WordPress Vulnerability Report — April 16, 2025

WORDPRESS HOSTING
Apr 23, 2025
0


In this report, 374 vulnerabilities have been publicly disclosed. Security patches for 90 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 284 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.8 “Cecil” is here! Launched April 15, 2025, it honors jazz legend Cecil Taylor, whose pioneering piano fused chaos and harmony. Explore its bold features with the same experimental spirit.

Plus, WordCamp Europe 2025 lands in Basel, Switzerland, June 5-7! Connect with WordPress enthusiasts, developers, and pros for three days of learning, networking, and collaboration with the global community.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 87 Patched / 272 Unpatched

Plugin Slug:
pojo-accessibility

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wp-table-builder

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
interactive-geo-maps

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
powerpress

Installations
30,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
accordions

Installations
20,000+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
asgaros-forum

Installations
10,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
flo-forms

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
lingotek-translation

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
motors-car-dealership-classified-listings

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
woocommerce-exporter

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
arconix-faq

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mage-eventpress

Installations
8,000+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Installations
7,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
eventon-lite

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
flip-boxes

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
specia-companion

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
survey-maker

Installations
6,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
swatchly

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
license-envato

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
affiliate-links

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
logo-showcase-ultimate

Installations
4,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
widgetize-pages-light

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
eazydocs

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
piotnetforms

Installations
3,000+

Vulnerability:
Path Traversal

Patched in Version:
No Fix

Severity Score:
Low

Plugin Slug:
simple-spoiler

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wallet-system-for-woocommerce

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wc-payphone-gateway

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
insert-or-embed-articulate-content-into-wordpress

Installations
2,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
solace-extra

Installations
2,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
restropress

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
ultimate-wp-mail

Installations
1,000+

Vulnerability:
Open Redirection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wp-webinarsystem

Installations
1,000+

Vulnerability:
Open Redirection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
real-estate-manager

Installations
900+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-hijri

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
database-toolset

Installations
800+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
fraudlabs-pro-for-woocommerce

Installations
800+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
js-jobs

Installations
800+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
js-jobs

Installations
800+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mergado-marketing-pack

Installations
800+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
nepali-date-utilities

Installations
800+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
waymark

Installations
800+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
waymark

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
broadstreet

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
doppler-form

Installations
700+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
doppler-form

Installations
700+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mapsvg-lite-interactive-vector-maps

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
mapsvg-lite-interactive-vector-maps

Installations
700+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
movylo-widget

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
online-accessibility

Installations
700+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
online-accessibility

Installations
700+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
sync-wc-google

Installations
700+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
build-app-online

Installations
600+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
question-answer

Installations
600+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
question-answer

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
request-call-back

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
canonical-attachments

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
interactive-us-map

Installations
500+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
job-board-manager

Installations
500+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
plugins-on-steroids

Installations
500+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
review-stream

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
rselements-lite

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
user-registration-using-contact-form-7

Installations
500+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wishlist

Installations
500+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-show-stats

Installations
500+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
anant-addons-for-elementor

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
cf7-manual-spam-blocker

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
coming-soon-countdown

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
debounce-io-email-validator

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
duplicate-title-checker

Installations
400+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
epeken-all-kurir

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
projectopia-core

Installations
400+

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
serped-net

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
spider-elements

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wp-autokeyword

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-smart-contracts

Installations
400+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
wp-w3all-phpbb-integration

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
custom-posts-order

Installations
300+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
czater

Installations
300+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
lock-your-updates

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
posts-table-filterable

Installations
300+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
print-science-designer

Installations
300+

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
silvasoft-boekhouden

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
task-scheduler

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-abstracts-manuscripts-manager

Installations
300+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
aba-payway-woocommerce-payment-gateway

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
connector-civicrm-mcrestface

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
foliopress-wysiwyg

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
multiple-location-google-map

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
nimbata-call-tracking

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
oxygen-mydata

Installations
200+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
revechat

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
service-booking-manager

Installations
200+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
totalprocessing-card-payments

