Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark blue gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � January 29, 2025

In this report, 234 vulnerabilities have been publicly disclosed. Security patches for 190 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 44 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

WordPress Plugins � 183 Patched / 42 Unpatched

Plugin:: Product Size Charts Plugin for WooCommerce
Plugin Slug:: woo-advanced-product-size-chart
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23991

Plugin:: Youzify � BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:: youzify
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13368

Plugin:: Youzify � BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:: youzify
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12113

Plugin:: Scroll Styler
Plugin Slug:: scroll-styler
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23990

Plugin:: Broadstreet
Plugin Slug:: broadstreet
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11825

Plugin:: Designer � Elementor Addons
Plugin Slug:: designer
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23987

Plugin:: Internal Link Builder
Plugin Slug:: internal-link-builder
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23989

Plugin:: Estatebud � Properties & Listings
Plugin Slug:: estatebud-properties-listings
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23994

Plugin:: Linear
Plugin Slug:: linear
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13709

Plugin:: 1003 Mortgage Application
Plugin Slug:: 1003-mortgage-application
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13536

Plugin:: ABC Notation
Plugin Slug:: abc-notation
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13550

Plugin:: Altra Side Menu
Plugin Slug:: altra-side-menu
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12774

Plugin:: Altra Side Menu
Plugin Slug:: altra-side-menu
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12773

Plugin:: AnyRoad
Plugin Slug:: anyguide
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-23996

Plugin:: Ask Me Anything (Anonymously)
Plugin Slug:: ask-me-anything-anonymously
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12512

Plugin:: Automate Hub
Plugin Slug:: automate-hub-free-by-sperse-io
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13683

Plugin:: Automate Hub
Plugin Slug:: automate-hub-free-by-sperse-io
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11377

Plugin:: BMLT Meeting Map
Plugin Slug:: bmlt-meeting-map
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12494

Plugin:: brodos.net Onlineshop Plugin
Plugin Slug:: brodos-net-onlineshop
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12529

Plugin:: Connections
Plugin Slug:: connections1
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12885

Plugin:: Dental Optimizer Patient Generator App
Plugin Slug:: dental-optimizer-patient-generator-app
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13052

Plugin:: Dyn Business Panel
Plugin Slug:: dyn-business-panel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13057

Plugin:: Dyn Business Panel
Plugin Slug:: dyn-business-panel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13055

Plugin:: Easy Real Estate
Plugin Slug:: easy-real-estate
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32555

Plugin:: Etsy Importer
Plugin Slug:: etsy-importer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12817

Plugin:: Fare Calculator
Plugin Slug:: fare-calculator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23982

Plugin:: FlashCounter
Plugin Slug:: flashcounter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23978

Plugin:: Post Title (TypeWriter)
Plugin Slug:: flashnews-typewriter-pearlbells
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-56012

Plugin:: Full Circle
Plugin Slug:: full-circle
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23980

Plugin:: Issuu Panel
Plugin Slug:: issuu-panel
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23976

Plugin:: Masy Gallery
Plugin Slug:: masy-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13586

Plugin:: NOTICE BOARD BY TOWKIR
Plugin Slug:: notice-board-by-towkir
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12816

Plugin:: WordPress SEO Friendly Accordion FAQ
Plugin Slug:: notice-faq
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13458

Plugin:: Post Carousel Slider
Plugin Slug:: post-carousel-slider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23977

Plugin:: Power Ups for Elementor
Plugin Slug:: power-ups-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13548

Plugin:: PPO Call To Actions
Plugin Slug:: ppo-call-to-actions
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-24001

Plugin:: SEO Blogger to WordPress Migration using 301 Redirection
Plugin Slug:: seo-blogger-to-wordpress-301-redirector
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13422

Plugin:: Social Share Buttons for WordPress
Plugin Slug:: share-buttons
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13117

Plugin:: WP All Import Pro
Plugin Slug:: wp-all-import-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8722

