Nexcess.comServers.comLiquidWeb.com
Line illustration showing a black application window on a purple gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � October 8, 2025

[email protected]
Uncategorized

In this report, 99 vulnerabilities have been publicly disclosed. Security patches for 32 of these plugins and themes are now available. Please run these updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Currently, 67 plugin and theme vulnerabilities remain unpatched. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8.3 is now available! This is a security release that features two fixes. As this is a security release, we recommend updating your sites immediately. For more information on WordPress 6.8.3, please visit the version page on the HelpHub site.

WordPress Plugins � 31 Patched / 66 Unpatched

The Pack Elementor addon

Plugin:

The Pack Elementor addon

Plugin Slug:
the-pack-addon

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-8214


The vulnerability has not been patched. You should deactivate the plugin.

Yoga Schedule Momoyoga

Plugin:

Yoga Schedule Momoyoga

Plugin Slug:
momoyoga-integration

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9852


The vulnerability has not been patched. You should deactivate the plugin.

Layers

Plugin:

Layers

Plugin Slug:
layers

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10130


The vulnerability has not been patched. You should deactivate the plugin.

Smart Docs

Plugin:

Smart Docs

Plugin Slug:
smart-docs

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9333


The vulnerability has not been patched. You should deactivate the plugin.

Simple Multilanguage Plugin

Plugin:

Simple Multilanguage Plugin

Plugin Slug:
a-simple-multilanguage

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9854


The vulnerability has not been patched. You should deactivate the plugin.

Ajax WooSearch

Plugin:

Ajax WooSearch

Plugin Slug:
ajax-woosearch

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2025-9697


The vulnerability has not been patched. You should deactivate the plugin.

All in One Music Player

Plugin:

All in One Music Player

Plugin Slug:
all-in-one-music-player

Vulnerability:
Path Traversal

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-8559


The vulnerability has not been patched. You should deactivate the plugin.

All Social Share Options

Plugin:

All Social Share Options

Plugin Slug:
all-social-share-options

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10131


The vulnerability has not been patched. You should deactivate the plugin.

Eulerpool Research Systems

Plugin:

Eulerpool Research Systems

Plugin Slug:
alleaktien-quantitativ

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10128


The vulnerability has not been patched. You should deactivate the plugin.

Any News Ticker

Plugin:

Any News Ticker

Plugin Slug:
any-news-ticker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10168


The vulnerability has not been patched. You should deactivate the plugin.

AP Background

Plugin:

AP Background

Plugin Slug:
ap-background

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10165


The vulnerability has not been patched. You should deactivate the plugin.

AP Background

Plugin:

AP Background

Plugin Slug:
ap-background

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9897


The vulnerability has not been patched. You should deactivate the plugin.

AP Background

Plugin:

AP Background

Plugin Slug:
ap-background

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
High

CVE:

2025-9561


The vulnerability has not been patched. You should deactivate the plugin.

Appy Pie Connect for WooCommerce

Plugin:

Appy Pie Connect for WooCommerce

Plugin Slug:
appy-pie-connect-for-woocommerce

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2025-9286


The vulnerability has not been patched. You should deactivate the plugin.

Auto Bulb Finder for WordPress

Plugin:

Auto Bulb Finder for WordPress

Plugin Slug:
auto-bulb-finder-for-wp-wc

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9858


The vulnerability has not been patched. You should deactivate the plugin.

Backup Bolt

Plugin:

Backup Bolt

Plugin Slug:
backup-bolt

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10306


The vulnerability has not been patched. You should deactivate the plugin.

Bei Fen

Plugin:

Bei Fen

Plugin Slug:
bei-fen

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2025-9993


The vulnerability has not been patched. You should deactivate the plugin.

BP Direct Menus

Plugin:

BP Direct Menus

Plugin Slug:
bp-direct-menus

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10189


The vulnerability has not been patched. You should deactivate the plugin.

Chat by Chatwee

Plugin:

Chat by Chatwee

Plugin Slug:
chatwee

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9948


The vulnerability has not been patched. You should deactivate the plugin.

Comment Info Detector

Plugin:

Comment Info Detector

Plugin Slug:
comment-info-detector

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10311


The vulnerability has not been patched. You should deactivate the plugin.

ContentMX Content Publisher

Plugin:

ContentMX Content Publisher

Plugin Slug:
contentmx-content-publisher

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9889


The vulnerability has not been patched. You should deactivate the plugin.

Copypress Rest API

Plugin:

Copypress Rest API

Plugin Slug:
copypress-rest-api

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2025-8625


The vulnerability has not been patched. You should deactivate the plugin.

CTL Behance Importer Lite

Plugin:

CTL Behance Importer Lite

Plugin Slug:
ctl-behance-importer-lite

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2025-9587


The vulnerability has not been patched. You should deactivate the plugin.

