WordPress Vulnerability Report � March 5, 2025

In this report, 209 vulnerabilities have been publicly disclosed. Security patches for 104 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 105 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8 Beta 1 is available for download and testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, set up a test environment or a local site to explore the new features.

WordPress Plugins � 93 Patched / 104 Unpatched

Plugin:: FooGallery � Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel
Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22624

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-24654

Plugin:: Ibtana � WordPress Website Builder
Plugin Slug:: ibtana-visual-editor
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26891

Plugin:: Fluent Support � Helpdesk & Customer Support Ticket System
Plugin Slug:: fluent-support
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13568

Plugin:: Age Verification for your checkout page. Verify your customer’s identity
Plugin Slug:: agecheckernet
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22622

Plugin:: 1 click passwordless login, temporary login, social login & user switching � Login Me Now
Plugin Slug:: login-me-now
Installations: 400+
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1717

Plugin:: Forex Calculators
Plugin Slug:: fx-calculators
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13716

Plugin:: PiwigoPress
Plugin Slug:: piwigopress
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26896

Plugin:: List Related Attachments
Plugin Slug:: list-related-attachments-widget
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26897

Plugin:: URL Media Uploader
Plugin Slug:: url-media-uploader
Installations: 100+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1662

Plugin:: WHMCS Client Area for WordPress by WHMpress
Plugin Slug:: WHMpress_Client_Area_Api
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9195

Plugin:: Add Linked Images To Gallery
Plugin Slug:: add-linked-images-to-gallery-v01
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27277

Plugin:: ADFO
Plugin Slug:: admin-form
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27300

Plugin:: Admin Menu Manager
Plugin Slug:: admin-menu-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26925

Plugin:: All-In-One Cufon
Plugin Slug:: all-in-one-cufon
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27315

Plugin:: Archive Page
Plugin Slug:: archive-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27280

Plugin:: Ark Theme Core
Plugin Slug:: ark-core
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26970

Plugin:: Auto Tag Links
Plugin Slug:: auto-tag-links
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27335

Plugin:: Blightly Explorer
Plugin Slug:: blighty-explorer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27321

Plugin:: Booknetic
Plugin Slug:: booknetic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26926

Plugin:: Bravo Search & Replace
Plugin Slug:: bravo-search-and-replace
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27297

Plugin:: Bulk Content Creator
Plugin Slug:: bulk-content-creator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27311

Plugin:: Clicface Trombi
Plugin Slug:: clicface-trombi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0820

Plugin:: Contact Form 7 Star Rating
Plugin Slug:: contact-form-7-star-rating
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27303

Plugin:: Contact Form 7 Star Rating with font Awesome
Plugin Slug:: contact-form-7-star-rating-with-font-awersome
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27304

Plugin:: Currency Switcher for WooCommerce
Plugin Slug:: currency-switcher-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9217

Plugin:: Download HTML TinyMCE Button
Plugin Slug:: download-html-tinymce-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1286

Plugin:: URL Shortener | Conversion Tracking | AB Testing | WooCommerce
Plugin Slug:: easy-broken-link-checker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1363

Plugin:: URL Shortener | Conversion Tracking | AB Testing | WooCommerce
Plugin Slug:: easy-broken-link-checker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1362

Plugin:: Erima Zarinpal Donate
Plugin Slug:: erima-zarinpal-donate
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27290

Plugin:: F12-Profiler
Plugin Slug:: f12-profiler
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27340

Plugin:: Fresh Framework
Plugin Slug:: fresh-framework
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26936

Plugin:: FS Poster
Plugin Slug:: fs-poster
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26978

Plugin:: Google Maps for WordPress
Plugin Slug:: google-maps-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27265

Plugin:: Hover Image Button
Plugin Slug:: hover-image-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27266

Plugin:: EZ InLinkz linkup
Plugin Slug:: inlinkz-scripter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27329

