Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a blue gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � October 1, 2025

[email protected]

In this report, 476 vulnerabilities have been publicly disclosed. Security patches for 136 vulnerabilities in WordPress Core, plugins, and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 340 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8.3 is now available! This is a security release that features two fixes. As this is a security release, we recommend updating your sites immediately. For more information on WordPress 6.8.3, please visit the�version page on the HelpHub site.

Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.8.3
Severity Score:: Medium
CVE:: 2025-58246

Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.8.3
Severity Score:: Medium
CVE:: 2025-58674

WordPress Plugins � 128 Patched / 329 Unpatched

Plugin:: All in One SEO � Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
Plugin Slug:: all-in-one-seo-pack
Installations: 3,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58649

Plugin:: All in One SEO � Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic
Plugin Slug:: all-in-one-seo-pack
Installations: 3,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58650

Plugin:: Sticky Header Effects for Elementor
Plugin Slug:: sticky-header-effects-for-elementor
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58251

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60092

Plugin:: TI WooCommerce Wishlist
Plugin Slug:: ti-woocommerce-wishlist
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58247

Plugin:: 3D FlipBook � PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery
Plugin Slug:: interactive-3d-flipbook-powered-physics-engine
Installations: 80,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58226

Plugin:: Master Slider � Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58025

Plugin:: Getwid � Gutenberg Blocks
Plugin Slug:: getwid
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58252

Plugin:: Image Hover Effects � Elementor Addon
Plugin Slug:: image-hover-effects-addon-for-elementor
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57939

Plugin:: Perfect Brands for WooCommerce
Plugin Slug:: perfect-woocommerce-brands
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58686

Plugin:: DethemeKit for Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57995

Plugin:: Hubbub Lite � Fast, Reliable Social Sharing Buttons
Plugin Slug:: social-pug
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58007

Plugin:: WPFront User Role Editor
Plugin Slug:: wpfront-user-role-editor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60102

Plugin:: Ditty � Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60105

Plugin:: EmailKit � Email Customizer for WooCommerce & WP
Plugin Slug:: emailkit
Installations: 30,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60106

Plugin:: GutenKit � Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor
Plugin Slug:: gutenkit-blocks-addon
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57900

Plugin:: Gutentor � Gutenberg Blocks � Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58680

Plugin:: Ads by Quads � Adsense Ads, Banner Ads, Popup Ads
Plugin Slug:: quick-adsense-reloaded
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53459

Plugin:: WP Events Manager
Plugin Slug:: wp-events-manager
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57987

Plugin:: Geolocation IP Detection
Plugin Slug:: geoip-detect
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57993

Plugin:: Quiz Maker
Plugin Slug:: quiz-maker
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58014

Plugin:: Quiz Maker
Plugin Slug:: quiz-maker
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58015

Plugin:: Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission � WP User Frontend
Plugin Slug:: wp-user-frontend
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58672

Plugin:: Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission � WP User Frontend
Plugin Slug:: wp-user-frontend
Installations: 20,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58673

Plugin:: Blog Designer
Plugin Slug:: blog-designer
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57990

Plugin:: Passster � Password Protect Pages and Content
Plugin Slug:: content-protector
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57926

Plugin:: Translate WordPress with ConveyThis
Plugin Slug:: conveythis-translate
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-57919

Plugin:: Dashboard Notepad
Plugin Slug:: dashboard-notepad
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57927

Plugin:: Gallery Lightbox
Plugin Slug:: gallery-lightbox-slider
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57966

Plugin:: Portfolio for Elementor & Image Gallery | PowerFolio
Plugin Slug:: portfolio-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57932

Plugin:: Qubely � Advanced Gutenberg Blocks
Plugin Slug:: qubely
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58249

Plugin:: Qubely � Advanced Gutenberg Blocks
Plugin Slug:: qubely
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58663

Plugin:: WP Subtitle
Plugin Slug:: wp-subtitle
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57986

Plugin:: Convert WordPress to app | AppMySite
Plugin Slug:: appmysite
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58679

Plugin:: FAQ / Accordion / Docs / KB � Helpie WordPress FAQ Accordion plugin
Plugin Slug:: helpie-faq
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58659

Plugin:: No External Links
Plugin Slug:: mihdan-no-external-links
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53451

Plugin:: WP Mailto Links � Protect Email Addresses
Plugin Slug:: wp-mailto-links
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53464

Plugin:: Awesome Support � WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 8,000+
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58662

Plugin:: Participants Database
Plugin Slug:: participants-database
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58008

Plugin:: Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More � WP Project Manager
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58269

Plugin:: Poll Maker � Versus Polls, Anonymous Polls, Image Polls
Plugin Slug:: poll-maker
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57954

Plugin:: CoDesigner � All in One Elementor WooCommerce Builder
Plugin Slug:: woolementor
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57961

Plugin:: YayCurrency � WooCommerce Multi-Currency Switcher
Plugin Slug:: yaycurrency
Installations: 7,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60114

Plugin:: Flexible PDF Invoices for WooCommerce & WordPress
Plugin Slug:: flexible-invoices
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-57977

Plugin:: WordPress Mega menu Plugin � Groovy Menu (Free)
Plugin Slug:: groovy-menu-free
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60113

Plugin:: Gutenify � Visual Site Builder Blocks & Site Templates.
Plugin Slug:: gutenify
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-53324

Plugin:: Instapage Plugin
Plugin Slug:: instapage
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60115

Plugin:: WP Social Widget
Plugin Slug:: wp-social-widget
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57981

Plugin:: WordPress Classifieds Plugin � Ad Directory & Listings by AWP Classifieds
Plugin Slug:: another-wordpress-classifieds-plugin
Installations: 4,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57928

Plugin:: Mail Subscribe List
Plugin Slug:: mail-subscribe-list
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58018

Plugin:: Post Carousel Slider for Elementor
Plugin Slug:: post-carousel-slider-for-elementor
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57955

Plugin:: Simple JWT Login � Allows you to use JWT on REST endpoints.
Plugin Slug:: simple-jwt-login
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58648

Plugin:: Ultimate Store Kit � Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
Plugin Slug:: ultimate-store-kit
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58017

Plugin:: Cecabank WooCommerce Plugin
Plugin Slug:: cecabank-woocommerce
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58685

Plugin:: CoSchedule
Plugin Slug:: coschedule-by-todaymade
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60119

Plugin:: E-namad & Shamed Logo Manager
Plugin Slug:: e-namad-shamed-logo-manager
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57998

Plugin:: HivePress Claim Listings
Plugin Slug:: hivepress-claim-listings
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60123

Plugin:: HivePress Claim Listings
Plugin Slug:: hivepress-claim-listings
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60122

Plugin:: Login-Logout
Plugin Slug:: login-logout
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53467

Plugin:: Plugin Ongkos Kirim JNE Tiki Sicepat Wahana J&T POS for Woocommerce
Plugin Slug:: ongkoskirim-id
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57949

Plugin:: Designil PDPA Thailand
Plugin Slug:: pdpa-thailand
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58028

