WordPress Vulnerability Report � March 11, 2026

In this report, 209 vulnerabilities have been publicly disclosed. Security patches for 75 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Currently, 134 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.9.3 is now available and is a mandatory security and maintenance update. This release follows version 6.9.2, which addressed 10 security vulnerabilities but introduced a “blank screen” bug for certain themes. Version 6.9.3 includes all previous security patches while resolving the front-end display issues.

It is recommended that you update your sites to version 6.9.3 immediately to ensure they are protected. For sites supporting automatic background updates, the process will begin shortly. You can find more technical details and the full list of fixes in the official announcement.

The next major release of WordPress will be�version 7.0, which is planned for April 9, 2026.

WordPress Plugins � 69 Patched / 29 Unpatched

Plugin:: Widget Options � Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27984

Plugin:: Easy Post Submission � Frontend Posting, Guest Publishing & Submit Content for WordPress
Plugin Slug:: easy-post-submission
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22479

Plugin:: WP CTA � Sticky CTA Builder, Generate Leads, Promote Sales
Plugin Slug:: easy-sticky-sidebar
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-22459

Plugin:: FormGent � Next-Gen AI Form Builder for WordPress with Multi-Step, Quizzes, Payments & More
Plugin Slug:: formgent
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22460

Plugin:: Bus Ticket Booking with Seat Reservation
Plugin Slug:: bus-ticket-booking-with-seat-reservation
Installations: 900+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27095

Plugin:: My auctions allegro
Plugin Slug:: my-auctions-allegro-free-edition
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22491

Plugin:: Carta Online
Plugin Slug:: carta-online
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1071

Plugin:: Secudeal Payments for Ecommerce
Plugin Slug:: secudeal-payments-for-ecommerce
Installations: 10+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22471

Plugin:: Super Stage WP
Plugin Slug:: super-stage-wp
Installations: 10+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-1542

Plugin:: Consensus Embed
Plugin Slug:: consensus-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1823

Plugin:: DA Media GigList
Plugin Slug:: damedia-giglist
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1805

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28037

Plugin:: Handmade Framework
Plugin Slug:: handmade-framework
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22520

Plugin:: Infomaniak Connect for OpenID
Plugin Slug:: infomaniak-connect-openid
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1824

Plugin:: Lisfinity Core
Plugin Slug:: lisfinity-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22484

Plugin:: LMS Elementor Pro
Plugin Slug:: lms-elementor-pro
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27983

Plugin:: LotekMedia Popup Form
Plugin Slug:: ltm-popup-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-2420

Plugin:: Media Library Alt Text Editor
Plugin Slug:: media-library-alt-text-editor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1820

Plugin:: My Album Gallery
Plugin Slug:: my-album-gallery
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-22485

Plugin:: MyQtip � easy qTip2
Plugin Slug:: myqtip-easy-qtip2
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1574

Plugin:: Purchase Button For Affiliate Link
Plugin Slug:: purchase-button
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1073

Plugin:: True Ranker
Plugin Slug:: seo-local-rank
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1085

Plugin:: Show YouTube video
Plugin Slug:: show-youtube-video
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1825

Plugin:: The Guardian News Feed
Plugin Slug:: the-guardian-news-feed
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1087

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-28038

Plugin:: WP App Bar
Plugin Slug:: wp-app-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1074

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28073

Plugin:: Font Pairing Preview For Landing Pages
Plugin Slug:: wp-font-pairing-preview
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1086

Plugin:: Wueen
Plugin Slug:: wueen
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1569

Plugin:: WooCommerce
Plugin Slug:: woocommerce
Installations: 7,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 10.5.3
Severity Score:: Medium
CVE:: 2026-3589

Plugin:: Enable Media Replace
Plugin Slug:: enable-media-replace
Installations: 600,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.8
Severity Score:: Medium
CVE:: 2026-2732

Plugin:: Meta Box
Plugin Slug:: meta-box
Installations: 500,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 5.11.2
Severity Score:: High
CVE:: 2025-14675

Plugin:: Page Builder by SiteOrigin
Plugin Slug:: siteorigin-panels
Installations: 500,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.34.0
Severity Score:: High
CVE:: 2026-2448

Plugin:: WP Mail Logging
Plugin Slug:: wp-mail-logging
Installations: 300,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.16
Severity Score:: Critical
CVE:: 2026-2471

