WordPress Vulnerability Report � May 21, 2025

In this report, 359 vulnerabilities have been publicly disclosed. Security patches for 194 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 165 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8.1 has been released! This maintenance release includes fixes for 15 bugs throughout Core and the Block Editor, addressing issues affecting multiple areas of WordPress, including the block editor, multisite, and REST API. For a full list, refer to the release candidate announcement.

Plus, WordCamp Europe 2025 lands in Basel, Switzerland, June 5-7! Connect with WordPress enthusiasts, developers, and pros for three days of learning, networking, and collaboration with the global community.

WordPress Plugins � 191 Patched / 150 Unpatched

Plugin:: TI WooCommerce Wishlist
Plugin Slug:: ti-woocommerce-wishlist
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-47577

Plugin:: TI WooCommerce Wishlist
Plugin Slug:: ti-woocommerce-wishlist
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32920

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48341

Plugin:: WP Tabs � Responsive Tabs and Custom Product Tabs
Plugin Slug:: wp-expand-tabs-free
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-48134

Plugin:: WooCommerce POS � Point of Sale
Plugin Slug:: woocommerce-pos
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48117

Plugin:: Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
Plugin Slug:: salon-booking-system
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47583

Plugin:: Eventer
Plugin Slug:: eventer
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-39481

Plugin:: Eventer
Plugin Slug:: eventer
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39482

Plugin:: ShayanWeb Admin FontChanger | ???????? ????? ???? ??????? ?????? ????? ??
Plugin Slug:: shayanweb-admin-fontchanger
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-48114

Plugin:: Estatik Mortgage Calculator
Plugin Slug:: estatik-mortgage-calculator
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-48136

Plugin:: RS WP Book Showcase � A Complete Book Catalogue & Library System
Plugin Slug:: rs-wp-books-showcase
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48119

Plugin:: Simplelightbox
Plugin Slug:: simplelightbox
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5878

Plugin:: WP Notes Widget
Plugin Slug:: wp-notes-widget
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48121

Plugin:: UltraAddons � Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)
Plugin Slug:: ultraaddons-elementor-lite
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48131

Plugin:: ValidateCertify Free
Plugin Slug:: validar-certificados-de-cursos
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48115

Plugin:: MapSVG � Vector maps, Image maps, Google Maps
Plugin Slug:: mapsvg-lite-interactive-vector-maps
Installations: 800+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48120

Plugin:: BERTHA AI. Your AI co-pilot for WordPress and Chrome
Plugin Slug:: bertha-ai-free
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48138

Plugin:: Broadstreet
Plugin Slug:: broadstreet
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48113

Plugin:: Dynamic Pricing & Discounts Lite for WooCommerce
Plugin Slug:: woo-dynamic-pricing-discounts-lite
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48342

Plugin:: Push notification for Mobile and Web app
Plugin Slug:: push-notification-mobile-and-web-app
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48127

Plugin:: Wishlist
Plugin Slug:: wishlist
Installations: 500+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31062

Plugin:: Wishlist
Plugin Slug:: wishlist
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31063

Plugin:: Import Export For WooCommerce
Plugin Slug:: import-export-for-woocommerce
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-48144

Plugin:: STAGGS � Product Configurator Toolkit
Plugin Slug:: staggs
Installations: 300+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-47637

Plugin:: Embed and Integrate Etsy Shop
Plugin Slug:: embed-and-integrate-etsy-shop
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48346

Plugin:: SEO Flow by LupsOnline
Plugin Slug:: lupsonline-link-netwerk
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-48146

Plugin:: X Addons for Elementor
Plugin Slug:: x-addons-elementor
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48132

Plugin:: Aptivada for WP
Plugin Slug:: aptivada-for-wp
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48135

Plugin:: Dot html,php,xml etc pages
Plugin Slug:: dot-htmlphpxml-etc-pages
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-48112

Plugin:: Facturante � Facturaci�n Electr�nica
Plugin Slug:: facturante
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-47599

Plugin:: Printcart Web to Print Product Designer for WooCommerce
Plugin Slug:: printcart-integration
Installations: 100+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-47641

Plugin:: Printcart Web to Print Product Designer for WooCommerce
Plugin Slug:: printcart-integration
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-47640

Plugin:: WC Affiliate � A Complete WooCommerce Affiliate Plugin
Plugin Slug:: wc-affiliate
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-47660

Plugin:: WP2LEADS | WordPress und KlickTipp einfach verbinden � WooCommerce und KlickTipp einfach verbinden
Plugin Slug:: wp2leads
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32922

Plugin:: 6Storage Rentals
Plugin Slug:: 6storage-rentals
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47619

Plugin:: Interview
Plugin Slug:: interview
Installations: 40+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-48137

Plugin:: BNS Twitter Follow Button
Plugin Slug:: bns-twitter-follow-button
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47578

Plugin:: Real WP Shop Lite Ajax eCommerce Shopping Cart
Plugin Slug:: real-wp-shop-lite
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11140

Plugin:: 360 Product Rotation
Plugin Slug:: 360-product-rotation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13823

Plugin:: WP Ultimate Tours Builder
Plugin Slug:: WP_UltimateToursBuilder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31921

Plugin:: Advance Post Prefix
Plugin Slug:: advance-post-prefix
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12735

Plugin:: Advance Post Prefix
Plugin Slug:: advance-post-prefix
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12734

Plugin:: Advanced Page Visit Counter
Plugin Slug:: advanced-page-visit-counter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-5529

Plugin:: AffiliateImporterEb
Plugin Slug:: affiliateimportereb
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12733

Plugin:: AffiliateImporterEb
Plugin Slug:: affiliateimportereb
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12732

Plugin:: AlT Monitoring
Plugin Slug:: alt-monitoring
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-4194