Plugin:: Piotnet Forms
Plugin Slug:: piotnetforms
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57933

Plugin:: Podlove Subscribe button
Plugin Slug:: podlove-subscribe-button
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58227

Plugin:: Text To Speech TTS Accessibility
Plugin Slug:: text-to-audio
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58664

Plugin:: CardCom Payment Gateway
Plugin Slug:: woo-cardcom-payment-gateway
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57976

Plugin:: WP Directory Kit
Plugin Slug:: wpdirectorykit
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60120

Plugin:: Compact Archives
Plugin Slug:: compact-archives
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58001

Plugin:: Estonian Shipping Methods for WooCommerce
Plugin Slug:: estonian-shipping-methods-for-woocommerce
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58656

Plugin:: Photo Gallery by Ays � Responsive Image Gallery
Plugin Slug:: gallery-photo-gallery
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57947

Plugin:: GD bbPress Tools
Plugin Slug:: gd-bbpress-tools
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58002

Plugin:: Import Markdown � Versatile Markdown Importer
Plugin Slug:: import-markdown
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57901

Plugin:: Simple Colorbox
Plugin Slug:: simple-colorbox
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60124

Plugin:: Sitekit
Plugin Slug:: sitekit
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58229

Plugin:: Bitly’s WordPress Plugin
Plugin Slug:: wp-bitly
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58231

Plugin:: Advance Portfolio Grid, Slider and Gallery � Showcase Projects, Images and Videos
Plugin Slug:: advance-portfolio-grid
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57982

Plugin:: Advanced Appointment Booking & Scheduling
Plugin Slug:: advanced-appointment-booking-scheduling
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57978

Plugin:: Smart Related Products � AI-Inspired Recommendations for WooCommerce
Plugin Slug:: ai-related-products
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60160

Plugin:: Append extensions on Pages
Plugin Slug:: append-extensions-on-pages
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57940

Plugin:: Append Link on Copy
Plugin Slug:: append-link-on-copy
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57941

Plugin:: AuthorSure
Plugin Slug:: authorsure
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57979

Plugin:: BP Disable Activation Reloaded
Plugin Slug:: bp-disable-activation-reloaded
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57983

Plugin:: CF7 Submissions � Securely Store Contact Form 7 Data and Attachments, Reply to the Sender and more
Plugin Slug:: cf7-submissions
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58016

Plugin:: Classic Widgets with Block-based Widgets
Plugin Slug:: classic-widgets-with-block-based-widgets
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58029

Plugin:: Content Mask
Plugin Slug:: content-mask
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58011

Plugin:: Content Mask
Plugin Slug:: content-mask
Installations: 1,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2025-58012

Plugin:: CP Multi View Event Calendar
Plugin Slug:: cp-multi-view-calendar
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2025-58009

Plugin:: Di Themes Demo Site Importer
Plugin Slug:: di-themes-demo-site-importer
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58914

Plugin:: Delisho � Recipe Widgets and Blocks
Plugin Slug:: dr-widgets-blocks
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60128

Plugin:: Emergency Password Reset
Plugin Slug:: emergency-password-reset
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57942

Plugin:: Fastly
Plugin Slug:: fastly
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58199

Plugin:: Flexible FAQ
Plugin Slug:: flexible-faq
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58200

Plugin:: Force Update Translations
Plugin Slug:: force-update-translations
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58236

Plugin:: Genesis Club Lite
Plugin Slug:: genesis-club-lite
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58691

Plugin:: Connector Wizard (formerly LC Wizard)
Plugin Slug:: ghl-wizard
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58237

Plugin:: Hide WP Toolbar
Plugin Slug:: hide-wp-toolbar
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57969

Plugin:: HT Mega � Absolute Addons for WPBakery Page Builder
Plugin Slug:: ht-mega-for-wpbakery
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53463

Plugin:: Beaf � Photo Comparison Block
Plugin Slug:: image-compare-block
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53461

Plugin:: Kama Click Counter
Plugin Slug:: kama-clic-counter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58682

Plugin:: Last Updated Shortcode
Plugin Slug:: last-updated-shortcode
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58683

Plugin:: Logo Showcase � Responsive Logo Carousel, Grid, List & Ticker for WordPress
Plugin Slug:: logo-showcase
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58684

Plugin:: MakeStories (for Google Web Stories)
Plugin Slug:: makestories-helper
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57984

Plugin:: MarketKing � Ultimate WooCommerce Multivendor Marketplace Solution
Plugin Slug:: marketking-multivendor-marketplace-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58702

Plugin:: Memberful � Membership Plugin
Plugin Slug:: memberful-wp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58000

Plugin:: Yoga Schedule Momoyoga
Plugin Slug:: momoyoga-integration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9852

Plugin:: Netgsm
Plugin Slug:: netgsm
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60143

Plugin:: Frontend File Manager Plugin
Plugin Slug:: nmedia-user-file-uploader
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57921

Plugin:: Sendle Shipping Plugin
Plugin Slug:: official-sendle-shipping-method
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60139

Plugin:: PilotPress
Plugin Slug:: pilotpress
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58221

Plugin:: PilotPress
Plugin Slug:: pilotpress
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58238

Plugin:: PlayerJS
Plugin Slug:: playerjs
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58651

Plugin:: Plugin Security Scanner
Plugin Slug:: plugin-security-scanner
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57950

Plugin:: Post Featured Video
Plugin Slug:: post-featured-video
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60137

Plugin:: Product Addons and Product Options With Custom Fields � WowAddons
Plugin Slug:: product-addons
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57958

Plugin:: SALESmanago & Leadoo
Plugin Slug:: salesmanago
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57970

Plugin:: SALESmanago & Leadoo
Plugin Slug:: salesmanago
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57971

Plugin:: SiteNarrator Text-to-Speech Widget
Plugin Slug:: sitespeaker-widget
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57951

Plugin:: Skimlinks Affiliate Marketing Tool
Plugin Slug:: skimlinks
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57943

Plugin:: Skimlinks Affiliate Marketing Tool
Plugin Slug:: skimlinks
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57944

Plugin:: SKT Blocks � Gutenberg based Page Builder
Plugin Slug:: skt-blocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60138

Plugin:: Skyword XMLRPC publishing
Plugin Slug:: skyword-plugin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58703

Plugin:: Slightly troublesome permalink
Plugin Slug:: slightly-troublesome-permalink
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57959

Plugin:: SV Proven Expert
Plugin Slug:: sv-provenexpert
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58010

Plugin:: Testimonial Slider � Free Testimonials Slider Plugin
Plugin Slug:: testimonial-add
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60126

Plugin:: Ultimate Watermark � Advanced Image Watermarking
Plugin Slug:: ultimate-watermark
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57985

Plugin:: Upcoming Events Lists
Plugin Slug:: upcoming-events-lists
Installations: 1,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57994

Plugin:: User Notes
Plugin Slug:: user-notes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60136