Plugin:: Envira Gallery � Image Photo Gallery, Albums, Video Gallery, Slideshows & More
Plugin Slug:: envira-gallery-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12.4
Severity Score:: Medium
CVE:: 2026-1236

Plugin:: LatePoint � Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.2.8
Severity Score:: High
CVE:: 2026-1487

Plugin:: LatePoint � Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 100,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 5.2.8
Severity Score:: High
CVE:: 2026-1566

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.7
Severity Score:: Critical
CVE:: 2025-13673

Plugin:: WP All Import � Drag & Drop Import for CSV, XML, Excel & Google Sheets
Plugin Slug:: wp-all-import
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.1
Severity Score:: High
CVE:: 2026-2830

Plugin:: Booking for Appointments and Events Calendar � Amelia
Plugin Slug:: ameliabooking
Installations: 90,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.0
Severity Score:: High
CVE:: 2026-24963

Plugin:: Database for Contact Form 7, WPforms, Elementor forms
Plugin Slug:: contact-form-entries
Installations: 70,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.4.8
Severity Score:: Critical
CVE:: 2026-2599

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 12.8.4
Severity Score:: Medium
CVE:: 2026-2371

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 12.8.4
Severity Score:: Medium
CVE:: 2026-2589

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 12.8.6
Severity Score:: Medium
CVE:: 2026-2593

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.34
Severity Score:: Medium
CVE:: 2026-3072

Plugin:: wpDataTables � WordPress Data Table, Dynamic Tables & Table Charts Plugin
Plugin Slug:: wpdatatables
Installations: 70,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 6.5.0.2
Severity Score:: High
CVE:: 2026-28039

Plugin:: Drag and Drop Multiple File Upload for Contact Form 7
Plugin Slug:: drag-and-drop-multiple-file-upload-contact-form-7
Installations: 60,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.9.6
Severity Score:: Critical
CVE:: 2026-3459

Plugin:: Email Subscribers & Newsletters � Email Marketing, Post Notifications & Newsletter Plugin for WordPress
Plugin Slug:: email-subscribers
Installations: 60,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.9.17
Severity Score:: High
CVE:: 2026-1651

Plugin:: Fast Page & Post Duplicator
Plugin Slug:: page-or-post-clone
Installations: 60,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.4
Severity Score:: High
CVE:: 2026-2893

Plugin:: Seraphinite Accelerator
Plugin Slug:: seraphinite-accelerator
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.28.15
Severity Score:: Medium
CVE:: 2026-3058

Plugin:: Seraphinite Accelerator
Plugin Slug:: seraphinite-accelerator
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.28.15
Severity Score:: Medium
CVE:: 2026-3056

Plugin:: User Registration & Membership � Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 5.1.3
Severity Score:: Critical
CVE:: 2026-1492

Plugin:: OoohBoi Steroids for Elementor
Plugin Slug:: ooohboi-steroids-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.25
Severity Score:: Medium
CVE:: 2026-3034

Plugin:: Uncanny Automator � Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Plugin Slug:: uncanny-automator
Installations: 50,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.1.0
Severity Score:: High
CVE:: 2026-2269

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.5.6
Severity Score:: High
CVE:: 2026-2363

Plugin:: RSS Aggregator � RSS Import, News Feeds, Feed to Post, and Autoblogging
Plugin Slug:: wp-rss-aggregator
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.12
Severity Score:: High
CVE:: 2026-2433

Plugin:: Post Grid Gutenberg Blocks for News, Magazines, Blog Websites � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 5.0.9
Severity Score:: High
CVE:: 2026-1273

Plugin:: All-in-One Video Gallery
Plugin Slug:: all-in-one-video-gallery
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.5
Severity Score:: High
CVE:: 2026-1706

Plugin:: Gutena Forms � Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder
Plugin Slug:: gutena-forms
Installations: 20,000+
Vulnerability:: Settings Change
Patched in Version:: 1.6.1
Severity Score:: Medium
CVE:: 2026-1674

Plugin:: My Calendar � Accessible Event Manager
Plugin Slug:: my-calendar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.4
Severity Score:: Medium
CVE:: 2026-2355

Plugin:: WP Booking System � Booking Calendar
Plugin Slug:: wp-booking-system
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.19.13
Severity Score:: Medium
CVE:: 2025-68515

Plugin:: WPZOOM Addons for Elementor � Starter Templates & Widgets
Plugin Slug:: wpzoom-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: High
CVE:: 2026-2295

