WordPress Core
WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.WordPress Plugins — 183 Patched / 42 Unpatched
Product Size Charts Plugin for WooCommerce
Plugin Slug:woo-advanced-product-size-chart
Installations30,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
CVE:2025-23991
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin:Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:youzify
Installations8,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-13368
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin:Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:youzify
Installations8,000+
Vulnerability:Broken Access Control
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-12113
Scroll Styler
Plugin:Scroll Styler
Plugin Slug:scroll-styler
Installations1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
CVE:2025-23990
Broadstreet
Plugin:Broadstreet
Plugin Slug:broadstreet
Installations700+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-11825
Designer – Elementor Addons
Plugin:Designer – Elementor Addons
Plugin Slug:designer
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2025-23987
Internal Link Builder
Plugin:Internal Link Builder
Plugin Slug:internal-link-builder
Installations100+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
CVE:2025-23989
Estatebud – Properties & Listings
Plugin Slug:estatebud-properties-listings
Installations90+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
CVE:2025-23994
Linear
Plugin:Linear
Plugin Slug:linear
Installations70+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-13709
1003 Mortgage Application
Plugin:1003 Mortgage Application
Plugin Slug:1003-mortgage-application
Vulnerability:Sensitive Data Exposure
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-13536
ABC Notation
Plugin:ABC Notation
Plugin Slug:abc-notation
Vulnerability:Arbitrary File Download
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-13550
Altra Side Menu
Plugin:Altra Side Menu
Plugin Slug:altra-side-menu
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-12774
Altra Side Menu
Plugin:Altra Side Menu
Plugin Slug:altra-side-menu
Vulnerability:SQL Injection
Patched in Version:No Fix
Severity Score:High
CVE:2024-12773
AnyRoad
Plugin:AnyRoad
Plugin Slug:anyguide
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
CVE:2025-23996
Ask Me Anything (Anonymously)
Plugin:Ask Me Anything (Anonymously)
Plugin Slug:ask-me-anything-anonymously
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-12512
Automate Hub
Plugin:Automate Hub
Plugin Slug:automate-hub-free-by-sperse-io
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-13683
Automate Hub
Plugin:Automate Hub
Plugin Slug:automate-hub-free-by-sperse-io
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
CVE:2024-11377
BMLT Meeting Map
Plugin:BMLT Meeting Map
Plugin Slug:bmlt-meeting-map
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-12494
brodos.net Onlineshop Plugin
Plugin:brodos.net Onlineshop Plugin
Plugin Slug:brodos-net-onlineshop
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-12529
Connections
Plugin:Connections
Plugin Slug:connections1
Vulnerability:Arbitrary File Deletion
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-12885
Dental Optimizer Patient Generator App
Plugin:Dental Optimizer Patient Generator App
Plugin Slug:dental-optimizer-patient-generator-app
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
CVE:2024-13052
Dyn Business Panel
Plugin:Dyn Business Panel
Plugin Slug:dyn-business-panel
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
CVE:2024-13057
Dyn Business Panel
Plugin:Dyn Business Panel
Plugin Slug:dyn-business-panel
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
CVE:2024-13055
Easy Real Estate
Plugin:Easy Real Estate
Plugin Slug:easy-real-estate
Vulnerability:Privilege Escalation
Patched in Version:No Fix
Severity Score:Critical
CVE:2024-32555
Etsy Importer
Plugin:Etsy Importer
Plugin Slug:etsy-importer
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-12817
Fare Calculator
Plugin:Fare Calculator
Plugin Slug:fare-calculator
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
CVE:2025-23982
FlashCounter
Plugin:FlashCounter
Plugin Slug:flashcounter
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
CVE:2025-23978
Post Title (TypeWriter)
Plugin:Post Title (TypeWriter)
Plugin Slug:flashnews-typewriter-pearlbells
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:Critical
CVE:2024-56012
Full Circle
Plugin:Full Circle
Plugin Slug:full-circle
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
CVE:2025-23980
Issuu Panel
Plugin:Issuu Panel
Plugin Slug:issuu-panel
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
CVE:2025-23976
Masy Gallery
Plugin:Masy Gallery
Plugin Slug:masy-gallery
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-13586
NOTICE BOARD BY TOWKIR
Plugin:NOTICE BOARD BY TOWKIR
Plugin Slug:notice-board-by-towkir
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-12816
WordPress SEO Friendly Accordion FAQ
Plugin:WordPress SEO Friendly Accordion FAQ
Plugin Slug:notice-faq
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-13458
Post Carousel Slider