Plugin:: WP Contact Form7 Email Spam Blocker
Plugin Slug:: wp-contact-form7-email-spam-blocker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13467

Plugin:: WP Triggers Lite
Plugin Slug:: wp-triggers-lite
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13095

Plugin:: WP Triggers Lite
Plugin Slug:: wp-triggers-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13094

Plugin:: Really Simple Security � Simple and Performant Security (formerly Really Simple SSL)
Plugin Slug:: really-simple-ssl
Installations: 4,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.2.0
Severity Score:: Medium
CVE:: 2025-24623

Plugin:: Starter Templates � Elementor, WordPress & Beaver Builder Templates
Plugin Slug:: astra-sites
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.4.10
Severity Score:: Medium
CVE:: 2025-24568

Plugin:: Popup Maker � Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.20.3
Severity Score:: Medium
CVE:: 2025-24746

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.9.1
Severity Score:: Medium
CVE:: 2024-12118

Plugin:: Page Builder Gutenberg Blocks � CoBlocks
Plugin Slug:: coblocks
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2025-24751

Plugin:: ExactMetrics � Google Analytics Dashboard for WordPress (Website Stats Plugin)
Plugin Slug:: google-analytics-dashboard-for-wp
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.2.0
Severity Score:: Medium
CVE:: 2025-24750

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2025-24753

Plugin:: FluentSMTP � WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider
Plugin Slug:: fluent-smtp
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2025-24739

Plugin:: WP Go Maps (formerly WP Google Maps)
Plugin Slug:: wp-google-maps
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.0.41
Severity Score:: Medium
CVE:: 2025-24742

Plugin:: Call Now Button � The #1 Click to Call Button for WordPress
Plugin Slug:: call-now-button
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.14
Severity Score:: Medium
CVE:: 2025-24738

Plugin:: Page Builder: Pagelayer � Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.5
Severity Score:: Medium
CVE:: 2025-24573

Plugin:: Post Duplicator
Plugin Slug:: post-duplicator
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.36
Severity Score:: Medium
CVE:: 2025-24736

Plugin:: Admin and Site Enhancements (ASE)
Plugin Slug:: admin-site-enhancements
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.6.3
Severity Score:: Medium
CVE:: 2025-24649

Plugin:: Prime Slider � Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.16.6
Severity Score:: Medium
CVE:: 2024-12043

Plugin:: Stackable � Page Builder Gutenberg Blocks
Plugin Slug:: stackable-ultimate-gutenberg-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.12
Severity Score:: Medium
CVE:: 2024-12117

Plugin:: String locator
Plugin Slug:: string-locator
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.7
Severity Score:: High
CVE:: 2024-10936

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.7.5.1
Severity Score:: Medium
CVE:: 2024-13599

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Open Redirection
Patched in Version:: 4.2.7.2
Severity Score:: Medium
CVE:: 2025-24740

Plugin:: List category posts
Plugin Slug:: list-category-posts
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.90.3
Severity Score:: Medium
CVE:: 2024-9020

Plugin:: Nested Pages
Plugin Slug:: wp-nested-pages
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.10
Severity Score:: Medium
CVE:: 2025-24579

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.27.13
Severity Score:: Medium
CVE:: 2025-24689

Plugin:: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Plugin Slug:: print-invoices-packing-slip-labels-for-woocommerce
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.2
Severity Score:: Medium
CVE:: 2025-24644

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-13517

Plugin:: Better Find and Replace
Plugin Slug:: real-time-auto-find-and-replace
Installations: 50,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.6.8
Severity Score:: High
CVE:: 2025-24734

Plugin:: WP-Polls
Plugin Slug:: wp-polls
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.77.3
Severity Score:: Medium
CVE:: 2024-13426

Plugin:: Social Share, Social Login and Social Comments Plugin � Super Socializer
Plugin Slug:: super-socializer
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.14.1
Severity Score:: Medium
CVE:: 2024-13230