Plugin:: Membership Plugin � Restrict Content
Plugin Slug:: restrict-content
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.2.21
Severity Score:: High
CVE:: 2026-1321

Plugin:: JS Help Desk � AI-Powered Support & Ticketing System
Plugin Slug:: js-support-ticket
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.3
Severity Score:: Critical
CVE:: 2023-7337

Plugin:: Mail Mint � Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Plugin Slug:: mail-mint
Installations: 6,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.19.5
Severity Score:: High
CVE:: 2026-2025

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.8.2
Severity Score:: Medium
CVE:: 2026-2488

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.9.8.3
Severity Score:: Medium
CVE:: 2026-2494

Plugin:: Podlove Web Player
Plugin Slug:: podlove-web-player
Installations: 4,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.9.2
Severity Score:: High
CVE:: 2026-24385

Plugin:: JS Archive List
Plugin Slug:: jquery-archive-list-widget
Installations: 3,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 6.2.0
Severity Score:: High
CVE:: 2026-2020

Plugin:: Stock Ticker
Plugin Slug:: stock-ticker
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.26.2
Severity Score:: Medium
CVE:: 2026-2722

Plugin:: WebToffee WooCommerce Product Feeds � Google Shopping, Pinterest, TikTok Ads, & More
Plugin Slug:: webtoffee-product-feed
Installations: 2,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.3.4
Severity Score:: High
CVE:: 2026-22480

Plugin:: Contest Gallery � Upload & Vote Photos, Media, Sell with PayPal & Stripe
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 28.1.5
Severity Score:: Critical
CVE:: 2026-3180

Plugin:: Easy PHP Settings
Plugin Slug:: easy-php-settings
Installations: 1,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.0.5
Severity Score:: High
CVE:: 2026-3352

Plugin:: WowOptin: Next-Gen Popup Maker � Create Stunning Popups and Optins for Lead Generation
Plugin Slug:: optin
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.25
Severity Score:: High
CVE:: 2026-1720

Plugin:: Morkva UA Shipping
Plugin Slug:: morkva-ua-shipping
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.10
Severity Score:: Medium
CVE:: 2026-2292

Plugin:: Taskbuilder � Project Management & Task Management Tool With Kanban Board
Plugin Slug:: taskbuilder
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.4
Severity Score:: Medium
CVE:: 2026-2289

Plugin:: All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login
Plugin Slug:: login-with-azure
Installations: 600+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.2.6
Severity Score:: Critical
CVE:: 2026-2628

Plugin:: AI ChatBot with ChatGPT and Content Generator by AYS
Plugin Slug:: ays-chatgpt-assistant
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2026-1336

Plugin:: WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Plugin Slug:: cf7-zendesk
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.6
Severity Score:: High
CVE:: 2026-2568

Plugin:: Apocalypse Meow
Plugin Slug:: apocalypse-meow
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 23.0.0
Severity Score:: High
CVE:: 2026-3523

Plugin:: ionCube Tester Plus
Plugin Slug:: ioncube-tester-plus
Installations: 300+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.4
Severity Score:: High
CVE:: 2025-69411

Plugin:: CM Custom Reports � Flexible reporting to track what matters most
Plugin Slug:: cm-custom-reports
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.8
Severity Score:: High
CVE:: 2026-2431

Plugin:: MailArchiver
Plugin Slug:: mailarchiver
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.0
Severity Score:: Medium
CVE:: 2026-2721

Plugin:: WP Frontend Profile
Plugin Slug:: wp-front-end-profile
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2026-1644

Plugin:: Hammas Calendar
Plugin Slug:: hammas-calendar
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.12
Severity Score:: Medium
CVE:: 2026-1902

Plugin:: MDJM Event Management
Plugin Slug:: mobile-dj-manager
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.8.2
Severity Score:: Medium
CVE:: 2026-1650

Plugin:: Community Events
Plugin Slug:: community-events
Installations: 30+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.9
Severity Score:: High
CVE:: 2026-2429

Plugin:: Paid Videochat Turnkey Site � HTML5 PPV Live Webcams
Plugin Slug:: ppv-live-webcams
Installations: 30+
Vulnerability:: Privilege Escalation
Patched in Version:: 7.3.21
Severity Score:: High
CVE:: 2025-8899