Plugin:: Ads Pro Plugin
Plugin Slug:: ap-plugin-scripteo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46464

Plugin:: Audio Comments
Plugin Slug:: audio-comments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-4189

Plugin:: Radio Player Shoutcast & Icecast WordPress Plugin
Plugin Slug:: audio4-html5
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32306

Plugin:: BabelZ
Plugin Slug:: babelz
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8095

Plugin:: Backup Database
Plugin Slug:: backup-database
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8702

Plugin:: Badgearoo
Plugin Slug:: badgearoo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-1033

Plugin:: Badgearoo
Plugin Slug:: badgearoo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13828

Plugin:: ????SEO??(????/??/Bing/????)
Plugin Slug:: baiduseo
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-3917

Plugin:: Element Pack Pro
Plugin Slug:: bdthemes-element-pack
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46257

Plugin:: Element Pack Pro
Plugin Slug:: bdthemes-element-pack
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46258

Plugin:: BTEV
Plugin Slug:: bluetrait-event-viewer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10677

Plugin:: Bon Toolkit
Plugin Slug:: bon-toolkit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-4589

Plugin:: WPCHURCH
Plugin Slug:: church-management
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32304

Plugin:: CountDown Pro WP Plugin
Plugin Slug:: circular_countdown
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32301

Plugin:: Clasify Classified Listing
Plugin Slug:: clasify-classified-listing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12725

Plugin:: Clicksold IDX
Plugin Slug:: clicksold-wordpress-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7769

Plugin:: ClipArt
Plugin Slug:: clipart
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12726

Plugin:: Competition Form
Plugin Slug:: competition-form
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12750

Plugin:: Countdown Timer
Plugin Slug:: countdown-timer-block
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10631

Plugin:: CSS3 Accordions for WordPress
Plugin Slug:: css3_accordions
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31922

Plugin:: CSS3 Accordions for WordPress
Plugin Slug:: css3_accordions
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31923

Plugin:: CSS3 Tooltips for WordPress
Plugin Slug:: css3_tooltips
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32180

Plugin:: CSS3 Compare Pricing Tables for WordPress
Plugin Slug:: css3_web_pricing_tables_grids
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47556

Plugin:: Custom Author Base
Plugin Slug:: custom-author-base
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8050

Plugin:: Custom Field Manager
Plugin Slug:: custom-field-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12873

Plugin:: DL Verification
Plugin Slug:: dl-verification
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6798

Plugin:: DL Yandex Metrika
Plugin Slug:: dl-yandex-metrika
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6462

Plugin:: Dokan Pro
Plugin Slug:: dokan-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39497

Plugin:: S3Player � WooCommerce & Elementor Integration
Plugin Slug:: drm-protected-video-streaming
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-13865

Plugin:: EG-Series
Plugin Slug:: eg-series
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-4126

Plugin:: Event Calendar
Plugin Slug:: event-calendars
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8701

Plugin:: Event Calendar
Plugin Slug:: event-calendars
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8700

Plugin:: EventON
Plugin Slug:: eventON
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47564

Plugin:: FAT Services Booking
Plugin Slug:: fat-services-booking
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-47693

Plugin:: File Manager Advanced Shortcode
Plugin Slug:: file-manager-advanced-shortcode
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-13914

Plugin:: Front End Users
Plugin Slug:: front-end-only-users
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47580

Plugin:: Full Screen (Page) Background Image Slideshow
Plugin Slug:: full-screen-page-background-image-slideshow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11221

Plugin:: Geocache Stat Bar Widget
Plugin Slug:: geocache-stat-bar-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11266

Plugin:: WPGYM
Plugin Slug:: gym-management
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32643

Plugin:: JavaScript Logic
Plugin Slug:: javascript-logic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8090

Plugin:: JSP Store Locator
Plugin Slug:: jsp-store-locator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12301

Plugin:: JSP Store Locator
Plugin Slug:: jsp-store-locator
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11267

Plugin:: jwp-a11y
Plugin Slug:: jwp-a11y
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11190

Plugin:: Chameleon HTML5 Audio Player With/Without Playlist
Plugin Slug:: lbg-audio1-html5
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32307

Plugin:: Responsive HTML5 Audio Player PRO With Playlist
Plugin Slug:: lbg-audio2-html5
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32287

Plugin:: Sticky HTML5 Music Player
Plugin Slug:: lbg-audio3-html5
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32290

Plugin:: Sticky Radio Player
Plugin Slug:: lbg-audio5-html5-shoutcast_sticky
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31926

Plugin:: Apollo
Plugin Slug:: lbg-audio7_html5_full_width_sticky_pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32245

Plugin:: SHOUT
Plugin Slug:: lbg-audio8-html5-radio_ads
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31637

Plugin:: illi Link Party!
Plugin Slug:: link-party
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-7230

Plugin:: Connexion Logs
Plugin Slug:: logs-de-connexion
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11373

Plugin:: Connexion Logs
Plugin Slug:: logs-de-connexion
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11372

Plugin:: Magic Responsive Slider and Carousel WordPress
Plugin Slug:: magic-carousel
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31640

Plugin:: MapFig Studio
Plugin Slug:: mapfig-studio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6712

Plugin:: MapSVG
Plugin Slug:: mapsvg
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47557

Plugin:: MapSVG
Plugin Slug:: mapsvg
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47560

Plugin:: MapSVG
Plugin Slug:: mapsvg
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47562

Plugin:: Multimedia Responsive Carousel with Image Video Audio Support
Plugin Slug:: multimedia-carousel
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31928

Plugin:: Nasa Core
Plugin Slug:: nasa-core
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39507

Plugin:: Ninja Tables Pro
Plugin Slug:: ninja-tables-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39534

