Plugin:: Incredible Font Awesome
Plugin Slug:: incredible-font-awesome
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23927

Plugin:: InFunding
Plugin Slug:: infunding
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23768

Plugin:: Instant Appointment
Plugin Slug:: instant-appointment
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23672

Plugin:: Interactive Page Hierarchy
Plugin Slug:: interactive-page-hierarchy
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23615

Plugin:: JB Horizontal Scroller News Ticker
Plugin Slug:: jb-horizontal-scroller-news-ticker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23830

Plugin:: Jet Skinner for BuddyPress
Plugin Slug:: jet-skinner-for-buddypress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23706

Plugin:: Kapost
Plugin Slug:: kapost-byline
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23712

Plugin:: Kopa Nictitate Toolkit
Plugin Slug:: kopa-nictitate-toolkit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23965

Plugin:: Len Slider
Plugin Slug:: len-slider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23810

Plugin:: LH Email
Plugin Slug:: lh-email
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23676

Plugin:: LH Login Page
Plugin Slug:: lh-login-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23547

Plugin:: Lime Developer Login
Plugin Slug:: lime-developer-login
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23701

Plugin:: LocalGrid
Plugin Slug:: localgrid
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23678

Plugin:: Loginplus
Plugin Slug:: loginplus
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23514

Plugin:: LSD Google Maps Embedder
Plugin Slug:: lsd-google-maps-embedder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23871

Plugin:: MACME
Plugin Slug:: macme
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23683

Plugin:: Magic Google Maps
Plugin Slug:: magic-google-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23935

Plugin:: Free MailClient FMC
Plugin Slug:: mailclient
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23703

Plugin:: Mapbox for WP Advanced
Plugin Slug:: mapbox-for-wp-advanced
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22772

Plugin:: Mark Posts
Plugin Slug:: mark-posts
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23963

Plugin:: Marmoset Viewer
Plugin Slug:: marmoset-viewer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23767

Plugin:: Marquee Style RSS News Ticker
Plugin Slug:: marquee-style-rss-news-ticker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23424

Plugin:: Mass Custom Fields Manager
Plugin Slug:: mass-custom-fields-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23430

Plugin:: Mass Messaging in BuddyPress
Plugin Slug:: mass-messaging-in-buddypress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23798

Plugin:: MD Custom content after or before of post
Plugin Slug:: md-custom-content
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23463

Plugin:: MDC YouTube Downloader
Plugin Slug:: mdc-youtube-downloader
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23639

Plugin:: MeinTurnierplan.de Widget Viewer
Plugin Slug:: meinturnierplande-widget-viewer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23941

Plugin:: MemeOne
Plugin Slug:: memeone
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23559

Plugin:: Menus Plus+
Plugin Slug:: menus-plus
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23910

Plugin:: MercadoLibre Integration
Plugin Slug:: mercadolibre-integration
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23659

Plugin:: MFPlugin
Plugin Slug:: mfplugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23660

Plugin:: MHR-Custom-Anti-Copy
Plugin Slug:: mhr-custom-anti-copy
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23817

Plugin:: Mindmeister Shortcode
Plugin Slug:: mindmeister-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23896

Plugin:: More Link Modifier
Plugin Slug:: more-link-modifier
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23818

Plugin:: WP VTiger Synchronization
Plugin Slug:: msstiger
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23455

Plugin:: Metaphor Widgets
Plugin Slug:: mtphr-widgets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23816

Plugin:: Muzaara Google Ads Report
Plugin Slug:: muzaara-adwords-optimize-dashboard
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-23914

Plugin:: my-related-posts
Plugin Slug:: my-related-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23476

Plugin:: MyAnime Widget
Plugin Slug:: myanime-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23532

Plugin:: mybb Last Topics
Plugin Slug:: mybb-last-topics
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23749

Plugin:: MyBookProgress by Stormhill Media
Plugin Slug:: mybookprogress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12598

Plugin:: Nativery
Plugin Slug:: nativery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22781

Plugin:: Nite Shortcodes
Plugin Slug:: nite-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23877

Plugin:: NV Slider
Plugin Slug:: nv-slider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23661

Plugin:: OrangeBox
Plugin Slug:: orangebox
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23800