Plugin:: Carousel Maker for Divi
Plugin Slug:: wow-carousel-for-divi-lite
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2025-0350

Plugin:: WP Visitor Statistics (Real Time Traffic)
Plugin Slug:: wp-stats-manager
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3
Severity Score:: Medium
CVE:: 2025-24675

Plugin:: Appointment Booking Calendar Plugin and Scheduling Plugin � BookingPress
Plugin Slug:: bookingpress-appointment-booking
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.26
Severity Score:: Medium
CVE:: 2025-24732

Plugin:: Icegram Engage � Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.32
Severity Score:: Medium
CVE:: 2025-24542

Plugin:: IP2Location Country Blocker
Plugin Slug:: ip2location-country-blocker
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.38.4
Severity Score:: Medium
CVE:: 2025-24731

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2025-24743

Plugin:: Simple Download Monitor
Plugin Slug:: simple-download-monitor
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.26
Severity Score:: High
CVE:: 2025-24663

Plugin:: Thim Elementor Kit
Plugin Slug:: thim-elementor-kit
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.9
Severity Score:: Medium
CVE:: 2025-24725

Plugin:: PPOM � Product Addons & Custom Fields for WooCommerce
Plugin Slug:: woocommerce-product-addon
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 33.0.9
Severity Score:: Medium
CVE:: 2025-24668

Plugin:: Contact Form Email
Plugin Slug:: contact-form-to-email
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.53
Severity Score:: Medium
CVE:: 2025-24727

Plugin:: WP Customer Area
Plugin Slug:: customer-area
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.2.5
Severity Score:: Medium
CVE:: 2024-12280

Plugin:: GamiPress � Gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.2.2
Severity Score:: Critical
CVE:: 2024-13496

Plugin:: GamiPress � Gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 7.2.2
Severity Score:: High
CVE:: 2024-13495

Plugin:: AI Power: Complete AI Pack
Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.97
Severity Score:: Medium
CVE:: 2024-13361

Plugin:: AI Power: Complete AI Pack
Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.8.97
Severity Score:: Medium
CVE:: 2024-13360

Plugin:: AI Power: Complete AI Pack
Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.8.97
Severity Score:: High
CVE:: 2025-0429

Plugin:: Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Plugin Slug:: ht-contactform
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2025-24726

Plugin:: AI Chatbot for WordPress � Hyve Lite
Plugin Slug:: hyve-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2025-24666

Plugin:: JSM Show Post Metadata
Plugin Slug:: jsm-show-post-meta
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.6.1
Severity Score:: Medium
CVE:: 2025-24589

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.3
Severity Score:: High
CVE:: 2024-13404

Plugin:: Modal Window � create popup modal window
Plugin Slug:: modal-window
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.1.5
Severity Score:: Medium
CVE:: 2025-24717

Plugin:: Membership Plugin � Restrict Content
Plugin Slug:: restrict-content
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.14
Severity Score:: Medium
CVE:: 2024-11090

Plugin:: Internal Links Manager
Plugin Slug:: seo-automated-link-building
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2025-24679

Plugin:: WooCommerce Product Table Lite
Plugin Slug:: wc-product-table-lite
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.0
Severity Score:: Medium
CVE:: 2025-24596

Plugin:: Countdown Timer � Widget Countdown
Plugin Slug:: widget-countdown
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2025-24719

Plugin:: Export All Posts, Products, Orders, Refunds & Users
Plugin Slug:: wp-ultimate-exporter
Installations: 10,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.9.1
Severity Score:: Medium
CVE:: 2025-24611

Plugin:: WP VR � 360 Panorama and Free Virtual Tour Builder For WordPress
Plugin Slug:: wpvr
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.15
Severity Score:: Medium
CVE:: 2025-24730

Plugin:: Essential Real Estate
Plugin Slug:: essential-real-estate
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.1.9
Severity Score:: Medium
CVE:: 2025-24698

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 8,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.17.5
Severity Score:: Low
CVE:: 2024-13450