Plugin:: Draft � Tailwind CSS for WordPress.
Plugin Slug:: website-builder
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58033

Plugin:: Website Chat Button: Kommo integration
Plugin Slug:: website-chat-button-kommo-integration
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58666

Plugin:: Werk aan de Muur
Plugin Slug:: werk-aan-de-muur
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60131

Plugin:: WEDOS Global (CDN Cache & Security)
Plugin Slug:: wgpwpp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60130

Plugin:: WPB Quick View Popup for WooCommerce
Plugin Slug:: woocommerce-lightbox
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57967

Plugin:: WP Advanced PDF
Plugin Slug:: wp-advanced-pdf
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57945

Plugin:: Category Dropdown by GCS Design
Plugin Slug:: wp-category-dropdown
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58239

Plugin:: WP Compiler
Plugin Slug:: wp-compiler
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58032

Plugin:: CopySafe Web Protection
Plugin Slug:: wp-copysafe-web
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60127

Plugin:: WP Delete User Accounts
Plugin Slug:: wp-delete-user-accounts
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58704

Plugin:: Subresource Integrity (SRI) Manager
Plugin Slug:: wp-sri
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57936

Plugin:: Team Manager � Team Member Showcase with grid, slider, table Elementor widget & shortcode
Plugin Slug:: wp-team-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58222

Plugin:: xili-tidy-tags
Plugin Slug:: xili-tidy-tags
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58240

Plugin:: ZoloBlocks � Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns
Plugin Slug:: zoloblocks
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60161

Plugin:: ZoloBlocks � Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns
Plugin Slug:: zoloblocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58230

Plugin:: BMI Adult & Kid Calculator
Plugin Slug:: bmi-adultkid-calculator
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53469

Plugin:: Bot Block � Stop Spam Referrals in Google Analytics
Plugin Slug:: bot-block-stop-spam-google-analytics-referrals
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57935

Plugin:: Developer
Plugin Slug:: developer
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57924

Plugin:: WeShare Buttons
Plugin Slug:: e-mailit
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60135

Plugin:: Highlight and Share � Social Text and Image Sharing
Plugin Slug:: highlight-and-share
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58260

Plugin:: Lenix scss compiler
Plugin Slug:: lenix-scss-compiler
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60145

Plugin:: Lenix scss compiler
Plugin Slug:: lenix-scss-compiler
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60144

Plugin:: LWS Affiliation
Plugin Slug:: lws-affiliation
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57934

Plugin:: Mail Baby SMTP
Plugin Slug:: mail-baby-smtp
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57992

Plugin:: Map Categories to Pages
Plugin Slug:: map-categories-to-pages
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60146

Plugin:: PE Easy Slider
Plugin Slug:: pe-easy-slider
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60133

Plugin:: SEO Backlink Monitor
Plugin Slug:: seo-backlink-monitor
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53456

Plugin:: SEO Backlink Monitor
Plugin Slug:: seo-backlink-monitor
Installations: 900+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53457

Plugin:: Simple Meta Tags
Plugin Slug:: simple-meta-tags
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60142

Plugin:: The Tribal Plugin
Plugin Slug:: the-tech-tribe
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60141

Plugin:: The Tribal Plugin
Plugin Slug:: the-tech-tribe
Installations: 900+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60140

Plugin:: TOCHAT.BE
Plugin Slug:: tochat-be
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57915

Plugin:: Ultimate WP Mail
Plugin Slug:: ultimate-wp-mail
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53454

Plugin:: Video Blogster Lite
Plugin Slug:: video-blogster-lite
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60132

Plugin:: WP Media Categories
Plugin Slug:: wp-media-categories
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60134

Plugin:: WP System Information
Plugin Slug:: wp-system-info
Installations: 900+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57916

Plugin:: Yext Plugin
Plugin Slug:: yext
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60129

Plugin:: BuddyPress Notification Widget
Plugin Slug:: buddypress-notifications-widget
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58263

Plugin:: Category Featured Images
Plugin Slug:: category-featured-images
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58655

Plugin:: StylePress for Elementor
Plugin Slug:: full-site-builder-for-elementor
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58254

Plugin:: Gianism
Plugin Slug:: gianism
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58266

Plugin:: HT Feed
Plugin Slug:: ht-instagram
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60147

Plugin:: Image Editor by Pixo
Plugin Slug:: image-editor-by-pixo
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58232

Plugin:: Pinterest Pinboard Widget
Plugin Slug:: pinterest-pinboard-widget
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58248

Plugin:: Real Estate Manager � Property Listing and Agent Management
Plugin Slug:: real-estate-manager
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58253

Plugin:: Events Manager � OpenStreetMaps
Plugin Slug:: stonehenge-em-osm
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58265

Plugin:: xili-language
Plugin Slug:: xili-language
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58654

Plugin:: Carousel Ultimate
Plugin Slug:: carousel
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58652

Plugin:: WP Gravity Forms HubSpot
Plugin Slug:: gf-hubspot
Installations: 700+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60151

Plugin:: JS Job Manager
Plugin Slug:: js-jobs
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58234

Plugin:: MWW Disclaimer Buttons
Plugin Slug:: mww-disclaimer-buttons
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60154

Plugin:: Notely
Plugin Slug:: notely
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60149

Plugin:: Portfolio by BestWebSoft � Work and Projects Presentation Plugin for WordPress
Plugin Slug:: portfolio
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58245

Plugin:: SQL Chart Builder
Plugin Slug:: sql-chart-builder
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58233

Plugin:: Buckets
Plugin Slug:: buckets
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57996

Plugin:: Genealogical Tree � WordPress Family Tree
Plugin Slug:: genealogical-tree
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58023

Plugin:: Shortcode
Plugin Slug:: shortcode
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58022

Plugin:: SnapWidget Social Photo Feed Widget
Plugin Slug:: snapwidget-wp-instagram-widget
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58241

Plugin:: Theater for WordPress
Plugin Slug:: theatre
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58020

Plugin:: VikRestaurants Table Reservations and Take-Away
Plugin Slug:: vikrestaurants
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57962

Plugin:: VikRestaurants Table Reservations and Take-Away
Plugin Slug:: vikrestaurants
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-57968

Plugin:: WooMS
Plugin Slug:: wooms
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57956

Plugin:: WooMS
Plugin Slug:: wooms
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57957

Plugin:: WordPress Widgets Shortcode
Plugin Slug:: wp-widgets-shortcode
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57989

Plugin:: AgreeMe Checkboxes For WooCommerce
Plugin Slug:: agreeme-checkboxes-for-woocommerce
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57905

Plugin:: AR for WordPress
Plugin Slug:: ar-for-wordpress
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-60156

Plugin:: Card Elements for WPBakery
Plugin Slug:: card-elements-for-wpbakery
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58220

Plugin:: Category Featured Images Extended
Plugin Slug:: category-featured-images-extended
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57920

Plugin:: Env�os Coordinadora Woocommerce (Oficial) � WordPress plugin
Plugin Slug:: coordinadora
Installations: 500+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57922