Plugin:: Password Protect Plugin for WordPress
Plugin Slug:: password-protect-plugin-for-wordpress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23435

Plugin:: Pastebin
Plugin Slug:: pastebin-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23908

Plugin:: PayForm
Plugin Slug:: payform
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23872

Plugin:: PayPal Marketing Solutions
Plugin Slug:: paypal-promotions-and-insights
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23930

Plugin:: PDF.js Shortcode
Plugin Slug:: pdfjs-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23943

Plugin:: Powie’s pLinks PagePeeker
Plugin Slug:: plinks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23641

Plugin:: Pod?l�nkov� inzerce
Plugin Slug:: podclankova-inzerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23697

Plugin:: Pootle button
Plugin Slug:: pootle-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23758

Plugin:: Popliup
Plugin Slug:: popliup
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23945

Plugin:: Post & Page Notes
Plugin Slug:: post-page-notes
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23715

Plugin:: PPO Call To Actions
Plugin Slug:: ppo-call-to-actions
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-24001

Plugin:: Preloader Quotes
Plugin Slug:: preloader-quotes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23682

Plugin:: Progress Tracker
Plugin Slug:: progress-tracker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23892

Plugin:: QR Code Generator
Plugin Slug:: qrcode-wprhe
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23831

Plugin:: Quick Count
Plugin Slug:: quick-count
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-23932

Plugin:: quote-posttype-plugin
Plugin Slug:: quote-post-type-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13386

Plugin:: QuoteMedia Tools
Plugin Slug:: quotemedia-tools
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23644

Plugin:: ReadMe Creator
Plugin Slug:: readme-creator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23643

Plugin:: Realty Workstation
Plugin Slug:: realty-workstation
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23477

Plugin:: REDIRECTION PLUS
Plugin Slug:: redirection-plus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23681

Plugin:: User Sync ActiveCampaign
Plugin Slug:: registered-user-sync-activecampaign
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23778

Plugin:: Rezdy Reloaded
Plugin Slug:: reloaded-rezdy
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23604

Plugin:: Rename Author Slug
Plugin Slug:: rename-author-slug
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23640

Plugin:: Links/Problem Reporter
Plugin Slug:: report-broken-links
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23833

Plugin:: ResAds
Plugin Slug:: resads
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23779

Plugin:: Responsivity
Plugin Slug:: responsivity
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23548

Plugin:: Rio Photo Gallery
Plugin Slug:: rio-photo-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23597

Plugin:: Rollover Tab
Plugin Slug:: rollover-tab
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23863

Plugin:: root Cookie
Plugin Slug:: root-cookie
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23815

Plugin:: RSS Icon Widget
Plugin Slug:: rss-icon-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12203

Plugin:: RSS News Scroller
Plugin Slug:: rss-news-scroller
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23467

Plugin:: RSV GMaps
Plugin Slug:: rsv-google-maps
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23665

Plugin:: Salvador � AI Image Generator
Plugin Slug:: salvador-ai-image-generator
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23954

Plugin:: Scroll Top Advanced
Plugin Slug:: scroll-top-advanced
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23444

Plugin:: Secure CAPTCHA
Plugin Slug:: secure-captcha
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23693

Plugin:: Real Seguro Viagem
Plugin Slug:: seguro-viagem
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23664

Plugin:: Send to a Friend Addon
Plugin Slug:: send-booking-invites-to-friends
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23600

Plugin:: Send to Twitter
Plugin Slug:: send-to-twitter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23691

Plugin:: SOCIAL.NINJA
Plugin Slug:: seo-meta
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23907

Plugin:: SexBundle
Plugin Slug:: sexbundle
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23551

Plugin:: Shabbos and Yom Tov
Plugin Slug:: shabbos-and-yom-tov
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23694

Plugin:: Shockingly Big IE6 Warning
Plugin Slug:: shockingly-big-ie6-warning
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23442

Plugin:: Shortcode in Comment
Plugin Slug:: shortcode-in-comment
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23569

Plugin:: Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com
Plugin Slug:: shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23854

Plugin:: Sidebar-Content from Shortcode
Plugin Slug:: sidebar-content-from-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23642

Plugin:: Simple Custom post type custom field
Plugin Slug:: simple-content-construction-kit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23500