Plugin:: Sticky Buttons � floating buttons builder
Plugin Slug:: sticky-buttons
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.2
Severity Score:: Medium
CVE:: 2025-24720

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.3
Severity Score:: High
CVE:: 2024-11641

Plugin:: Product Carousel Slider & Grid Ultimate for WooCommerce
Plugin Slug:: woo-product-carousel-slider-and-grid-ultimate
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.10.1
Severity Score:: Medium
CVE:: 2025-24681

Plugin:: WP Hotel Booking
Plugin Slug:: wp-hotel-booking
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.7
Severity Score:: Medium
CVE:: 2024-13447

Plugin:: Xagio SEO
Plugin Slug:: xagio-seo
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.0.21
Severity Score:: Medium
CVE:: 2025-24702

Plugin:: Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
Plugin Slug:: extensions-for-cf7
Installations: 6,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2025-24695

Plugin:: Side Menu Lite � add sticky fixed buttons
Plugin Slug:: side-menu-lite
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2025-24724

Plugin:: Super block slider � Responsive image & content slider
Plugin Slug:: super-block-slider
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8
Severity Score:: Medium
CVE:: 2025-24682

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.7
Severity Score:: High
CVE:: 2024-13319

Plugin:: Button Generator � easily Button Builder
Plugin Slug:: button-generation
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.2
Severity Score:: Medium
CVE:: 2025-24713

Plugin:: MultiVendorX � The Ultimate WooCommerce Multivendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.14
Severity Score:: Medium
CVE:: 2025-24706

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2025-24729

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2025-24618

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2025-24578

Plugin:: Variation Swatches for WooCommerce
Plugin Slug:: th-variation-swatches
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-13511

Plugin:: Custom Product Tabs Lite for WooCommerce
Plugin Slug:: woocommerce-custom-product-tabs-lite
Installations: 5,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.9.1
Severity Score:: High
CVE:: 2024-12600

Plugin:: Import WP � Export and Import CSV and XML files to WordPress
Plugin Slug:: jc-importer
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.14.6
Severity Score:: High
CVE:: 2024-13562

Plugin:: Popup Box: Create Popups Easily
Plugin Slug:: popup-box
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2025-24711

Plugin:: RSVP and Event Management
Plugin Slug:: rsvp
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.15
Severity Score:: High
CVE:: 2025-24683

Plugin:: Premium Packages � Sell Digital Products Securely
Plugin Slug:: wpdm-premium-packages
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.9.7
Severity Score:: High
CVE:: 2025-24659

Plugin:: XML for Google Merchant Center
Plugin Slug:: xml-for-google-merchant-center
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.12
Severity Score:: High
CVE:: 2024-13406

Plugin:: HelloAsso
Plugin Slug:: helloasso
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.12
Severity Score:: Medium
CVE:: 2025-24575

Plugin:: Multiple Page Generator Plugin � MPG
Plugin Slug:: multiple-pages-generator-by-porthas
Installations: 3,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.0.6
Severity Score:: Medium
CVE:: 2024-10705

Plugin:: Patreon WordPress
Plugin Slug:: patreon-connect
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.2
Severity Score:: Medium
CVE:: 2025-24588

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 4.4.12
Severity Score:: Medium
CVE:: 2025-24552

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-24543

Plugin:: Ultimate Coming Soon & Maintenance
Plugin Slug:: ultimate-coming-soon
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-24546

Plugin:: Auction Nudge � Your eBay on Your Site
Plugin Slug:: auction-nudge
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.1
Severity Score:: Medium
CVE:: 2025-24658

Plugin:: Chained Quiz
Plugin Slug:: chained-quiz
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2025-24701

Plugin:: Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site
Plugin Slug:: counter-box
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2025-24715

Plugin:: Email Subscription Popup
Plugin Slug:: email-subscribe
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: <= 1.2.24
Severity Score:: High
CVE:: 2025-24587