Custom Searchable Data Entry System

Plugin:

Custom Searchable Data Entry System

Plugin Slug:
custom-searchable-data-entry-system

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2020-36852


The vulnerability has not been patched. You should deactivate the plugin.

dbview

Plugin:

dbview

Plugin Slug:
dbview

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10182


The vulnerability has not been patched. You should deactivate the plugin.

Easy Elementor Addons

Plugin:

Easy Elementor Addons

Plugin Slug:
easy-elementor-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9045


The vulnerability has not been patched. You should deactivate the plugin.

Epic Bootstrap Buttons

Plugin:

Epic Bootstrap Buttons

Plugin Slug:
epic-bootstrap-buttons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-8776


The vulnerability has not been patched. You should deactivate the plugin.

FancyTabs

Plugin:

FancyTabs

Plugin Slug:
fancytabs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-8560


The vulnerability has not been patched. You should deactivate the plugin.

Flexi � Guest Submit

Plugin:

Flexi � Guest Submit

Plugin Slug:
flexi

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9129


The vulnerability has not been patched. You should deactivate the plugin.

GutenBee

Plugin:

GutenBee

Plugin Slug:
gutenbee

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-8566


The vulnerability has not been patched. You should deactivate the plugin.

Interactive Medical Drawing of Human Body

Plugin:

Interactive Medical Drawing of Human Body

Plugin Slug:
interactive-medical-drawing-of-human-body

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9332


The vulnerability has not been patched. You should deactivate the plugin.

Ird Slider

Plugin:

Ird Slider

Plugin Slug:
ird-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9876


The vulnerability has not been patched. You should deactivate the plugin.

LockerPress

Plugin:

LockerPress

Plugin Slug:
lockerpress-wordpress-security

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2025-9946


The vulnerability has not been patched. You should deactivate the plugin.

Meks Easy Maps

Plugin:

Meks Easy Maps

Plugin Slug:
meks-easy-maps

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9206


The vulnerability has not been patched. You should deactivate the plugin.

Mihdan: Elementor Yandex Maps

Plugin:

Mihdan: Elementor Yandex Maps

Plugin Slug:
mihdan-elementor-yandex-maps

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-8608


The vulnerability has not been patched. You should deactivate the plugin.

Mobile Site Redirect

Plugin:

Mobile Site Redirect

Plugin Slug:
mobile-site-redirect

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2025-9884


The vulnerability has not been patched. You should deactivate the plugin.

MPWizard

Plugin:

MPWizard

Plugin Slug:
mpwizard

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9885


The vulnerability has not been patched. You should deactivate the plugin.

My AskAI

Plugin:

My AskAI

Plugin Slug:
my-askai

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10179


The vulnerability has not been patched. You should deactivate the plugin.

SiteAlert (Formerly WP Health)

Plugin:

SiteAlert (Formerly WP Health)

Plugin Slug:
my-wp-health-check

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10212


The vulnerability has not been patched. You should deactivate the plugin.

Nexa Blocks

Plugin:

Nexa Blocks

Plugin Slug:
nexa-blocks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-8624


The vulnerability has not been patched. You should deactivate the plugin.

Optimize More! � CSS

Plugin:

Optimize More! � CSS

Plugin Slug:
optimize-more-css

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9945


The vulnerability has not been patched. You should deactivate the plugin.

PayPal Forms

Plugin:

PayPal Forms

Plugin Slug:
paypal-forms

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10309


The vulnerability has not been patched. You should deactivate the plugin.

planetcalc

Plugin:

planetcalc

Plugin Slug:
planetcalc

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-8777


The vulnerability has not been patched. You should deactivate the plugin.

Post By Email

Plugin:

Post By Email

Plugin Slug:
post-by-email

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2025-9762


The vulnerability has not been patched. You should deactivate the plugin.

Restrict User Registration

Plugin:

Restrict User Registration

Plugin Slug:
restrict-user-registration

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9892


The vulnerability has not been patched. You should deactivate the plugin.

RestroPress

Plugin:

RestroPress

Plugin Slug:
restropress

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2025-9209


The vulnerability has not been patched. You should deactivate the plugin.

Notification Bar

Plugin:

Notification Bar

Plugin Slug:
simple-bar

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9895


The vulnerability has not been patched. You should deactivate the plugin.

Survey Anyplace

Plugin:

Survey Anyplace

Plugin Slug:
surveyanyplace

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10196


The vulnerability has not been patched. You should deactivate the plugin.

TableGen � Data Table Generator

Plugin:

TableGen � Data Table Generator

Plugin Slug:
table-creator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10053


The vulnerability has not been patched. You should deactivate the plugin.