Plugin:: Simple Project Manager
Plugin Slug:: simple-project-managment
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23497

Plugin:: Simple shortcode buttons
Plugin Slug:: simple-shortcode-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23449

Plugin:: Simple Vertical Timeline
Plugin Slug:: simple-vertical-timeline
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23856

Plugin:: Slides & Presentations
Plugin Slug:: slide
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23919

Plugin:: Slider for Writers
Plugin Slug:: slider-for-writers
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23692

Plugin:: Smallerik File Browser
Plugin Slug:: smallerik-file-browser
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-23918

Plugin:: Smooth Dynamic Slider
Plugin Slug:: smooth-dynamic-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23447

Plugin:: Cache Sniper for Nginx
Plugin Slug:: snipe-nginx-cache
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23776

Plugin:: Snippy
Plugin Slug:: snippy
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23803

Plugin:: Social Analytics
Plugin Slug:: social-analytics
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23743

Plugin:: Social Pug: Author Box
Plugin Slug:: social-pug-author-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22706

Plugin:: Social2Blog
Plugin Slug:: social2blog
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23461

Plugin:: Solidres � Hotel booking plugin
Plugin Slug:: solidres
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23911

Plugin:: Spiderpowa Embed PDF
Plugin Slug:: spiderpowa-embed-pdf
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23807

Plugin:: SEOReseller Partner
Plugin Slug:: sr-partner
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23805

Plugin:: Staging CDN
Plugin Slug:: staging-cdn
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23696

Plugin:: Stars SMTP Mailer
Plugin Slug:: stars-smtp-mailer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23453

Plugin:: Strx Magic Floating Sidebar Maker
Plugin Slug:: strx-magic-floating-sidebar-maker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23827

Plugin:: Style Admin
Plugin Slug:: style-admin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23801

Plugin:: Sur.ly
Plugin Slug:: surly
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23957

Plugin:: Tab My Content
Plugin Slug:: tab-my-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23601

Plugin:: Tagesteller
Plugin Slug:: tagesteller
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23609

Plugin:: Team 118GROUP Agent
Plugin Slug:: team-118group-agent
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23512

Plugin:: Theme My Ontraport Smartform
Plugin Slug:: theme-my-ontraport-smartform
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23717

Plugin:: Top Flash Embed
Plugin Slug:: top-flash-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23841

Plugin:: Track Page Scroll
Plugin Slug:: track-page-scroll
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23536

Plugin:: Translation.Pro
Plugin Slug:: translation-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23498

Plugin:: ts-tree
Plugin Slug:: ts-tree
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23515

Plugin:: Twitter Bootstrap Collapse aka Accordian Shortcode
Plugin Slug:: twitter-bootstrap-collapse-aka-accordian-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22743

Plugin:: Twitter Shortcode
Plugin Slug:: twitter-shortcode
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23618

Plugin:: Twitter Post
Plugin Slug:: twitterpost
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23654

Plugin:: Ultimate Events
Plugin Slug:: ultimate-events
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23610

Plugin:: Ultimate Subscribe
Plugin Slug:: ultimate-subscribe
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23806

Plugin:: Unique UX
Plugin Slug:: unique-ux
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23625

Plugin:: Universal Analytics Injector
Plugin Slug:: universal-analytics-injector
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23483

Plugin:: UpDownUpDown
Plugin Slug:: updownupdown-postcomment-voting
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23572

Plugin:: user files
Plugin Slug:: user-files
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-23953

Plugin:: Utilities for MTG
Plugin Slug:: utilities-for-mtg
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13433

Plugin:: Nature FlipBook
Plugin Slug:: vertical-diamond-flipbook-flash
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23454

Plugin:: ViewMedica 9
Plugin Slug:: viewmedica
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13394

Plugin:: Visit Site Link enhanced
Plugin Slug:: visit-site-link-enhanced
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23470

Plugin:: W3SPEEDSTER
Plugin Slug:: w3speedster-wp
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23765

Plugin:: WCS QR Code Generator
Plugin Slug:: wcs-qr-code-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23864

Plugin:: Weaver Themes Shortcode Compatibility
Plugin Slug:: weaver-themes-shortcode-compatibility
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22267

Plugin:: Web Push
Plugin Slug:: web-push
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23720

