Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark purple gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � November 12, 2025

[email protected]

In this report, 199 vulnerabilities have been publicly disclosed. Security patches for 104 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Currently, 95 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8.3 was released on September 30, 2025. This is a security release that features two fixes. As this is a security release, we recommend updating your sites immediately. For more information on WordPress 6.8.3, please visit the�version page on the HelpHub site.

WordPress 6.9 Release Candidate 1 (RC1) is now available for testing. This version is still under development and should not be installed on production or mission-critical websites. Instead, test RC1 on a staging or test site. You can read more on the WordPress Core blog for details on how to download and test this release.

The final release of WordPress 6.9 is scheduled for December 2, 2025. For updates, testing information, and release announcements, visit the Make WordPress Core blog.

WordPress Plugins � 103 Patched / 94 Unpatched

Plugin:: WP Snow Effect
Plugin Slug:: wp-snow-effect
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-64294

Plugin:: Image Comparison Addon for Elementor
Plugin Slug:: image-comparison-elementor-addon
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-10896

Plugin:: Master Blocks � Ultimate Gutenberg Blocks for Marketers
Plugin Slug:: ultimate-blocks-for-gutenberg
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-10896

Plugin:: EasyCommerce � AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin
Plugin Slug:: easycommerce
Installations: 60+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-11457

Plugin:: Magazine Companion
Plugin Slug:: bnm-blocks
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11828

Plugin:: Content Locker for Elementor
Plugin Slug:: content-locker-for-elementor
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-10896

Plugin:: Ace User Management
Plugin Slug:: ace-user-management
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6027

Plugin:: Add Multiple Marker
Plugin Slug:: add-multiple-marker
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11999

Plugin:: Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Plugin Slug:: ai-auto-tool
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12156

Plugin:: Auto Amazon Links
Plugin Slug:: amazon-auto-links
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-11451

Plugin:: Authors List
Plugin Slug:: authors-list
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12010

Plugin:: Multi-language Responsive Portfolio
Plugin Slug:: bootstrap-multi-language-responsive-portfolio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11753

Plugin:: Associados Amazon
Plugin Slug:: brzon
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12403

Plugin:: CE21 Suite
Plugin Slug:: ce21-suite
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-11007

Plugin:: CE21 Suite
Plugin Slug:: ce21-suite
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-11008

Plugin:: Centangle Team Showcase
Plugin Slug:: centangle-team
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12456

Plugin:: Chart Expert
Plugin Slug:: chart-expert
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12753

Plugin:: Clubmember
Plugin Slug:: clubmember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12396

Plugin:: Coon Google Maps
Plugin Slug:: coon-google-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12662

Plugin:: WP????????? for CPI
Plugin Slug:: cpi-wp-migration
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-11170

Plugin:: Crypto
Plugin Slug:: crypto
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11986

Plugin:: Crypto
Plugin Slug:: crypto
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11988

Plugin:: Crypto Payment Gateway with Payeer for WooCommerce
Plugin Slug:: crypto-payment-gateway-with-payeer-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-11890

Plugin:: CTL Arcade Lite
Plugin Slug:: ctl-arcade-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11886

Plugin:: Document Pro Elementor
Plugin Slug:: document-pro-elementor
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11997

Plugin:: DominoKit
Plugin Slug:: dominokit
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12350

Plugin:: Download Counter Button
Plugin Slug:: download-counter-button
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-11072

Plugin:: Elastic Theme Editor
Plugin Slug:: elastic-theme-editor
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-12637

Plugin:: Elegance Menu
Plugin Slug:: elegance-menu
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-11704

Plugin:: EM Beer Manager
Plugin Slug:: em-beer-manager
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-11724

Plugin:: Eventbee Ticketing Widget
Plugin Slug:: eventbee-ticketing-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11856

Plugin:: Find Unused Images
Plugin Slug:: find-unused-images
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11996

Plugin:: Five9 Live Chat
Plugin Slug:: five9
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11829

Plugin:: Fleet Manager
Plugin Slug:: fleet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12538

Plugin:: Free Quotation
Plugin Slug:: free-quotation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12393

Plugin:: Geopost
Plugin Slug:: geopost
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12754

Plugin:: Astra Security Suite
Plugin Slug:: getastra
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-11521

Plugin:: GitHub Gist Shortcode
Plugin Slug:: github-gist-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12667