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
tournamatch

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
user-session-synchronizer

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
webd-woocommerce-product-excel-importer-bulk-edit

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
woocommerce-mis-report

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
workbox-video-from-vimeo-youtube-plugin

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
awsa-shipping

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
chat2

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
chillpay-payment-gateway

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
clinked-client-portal

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
codescar-radio-widget

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
connect-daily-web-calendar

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
course-booking-system

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
credova-financial

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
empik-for-woocommerce

Installations
100+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
error-log-viewer-wp

Installations
100+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
fat-coming-soon

Installations
100+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
flexi

Installations
100+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
gb-gallery-slideshow

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
ical-feeds

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
keycaptcha

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
listings-for-buildium

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
local-magic

Installations
100+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
popping-content-light

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
qr-master

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
rentsyst

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
smartpay

Installations
100+

Vulnerability:
Other Vulnerability Type

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
sync-posts

Installations
100+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
ux-sniff

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
web2application

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
woocommerce-products-without-featured-images

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-featured-screenshot

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-map-route-planner

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-online-users-stats

Installations
100+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
wp-remote-thumbnail

Installations
100+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
wpshop

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
z-inventory-manager

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
5-sterrenspecialist

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
add-product-frontend-for-woocommerce

Installations
90+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
easy-post-duplicator

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
easy-post-duplicator

Installations
90+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
neon-product-designer-for-woocommerce

Installations
90+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
restrict-user-registration

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
verowa-connect

Installations
90+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-easy-poll-afo

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
cm-invitation-codes

Installations
80+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
flags-widget

Installations
80+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
hive-support

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
hive-support

Installations
80+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
hive-support

Installations
80+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
review-stars-count-for-woocommerce

Installations
80+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
spark-gf-failed-submissions

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
tp-gallery-slider

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-planification

Installations
80+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
custom-smilies

Installations
70+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
nino-social-connect

Installations
70+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
seo-help

Installations
70+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
seo-help

Installations
70+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
windows-live-writer

Installations
70+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-businessdirectory

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-businessdirectory

Installations
70+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-easy-menu

Installations
70+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
all-push-notification

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
all-push-notification

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
automatic-ban-ip

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
enable-wp-debug-toggle

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
html5-video-player-with-playlist

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
magazine-lister-for-yumpu

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
processing-projects

Installations
60+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
terminal-africa

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
woo-tbc-payment-gateway

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-sexylightbox

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
calais-auto-tagger

Installations
50+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
link-shield

Installations
50+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mobile-app-for-woocommerce

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mobile-pages

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
ppv-live-webcams

Installations
50+

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
trusty-woo-products-filter

Installations
50+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wc-pickupp

Installations
50+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
woocommerce-loyal-customer

Installations
50+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
idonate

Installations
40+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
seo-nutrition-and-print-for-recipes-by-edamam

Installations
40+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
simple-post-meta-manager

Installations
40+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
social-stream-design

Installations
40+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
ione360-configurator

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
scand-multi-mailer

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
scand-multi-mailer

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
at-internet

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
email-shortcode

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
make-email-customizer-for-woocommerce

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
nearby-locations

Installations
10+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
related-videos-for-jw-player

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
revampcrm-woocommerce

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wc-estimate-and-quote

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-condition

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-inquiries

Installations
10+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ZooEffect

Plugin Slug:
1-jquery-photo-gallery-slideshow-flash

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AAWP Obfuscator

Plugin Slug:
aawp-obfuscator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Accredible Certificates & Open Badges

Plugin Slug:
accredible-certificates

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Advanced Custom Fields: Link Picker Field

Plugin Slug:
acf-link-picker-field

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Activity Reactions For Buddypress

Plugin Slug:
activity-reactions-for-buddypress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Admin Menu Post List

Plugin Slug:
admin-menu-post-list

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advance WP Query Search Filter

Plugin Slug:
advance-wp-query-search-filter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Advanced Advertising System

Plugin Slug:
advanced-advertising-system

Vulnerability:
Open Redirection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Tag Lists

