WordPress Vulnerability Report � July 23, 2025

In this report, 167 vulnerabilities have been publicly disclosed. Security patches for 125 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 42 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8.2 is now available! This maintenance release includes fixes for 20 Core tickets and 15 Block Editor issues. For a full list of bug fixes, please refer to the release candidate announcement.

WordPress Plugins � 121 Patched / 41 Unpatched

Plugin:: URL Shortener Plugin For WordPress
Plugin Slug:: exact-links
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28965

Plugin:: DB Backup
Plugin Slug:: db-backup
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-50031

Plugin:: Nginx Cache Purge Preload
Plugin Slug:: fastcgi-cache-purge-and-preload-nginx
Installations: 80+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-6213

Plugin:: Block Editor Gallery Slider
Plugin Slug:: block-editor-gallery-slider
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6726

Plugin:: aapanel WP Toolkit
Plugin Slug:: aapanel-wp-toolkit
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6813

Plugin:: Affiliate Reviews
Plugin Slug:: affiliate-reviews
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5845

Plugin:: Alike – WordPress Custom Post Comparison
Plugin Slug:: alike
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28975

Plugin:: Attachment Manager
Plugin Slug:: attachment-manager
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7643

Plugin:: Avishi WP PayPal Payment Button
Plugin Slug:: avishi-wp-paypal-payment-button
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7669

Plugin:: Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer)
Plugin Slug:: azon-addon-js-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30631

Plugin:: B1.lt for WooCommerce
Plugin Slug:: b1-accounting
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6718

Plugin:: Birth Chart Compatibility
Plugin Slug:: birth-chart-compatibility
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6082

Plugin:: Biteship
Plugin Slug:: biteship
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5816

Plugin:: Brandfolder
Plugin Slug:: brandfolder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5843

Plugin:: bSecure – Your Universal Checkout
Plugin Slug:: bsecure
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-6187

Plugin:: Copymatic
Plugin Slug:: copymatic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6781

Plugin:: Counter live visitors for WooCommerce
Plugin Slug:: counter-visitor-for-woocommerce
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7359

Plugin:: Crowdfunding for WooCommerce
Plugin Slug:: crowdfunding-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5767

Plugin:: FoodMenu
Plugin Slug:: dzs-restaurantmenu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-29014

Plugin:: WooCommerce Shop Page Builder
Plugin Slug:: dzs-wootable
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28999

Plugin:: EPay.bg Payments
Plugin Slug:: epaybg-payments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7653

Plugin:: IDonatePro
Plugin Slug:: idonate-pro
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30635

Plugin:: Latest Post Accordian Slider
Plugin Slug:: latest-post-accordian-slider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7687

Plugin:: Multimedia Playlist Slider Addon for WPBakery Page Builder
Plugin Slug:: lbg_vp_youtube_vimeo_addon_visual_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30626

Plugin:: Like & Share My Site
Plugin Slug:: like-share-my-site
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7685

Plugin:: Listly
Plugin Slug:: listly
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5811

Plugin:: Live Stream Badger
Plugin Slug:: live-stream-badger
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7655

Plugin:: Map My Locations
Plugin Slug:: map-my-locations
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7660

Plugin:: Partnersk� syst�m Martinus
Plugin Slug:: martinus-partnersky-system
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7661

Plugin:: Mediabay – WordPress Media Library Folders
Plugin Slug:: mediabay
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28949

Plugin:: Orion Login with SMS
Plugin Slug:: orion-login-with-sms
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7692

Plugin:: The E-Commerce ERP
Plugin Slug:: profitori
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-52800

Plugin:: Restrict File Access
Plugin Slug:: restrict-file-access
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7667

Plugin:: Ruven Themes: Shortcodes
Plugin Slug:: ruven-themes-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7648

Plugin:: Temporarily Hidden Content
Plugin Slug:: temporarily-hidden-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7658

Plugin:: Terms descriptions
Plugin Slug:: terms-descriptions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6719