Plugin:: Nokaut Offers Box
Plugin Slug:: nokaut-offers-box
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10634

Plugin:: Nokaut Offers Box
Plugin Slug:: nokaut-offers-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10632

Plugin:: Ntz Antispam
Plugin Slug:: ntzantispam
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8094

Plugin:: TNC FlipBook
Plugin Slug:: pdf-viewer-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39509

Plugin:: PeoplePond
Plugin Slug:: peoplepond
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8085

Plugin:: Pixel WordPress Form BuilderPlugin & Autoresponder
Plugin Slug:: pixel-formbuilder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31915

Plugin:: Planning Center Online Giving
Plugin Slug:: planning-center-online-giving
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11502

Plugin:: profilepro
Plugin Slug:: profilepro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6668

Plugin:: Panorama � WordPress Project Management Plugin
Plugin Slug:: project-panorama-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11843

Plugin:: PVN Auth Popup
Plugin Slug:: pvn-auth-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6718

Plugin:: PVN Auth Popup
Plugin Slug:: pvn-auth-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6713

Plugin:: Simple Link Directory Pro
Plugin Slug:: qc-simple-link-directory
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32296

Plugin:: QuickCal
Plugin Slug:: quickcal
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32299

Plugin:: QuickCal
Plugin Slug:: quickcal
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32310

Plugin:: Rootspersona
Plugin Slug:: rootspersona
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39368

Plugin:: Rootspersona
Plugin Slug:: rootspersona
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48344

Plugin:: Sailthru Triggermail
Plugin Slug:: sailthru-triggermail
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11141

Plugin:: Salon Booking Pro
Plugin Slug:: salon-booking-plugin-pro-cc
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-32295

Plugin:: Simple Nav Archives
Plugin Slug:: simple-nav-archives
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8398

Plugin:: Smooth Gallery Replacement
Plugin Slug:: smooth-gallery-replacement
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8032

Plugin:: Spiritual Gifts Survey
Plugin Slug:: spiritual-gifts-survey
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-0687

Plugin:: Spotlight – Social Media Feeds (Premium)
Plugin Slug:: spotlight-social-photo-feeds-premium
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39498

Plugin:: The Plus Addons for Elementor Pro
Plugin Slug:: theplus_elementor_addon
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-46259

Plugin:: TwitterPosts
Plugin Slug:: twitter-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-7297

Plugin:: UberSlider
Plugin Slug:: uber-classic
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31641

Plugin:: Video Player & FullScreen Video Background
Plugin Slug:: universal-video-player-and-bg
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-47567

Plugin:: User Profile Meta Manager
Plugin Slug:: user-profile-meta
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-48340

Plugin:: Weluka Lite
Plugin Slug:: weluka-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-4591

Plugin:: WHMpress
Plugin Slug:: whmpress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39491

Plugin:: WHMpress
Plugin Slug:: whmpress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-39492

Plugin:: Widgets Reset
Plugin Slug:: widgets-reset
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8082

Plugin:: WolfNet IDX
Plugin Slug:: wolfnet-idx-for-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6783

Plugin:: CURCY
Plugin Slug:: woocommerce-multi-currency
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47563

Plugin:: WOOEXIM
Plugin Slug:: wooexim
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-1288

Plugin:: WordPress Auto Spinner
Plugin Slug:: wp-auto-spinner
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-47534

Plugin:: WordPress????
Plugin Slug:: wp-connect
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12282

Plugin:: WP Content Security Plugin
Plugin Slug:: wp-content-security-policy
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-4579

Plugin:: WP DeskLite
Plugin Slug:: wp-desklite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12724

Plugin:: WP JobHunt
Plugin Slug:: wp-jobhunt
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39537

Plugin:: Pinterest Automatic Pin
Plugin Slug:: wp-pinterest-automatic
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-39511

Plugin:: WP-PManager
Plugin Slug:: wp-programmmanager
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-2248

Plugin:: WP-PManager
Plugin Slug:: wp-programmmanager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-2247

Plugin:: WPBot Pro WordPress Chatbot
Plugin Slug:: wpbot-pro
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-47582

Plugin:: WordPress Events Calendar Registration & Tickets
Plugin Slug:: wpeventplus
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-47581

Plugin:: Jetpack � WP Security, Backup, Speed, & Growth
Plugin Slug:: jetpack
Installations: 4,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 13.8
Severity Score:: Medium
CVE:: 2024-10076

Plugin:: Jetpack � WP Security, Backup, Speed, & Growth
Plugin Slug:: jetpack
Installations: 4,000,000+
Vulnerability:: Content Injection
Patched in Version:: 13.8
Severity Score:: Medium
CVE:: 2024-10075

Plugin:: All in One SEO � Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
Plugin Slug:: all-in-one-seo-pack
Installations: 3,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.2
Severity Score:: Medium
CVE:: 2025-2892

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.1
Severity Score:: Medium
CVE:: 2025-2524

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.12.0
Severity Score:: Medium
CVE:: 2025-48246

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.6.4
Severity Score:: Medium
CVE:: 2024-8493

Plugin:: Photo Gallery, Sliders, Proofing and Themes � NextGEN Gallery
Plugin Slug:: nextgen-gallery
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.59.5
Severity Score:: Medium
CVE:: 2024-5878

Plugin:: Jetpack Boost � Website Speed, Performance and Critical CSS
Plugin Slug:: jetpack-boost
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.8
Severity Score:: Medium
CVE:: 2024-10076

Plugin:: Page Builder: Pagelayer � Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.0
Severity Score:: Medium
CVE:: 2024-8618

Plugin:: PrettyLinks � Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin
Plugin Slug:: pretty-link
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.16
Severity Score:: Medium
CVE:: 2025-48247

Plugin:: Firelight Lightbox
Plugin Slug:: easy-fancybox
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.15
Severity Score:: Medium
CVE:: 2025-3597