Plugin:: Web Testimonials
Plugin Slug:: web-testimonials
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23560

Plugin:: WH Cache & Security
Plugin Slug:: wh-cache-and-security
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23611

Plugin:: Wibstats
Plugin Slug:: wibstats-statistics-for-wordpress-mu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23565

Plugin:: Winning Portfolio
Plugin Slug:: winning-portfolio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23865

Plugin:: WM Options Import Export
Plugin Slug:: wm-options-import-export
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23781

Plugin:: Woo Tuner
Plugin Slug:: woo-tuner
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23761

Plugin:: WooCommerce Order Search
Plugin Slug:: woocommerce-order-searching
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23495

Plugin:: WOOEXIM
Plugin Slug:: wooexim
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23944

Plugin:: Word Freshener
Plugin Slug:: word-freshener
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23577

Plugin:: WordPress Custom Sidebar
Plugin Slug:: wordpress-custom-sidebar
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23912

Plugin:: WordPress Data Guard
Plugin Slug:: wordpress-data-guards
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23828

Plugin:: WordPress Gallery Plugin
Plugin Slug:: wordpress-gallery-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23842

Plugin:: WordPress Logging Service
Plugin Slug:: wordpress-logging-service
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23510

Plugin:: WP All Import Pro
Plugin Slug:: wp-all-import-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8722

Plugin:: wp_amaps
Plugin Slug:: wp-amaps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23794

Plugin:: WP-Announcements
Plugin Slug:: wp-announcements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23489

Plugin:: WP Background Tile
Plugin Slug:: wp-background-tile
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23573

Plugin:: WP-BlackCheck
Plugin Slug:: wp-blackcheck
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23511

Plugin:: WP Block Pack
Plugin Slug:: wp-block-pack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23874

Plugin:: WP Bulletin Board
Plugin Slug:: wp-bulletin-board
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22776

Plugin:: WP Cookies Alert
Plugin Slug:: wp-cookies-alert
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23821

Plugin:: WP Custom Google Search
Plugin Slug:: wp-custom-google-search
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23698

Plugin:: WP Download Codes
Plugin Slug:: wp-download-codes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23882

Plugin:: WP FixTag
Plugin Slug:: wp-fixtag
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23564

Plugin:: WP IMAP Auth
Plugin Slug:: wp-imap-authentication
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23506

Plugin:: WP Intro.JS
Plugin Slug:: wp-intro-js-tours
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23576

Plugin:: WP krpano
Plugin Slug:: wp-krpano
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23876

Plugin:: Lijit Search
Plugin Slug:: wp-lijit-wijit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22778

Plugin:: WP Load Gallery
Plugin Slug:: wp-load-gallery
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-23942

Plugin:: WP Meetup
Plugin Slug:: wp-meetup
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23916

Plugin:: WP News Sliders
Plugin Slug:: wp-news-sliders
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22779

Plugin:: WP Options Editor
Plugin Slug:: wp-options-editor
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-23797

Plugin:: wp-pano
Plugin Slug:: wp-pano
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-22780

Plugin:: WP Panoramio
Plugin Slug:: wp-panoramio
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23662

Plugin:: WP Photo Sphere
Plugin Slug:: wp-photo-sphere
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23924

Plugin:: WP-Player
Plugin Slug:: wp-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23947

Plugin:: WP PT-Viewer
Plugin Slug:: wp-ptviewer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23438

Plugin:: WP-Revive Adserver
Plugin Slug:: wp-revive-adserver
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23802

Plugin:: Wp-Scribd-List
Plugin Slug:: wp-scribd-list
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23436

Plugin:: SendGrid for WordPress
Plugin Slug:: wp-sendgrid-mailer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23423

Plugin:: WP Service Payment Form With Authorize.net
Plugin Slug:: wp-service-payment-form-with-authorizenet
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23804

Plugin:: WP2APP
Plugin Slug:: wp2appir
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23811

Plugin:: WPDB to Sql
Plugin Slug:: wpdb-to-sql
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23774

Plugin:: WpF Ultimate Carousel
Plugin Slug:: wpf-ultimate-carousel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23933

Plugin:: WordPress File Search
Plugin Slug:: wpfilesearch
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23867