Plugin:: Social Proof Popups & Real-Time Notifications � Herd Effects
Plugin Slug:: mwp-herd-effect
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.2.2
Severity Score:: Medium
CVE:: 2025-24716

Plugin:: Plethora Plugins Tabs + Accordions
Plugin Slug:: plethora-tabs-accordions
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2024-13721

Plugin:: Plethora Plugins Tabs + Accordions
Plugin Slug:: plethora-tabs-accordions
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2025-24709

Plugin:: Comment Edit Core � Simple Comment Editing
Plugin Slug:: simple-comment-editing
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.1.0
Severity Score:: Medium
CVE:: 2025-24703

Plugin:: Product Table by WBW
Plugin Slug:: woo-product-tables
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.3
Severity Score:: Critical
CVE:: 2024-13234

Plugin:: WooCommerce Quick View
Plugin Slug:: woo-quick-view
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-24705

Plugin:: Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
Plugin Slug:: a4-barcode-generator
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.11
Severity Score:: Medium
CVE:: 2025-24603

Plugin:: Post Grid Master � Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:: ajax-filter-posts
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.4.13
Severity Score:: Medium
CVE:: 2025-24733

Plugin:: Visual Website Collaboration, Feedback & Project Management � Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.9
Severity Score:: High
CVE:: 2025-24570

Plugin:: Bubble Menu � Sticky Navigation with Floating Button Menu Solution
Plugin Slug:: bubble-menu
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.0.3
Severity Score:: Medium
CVE:: 2025-24714

Plugin:: Event post
Plugin Slug:: event-post
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.8
Severity Score:: Medium
CVE:: 2025-24585

Plugin:: Flexmls� IDX Plugin
Plugin Slug:: flexmls-idx
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.27
Severity Score:: Medium
CVE:: 2024-10552

Plugin:: WP Fast Total Search � The Power of Indexed Search
Plugin Slug:: fulltext-search
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.79.262
Severity Score:: Medium
CVE:: 2025-24572

Plugin:: WP Fast Total Search � The Power of Indexed Search
Plugin Slug:: fulltext-search
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.79.262
Severity Score:: Medium
CVE:: 2025-24571

Plugin:: KB Support � Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin
Plugin Slug:: kb-support
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2025-24741

Plugin:: GDPR CCPA Compliance & Cookie Consent Banner
Plugin Slug:: ninja-gdpr-compliance
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2025-24591

Plugin:: GoHero Store Customizer for WooCommerce
Plugin Slug:: personalize-woocommerce-cart-page
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0
Severity Score:: Medium
CVE:: 2024-12826

Plugin:: Post Grid, Slider & Carousel Ultimate � with Shortcode, Gutenberg Block & Elementor Widget
Plugin Slug:: post-grid-carousel-ultimate
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2025-24782

Plugin:: Responsive Addons for Elementor � Free Elementor Addons Plugin and Elementor Templates
Plugin Slug:: responsive-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.5
Severity Score:: Medium
CVE:: 2024-13354

Plugin:: Spexo Addons for Elementor � Free Elementor Addons, Widgets and Templates
Plugin Slug:: sastra-essential-addons-for-elementor
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.15
Severity Score:: Medium
CVE:: 2024-13335

Plugin:: Save as PDF Plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.4.1
Severity Score:: Critical
CVE:: 2025-24671

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 0.21.13
Severity Score:: High
CVE:: 2024-13236

Plugin:: Tamara Checkout
Plugin Slug:: tamara-checkout
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.9.1
Severity Score:: Medium
CVE:: 2025-23997

Plugin:: Toocheke Companion
Plugin Slug:: toocheke-companion
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.167
Severity Score:: Medium
CVE:: 2025-23992

Plugin:: Tourfic � Ultimate Hotel Booking, Travel Booking & Car Rental WordPress Plugin | WooCommerce Booking
Plugin Slug:: tourfic
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.15.4
Severity Score:: Critical
CVE:: 2025-24650

