WordPress Vulnerability Report � March 12, 2025

In this report, 143 vulnerabilities have been publicly disclosed. Security patches for 86 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 57 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8 Beta 2 is ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, you should evaluate Beta 2 on a test server and site.

WordPress Plugins � 78 Patched / 51 Unpatched

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-24654

Plugin:: Master Slider � Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11731

Plugin:: Content Control � The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More
Plugin Slug:: content-control
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11153

Plugin:: All-in-One Addons for Elementor � WidgetKit
Plugin Slug:: widgetkit-for-elementor
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10321

Plugin:: Wishlist for WooCommerce: Multi Wishlists Per Customer
Plugin Slug:: wish-list-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13774

Plugin:: SearchIQ � The Search Solution
Plugin Slug:: searchiq
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13350

Plugin:: Point Maker
Plugin Slug:: point-maker
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12815

Plugin:: Recently Purchased Products For Woo
Plugin Slug:: recently-purchased-products-for-woo
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1008

Plugin:: Allow PHP Execute
Plugin Slug:: allow-php-execute
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13890

Plugin:: Code Snippets CPT
Plugin Slug:: code-snippets-cpt
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13895

Plugin:: Contact Us By Lord Linus
Plugin Slug:: contact-us-by-lord-linus
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1382

Plugin:: CS Framework
Plugin Slug:: cs-framework
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12036

Plugin:: DesignThemes Core Features
Plugin Slug:: designthemes-core-features
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13471

Plugin:: Download HTML TinyMCE Button
Plugin Slug:: download-html-tinymce-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1286

Plugin:: URL Shortener | Conversion Tracking | AB Testing | WooCommerce
Plugin Slug:: easy-broken-link-checker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1363

Plugin:: URL Shortener | Conversion Tracking | AB Testing | WooCommerce
Plugin Slug:: easy-broken-link-checker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1362

Plugin:: WooMail
Plugin Slug:: email-customizer-for-woocommerce-with-drag-drop-builder
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13747

Plugin:: Email Keep
Plugin Slug:: email-keep
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13826

Plugin:: Email Keep
Plugin Slug:: email-keep
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13825

Plugin:: Ultimate Video Player
Plugin Slug:: fwduvp
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10804

Plugin:: I Am Gloria
Plugin Slug:: gloria-assistant-by-webtronic-labs
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0990

Plugin:: Hero Maps Premium
Plugin Slug:: hmapsprem
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13781

Plugin:: Hero Mega Menu – Responsive WordPress Menu Plugin
Plugin Slug:: hmenu
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13780

Plugin:: Hero Slider
Plugin Slug:: hslide
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13809

Plugin:: InWave Jobs
Plugin Slug:: iwjob
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-1315

Plugin:: Limit Bio
Plugin Slug:: limit-bio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1436

Plugin:: Limit Bio
Plugin Slug:: limit-bio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13884

Plugin:: Link My Posts
Plugin Slug:: linkmyposts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13881

Plugin:: mEintopf
Plugin Slug:: meintopf
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13876

Plugin:: miniOrange Social Login and Register Pro Addon
Plugin Slug:: miniorange-login-openid-pro
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11087

Plugin:: My Quota
Plugin Slug:: my-quota
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13880

Plugin:: Ninja Pages
Plugin Slug:: ninja-page-categories-and-tags
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1454

Plugin:: WP Online Contract
Plugin Slug:: onlinecontract
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0954

Plugin:: Passbeemedia Web Push Notification
Plugin Slug:: passbeemedia-web-push-notifications
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13877

Plugin:: Post Lockdown
Plugin Slug:: post-lockdown
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1504

Plugin:: Post Meta Data Manager
Plugin Slug:: post-meta-data-manager
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13835

Plugin:: WooCommerce Recover Abandoned Cart
Plugin Slug:: rac
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-0956

Plugin:: Razorpay Subscription Button Elementor Plugin
Plugin Slug:: razorpay-subscription-button-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13827

Plugin:: School Management
Plugin Slug:: school-management
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12610

Plugin:: School Management
Plugin Slug:: school-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12611

Plugin:: School Management
Plugin Slug:: school-management
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9658

Plugin:: Shortcode Cleaner Lite
Plugin Slug:: shortcode-cleaner-lite
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1481

Plugin:: Simple Notification
Plugin Slug:: simple-notification
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13866