Plugin:: Holiday class post calendar
Plugin Slug:: holiday-class-post-calendar
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-12813

Plugin:: Import Export For WooCommerce
Plugin Slug:: import-export-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12389

Plugin:: Jeba Cute forkit
Plugin Slug:: jeba-cute-forkit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12663

Plugin:: KiotViet Sync
Plugin Slug:: kiotvietsync
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-12674

Plugin:: KiotViet Sync
Plugin Slug:: kiotvietsync
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12676

Plugin:: KiotViet Sync
Plugin Slug:: kiotvietsync
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12677

Plugin:: Label Plugins
Plugin Slug:: label-plugins
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12401

Plugin:: LinkedIn Resume
Plugin Slug:: linkedin-resume
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12402

Plugin:: Live Photos on WordPress
Plugin Slug:: live-photos
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12651

Plugin:: LMB^Box Smileys
Plugin Slug:: lmbbox-smileys
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12400

Plugin:: MapMap
Plugin Slug:: mapmap
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12415

Plugin:: MeetingList
Plugin Slug:: meeting-list
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12184

Plugin:: Mementor Core
Plugin Slug:: mementor-core
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-11168

Plugin:: My Geo Posts Free
Plugin Slug:: my-geo-posts-free
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11863

Plugin:: Nari Accountant
Plugin Slug:: nari-accountant
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12371

Plugin:: Ninja Countdown
Plugin Slug:: ninja-countdown
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12665

Plugin:: Nonaki
Plugin Slug:: nonaki-email-template-customizer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12644

Plugin:: Twitter Feed
Plugin Slug:: ot-twitter-feed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11860

Plugin:: Pagerank Tools
Plugin Slug:: pagerank-tools
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12416

Plugin:: Paypal Donation Shortcode
Plugin Slug:: paypal-donation-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11859

Plugin:: Posts Navigation Links for Sections and Headings
Plugin Slug:: posts-navigation-links-for-sections-and-headings-free-by-wp-masters
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12188

Plugin:: Precise Columns
Plugin Slug:: precise-columns
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11869

Plugin:: Preload Current Images
Plugin Slug:: preload-current-images
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12658

Plugin:: Progress Bar Blocks for Gutenberg
Plugin Slug:: progressmatify-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12880

Plugin:: RandomQuotr
Plugin Slug:: randomquotr
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12632

Plugin:: Reuse Builder
Plugin Slug:: reuse-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11812

Plugin:: SH Contextual Help
Plugin Slug:: sh-contextual-help
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12410

Plugin:: Share to Google Classroom
Plugin Slug:: share-to-google-classroom
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12711

Plugin:: Shelf Planner
Plugin Slug:: shelf-planner
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11894

Plugin:: Shelf Planner
Plugin Slug:: shelf-planner
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11891

Plugin:: Simple Donate
Plugin Slug:: simple-donate
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11882

Plugin:: Simple User Capabilities
Plugin Slug:: simple-user-capabilities
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-12158

Plugin:: Simple User Capabilities
Plugin Slug:: simple-user-capabilities
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12157

Plugin:: Skip to Timestamp
Plugin Slug:: skip-to-timestamp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11805

Plugin:: Slippy Slider
Plugin Slug:: slippy-slider-responsive-touch-navigation-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11874

Plugin:: SMS for WordPress
Plugin Slug:: sms4wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12580

Plugin:: Squirrels Auto Inventory
Plugin Slug:: squirrels-auto-inventory
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12631

Plugin:: The Total Book Project
Plugin Slug:: the-total-book-project
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12126

Plugin:: Top Bar Notification
Plugin Slug:: top-bar-notification
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12412

Plugin:: Ungapped Widgets
Plugin Slug:: ungapped-widgets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12652

Plugin:: USB Qr Code Scanner For Woocommerce
Plugin Slug:: usb-qr-code-scanner-for-woocommerce
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12588

Plugin:: ViaAds
Plugin Slug:: viaads
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12070

Plugin:: Wisly
Plugin Slug:: wisly
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11532

Plugin:: Woocommerce � Products By Custom Tax
Plugin Slug:: woocommerce-products-by-custom-tax
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11821

Plugin:: WP BBCode
Plugin Slug:: wp-bbcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11873

Plugin:: WP Bootstrap Tabs
Plugin Slug:: wp-bootstrap-tabs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-11822

