WordPress Vulnerability Report � March 4, 2026

In this report, 281 vulnerabilities have been publicly disclosed. Security patches for 56 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Currently, 225 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 7.0 Beta 2 is now available for testing. As this is a pre-release version, it is intended for testing and development only and should not be installed on production or mission-critical sites. Organizations should use local or staging environments to evaluate compatibility and new features before the final rollout.

The full release of WordPress 7.0 is currently scheduled for April 9, 2026. You can find the complete release schedule and technical testing details in the official announcement.

WordPress Plugins � 50 Patched / 58 Unpatched

Plugin:: W3 Total Cache
Plugin Slug:: w3-total-cache
Installations: 900,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27384

Plugin:: Royal Addons for Elementor � Addons and Templates Kit for Elementor
Plugin Slug:: royal-elementor-addons
Installations: 600,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28135

Plugin:: SiteGuard WP Plugin
Plugin Slug:: siteguard
Installations: 600,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-27411

Plugin:: Widget Options � Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27984

Plugin:: NextScripts: Social Networks Auto-Poster
Plugin Slug:: social-networks-auto-poster-facebook-twitter-g
Installations: 30,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27379

Plugin:: Tablesome Table � Contact Form DB � WPForms, CF7, Gravity, Forminator, Fluent
Plugin Slug:: tablesome
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27373

Plugin:: Builderall for WordPress
Plugin Slug:: builderall-cheetah-for-wp
Installations: 1,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-22390

Plugin:: Directory Listings WordPress plugin � uListing
Plugin Slug:: ulisting
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-28078

Plugin:: Filr � Secure document library
Plugin Slug:: filr-protection
Installations: 800+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28133

Plugin:: Scientific and Interactive Blocks � inseri core
Plugin Slug:: inseri-core
Installations: 80+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-27344

Plugin:: Site Suggest
Plugin Slug:: site-suggest
Installations: 30+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-28104

Plugin:: Super Stage WP
Plugin Slug:: super-stage-wp
Installations: 10+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-1542

Plugin:: WP Attractive Donations System – Easy Stripe & Paypal donations
Plugin Slug:: WP_AttractiveDonationsSystem
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-28115

Plugin:: AllInOne – Banner Rotator
Plugin Slug:: all-in-one-bannerRotator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28112

Plugin:: LambertGroup – AllInOne – Banner with Playlist
Plugin Slug:: all-in-one-bannerWithPlaylist
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28110

Plugin:: LambertGroup – AllInOne – Content Slider
Plugin Slug:: all-in-one-contentSlider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28109

Plugin:: LambertGroup – AllInOne – Banner with Thumbnails
Plugin Slug:: all-in-one-thumbnailsBanner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28108

Plugin:: Awa Plugins
Plugin Slug:: awa-plugins
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27359

Plugin:: Cost Calculator Pro
Plugin Slug:: cost-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-2506

Plugin:: Custom Logo
Plugin Slug:: custom-logo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-2499

Plugin:: DesignThemes Booking Manager
Plugin Slug:: designthemes-booking-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27388

Plugin:: DesignThemes Directory Addon
Plugin Slug:: designthemes-directory-addon
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27386

Plugin:: DesignThemes Portfolio
Plugin Slug:: designthemes-portfolio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27385

Plugin:: Directory Pro
Plugin Slug:: directory-pro
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27396

Plugin:: Eagle Booking
Plugin Slug:: eagle-booking
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27428

Plugin:: Easy Author Image
Plugin Slug:: easy-author-image
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1373

Plugin:: Electric Enquiries
Plugin Slug:: electric-enquiries
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-14142

Plugin:: EventON
Plugin Slug:: eventon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28037

Plugin:: Ultimate Learning Pro
Plugin Slug:: indeed-learning-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28113

Plugin:: iXML
Plugin Slug:: ixml
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-14076

Plugin:: Lawyer Directory
Plugin Slug:: lawyer-directory
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28127

Plugin:: LBG Zoominoutslider
Plugin Slug:: lbg_zoominoutslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28103

Plugin:: ListingPro
Plugin Slug:: listingpro-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28122

Plugin:: LMS Elementor Pro
Plugin Slug:: lms-elementor-pro
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27983

Plugin:: OVRI Payment
Plugin Slug:: moneytigo
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10938

Plugin:: Profile Builder Pro
Plugin Slug:: profile-builder-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27413

Plugin:: Responsive Posts Carousel Pro
Plugin Slug:: responsive-posts-carousel-pro
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27361