Plugin:Post Carousel Slider
Plugin Slug:post-carousel-slider
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
CVE:2025-23977
Power Ups for Elementor
Plugin:Power Ups for Elementor
Plugin Slug:power-ups-for-elementor
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-13548
PPO Call To Actions
Plugin:PPO Call To Actions
Plugin Slug:ppo-call-to-actions
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:No Fix
Severity Score:High
CVE:2025-24001
SEO Blogger to WordPress Migration using 301 Redirection
Plugin:SEO Blogger to WordPress Migration using 301 Redirection
Plugin Slug:seo-blogger-to-wordpress-301-redirector
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
CVE:2024-13422
Social Share Buttons for WordPress
Plugin:Social Share Buttons for WordPress
Plugin Slug:share-buttons
Vulnerability:Path Traversal
Patched in Version:No Fix
Severity Score:High
CVE:2024-13117
WP All Import Pro
Plugin:WP All Import Pro
Plugin Slug:wp-all-import-pro
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:Medium
CVE:2024-8722
WP Contact Form7 Email Spam Blocker
Plugin:WP Contact Form7 Email Spam Blocker
Plugin Slug:wp-contact-form7-email-spam-blocker
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
CVE:2024-13467
WP Triggers Lite
Plugin:WP Triggers Lite
Plugin Slug:wp-triggers-lite
Vulnerability:SQL Injection
Patched in Version:No Fix
Severity Score:High
CVE:2024-13095
WP Triggers Lite
Plugin:WP Triggers Lite
Plugin Slug:wp-triggers-lite
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:No Fix
Severity Score:High
CVE:2024-13094
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
Plugin Slug:really-simple-ssl
Installations4,000,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:9.2.0
Severity Score:Medium
CVE:2025-24623
Starter Templates — Elementor, WordPress & Beaver Builder Templates
Plugin Slug:astra-sites
Installations1,000,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:4.4.10
Severity Score:Medium
CVE:2025-24568
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin:Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:popup-maker
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.20.3
Severity Score:Medium
CVE:2025-24746
The Events Calendar
Plugin:The Events Calendar
Plugin Slug:the-events-calendar
Installations700,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:6.9.1
Severity Score:Medium
CVE:2024-12118
Page Builder Gutenberg Blocks – CoBlocks
Plugin Slug:coblocks
Installations400,000+
Vulnerability:Broken Access Control
Patched in Version:3.1.14
Severity Score:Medium
CVE:2025-24751
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)
Plugin Slug:google-analytics-dashboard-for-wp
Installations400,000+
Vulnerability:Broken Access Control
Patched in Version:8.2.0
Severity Score:Medium
CVE:2025-24750
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Plugin Slug:kadence-blocks
Installations400,000+
Vulnerability:Broken Access Control
Patched in Version:3.3.2
Severity Score:Medium
CVE:2025-24753
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider
Plugin Slug:fluent-smtp
Installations300,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.2.81
Severity Score:Medium
CVE:2025-24739
WP Go Maps (formerly WP Google Maps)
Plugin Slug:wp-google-maps
Installations300,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:9.0.41
Severity Score:Medium
CVE:2025-24742
Call Now Button – The #1 Click to Call Button for WordPress
Plugin Slug:call-now-button
Installations200,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.4.14
Severity Score:Medium
CVE:2025-24738
Page Builder: Pagelayer – Drag and Drop website builder
Plugin Slug:pagelayer
Installations200,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.9.5
Severity Score:Medium
CVE:2025-24573
Post Duplicator
Plugin:Post Duplicator
Plugin Slug:post-duplicator
Installations200,000+
Vulnerability:Broken Access Control
Patched in Version:2.36
Severity Score:Medium
CVE:2025-24736
Admin and Site Enhancements (ASE)
Plugin Slug:admin-site-enhancements
Installations100,000+
Vulnerability:Broken Access Control
Patched in Version:7.6.3
Severity Score:Medium
CVE:2025-24649
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider)
Plugin Slug:bdthemes-prime-slider-lite
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.16.6
Severity Score:Medium
CVE:2024-12043
Stackable – Page Builder Gutenberg Blocks
Plugin Slug:stackable-ultimate-gutenberg-blocks
Installations100,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.13.12
Severity Score:Medium
CVE:2024-12117
String locator
Plugin:String locator
Plugin Slug:string-locator
Installations100,000+
Vulnerability:PHP Object Injection
Patched in Version:2.6.7
Severity Score:High
CVE:2024-10936
LearnPress – WordPress LMS Plugin
Plugin Slug:learnpress
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.7.5.1
Severity Score:Medium
CVE:2024-13599
LearnPress – WordPress LMS Plugin
Plugin Slug:learnpress
Installations90,000+
Vulnerability:Open Redirection
Patched in Version:4.2.7.2
Severity Score:Medium
CVE:2025-24740
List category posts
Plugin:List category posts
Plugin Slug:list-category-posts
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.90.3