Plugin Slug:
advanced-tag-list

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AF Tell a Friend

Plugin Slug:
af-tell-a-friend

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AnyTrack Affiliate Link Manager

Plugin Slug:
anytrack-affiliate-link-manager

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Aria Font

Plugin Slug:
aria-font

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

azurecurve Shortcodes in Comments

Plugin Slug:
azurecurve-shortcodes-in-comments

Vulnerability:
Content Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

BP Social Connect

Plugin Slug:
bp-social-connect

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Brizy Pro

Plugin Slug:
brizy-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Brizy Pro

Plugin Slug:
brizy-pro

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Buddypress Humanity

Plugin Slug:
buddypress-humanity

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

C9 Blocks

Plugin Slug:
c9-blocks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Cart66 Cloud

Plugin Slug:
cart66-cloud

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Cart66 Cloud

Plugin Slug:
cart66-cloud

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CG Scroll To Top

Plugin Slug:
cg-scroll-to-top

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Checkout Mestres WP

Plugin Slug:
checkout-mestres-wp

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Comment Validation Reloaded

Plugin Slug:
comment-validation-reloaded

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Customize Login Page

Plugin Slug:
customize-login-page

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Developer Toolbar

Plugin Slug:
developer-toolbar

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ZoomSounds

Plugin Slug:
dzs-zoomsounds

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Easy Custom CSS

Plugin Slug:
easy-custom-css

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Embedder

Plugin Slug:
embedder

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Essential Breadcrumbs

Plugin Slug:
essential-breadcrumbs

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

FireDrum Email Marketing

Plugin Slug:
firedrum-email-marketing

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Sandwich Adsense

Plugin Slug:
firsth3tagadsense

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

FrescoChat Live Chat

Plugin Slug:
flexytalk-widget

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

FS Poster

Plugin Slug:
fs-poster

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Global Gallery

Plugin Slug:
global-gallery

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Hamburger Icon Menu Lite

Plugin Slug:
hamburger-icon-menu-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Insert HTML Here

Plugin Slug:
insert-html-here

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Language Field

Plugin Slug:
language-field

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Linet ERP-Woocommerce Integration

Plugin Slug:
linet-erp-woocommerce-integration

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Melhor Envio

Plugin Slug:
melhor-envio-cotacao

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

MMX – Make Me Christmas

Plugin Slug:
mmx-make-me-christmas

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Mobile Smart

Plugin Slug:
mobile-smart

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

More Mime Type Filters

Plugin Slug:
more-mime-type-filters

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

My auctions allegro

Plugin Slug:
my-auctions-allegro-free-edition

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

NewsBoard Post and RSS Scroller

Plugin Slug:
newsboard

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Oppso Unit Converter

Plugin Slug:
oppso-unit-converter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ORDER POST

Plugin Slug:
order-post

Vulnerability:
Content Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Payment Forms for Paystack

Plugin Slug:
payment-forms-for-paystack

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Rankology SEO – On-site SEO

Plugin Slug:
rankology-seo-all-in-one-seo-analytics

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

reCAPTCHA Jetpack

Plugin Slug:
recaptcha-jetpack

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Rich Table of Contents

Plugin Slug:
rich-table-of-content

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Scheduled

Plugin Slug:
scheduled

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Script Compressor

Plugin Slug:
script-compressor

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Seo Meta Tags

Plugin Slug:
seo-meta-tags

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple WP Events

Plugin Slug:
simple-wp-events

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple WP Events

Plugin Slug:
simple-wp-events

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Coming Soon, Maintenance Mode

Plugin Slug:
site-mode

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Site Notify

Plugin Slug:
site-notify

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Site Table of Contents

Plugin Slug:
site-table-of-contents

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Smart Product Gallery Slider

Plugin Slug:
smart-product-gallery-slider

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Social Bookmarking RELOADED

Plugin Slug:
social-bookmarking-reloaded

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Social Crowd

Plugin Slug:
social-crowd

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Spoiler Block

Plugin Slug:
spoiler-block

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Stop Registration Spam

Plugin Slug:
stop-registration-spam

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Testimonial Slider And Showcase Pro