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.29
Severity Score:: Medium
CVE:: 2024-8670

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.99
Severity Score:: Medium
CVE:: 2024-8284

Plugin:: Everest Forms � Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
Plugin Slug:: everest-forms
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.3.1
Severity Score:: Medium
CVE:: 2024-8542

Plugin:: Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme � My Sticky Bar (formerly myStickymenu)
Plugin Slug:: mystickymenu
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.8
Severity Score:: Medium
CVE:: 2024-2643

Plugin:: Relevanssi � A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.24.5
Severity Score:: High
CVE:: 2025-4396

Plugin:: Responsive Lightbox & Gallery
Plugin Slug:: responsive-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2025-3742

Plugin:: Simple Lightbox
Plugin Slug:: simple-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.4
Severity Score:: Medium
CVE:: 2025-3516

Plugin:: Tracking Code Manager
Plugin Slug:: tracking-code-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-6335

Plugin:: Social Media Share Buttons & Social Sharing Icons
Plugin Slug:: ultimate-social-media-icons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.1
Severity Score:: Medium
CVE:: 2024-10362

Plugin:: Hustle � Email Marketing, Lead Generation, Optins, Popups
Plugin Slug:: wordpress-popup
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.8.5
Severity Score:: Medium
CVE:: 2024-8492

Plugin:: Jupiter X Core
Plugin Slug:: jupiterx-core
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.1
Severity Score:: Medium
CVE:: 2025-3888

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.7.5.1
Severity Score:: Medium
CVE:: 2024-13128

Plugin:: Nested Pages
Plugin Slug:: wp-nested-pages
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.9
Severity Score:: Medium
CVE:: 2024-8759

Plugin:: Ajax Search Lite � Live Search & Filter
Plugin Slug:: ajax-search-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.12.3
Severity Score:: Medium
CVE:: 2024-8619

Plugin:: ImageMagick Engine
Plugin Slug:: imagemagick-engine
Installations: 70,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.7.11
Severity Score:: Critical
CVE:: 2024-6486

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.9.1
Severity Score:: Medium
CVE:: 2025-48244

Plugin:: Qi Blocks
Plugin Slug:: qi-blocks
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2025-1625

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.3
Severity Score:: Medium
CVE:: 2025-4610

Plugin:: Popup Box � Create Countdown, Coupon, Video, Contact Form Popups
Plugin Slug:: ays-popup-box
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.8
Severity Score:: Medium
CVE:: 2024-9599

Plugin:: WP Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.11.2
Severity Score:: Medium
CVE:: 2025-4669

Plugin:: User Profile Builder � Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.2
Severity Score:: Medium
CVE:: 2024-6708

Plugin:: Ultimate Blocks � WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2025-48234

Plugin:: Uncanny Automator � Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Plugin Slug:: uncanny-automator
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.5.0
Severity Score:: Medium
CVE:: 2025-4520

Plugin:: Uncanny Automator � Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Plugin Slug:: uncanny-automator
Installations: 50,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 6.4.0.2
Severity Score:: High
CVE:: 2025-3623

Plugin:: Visual Composer Website Builder
Plugin Slug:: visualcomposer
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 45.12.0
Severity Score:: Medium
CVE:: 2025-48276

Plugin:: LatePoint � Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 40,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.1.93
Severity Score:: Medium
CVE:: 2025-3769

Plugin:: MapPress Maps for WordPress
Plugin Slug:: mappress-google-maps-for-wordpress
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.93
Severity Score:: Medium
CVE:: 2024-8620

Plugin:: Photo Gallery, Images, Slider in Rbs Image Gallery
Plugin Slug:: robo-gallery
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.24
Severity Score:: Medium
CVE:: 2024-13384

Plugin:: Photo Gallery, Images, Slider in Rbs Image Gallery
Plugin Slug:: robo-gallery
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.22
Severity Score:: Medium
CVE:: 2024-10144

Plugin:: Hubbub Lite � Fast, Reliable Social Sharing Buttons
Plugin Slug:: social-pug
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.34.4
Severity Score:: Medium
CVE:: 2024-10145

Plugin:: LightPress Lightbox
Plugin Slug:: wp-jquery-lightbox
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.4
Severity Score:: Medium
CVE:: 2025-3649

Plugin:: Advanced Cron Manager � debug & control
Plugin Slug:: advanced-cron-manager
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.7
Severity Score:: Medium
CVE:: 2024-4004

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2025-48277

Plugin:: FunnelKit � Funnel Builder for WooCommerce Checkout
Plugin Slug:: funnel-builder
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.10.2
Severity Score:: High
CVE:: 2025-2203

Plugin:: Logo Slider � Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Plugin Slug:: gs-logo-slider
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.7.1
Severity Score:: Medium
CVE:: 2024-9233

Plugin:: Social Slider Feed
Plugin Slug:: instagram-slider-widget
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.9
Severity Score:: Medium
CVE:: 2024-10149

Plugin:: Uncanny Toolkit for LearnDash
Plugin Slug:: uncanny-learndash-toolkit
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0.3
Severity Score:: Medium
CVE:: 2025-48080

Plugin:: WP Google Review Slider
Plugin Slug:: wp-google-places-review-slider
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 15.6
Severity Score:: Medium
CVE:: 2024-11109

Plugin:: Maspik � Ultimate Spam Protection
Plugin Slug:: contact-forms-anti-spam
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-9182

Plugin:: Happyforms � Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms
Plugin Slug:: happyforms
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.3
Severity Score:: Medium
CVE:: 2024-10054

Plugin:: Contact Form builder with drag & drop for WordPress � Kali Forms
Plugin Slug:: kali-forms
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3
Severity Score:: Medium
CVE:: 2025-3201