Severity Score:Medium
CVE:2024-9020
Nested Pages
Plugin:Nested Pages
Plugin Slug:wp-nested-pages
Installations90,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.2.10
Severity Score:Medium
CVE:2025-24579
Import and export users and customers
Plugin Slug:import-users-from-csv-with-meta
Installations70,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:1.27.13
Severity Score:Medium
CVE:2025-24689
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Plugin Slug:print-invoices-packing-slip-labels-for-woocommerce
Installations60,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.7.2
Severity Score:Medium
CVE:2025-24644
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Plugin Slug:easy-digital-downloads
Installations50,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.3.3
Severity Score:Medium
CVE:2024-13517
Better Find and Replace
Plugin:Better Find and Replace
Plugin Slug:real-time-auto-find-and-replace
Installations50,000+
Vulnerability:Privilege Escalation
Patched in Version:1.6.8
Severity Score:High
CVE:2025-24734
WP-Polls
Plugin:WP-Polls
Plugin Slug:wp-polls
Installations50,000+
Vulnerability:SQL Injection
Patched in Version:2.77.3
Severity Score:Medium
CVE:2024-13426
Social Share, Social Login and Social Comments Plugin – Super Socializer
Plugin Slug:super-socializer
Installations30,000+
Vulnerability:SQL Injection
Patched in Version:7.14.1
Severity Score:Medium
CVE:2024-13230
Carousel Maker for Divi
Plugin:Carousel Maker for Divi
Plugin Slug:wow-carousel-for-divi-lite
Installations30,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.1.0
Severity Score:Medium
CVE:2025-0350
WP Visitor Statistics (Real Time Traffic)
Plugin Slug:wp-stats-manager
Installations30,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.3
Severity Score:Medium
CVE:2025-24675
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Plugin Slug:bookingpress-appointment-booking
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.26
Severity Score:Medium
CVE:2025-24732
Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:icegram
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.1.32
Severity Score:Medium
CVE:2025-24542
IP2Location Country Blocker
Plugin:IP2Location Country Blocker
Plugin Slug:ip2location-country-blocker
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.38.4
Severity Score:Medium
CVE:2025-24731
RomethemeKit For Elementor
Plugin:RomethemeKit For Elementor
Plugin Slug:rometheme-for-elementor
Installations20,000+
Vulnerability:Broken Access Control
Patched in Version:1.5.3
Severity Score:Medium
CVE:2025-24743
Simple Download Monitor
Plugin:Simple Download Monitor
Plugin Slug:simple-download-monitor
Installations20,000+
Vulnerability:SQL Injection
Patched in Version:3.9.26
Severity Score:High
CVE:2025-24663
Thim Elementor Kit
Plugin:Thim Elementor Kit
Plugin Slug:thim-elementor-kit
Installations20,000+
Vulnerability:Broken Access Control
Patched in Version:1.2.9
Severity Score:Medium
CVE:2025-24725
PPOM – Product Addons & Custom Fields for WooCommerce
Plugin Slug:woocommerce-product-addon
Installations20,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:33.0.9
Severity Score:Medium
CVE:2025-24668
Contact Form Email
Plugin:Contact Form Email
Plugin Slug:contact-form-to-email
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.53
Severity Score:Medium
CVE:2025-24727
WP Customer Area
Plugin:WP Customer Area
Plugin Slug:customer-area
Installations10,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:8.2.5
Severity Score:Medium
CVE:2024-12280
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:gamipress
Installations10,000+
Vulnerability:SQL Injection
Patched in Version:7.2.2
Severity Score:Critical
CVE:2024-13496
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:gamipress
Installations10,000+
Vulnerability:Arbitrary Code Execution
Patched in Version:7.2.2
Severity Score:High
CVE:2024-13495
AI Power: Complete AI Pack
Plugin:AI Power: Complete AI Pack
Plugin Slug:gpt3-ai-content-generator
Installations10,000+
Vulnerability:Broken Access Control
Patched in Version:1.8.97
Severity Score:Medium
CVE:2024-13361
AI Power: Complete AI Pack
Plugin:AI Power: Complete AI Pack
Plugin Slug:gpt3-ai-content-generator
Installations10,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:1.8.97
Severity Score:Medium
CVE:2024-13360
AI Power: Complete AI Pack
Plugin:AI Power: Complete AI Pack
Plugin Slug:gpt3-ai-content-generator
Installations10,000+
Vulnerability:PHP Object Injection
Patched in Version:1.8.97
Severity Score:High
CVE:2025-0429
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Plugin Slug:ht-contactform
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.2
Severity Score:Medium
CVE:2025-24726
AI Chatbot for WordPress – Hyve Lite
Plugin Slug:hyve-lite
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.3
Severity Score:Medium
CVE:2025-24666
JSM Show Post Metadata
Plugin:JSM Show Post Metadata
Plugin Slug:jsm-show-post-meta
Installations10,000+
Vulnerability:Broken Access Control
Patched in Version:4.6.1
Severity Score:Medium
CVE:2025-24589
Link Library
Plugin:Link Library
Plugin Slug:link-library
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.7.3