Plugin:: Just Variables
Plugin Slug:: just-wp-variables
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27336

Plugin:: Limit Bio
Plugin Slug:: limit-bio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1436

Plugin:: Limit Bio
Plugin Slug:: limit-bio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13884

Plugin:: Link My Posts
Plugin Slug:: linkmyposts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13881

Plugin:: Phee’s LinkPreview
Plugin Slug:: linkpreview
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27344

Plugin:: Local Search SEO Contact Page
Plugin Slug:: local-search-seo-contact-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27351

Plugin:: Woocommerce � Loi Hamon
Plugin Slug:: loi-hamon
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27355

Plugin:: mEintopf
Plugin Slug:: meintopf
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13876

Plugin:: Minimum Password Strength
Plugin Slug:: minimum-password-strength
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27339

Plugin:: Modal Portfolio
Plugin Slug:: modal-portfolio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13851

Plugin:: Multilevel Referral Affiliate Plugin for WooCommerce
Plugin Slug:: multilevel-referral-plugin-for-woocommerce
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13750

Plugin:: My Quota
Plugin Slug:: my-quota
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13880

Plugin:: Namaste! LMS
Plugin Slug:: namaste-lms
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27353

Plugin:: NewsTicker
Plugin Slug:: news-list
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13630

Plugin:: NHR Options Table Manager
Plugin Slug:: nhrrob-options-table-manager
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27301

Plugin:: Ninja Pages
Plugin Slug:: ninja-page-categories-and-tags
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1454

Plugin:: Get Posts
Plugin Slug:: nurelm-get-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27349

Plugin:: Ohio Extra
Plugin Slug:: ohio-extra
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-26924

Plugin:: Om Stripe
Plugin Slug:: om-stripe
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13631

Plugin:: �nceki Yaz? Link
Plugin Slug:: onceki-yazi-linki
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27357

Plugin:: OneStore Sites
Plugin Slug:: onestore-sites
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13905

Plugin:: Order Attachments for WooCommerce
Plugin Slug:: order-attachments-for-woocommerce
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13638

Plugin:: Passbeemedia Web Push Notification
Plugin Slug:: passbeemedia-web-push-notifications
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13877

Plugin:: Pathomation
Plugin Slug:: pathomation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27306

Plugin:: Photo Gallery ( Responsive )
Plugin Slug:: photo-gallery-pearlbells
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27276

Plugin:: Pricing Table by PickPlugins
Plugin Slug:: pricingtable
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13469

Plugin:: PrivateContent
Plugin Slug:: private-content
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26976

Plugin:: PrivateContent
Plugin Slug:: private-content
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26969

Plugin:: PrivateContent
Plugin Slug:: private-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26972

Plugin:: PrivateContent
Plugin Slug:: private-content
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26966

Plugin:: Profile Widget Ninja
Plugin Slug:: profile-widget-ninja
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27320

Plugin:: Quiz Organizer
Plugin Slug:: quiz-organizer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6810

Plugin:: RAYS Grid
Plugin Slug:: rays-grid
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27317

Plugin:: Reactive Mortgage Calculator
Plugin Slug:: reactive-mortgage-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27341

Plugin:: School Management System � SakolaWP
Plugin Slug:: sakolawp-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13647

Plugin:: Simple Google Sitemap
Plugin Slug:: simple-google-sitemap
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27318

Plugin:: Simple:Press
Plugin Slug:: simplepress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13518

Plugin:: Smart Maintenance & Countdown
Plugin Slug:: smart-maintenance-countdown
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27332

Plugin:: SpotBot
Plugin Slug:: spotbot
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13878

Plugin:: Live Streaming Video Player � by SRS Player
Plugin Slug:: srs-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27327

Plugin:: Sticky Header On Scroll
Plugin Slug:: sticky-header-on-scroll
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27356

Plugin:: Table of Contents Block
Plugin Slug:: table-of-contents
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27305