Plugin:: WP Journal
Plugin Slug:: wpjournal
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23613

Plugin:: WP Lyrics
Plugin Slug:: wplyrics
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23533

Plugin:: XLSXviewer
Plugin Slug:: xlsx-viewer
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23562

Plugin:: Xola
Plugin Slug:: xola-bookings-for-tours-activities
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23955

Plugin:: Yet Another Countdown
Plugin Slug:: yacp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23891

Plugin:: yCyclista
Plugin Slug:: ycyclista
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23700

Plugin:: Zarinpal Paid Download
Plugin Slug:: zarinpal-paid-downloads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22766

Plugin:: UpdraftPlus: WP Backup & Migration Plugin
Plugin Slug:: updraftplus
Installations: 3,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.25.1
Severity Score:: High
CVE:: 2025-0215

Plugin:: W3 Total Cache
Plugin Slug:: w3-total-cache
Installations: 1,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-12008

Plugin:: W3 Total Cache
Plugin Slug:: w3-total-cache
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-12006

Plugin:: W3 Total Cache
Plugin Slug:: w3-total-cache
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-12365

Plugin:: Page Builder by SiteOrigin
Plugin Slug:: siteorigin-panels
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.31.1
Severity Score:: Medium
CVE:: 2024-12240

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1007
Severity Score:: High
CVE:: 2025-0393

Plugin:: Ultimate Member � User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.9.2
Severity Score:: Medium
CVE:: 2025-0318

Plugin:: Ultimate Member � User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.9.2
Severity Score:: Critical
CVE:: 2025-0308

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.14
Severity Score:: Medium
CVE:: 2024-13215

Plugin:: Advanced File Manager � Ultimate WordPress File Manager and Document Library Plugin
Plugin Slug:: file-manager-advanced
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.2.14
Severity Score:: High
CVE:: 2024-13333

Plugin:: NitroPack � Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN
Plugin Slug:: nitropack
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.17.6
Severity Score:: Medium
CVE:: 2024-11848

Plugin:: Widget Options � The #1 WordPress Widget & Block Control Plugin
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.9
Severity Score:: Medium
CVE:: 2025-22722

Plugin:: List category posts
Plugin Slug:: list-category-posts
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.90.3
Severity Score:: Medium
CVE:: 2024-9020

Plugin:: Email Subscribers by Icegram Express � Affordable, Powerful Email Marketing for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.45
Severity Score:: Medium
CVE:: 2024-11636

Plugin:: Kubio AI Page Builder
Plugin Slug:: kubio
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.0
Severity Score:: High
CVE:: 2024-13516

Plugin:: WP ULike � All-in-One Engagement Toolkit
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.7
Severity Score:: Medium
CVE:: 2025-22738

Plugin:: WP Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.9.3
Severity Score:: Medium
CVE:: 2024-13323

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-13517

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.33
Severity Score:: Medium
CVE:: 2024-10775

Plugin:: Post Grid and Gutenberg Blocks � ComboBlocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.3.4
Severity Score:: Critical
CVE:: 2024-9636

Plugin:: HTML5 Video Player � mp4 Video Player Plugin and Block
Plugin Slug:: html5-video-player
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.36
Severity Score:: Medium
CVE:: 2024-13156

Plugin:: Social Share, Social Login and Social Comments Plugin � Super Socializer
Plugin Slug:: super-socializer
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.14.1
Severity Score:: Medium
CVE:: 2024-13230

Plugin:: VOD Infomaniak
Plugin Slug:: vod-infomaniak
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.10
Severity Score:: Medium
CVE:: 2025-22729

Plugin:: Appointment Booking Calendar Plugin and Scheduling Plugin � BookingPress
Plugin Slug:: bookingpress-appointment-booking
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.23
Severity Score:: Medium
CVE:: 2024-12274

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.3
Severity Score:: High
CVE:: 2024-13404

Plugin:: Multi Step Form
Plugin Slug:: multi-step-form
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.24
Severity Score:: Medium
CVE:: 2024-12427

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.13.8
Severity Score:: Critical
CVE:: 2024-12919

Plugin:: WooCommerce Advanced Bulk Edit Products, Orders, Coupons, Any WordPress Post Type � Smart Manager
Plugin Slug:: smart-manager-for-wp-e-commerce
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 8.53.0
Severity Score:: High
CVE:: 2025-22710