Severity Score:High
CVE:2024-13404
Modal Window – create popup modal window
Plugin Slug:modal-window
Installations10,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:6.1.5
Severity Score:Medium
CVE:2025-24717
Membership Plugin – Restrict Content
Plugin Slug:restrict-content
Installations10,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:3.2.14
Severity Score:Medium
CVE:2024-11090
Internal Links Manager
Plugin:Internal Links Manager
Plugin Slug:seo-automated-link-building
Installations10,000+
Vulnerability:Broken Access Control
Patched in Version:2.5.3
Severity Score:Medium
CVE:2025-24679
WooCommerce Product Table Lite
Plugin Slug:wc-product-table-lite
Installations10,000+
Vulnerability:Broken Access Control
Patched in Version:3.9.0
Severity Score:Medium
CVE:2025-24596
Countdown Timer – Widget Countdown
Plugin Slug:widget-countdown
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.7.2
Severity Score:Medium
CVE:2025-24719
Export All Posts, Products, Orders, Refunds & Users
Plugin Slug:wp-ultimate-exporter
Installations10,000+
Vulnerability:Arbitrary File Download
Patched in Version:2.9.1
Severity Score:Medium
CVE:2025-24611
WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress
Plugin Slug:wpvr
Installations10,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:8.5.15
Severity Score:Medium
CVE:2025-24730
Essential Real Estate
Plugin:Essential Real Estate
Plugin Slug:essential-real-estate
Installations9,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:5.1.9
Severity Score:Medium
CVE:2025-24698
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:bit-form
Installations8,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:2.17.5
Severity Score:Low
CVE:2024-13450
Sticky Buttons – floating buttons builder
Plugin Slug:sticky-buttons
Installations8,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:4.1.2
Severity Score:Medium
CVE:2025-24720
VikBooking Hotel Booking Engine & PMS
Plugin Slug:vikbooking
Installations8,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.7.3
Severity Score:High
CVE:2024-11641
Product Carousel Slider & Grid Ultimate for WooCommerce
Plugin Slug:woo-product-carousel-slider-and-grid-ultimate
Installations8,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.10.1
Severity Score:Medium
CVE:2025-24681
WP Hotel Booking
Plugin:WP Hotel Booking
Plugin Slug:wp-hotel-booking
Installations8,000+
Vulnerability:Broken Access Control
Patched in Version:2.1.7
Severity Score:Medium
CVE:2024-13447
Xagio SEO
Plugin:Xagio SEO
Plugin Slug:xagio-seo
Installations7,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.0.0.21
Severity Score:Medium
CVE:2025-24702
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
Plugin Slug:extensions-for-cf7
Installations6,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:3.2.1
Severity Score:Medium
CVE:2025-24695
Side Menu Lite – add sticky fixed buttons
Plugin Slug:side-menu-lite
Installations6,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:5.3.2
Severity Score:Medium
CVE:2025-24724
Super block slider – Responsive image & content slider
Plugin Slug:super-block-slider
Installations6,000+
Vulnerability:Broken Access Control
Patched in Version:2.8
Severity Score:Medium
CVE:2025-24682
Themify Builder
Plugin:Themify Builder
Plugin Slug:themify-builder
Installations6,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.6.7
Severity Score:High
CVE:2024-13319
Button Generator – easily Button Builder
Plugin Slug:button-generation
Installations5,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:3.1.2
Severity Score:Medium
CVE:2025-24713
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution
Plugin Slug:dc-woocommerce-multi-vendor
Installations5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.2.14
Severity Score:Medium
CVE:2025-24706
ElementInvader Addons for Elementor
Plugin Slug:elementinvader-addons-for-elementor
Installations5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.4
Severity Score:Medium
CVE:2025-24729
ElementInvader Addons for Elementor
Plugin Slug:elementinvader-addons-for-elementor
Installations5,000+
Vulnerability:Broken Access Control
Patched in Version:1.3.2
Severity Score:Medium
CVE:2025-24618
ElementInvader Addons for Elementor
Plugin Slug:elementinvader-addons-for-elementor
Installations5,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.1
Severity Score:Medium
CVE:2025-24578
Variation Swatches for WooCommerce
Plugin Slug:th-variation-swatches
Installations5,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.3.3
Severity Score:Medium
CVE:2024-13511
Custom Product Tabs Lite for WooCommerce
Plugin Slug:woocommerce-custom-product-tabs-lite
Installations5,000+
Vulnerability:PHP Object Injection
Patched in Version:1.9.1
Severity Score:High
CVE:2024-12600
Import WP – Export and Import CSV and XML files to WordPress
Plugin Slug:jc-importer
Installations4,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:2.14.6
Severity Score:High
CVE:2024-13562
Popup Box: Create Popups Easily
Plugin Slug:popup-box
Installations4,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:3.2.5
Severity Score:Medium
CVE:2025-24711
RSVP and Event Management