Plugin:: BuddyHolis TableSearch
Plugin Slug:: tablesearch
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Countdown Timer
Plugin Slug:: timer-countdown
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13864

Plugin:: Ultra Addons Lite for Elementor
Plugin Slug:: ut-elementor-addons-lite
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13832

Plugin:: VG PostCarousel
Plugin Slug:: vg-postcarousel
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27272

Plugin:: Video.js HLS Player
Plugin Slug:: videojs-hls-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27325

Plugin:: ViperBar
Plugin Slug:: viperbar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26557

Plugin:: Tabs for WooCommerce
Plugin Slug:: wc-tabs
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13831

Plugin:: Bitcoin / AltCoin Payment Gateway for WooCommerce
Plugin Slug:: woo-altcoin-payment-gateway
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-26535

Plugin:: Direct Checkout Button for WooCommerce
Plugin Slug:: woo-direct-checkout-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27347

Plugin:: WooCommerce Recargo de Equivalencia
Plugin Slug:: woo-recargo-de-equivalencia
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27342

Plugin:: WooCommerce Display Products by Tags
Plugin Slug:: woocommerce-display-products-by-tags
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27331

Plugin:: WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates
Plugin Slug:: woocommerce-ultimate-gift-card
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-8425

Plugin:: WOW Entrance Effects (WEE!)
Plugin Slug:: wow-entrance-effects-wee
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1560

Plugin:: WoWPth
Plugin Slug:: wowpth
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1486

Plugin:: WP About Author
Plugin Slug:: wp-about-author
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27323

Plugin:: WP-Asambleas
Plugin Slug:: wp-asambleas
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27294

Plugin:: WP Click Info
Plugin Slug:: wp-click-info
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1401

Plugin:: WP e-Customers Beta
Plugin Slug:: wp-e-customers
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13885

Plugin:: JPG, PNG Compression and Optimization
Plugin Slug:: wp-post-459200 wp-image-compression
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27316

Plugin:: WP-PostRatings Cheater
Plugin Slug:: wp-postratings-cheater
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27328

Plugin:: WP-PManager
Plugin Slug:: wp-programmmanager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13875

Plugin:: WP Sitemap
Plugin Slug:: wp-sitemap
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27312

Plugin:: WP Social SEO Booster � Knowledge Graph Social Signals SEO
Plugin Slug:: wp-social-seo-booster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-27348

Plugin:: WP Video Posts
Plugin Slug:: wp-post-459200 wp-video-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27298

Plugin:: ????????
Plugin Slug:: wumii-related-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-27352

Plugin:: Yawave
Plugin Slug:: yawave
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-1648

Plugin:: Elementor Website Builder � More Than Just a Page Builder
Plugin Slug:: elementor
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.25.11
Severity Score:: Medium
CVE:: 2024-54444

Plugin:: SVG Support
Plugin Slug:: svg-support
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.9
Severity Score:: Medium
CVE:: 2022-23638

Plugin:: Page Builder by SiteOrigin
Plugin Slug:: siteorigin-panels
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.31.5
Severity Score:: Medium
CVE:: 2025-1459

Plugin:: Forminator Forms � Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.39.3
Severity Score:: Medium
CVE:: 2025-0469

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.10
Severity Score:: Medium
CVE:: 2025-1291

Plugin:: PixelYourSite � Your smart PIXEL (TAG) & API Manager
Plugin Slug:: pixelyoursite
Installations: 500,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 10.1.1.2
Severity Score:: Critical
CVE:: 2025-0769

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.4
Severity Score:: Medium
CVE:: 2025-0370

Plugin:: Photo Gallery, Sliders, Proofing and Themes � NextGEN Gallery
Plugin Slug:: nextgen-gallery
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.59.9
Severity Score:: Medium
CVE:: 2024-10545

Plugin:: Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp � Chaty
Plugin Slug:: chaty
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2025-1450

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 300,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.12
Severity Score:: Medium
CVE:: 2024-13217