Plugin:: SpotBot
Plugin Slug:: spotbot
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13878

Plugin:: WoWPth
Plugin Slug:: wowpth
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1486

Plugin:: WordPress Awesome Import & Export Plugin – Import & Export WordPress Data
Plugin Slug:: wp-awesome-import-export
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13232

Plugin:: WP Click Info
Plugin Slug:: wp-click-info
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1401

Plugin:: WP e-Customers Beta
Plugin Slug:: wp-e-customers
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13885

Plugin:: WP-PManager
Plugin Slug:: wp-programmmanager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13875

Plugin:: WP Real Estate Manager
Plugin Slug:: wp-realestate-manager
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-1515

Plugin:: Years Since
Plugin Slug:: years-since
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12460

Plugin:: PixelYourSite � Your smart PIXEL (TAG) & API Manager
Plugin Slug:: pixelyoursite
Installations: 500,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 10.1.1.2
Severity Score:: Critical
CVE:: 2025-0769

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.4
Severity Score:: Medium
CVE:: 2025-0370

Plugin:: Post SMTP � WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications � Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.1.3
Severity Score:: High
CVE:: 2024-13844

Plugin:: Page Builder: Pagelayer � Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.9
Severity Score:: Medium
CVE:: 2025-1926

Plugin:: Ultimate Member � User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.10.1
Severity Score:: Critical
CVE:: 2025-1702

Plugin:: WP Activity Log
Plugin Slug:: wp-security-audit-log
Installations: 200,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.3.3
Severity Score:: High
CVE:: 2025-0767

Plugin:: Admin and Site Enhancements (ASE)
Plugin Slug:: admin-site-enhancements
Installations: 100,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 7.6.10
Severity Score:: Medium
CVE:: 2024-13685

Plugin:: bbPress
Plugin Slug:: bbpress
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.12
Severity Score:: Medium
CVE:: 2025-1435

Plugin:: Cookie banner plugin for WordPress � Cookiebot CMP by Usercentrics
Plugin Slug:: cookiebot
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.2
Severity Score:: Medium
CVE:: 2025-1666

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.3.07
Severity Score:: Medium
CVE:: 2024-13126

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2025-1664

Plugin:: Advanced File Manager � Ultimate WordPress File Manager and Document Library Plugin
Plugin Slug:: file-manager-advanced
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.0
Severity Score:: Medium
CVE:: 2024-13805

Plugin:: FooGallery � Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.4.30
Severity Score:: Medium
CVE:: 2024-12114

Plugin:: FooGallery � Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.30
Severity Score:: Medium
CVE:: 2024-12119

Plugin:: FooGallery � Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.30
Severity Score:: High
CVE:: 2025-22624

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.20.0
Severity Score:: Critical
CVE:: 2025-0912

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 12.4.06
Severity Score:: High
CVE:: 2025-1768

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.2.3
Severity Score:: Medium
CVE:: 2025-1287

Plugin:: VK Blocks
Plugin Slug:: vk-blocks
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.95.0.3
Severity Score:: Medium
CVE:: 2024-13635

Plugin:: HUSKY � Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.6.6
Severity Score:: High
CVE:: 2025-1661

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3
Severity Score:: Medium
CVE:: 2025-1261

Plugin:: Appointment Booking Calendar � Simply Schedule Appointments Booking Plugin
Plugin Slug:: simply-schedule-appointments
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8.5
Severity Score:: High
CVE:: 2024-13431

Plugin:: Master Addons � Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Plugin Slug:: master-addons
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.7.3
Severity Score:: Medium
CVE:: 2024-9618

Plugin:: Master Addons � Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Plugin Slug:: master-addons
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.7.2
Severity Score:: Medium
CVE:: 2025-0433

Plugin:: Print Invoice & Delivery Notes for WooCommerce
Plugin Slug:: woocommerce-delivery-notes
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-13640

Plugin:: Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors
Plugin Slug:: publishpress-authors
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.7.4
Severity Score:: High
CVE:: 2025-26886

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-10326

Plugin:: 140+ Widgets | Xpro Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.6.8
Severity Score:: Medium
CVE:: 2024-13649

Plugin:: Gallery by BestWebSoft � Customizable Image and Photo Galleries for WordPress
Plugin Slug:: gallery-plugin
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.7.4
Severity Score:: High
CVE:: 2024-13906