Plugin:RSVP and Event Management
Plugin Slug:rsvp
Installations4,000+
Vulnerability:SQL Injection
Patched in Version:2.7.15
Severity Score:High
CVE:2025-24683
Premium Packages – Sell Digital Products Securely
Plugin Slug:wpdm-premium-packages
Installations4,000+
Vulnerability:SQL Injection
Patched in Version:5.9.7
Severity Score:High
CVE:2025-24659
XML for Google Merchant Center
Plugin Slug:xml-for-google-merchant-center
Installations4,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.0.12
Severity Score:High
CVE:2024-13406
HelloAsso
Plugin:HelloAsso
Plugin Slug:helloasso
Installations3,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.12
Severity Score:Medium
CVE:2025-24575
Multiple Page Generator Plugin – MPG
Plugin Slug:multiple-pages-generator-by-porthas
Installations3,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:4.0.6
Severity Score:Medium
CVE:2024-10705
Patreon WordPress
Plugin:Patreon WordPress
Plugin Slug:patreon-connect
Installations3,000+
Vulnerability:Broken Access Control
Patched in Version:1.9.2
Severity Score:Medium
CVE:2025-24588
Paytium: Mollie payment forms & donations
Plugin Slug:paytium
Installations3,000+
Vulnerability:Full Path Disclosure (FPD)
Patched in Version:4.4.12
Severity Score:Medium
CVE:2025-24552
Ultimate Coming Soon & Maintenance
Plugin Slug:ultimate-coming-soon
Installations3,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.1.0
Severity Score:Medium
CVE:2025-24543
Ultimate Coming Soon & Maintenance
Plugin Slug:ultimate-coming-soon
Installations3,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.1.0
Severity Score:Medium
CVE:2025-24546
Auction Nudge – Your eBay on Your Site
Plugin Slug:auction-nudge
Installations2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:7.2.1
Severity Score:Medium
CVE:2025-24658
Chained Quiz
Plugin:Chained Quiz
Plugin Slug:chained-quiz
Installations2,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:1.3.3
Severity Score:Medium
CVE:2025-24701
Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site
Plugin Slug:counter-box
Installations2,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.0.6
Severity Score:Medium
CVE:2025-24715
Email Subscription Popup
Plugin:Email Subscription Popup
Plugin Slug:email-subscribe
Installations2,000+
Vulnerability:SQL Injection
Patched in Version:<= 1.2.24
Severity Score:High
CVE:2025-24587
Social Proof Popups & Real-Time Notifications – Herd Effects
Plugin Slug:mwp-herd-effect
Installations2,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:6.2.2
Severity Score:Medium
CVE:2025-24716
Plethora Plugins Tabs + Accordions
Plugin Slug:plethora-tabs-accordions
Installations2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2
Severity Score:Medium
CVE:2024-13721
Plethora Plugins Tabs + Accordions
Plugin Slug:plethora-tabs-accordions
Installations2,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.1
Severity Score:Medium
CVE:2025-24709
Comment Edit Core – Simple Comment Editing
Plugin Slug:simple-comment-editing
Installations2,000+
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:3.1.0
Severity Score:Medium
CVE:2025-24703
Product Table by WBW
Plugin:Product Table by WBW
Plugin Slug:woo-product-tables
Installations2,000+
Vulnerability:SQL Injection
Patched in Version:2.1.3
Severity Score:Critical
CVE:2024-13234
WooCommerce Quick View
Plugin:WooCommerce Quick View
Plugin Slug:woo-quick-view
Installations2,000+
Vulnerability:Sensitive Data Exposure
Patched in Version:1.1.3
Severity Score:Medium
CVE:2025-24705
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
Plugin Slug:a4-barcode-generator
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:3.4.11
Severity Score:Medium
CVE:2025-24603
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:ajax-filter-posts
Installations1,000+
Vulnerability:Local File Inclusion
Patched in Version:3.4.13
Severity Score:Medium
CVE:2025-24733
Visual Website Collaboration, Feedback & Project Management – Atarim
Plugin Slug:atarim-visual-collaboration
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.0.9
Severity Score:High
CVE:2025-24570
Bubble Menu – Sticky Navigation with Floating Button Menu Solution
Plugin Slug:bubble-menu
Installations1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:4.0.3
Severity Score:Medium
CVE:2025-24714
Event post
Plugin:Event post
Plugin Slug:event-post
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:5.9.8
Severity Score:Medium
CVE:2025-24585
Flexmls® IDX Plugin
Plugin:Flexmls® IDX Plugin
Plugin Slug:flexmls-idx
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.14.27
Severity Score:Medium
CVE:2024-10552
WP Fast Total Search – The Power of Indexed Search
Plugin Slug:fulltext-search
Installations1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.79.262
Severity Score:Medium
CVE:2025-24572
WP Fast Total Search – The Power of Indexed Search
Plugin Slug:fulltext-search
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:1.79.262
Severity Score:Medium
CVE:2025-24571
KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin
Plugin Slug:kb-support
Installations1,000+
Vulnerability:Open Redirection
Patched in Version:1.6.8
Severity Score:Medium
CVE:2025-24741