Plugin:: Advanced Google reCAPTCHA
Plugin Slug:: advanced-google-recaptcha
Installations: 200,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.28
Severity Score:: Medium
CVE:: 2025-1262

Plugin:: GenerateBlocks
Plugin Slug:: generateblocks
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-13546

Plugin:: WP Activity Log
Plugin Slug:: wp-security-audit-log
Installations: 200,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.3.3
Severity Score:: High
CVE:: 2025-0767

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.0
Severity Score:: Medium
CVE:: 2024-13803

Plugin:: Everest Forms � Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
Plugin Slug:: everest-forms
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.0.9.5
Severity Score:: Critical
CVE:: 2025-1128

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.20.0
Severity Score:: Critical
CVE:: 2025-0912

Plugin:: Site Mailer � SMTP Replacement, Email API Deliverability & Email Log
Plugin Slug:: site-mailer
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4
Severity Score:: High
CVE:: 2025-1319

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.7.5.1
Severity Score:: Medium
CVE:: 2024-13127

Plugin:: Events Manager � Calendar, Bookings, Tickets, and more!
Plugin Slug:: events-manager
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.6.4.2
Severity Score:: Medium
CVE:: 2025-1249

Plugin:: Total Upkeep � WordPress Backup Plugin plus Restore & Migrate by BoldGrid
Plugin Slug:: boldgrid-backup
Installations: 70,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.16.9
Severity Score:: Medium
CVE:: 2024-13907

Plugin:: Simple Image Sizes
Plugin Slug:: simple-image-sizes
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2025-24810

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7
Severity Score:: Medium
CVE:: 2025-1571

Plugin:: User Registration & Membership � Custom Registration Form, Login Form, and User Profile
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.0
Severity Score:: High
CVE:: 2025-1511

Plugin:: Advanced AJAX Product Filters
Plugin Slug:: woocommerce-ajax-filters
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8.2
Severity Score:: High
CVE:: 2025-1505

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.33
Severity Score:: Medium
CVE:: 2024-13605

Plugin:: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: Medium
CVE:: 2025-1517

Plugin:: Master Addons � Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Plugin Slug:: master-addons
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.7.3
Severity Score:: Medium
CVE:: 2024-9618

Plugin:: Master Addons � Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Plugin Slug:: master-addons
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.7.2
Severity Score:: Medium
CVE:: 2025-0433

Plugin:: Post Grid and Gutenberg Blocks � ComboBlocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.7
Severity Score:: Medium
CVE:: 2024-13796

Plugin:: Accept Donations with PayPal & Stripe
Plugin Slug:: easy-paypal-donation
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.5
Severity Score:: High
CVE:: 2024-13728

Plugin:: Image Photo Gallery Final Tiles Grid
Plugin Slug:: final-tiles-grid-gallery-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: Medium
CVE:: 2024-6261

Plugin:: Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors
Plugin Slug:: publishpress-authors
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.7.4
Severity Score:: High
CVE:: 2025-26886

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.8
Severity Score:: Medium
CVE:: 2025-1404

Plugin:: NextMove Lite � Thank You Page for WooCommerce
Plugin Slug:: woo-thank-you-page-nextmove-lite
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.20.0
Severity Score:: Medium
CVE:: 2024-10860

Plugin:: Wp Social Login and Register Social Counter
Plugin Slug:: wp-social
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.1
Severity Score:: Medium
CVE:: 2025-1506

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2025-0764

Plugin:: Better Messages � Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
Plugin Slug:: bp-better-messages
Installations: 10,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.7.5
Severity Score:: Medium
CVE:: 2024-13697

Plugin:: Better Messages � Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
Plugin Slug:: bp-better-messages
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.7.0
Severity Score:: High
CVE:: 2024-13611

Plugin:: Classified Listing � Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.5
Severity Score:: Medium
CVE:: 2025-1063