Plugin:: Testimonial Post type
Plugin Slug:: testimonial-post-type
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5800

Plugin:: Useful Tab Block
Plugin Slug:: useful-tab-block-responsive-amp-compatible
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5754

Plugin:: Vertical scroll image slideshow gallery
Plugin Slug:: vertical-scroll-image-slideshow-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5752

Plugin:: WP JobHunt
Plugin Slug:: wp-jobhunt
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6585

Plugin:: Zuppler Online Ordering
Plugin Slug:: zuppler-online-ordering
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6053

Plugin:: Forminator Forms � Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 600,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.45.1
Severity Score:: High
CVE:: 2025-7638

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 500,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.4.3
Severity Score:: Medium
CVE:: 2025-7369

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.3
Severity Score:: Medium
CVE:: 2025-7354

Plugin:: Post SMTP � WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications � Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: Broken Authentication
Patched in Version:: 3.3.0
Severity Score:: High
CVE:: 2025-24000

Plugin:: SureForms � Drag and Drop Form Builder for WordPress
Plugin Slug:: sureforms
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.2
Severity Score:: High
CVE:: 2025-5921

Plugin:: Strong Testimonials
Plugin Slug:: strong-testimonials
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.12
Severity Score:: Medium
CVE:: 2025-7367

Plugin:: JetFormBuilder � Dynamic Blocks Form Builder
Plugin Slug:: jetformbuilder
Installations: 80,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.5.2
Severity Score:: High
CVE:: 2025-53990

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.27
Severity Score:: Medium
CVE:: 2025-7035

Plugin:: User Registration & Membership � Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.0
Severity Score:: Medium
CVE:: 2025-6831

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4.2
Severity Score:: Medium
CVE:: 2025-7495

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.2
Severity Score:: Medium
CVE:: 2025-54006

Plugin:: Companion Auto Update
Plugin Slug:: companion-auto-update
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.3
Severity Score:: Medium
CVE:: 2025-4369

Plugin:: Stop User Enumeration
Plugin Slug:: stop-user-enumeration
Installations: 50,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.7.3
Severity Score:: Medium
CVE:: 2025-4302

Plugin:: Master Addons � Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Plugin Slug:: master-addons
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.8.3
Severity Score:: Medium
CVE:: 2025-5284

Plugin:: Gutentor � Gutenberg Blocks � Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.9
Severity Score:: Medium
CVE:: 2025-4685

Plugin:: FluentSnippets � The High-Performance file based Custom Code Snippets Plugin
Plugin Slug:: easy-code-manager
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 10.51
Severity Score:: Critical
CVE:: 2025-54010

Plugin:: SMTP2GO for WordPress � Email Made Easy
Plugin Slug:: smtp2go
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.12.2
Severity Score:: Medium
CVE:: 2025-54011

Plugin:: Welcart e-Commerce
Plugin Slug:: usc-e-shop
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.17
Severity Score:: Medium
CVE:: 2025-54013

Plugin:: WP Event Manager � Events Calendar, Registrations, Sell Tickets with WooCommerce
Plugin Slug:: wp-event-manager
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.50
Severity Score:: Medium
CVE:: 2025-2799

Plugin:: WP Event Manager � Events Calendar, Registrations, Sell Tickets with WooCommerce
Plugin Slug:: wp-event-manager
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.51
Severity Score:: High
CVE:: 2025-2800

Plugin:: CM Pop-Up � Create engaging popups to capture attention and boost interaction
Plugin Slug:: cm-pop-up-banners
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.5
Severity Score:: Medium
CVE:: 2025-54018

Plugin:: HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Plugin Slug:: ht-contactform
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2025-54015

Plugin:: HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Plugin Slug:: ht-contactform
Installations: 10,000+
Vulnerability:: Directory Traversal
Patched in Version:: 2.2.2
Severity Score:: Critical
CVE:: 2025-7360