GDPR CCPA Compliance & Cookie Consent Banner
Plugin Slug:ninja-gdpr-compliance
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:2.7.2
Severity Score:Medium
CVE:2025-24591
GoHero Store Customizer for WooCommerce
Plugin Slug:personalize-woocommerce-cart-page
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:4.0
Severity Score:Medium
CVE:2024-12826
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget
Plugin Slug:post-grid-carousel-ultimate
Installations1,000+
Vulnerability:Local File Inclusion
Patched in Version:1.7
Severity Score:Medium
CVE:2025-24782
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
Plugin Slug:responsive-addons-for-elementor
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.6.5
Severity Score:Medium
CVE:2024-13354
Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates
Plugin Slug:sastra-essential-addons-for-elementor
Installations1,000+
Vulnerability:Broken Access Control
Patched in Version:1.0.15
Severity Score:Medium
CVE:2024-13335
Save as PDF Plugin by Pdfcrowd
Plugin Slug:save-as-pdf-by-pdfcrowd
Installations1,000+
Vulnerability:PHP Object Injection
Patched in Version:4.4.1
Severity Score:Critical
CVE:2025-24671
Tainacan
Plugin:Tainacan
Plugin Slug:tainacan
Installations1,000+
Vulnerability:SQL Injection
Patched in Version:0.21.13
Severity Score:High
CVE:2024-13236
Tamara Checkout
Plugin:Tamara Checkout
Plugin Slug:tamara-checkout
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.9.9.1
Severity Score:Medium
CVE:2025-23997
Toocheke Companion
Plugin:Toocheke Companion
Plugin Slug:toocheke-companion
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.167
Severity Score:Medium
CVE:2025-23992
Tourfic – Ultimate Hotel Booking, Travel Booking & Car Rental WordPress Plugin | WooCommerce Booking
Plugin:Tourfic – Ultimate Hotel Booking, Travel Booking & Car Rental WordPress Plugin | WooCommerce Booking
Plugin Slug:tourfic
Installations1,000+
Vulnerability:Arbitrary File Upload
Patched in Version:2.15.4
Severity Score:Critical
CVE:2025-24650
WooCommerce Cloak Affiliate Links
Plugin Slug:woocommerce-cloak-affiliate-links
Installations1,000+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.0.36
Severity Score:Medium
CVE:2025-24647
MDTF – Meta Data and Taxonomies Filter
Plugin Slug:wp-meta-data-filter-and-taxonomy-filter
Installations1,000+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.3.7
Severity Score:Medium
CVE:2024-13340
12 Step Meeting List
Plugin:12 Step Meeting List
Plugin Slug:12-step-meeting-list
Installations800+
Vulnerability:Sensitive Data Exposure
Patched in Version:3.16.6
Severity Score:Medium
CVE:2025-24582
12 Step Meeting List
Plugin:12 Step Meeting List
Plugin Slug:12-step-meeting-list
Installations800+
Vulnerability:Arbitrary Content Deletion
Patched in Version:3.16.6
Severity Score:Medium
CVE:2025-24580
Booking Calendar Contact Form
Plugin Slug:booking-calendar-contact-form
Installations700+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.56
Severity Score:Medium
CVE:2025-24723
Easy YouTube Gallery
Plugin:Easy YouTube Gallery
Plugin Slug:easy-youtube-gallery
Installations600+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.0.5
Severity Score:Medium
CVE:2025-24721
FireCask Like & Share Button
Plugin:FireCask Like & Share Button
Plugin Slug:facebook-like-send-button
Installations600+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3
Severity Score:Medium
CVE:2024-11226
Wishlist for WooCommerce
Plugin:Wishlist for WooCommerce
Plugin Slug:wt-woocommerce-wishlist
Installations600+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.1.3
Severity Score:Medium
CVE:2025-24657
Create with Code
Plugin:Create with Code
Plugin Slug:create-with-code
Installations500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.5
Severity Score:Medium
CVE:2025-24638
Job Board Manager
Plugin:Job Board Manager
Plugin Slug:job-board-manager
Installations500+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.1.60
Severity Score:Medium
CVE:2025-24622
Ketchup Shortcodes
Plugin:Ketchup Shortcodes
Plugin Slug:ketchup-shortcodes-pack
Installations500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.2.1
Severity Score:Medium
CVE:2025-24673
Listamester
Plugin:Listamester
Plugin Slug:listamester
Installations500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.3.5
Severity Score:Medium
CVE:2025-24678
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO
Plugin Slug:wp-google-street-view
Installations500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.4
Severity Score:Medium
CVE:2024-13542
WP Multi Store Locator
Plugin:WP Multi Store Locator
Plugin Slug:wp-multi-store-locator
Installations500+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.5.1
Severity Score:High
CVE:2025-24680
Form Builder CP
Plugin:Form Builder CP
Plugin Slug:cp-easy-form-builder
Installations400+
Vulnerability:SQL Injection
Patched in Version:1.2.42
Severity Score:High
CVE:2025-24672
MachForm Shortcode
Plugin:MachForm Shortcode
Plugin Slug:machform-shortcode
Installations400+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.5.0
Severity Score:High
CVE:2025-24636
Picture Gallery – Frontend Image Uploads, AJAX Photo List
Plugin Slug:picture-gallery
