WordPress Vulnerability Report � September 17, 2025

In this report, 199 vulnerabilities have been publicly disclosed. Security patches for 50 of these plugins and themes are now available, so please run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 149 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.8.2 was released on July 15, 2025. This maintenance release includes fixes for 20 Core tickets and 15 Block Editor issues. For a full list of bug fixes, please refer to the release candidate announcement.

WordPress Plugins � 47 Patched / 50 Unpatched

Plugin:: Duplicate Page and Post
Plugin Slug:: duplicate-wp-page-post
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6189

Plugin:: Categorify � WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59005

Plugin:: WP Mailgun SMTP
Plugin Slug:: wp-mailgun-smtp
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Plugin:: WP SendGrid SMTP
Plugin Slug:: wp-sendgrid-smtp
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Plugin:: All in one Minifier
Plugin Slug:: all-in-one-minifier
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-9073

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Installations: 10+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-0763

Plugin:: Admin in English with Switch
Plugin Slug:: admin-in-english-with-switch
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9623

Plugin:: Analytics Reduce Bounce Rate
Plugin Slug:: analytics-unbounce
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9635

Plugin:: Auto Save Remote Images (Drafts)
Plugin Slug:: auto-save-remote-images-drafts
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7843

Plugin:: AutoCatSet
Plugin Slug:: autocatset
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9631

Plugin:: azurecurve BBCode
Plugin Slug:: azurecurve-bbcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8398

Plugin:: BeyondCart Connector
Plugin Slug:: beyondcart
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-8570

Plugin:: Blog Designer For Elementor
Plugin Slug:: blog-designer-for-elementor
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8481

Plugin:: Certifica WP
Plugin Slug:: certifica-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8316

Plugin:: Contact Form 7 reCAPTCHA
Plugin Slug:: contact-form-7-recaptcha
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-8280

Plugin:: Countdown Timer for Elementor
Plugin Slug:: countdown-timer-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8445

Plugin:: Coupon API
Plugin Slug:: couponapi
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-8692

Plugin:: Digital Events Calendar
Plugin Slug:: digital-events-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5801

Plugin:: Elements Plus!
Plugin Slug:: elements-plus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8689

Plugin:: Embed Google Datastudio
Plugin Slug:: embed-google-data-studio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9877

Plugin:: Enhanced BibliPlug
Plugin Slug:: enhanced-bibliplug
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9855

Plugin:: Evenium
Plugin Slug:: evenium
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9850

Plugin:: WPGYM
Plugin Slug:: gym-management
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7049

Plugin:: IndiaNIC Testimonial
Plugin Slug:: indianic-testimonial
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7826

Plugin:: Catalog Importer, Scraper & Crawler
Plugin Slug:: intelligent-importer
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-8417

Plugin:: jQuery Colorbox
Plugin Slug:: jquery-colorbox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3650

Plugin:: The integration of the AMO.CRM
Plugin Slug:: leads-for-amo-crm
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9628

Plugin:: LH Signing
Plugin Slug:: lh-signing
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9633

Plugin:: Mitfahrgelegenheit
Plugin Slug:: mitfahrgelegenheit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8392

Plugin:: Mixtape
Plugin Slug:: mixtape
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9860

Plugin:: My WP Translate
Plugin Slug:: my-wp-translate
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8425

Plugin:: My WP Translate
Plugin Slug:: my-wp-translate
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8423

Plugin:: PhpList Subber
Plugin Slug:: phpls
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9632

Plugin:: Plugin updates blocker
Plugin Slug:: plugin-update-blocker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9634

Plugin:: Propovoice CRM
Plugin Slug:: propovoice
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-8422

Plugin:: Publish Approval
Plugin Slug:: publish-approval
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9617

Plugin:: Resideo Plugin for Resideo
Plugin Slug:: resideo-plugin
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7718

Plugin:: Responsive Addons for Elementor
Plugin Slug:: responsive-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8215

Plugin:: Run Log
Plugin Slug:: run-log
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9627

Plugin:: Salon booking system
Plugin Slug:: salon-booking-system
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8492

Plugin:: Seo Monster
Plugin Slug:: seo-monster
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-9620

Plugin:: Side Slide Responsive Menu
Plugin Slug:: side-slide-responsive-menu
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-9880

Plugin:: eID Easy
Plugin Slug:: smart-id
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9128

Plugin:: Smartcat Translator for WPML
Plugin Slug:: smartcat-wpml
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-9451