Plugin:: DELUCKS SEO
Plugin Slug:: delucks-seo
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53570

Plugin:: WP Frontend Admin � Display WP Admin Pages in the Frontend
Plugin Slug:: display-admin-page-on-frontend
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57898

Plugin:: Epeken All Kurir Plugin for Woocommerce Full Version
Plugin Slug:: epeken-all-kurir
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57906

Plugin:: Front End Users
Plugin Slug:: front-end-only-users
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58235

Plugin:: Heureka
Plugin Slug:: heureka
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57907

Plugin:: Library Bookshelves
Plugin Slug:: library-bookshelves
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57964

Plugin:: Maps for WP
Plugin Slug:: maps-for-wp
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57952

Plugin:: NGG Smart Image Search
Plugin Slug:: ngg-smart-image-search
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58027

Plugin:: Nota Fiscal Eletr�nica WooCommerce
Plugin Slug:: nota-fiscal-eletronica-woocommerce
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60159

Plugin:: Nota Fiscal Eletr�nica WooCommerce
Plugin Slug:: nota-fiscal-eletronica-woocommerce
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60158

Plugin:: payOS
Plugin Slug:: payos
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57946

Plugin:: Behance Portfolio Manager
Plugin Slug:: portfolio-manager-powered-by-behance
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57913

Plugin:: Product Time Countdown for WooCommerce
Plugin Slug:: product-countdown-for-woocommerce
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57908

Plugin:: Tapfiliate
Plugin Slug:: tapfiliate
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58689

Plugin:: UK Address Postcode Validation
Plugin Slug:: uk-address-postcode-validation
Installations: 500+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57923

Plugin:: Deliver via Shipos for WooCommerce
Plugin Slug:: wc-shipos-delivery
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57914

Plugin:: JSM file_get_contents() Shortcode
Plugin Slug:: wp-file-get-contents
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58653

Plugin:: WP Proposals
Plugin Slug:: wp-proposals
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57965

Plugin:: Zoho Billing � Embed Payment Form
Plugin Slug:: zoho-subscriptions
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57963

Plugin:: bbp topic count
Plugin Slug:: bbp-topic-count
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60163

Plugin:: WP Gravity Forms Keap/Infusionsoft
Plugin Slug:: gf-infusionsoft
Installations: 400+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58006

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60162

Plugin:: NewsmanApp
Plugin Slug:: newsmanapp
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60164

Plugin:: Helpdesk Support Ticket System for WooCommerce
Plugin Slug:: support-ticket-system-for-woocommerce
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57972

Plugin:: TZ Plus Gallery
Plugin Slug:: tz-plus-gallery
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57974

Plugin:: Sales Count Manager for WooCommerce
Plugin Slug:: wc-sales-count-manager
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57904

Plugin:: Additional Fees For WooCommerce Checkout (Free)
Plugin Slug:: woo-additional-fees-on-checkout-wordpress
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57903

Plugin:: Goracash
Plugin Slug:: goracash
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53458

Plugin:: AnyClip Luminous Studio
Plugin Slug:: anyclip-media
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57910

Plugin:: AnyClip Luminous Studio
Plugin Slug:: anyclip-media
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58271

Plugin:: Form Generator for WordPress
Plugin Slug:: form-generator-powered-by-jotform
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58665

Plugin:: VoucherPress
Plugin Slug:: voucherpress
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58223

Plugin:: Auction Feed
Plugin Slug:: auction-feed
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58671

Plugin:: Editor Custom Color Palette
Plugin Slug:: editor-custom-color-palette
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57909

Plugin:: HotelRunner Booking Widget
Plugin Slug:: hotelrunner
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60168

Plugin:: Magento 2 WordPress Integration
Plugin Slug:: m2wp
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58669

Plugin:: Mavis HTTPS to HTTP Redirection
Plugin Slug:: mavis-https-to-http-redirect
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58261

Plugin:: eZee Online Hotel Booking Engine
Plugin Slug:: online-booking-engine
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58661

Plugin:: Page Manager for Elementor
Plugin Slug:: page-manager-for-elementor
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60167

Plugin:: Printcart Web to Print Product Designer for WooCommerce
Plugin Slug:: printcart-integration
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57917

Plugin:: Proof Factor � Social Proof Notifications
Plugin Slug:: proof-factor-social-proof-notifications
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58658

Plugin:: GSheets Connector
Plugin Slug:: sheetlink
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-53465

Plugin:: Sweet Energy Efficiency
Plugin Slug:: sweet-energy-efficiency
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58262

Plugin:: Verowa Connect
Plugin Slug:: verowa-connect
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58257

Plugin:: WPMK PDF Generator
Plugin Slug:: wpmk-pdf-generator
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58268

Plugin:: LinkedInclude
Plugin Slug:: linkedinclude
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-57918

Plugin:: Mobi2Go
Plugin Slug:: mobi2go
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58646

Plugin:: NIX Anti-Spam Light
Plugin Slug:: nix-anti-spam-light
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58270

Plugin:: Stock Message
Plugin Slug:: stock-message
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58267

Plugin:: WP Content Protection
Plugin Slug:: wp-content-protection
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58670

Plugin:: WordPress Adverts Plugin � Adverts Click Tracker
Plugin Slug:: adverts-click-tracker
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57911

Plugin:: Grid
Plugin Slug:: grid
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58657

Plugin:: HORIZONTAL SLIDER
Plugin Slug:: horizontal-slider
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58676

Plugin:: HTACCESS IP Blocker
Plugin Slug:: htaccess-ip-blocker
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60170

Plugin:: ShrinkTheWeb (STW) Website Previews Plugin
Plugin Slug:: shrinktheweb-website-preview-plugin
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58677

Plugin:: W3SCloud Contact Form 7 to Zoho CRM
Plugin Slug:: w3s-cf7-zoho
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60169

Plugin:: Flytedesk Digital
Plugin Slug:: flytedesk-digital
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60172

Plugin:: GST for WooCommerce
Plugin Slug:: gst-for-woocommerce
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60173

Plugin:: Show Pages List
Plugin Slug:: show-pages-list
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58219

Plugin:: Simple Restaurant Menu
Plugin Slug:: simple-restaurant-menu
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58647

Plugin:: Casengo Live Chat Support
Plugin Slug:: the-casengo-chat-widget
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58688

Plugin:: Conditional Cart Messages for WooCommerce � YourPlugins.com
Plugin Slug:: yourplugins-wc-conditional-cart-notices
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60171

Plugin:: RIS Version Switcher � Downgrade or Upgrade WP Versions Easily
Plugin Slug:: ris-version-switcher
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57902

Plugin:: SAPO Feed
Plugin Slug:: sapo-feed
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53462

Plugin:: WP Tesseract
Plugin Slug:: wp-tesseract
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60176

Plugin:: DOAJ Export
Plugin Slug:: doaj-export
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58256

Plugin:: Google+ Comments
Plugin Slug:: google-plus-comments
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60186