Plugin Slug:
testimonial-slider-showcase-pro

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Testimonial Slider And Showcase Pro

Plugin Slug:
testimonial-slider-showcase-pro

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

The World

Plugin Slug:
the-world

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

TuriTop Booking System

Plugin Slug:
turitop-booking-system

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Twispay Credit Card Payments

Plugin Slug:
twispay

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ultra Demo Importer

Plugin Slug:
ut-demo-importer

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Vice Versa

Plugin Slug:
vice-versa

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Vite Coupon

Plugin Slug:
vite-coupon

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

VKontakte Cross-Post

Plugin Slug:
vkontakte-cross-post

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Wetterwarner

Plugin Slug:
wetterwarner

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Woo Product Feed For Marketing Channels

Plugin Slug:
woocommerce-to-google-merchant-center

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Editor.md – The Perfect WordPress Markdown Editor

Plugin Slug:
wp-editormd

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Food ordering and Restaurant Menu

Plugin Slug:
wp-food

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP-GeSHi-Highlight

Plugin Slug:
wp-geshi-highlight

Vulnerability:
Denial of Service Attack

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Hide Categories

Plugin Slug:
wp-hide-categories

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Performance Pack

Plugin Slug:
wp-performance-pack

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

wp secure

Plugin Slug:
wp-secure-by-sitesecuritymonitorcom

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP User Profiles

Plugin Slug:
wp-users-profiles

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WPSolr

Plugin Slug:
wpsolr-free

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WS Audio Player

Plugin Slug:
ws-audio-player

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

YouTube Embed

Plugin Slug:
youtube-embed

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ml-slider

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.95.0

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.1013

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
500,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.7.1007