Tiny Bootstrap Elements Light

Plugin:

Tiny Bootstrap Elements Light

Plugin Slug:
tiny-bootstrap-elements-light

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2025-9991


The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Multi Design Video Carousel

Plugin:

Ultimate Multi Design Video Carousel

Plugin Slug:
ultimate-multi-design-video-carousel

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9372


The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Viral Quiz

Plugin:

Ultimate Viral Quiz

Plugin Slug:
ultimate-viral-quiz

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10302


The vulnerability has not been patched. You should deactivate the plugin.

Unify

Plugin:

Unify

Plugin Slug:
unify

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9130


The vulnerability has not been patched. You should deactivate the plugin.

Ultra Addons Lite for Elementor

Plugin:

Ultra Addons Lite for Elementor

Plugin Slug:
ut-elementor-addons-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9077


The vulnerability has not been patched. You should deactivate the plugin.

WeedMaps Menu

Plugin:

WeedMaps Menu

Plugin Slug:
weedmaps-menu-embed

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-8623


The vulnerability has not been patched. You should deactivate the plugin.

Big Post Shipping for WooCommerce

Plugin:

Big Post Shipping for WooCommerce

Plugin Slug:
woo-bigpost-shipping

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10191


The vulnerability has not been patched. You should deactivate the plugin.

Woo superb slideshow transition gallery with random effect

Plugin:

Woo superb slideshow transition gallery with random effect

Plugin Slug:
woo-superb-slideshow-transition-gallery-with-random-effect

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2025-9199


The vulnerability has not been patched. You should deactivate the plugin.

Wp cycle text announcement

Plugin:

Wp cycle text announcement

Plugin Slug:
wp-cycle-text-announcement

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2025-9198


The vulnerability has not been patched. You should deactivate the plugin.

WP Dispatcher

Plugin:

WP Dispatcher

Plugin Slug:
wp-dispatcher

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2025-9212


The vulnerability has not been patched. You should deactivate the plugin.

WP Dispatcher

Plugin:

WP Dispatcher

Plugin Slug:
wp-dispatcher

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2025-10582


The vulnerability has not been patched. You should deactivate the plugin.

WP Photo Effects

Plugin:

WP Photo Effects

Plugin Slug:
wp-photo-effects

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-10192


The vulnerability has not been patched. You should deactivate the plugin.

WP SinoType

Plugin:

WP SinoType

Plugin Slug:
wp-sinotype

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9630


The vulnerability has not been patched. You should deactivate the plugin.

WordPress Schema Plugin For Divi, Gutenberg & Shortcodes

Plugin:

WordPress Schema Plugin For Divi, Gutenberg & Shortcodes

Plugin Slug:
wp-structured-data-schema

Vulnerability:
Content Injection

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-7825


The vulnerability has not been patched. You should deactivate the plugin.

WPRecovery

Plugin:

WPRecovery

Plugin Slug:
wprecovery

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2025-10726


The vulnerability has not been patched. You should deactivate the plugin.

X Addons for Elementor

Plugin:

X Addons for Elementor

Plugin Slug:
x-addons-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9204


The vulnerability has not been patched. You should deactivate the plugin.

Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App

Plugin:

Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App

Plugin Slug:
yournewsapp

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2025-9200


The vulnerability has not been patched. You should deactivate the plugin.

WP Reset

Plugin:

WP Reset

Plugin Slug:
wp-reset

Installations
400,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.06

Severity Score:
Medium

CVE:

2025-10645


The vulnerability has been patched, so you should update to version 2.06.

Blocksy Companion

Plugin:

Blocksy Companion

Plugin Slug:
blocksy-companion

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.15

Severity Score:
Medium


The vulnerability has been patched, so you should update to version 2.1.15.

Responsive Lightbox & Gallery

Plugin:

Responsive Lightbox & Gallery

Plugin Slug:
responsive-lightbox

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.3

Severity Score:
High

CVE:

2025-9710


The vulnerability has been patched, so you should update to version 2.5.3.

Schema & Structured Data for WP & AMP

Plugin:

Schema & Structured Data for WP & AMP

Plugin Slug:
schema-and-structured-data-for-wp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.50

Severity Score:
High

CVE:

2025-9512


The vulnerability has been patched, so you should update to version 1.50.

Featured Image from URL (FIFU)

Plugin:

Featured Image from URL (FIFU)

Plugin Slug:
featured-image-from-url

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.8

Severity Score:
Medium

CVE:

2025-7400


The vulnerability has been patched, so you should update to version 5.2.8.

SmartCrawl SEO checker, analyzer & optimizer

Plugin:

SmartCrawl SEO checker, analyzer & optimizer

Plugin Slug:
smartcrawl-seo

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.14.4

Severity Score:
Medium

CVE:

2025-11163


The vulnerability has been patched, so you should update to version 3.14.4.

Postie

Plugin:

Postie

Plugin Slug:
postie

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.71

Severity Score:
Medium

CVE:

2024-5200


The vulnerability has been patched, so you should update to version 1.9.71.