Plugin:: WP Carticon
Plugin Slug:: wp-carticon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12065

Plugin:: WP Count Down Timer
Plugin Slug:: wp-count-down-timer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12668

Plugin:: WP Custom Admin Login Page Logo
Plugin Slug:: wp-custom-login-page-logo
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12132

Plugin:: Flickr Show
Plugin Slug:: wp-flickrshow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12672

Plugin:: WP Global Screen Options
Plugin Slug:: wp-global-screen-options
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12069

Plugin:: WP-Iconics
Plugin Slug:: wp-iconics
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12671

Plugin:: WP-OAuth
Plugin Slug:: wp-oauth
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12021

Plugin:: WP-Walla
Plugin Slug:: wp-walla
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12589

Plugin:: Social Media WPCF7 Stop Words
Plugin Slug:: wpcf7-stop-words
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-12413

Plugin:: YSlider
Plugin Slug:: yslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-12590

Plugin:: Spectra Gutenberg Blocks � Website Builder for the Block Editor
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.19.15
Severity Score:: Medium
CVE:: 2025-11162

Plugin:: TablePress � Tables in WordPress made easy
Plugin Slug:: tablepress
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2025-12324

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.15.10
Severity Score:: Critical
CVE:: 2025-12197

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.15.10
Severity Score:: Medium
CVE:: 2025-12192

Plugin:: Post SMTP � Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: Broken Authentication
Patched in Version:: 3.6.1
Severity Score:: Critical
CVE:: 2025-11833

Plugin:: SiteSEO � SEO Simplified
Plugin Slug:: siteseo
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Low
CVE:: 2025-12367

Plugin:: Ad Inserter � Ad Manager & AdSense Ads
Plugin Slug:: ad-inserter
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.8
Severity Score:: Medium
CVE:: 2025-11745

Plugin:: Blocksy Companion
Plugin Slug:: blocksy-companion
Installations: 300,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.1.20
Severity Score:: Critical
CVE:: 2025-12846

Plugin:: Advanced Ads ��Ad Manager & AdSense
Plugin Slug:: advanced-ads
Installations: 100,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 2.0.13
Severity Score:: High
CVE:: 2025-10487

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 100,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.1.4
Severity Score:: Critical
CVE:: 2025-11749

Plugin:: Popup and Slider Builder by Depicter � Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.5
Severity Score:: Medium
CVE:: 2025-11373

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.31
Severity Score:: Medium
CVE:: 2025-12177

Plugin:: Gallery Plugin for WordPress � Envira Photo Gallery
Plugin Slug:: envira-gallery-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.12.0
Severity Score:: Medium
CVE:: 2025-11448

Plugin:: Schema & Structured Data for WP & AMP
Plugin Slug:: schema-and-structured-data-for-wp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.52
Severity Score:: Medium
CVE:: 2025-11502

Plugin:: Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
Plugin Slug:: themeisle-companion
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.3
Severity Score:: Medium
CVE:: 2025-12045

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +21 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.2.6
Severity Score:: High
CVE:: 2025-12493

Plugin:: Strong Testimonials
Plugin Slug:: strong-testimonials
Installations: 90,000+
Vulnerability:: Content Injection
Patched in Version:: 3.2.17
Severity Score:: Medium
CVE:: 2025-11268

Plugin:: List category posts
Plugin Slug:: list-category-posts
Installations: 80,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 0.93.0
Severity Score:: Medium
CVE:: 2025-11377

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 12.2.8
Severity Score:: Medium
CVE:: 2025-11841

Plugin:: Qi Blocks
Plugin Slug:: qi-blocks
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2025-12180

Plugin:: Premium Portfolio Features for Phlox theme
Plugin Slug:: auxin-portfolio
Installations: 50,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.3.12
Severity Score:: High
CVE:: 2025-12497

Plugin:: Blog2Social: Social Media Auto Post & Scheduler
Plugin Slug:: blog2social
Installations: 50,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 8.6.1
Severity Score:: Medium
CVE:: 2025-12560

Plugin:: Blog2Social: Social Media Auto Post & Scheduler
Plugin Slug:: blog2social
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.6.1
Severity Score:: Medium
CVE:: 2025-12563

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.3
Severity Score:: Medium
CVE:: 2025-11271