Plugin:: WooCommerce Cloak Affiliate Links
Plugin Slug:: woocommerce-cloak-affiliate-links
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.36
Severity Score:: Medium
CVE:: 2025-24647

Plugin:: MDTF � Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3.7
Severity Score:: Medium
CVE:: 2024-13340

Plugin:: 12 Step Meeting List
Plugin Slug:: 12-step-meeting-list
Installations: 800+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.16.6
Severity Score:: Medium
CVE:: 2025-24582

Plugin:: 12 Step Meeting List
Plugin Slug:: 12-step-meeting-list
Installations: 800+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 3.16.6
Severity Score:: Medium
CVE:: 2025-24580

Plugin:: Booking Calendar Contact Form
Plugin Slug:: booking-calendar-contact-form
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.56
Severity Score:: Medium
CVE:: 2025-24723

Plugin:: Easy YouTube Gallery
Plugin Slug:: easy-youtube-gallery
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.5
Severity Score:: Medium
CVE:: 2025-24721

Plugin:: FireCask Like & Share Button
Plugin Slug:: facebook-like-send-button
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-11226

Plugin:: Wishlist for WooCommerce
Plugin Slug:: wt-woocommerce-wishlist
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2025-24657

Plugin:: Create with Code
Plugin Slug:: create-with-code
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2025-24638

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.60
Severity Score:: Medium
CVE:: 2025-24622

Plugin:: Ketchup Shortcodes
Plugin Slug:: ketchup-shortcodes-pack
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.2.1
Severity Score:: Medium
CVE:: 2025-24673

Plugin:: Listamester
Plugin Slug:: listamester
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.5
Severity Score:: Medium
CVE:: 2025-24678

Plugin:: WP Google Street View (with 360� virtual tour) & Google maps + Local SEO
Plugin Slug:: wp-google-street-view
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2024-13542

Plugin:: WP Multi Store Locator
Plugin Slug:: wp-multi-store-locator
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: High
CVE:: 2025-24680

Plugin:: Form Builder CP
Plugin Slug:: cp-easy-form-builder
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.42
Severity Score:: High
CVE:: 2025-24672

Plugin:: MachForm Shortcode
Plugin Slug:: machform-shortcode
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2025-24636

Plugin:: Picture Gallery � Frontend Image Uploads, AJAX Photo List
Plugin Slug:: picture-gallery
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.20
Severity Score:: Medium
CVE:: 2024-13584

Plugin:: SERPed.net
Plugin Slug:: serped-net
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 4.6
Severity Score:: High
CVE:: 2025-24669

Plugin:: aDirectory � WordPress Directory Listing Plugin
Plugin Slug:: adirectory
Installations: 300+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.9
Severity Score:: High

Plugin:: All Embed � Elementor Addons
Plugin Slug:: all-embed-addons-for-elementor
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2025-24595

Plugin:: Gutenberg Blocks and Page Layouts � Attire Blocks
Plugin Slug:: attire-blocks
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.7
Severity Score:: Medium
CVE:: 2025-24696

Plugin:: WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Plugin Slug:: cf7-dynamics-crm
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.7
Severity Score:: High
CVE:: 2025-24708

Plugin:: RSVPMaker
Plugin Slug:: rsvpmaker
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 11.4.6
Severity Score:: Medium
CVE:: 2025-24600

Plugin:: Build Private Store For Woocommerce
Plugin Slug:: build-private-store-for-woocommerce
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 1..1
Severity Score:: Medium
CVE:: 2025-24633

Plugin:: WP Duplicate � WordPress Migration Plugin
Plugin Slug:: local-sync
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2025-24652

Plugin:: Magic the Gathering Card Tooltips
Plugin Slug:: magic-the-gathering-card-tooltips
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2025-24704

Plugin:: ShMapper by Teplitsa
Plugin Slug:: shmapper-by-teplitsa
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2025-24674