Plugin:: Spotify Embed Creator
Plugin Slug:: spotify-embed-creator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9879

Plugin:: ThemeLoom Widgets
Plugin Slug:: themeloom-widgets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9861

Plugin:: Ultimate Blogroll
Plugin Slug:: ultimate-blogroll
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-9881

Plugin:: User Meta
Plugin Slug:: user-meta
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-9693

Plugin:: WP Scriptcase
Plugin Slug:: wp-scriptcase
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8691

Plugin:: Workable Api
Plugin Slug:: wrapper-for-workable-api
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8721

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.15.3
Severity Score:: Medium
CVE:: 2025-9808

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.15.1.1
Severity Score:: Critical
CVE:: 2025-9807

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 600,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.11.1
Severity Score:: Critical
CVE:: 2025-9083

Plugin:: NitroPack � Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN
Plugin Slug:: nitropack
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.18.5
Severity Score:: Medium
CVE:: 2025-8778

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.8.0
Severity Score:: High
CVE:: 2025-58993

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +21 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2025-58990

Plugin:: Import any XML, CSV or Excel File to WordPress
Plugin Slug:: wp-all-import
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.9.4
Severity Score:: High
CVE:: 2025-10001

Plugin:: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.5
Severity Score:: Medium
CVE:: 2025-8388

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Content Injection
Patched in Version:: 3.5.4.3
Severity Score:: Medium
CVE:: 2025-9489

Plugin:: Maspik � Ultimate Spam Protection
Plugin Slug:: contact-forms-anti-spam
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.5.7
Severity Score:: Medium
CVE:: 2025-9888

Plugin:: Maspik � Ultimate Spam Protection
Plugin Slug:: contact-forms-anti-spam
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.7
Severity Score:: Medium
CVE:: 2025-9979

Plugin:: Ditty � Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.1.58
Severity Score:: High
CVE:: 2025-8085

Plugin:: Welcart e-Commerce
Plugin Slug:: usc-e-shop
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.21
Severity Score:: Medium
CVE:: 2025-58984

Plugin:: WP Import � Ultimate CSV XML Importer for WordPress
Plugin Slug:: wp-ultimate-csv-importer
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.28
Severity Score:: High
CVE:: 2025-10040

Plugin:: LWS Cleaner
Plugin Slug:: lws-cleaner
Installations: 10,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.4.2
Severity Score:: High
CVE:: 2025-8575

Plugin:: AutomatorWP � Automator plugin for no-code automations, webhooks & custom integrations in WordPress
Plugin Slug:: automatorwp
Installations: 9,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 5.3.7
Severity Score:: High
CVE:: 2025-9539

Plugin:: AutomatorWP � Automator plugin for no-code automations, webhooks & custom integrations in WordPress
Plugin Slug:: automatorwp
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.8
Severity Score:: Medium
CVE:: 2025-9542

Plugin:: Equalize Digital Accessibility Checker � Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors
Plugin Slug:: accessibility-checker
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.31.1
Severity Score:: Medium
CVE:: 2025-58976

Plugin:: Equalize Digital Accessibility Checker � Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors
Plugin Slug:: accessibility-checker
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.31.1
Severity Score:: Medium
CVE:: 2025-58981

Plugin:: AI ChatBot for WordPress � WPBot
Plugin Slug:: chatbot
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.0
Severity Score:: Medium
CVE:: 2025-9111

Plugin:: CatFolders � Tame Your WordPress Media Library by Category
Plugin Slug:: catfolders
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.5.3
Severity Score:: High
CVE:: 2025-9776

Plugin:: Export WP Page to Static HTML & PDF
Plugin Slug:: export-wp-page-to-static-html
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.0
Severity Score:: Medium
CVE:: 2025-58980

Plugin:: Include Me
Plugin Slug:: include-me
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2025-58983

Plugin:: PagBank / PagSeguro Connect para WooCommerce
Plugin Slug:: pagbank-connect
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.44.4
Severity Score:: High
CVE:: 2025-10142

Plugin:: BerqWP � Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
Plugin Slug:: searchpro
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.54
Severity Score:: Medium
CVE:: 2025-58979

Plugin:: PDF Generator for WordPress
Plugin Slug:: pdf-generator-for-wp
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.5
Severity Score:: Medium
CVE:: 2025-58978

Plugin:: Responsive Filterable Portfolio
Plugin Slug:: responsive-filterable-portfolio
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.0.25
Severity Score:: Critical
CVE:: 2025-10049