Plugin:: Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
Plugin Slug:: directorist
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 8.2
Severity Score:: High
CVE:: 2025-1570

Plugin:: IP2Location Redirection
Plugin Slug:: ip2location-redirection
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.33.4
Severity Score:: Medium
CVE:: 2025-1502

Plugin:: Logo Slider � Logo Carousel, Logo Showcase & Client Logo Slider Plugin
Plugin Slug:: logo-slider-wp
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.0
Severity Score:: Medium
CVE:: 2024-12308

Plugin:: WPO365 | MICROSOFT 365 GRAPH MAILER
Plugin Slug:: wpo365-msgraphmailer
Installations: 8,000+
Vulnerability:: Open Redirection
Patched in Version:: 3.3
Severity Score:: Medium
CVE:: 2025-1488

Plugin:: Animated Text Block
Plugin Slug:: animated-text-block
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2025-26883

Plugin:: Album Gallery � WordPress Gallery
Plugin Slug:: new-album-gallery
Installations: 5,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.6.4
Severity Score:: High
CVE:: 2024-13833

Plugin:: SMS Alert Order Notifications � WooCommerce
Plugin Slug:: sms-alert
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.7.9
Severity Score:: Critical
CVE:: 2025-26988

Plugin:: Authors List
Plugin Slug:: authors-list
Installations: 4,000+
Vulnerability:: Content Injection
Patched in Version:: 2.0.6.1
Severity Score:: Medium
CVE:: 2024-13806

Plugin:: Card Elements for Elementor
Plugin Slug:: card-elements-for-elementor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-13734

Plugin:: WP Posts Carousel
Plugin Slug:: wp-posts-carousel
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2025-1491

Plugin:: KiviCare � Clinic & Patient Management System (EHR)
Plugin Slug:: kivicare-clinic-management-system
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.6.8
Severity Score:: High
CVE:: 2025-1572

Plugin:: Wallet System for WooCommerce
Plugin Slug:: wallet-system-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2024-13682

Plugin:: Wallet System for WooCommerce
Plugin Slug:: wallet-system-for-woocommerce
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2024-13724

Plugin:: Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site
Plugin Slug:: counter-box
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2024-13901

Plugin:: teachPress
Plugin Slug:: teachpress
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 9.0.8
Severity Score:: High
CVE:: 2025-1321

Plugin:: Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery � Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 26.0.1
Severity Score:: High
CVE:: 2025-1513

Plugin:: Product Catalog Simple
Plugin Slug:: post-type-x
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2025-1405

Plugin:: Quotes llama
Plugin Slug:: quotes-llama
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.2
Severity Score:: Medium
CVE:: 2025-27307

Plugin:: Simple Download Counter
Plugin Slug:: simple-download-counter
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2025-1730

Plugin:: Subscriptions & Memberships for PayPal
Plugin Slug:: subscriptions-memberships-for-paypal
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2024-13560

Plugin:: Ultimate WordPress Auction Plugin
Plugin Slug:: ultimate-auction
Installations: 1,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 4.3.0
Severity Score:: High
CVE:: 2025-0958

Plugin:: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Plugin Slug:: wc4bp
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4.26
Severity Score:: Medium
CVE:: 2025-1780

Plugin:: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Plugin Slug:: wc4bp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.25
Severity Score:: Medium
CVE:: 2024-13358

Plugin:: PlayerJS
Plugin Slug:: playerjs
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.24
Severity Score:: Medium
CVE:: 2025-27330

Plugin:: SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
Plugin Slug:: surveyjs
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 1.12.18
Severity Score:: High
CVE:: 2024-12544

Plugin:: m1.DownloadList
Plugin Slug:: m1downloadlist
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.20
Severity Score:: Medium
CVE:: 2025-26895

Plugin:: WordPress abandoned cart recovery and email marketing for WooCommerce by Recapture
Plugin Slug:: recapture-for-woocommerce
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.44
Severity Score:: Medium
CVE:: 2025-26899