Severity Score:
Medium

Plugin Slug:
broken-link-checker-seo

Installations
200,000+

Vulnerability:
SQL Injection

Patched in Version:
1.2.4

Severity Score:
High

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.35

Severity Score:
High

Plugin Slug:
everest-forms

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.2

Severity Score:
High

Plugin Slug:
everest-forms

Installations
100,000+

Vulnerability:
Content Injection

Patched in Version:
3.1.2

Severity Score:
Medium

Plugin Slug:
everest-forms

Installations
100,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.1.2

Severity Score:
Critical

Plugin Slug:
suretriggers

Installations
100,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.0.79

Severity Score:
High

Plugin Slug:
tutor

Installations
100,000+

Vulnerability:
Content Injection

Patched in Version:
3.4.1

Severity Score:
Medium

Plugin Slug:
woocommerce-multilingual

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.3.9

Severity Score:
Medium

Plugin Slug:
clearfy

Installations
60,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.3.3

Severity Score:
Medium

Plugin Slug:
user-registration

Installations
60,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
4.1.4

Severity Score:
Medium

Plugin Slug:
user-registration

Installations
60,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
4.1.4

Severity Score:
Medium

Plugin Slug:
age-gate

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.0

Severity Score:
Medium

Plugin Slug:
testimonial-free

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.7

Severity Score:
Medium

Plugin Slug:
wpfront-user-role-editor

Installations
40,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2.2

Severity Score:
High

Plugin Slug:
cost-calculator-builder

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
3.2.68

Severity Score:
High

Plugin Slug:
powerpress

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
11.9.18

Severity Score:
Medium

Plugin Slug:
powerpress

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
11.12.16

Severity Score:
Medium

Plugin Slug:
uncanny-learndash-toolkit

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.0.2

Severity Score:
Medium

Plugin Slug:
instawp-connect

Installations
20,000+

Vulnerability:
Local File Inclusion

Patched in Version:
0.1.0.86

Severity Score:
Critical

Plugin Slug:
quadmenu

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.1

Severity Score:
Medium

Plugin Slug:
motors-car-dealership-classified-listings

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.67

Severity Score:
Medium

Plugin Slug:
motors-car-dealership-classified-listings

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.65

Severity Score:
High

Plugin Slug:
motors-car-dealership-classified-listings

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.64

Severity Score:
Medium

Plugin Slug:
wedevs-project-manager

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.23

Severity Score:
Medium

Plugin Slug:
wedevs-project-manager

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.23

Severity Score:
Medium

Plugin Slug:
license-manager-for-woocommerce

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.10

Severity Score:
High

Plugin Slug:
adthrive-ads

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.4

Severity Score:
High

Plugin Slug:
myworks-woo-sync-for-quickbooks-online

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.9.2

Severity Score:
High

Plugin Slug:
poll-wp

Installations
5,000+

Vulnerability:
SQL Injection

Patched in Version:
2.4.7

Severity Score:
High

Plugin Slug:
awesome-logo-carousel-block

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.7

Severity Score:
Medium

Plugin Slug:
smtp-amazon-ses

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
High

Plugin Slug:
responsive-addons-for-elementor

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.9.1

Severity Score:
Medium

Plugin Slug:
skt-blocks

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0

Severity Score:
Medium

Plugin Slug:
skt-blocks

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
Medium

Plugin Slug:
skt-skill-bar

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4

Severity Score:
Medium

Plugin Slug:
dsgvo-youtube

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.2

Severity Score:
Medium

Plugin Slug:
inpost-gallery

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.4.4

Severity Score:
Medium

Plugin Slug:
noakes-menu-manager

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.6

Severity Score:
Medium

Plugin Slug:
vayu-blocks

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.2

Severity Score:
Medium

Plugin Slug:
wp-delete-user-accounts

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.4

Severity Score:
Medium

Plugin Slug:
zephyr-project-manager

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.102

Severity Score:
High

Plugin Slug:
booking-and-rental-manager-for-woocommerce

Installations
900+

Vulnerability:
Local File Inclusion

Patched in Version:
2.2.9

Severity Score:
High

Plugin Slug:
easyfonts

Installations
900+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
landing-page-cat

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.9

Severity Score:
High

Plugin Slug:
3dprint-lite

Installations
800+

Vulnerability:
SQL Injection

Patched in Version:
2.1.3.7

Severity Score:
High

Plugin Slug:
nepali-date-converter

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.0

Severity Score:
Medium

Plugin Slug:
otpless

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.59

Severity Score:
High

Plugin Slug:
wpc-admin-columns

Installations
700+

Vulnerability:
Privilege Escalation

Patched in Version:
2.1.1

Severity Score:
High

Plugin Slug:
product-tabs-for-woocommerce

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.1

Severity Score:
Medium

Plugin Slug:
wc-shipos-delivery

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.0

Severity Score:
High

Plugin Slug:
wp-subscription-forms

Installations
500+

Vulnerability:
Local File Inclusion

Patched in Version:
1.2.5

Severity Score:
High

Plugin Slug:
z-companion

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.2

Severity Score:
Medium

Plugin Slug:
administrator-z

Installations
400+

Vulnerability:
Privilege Escalation

Patched in Version:
2025.03.27

Severity Score:
High

Plugin Slug:
circle-image-slider-with-lightbox

Installations
400+

Vulnerability:
SQL Injection

Patched in Version:
1.0.5

Severity Score:
High

Plugin Slug:
mailhawk

Installations
400+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.2

Severity Score:
High

Plugin Slug:
squeeze

Installations
400+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.6.1

Severity Score:
Critical

Plugin Slug:
squeeze

Installations
400+

Vulnerability:
Full Path Disclosure (FPD)