Plugin:: Wp Edit Password Protected � Create Password Protect Pages & Design Password Protected Form
Plugin Slug:: wp-edit-password-protected
Installations: 2,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2025-9034

Plugin:: Authorsy � Author Box, Multiple Authors, Guest Authors & Post Rating
Plugin Slug:: authorsy
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2025-27006

Plugin:: Dynamic Text Field For Contact Form 7
Plugin Slug:: dynamic-text-field-for-contact-form-7
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2025-58989

Plugin:: Falang multilanguage for WordPress
Plugin Slug:: falang
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.3.66
Severity Score:: High
CVE:: 2025-58619

Plugin:: WP eBay Product Feeds
Plugin Slug:: ebay-feeds-for-wordpress
Installations: 900+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.4.9
Severity Score:: Medium
CVE:: 2025-58977

Plugin:: Pixeline’s Email Protector
Plugin Slug:: pixelines-email-protector
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2025-58982

Plugin:: Football Pool
Plugin Slug:: football-pool
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.13.0
Severity Score:: Medium
CVE:: 2025-58987

Plugin:: My Tickets � Accessible Event Ticketing
Plugin Slug:: my-tickets
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.23
Severity Score:: Medium
CVE:: 2025-58988

Plugin:: Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net
Plugin Slug:: peachpay-for-woocommerce
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: 1.117.6
Severity Score:: High
CVE:: 2025-9463

Plugin:: Additional Custom Product Tabs for WooCommerce
Plugin Slug:: product-tabs-for-woocommerce
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2025-58985

Plugin:: The Hack Repair Guy’s Plugin Archiver
Plugin Slug:: hackrepair-plugin-archiver
Installations: 400+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.1.1
Severity Score:: High
CVE:: 2025-10176

Plugin:: Advanced Settings 3
Plugin Slug:: advanced-settings
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2025-58975

Plugin:: Time Tracker
Plugin Slug:: time-tracker
Installations: 60+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.0
Severity Score:: High
CVE:: 2025-9018

Plugin:: WP Blast | SEO & Performance Booster
Plugin Slug:: wpblast
Installations: 40+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.8.7
Severity Score:: Medium
CVE:: 2025-9622

Plugin:: Heateor Login � Social Login Plugin
Plugin Slug:: heateor-login
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.10
Severity Score:: Medium
CVE:: 2025-9857

Plugin:: MyBrain Utilities
Plugin Slug:: mybrain-utilities
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2025-10126

Plugin:: Compress & Upload
Plugin Slug:: compress-then-upload
Installations: 10+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.0.5
Severity Score:: Critical
CVE:: 2025-8889

Plugin:: Mikado Core
Plugin Slug:: mikado-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: Medium
CVE:: 2025-9058

Plugin:: Wilmer Core
Plugin Slug:: wilmer-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.6
Severity Score:: Medium
CVE:: 2025-9061

Plugin:: WooCommerce Booking Bundle Hours
Plugin Slug:: woo-booking-bundle-hours
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.7.5
Severity Score:: High
CVE:: 2025-58991

WordPress Themes � 3 Patched / 99 Unpatched

Theme:: ButterBelly
Theme Slug:: butterbelly
Downloads: 70,694
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Theme:: Cloriato Lite
Theme Slug:: cloriato-lite
Downloads: 111,776
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Theme:: ColorWay
Theme Slug:: colorway
Downloads: 1,314,146
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Theme:: Compass
Theme Slug:: compass
Downloads: 65,712
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Theme:: Dzonia Lite
Theme Slug:: dzonia-lite
Downloads: 114,483
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Theme:: Poloray
Theme Slug:: poloray
Downloads: 71,063
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Theme:: Rethink
Theme Slug:: rethink
Downloads: 42,070
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Theme:: Road Fighter
Theme Slug:: road-fighter
Downloads: 82,748
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Theme:: Themia Lite
Theme Slug:: themia-lite
Downloads: 194,918
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59003