Plugin:: RH Frontend Publishing Pro
Plugin Slug:: rh-frontend
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28126

Plugin:: Rise Blocks
Plugin Slug:: rise-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1614

Plugin:: TP2WP Importer
Plugin Slug:: tp2wp-importer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-2489

Plugin:: UberSlider Classic
Plugin Slug:: uberSlider_classic
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28102

Plugin:: UberSlider MouseInteraction
Plugin Slug:: uberSlider_mouseinteraction
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28101

Plugin:: UberSlider PerpetuumMobile
Plugin Slug:: uberSlider_perpetuummobile
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28100

Plugin:: UberSlider Ultra
Plugin Slug:: uberSlider_ultra
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28099

Plugin:: Ultimate Addons for WPBakery Page Builder
Plugin Slug:: ultimate_vc_addons
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-28038

Plugin:: WP Bakery Autoresponder Addon
Plugin Slug:: vc-autoresponder-addon
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-27362

Plugin:: WP Bakery Autoresponder Addon
Plugin Slug:: vc-autoresponder-addon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27363

Plugin:: WeDesignTech Ultimate Booking Addon
Plugin Slug:: wedesigntech-ultimate-booking-addon
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27389

Plugin:: WeDesignTech Ultimate Booking Addon
Plugin Slug:: wedesigntech-ultimate-booking-addon
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27390

Plugin:: WooCommerce Coming Soon Product with Countdown
Plugin Slug:: woo-coming-soon-product
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-27354

Plugin:: WooCommerce Order Details
Plugin Slug:: woocommerce-order-details
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27374

Plugin:: Worry Proof Backup
Plugin Slug:: worry-proof-backup
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1311

Plugin:: WP Ad Guru
Plugin Slug:: wp-ad-guru
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12411

Plugin:: Conditional CAPTCHA
Plugin Slug:: wp-conditional-captcha
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-1369

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28073

Plugin:: WP Responsive Images
Plugin Slug:: wp-responsive-images
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-1557

Plugin:: WP Social Meta
Plugin Slug:: wp-social-meta
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-2498

Plugin:: xmlrpc attacks blocker
Plugin Slug:: xmlrpc-attacks-blocker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-2502

Plugin:: ElementsKit Elementor Addons � Advanced Widgets & Templates Addons for Elementor
Plugin Slug:: elementskit-lite
Installations: 2,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.9
Severity Score:: Medium
CVE:: 2026-23693

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.15.16.1
Severity Score:: Medium
CVE:: 2026-2694

Plugin:: Page Builder by SiteOrigin
Plugin Slug:: siteorigin-panels
Installations: 500,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.34.0
Severity Score:: High
CVE:: 2026-2448

Plugin:: Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button � Chaty
Plugin Slug:: chaty
Installations: 400,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.5.2
Severity Score:: High
CVE:: 2026-27370

Plugin:: WP Mail Logging
Plugin Slug:: wp-mail-logging
Installations: 300,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.16
Severity Score:: Critical
CVE:: 2026-2471

Plugin:: Post Duplicator
Plugin Slug:: post-duplicator
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.9
Severity Score:: Medium
CVE:: 2026-2301

Plugin:: AI Engine � The Chatbot, AI Framework & MCP for WordPress
Plugin Slug:: ai-engine
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.3.3
Severity Score:: Critical
CVE:: 2026-23802

Plugin:: Disable Admin Notices � Hide Dashboard Notifications
Plugin Slug:: disable-admin-notices
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2026-2410

Plugin:: LatePoint � Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.2.8
Severity Score:: High
CVE:: 2026-1487

Plugin:: Responsive Lightbox & Gallery
Plugin Slug:: responsive-lightbox
Installations: 100,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2026-2479

Plugin:: Responsive Lightbox & Gallery
Plugin Slug:: responsive-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2025-15386

Plugin:: The Plus Addons for Elementor � Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.4.8
Severity Score:: Medium
CVE:: 2026-2385

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.7
Severity Score:: Critical
CVE:: 2025-13673

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.6
Severity Score:: Medium
CVE:: 2026-23799

Plugin:: User Registration & Membership � Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Broken Authentication
Patched in Version:: 5.1.3
Severity Score:: High
CVE:: 2026-1779

Plugin:: User Registration & Membership � Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2026-2356

Plugin:: WP Accessibility
Plugin Slug:: wp-accessibility
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2026-2362