Installations400+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.5.20
Severity Score:Medium
CVE:2024-13584
SERPed.net
Plugin:SERPed.net
Plugin Slug:serped-net
Installations400+
Vulnerability:SQL Injection
Patched in Version:4.6
Severity Score:High
CVE:2025-24669
aDirectory – WordPress Directory Listing Plugin
Plugin Slug:adirectory
Installations300+
Vulnerability:PHP Object Injection
Patched in Version:1.9
Severity Score:High
All Embed – Elementor Addons
Plugin:All Embed – Elementor Addons
Plugin Slug:all-embed-addons-for-elementor
Installations300+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.4
Severity Score:Medium
CVE:2025-24595
Gutenberg Blocks and Page Layouts – Attire Blocks
Plugin Slug:attire-blocks
Installations300+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.9.7
Severity Score:Medium
CVE:2025-24696
WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Plugin Slug:cf7-dynamics-crm
Installations300+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.7
Severity Score:High
CVE:2025-24708
RSVPMaker
Plugin:RSVPMaker
Plugin Slug:rsvpmaker
Installations300+
Vulnerability:Broken Access Control
Patched in Version:11.4.6
Severity Score:Medium
CVE:2025-24600
Build Private Store For Woocommerce
Plugin Slug:build-private-store-for-woocommerce
Installations200+
Vulnerability:Broken Access Control
Patched in Version:1..1
Severity Score:Medium
CVE:2025-24633
WP Duplicate – WordPress Migration Plugin
Plugin Slug:local-sync
Installations200+
Vulnerability:Broken Access Control
Patched in Version:1.1.7
Severity Score:Medium
CVE:2025-24652
Magic the Gathering Card Tooltips
Plugin Slug:magic-the-gathering-card-tooltips
Installations200+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.5.0
Severity Score:Medium
CVE:2025-24704
ShMapper by Teplitsa
Plugin:ShMapper by Teplitsa
Plugin Slug:shmapper-by-teplitsa
Installations200+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.5.1
Severity Score:Medium
CVE:2025-24674
Taxonomy/Term and Role based Discounts for WooCommerce
Plugin Slug:taxonomy-discounts-woocommerce
Installations200+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:5.2
Severity Score:Medium
CVE:2025-24625
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
Plugin Slug:v-form
Installations200+
Vulnerability:Broken Access Control
Patched in Version:3.0.7
Severity Score:Medium
CVE:2025-24604
Advanced Notifications
Plugin:Advanced Notifications
Plugin Slug:advanced-notifications
Installations100+
Vulnerability:Broken Access Control
Patched in Version:1.2.8
Severity Score:Medium
CVE:2025-24693
Blur Text
Plugin:Blur Text
Plugin Slug:blur-text
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.0.0
Severity Score:Medium
CVE:2025-24627
Target Video Easy Publish
Plugin:Target Video Easy Publish
Plugin Slug:brid-video-easy-publish
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.8.4
Severity Score:High
CVE:2024-12076
Bug Library
Plugin:Bug Library
Plugin Slug:bug-library
Installations100+
Vulnerability:SQL Injection
Patched in Version:2.1.5
Severity Score:High
CVE:2025-24728
Linet ERP-Woocommerce Integration Plugin
Plugin Slug:linet-erp-woocommerce-integration
Installations100+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:3.5.8
Severity Score:Medium
CVE:2025-24594
Morkva UA Shipping
Plugin:Morkva UA Shipping
Plugin Slug:morkva-ua-shipping
Installations100+
Vulnerability:Local File Inclusion
Patched in Version:1.0.20
Severity Score:High
CVE:2025-24685
Orbisius Simple Notice
Plugin:Orbisius Simple Notice
Plugin Slug:orbisius-simple-notice
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.1.4
Severity Score:Medium
CVE:2025-24634
People Lists
Plugin:People Lists
Plugin Slug:people-lists
Installations100+
Vulnerability:Broken Access Control
Patched in Version:2.0.0
Severity Score:Medium
CVE:2025-24691
Precious Metals Charts and Widgets for WordPress
Plugin Slug:precious-metals-chart-and-widgets
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.9
Severity Score:Medium
CVE:2024-13572
Roi Calculator
Plugin:Roi Calculator
Plugin Slug:roi-calculator
Installations100+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.1
Severity Score:High
CVE:2025-24756
Show/Hide Shortcode
Plugin:Show/Hide Shortcode
Plugin Slug:showhide-shortcode
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.0.1
Severity Score:Medium
CVE:2025-24687
Simple Downloads List
Plugin:Simple Downloads List
Plugin Slug:simple-downloads-list
Installations100+
Vulnerability:SQL Injection
Patched in Version:1.4.3
Severity Score:High
CVE:2024-13594
FV Thoughtful Comments
Plugin:FV Thoughtful Comments
Plugin Slug:thoughtful-comments
Installations100+
Vulnerability:Broken Access Control
Patched in Version:0.3.6
Severity Score:Medium
CVE:2025-24613
WC Affiliate – A Complete WooCommerce Affiliate Plugin
Plugin Slug:wc-affiliate
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.4
Severity Score:High
CVE:2024-12321
WC Affiliate – A Complete WooCommerce Affiliate Plugin
Plugin Slug:wc-affiliate
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.5
Severity Score:High
CVE:2024-12334
WP-BibTeX
Plugin:WP-BibTeX
Plugin Slug:wp-bibtex