Plugin:: HUMN-1 AI Website Scanner & Human Certification by Winston AI
Plugin Slug:: winston-ai-wp
Installations: 30+
Vulnerability:: Broken Access Control
Patched in Version:: 0.0.4
Severity Score:: Medium
CVE:: 2026-1981

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.9
Severity Score:: High
CVE:: 2026-1945

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 10+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.9
Severity Score:: Medium
CVE:: 2026-1980

Plugin:: ZIP Code Based Content Protection
Plugin Slug:: zip-code-based-content-protection
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.3
Severity Score:: Critical
CVE:: 2025-14353

Plugin:: Fluent Forms Pro Add On Pack
Plugin Slug:: fluentformpro
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 6.1.18
Severity Score:: High
CVE:: 2026-2899

Plugin:: Fluent Forms Pro Add On Pack
Plugin Slug:: fluentformpro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.18
Severity Score:: High
CVE:: 2026-2365

Plugin:: Master Addons for Elementor Premium
Plugin Slug:: master-addons-pro
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.1.4
Severity Score:: High
CVE:: 2026-3132

Plugin:: pixfort Core
Plugin Slug:: pixfort-core
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.26
Severity Score:: Medium
CVE:: 2026-28071

Plugin:: pixfort Core
Plugin Slug:: pixfort-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.26
Severity Score:: High
CVE:: 2026-28072

Plugin:: WPSubscription
Plugin Slug:: subscription
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.8.11
Severity Score:: High
CVE:: 2025-69347

WordPress Themes � 6 Patched / 105 Unpatched

Theme:: Estate
Theme Slug:: estate
Downloads: 58,132
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22475

Theme:: OsTende
Theme Slug:: ostende
Downloads: 8,317
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27986

Theme:: Agrofood
Theme Slug:: agrofood
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27332

Theme:: Aldo
Theme Slug:: aldo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27993

Theme:: Amoli
Theme Slug:: amoli
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22506

Theme:: Askka
Theme Slug:: askka
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22456

Theme:: Au Pair Agency – Babysitting & Nanny Theme
Theme Slug:: au-pair-agency
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27098

Theme:: Avventure
Theme Slug:: avventure
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27991

Theme:: Beelove
Theme Slug:: beelove
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22507

Theme:: Berger
Theme Slug:: berger
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-53335

Theme:: Bonbon
Theme Slug:: bonbon
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28030

Theme:: BuddyApp
Theme Slug:: buddyapp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22465

Theme:: Car Zone
Theme Slug:: carzone
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27338

Theme:: CasaMia | Property Rental Real Estate WordPress Theme
Theme Slug:: casamia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27097

Theme:: Chroma
Theme Slug:: chroma
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28020

Theme:: Classter
Theme Slug:: classter
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-54001

Theme:: Coinpress
Theme Slug:: coinpress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28007

Theme:: ColorFolio – Freelance Designer WordPress Theme
Theme Slug:: colorfolio
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27096

Theme:: ConFix
Theme Slug:: confix
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27990

Theme:: Cookiteer
Theme Slug:: cookiteer
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-68886

Theme:: Craftis
Theme Slug:: craftis
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28021

Theme:: DeepDigital
Theme Slug:: deepdigital
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22467

Theme:: Dental Clinic
Theme Slug:: dental
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22473

Theme:: Dentalux
Theme Slug:: dentalux
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22508

Theme:: Don Peppe
Theme Slug:: donpeppe
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22449

Theme:: DroneX
Theme Slug:: dronex
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28009

Theme:: Edifice
Theme Slug:: edifice
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28033

Theme:: EmojiNation
Theme Slug:: emojination
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28029

Theme:: Equadio
Theme Slug:: equadio
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27988

Theme:: Equestrian Centre
Theme Slug:: equestrian-centre
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22474

Theme:: Etchy
Theme Slug:: etchy
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22476

Theme:: Felizia
Theme Slug:: felizia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22477

Theme:: FindAll
Theme Slug:: findall
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22478

Theme:: FlashMart
Theme Slug:: flashmart
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28048

Theme:: Foodie
Theme Slug:: foodie
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28022

Theme:: Gaspard
Theme Slug:: gaspard
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22493

Theme:: Gioia
Theme Slug:: gioia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22509

Theme:: Global Logistics
Theme Slug:: globallogistics
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28018

Theme:: Good Homes
Theme Slug:: good-homes
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22494