Plugin:: Gravitate Automated Tester
Plugin Slug:: gravitate-automated-tester
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58645

Plugin:: HieCOR Payment Gateway Plugin
Plugin Slug:: hcv4-payment-gateway
Installations: 40+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-52773

Plugin:: kontur Admin Style
Plugin Slug:: kontur-admin-style
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60185

Plugin:: Recaptcha � wp
Plugin Slug:: recaptcha-wp
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60177

Plugin:: SEO Search Permalink
Plugin Slug:: seo-search-permalink
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60184

Plugin:: Bg Church Memos
Plugin Slug:: bg-church-memos
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58242

Plugin:: Wp tabber widget
Plugin Slug:: wp-tabber-widget
Installations: 20+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-53468

Plugin:: Custom Post Type Images
Plugin Slug:: custom-post-types-image
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-58255

Plugin:: Dialogity Free Live Chat
Plugin Slug:: dialogity-website-chat
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57912

Plugin:: WP Virtual Assistant
Plugin Slug:: VirtualAssistant
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60155

Plugin:: AllInOne – Banner Rotator
Plugin Slug:: all-in-one-bannerRotator
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60110

Plugin:: LambertGroup – AllInOne – Banner with Playlist
Plugin Slug:: all-in-one-bannerWithPlaylist
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60107

Plugin:: LambertGroup – AllInOne – Content Slider
Plugin Slug:: all-in-one-contentSlider
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60109

Plugin:: All in One Music Player
Plugin Slug:: all-in-one-music-player
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8559

Plugin:: LambertGroup – AllInOne – Banner with Thumbnails
Plugin Slug:: all-in-one-thumbnailsBanner
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60108

Plugin:: All Social Share Options
Plugin Slug:: all-social-share-options
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10131

Plugin:: Eulerpool Research Systems
Plugin Slug:: alleaktien-quantitativ
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10128

Plugin:: Any News Ticker
Plugin Slug:: any-news-ticker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10168

Plugin:: Bei Fen
Plugin Slug:: bei-fen
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-9993

Plugin:: BP Direct Menus
Plugin Slug:: bp-direct-menus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10189

Plugin:: cForms
Plugin Slug:: cforms-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9898

Plugin:: Chat by Chatwee
Plugin Slug:: chatwee
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9948

Plugin:: Click & Tweet
Plugin Slug:: click-tweet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60179

Plugin:: Copypress Rest API
Plugin Slug:: copypress-rest-api
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-8625

Plugin:: dbview
Plugin Slug:: dbview
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10182

Plugin:: Directory Pro
Plugin Slug:: directory-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57948

Plugin:: Easy Hotel Booking
Plugin Slug:: easy-hotel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-57938

Plugin:: Easy Pricing Table WP
Plugin Slug:: easy-pricing-table-wp
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-53450

Plugin:: Event Rocket
Plugin Slug:: event-rocket
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-53452

Plugin:: Silencesoft RSS Reader
Plugin Slug:: external-rss-reader
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60183

Plugin:: Silencesoft RSS Reader
Plugin Slug:: external-rss-reader
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60181

Plugin:: FancyTabs
Plugin Slug:: fancytabs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8560

Plugin:: FoodBook
Plugin Slug:: foodbook
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60125

Plugin:: Grand Conference Theme Custom Post Type
Plugin Slug:: grandconference-custom-post
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60116

Plugin:: GutenBee
Plugin Slug:: gutenbee
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8566

Plugin:: Printeers Print & Ship
Plugin Slug:: invition-print-ship
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58224

Plugin:: Javo Core
Plugin Slug:: javo-core
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60111

Plugin:: Javo Core
Plugin Slug:: javo-core
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58003

Plugin:: Layers
Plugin Slug:: layers
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10130

Plugin:: ListingPro
Plugin Slug:: listingpro-plugin
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60103

Plugin:: ListingPro Reviews
Plugin Slug:: listingpro-reviews
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58667

Plugin:: Mihdan: Elementor Yandex Maps
Plugin Slug:: mihdan-elementor-yandex-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8608

Plugin:: My AskAI
Plugin Slug:: my-askai
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10179

Plugin:: Nexa Blocks
Plugin Slug:: nexa-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8624

Plugin:: Oshine Core
Plugin Slug:: oshine-core
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58660

Plugin:: PGS Core
Plugin Slug:: pgs-core
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60118

Plugin:: planetcalc
Plugin Slug:: planetcalc
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8777

Plugin:: PopAd
Plugin Slug:: popad
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60175

Plugin:: Post By Email
Plugin Slug:: post-by-email
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-9762

Plugin:: Accordion FAQ
Plugin Slug:: pressapps-accordion-faq
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58024

Plugin:: Professional Contact Form
Plugin Slug:: professional-contact-form
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9944

Plugin:: Subscribe to Download
Plugin Slug:: subscribe-to-download
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60150

Plugin:: Subscribe to Download
Plugin Slug:: subscribe-to-download
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60148

Plugin:: Subscribe To Unlock
Plugin Slug:: subscribe-to-unlock
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-60153

Plugin:: Subscribe To Unlock
Plugin Slug:: subscribe-to-unlock
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60152

Plugin:: Survey Anyplace
Plugin Slug:: surveyanyplace
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10196

Plugin:: Sync Feedly
Plugin Slug:: sync-feedly
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9894

Plugin:: TF Woo Product Grid Addon For Elementor
Plugin Slug:: tf-woo-product-grid
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-59007

Plugin:: The Pack Elementor addons
Plugin Slug:: the-pack-addon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8214

Plugin:: Tiny Bootstrap Elements Light
Plugin Slug:: tiny-bootstrap-elements-light
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-9991

Plugin:: Trust Reviews
Plugin Slug:: trust-reviews
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9899

Plugin:: TweetThis Shortcode
Plugin Slug:: tweetthis-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10136

Plugin:: VM Menu Reorder
Plugin Slug:: vm-menu-reorder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9893

Plugin:: WeedMaps Menu
Plugin Slug:: weedmaps-menu-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8623

Plugin:: Big Post Shipping for WooCommerce
Plugin Slug:: woo-bigpost-shipping
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-10191

Plugin:: WooEvents
Plugin Slug:: woo-events
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60121

Plugin:: WP Subscription Forms PRO
Plugin Slug:: wp-subscription-forms-pro
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60166

Plugin:: Popup Maker � Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.21.0
Severity Score:: Medium
CVE:: 2025-9490

Plugin:: Backuply � Backup, Restore, Migrate and Clone
Plugin Slug:: backuply
Installations: 600,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.4.9
Severity Score:: Medium
CVE:: 2025-10307

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 600,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.12.1
Severity Score:: Medium
CVE:: 2025-10498

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 600,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.12.1
Severity Score:: Medium
CVE:: 2025-10499

Plugin:: WP Statistics � Simple, privacy-friendly Google Analytics alternative
Plugin Slug:: wp-statistics
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 14.15.5
Severity Score:: High
CVE:: 2025-9816