Plugin:: Payment Button for PayPal
Plugin Slug:: wp-paypal
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3.36
Severity Score:: Medium
CVE:: 2024-13401

Plugin:: WP User Profile Avatar
Plugin Slug:: wp-user-profile-avatar
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2024-10789

Plugin:: Motors � Car Dealer, Classifieds & Listing
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 9,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 1.4.44
Severity Score:: Medium
CVE:: 2024-10970

Plugin:: WP Hotel Booking
Plugin Slug:: wp-hotel-booking
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-12370

Plugin:: Proofreading
Plugin Slug:: proofreading
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2024-12466

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.7
Severity Score:: High
CVE:: 2025-22786

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.0
Severity Score:: Medium
CVE:: 2025-0554

Plugin:: Button Block � Get fully customizable & multi-functional buttons
Plugin Slug:: button-block
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2025-22787

Plugin:: ApplyOnline � Application Form Builder and Manager
Plugin Slug:: apply-online
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.7.2
Severity Score:: Medium
CVE:: 2025-22721

Plugin:: MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder
Plugin Slug:: mailchimp-subscribe-sm
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2
Severity Score:: Medium
CVE:: 2025-22727

Plugin:: Tag Groups is the Advanced Way to Display Your Taxonomy Terms
Plugin Slug:: tag-groups
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.5
Severity Score:: High
CVE:: 2025-22735

Plugin:: Eventer
Plugin Slug:: eventer
Installations: 2,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 3.9.8
Severity Score:: Medium
CVE:: 2024-10799

Plugin:: Flexible PDF Coupons � Gift Cards & Vouchers for WooCommerce
Plugin Slug:: flexible-coupons
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.10.3
Severity Score:: Medium
CVE:: 2025-22825

Plugin:: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner � Groundhogg
Plugin Slug:: groundhogg
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.7.3.6
Severity Score:: Critical
CVE:: 2025-0394

Plugin:: Htaccess File Editor � Easily Edit, Backup, Restore .htaccess file
Plugin Slug:: htaccess-file-editor
Installations: 2,000+
Vulnerability:: Broken Authentication
Patched in Version:: 1.0.20
Severity Score:: Medium
CVE:: 2025-22773

Plugin:: Image Source Control Lite � Show Image Credits and Captions
Plugin Slug:: image-source-control-isc
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.29.1
Severity Score:: High
CVE:: 2025-22711

Plugin:: Image Source Control Lite � Show Image Credits and Captions
Plugin Slug:: image-source-control-isc
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.28.1
Severity Score:: High
CVE:: 2024-13515

Plugin:: Barcode Scanner (+Mobile App) � Inventory manager, Order fulfillment system, POS (Point of Sale)
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.7.0
Severity Score:: Critical
CVE:: 2025-22723

Plugin:: Checkout for PayPal
Plugin Slug:: checkout-for-paypal
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.33
Severity Score:: Medium
CVE:: 2024-13398

Plugin:: MarketKing � Ultimate WooCommerce Multivendor Marketplace Solution
Plugin Slug:: marketking-multivendor-marketplace-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-13519

Plugin:: Social proof testimonials and reviews by Repuso
Plugin Slug:: social-testimonials-and-reviews-widget
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.21
Severity Score:: Medium
CVE:: 2024-13351

Plugin:: WordPress Tour & Travel Booking Plugin for WooCommerce � WpTravelly
Plugin Slug:: tour-booking-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.6
Severity Score:: Medium
CVE:: 2025-22737

Plugin:: WP Inventory Manager
Plugin Slug:: wp-inventory-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.3
Severity Score:: High
CVE:: 2024-13434

Plugin:: The Ultimate WordPress Toolkit � WP Extended
Plugin Slug:: wpextended
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.0.13
Severity Score:: Critical
CVE:: 2024-13184

Plugin:: My Tickets � Accessible Event Ticketing
Plugin Slug:: my-tickets
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.10
Severity Score:: High
CVE:: 2025-22717

Plugin:: Taskbuilder � WordPress Project & Task Management plugin
Plugin Slug:: taskbuilder
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 3.0.7
Severity Score:: High
CVE:: 2025-22716