Plugin:: Quick Featured Images
Plugin Slug:: quick-featured-images
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 13.7.4
Severity Score:: High
CVE:: 2025-11980

Plugin:: Better Find and Replace � AI-Powered Suggestions
Plugin Slug:: real-time-auto-find-and-replace
Installations: 50,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 1.7.8
Severity Score:: High
CVE:: 2025-9334

Plugin:: Better Find and Replace � AI-Powered Suggestions
Plugin Slug:: real-time-auto-find-and-replace
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.8
Severity Score:: Medium
CVE:: 2025-12360

Plugin:: Tag, Category, and Taxonomy Manager � AI Autotagger with OpenAI
Plugin Slug:: simple-tags
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.40.1
Severity Score:: High
CVE:: 2025-11972

Plugin:: FunnelKit � Funnel Builder for WooCommerce Checkout
Plugin Slug:: funnel-builder
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.0.1
Severity Score:: High
CVE:: 2025-10567

Plugin:: Hubbub Lite � Fast, free social sharing and follow buttons
Plugin Slug:: social-pug
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.36.1
Severity Score:: High
CVE:: 2025-12471

Plugin:: PowerPress Podcasting plugin by Blubrry
Plugin Slug:: powerpress
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 11.14
Severity Score:: Medium
CVE:: 2025-64201

Plugin:: Inactive Logout
Plugin Slug:: inactive-logout
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2025-11922

Plugin:: FunnelKit Automations � Email Marketing Automation and CRM for WordPress & WooCommerce
Plugin Slug:: wp-marketing-automations
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.6.4.2
Severity Score:: Medium
CVE:: 2025-12468

Plugin:: FunnelKit Automations � Email Marketing Automation and CRM for WordPress & WooCommerce
Plugin Slug:: wp-marketing-automations
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.4.2
Severity Score:: Medium
CVE:: 2025-12469

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.10
Severity Score:: High
CVE:: 2025-11740

Plugin:: Asgaros Forum
Plugin Slug:: asgaros-forum
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.0
Severity Score:: Critical
CVE:: 2025-11452

Plugin:: Classified Listing � AI-Powered Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.1
Severity Score:: Medium
CVE:: 2025-12953

Plugin:: CSS & JavaScript Toolbox
Plugin Slug:: css-javascript-toolbox
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 12.0.6
Severity Score:: Medium
CVE:: 2025-11928

Plugin:: Document Embedder � Embed PDFs, Word, Excel, and Other Files
Plugin Slug:: document-emberdder
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.1
Severity Score:: High
CVE:: 2025-12384

Plugin:: WP2Social Auto Publish
Plugin Slug:: facebook-auto-publish
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.8
Severity Score:: High
CVE:: 2025-12064

Plugin:: Graphina � Charts and Graphs For Elementor
Plugin Slug:: graphina-elementor-charts-and-graphs
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.9
Severity Score:: Medium
CVE:: 2025-11820

Plugin:: Groups
Plugin Slug:: groups
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.8.0
Severity Score:: Medium
CVE:: 2025-11748

Plugin:: HTML Forms � Simple WordPress Forms Plugin
Plugin Slug:: html-forms
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2025-12125

Plugin:: Mang Board WP
Plugin Slug:: mangboard
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.2
Severity Score:: High
CVE:: 2025-12193

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.16.5
Severity Score:: Medium
CVE:: 2025-11835

Plugin:: Visual Link Preview
Plugin Slug:: visual-link-preview
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.8
Severity Score:: Medium
CVE:: 2025-11987

Plugin:: WPeMatico RSS Feed Fetcher
Plugin Slug:: wpematico
Installations: 10,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.8.12
Severity Score:: Medium
CVE:: 2025-11917

Plugin:: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages
Plugin Slug:: wplegalpages
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.2
Severity Score:: Medium
CVE:: 2025-11816

Plugin:: Tablesome Table � Contact Form DB � WPForms, CF7, Gravity, Forminator, Fluent
Plugin Slug:: tablesome
Installations: 9,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.33
Severity Score:: Critical
CVE:: 2025-11499

Plugin:: aThemes Addons for Elementor
Plugin Slug:: athemes-addons-for-elementor-lite
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2025-12837

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.0.1
Severity Score:: Medium
CVE:: 2025-12498