Plugin:: Translate Multilingual sites � TranslatePress
Plugin Slug:: translatepress-multilingual
Installations: 400,000+
Vulnerability:: Deserialization of untrusted data
Patched in Version:: 2.10.3
Severity Score:: High
CVE:: 2025-58592

Plugin:: SureForms � Drag and Drop Contact Form Builder � Multi-step Forms, Conversational Forms and more
Plugin Slug:: sureforms
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2025-8282

Plugin:: Admin and Site Enhancements (ASE)
Plugin Slug:: admin-site-enhancements
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.9.8
Severity Score:: Medium
CVE:: 2025-9487

Plugin:: Nextend Social Login and Register
Plugin Slug:: nextend-facebook-connect
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.20
Severity Score:: Medium
CVE:: 2025-58031

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.334
Severity Score:: Medium
CVE:: 2025-59593

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.3.25
Severity Score:: Medium
CVE:: 2025-60093

Plugin:: LatePoint � Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2.0
Severity Score:: High
CVE:: 2025-7052

Plugin:: LatePoint � Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 100,000+
Vulnerability:: Broken Authentication
Patched in Version:: 5.2.0
Severity Score:: High
CVE:: 2025-7038

Plugin:: LatePoint � Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.0
Severity Score:: Medium
CVE:: 2025-6815

Plugin:: LatePoint � Calendar Booking Plugin for Appointments and Events
Plugin Slug:: latepoint
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.0
Severity Score:: Medium
CVE:: 2025-6941

Plugin:: Make Column Clickable for Elementor
Plugin Slug:: make-column-clickable-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.1
Severity Score:: Medium
CVE:: 2025-59592

Plugin:: Stackable � Page Builder Gutenberg Blocks
Plugin Slug:: stackable-ultimate-gutenberg-blocks
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.19.0
Severity Score:: Medium
CVE:: 2025-60095

Plugin:: Stackable � Page Builder Gutenberg Blocks
Plugin Slug:: stackable-ultimate-gutenberg-blocks
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.19.0
Severity Score:: Medium
CVE:: 2025-60094

Plugin:: Featured Image from URL (FIFU)
Plugin Slug:: featured-image-from-url
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.2.8
Severity Score:: High
CVE:: 2025-10037

Plugin:: Featured Image from URL (FIFU)
Plugin Slug:: featured-image-from-url
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.8
Severity Score:: Medium
CVE:: 2025-9984

Plugin:: Featured Image from URL (FIFU)
Plugin Slug:: featured-image-from-url
Installations: 80,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.2.8
Severity Score:: Medium
CVE:: 2025-9985

Plugin:: Jupiter X Core
Plugin Slug:: jupiterx-core
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.11.1
Severity Score:: Medium
CVE:: 2025-58264

Plugin:: Comments � wpDiscuz
Plugin Slug:: wpdiscuz
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.6.34
Severity Score:: Medium
CVE:: 2025-59591

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.29
Severity Score:: Medium
CVE:: 2025-59590

Plugin:: Embed Any Document � Embed PDF, Word, PowerPoint and Excel Files
Plugin Slug:: embed-any-document
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.8
Severity Score:: Medium
CVE:: 2025-60099

Plugin:: ShopEngine Elementor WooCommerce Builder Addon � All in One WooCommerce Solution
Plugin Slug:: shopengine
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.8.4
Severity Score:: Low
CVE:: 2025-10173

Plugin:: Theme My Login
Plugin Slug:: theme-my-login
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.1.13
Severity Score:: Medium
CVE:: 2025-60098

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4.3
Severity Score:: Medium
CVE:: 2025-57973

Plugin:: Better Find and Replace � AI-Powered Suggestions
Plugin Slug:: real-time-auto-find-and-replace
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.7
Severity Score:: Medium
CVE:: 2025-53466

Plugin:: Ajax Load More � Infinite Scroll
Plugin Slug:: ajax-load-more
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.6.1
Severity Score:: Medium
CVE:: 2025-59582

Plugin:: Page-list
Plugin Slug:: page-list
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9
Severity Score:: Medium
CVE:: 2025-58030

Plugin:: Gallery Custom Links
Plugin Slug:: gallery-custom-links
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.6
Severity Score:: Medium
CVE:: 2025-60104

Plugin:: Team Members
Plugin Slug:: team-members
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.6
Severity Score:: Medium
CVE:: 2025-8440

Plugin:: Trustpilot Reviews
Plugin Slug:: trustpilot-reviews
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2025-57997

Plugin:: Accordion � AI FAQ, Accordion, Tabs, Image Accordion, Product FAQ, FAQ Builder, FAQ Grid
Plugin Slug:: accordions
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.16
Severity Score:: Medium
CVE:: 2025-58678

Plugin:: Ibtana � WordPress Website Builder
Plugin Slug:: ibtana-visual-editor
Installations: 20,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 1.2.5.4
Severity Score:: Medium
CVE:: 2025-59581

Plugin:: Custom Block Builder � Lazy Blocks
Plugin Slug:: lazy-blocks
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.1
Severity Score:: Medium
CVE:: 2025-58258

Plugin:: SmartCrawl SEO checker, analyzer & optimizer
Plugin Slug:: smartcrawl-seo
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.14.4
Severity Score:: Medium
CVE:: 2025-11163

Plugin:: Uncanny Toolkit for LearnDash
Plugin Slug:: uncanny-learndash-toolkit
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0.4
Severity Score:: Medium
CVE:: 2025-57988

Plugin:: MasterStudy LMS WordPress Plugin � for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.21
Severity Score:: Medium
CVE:: 2025-59576

Plugin:: MasterStudy LMS WordPress Plugin � for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Race Condition
Patched in Version:: 3.6.21
Severity Score:: Medium
CVE:: 2025-59577

Plugin:: Mega Elements � Addons for Elementor
Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2025-8200

Plugin:: Open User Map
Plugin Slug:: open-user-map
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.15
Severity Score:: Medium
CVE:: 2025-57953

Plugin:: Postie
Plugin Slug:: postie
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.71
Severity Score:: Medium
CVE:: 2024-5200

Plugin:: Team � Team Members Showcase Plugin
Plugin Slug:: tlp-team
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.7
Severity Score:: Medium
CVE:: 2025-57975

Plugin:: WPeMatico RSS Feed Fetcher
Plugin Slug:: wpematico
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.8.11
Severity Score:: Medium
CVE:: 2025-57937

Plugin:: WP Travel Engine � Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor
Plugin Slug:: wte-elementor-widgets
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2025-59574

Plugin:: Cozy Blocks � All-in-One Page Builder Blocks for Gutenberg and Full Site Editing (FSE)
Plugin Slug:: cozy-addons
Installations: 9,000+
Vulnerability:: Content Injection
Patched in Version:: 2.1.30
Severity Score:: Medium
CVE:: 2025-59573

Plugin:: Super Blank
Plugin Slug:: super-blank
Installations: 9,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2025-54741