Plugin:: Qubely � Advanced Gutenberg Blocks
Plugin Slug:: qubely
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.14
Severity Score:: Medium
CVE:: 2024-13228

Plugin:: SupportCandy � Helpdesk & Customer Support Ticket System
Plugin Slug:: supportcandy
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2024-13552

Plugin:: UiPress lite | Effortless custom dashboards, admin themes and pages
Plugin Slug:: uipress-lite
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.05
Severity Score:: High
CVE:: 2025-1309

Plugin:: WPGet API � Connect to any external REST API
Plugin Slug:: wpgetapi
Installations: 10,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.25.1
Severity Score:: Medium
CVE:: 2024-13857

Plugin:: Notibar � Notification Bar for WordPress
Plugin Slug:: notibar
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2025-1672

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.7.4
Severity Score:: Medium
CVE:: 2024-13526

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.3
Severity Score:: Medium
CVE:: 2025-1383

Plugin:: Product Input Fields for WooCommerce
Plugin Slug:: product-input-fields-for-woocommerce
Installations: 5,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.12.2
Severity Score:: High
CVE:: 2024-13359

Plugin:: Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins
Plugin Slug:: related-post
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.60
Severity Score:: High
CVE:: 2024-12634

Plugin:: VikRentCar Car Rental Management System
Plugin Slug:: vikrentcar
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.4.3
Severity Score:: High
CVE:: 2024-11640

Plugin:: WP Posts Carousel
Plugin Slug:: wp-posts-carousel
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2025-1491

Plugin:: Moving Media Library
Plugin Slug:: moving-media-library
Installations: 3,000+
Vulnerability:: Directory Traversal
Patched in Version:: 1.23
Severity Score:: Medium
CVE:: 2024-13897

Plugin:: Wallet System for WooCommerce
Plugin Slug:: wallet-system-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2024-13682

Plugin:: Wallet System for WooCommerce
Plugin Slug:: wallet-system-for-woocommerce
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2024-13724

Plugin:: SMTP by BestWebSoft
Plugin Slug:: bws-smtp
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.2.0
Severity Score:: High
CVE:: 2024-13908

Plugin:: Eventer
Plugin Slug:: eventer
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.9.3
Severity Score:: High
CVE:: 2025-0959

Plugin:: teachPress
Plugin Slug:: teachpress
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 9.0.8
Severity Score:: High
CVE:: 2025-1321

Plugin:: WP-Recall � Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 16.26.12
Severity Score:: Medium
CVE:: 2025-1322

Plugin:: WP-Recall � Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 16.26.12
Severity Score:: Critical
CVE:: 2025-1323

Plugin:: WP-Recall � Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 16.26.12
Severity Score:: Medium
CVE:: 2025-1325

Plugin:: WP-Recall � Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 16.26.12
Severity Score:: Medium
CVE:: 2025-1324

Plugin:: WPCOM Member
Plugin Slug:: wpcom-member
Installations: 2,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.7.6
Severity Score:: Critical
CVE:: 2025-1475

Plugin:: Spreadsheet Integration � Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table.
Plugin Slug:: wpgsi
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.3
Severity Score:: Medium
CVE:: 2025-1463

Plugin:: WPCS � WordPress Currency Switcher Professional
Plugin Slug:: currency-switcher
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 1.2.0.5
Severity Score:: High
CVE:: 2025-2169

Plugin:: Flexmls� IDX Plugin
Plugin Slug:: flexmls-idx
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.29
Severity Score:: Medium
CVE:: 2025-0863

Plugin:: Greek Multi Tool � Fix peralinks, accents, auto create menus and more
Plugin Slug:: greek-multi-tool
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.2
Severity Score:: High

Plugin:: Simple Download Counter
Plugin Slug:: simple-download-counter
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2025-1730

Plugin:: Solace Extra
Plugin Slug:: solace-extra
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.1
Severity Score:: High

Plugin:: Ultimate WordPress Auction Plugin
Plugin Slug:: ultimate-auction
Installations: 1,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 4.3.0
Severity Score:: High
CVE:: 2025-0958

Plugin:: m1.DownloadList
Plugin Slug:: m1downloadlist
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.20
Severity Score:: Medium
CVE:: 2025-26895

Plugin:: WordPress abandoned cart recovery and email marketing for WooCommerce by Recapture
Plugin Slug:: recapture-for-woocommerce
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.44
Severity Score:: Medium
CVE:: 2025-26899