Plugin:: Smart Post Show � Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More
Plugin Slug:: post-carousel
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.28
Severity Score:: Medium
CVE:: 2024-3996

Plugin:: PWA for WP � Progressive Web Apps Made Simple
Plugin Slug:: pwa-for-wp
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.72
Severity Score:: Medium
CVE:: 2024-7759

Plugin:: Quiz Maker
Plugin Slug:: quiz-maker
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.9.9
Severity Score:: Medium
CVE:: 2024-8617

Plugin:: Simple Job Board
Plugin Slug:: simple-job-board
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.12.6
Severity Score:: Medium
CVE:: 2024-7762

Plugin:: Simple Job Board
Plugin Slug:: simple-job-board
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.2
Severity Score:: Medium
CVE:: 2024-7761

Plugin:: AWeber � Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
Plugin Slug:: aweber-web-form-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.21
Severity Score:: Medium
CVE:: 2024-13313

Plugin:: bunny.net � WordPress CDN Plugin
Plugin Slug:: bunnycdn
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.1
Severity Score:: High
CVE:: 2025-48236

Plugin:: Cost of Goods: Product Cost & Profit Calculator for WooCommerce
Plugin Slug:: cost-of-goods-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.1
Severity Score:: Medium
CVE:: 2025-48240

Plugin:: RegistrationMagic � Custom Registration Forms, User Registration, Payment, and User Login
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.2.1
Severity Score:: Medium
CVE:: 2024-9390

Plugin:: EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory
Plugin Slug:: ean-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.7
Severity Score:: Medium
CVE:: 2025-48249

Plugin:: The GDPR Framework By Data443
Plugin Slug:: gdpr-framework
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-13621

Plugin:: Prisna GWT � Google Website Translator
Plugin Slug:: google-website-translator
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.14
Severity Score:: Medium
CVE:: 2024-12679

Plugin:: Responsive Contact Form Builder & Lead Generation Plugin
Plugin Slug:: lead-form-builder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.8
Severity Score:: Medium
CVE:: 2024-10475

Plugin:: Legal Pages � Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
Plugin Slug:: legal-pages
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.6
Severity Score:: Medium
CVE:: 2025-48242

Plugin:: LifterLMS � WP LMS for eLearning, Online Courses, & Quizzes
Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.0.1
Severity Score:: High
CVE:: 2024-13619

Plugin:: MB Custom Post Types & Custom Taxonomies
Plugin Slug:: mb-custom-post-type
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7
Severity Score:: Medium
CVE:: 2024-10143

Plugin:: Mobile Contact Bar
Plugin Slug:: mobile-contact-bar
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.5
Severity Score:: Medium
CVE:: 2024-12739

Plugin:: Sensei LMS � Online Courses, Quizzes, & Learning
Plugin Slug:: sensei-lms
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.20.0
Severity Score:: Medium
CVE:: 2024-8009

Plugin:: Simple Basic Contact Form
Plugin Slug:: simple-basic-contact-form
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20250114
Severity Score:: Medium
CVE:: 2024-12716

Plugin:: Team � Team Members Showcase Plugin
Plugin Slug:: tlp-team
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.2
Severity Score:: Medium
CVE:: 2024-9236

Plugin:: UiPress lite | Effortless custom dashboards, admin themes and pages
Plugin Slug:: uipress-lite
Installations: 10,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.5.08
Severity Score:: High
CVE:: 2025-3053

Plugin:: Japanized for WooCommerce
Plugin Slug:: woocommerce-for-japan
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.41
Severity Score:: Medium
CVE:: 2025-48284

Plugin:: AutomatorWP � Automator plugin for no-code automations, webhooks & custom integrations in WordPress
Plugin Slug:: automatorwp
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.2.2
Severity Score:: High
CVE:: 2025-48280

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2024-13616

Plugin:: CM Tooltip Glossary
Plugin Slug:: enhanced-tooltipglossary
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.4
Severity Score:: Medium
CVE:: 2024-5026

Plugin:: If-So Dynamic Content Personalization
Plugin Slug:: if-so
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.0.3
Severity Score:: Medium
CVE:: 2024-5440

Plugin:: Travelpayouts: All Travel Brands in One Place
Plugin Slug:: travelpayouts
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.13
Severity Score:: Medium
CVE:: 2023-5934

Plugin:: Travelpayouts: All Travel Brands in One Place
Plugin Slug:: travelpayouts
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.14
Severity Score:: High
CVE:: 2023-5932

Plugin:: Easiest Funnel Builder For WordPress & WooCommerce, Specialized For Digital Creators � WPFunnels
Plugin Slug:: wpfunnels
Installations: 8,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.5.19
Severity Score:: Critical
CVE:: 2025-47530

Plugin:: AI ChatBot for WordPress � WPBot
Plugin Slug:: chatbot
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.2.4
Severity Score:: Medium
CVE:: 2025-0329

Plugin:: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Plugin Slug:: erp
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.13.4
Severity Score:: Medium
CVE:: 2024-12812

Plugin:: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Plugin Slug:: erp
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.4
Severity Score:: Medium
CVE:: 2024-12808

Plugin:: HD Quiz
Plugin Slug:: hd-quiz
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-13383

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.5.2
Severity Score:: Medium
CVE:: 2025-48079

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.9.5.1
Severity Score:: High
CVE:: 2025-47478

Plugin:: Wise Chat
Plugin Slug:: wise-chat
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.3.4
Severity Score:: High
CVE:: 2024-13613

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.3.3
Severity Score:: Medium
CVE:: 2025-48272

Plugin:: Back Button Widget
Plugin Slug:: back-button-widget
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.0
Severity Score:: Medium
CVE:: 2025-48252

Plugin:: Easy Property Listings
Plugin Slug:: easy-property-listings
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2024-2869