Plugin:: HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Plugin Slug:: ht-contactform
Installations: 10,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.2.2
Severity Score:: Critical
CVE:: 2025-7340

Plugin:: HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.
Plugin Slug:: ht-contactform
Installations: 10,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.2.2
Severity Score:: High
CVE:: 2025-7341

Plugin:: Videopack
Plugin Slug:: video-embed-thumbnail-generator
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.4
Severity Score:: Medium
CVE:: 2025-54016

Plugin:: Malcure Malware Scanner � #1 Toolset for Malware Removal
Plugin Slug:: wp-malware-removal
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 16.9
Severity Score:: Medium
CVE:: 2025-7772

Plugin:: Malcure Malware Scanner � #1 Toolset for Malware Removal
Plugin Slug:: wp-malware-removal
Installations: 10,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 17.1
Severity Score:: High
CVE:: 2025-6043

Plugin:: AntiSpam for Contact Form 7
Plugin Slug:: cf7-antispam
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.6.4
Severity Score:: Medium
CVE:: 2025-54020

Plugin:: Ghost Kit � Page Builder Blocks, Motion Effects & Extensions
Plugin Slug:: ghostkit
Installations: 7,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.4.2
Severity Score:: High
CVE:: 2025-53567

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.5.5
Severity Score:: High
CVE:: 2025-6977

Plugin:: Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
Plugin Slug:: extensions-for-cf7
Installations: 6,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.2.9
Severity Score:: High
CVE:: 2025-7645

Plugin:: WP Delicious � Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
Plugin Slug:: delicious-recipes
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.5
Severity Score:: Medium
CVE:: 2025-54023

Plugin:: Coupon Affiliates � Affiliate Plugin for WooCommerce
Plugin Slug:: woo-coupon-usage
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.4.1
Severity Score:: Medium
CVE:: 2025-54022

Plugin:: WPAdverts � Classifieds Plugin
Plugin Slug:: wpadverts
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.6
Severity Score:: Medium
CVE:: 2025-54024

Plugin:: ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)
Plugin Slug:: elex-bulk-edit-products-prices-attributes-for-woocommerce-basic
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2025-47645

Plugin:: GSheetConnector for WC
Plugin Slug:: wc-gsheetconnector
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2025-54030

Plugin:: Restaurant Menu and Food Ordering
Plugin Slug:: mp-restaurant-menu
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-54038

Plugin:: News Kit Elementor Addons
Plugin Slug:: news-kit-elementor-addons
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2025-54037

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.11
Severity Score:: Medium
CVE:: 2025-54035

Plugin:: Pixel Gallery Addons for Elementor � Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery
Plugin Slug:: pixel-gallery
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2025-7644

Plugin:: Animator � Scroll Triggered Animations
Plugin Slug:: scroll-triggered-animations
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.17
Severity Score:: Medium
CVE:: 2025-54039

Plugin:: SMTP for Amazon SES � YaySMTP
Plugin Slug:: smtp-amazon-ses
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.9.1
Severity Score:: High
CVE:: 2025-54043

Plugin:: Theme Builder For Elementor
Plugin Slug:: theme-builder-for-elementor
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2025-54033

Plugin:: Wallet System for WooCommerce
Plugin Slug:: wallet-system-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.8
Severity Score:: Medium
CVE:: 2025-54041

Plugin:: Appointment Booking & Scheduling Plugin � Webba Booking Calendar
Plugin Slug:: webba-booking-lite
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.22
Severity Score:: Medium
CVE:: 2025-54040

Plugin:: Appointment Booking & Scheduling Plugin � Webba Booking Calendar
Plugin Slug:: webba-booking-lite
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.1.21
Severity Score:: Medium
CVE:: 2025-54036

Plugin:: WP Post Hide
Plugin Slug:: wp-post-hide
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-54042

Plugin:: LightBox Block � Gutenberg block for creating fully functional lightbox
Plugin Slug:: lightbox-block
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.31
Severity Score:: Medium
CVE:: 2025-54051