Plugin:: WP Compress � Instant Performance & Speed Optimization
Plugin Slug:: wp-compress-image-optimizer
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.50.55
Severity Score:: Medium
CVE:: 2025-57899

Plugin:: Download After Email � Subscribe & Download Form Plugin
Plugin Slug:: download-after-email
Installations: 8,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 2.1.7
Severity Score:: Medium
CVE:: 2025-54743

Plugin:: aThemes Addons for Elementor
Plugin Slug:: athemes-addons-for-elementor-lite
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-60112

Plugin:: OAuth Single Sign On � SSO (OAuth Client)
Plugin Slug:: miniorange-login-with-eve-online-google-facebook
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.26.13
Severity Score:: Medium
CVE:: 2025-10752

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.0
Severity Score:: Medium
CVE:: 2025-9353

Plugin:: Email Marketing, Email Automation, Newsletter & Cart Abandonment for WordPress and WooCommerce � Mail Mint
Plugin Slug:: mail-mint
Installations: 6,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.18.7
Severity Score:: High
CVE:: 2025-59570

Plugin:: Search Atlas SEO � Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization
Plugin Slug:: metasync
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.5
Severity Score:: Medium
CVE:: 2025-58019

Plugin:: CubeWP � All-in-One Dynamic Content Framework
Plugin Slug:: cubewp-framework
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.27
Severity Score:: Medium
CVE:: 2025-59569

Plugin:: Termageddon: Cookie Consent & Privacy Compliance
Plugin Slug:: termageddon-usercentrics
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.2
Severity Score:: Medium
CVE:: 2025-58026

Plugin:: Coupon Affiliates � Affiliate Plugin for WooCommerce
Plugin Slug:: woo-coupon-usage
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.8.1
Severity Score:: Medium
CVE:: 2025-59567

Plugin:: WPKoi Templates for Elementor
Plugin Slug:: wpkoi-templates-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.4
Severity Score:: Medium
CVE:: 2025-57999

Plugin:: Zoho Flow � Integrate 100+ plugins with 1000+ business apps, no-code workflow automation
Plugin Slug:: zoho-flow
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.14.2
Severity Score:: Medium
CVE:: 2025-59568

Plugin:: Etsy Shop
Plugin Slug:: etsy-shop
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: High
CVE:: 2025-9115

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.2.7
Severity Score:: Critical
CVE:: 2025-10147

Plugin:: Interact: Embed A Quiz On Your Site
Plugin Slug:: interact-quiz-embed
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2
Severity Score:: Medium
CVE:: 2025-58675

Plugin:: Mapster WP Maps
Plugin Slug:: mapster-wp-maps
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.21.0
Severity Score:: Medium
CVE:: 2025-9044

Plugin:: Upsell Funnel Builder for WooCommerce � New Marketing Funnel Builder and Sales Funnel Builder tailored for your store.
Plugin Slug:: upsell-order-bump-offer-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.8
Severity Score:: Medium
CVE:: 2025-59565

Plugin:: WP-DownloadManager
Plugin Slug:: wp-downloadmanager
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.69
Severity Score:: High
CVE:: 2025-10747

Plugin:: Academy LMS � WordPress LMS Plugin for Complete eLearning Solution
Plugin Slug:: academy
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.3.5
Severity Score:: Medium
CVE:: 2025-59562

Plugin:: Advanced Views � Display Posts, Custom Fields, and More
Plugin Slug:: acf-views
Installations: 2,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.7.20
Severity Score:: High
CVE:: 2025-10380

Plugin:: Smart Blocks
Plugin Slug:: smart-blocks
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5
Severity Score:: Medium
CVE:: 2025-59561

Plugin:: Payrexx Payment Gateway for WooCommerce
Plugin Slug:: woo-payrexx-gateway
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.6
Severity Score:: Medium
CVE:: 2025-59559

Plugin:: Quick View for WooCommerce
Plugin Slug:: woo-quickview
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.17
Severity Score:: Medium
CVE:: 2025-58228

Plugin:: YouTube Showcase � Responsive YouTube Video Gallery Plugin for WordPress
Plugin Slug:: youtube-showcase
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.1
Severity Score:: Medium
CVE:: 2025-58915

Plugin:: Banhammer � Monitor Site Traffic, Block Bad Users and Bots
Plugin Slug:: banhammer
Installations: 1,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 3.4.9
Severity Score:: Medium
CVE:: 2025-10745

Plugin:: Clariti
Plugin Slug:: clariti
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2025-57991

Plugin:: Custom iFrame for Elementor � Embed Pdf, Maps, Videos, & Websites Easily
Plugin Slug:: custom-iframe
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.14
Severity Score:: Medium
CVE:: 2025-59553

Plugin:: Custom Login URL
Plugin Slug:: custom-login-url
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2025-58969

Plugin:: Double the Donation � A workplace giving tool to help your fundraising efforts
Plugin Slug:: double-the-donation
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2025-57929

Plugin:: Double the Donation � A workplace giving tool to help your fundraising efforts
Plugin Slug:: double-the-donation
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2025-57930

Plugin:: Easy Elementor Addons
Plugin Slug:: easy-elementor-addons
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.9
Severity Score:: High
CVE:: 2025-58973

Plugin:: GetResponse Forms by Optin Cat
Plugin Slug:: getresponse
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.1
Severity Score:: Medium
CVE:: 2025-59549

Plugin:: Markup Markdown
Plugin Slug:: markup-markdown
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.20.10
Severity Score:: Medium
CVE:: 2025-9540

Plugin:: Product Catalog Simple
Plugin Slug:: post-type-x
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.3
Severity Score:: Medium
CVE:: 2025-58992

Plugin:: Request a Quote Form Plugin � Price Quote Request Management Made Easy
Plugin Slug:: request-a-quote
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2025-58915

Plugin:: Revive.so � Bulk Rewrite and Republish Blog Posts
Plugin Slug:: revive-so
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2025-59551

Plugin:: Safety Exit
Plugin Slug:: safety-exit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2025-57980

Plugin:: Save as PDF Plugin by PDFCrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.3
Severity Score:: Medium
CVE:: 2025-59552

Plugin:: Sign-up Sheets
Plugin Slug:: sign-up-sheets
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.3.3
Severity Score:: Critical
CVE:: 2025-49393

Plugin:: Travel Map
Plugin Slug:: travelmap-blog
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2025-57960

Plugin:: wp-mpdf
Plugin Slug:: wp-mpdf
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.2
Severity Score:: Medium
CVE:: 2025-60040

Plugin:: WPCasa
Plugin Slug:: wpcasa
Installations: 1,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.4.2
Severity Score:: Critical
CVE:: 2025-9321

Plugin:: WPComplete
Plugin Slug:: wpcomplete
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.5.3
Severity Score:: Medium
CVE:: 2025-58974

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.203
Severity Score:: Medium
CVE:: 2025-10490

Plugin:: AffiliateWP � External Referral Links
Plugin Slug:: affiliatewp-external-referral-links
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2025-53460