Plugin:: EventON � Events Calendar
Plugin Slug:: eventon-lite
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2025-48116

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-4665

Plugin:: Arconix Shortcodes
Plugin Slug:: arconix-shortcodes
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.17
Severity Score:: High
CVE:: 2025-47673

Plugin:: MultiVendorX � WooCommerce Multivendor Marketplace Solutions
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.23
Severity Score:: Medium
CVE:: 2025-48263

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2025-48288

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.1
Severity Score:: Medium
CVE:: 2024-13730

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.24
Severity Score:: Medium
CVE:: 2024-13729

Plugin:: Responsive Gallery Grid
Plugin Slug:: responsive-gallery-grid
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.15
Severity Score:: Medium
CVE:: 2024-4091

Plugin:: SMS Alert Order Notifications � WooCommerce
Plugin Slug:: sms-alert
Installations: 5,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.8.2
Severity Score:: High
CVE:: 2025-3876

Plugin:: SMS Alert Order Notifications � WooCommerce
Plugin Slug:: sms-alert
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.2
Severity Score:: Medium
CVE:: 2025-3878

Plugin:: Melapress File Monitor
Plugin Slug:: website-file-changes-monitor
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.1
Severity Score:: High
CVE:: 2024-9879

Plugin:: Melapress File Monitor
Plugin Slug:: website-file-changes-monitor
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.1.0
Severity Score:: High
CVE:: 2024-10009

Plugin:: WPAdverts � Classifieds Plugin
Plugin Slug:: wpadverts
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.4
Severity Score:: Medium
CVE:: 2025-48269

Plugin:: Import Social Events
Plugin Slug:: import-facebook-events
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.6
Severity Score:: Medium
CVE:: 2025-48256

Plugin:: Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
Plugin Slug:: salon-booking-system
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.9.4
Severity Score:: Medium
CVE:: 2024-9882

Plugin:: Stylish Price List � Price Table Builder & QR Code Restaurant Menu
Plugin Slug:: stylish-price-list
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.8
Severity Score:: Medium
CVE:: 2024-7758

Plugin:: Ultimate Noindex Nofollow Tool II
Plugin Slug:: ultimate-noindex-nofollow-tool-ii
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-1663

Plugin:: Auto Affiliate Links
Plugin Slug:: wp-auto-affiliate-links
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.4.7
Severity Score:: High
CVE:: 2024-9838

Plugin:: Free Shipping Bar: Amount Left for Free Shipping for WooCommerce
Plugin Slug:: amount-left-free-shipping-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-48253

Plugin:: ApplyOnline � Application Form Builder and Manager
Plugin Slug:: apply-online
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2024-10098

Plugin:: Majestic Support � The Leading-Edge Help Desk & Customer Support Plugin
Plugin Slug:: majestic-support
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2025-48282

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.9.9.9
Severity Score:: High
CVE:: 2025-3107

Plugin:: User Activity Tracking and Log
Plugin Slug:: user-activity-tracking-and-log
Installations: 3,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 4.1.4
Severity Score:: Medium
CVE:: 2024-0970

Plugin:: Wishlist for WooCommerce: Multi Wishlists Per Customer
Plugin Slug:: wish-list-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2025-48237

Plugin:: Additional Custom Emails & Recipients for WooCommerce
Plugin Slug:: custom-emails-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.2
Severity Score:: Medium
CVE:: 2025-48251

Plugin:: Active Products Tables for WooCommerce. Use constructor to create tables�
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6.9
Severity Score:: Medium
CVE:: 2025-48266

Plugin:: SKT Blocks � Gutenberg based Page Builder
Plugin Slug:: skt-blocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3
Severity Score:: Medium
CVE:: 2025-48270

Plugin:: Coupons & Add to Cart by URL Links for WooCommerce
Plugin Slug:: url-coupons-for-woocommerce-by-algoritmika
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.8
Severity Score:: Medium
CVE:: 2025-48250

Plugin:: Change Add to Cart Button Text for WooCommerce
Plugin Slug:: add-to-cart-button-labels-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2025-48254

Plugin:: Auto Prune Posts
Plugin Slug:: auto-prune-posts
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2024-10639

Plugin:: Falang multilanguage for WordPress
Plugin Slug:: falang
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.62
Severity Score:: Medium
CVE:: 2025-48285

Plugin:: WordPress Mega Menu Block
Plugin Slug:: getwid-megamenu
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2025-48258

Plugin:: GDPR CCPA Compliance & Cookie Consent Banner
Plugin Slug:: ninja-gdpr-compliance
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2025-48260

Plugin:: Product Code for WooCommerce
Plugin Slug:: product-code-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2025-48264

Plugin:: Product Notes Tab & Private Admin Notes for WooCommerce
Plugin Slug:: product-notes-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.1
Severity Score:: Medium
CVE:: 2025-48239

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 0.21.15
Severity Score:: High
CVE:: 2025-47512

Plugin:: Year Make Model Search for WooCommerce
Plugin Slug:: ymm-search
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.12
Severity Score:: Medium
CVE:: 2025-48265

Plugin:: Taskbuilder � WordPress Project & Task Management plugin
Plugin Slug:: taskbuilder
Installations: 900+
Vulnerability:: SQL Injection
Patched in Version:: 3.0.9
Severity Score:: High
CVE:: 2024-9831

Plugin:: Polls CP
Plugin Slug:: cp-polls
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.77
Severity Score:: Medium
CVE:: 2024-8851

Plugin:: Frontend Dashboard
Plugin Slug:: frontend-dashboard
Installations: 700+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.2.8
Severity Score:: High
CVE:: 2025-4474

Plugin:: Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack.
Plugin Slug:: recaptcha-for-all
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.27
Severity Score:: Medium
CVE:: 2025-48243