Plugin:: Insert Headers and Footers Code � HT Script
Plugin Slug:: insert-headers-and-footers-script
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2025-12112

Plugin:: Easy WordPress Funnel Builder To Collect Leads And Increase Sales � WPFunnels
Plugin Slug:: wpfunnels
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.3
Severity Score:: Medium
CVE:: 2025-12353

Plugin:: Easy WordPress Funnel Builder To Collect Leads And Increase Sales � WPFunnels
Plugin Slug:: wpfunnels
Installations: 7,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.6.3
Severity Score:: Medium
CVE:: 2025-12000

Plugin:: Mail Mint � Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
Plugin Slug:: mail-mint
Installations: 6,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.18.11
Severity Score:: High
CVE:: 2025-11967

Plugin:: Carousel Block � Responsive Image and Content Carousel
Plugin Slug:: b-carousel-block
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2025-12388

Plugin:: WP Delicious � Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
Plugin Slug:: delicious-recipes
Installations: 5,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.9.1
Severity Score:: Critical
CVE:: 2025-11755

Plugin:: Import WP � Export and Import CSV and XML files to WordPress
Plugin Slug:: jc-importer
Installations: 5,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.14.17
Severity Score:: Medium
CVE:: 2025-12137

Plugin:: Flying Images: Optimize and Lazy Load Images for Faster Page Speed
Plugin Slug:: nazy-load
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.15
Severity Score:: Medium
CVE:: 2025-11927

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.1
Severity Score:: Medium
CVE:: 2025-10873

Plugin:: Document Library Lite
Plugin Slug:: document-library-lite
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2025-11174

Plugin:: Academy LMS � WordPress LMS Plugin for Complete eLearning Solution
Plugin Slug:: academy
Installations: 2,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.3.9
Severity Score:: High
CVE:: 2025-12099

Plugin:: Extensions for Leaflet Map
Plugin Slug:: extensions-leaflet-map
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8
Severity Score:: Medium
CVE:: 2025-12369

Plugin:: Footnotes Made Easy
Plugin Slug:: footnotes-made-easy
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.8
Severity Score:: High
CVE:: 2025-11733

Plugin:: Hydra Booking � Appointment Scheduling & Booking Calendar
Plugin Slug:: hydra-booking
Installations: 2,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.1.28
Severity Score:: Medium
CVE:: 2025-12788

Plugin:: Hydra Booking � Appointment Scheduling & Booking Calendar
Plugin Slug:: hydra-booking
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.28
Severity Score:: Medium
CVE:: 2025-12787

Plugin:: Page & Post Notes
Plugin Slug:: page-post-notes
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2025-12527

Plugin:: Flexible Refund and Return Order for WooCommerce
Plugin Slug:: flexible-refund-and-return-order-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.43
Severity Score:: Medium
CVE:: 2025-12621

Plugin:: Connector Wizard (formerly LC Wizard)
Plugin Slug:: ghl-wizard
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.4.0
Severity Score:: High
CVE:: 2025-5483

Plugin:: Client Invoicing by Sprout Invoices � Easy Estimates and Invoices for WordPress
Plugin Slug:: sprout-invoices
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 20.8.8
Severity Score:: Medium
CVE:: 2025-64229

Plugin:: WP Airbnb Review Slider
Plugin Slug:: wp-airbnb-review-slider
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4
Severity Score:: Medium
CVE:: 2025-12520

Plugin:: WP Discourse
Plugin Slug:: wp-discourse
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.0
Severity Score:: Low
CVE:: 2025-11983

Plugin:: WPCOM Member
Plugin Slug:: wpcom-member
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7.15
Severity Score:: High
CVE:: 2025-11920

Plugin:: ZoloBlocks � Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns
Plugin Slug:: zoloblocks
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.12
Severity Score:: Medium
CVE:: 2025-49903

Plugin:: Smart Auto Upload Images � Import External Images
Plugin Slug:: smart-auto-upload-images
Installations: 900+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.2.1
Severity Score:: Critical
CVE:: 2025-12161

Plugin:: All in One Time Clock Lite � Tracking Employee Time Has Never Been Easier
Plugin Slug:: aio-time-clock-lite
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.4
Severity Score:: Medium
CVE:: 2025-11758

Plugin:: TNC Toolbox: Web Performance
Plugin Slug:: tnc-toolbox
Installations: 800+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.0.0
Severity Score:: Critical
CVE:: 2025-12539