Plugin:: CashBill.pl � P?atno?ci WooCommerce
Plugin Slug:: cashbill-payment-method
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: Medium
CVE:: 2025-53455

Plugin:: MaxiBlocks: 2300+ Patterns, 280+ Pages, 14.3K Icons & 100 Styles
Plugin Slug:: maxi-blocks
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2025-58968

Plugin:: System Dashboard
Plugin Slug:: system-dashboard
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.8.21
Severity Score:: Medium
CVE:: 2025-10377

Plugin:: Fusion Page Builder : Extension � Gallery
Plugin Slug:: fusion-extension-gallery
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.7
Severity Score:: Medium
CVE:: 2025-58965

Plugin:: Easy Quotes
Plugin Slug:: easy-quotes
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2025-58681

Plugin:: List Child Pages Shortcode
Plugin Slug:: list-child-pages-shortcode
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2025-58021

Plugin:: Employee Spotlight � Team Member Showcase & Meet the Team Plugin
Plugin Slug:: employee-spotlight
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.1
Severity Score:: Medium
CVE:: 2025-58915

Plugin:: Publitio
Plugin Slug:: publitio
Installations: 500+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2025-58962

Plugin:: Customer Support Ticket System & Helpdesk Plugin for WordPress
Plugin Slug:: wp-ticket
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.3
Severity Score:: Medium
CVE:: 2025-60157

Plugin:: Customer Support Ticket System & Helpdesk Plugin for WordPress
Plugin Slug:: wp-ticket
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.1
Severity Score:: Medium
CVE:: 2025-58915

Plugin:: IP Based Login
Plugin Slug:: ip-based-login
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.4
Severity Score:: Medium
CVE:: 2025-58960

Plugin:: VPSUForm � No-Code Custom Form Builder � Contact Forms, Conversion Form & More
Plugin Slug:: v-form
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.21
Severity Score:: Medium
CVE:: 2025-58957

Plugin:: Advanced Settings 3
Plugin Slug:: advanced-settings
Installations: 200+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.2.0
Severity Score:: Critical
CVE:: 2025-58996

Plugin:: immonex Kickstart Team
Plugin Slug:: immonex-kickstart-team
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7.0
Severity Score:: High
CVE:: 2025-57925

Plugin:: Current Age Plugin
Plugin Slug:: current-age
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7
Severity Score:: High
CVE:: 2025-58687

Plugin:: Doliconnect
Plugin Slug:: doliconnect
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.6.2
Severity Score:: High
CVE:: 2025-58690

Plugin:: CM Business Directory � Optimise and showcase local business
Plugin Slug:: cm-business-directory
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2025-10178

Plugin:: Markdown Shortcode
Plugin Slug:: markdown-shortcode
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.2.3
Severity Score:: Medium
CVE:: 2025-10180

Plugin:: Widgets for Tiktok Feed
Plugin Slug:: widgets-for-tiktok-video-feed
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2025-8906

Plugin:: AffiliateWP
Plugin Slug:: affiliate-wp
Vulnerability:: SQL Injection
Patched in Version:: 2.29.0
Severity Score:: Critical
CVE:: 2025-8877

Plugin:: BM Content Builder
Plugin Slug:: bm-builder
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.16.3.3
Severity Score:: High
CVE:: 2025-59002

Plugin:: Widget Options – Extended
Plugin Slug:: extended-widget-options
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.2
Severity Score:: Medium
CVE:: 2025-8902

Plugin:: Houzez Theme – Functionality
Plugin Slug:: houzez-theme-functionality
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.4
Severity Score:: High
CVE:: 2025-49403

Plugin:: Houzez Theme – Functionality
Plugin Slug:: houzez-theme-functionality
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.1.4
Severity Score:: Medium
CVE:: 2025-49404

Plugin:: Penci Filter Everything
Plugin Slug:: penci-filter-everything
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2025-59583

Plugin:: Penci Podcast
Plugin Slug:: penci-podcast
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2025-59584

Plugin:: Penci Portfolio
Plugin Slug:: penci-portfolio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6
Severity Score:: Medium
CVE:: 2025-59586

Plugin:: Penci Recipe
Plugin Slug:: penci-recipe
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1
Severity Score:: Medium
CVE:: 2025-59585

Plugin:: Penci Shortcodes & Performance
Plugin Slug:: penci-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1
Severity Score:: Medium
CVE:: 2025-59587

Plugin:: Uni CPO (Premium)
Plugin Slug:: uni-woo-custom-product-options-premium
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.9.55
Severity Score:: Critical
CVE:: 2025-10412

Plugin:: Vehica Core
Plugin Slug:: vehica-core
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.101
Severity Score:: Medium
CVE:: 2025-60117

Plugin:: MultiLoca
Plugin Slug:: woocommerce-multi-locations-inventory-management
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.9
Severity Score:: Critical
CVE:: 2025-9054

Plugin:: WorkScout-Core
Plugin Slug:: workscout-core
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.06
Severity Score:: High
CVE:: 2025-59572

Plugin:: WP Attractive Donations System
Plugin Slug:: wp-attractive-donations-system-easy-stripe-paypal-donations
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.29
Severity Score:: High
CVE:: 2025-58956

WordPress Themes � 6 Patched / 11 Unpatched

Theme:: Woostify
Theme Slug:: woostify
Downloads: 721,458
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60101

Theme:: Constructo
Theme Slug:: constructo
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58244

Theme:: CouponXxL
Theme Slug:: couponxxl
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58013

Theme:: DriCub
Theme Slug:: dricub-driving-school
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58004

Theme:: DriCub
Theme Slug:: dricub-driving-school
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58005

Theme:: Findgo
Theme Slug:: fingo
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58250

Theme:: Frames
Theme Slug:: frames
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60165

Theme:: imEvent
Theme Slug:: imevent
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58243

Theme:: Nokri
Theme Slug:: nokri
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58259

Theme:: WPLMS
Theme Slug:: wplms
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58668

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-60100

Theme:: DentiCare
Theme Slug:: denticare
Vulnerability:: PHP Object Injection
Patched in Version:: 1.4.3
Severity Score:: Critical
CVE:: 2025-54723

Theme:: Snow Monkey
Theme Slug:: snow-monkey
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 29.1.6
Severity Score:: Medium
CVE:: 2025-10137

Theme:: Soledad
Theme Slug:: soledad
Vulnerability:: Local File Inclusion
Patched in Version:: 8.6.9
Severity Score:: High
CVE:: 2025-59588

Theme:: Soledad
Theme Slug:: soledad
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.6.9
Severity Score:: Medium
CVE:: 2025-59589

Theme:: TheGem
Theme Slug:: thegem
Vulnerability:: Broken Access Control
Patched in Version:: 5.10.5.1
Severity Score:: Medium
CVE:: 2025-60097

Theme:: TheGem (Elementor)
Theme Slug:: thegem-elementor
Vulnerability:: Broken Access Control
Patched in Version:: 5.10.5.1
Severity Score:: Medium
CVE:: 2025-60096