Plugin:: Secure Downloads
Plugin Slug:: secure-downloads
Installations: 700+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-8031

Plugin:: Broadcast Live Video � Live Streaming : WebRTC, HLS, RTSP, RTMP
Plugin Slug:: videowhisper-live-streaming-integration
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.2.5
Severity Score:: Medium
CVE:: 2025-48255

Plugin:: Drag and Drop File Upload for Elementor Forms
Plugin Slug:: drag-and-drop-file-upload-for-elementor-forms
Installations: 600+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2025-47492

Plugin:: Sitewide Discount for WooCommerce: Apply Discount to All Products
Plugin Slug:: global-shop-discount-for-woocommerce
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2025-48248

Plugin:: Sharespine Woocommerce Connector
Plugin Slug:: sharespine-woocommerce-connector
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 4.8.56
Severity Score:: Medium
CVE:: 2025-48128

Plugin:: Xpro Addons For Beaver Builder � Lite
Plugin Slug:: xpro-addons-beaver-builder-elementor
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2025-48232

Plugin:: Affiliates Manager Google reCAPTCHA Integration
Plugin Slug:: affiliates-manager-google-recaptcha-integration
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7
Severity Score:: High
CVE:: 2025-48233

Plugin:: GamiPress � Reset User
Plugin Slug:: gamipress-reset-user
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.1
Severity Score:: Medium
CVE:: 2024-8245

Plugin:: Plugin Oficial � Getnet para WooCommerce
Plugin Slug:: wc-checkout-getnet
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: High
CVE:: 2025-1303

Plugin:: Plugin Oficial � Getnet para WooCommerce
Plugin Slug:: wc-checkout-getnet
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2025-1289

Plugin:: WP Mapa Politico Espa�a
Plugin Slug:: wp-mapa-politico-spain
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.1
Severity Score:: Medium
CVE:: 2025-48259

Plugin:: CYAN Backup
Plugin Slug:: cyan-backup
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-9662

Plugin:: Url Rewrite Analyzer
Plugin Slug:: url-rewrite-analyzer
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2025-48262

Plugin:: Bot for Telegram on WooCommerce
Plugin Slug:: bot-for-telegram-on-woocommerce
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2025-48268

Plugin:: Posts per Cat
Plugin Slug:: posts-per-cat
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2025-4169

Plugin:: Projectopia � WordPress Project Management
Plugin Slug:: projectopia-core
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.18
Severity Score:: Medium
CVE:: 2025-48257

Plugin:: RSVPMaker
Plugin Slug:: rsvpmaker
Installations: 300+
Vulnerability:: SQL Injection
Patched in Version:: 11.5.7
Severity Score:: High
CVE:: 2025-48278

Plugin:: Subaccounts for WooCommerce
Plugin Slug:: subaccounts-for-woocommerce
Installations: 300+
Vulnerability:: Broken Authentication
Patched in Version:: 1.6.7
Severity Score:: High
CVE:: 2025-47461

Plugin:: Wholesale Market
Plugin Slug:: wholesale-market
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2022-4363

Plugin:: AWcode Toolkit
Plugin Slug:: awcode-toolkit
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.19
Severity Score:: High
CVE:: 2025-48238

Plugin:: B2i Investor Tools
Plugin Slug:: b2i-investor-tools
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8
Severity Score:: High
CVE:: 2025-47458

Plugin:: Push Notification for Post and BuddyPress
Plugin Slug:: push-notification-for-post-and-buddypress
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: 1.94
Severity Score:: Critical
CVE:: 2024-6159

Plugin:: WP Image Mask
Plugin Slug:: wp-post-459212 wp-image-mask
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2025-48235

Plugin:: CTT Expresso para WooCommerce
Plugin Slug:: ctt-expresso-para-woocommerce
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.13
Severity Score:: Medium
CVE:: 2024-6478

Plugin:: Free Booking Plugin for Hotels, Restaurants and Car Rentals � eaSYNC Booking
Plugin Slug:: easync-booking
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.15
Severity Score:: Medium
CVE:: 2024-9450

Plugin:: LogDash Activity Log
Plugin Slug:: logdash-activity-log
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.4
Severity Score:: Critical
CVE:: 2023-6030

Plugin:: Payment Gateway for Telcell
Plugin Slug:: payment-gateway-for-telcell
Installations: 100+
Vulnerability:: Open Redirection
Patched in Version:: 2.0.4
Severity Score:: Medium
CVE:: 2023-6786

Plugin:: Experto CTA Widget � Call To Action, Sticky CTA, Floating Button Plugin
Plugin Slug:: experto-cta-widget
Installations: 90+
Vulnerability:: Settings Change
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2025-47529

Plugin:: JSFiddle Shortcode
Plugin Slug:: jsfiddle-shortcode
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-10818

Plugin:: TicketBAI Facturas para WooCommerce
Plugin Slug:: wp-ticketbai
Installations: 80+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.19
Severity Score:: High
CVE:: 2025-4564

Plugin:: Z-Downloads
Plugin Slug:: z-downloads
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.11.6
Severity Score:: High
CVE:: 2024-8703

Plugin:: Z-Downloads
Plugin Slug:: z-downloads
Installations: 70+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.11.5
Severity Score:: Critical
CVE:: 2024-8699

Plugin:: Z-Downloads
Plugin Slug:: z-downloads
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.11.7
Severity Score:: Medium
CVE:: 2024-8673

Plugin:: Tours
Plugin Slug:: tours
Installations: 20+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.1
Severity Score:: Medium
CVE:: 2024-51666

Plugin:: EKC Tournament Manager
Plugin Slug:: ekc-tournament-manager
Installations: 10+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-9765