Plugin:: Easy Upload Files During Checkout
Plugin Slug:: easy-upload-files-during-checkout
Installations: 600+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.9.9
Severity Score:: High
CVE:: 2025-12682

Plugin:: Employee Spotlight � Team Member Showcase & Meet the Team Plugin
Plugin Slug:: employee-spotlight
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2025-12090

Plugin:: Contact Form 7 AWeber Extension
Plugin Slug:: integrate-contact-form-7-and-aweber
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 0.1.43
Severity Score:: Medium
CVE:: 2025-12167

Plugin:: RealPress � Real Estate Plugin
Plugin Slug:: realpress
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-11191

Plugin:: CYAN Backup
Plugin Slug:: cyan-backup
Installations: 300+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.5.5
Severity Score:: Medium
CVE:: 2025-12092

Plugin:: Alex Reservations: Smart Restaurant Booking
Plugin Slug:: alex-reservations
Installations: 200+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.2.4
Severity Score:: High
CVE:: 2025-12399

Plugin:: IDonate � Blood Donation, Request And Donor Management System
Plugin Slug:: idonate
Installations: 100+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.1.10
Severity Score:: High
CVE:: 2025-4519

Plugin:: IDonate � Blood Donation, Request And Donor Management System
Plugin Slug:: idonate
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.10
Severity Score:: Medium
CVE:: 2025-4522

Plugin:: Simple Downloads List
Plugin Slug:: simple-downloads-list
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2025-12583

Plugin:: Image Hover Effects for Elementor
Plugin Slug:: image-hover-effects-elementor-addon
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.2.4
Severity Score:: High
CVE:: 2025-10896

Plugin:: Schema Scalpel
Plugin Slug:: schema-scalpel
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2025-12118

Plugin:: Community Events
Plugin Slug:: community-events
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: High
CVE:: 2025-11995

Plugin:: Easy Email Subscription
Plugin Slug:: email-subscription-with-secure-captcha
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2025-10691

Plugin:: Easy Email Subscription
Plugin Slug:: email-subscription-with-secure-captcha
Installations: 30+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.1
Severity Score:: High
CVE:: 2025-10683

Plugin:: Saphali LiqPay for donate
Plugin Slug:: saphali-liqpay-for-donate
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2025-12643

Plugin:: Folderly
Plugin Slug:: folderly
Installations: 10+
Vulnerability:: Broken Access Control
Patched in Version:: 0.3.1
Severity Score:: Low
CVE:: 2025-12038

Plugin:: Academy LMS Pro
Plugin Slug:: academy-pro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.3.9
Severity Score:: Medium
CVE:: 2025-12098

Plugin:: SUMO Affiliates Pro
Plugin Slug:: affs
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 11.1.0
Severity Score:: Medium
CVE:: 2025-64228

Plugin:: Doccure Core
Plugin Slug:: doccure
Vulnerability:: Privilege Escalation
Patched in Version:: 1.5.4
Severity Score:: Critical
CVE:: 2025-8900

Plugin:: Everest Forms Pro
Plugin Slug:: everest-forms-pro
Vulnerability:: PHP Object Injection
Patched in Version:: 1.9.8
Severity Score:: Medium
CVE:: 2025-8871

Plugin:: Gravity Forms
Plugin Slug:: gravityforms
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.9.21
Severity Score:: Critical
CVE:: 2025-12352

Plugin:: Integrate Google Drive
Plugin Slug:: integrate-google-drive
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2025-12139

Plugin:: JetElements For Elementor
Plugin Slug:: jet-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.12.1
Severity Score:: Medium
CVE:: 2025-64355

Plugin:: Ohio Extra
Plugin Slug:: ohio-extra
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: Medium
CVE:: 2025-64365

Plugin:: Ovatheme Events Manager
Plugin Slug:: ova-events-manager
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.7
Severity Score:: Medium
CVE:: 2025-7663

Plugin:: Rey Core
Plugin Slug:: rey-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.9
Severity Score:: Medium
CVE:: 2025-64220

WordPress Themes � 1 Patched / 1 Unpatched

Theme:: Kallyas
Theme Slug:: kallyas
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6990

Theme:: Kallyas
Theme Slug:: kallyas
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.0
Severity Score:: Medium
CVE:: 2025-6988