Patched in Version:
1.6.1

Severity Score:
Low

Plugin Slug:
cardgate

Installations
300+

Vulnerability:
SQL Injection

Patched in Version:
3.2.2

Severity Score:
High

Plugin Slug:
crowdfunding-for-woocommerce

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.13

Severity Score:
High

Plugin Slug:
expresstechsoftwares-memberpress-discord-add-on

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.2

Severity Score:
High

Plugin Slug:
ip2location-world-clock

Installations
300+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.10

Severity Score:
High

Plugin Slug:
msrp-for-woocommerce

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.0

Severity Score:
High

Plugin Slug:
posts-table-filterable

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.4

Severity Score:
High

Plugin Slug:
click-pledge-connect

Installations
200+

Vulnerability:
SQL Injection

Patched in Version:
2.24120000-WP6.7.1

Severity Score:
High

Plugin Slug:
totalprocessing-card-payments

Installations
200+

Vulnerability:
Arbitrary File Download

Patched in Version:
7.1.6

Severity Score:
Medium

Plugin Slug:
green-money-payment-gateway

Installations
100+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.0.10

Severity Score:
Medium

Plugin Slug:
indieblocks

Installations
100+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
0.13.2

Severity Score:
Medium

Plugin Slug:
internal-link-finder

Installations
100+

Vulnerability:
Settings Change

Patched in Version:
5.1.3

Severity Score:
Medium

Plugin Slug:
kargo-entegrator

Installations
100+

Vulnerability:
SQL Injection

Patched in Version:
1.1.15

Severity Score:
High

Plugin Slug:
wp-update-mail-notification

Installations
100+

Vulnerability:
Privilege Escalation

Patched in Version:
1.2.0

Severity Score:
High

Plugin Slug:
verowa-connect

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.5

Severity Score:
High

Plugin Slug:
material-dashboard

Installations
80+

Vulnerability:
Privilege Escalation

Patched in Version:
1.4.7

Severity Score:
Critical

Plugin Slug:
material-dashboard

Installations
80+

Vulnerability:
Local File Inclusion

Patched in Version:
1.4.6

Severity Score:
High

Plugin Slug:
dn-shipping-by-weight

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.1

Severity Score:
High

Plugin Slug:
accept-sagepay-payments-using-contact-form-7

Installations
10+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.1

Severity Score:
Medium

Plugin Slug:
ald-login-page

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3

Severity Score:
High

Plugin Slug:
coreactivity

Installations
10+

Vulnerability:
SQL Injection

Patched in Version:
2.7.1

Severity Score:
High

Plugin:

JetBlog

Plugin Slug:
jet-blog

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.3.1

Severity Score:
Medium

Plugin:

JetCompareWishlist

Plugin Slug:
jet-compare-wishlist

Vulnerability:
Local File Inclusion

Patched in Version:
1.5.10

Severity Score:
High

Plugin:

JetEngine

Plugin Slug:
jet-engine

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.5

Severity Score:
Medium

Plugin:

Pagopar – WooCommerce Gateway

Plugin Slug:
pagopar-woocommerce-gateway

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.8.0

Severity Score:
High

Plugin:

WPJobBoard

Plugin Slug:
wpjobboard

Vulnerability:
Path Traversal

Patched in Version:
5.11.1

Severity Score:
Medium

Plugin:

WPJobBoard

Plugin Slug:
wpjobboard

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.11.1

Severity Score:
Critical

Plugin:

WPJobBoard

Plugin Slug:
wpjobboard

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.11.1

Severity Score:
Medium

WordPress Themes — 3 Patched / 12 Unpatched

Theme Slug:
arkhe

Downloads
91,582

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Theme Slug:
industrial-lite

Downloads
100,465

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
spabiz

Downloads
21,133

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

AI Hub

Theme Slug:
aihub

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

Bulk

Theme Slug:
bulk

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Celestial Aura

Theme Slug:
celestial-aura

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

Customify

Theme Slug:
customify-theme

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Eximius

Theme Slug:
eximius

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

Fazyvo

Theme Slug:
fazyvo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme:

Grip

Theme Slug:
grip

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Theme:

Photography

Theme Slug:
photography

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Wireless Butler

Theme Slug:
wireless-butler

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme:

Streamit

Theme Slug:
streamit

Vulnerability:
Arbitrary File Download

Patched in Version:
4.0.2

Severity Score:
Medium

Theme:

Streamit

Theme Slug:
streamit

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.0.2

Severity Score:
Critical

Theme:

Streamit

Theme Slug:
streamit

Vulnerability:
Privilege Escalation

Patched in Version:
4.0.3

Severity Score:
High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security



Source link

Previous

How to edit a WordPress homepage
Chris Corner: Git it – CodePen

Leave a Reply