Plugin:: Taxonomy/Term and Role based Discounts for WooCommerce
Plugin Slug:: taxonomy-discounts-woocommerce
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2
Severity Score:: Medium
CVE:: 2025-24625

Plugin:: Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
Plugin Slug:: v-form
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2025-24604

Plugin:: Advanced Notifications
Plugin Slug:: advanced-notifications
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2025-24693

Plugin:: Blur Text
Plugin Slug:: blur-text
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2025-24627

Plugin:: Target Video Easy Publish
Plugin Slug:: brid-video-easy-publish
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.4
Severity Score:: High
CVE:: 2024-12076

Plugin:: Bug Library
Plugin Slug:: bug-library
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.5
Severity Score:: High
CVE:: 2025-24728

Plugin:: Linet ERP-Woocommerce Integration Plugin
Plugin Slug:: linet-erp-woocommerce-integration
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.5.8
Severity Score:: Medium
CVE:: 2025-24594

Plugin:: Morkva UA Shipping
Plugin Slug:: morkva-ua-shipping
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.20
Severity Score:: High
CVE:: 2025-24685

Plugin:: Orbisius Simple Notice
Plugin Slug:: orbisius-simple-notice
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2025-24634

Plugin:: People Lists
Plugin Slug:: people-lists
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2025-24691

Plugin:: Precious Metals Charts and Widgets for WordPress
Plugin Slug:: precious-metals-chart-and-widgets
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.9
Severity Score:: Medium
CVE:: 2024-13572

Plugin:: Roi Calculator
Plugin Slug:: roi-calculator
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1
Severity Score:: High
CVE:: 2025-24756

Plugin:: Show/Hide Shortcode
Plugin Slug:: showhide-shortcode
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.1
Severity Score:: Medium
CVE:: 2025-24687

Plugin:: Simple Downloads List
Plugin Slug:: simple-downloads-list
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 1.4.3
Severity Score:: High
CVE:: 2024-13594

Plugin:: FV Thoughtful Comments
Plugin Slug:: thoughtful-comments
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 0.3.6
Severity Score:: Medium
CVE:: 2025-24613

Plugin:: WC Affiliate � A Complete WooCommerce Affiliate Plugin
Plugin Slug:: wc-affiliate
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4
Severity Score:: High
CVE:: 2024-12321

Plugin:: WC Affiliate � A Complete WooCommerce Affiliate Plugin
Plugin Slug:: wc-affiliate
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5
Severity Score:: High
CVE:: 2024-12334

Plugin:: WP-BibTeX
Plugin Slug:: wp-bibtex
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.2
Severity Score:: High
CVE:: 2024-12005

Plugin:: PDF Invoices for WooCommerce + Drag and Drop Template Builder
Plugin Slug:: pdf-for-woocommerce
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.0
Severity Score:: Medium
CVE:: 2025-24755

Plugin:: Dynamic URL SEO
Plugin Slug:: dynamic-url-seo
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2
Severity Score:: Medium
CVE:: 2025-23985

Plugin:: Restrict Anonymous Access
Plugin Slug:: restrict-anonymous-access
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2025-24610

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 80+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.6.10
Severity Score:: Critical
CVE:: 2025-0357

Plugin:: Simple Gallery with Filter
Plugin Slug:: simple-gallery-with-filter
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-13583

Plugin:: Bilingual Linker
Plugin Slug:: bilingual-linker
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: Medium
CVE:: 2024-13441

Plugin:: Cliptakes
Plugin Slug:: cliptakes
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-13389

Plugin:: FAQ Builder AYS
Plugin Slug:: faq-builder-ays
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2025-24722

Plugin:: Radius Blocks � WordPress Gutenberg Blocks
Plugin Slug:: radius-blocks
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2025-24712

Plugin:: wp-greet
Plugin Slug:: wp-greet
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3
Severity Score:: High
CVE:: 2024-13444

Plugin:: Boom Fest
Plugin Slug:: boom-fest
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-13449