Plugin:: Uncanny Automator � Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Plugin Slug:: uncanny-automator
Installations: 50,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.1.0
Severity Score:: High
CVE:: 2026-2269

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 10.3.3
Severity Score:: Medium
CVE:: 2026-1558

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.3.0
Severity Score:: Medium
CVE:: 2025-14742

Plugin:: Simple Membership
Plugin Slug:: simple-membership
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.7.1
Severity Score:: Medium
CVE:: 2026-1461

Plugin:: Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
Plugin Slug:: wp-simple-firewall
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 21.0.10
Severity Score:: High
CVE:: 2026-0561

Plugin:: PowerPress Podcasting plugin by Blubrry
Plugin Slug:: powerpress
Installations: 30,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 11.15.11
Severity Score:: High
CVE:: 2026-23798

Plugin:: Xpro Addons � 140+ Widgets for Elementor
Plugin Slug:: xpro-elementor-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.25
Severity Score:: Medium
CVE:: 2025-14149

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.2
Severity Score:: Medium
CVE:: 2026-2367

Plugin:: Simple Download Monitor
Plugin Slug:: simple-download-monitor
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.6
Severity Score:: Medium
CVE:: 2026-2383

Plugin:: WP Customer Reviews
Plugin Slug:: wp-customer-reviews
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.6
Severity Score:: High
CVE:: 2025-14452

Plugin:: User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration
Plugin Slug:: wp-user-frontend
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.2.9
Severity Score:: High
CVE:: 2026-1565

Plugin:: WPZOOM Addons for Elementor � Starter Templates & Widgets
Plugin Slug:: wpzoom-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: High
CVE:: 2026-2295

Plugin:: Advanced Woo Labels � Product Labels & Badges for WooCommerce
Plugin Slug:: advanced-woo-labels
Installations: 10,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.37
Severity Score:: High
CVE:: 2026-1929

Plugin:: Classified Listing � AI-Powered Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.3.5
Severity Score:: Medium
CVE:: 2026-23546

Plugin:: Japanized for WooCommerce
Plugin Slug:: woocommerce-for-japan
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.5
Severity Score:: Medium
CVE:: 2026-1305

Plugin:: Analytics Cat � Google Analytics Made Easy
Plugin Slug:: analytics-cat
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2024-12072

Plugin:: Geo Mashup
Plugin Slug:: geo-mashup
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.13.18
Severity Score:: Critical
CVE:: 2026-2416

Plugin:: WPGSI: Spreadsheet Integration
Plugin Slug:: wpgsi
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.4
Severity Score:: High
CVE:: 2026-1916

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8002
Severity Score:: High
CVE:: 2024-12262

Plugin:: My Tickets � Accessible Event Ticketing
Plugin Slug:: my-tickets
Installations: 700+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.1
Severity Score:: High
CVE:: 2026-27406

Plugin:: Theater for WordPress
Plugin Slug:: theatre
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.19.1
Severity Score:: Medium
CVE:: 2025-69343

Plugin:: AI ChatBot with ChatGPT and Content Generator by AYS
Plugin Slug:: ays-chatgpt-assistant
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2026-1336

Plugin:: MailArchiver
Plugin Slug:: mailarchiver
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 4.5.1
Severity Score:: High
CVE:: 2026-2831

Plugin:: PKT1 Centro de envios
Plugin Slug:: pkt1-centro-de-envios
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2024-11806

Plugin:: Planaday API
Plugin Slug:: planaday-api
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.5
Severity Score:: High
CVE:: 2024-11804

Plugin:: Fluent Forms Pro Add On Pack
Plugin Slug:: fluentformpro
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.18
Severity Score:: High
CVE:: 2026-2428

Plugin:: WooCommerce License Manager
Plugin Slug:: fs-license-manager
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.0.7
Severity Score:: Critical
CVE:: 2026-28114

Plugin:: JetEngine
Plugin Slug:: jet-engine
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.8.1.2
Severity Score:: High
CVE:: 2026-28134

Plugin:: pixfort Core
Plugin Slug:: pixfort-core
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.26
Severity Score:: Medium
CVE:: 2026-28071

Plugin:: pixfort Core
Plugin Slug:: pixfort-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.26
Severity Score:: High
CVE:: 2026-28072

Plugin:: Really Simple Security Pro
Plugin Slug:: really-simple-ssl-pro
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 9.5.4.1
Severity Score:: Medium
CVE:: 2026-27397