Plugin:: Responsive Addons for Elementor � Free Elementor Addons Plugin and Elementor Templates
Plugin Slug:: responsive-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2025-54050

Plugin:: Widget for Google Reviews
Plugin Slug:: business-reviews-wp
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.16
Severity Score:: High
CVE:: 2025-53565

Plugin:: Custom API for WP
Plugin Slug:: custom-api-for-wp
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.2.3
Severity Score:: Critical
CVE:: 2025-54048

Plugin:: Easy Elementor Addons
Plugin Slug:: easy-elementor-addons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.6
Severity Score:: Medium
CVE:: 2025-48295

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8013
Severity Score:: Medium
CVE:: 2025-7486

Plugin:: Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:: integration-for-contact-form-7-and-google-sheets
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.1.2
Severity Score:: Critical
CVE:: 2025-7697

Plugin:: Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:: integration-for-contact-form-7-and-pipedrive
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.2.4
Severity Score:: Critical
CVE:: 2025-7696

Plugin:: SMTP for SendGrid � YaySMTP
Plugin Slug:: smtp-sendgrid
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.1
Severity Score:: High
CVE:: 2025-48301

Plugin:: YayExtra � WooCommerce Extra Product Options
Plugin Slug:: yayextra
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.6
Severity Score:: High
CVE:: 2025-48299

Plugin:: FG Drupal to WordPress
Plugin Slug:: fg-drupal-to-wp
Installations: 900+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.90.1
Severity Score:: Medium
CVE:: 2025-48294

Plugin:: Ultimate WP Mail
Plugin Slug:: ultimate-wp-mail
Installations: 900+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.3.7
Severity Score:: High
CVE:: 2025-6993

Plugin:: Maya Business Plugin
Plugin Slug:: paymaya-checkout-for-woocommerce
Installations: 600+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2025-53208

Plugin:: Stop and Block bots plugin Anti bots
Plugin Slug:: antibots
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.50
Severity Score:: Medium
CVE:: 2025-48166

Plugin:: Chatbox Manager
Plugin Slug:: wa-chatbox-manager
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2025-48167

Plugin:: SMTP for Sendinblue � YaySMTP
Plugin Slug:: smtp-sendinblue
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.1
Severity Score:: High
CVE:: 2025-48161

Plugin:: Formality
Plugin Slug:: formality
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.10
Severity Score:: High
CVE:: 2025-48157

Plugin:: Image Wall
Plugin Slug:: image-wall
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2
Severity Score:: Medium
CVE:: 2025-48156

Plugin:: Residential Address Detection
Plugin Slug:: residential-address-detection
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.10
Severity Score:: Medium
CVE:: 2025-48155

Plugin:: Cloud SAML SSO � Single Sign On Login
Plugin Slug:: cloud-sso-single-sign-on
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.19
Severity Score:: High
CVE:: 2025-49264

Plugin:: CRM and Lead Management by vcita
Plugin Slug:: crm-customer-relationship-management-by-vcita
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2025-5240

Plugin:: Import CDN-Remote Images
Plugin Slug:: import-cdn-remote-images
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.3
Severity Score:: High
CVE:: 2025-48153

Plugin:: Knowledge Base
Plugin Slug:: knowledgebase
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2025-7431

Plugin:: CM Map Locations � Visualize and share your locations in a few clicks
Plugin Slug:: cm-map-locations
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.7
Severity Score:: High
CVE:: 2025-48151

Plugin:: Real Estate Property 2025 Create Your Own Fields and Search Bar
Plugin Slug:: real-estate-right-now
Installations: 90+
Vulnerability:: Broken Access Control
Patched in Version:: 4.49
Severity Score:: Medium
CVE:: 2025-48150

Plugin:: MORKVA Vchasno Kasa Integration
Plugin Slug:: mrkv-vchasno-kasa
Installations: 30+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2025-6721