Plugin:: EKC Tournament Manager
Plugin Slug:: ekc-tournament-manager
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-9709

Plugin:: KBucket: Your Curated Content in WordPress
Plugin Slug:: kbucket
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.5
Severity Score:: High
CVE:: 2024-6667

Plugin:: KBucket: Your Curated Content in WordPress
Plugin Slug:: kbucket
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.6
Severity Score:: Medium
CVE:: 2024-6665

Plugin:: Offload Videos � Bunny.net, AWS S3
Plugin Slug:: offload-videos-bunny-netaws-s3
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.1
Severity Score:: Medium
CVE:: 2024-6719

Plugin:: Simple Video Directory
Plugin Slug:: simple-media-directory
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: 1.4.3
Severity Score:: Critical
CVE:: 2024-6809

Plugin:: File Manager Advanced Shortcode PRO
Plugin Slug:: advanced-file-manager-pro-premium
Vulnerability:: Content Injection
Patched in Version:: 2.6.0
Severity Score:: Medium
CVE:: 2024-13914

Plugin:: ARForms Form Builder
Plugin Slug:: arforms-form-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: High
CVE:: 2024-10504

Plugin:: Buddyboss Platform
Plugin Slug:: buddyboss-platform
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.7.60
Severity Score:: Medium
CVE:: 2024-12767

Plugin:: Crawlomatic Multisite Scraper Post Generator
Plugin Slug:: crawlomatic-multipage-scraper-post-generator
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.6.8.2
Severity Score:: Critical
CVE:: 2025-4389

Plugin:: EventON
Plugin Slug:: eventON
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.7
Severity Score:: Medium
CVE:: 2025-3527

Plugin:: Jetpack Debug Tools
Plugin Slug:: jetpack-debug-helper
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-56006

Plugin:: Ninja Forms Webhooks
Plugin Slug:: ninja-forms-webhooks
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.0.8
Severity Score:: Medium
CVE:: 2024-13940

Plugin:: Opal Woo Custom Product Variation
Plugin Slug:: opal-woo-custom-product-variation
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.2.1
Severity Score:: High
CVE:: 2025-47535

Plugin:: PeepSo Core: File Uploads
Plugin Slug:: peepso-files
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 6.4.6.1
Severity Score:: Medium
CVE:: 2024-8988

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: SQL Injection
Patched in Version:: 2.27.5
Severity Score:: High
CVE:: 2025-4396

Plugin:: Echo RSS Feed Post Generator Plugin for WordPress
Plugin Slug:: rss-feed-post-generator-echo
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.4.8.2
Severity Score:: Critical
CVE:: 2025-4391

Plugin:: tarteaucitron.js for WordPress
Plugin Slug:: tarteaucitron-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.3.0
Severity Score:: High
CVE:: 2024-11719

Plugin:: tarteaucitron.js for WordPress
Plugin Slug:: tarteaucitron-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.3.0
Severity Score:: Medium
CVE:: 2024-11718

Plugin:: Rankie
Plugin Slug:: valvepress-rankie
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.2
Severity Score:: Medium
CVE:: 2025-39493

Plugin:: WP Content Copy Protection & No Right Click (premium)
Plugin Slug:: wccp-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 15.3
Severity Score:: Medium
CVE:: 2024-6693

Plugin:: WP Content Copy Protection & No Right Click (premium)
Plugin Slug:: wccp-pro
Vulnerability:: Open Redirection
Patched in Version:: 15.3
Severity Score:: Medium
CVE:: 2024-6690

Plugin:: GDPR Cookie Consent
Plugin Slug:: webtoffee-gdpr-cookie-consent
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2024-8397

Plugin:: GDPR Cookie Consent
Plugin Slug:: webtoffee-gdpr-cookie-consent
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.1
Severity Score:: Medium
CVE:: 2024-8286

Plugin:: WPBot Pro WordPress Chatbot
Plugin Slug:: wpbot-pro
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 13.7.0
Severity Score:: High
CVE:: 2025-3812

WordPress Themes � 3 Patched / 15 Unpatched

Theme:: Acerola
Theme Slug:: acerola
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31066

Theme:: AnyWhere Elementor Pro
Theme Slug:: anywhere-elementor-pro
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31046

Theme:: Bimber – Viral Magazine WordPress Theme
Theme Slug:: bimber
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-47576

Theme:: Bloggie
Theme Slug:: bloggie
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-31054

Theme:: CouponXL
Theme Slug:: couponxl
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-39489

Theme:: Dash
Theme Slug:: dash
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31049

Theme:: HotStar � Multi-Purpose Business Theme
Theme Slug:: hotstar
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31069

Theme:: HotStar � Multi-Purpose Business Theme
Theme Slug:: hotstar
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31071

Theme:: Jarvis � Night Club, Concert, Festival WordPress
Theme Slug:: jarvis
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-32292

Theme:: The Business
Theme Slug:: nrgbusiness
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-31430

Theme:: The Business
Theme Slug:: nrgbusiness
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31630

Theme:: Plant – Gardening & Houseplants WordPress Theme
Theme Slug:: plant
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31051

Theme:: Rozario
Theme Slug:: rozario
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31065

Theme:: Seven Stars
Theme Slug:: sevenstars
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31068

Theme:: Spare
Theme Slug:: spare
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-31639

Theme:: Motors
Theme Slug:: motors
Vulnerability:: Privilege Escalation
Patched in Version:: 5.6.68
Severity Score:: Critical
CVE:: 2025-4322

Theme:: TheGem
Theme Slug:: thegem
Vulnerability:: Broken Access Control
Patched in Version:: 5.10.3.1
Severity Score:: Medium
CVE:: 2025-4339

Theme:: TheGem
Theme Slug:: thegem
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.10.3.1
Severity Score:: High
CVE:: 2025-4317