Plugin:: Riode Core
Plugin Slug:: riode-core
Vulnerability:: SQL Injection
Patched in Version:: 1.6.27
Severity Score:: Critical
CVE:: 2025-69338

Plugin:: WeDesignTech Ultimate Booking Addon
Plugin Slug:: wedesigntech-ultimate-booking-addon
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.4
Severity Score:: High
CVE:: 2025-69340

WordPress Themes � 6 Patched / 167 Unpatched

Theme:: Nirvana
Theme Slug:: nirvana
Downloads: 773,853
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28119

Theme:: OsTende
Theme Slug:: ostende
Downloads: 8,315
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27986

Theme:: Alchemists
Theme Slug:: alchemists
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27334

Theme:: Aldo
Theme Slug:: aldo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27993

Theme:: Alliance
Theme Slug:: alliance
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22443

Theme:: Anderson
Theme Slug:: andersonclinic
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28121

Theme:: Aora
Theme Slug:: aora
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27381

Theme:: Apollo | Night Club, DJ Event WordPress Theme
Theme Slug:: apollo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27340

Theme:: Aqualots
Theme Slug:: aqualots
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28088

Theme:: Architecturer
Theme Slug:: architecturer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27358

Theme:: Artrium
Theme Slug:: artrium
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28097

Theme:: Asia Garden
Theme Slug:: asia-garden
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28063

Theme:: Aviana
Theme Slug:: aviana
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22387

Theme:: Avventure
Theme Slug:: avventure
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27991

Theme:: Bassein
Theme Slug:: bassein
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28067

Theme:: Bazinga
Theme Slug:: bazinga
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28084

Theme:: Beacon
Theme Slug:: beacon
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28050

Theme:: Bonbon
Theme Slug:: bonbon
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28030

Theme:: Buzz Stone | Magazine & Viral Blog WordPress Theme
Theme Slug:: buzzstone
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27339

Theme:: Celeste
Theme Slug:: celeste
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27369

Theme:: Miller
Theme Slug:: christine-miller
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28053

Theme:: Chroma
Theme Slug:: chroma
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28020

Theme:: Chronicle – Lifestyle Magazine & Blog WordPress Theme
Theme Slug:: chronicle
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27337

Theme:: Claue – Clean, Minimal Elementor WooCommerce Theme
Theme Slug:: claue
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27376

Theme:: CloudMe
Theme Slug:: cloudme
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22433

Theme:: Cocco
Theme Slug:: cocco
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22389

Theme:: Coinpress
Theme Slug:: coinpress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28007

Theme:: Coleo
Theme Slug:: coleo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28091

Theme:: ConFix
Theme Slug:: confix
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27990

Theme:: Conquerors
Theme Slug:: conquerors
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28079

Theme:: Consultor | Consulting, Accounting & Legal Counsel WordPress Theme
Theme Slug:: consultor
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27336

Theme:: Cortex
Theme Slug:: cortex
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22392

Theme:: Craftis
Theme Slug:: craftis
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28021

Theme:: Crown Art
Theme Slug:: crown-art
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22434

Theme:: Daiquiri
Theme Slug:: daiquiri
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28089

Theme:: Dentario
Theme Slug:: dentario
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27439

Theme:: Dermatology Clinic
Theme Slug:: dermatology-clinic
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28059

Theme:: Dixon
Theme Slug:: dixon
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28058

Theme:: Dolcino
Theme Slug:: dolcino
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22410

Theme:: Dr.Patterson
Theme Slug:: dr-patterson
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28120

Theme:: DroneX
Theme Slug:: dronex
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28009

Theme:: Edge Decor
Theme Slug:: edge-decor
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28064

Theme:: Edifice
Theme Slug:: edifice
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28033

Theme:: Eject
Theme Slug:: eject
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28065

Theme:: Ekoterra – NonProfit, Green Energy & Ecology Theme
Theme Slug:: ekoterra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27335

Theme:: ElectroServ
Theme Slug:: electroserv
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22435

Theme:: EmojiNation
Theme Slug:: emojination
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28029

Theme:: Eona
Theme Slug:: eona
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22412

Theme:: Equadio
Theme Slug:: equadio
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27988

Theme:: Evently
Theme Slug:: evently
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22394

Theme:: Filmax
Theme Slug:: filmax
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28087

Theme:: Fiorello
Theme Slug:: fiorello
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22395

Theme:: FixTeam
Theme Slug:: fixteam
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22416