Plugin:: FireCask Like & Share Button
Plugin Slug:: facebook-like-send-button
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-11226

Plugin:: My auctions allegro
Plugin Slug:: my-auctions-allegro-free-edition
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.19
Severity Score:: High
CVE:: 2025-22733

Plugin:: Verge3D Publishing and E-Commerce
Plugin Slug:: verge3d
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.1
Severity Score:: High
CVE:: 2025-22709

Plugin:: PDF for WPForms + Drag and Drop Template Builder
Plugin Slug:: pdf-for-wpforms
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.0
Severity Score:: Medium
CVE:: 2024-12593

Plugin:: Simple:Press Forum
Plugin Slug:: simplepress
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.10.11
Severity Score:: High

Plugin:: VikAppointments Services Booking Calendar
Plugin Slug:: vikappointments
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.17
Severity Score:: High
CVE:: 2025-22719

Plugin:: Admin and Customer Messages After Order for WooCommerce: OrderConvo
Plugin Slug:: admin-and-client-message-after-order-for-woocommerce
Installations: 400+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 13.3
Severity Score:: Medium
CVE:: 2024-13355

Plugin:: Chamber Dashboard Business Directory
Plugin Slug:: chamber-dashboard-business-directory
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.11
Severity Score:: Medium
CVE:: 2025-23917

Plugin:: Chamber Dashboard Business Directory
Plugin Slug:: chamber-dashboard-business-directory
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.10
Severity Score:: Medium
CVE:: 2024-11452

Plugin:: Picture Gallery � Frontend Image Uploads, AJAX Photo List
Plugin Slug:: picture-gallery
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.23
Severity Score:: Medium
CVE:: 2024-12696

Plugin:: Stop Comment Spam
Plugin Slug:: stop-comment-spam
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.5.4
Severity Score:: High
CVE:: 2025-23826

Plugin:: WP Smart TV
Plugin Slug:: wp-smart-tv
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-12818

Plugin:: ShipWorks Connector for Woocommerce
Plugin Slug:: shipworks-e-commerce-bridge
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2.6
Severity Score:: Medium
CVE:: 2024-13317

Plugin:: turboSMTP
Plugin Slug:: turbosmtp
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7
Severity Score:: High
CVE:: 2025-22753

Plugin:: aDirectory � WordPress Directory Listing Plugin
Plugin Slug:: adirectory
Installations: 200+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.9
Severity Score:: High

Plugin:: Build Private Store For Woocommerce
Plugin Slug:: build-private-store-for-woocommerce
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2025-22731

Plugin:: Awesome Responsive Photo Gallery � Image & Video Lightbox Gallery
Plugin Slug:: awesome-responsive-photo-gallery
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1
Severity Score:: High
CVE:: 2024-12403

Plugin:: Evergreen Content Poster � Auto Post and Schedule Your Best Content to Social Media
Plugin Slug:: evergreen-content-poster
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.5
Severity Score:: High
CVE:: 2024-12071

Plugin:: Moving Users
Plugin Slug:: moving-users
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.10
Severity Score:: Medium
CVE:: 2024-12637

Plugin:: Passwords Manager
Plugin Slug:: passwords-manager
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.1
Severity Score:: High
CVE:: 2024-12614

Plugin:: Passwords Manager
Plugin Slug:: passwords-manager
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.1
Severity Score:: High
CVE:: 2024-12615

Plugin:: Passwords Manager
Plugin Slug:: passwords-manager
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.1
Severity Score:: Critical
CVE:: 2024-12613

Plugin:: Video Share VOD � Turnkey Video Site Builder Script
Plugin Slug:: video-share-vod
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.32
Severity Score:: Medium
CVE:: 2024-13393

Plugin:: WP-BibTeX
Plugin Slug:: wp-bibtex
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.2
Severity Score:: High
CVE:: 2024-12005

Plugin:: Rate Star Review Vote � AJAX Reviews, Votes, Star Ratings
Plugin Slug:: rate-star-review
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.4
Severity Score:: Medium
CVE:: 2024-13392

Plugin:: MicroPayments � Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet
Plugin Slug:: paid-membership
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.30
Severity Score:: Medium
CVE:: 2024-13391