Theme:: Grand Wedding
Theme Slug:: grandwedding
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22417

Theme:: Green Thumb
Theme Slug:: greenthumb
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28017

Theme:: Greenville
Theme Slug:: greenville
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22495

Theme:: Gridiron
Theme Slug:: gridiron
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28012

Theme:: Grit
Theme Slug:: grit
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28041

Theme:: Handyman
Theme Slug:: handyman-services
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22451

Theme:: Healer – Doctor, Clinic & Medical WordPress Theme
Theme Slug:: healer
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-28043

Theme:: Helion
Theme Slug:: helion
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28024

Theme:: Hoverex
Theme Slug:: hoverex
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22452

Theme:: Humanum
Theme Slug:: humanum
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27985

Theme:: Hypnotherapy
Theme Slug:: hypnotherapy
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22496

Theme:: Invetex
Theme Slug:: invetex
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28031

Theme:: Jardi
Theme Slug:: jardi
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22497

Theme:: Justitia
Theme Slug:: justitia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27995

Theme:: Kayon
Theme Slug:: kayon
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28027

Theme:: Kratz
Theme Slug:: kratz
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28013

Theme:: Laurent
Theme Slug:: laurent
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22498

Theme:: Law Office
Theme Slug:: law-office
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28046

Theme:: Lella
Theme Slug:: lella
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22499

Theme:: Lingvico
Theme Slug:: lingvico
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27996

Theme:: Listify
Theme Slug:: listify
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28042

Theme:: Luxury Wine
Theme Slug:: luxury-wine
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28016

Theme:: m2 | Construction and Tools Store
Theme Slug:: m2-ce
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22500

Theme:: Manoir
Theme Slug:: manoir
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28019

Theme:: Maxify
Theme Slug:: maxify
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27997

Theme:: Meals & Wheels
Theme Slug:: meals-wheels
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27992

Theme:: Melody
Theme Slug:: melodyschool
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22510

Theme:: MoneyFlow
Theme Slug:: moneyflow
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28028

Theme:: Morning Records
Theme Slug:: morning-records
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22505

Theme:: Motorix
Theme Slug:: motorix
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28026

Theme:: Mounthood
Theme Slug:: mounthood
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22501

Theme:: Mr. Cobbler
Theme Slug:: mr-cobbler
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22502

Theme:: N7 | Golf Club Sports & Events
Theme Slug:: n7-golf-club
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28045

Theme:: Nelson
Theme Slug:: nelson
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22503

Theme:: NeoBeat
Theme Slug:: neobeat
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22511

Theme:: Nuts
Theme Slug:: nuts
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28023

Theme:: Pets Club
Theme Slug:: petclub
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22453

Theme:: Printy
Theme Slug:: printy
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28035

Theme:: Progress
Theme Slug:: progress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28034

Theme:: ProLingua
Theme Slug:: prolingua
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22504

Theme:: Prowess
Theme Slug:: prowess
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22446

Theme:: Quanzo
Theme Slug:: quanzo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27989

Theme:: Ratatouille
Theme Slug:: ratatouille
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-28036

Theme:: Roisin
Theme Slug:: roisin
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22512

Theme:: Scientia
Theme Slug:: scientia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28010

Theme:: ShiftCV
Theme Slug:: shift-cv
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28015

Theme:: Solaris
Theme Slug:: solaris
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22454

Theme:: Stargaze
Theme Slug:: stargaze
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28025

Theme:: Tediss
Theme Slug:: tediss
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27994

Theme:: The Qlean
Theme Slug:: the-qlean
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27987

Theme:: Thebe
Theme Slug:: thebe
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22455

Theme:: TheBi
Theme Slug:: thebi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22438

Theme:: Thecs
Theme Slug:: thecs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22440

Theme:: Translogic
Theme Slug:: translogic
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28014

Theme:: Triompher
Theme Slug:: triompher
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22513

Theme:: Tripgo
Theme Slug:: tripgo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27093

Theme:: Tuning
Theme Slug:: tuning
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28032

Theme:: Unica
Theme Slug:: unica
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22514

Theme:: VegaDays
Theme Slug:: vegadays
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22515

Theme:: Victo
Theme Slug:: victo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28047

Theme:: Vixus
Theme Slug:: vixus
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27998

Theme:: Wanderland
Theme Slug:: wanderland
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22457

Theme:: AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme
Theme Slug:: window-ac-services
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27326