Theme:: FlashMart
Theme Slug:: flashmart
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28048

Theme:: Fleur
Theme Slug:: fleur
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22397

Theme:: Foodie
Theme Slug:: foodie
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28022

Theme:: Gamezone
Theme Slug:: gamezone
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28090

Theme:: Gecko
Theme Slug:: gecko
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27375

Theme:: Global Logistics
Theme Slug:: globallogistics
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28018

Theme:: Good Energy
Theme Slug:: goodenergy
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-28105

Theme:: GoTravel
Theme Slug:: gotravel
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22427

Theme:: Grand News
Theme Slug:: grandnews
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27353

Theme:: Great Lotus
Theme Slug:: great-lotus
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22418

Theme:: Green Planet
Theme Slug:: green-planet
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22439

Theme:: Green Thumb
Theme Slug:: greenthumb
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28017

Theme:: Gridiron
Theme Slug:: gridiron
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28012

Theme:: Grit
Theme Slug:: grit
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28041

Theme:: Guff
Theme Slug:: guff
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28076

Theme:: Happy Baby
Theme Slug:: happy-baby
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28062

Theme:: Healer – Doctor, Clinic & Medical WordPress Theme
Theme Slug:: healer
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-28043

Theme:: Helion
Theme Slug:: helion
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28024

Theme:: Helvig
Theme Slug:: helvig
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22436

Theme:: Holmes
Theme Slug:: holmes
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22399

Theme:: Honor
Theme Slug:: honor
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22419

Theme:: Horizon
Theme Slug:: horizon
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22420

Theme:: Humanum
Theme Slug:: humanum
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27985

Theme:: Innovio
Theme Slug:: innovio
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22403

Theme:: Invetex
Theme Slug:: invetex
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28031

Theme:: Justicia
Theme Slug:: justicia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22408

Theme:: Justitia
Theme Slug:: justitia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27995

Theme:: Kayon
Theme Slug:: kayon
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28027

Theme:: Kingler
Theme Slug:: kingler
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27438

Theme:: Kratz
Theme Slug:: kratz
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28013

Theme:: Law Office
Theme Slug:: law-office
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28046

Theme:: Legal Stone
Theme Slug:: legal-stone
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28054

Theme:: Legrand
Theme Slug:: legrand
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28066

Theme:: Le Truffe
Theme Slug:: letruffe
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28069

Theme:: Lingvico
Theme Slug:: lingvico
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27996

Theme:: Listify
Theme Slug:: listify
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28042

Theme:: Little Birdies
Theme Slug:: little-birdies
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28129

Theme:: Luxury Wine
Theme Slug:: luxury-wine
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28016

Theme:: Mahogany
Theme Slug:: mahogany
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28085

Theme:: Malgr�
Theme Slug:: malgre
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22413

Theme:: Mandala
Theme Slug:: mandala
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28057

Theme:: Manoir
Theme Slug:: manoir
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28019

Theme:: Marcell
Theme Slug:: marcell
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28095

Theme:: Marra
Theme Slug:: marra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22414

Theme:: Maxify
Theme Slug:: maxify
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27997

Theme:: MCKinney’s Politics
Theme Slug:: mckinney-politics
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28056

Theme:: Meals & Wheels
Theme Slug:: meals-wheels
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27992

Theme:: MediCenter – Health Medical Clinic
Theme Slug:: medicenter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28137

Theme:: Metro
Theme Slug:: metro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27382

Theme:: Metro
Theme Slug:: metro
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27383

Theme:: Midi
Theme Slug:: midi
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28125

Theme:: MoneyFlow
Theme Slug:: moneyflow
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28028

Theme:: Motorix
Theme Slug:: motorix
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28026

Theme:: Musico
Theme Slug:: musico
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27367

Theme:: Muzicon
Theme Slug:: muzicon
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28107

Theme:: N7 | Golf Club Sports & Events
Theme Slug:: n7-golf-club
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28045

Theme:: Notarius
Theme Slug:: notarius
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28124

Theme:: Nuts
Theme Slug:: nuts
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28023

Theme:: Overton
Theme Slug:: overton
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22405

Theme:: Ozisti
Theme Slug:: ozisti
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28093

Theme:: Peter Mason
Theme Slug:: petermason
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28052

Theme:: Photography
Theme Slug:: photography
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27348

Theme:: Pizza House
Theme Slug:: pizzahouse
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-28074

Theme:: Playa
Theme Slug:: playa
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22437