Plugin:: MORKVA Vchasno Kasa Integration
Plugin Slug:: mrkv-vchasno-kasa
Installations: 30+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2025-6720

Plugin:: Bears Backup
Plugin Slug:: bears-backup
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.1.0
Severity Score:: Critical
CVE:: 2025-5396

Plugin:: Foxypress
Plugin Slug:: foxypress
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.4.2.2
Severity Score:: Critical
CVE:: 2012-10020

Plugin:: Fusion Builder
Plugin Slug:: fusion-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.2
Severity Score:: Medium
CVE:: 2025-6747

Plugin:: GymBase Theme Classes
Plugin Slug:: gymbase_classes
Vulnerability:: SQL Injection
Patched in Version:: 1.5
Severity Score:: High
CVE:: 2025-54026

Plugin:: JetBlocks For Elementor
Plugin Slug:: jet-blocks
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.19
Severity Score:: Medium
CVE:: 2025-53988

Plugin:: JetBlocks For Elementor
Plugin Slug:: jet-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.19.1
Severity Score:: Medium
CVE:: 2025-53989

Plugin:: JetElements For Elementor
Plugin Slug:: jet-elements
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.7.7.1
Severity Score:: Medium
CVE:: 2025-53983

Plugin:: JetElements For Elementor
Plugin Slug:: jet-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7.1
Severity Score:: Medium
CVE:: 2025-53982

Plugin:: JetEngine
Plugin Slug:: jet-engine
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.7.1.1
Severity Score:: Medium
CVE:: 2025-53196

Plugin:: JetMenu
Plugin Slug:: jet-menu
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.11.2
Severity Score:: Medium
CVE:: 2025-53987

Plugin:: JetPopup
Plugin Slug:: jet-popup
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.15.1
Severity Score:: Medium
CVE:: 2025-53993

Plugin:: JetPopup
Plugin Slug:: jet-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.16
Severity Score:: Medium
CVE:: 2025-53995

Plugin:: JetPopup
Plugin Slug:: jet-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.15.1
Severity Score:: Medium
CVE:: 2025-53994

Plugin:: JetSearch
Plugin Slug:: jet-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.11
Severity Score:: Medium
CVE:: 2025-53996

Plugin:: JetSmartFilters
Plugin Slug:: jet-smart-filters
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.6.7.1
Severity Score:: Medium
CVE:: 2025-54008

Plugin:: JetSmartFilters
Plugin Slug:: jet-smart-filters
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.8.1
Severity Score:: Medium
CVE:: 2025-54009

Plugin:: JetTabs
Plugin Slug:: jet-tabs
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.9.1
Severity Score:: Medium
CVE:: 2025-53985

Plugin:: JetTabs
Plugin Slug:: jet-tabs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.9.1
Severity Score:: Medium
CVE:: 2025-53984

Plugin:: JetTricks
Plugin Slug:: jet-tricks
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5.4.2
Severity Score:: Medium
CVE:: 2025-53992

Plugin:: JetTricks
Plugin Slug:: jet-tricks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4.2
Severity Score:: Medium
CVE:: 2025-53991

Plugin:: JetWooBuilder
Plugin Slug:: jet-woo-builder
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.20.1
Severity Score:: Medium
CVE:: 2025-53998

Plugin:: Radio Player Shoutcast & Icecast
Plugin Slug:: lbg-audio4-html5-shoutcast
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.8
Severity Score:: High
CVE:: 2025-53205

Plugin:: Apollo – Sticky Full Width HTML5 Audio Player
Plugin Slug:: lbg-audio5-html5-shoutcast-sticky
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.4
Severity Score:: High
CVE:: 2025-48168

Plugin:: SHOUT – HTML5 Radio Player With Ads – ShoutCast and IceCast Support
Plugin Slug:: lbg-audio8-html5-radio-ads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.5
Severity Score:: High
CVE:: 2025-48163