Theme:: Abogado
Theme Slug:: abogado
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Accalia
Theme Slug:: accalia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Adrena
Theme Slug:: adrena
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Advice
Theme Slug:: advice
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Agora
Theme Slug:: agora
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Alanzo
Theme Slug:: alanzo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Albertino
Theme Slug:: albertino
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Alhambra
Theme Slug:: alhambra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: A.Williams
Theme Slug:: alisha-williams
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: AlphaColor
Theme Slug:: alpha-color
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Anesta
Theme Slug:: anesta
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Angela
Theme Slug:: angela
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: AI ANN
Theme Slug:: ann
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Anubia
Theme Slug:: anubia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Artesia
Theme Slug:: artesia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Asclepius
Theme Slug:: asclepius
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Belicia
Theme Slug:: belicia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: BeYoga
Theme Slug:: beyoga
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Birdily | Travel Agency & Tour Booking WordPress Theme
Theme Slug:: birdily
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Bonko
Theme Slug:: bonko
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Booklovers
Theme Slug:: booklovers
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Callie Britt
Theme Slug:: callie-britt
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Camelia
Theme Slug:: camelia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Carlax
Theme Slug:: carlax
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Carz
Theme Slug:: carz
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: ChainPress
Theme Slug:: chainpress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Chakra
Theme Slug:: chakra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Chardonnay
Theme Slug:: chardonnay
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Childy
Theme Slug:: childly
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Chrimson
Theme Slug:: chrimson
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: City Hostel
Theme Slug:: cityhostel
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: 69 Clothing
Theme Slug:: clothing69
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Corredo
Theme Slug:: corredo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Credit Card Experience
Theme Slug:: creditcard
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Crework
Theme Slug:: crework
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Custom Made
Theme Slug:: custom-made
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Def
Theme Slug:: def
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Doccure
Theme Slug:: doccure
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-9112

Theme:: Doccure
Theme Slug:: doccure
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-9114

Theme:: Doccure
Theme Slug:: doccure
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-9113

Theme:: Drone Media
Theme Slug:: drone-media
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Edema
Theme Slug:: edema
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Elementra
Theme Slug:: elementra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Fortunio
Theme Slug:: fortunio
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Good Wine
Theme Slug:: good-wine-shop
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Gravity
Theme Slug:: gravity
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Gutentype
Theme Slug:: gutentype
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Hampton
Theme Slug:: hampton
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Happy Rider
Theme Slug:: happy-rider
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Healthy Blog
Theme Slug:: healthy-blog
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Heaven11
Theme Slug:: heaven11
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Hello Summer
Theme Slug:: hello-summer
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Hogwords
Theme Slug:: hogwords
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: HotLock
Theme Slug:: hotlock
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Insurance Ancora
Theme Slug:: insurance-ancora
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Jobify – Job Board WordPress Theme
Theme Slug:: jobify
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8318

Theme:: Juno
Theme Slug:: junotoys
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Kargo
Theme Slug:: kargo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Lab
Theme Slug:: lab
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Laundry City
Theme Slug:: laundrycity
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: MediaFlex
Theme Slug:: mediaflex
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Nazareth
Theme Slug:: nazareth
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: OldStory
Theme Slug:: oldstory
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Partiso
Theme Slug:: partiso
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: PathWell
Theme Slug:: pathwell
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Planet Shakers
Theme Slug:: planet-shakers
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Plastica
Theme Slug:: plastica
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Let’s Play
Theme Slug:: playhockey
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Podium
Theme Slug:: podium
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Preston
Theme Slug:: preston
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: ProDent
Theme Slug:: prodent
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: ProGuards
Theme Slug:: proguards
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: ProRange
Theme Slug:: prorange
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Qwery
Theme Slug:: qwery
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Samadhi
Theme Slug:: samadhi
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Smart Casa
Theme Slug:: smart-casa
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: SoccerClub
Theme Slug:: soccerclub
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Softic
Theme Slug:: softic
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Solio
Theme Slug:: solio
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: StevenWatkins
Theme Slug:: steven-watkins
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Stratego
Theme Slug:: stratego
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Studeon
Theme Slug:: studeon
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Tantra
Theme Slug:: tantra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Tax Help
Theme Slug:: tax-help
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Translang
Theme Slug:: translang
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Travesia
Theme Slug:: travesia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Vagabonds
Theme Slug:: vagabonds
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Wine House
Theme Slug:: wine-house
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Wise Move
Theme Slug:: wisemove
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: WotaHub
Theme Slug:: wotahub
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Goza
Theme Slug:: goza-theme
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.2.3
Severity Score:: High
CVE:: 2025-10134

Theme:: Goza
Theme Slug:: goza-theme
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.2.3
Severity Score:: Critical
CVE:: 2025-5394

Theme:: Mow
Theme Slug:: mow
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.11
Severity Score:: Critical
CVE:: 2025-58997