Theme:: Police Department
Theme Slug:: police-department
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28049

Theme:: Porto
Theme Slug:: porto
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28075

Theme:: Printy
Theme Slug:: printy
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28035

Theme:: Progress
Theme Slug:: progress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28034

Theme:: Quantum
Theme Slug:: quantum
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22421

Theme:: Quanzo
Theme Slug:: quanzo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27989

Theme:: Ratatouille
Theme Slug:: ratatouille
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2026-28036

Theme:: RexCoin
Theme Slug:: rexcoin
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28094

Theme:: Rhythmo
Theme Slug:: rhythmo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28068

Theme:: Run Gran
Theme Slug:: run-gran
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28086

Theme:: Save Life
Theme Slug:: save-life
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28098

Theme:: Scientia
Theme Slug:: scientia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28010

Theme:: SetSail
Theme Slug:: setsail
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22423

Theme:: Shaha
Theme Slug:: shaha
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22424

Theme:: ShiftCV
Theme Slug:: shift-cv
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28015

Theme:: smart SEO
Theme Slug:: smartSEO
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28117

Theme:: Sounder
Theme Slug:: sounder
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28092

Theme:: Stargaze
Theme Slug:: stargaze
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28025

Theme:: Starto
Theme Slug:: starto
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27352

Theme:: S.King
Theme Slug:: stephanie-king
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28060

Theme:: Sweet Jane
Theme Slug:: sweetjane
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22425

Theme:: Tediss
Theme Slug:: tediss
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27994

Theme:: Tennis Club
Theme Slug:: tennis-sportclub
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2026-27437

Theme:: The Mounty
Theme Slug:: the-mounty
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22415

Theme:: The Qlean
Theme Slug:: the-qlean
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27987

Theme:: Tiger Claw
Theme Slug:: tiger-claw
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28061

Theme:: Tooth Fairy
Theme Slug:: tooth-fairy
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22428

Theme:: TopFit – Fitness and Gym WordPress Theme
Theme Slug:: topfit
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27342

Theme:: TopScorer – Sports WordPress Theme
Theme Slug:: topscorer
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27341

Theme:: Translogic
Theme Slug:: translogic
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28014

Theme:: Tribe
Theme Slug:: tribe
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22442

Theme:: Tuning
Theme Slug:: tuning
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28032

Theme:: UDesign
Theme Slug:: u-design
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28130

Theme:: Vapester
Theme Slug:: vapester
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28077

Theme:: Veil
Theme Slug:: veil
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28123

Theme:: Verdure
Theme Slug:: verdure
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22429

Theme:: Verse
Theme Slug:: verse
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28128

Theme:: Victo
Theme Slug:: victo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28047

Theme:: Vixus
Theme Slug:: vixus
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-27998

Theme:: Wabi-Sabi
Theme Slug:: wabi-sabi
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22431

Theme:: WealthCo
Theme Slug:: wealthco
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28096

Theme:: Welldone
Theme Slug:: welldone
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28118

Theme:: M.Williamson
Theme Slug:: williamson
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28055

Theme:: Windsor
Theme Slug:: windsor
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28081

Theme:: Wolmart
Theme Slug:: wolmart
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22385

Theme:: Woopy
Theme Slug:: woopy
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22432

Theme:: Yacht Rental
Theme Slug:: yacht-rental
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28051

Theme:: Yottis
Theme Slug:: yottis
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28011

Theme:: Yungen
Theme Slug:: yungen
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-28006

Theme:: Zentrum
Theme Slug:: zentrum
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2026-22441

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 6,306,227
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.31
Severity Score:: Medium
CVE:: 2026-2583

Theme:: Automotive Car Dealership Business
Theme Slug:: automotive
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 13.4.2
Severity Score:: Medium
CVE:: 2025-14040

Theme:: Listee
Theme Slug:: listee
Vulnerability:: Privilege Escalation
Patched in Version:: 1.1.7
Severity Score:: Critical
CVE:: 2025-12981

Theme:: Molla
Theme Slug:: molla
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.17
Severity Score:: High
CVE:: 2025-69339

Theme:: Sweet Date
Theme Slug:: sweetdate
Vulnerability:: PHP Object Injection
Patched in Version:: 4.0.1
Severity Score:: Critical
CVE:: 2026-27417

Theme:: The Issue
Theme Slug:: theissue
Vulnerability:: Local File Inclusion
Patched in Version:: 1.6.12
Severity Score:: High
CVE:: 2026-23801