Plugin:: Caching Compatible Cookie Opt-In and JavaScript
Plugin Slug:: caching-compatible-cookie-optin-and-javascript
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.0.11
Severity Score:: Medium
CVE:: 2025-24547

Plugin:: Subscription DNA�
Plugin Slug:: subscriptiondna
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2
Severity Score:: High
CVE:: 2025-24555

Plugin:: KBucket: Your Curated Content in WordPress
Plugin Slug:: kbucket
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.2
Severity Score:: High
CVE:: 2025-24562

Plugin:: ReviewsTap
Plugin Slug:: reviewstap
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2025-24561

Plugin:: Admin and Site Enhancements (ASE) Pro
Plugin Slug:: admin-site-enhancements-pro
Vulnerability:: Broken Access Control
Patched in Version:: 7.6.3
Severity Score:: Medium
CVE:: 2025-24653

Plugin:: BMLT Meeting Map
Plugin Slug:: bmlt-meeting-map
Vulnerability:: Local File Inclusion
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2024-13593

Plugin:: Bridge Core
Plugin Slug:: bridge-core
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2025-24744

Plugin:: Fusion Builder
Plugin Slug:: fusion-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.12
Severity Score:: Medium
CVE:: 2024-12477

Plugin:: JetElements For Elementor
Plugin Slug:: jet-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2025-0371

Plugin:: Oshine Modules
Plugin Slug:: oshine-modules
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.3.8
Severity Score:: Medium
CVE:: 2024-44055

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Broken Access Control
Patched in Version:: 4.20.0.3
Severity Score:: Medium
CVE:: 2025-24662

Plugin:: ThemeREX Addons
Plugin Slug:: trx_addons
Vulnerability:: Local File Inclusion
Patched in Version:: 2.34.0
Severity Score:: High
CVE:: 2025-0682

Plugin:: VideoWhisper Live Streaming Integration
Plugin Slug:: videowhisper-live-streaming-integration
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.10
Severity Score:: Medium
CVE:: 2024-12504

Plugin:: WPBot Pro WordPress Chatbot
Plugin Slug:: wpbot-pro
Vulnerability:: Broken Access Control
Patched in Version:: 13.5.6
Severity Score:: Medium
CVE:: 2024-12879

Plugin:: WPBot Pro WordPress Chatbot
Plugin Slug:: wpbot-pro
Vulnerability:: Arbitrary File Upload
Patched in Version:: 13.5.6
Severity Score:: Critical
CVE:: 2024-13091

Plugin:: WPJobBoard
Plugin Slug:: wpjobboard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.11.1
Severity Score:: High
CVE:: 2025-24781

WordPress Themes � 7 Patched / 2 Unpatched

Theme:: Bootstrap Ultimate
Theme Slug:: bootstrap-ultimate
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13545

Theme:: RealHomes
Theme Slug:: realhomes
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32444

Theme:: AdForest
Theme Slug:: adforest
Vulnerability:: Broken Authentication
Patched in Version:: 5.1.9
Severity Score:: Critical
CVE:: 2024-12857

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Broken Access Control
Patched in Version:: 7.11.11
Severity Score:: Medium
CVE:: 2025-24748

Theme:: Betheme
Theme Slug:: betheme
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 27.6.2
Severity Score:: Medium
CVE:: 2025-0450

Theme:: Houzez
Theme Slug:: houzez
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.2
Severity Score:: Medium
CVE:: 2025-24747

Theme:: Houzez
Theme Slug:: houzez
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.2
Severity Score:: Medium
CVE:: 2025-24754

Theme:: uDesign
Theme Slug:: udesign
Vulnerability:: Broken Access Control
Patched in Version:: 4.11.3
Severity Score:: Medium
CVE:: 2025-24757

Theme:: Zox News
Theme Slug:: zox-news
Vulnerability:: Broken Access Control
Patched in Version:: 3.17.0
Severity Score:: High
CVE:: 2024-11936