WP Photo Album Plus

Plugin:

WP Photo Album Plus

Plugin Slug:
wp-photo-album-plus

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.0.11.007

Severity Score:
Medium

CVE:

2025-8726


The vulnerability has been patched, so you should update to version 9.0.11.007.

OAuth Single Sign On � SSO (OAuth Client)

Plugin:

OAuth Single Sign On � SSO (OAuth Client)

Plugin Slug:
miniorange-login-with-eve-online-google-facebook

Installations
7,000+

Vulnerability:
Privilege Escalation

Patched in Version:
6.26.13

Severity Score:
Critical

CVE:

2025-9485


The vulnerability has been patched, so you should update to version 6.26.13.

TextBuilder

Plugin:

TextBuilder

Plugin Slug:
textbuilder

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.0

Severity Score:
High

CVE:

2025-9213


The vulnerability has been patched, so you should update to version 1.2.0.

Block For Mailchimp � Easy Mailchimp Form Integration

Plugin:

Block For Mailchimp � Easy Mailchimp Form Integration

Plugin Slug:
block-for-mailchimp

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.1.13

Severity Score:
Medium

CVE:

2025-10735


The vulnerability has been patched, so you should update to version 1.1.13.

Majestic Before After Image

Plugin:

Majestic Before After Image

Plugin Slug:
majestic-before-after-image

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.3

Severity Score:
Medium

CVE:

2025-9030


The vulnerability has been patched, so you should update to version 2.0.3.

File Manager, Code Editor, and Backup by Managefy

Plugin:

File Manager, Code Editor, and Backup by Managefy

Plugin Slug:
softdiscover-db-file-manager

Installations
100+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.6.2

Severity Score:
Medium

CVE:

2025-10744


The vulnerability has been patched, so you should update to version 1.6.2.

Integrate Dynamics 365 CRM

Plugin:

Integrate Dynamics 365 CRM

Plugin Slug:
integrate-dynamics-365-crm

Installations
70+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.0

Severity Score:
Medium

CVE:

2025-10746


The vulnerability has been patched, so you should update to version 1.1.0.

Event Tickets, RSVPs, Calendar

Plugin:

Event Tickets, RSVPs, Calendar

Plugin Slug:
ticket-spot

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.3

Severity Score:
Medium

CVE:

2025-9875


The vulnerability has been patched, so you should update to version 1.0.3.

AffiliateWP

Plugin:

AffiliateWP

Plugin Slug:
affiliate-wp

Vulnerability:
SQL Injection

Patched in Version:
2.29.0

Severity Score:
Critical

CVE:

2025-8877


The vulnerability has been patched, so you should update to version 2.29.0.

Spirit Framework

Plugin:

Spirit Framework

Plugin Slug:
spirit-framework

Vulnerability:
Privilege Escalation

Patched in Version:
1.2.15

Severity Score:
Critical

CVE:

2025-6388


The vulnerability has been patched, so you should update to version 1.2.15.

Trinity Audio

Plugin:

Trinity Audio

Plugin Slug:
trinity-audio

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.21.0

Severity Score:
Medium

CVE:

2025-9886


The vulnerability has been patched, so you should update to version 5.21.0.

Trinity Audio

Plugin:

Trinity Audio

Plugin Slug:
trinity-audio

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.21.0

Severity Score:
High

CVE:

2025-9952


The vulnerability has been patched, so you should update to version 5.21.0.

Yoast SEO Premium

Plugin:

Yoast SEO Premium

Plugin Slug:
wordpress-seo-premium

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
26.0

Severity Score:
Medium

CVE:

2025-11241


The vulnerability has been patched, so you should update to version 26.0.

WordPress Themes � 1 Patched / 1 Unpatched

Constructor

Theme:

Constructor

Theme Slug:
constructor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2025-9194


The vulnerability has not been patched. You should switch themes.

Customify

Theme:

Customify

Theme Slug:
customify-theme

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.4.12

Severity Score:
Medium

CVE:

2025-8669


The vulnerability has been patched, so you should update to version 0.4.12.

Related articles

Uncategorized
Should You Switch from Moodle to LearnDash? LearnDash Collaborator
Uncategorized
[Livestream] AI and Your Website Security: How threats are evolving in 2025 David
Uncategorized
3 Beautiful Member Onboarding Experiences Kristen Wright
Uncategorized
What Is Peer-to-Peer Fundraising and How Does It Work? Carrie Cousins
Uncategorized
WordPress Vulnerability Roundup: February 2021, Part 2 SolidWP Editorial Team
Uncategorized
9 Common Client Problems (And How To Prevent Them) Nathan Ingram

Wait! Get exclusive hosting insights

Subscribe to our newsletter and stay ahead of the competition with expert advice from our hosting pros.

Loading form…