Installations100+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.0.2
Severity Score:High
CVE:2024-12005
PDF Invoices for WooCommerce + Drag and Drop Template Builder
Plugin Slug:pdf-for-woocommerce
Installations90+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:4.7.0
Severity Score:Medium
CVE:2025-24755
Dynamic URL SEO
Plugin:Dynamic URL SEO
Plugin Slug:dynamic-url-seo
Installations80+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.2
Severity Score:Medium
CVE:2025-23985
Restrict Anonymous Access
Plugin:Restrict Anonymous Access
Plugin Slug:restrict-anonymous-access
Installations80+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.2.1
Severity Score:Medium
CVE:2025-24610
WPBookit
Plugin:WPBookit
Plugin Slug:wpbookit
Installations80+
Vulnerability:Arbitrary File Upload
Patched in Version:1.6.10
Severity Score:Critical
CVE:2025-0357
Simple Gallery with Filter
Plugin:Simple Gallery with Filter
Plugin Slug:simple-gallery-with-filter
Installations70+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.1
Severity Score:Medium
CVE:2024-13583
Bilingual Linker
Plugin:Bilingual Linker
Plugin Slug:bilingual-linker
Installations60+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.4.1
Severity Score:Medium
CVE:2024-13441
Cliptakes
Plugin:Cliptakes
Plugin Slug:cliptakes
Installations60+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.3.5
Severity Score:Medium
CVE:2024-13389
FAQ Builder AYS
Plugin:FAQ Builder AYS
Plugin Slug:faq-builder-ays
Installations60+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:1.7.4
Severity Score:Medium
CVE:2025-24722
Radius Blocks – WordPress Gutenberg Blocks
Plugin Slug:radius-blocks
Installations60+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.2.0
Severity Score:Medium
CVE:2025-24712
wp-greet
Plugin:wp-greet
Plugin Slug:wp-greet
Installations60+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:6.3
Severity Score:High
CVE:2024-13444
Boom Fest
Plugin:Boom Fest
Plugin Slug:boom-fest
Installations50+
Vulnerability:Broken Access Control
Patched in Version:2.2.2
Severity Score:Medium
CVE:2024-13449
Caching Compatible Cookie Opt-In and JavaScript
Plugin Slug:caching-compatible-cookie-optin-and-javascript
Installations30+
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:0.0.11
Severity Score:Medium
CVE:2025-24547
Subscription DNA®
Plugin:Subscription DNA®
Plugin Slug:subscriptiondna
Installations20+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:2.2
Severity Score:High
CVE:2025-24555
KBucket: Your Curated Content in WordPress
Plugin Slug:kbucket
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:4.2.2
Severity Score:High
CVE:2025-24562
ReviewsTap
Plugin:ReviewsTap
Plugin Slug:reviewstap
Installations10+
Vulnerability:Cross Site Request Forgery (CSRF)
Patched in Version:1.1.3
Severity Score:High
CVE:2025-24561
Admin and Site Enhancements (ASE) Pro
Plugin:Admin and Site Enhancements (ASE) Pro
Plugin Slug:admin-site-enhancements-pro
Vulnerability:Broken Access Control
Patched in Version:7.6.3
Severity Score:Medium
CVE:2025-24653
BMLT Meeting Map
Plugin:BMLT Meeting Map
Plugin Slug:bmlt-meeting-map
Vulnerability:Local File Inclusion
Patched in Version:2.6.1
Severity Score:High
CVE:2024-13593
Bridge Core
Plugin:Bridge Core
Plugin Slug:bridge-core
Vulnerability:Broken Access Control
Patched in Version:3.3.1
Severity Score:Medium
CVE:2025-24744
Fusion Builder
Plugin:Fusion Builder
Plugin Slug:fusion-builder
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:3.11.12
Severity Score:Medium
CVE:2024-12477
JetElements For Elementor
Plugin:JetElements For Elementor
Plugin Slug:jet-elements
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:2.7.3
Severity Score:Medium
CVE:2025-0371
Oshine Modules
Plugin:Oshine Modules
Plugin Slug:oshine-modules
Vulnerability:Server Side Request Forgery (SSRF)
Patched in Version:3.3.8
Severity Score:Medium
CVE:2024-44055
LearnDash LMS
Plugin:LearnDash LMS
Plugin Slug:sfwd-lms
Vulnerability:Broken Access Control
Patched in Version:4.20.0.3
Severity Score:Medium
CVE:2025-24662
ThemeREX Addons
Plugin:ThemeREX Addons
Plugin Slug:trx_addons
Vulnerability:Local File Inclusion
Patched in Version:2.34.0
Severity Score:High
CVE:2025-0682
VideoWhisper Live Streaming Integration
Plugin:VideoWhisper Live Streaming Integration
Plugin Slug:videowhisper-live-streaming-integration
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:6.1.10
Severity Score:Medium
CVE:2024-12504
WPBot Pro WordPress Chatbot
Plugin:WPBot Pro WordPress Chatbot
Plugin Slug:wpbot-pro
Vulnerability:Broken Access Control
Patched in Version:13.5.6
Severity Score:Medium
CVE:2024-12879
WPBot Pro WordPress Chatbot
Plugin:WPBot Pro WordPress Chatbot
Plugin Slug:wpbot-pro
Vulnerability:Arbitrary File Upload
Patched in Version:13.5.6
Severity Score:Critical
CVE:2024-13091
WPJobBoard
Plugin:WPJobBoard
Plugin Slug:wpjobboard
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:5.11.1
Severity Score:High
CVE:2025-24781
WordPress Themes — 7 Patched / 2 Unpatched
Bootstrap Ultimate
Theme:Bootstrap Ultimate
Theme Slug:bootstrap-ultimate
Vulnerability:Local File Inclusion
Patched in Version:No Fix
Severity Score:High
CVE:2024-13545
RealHomes
Theme:RealHomes
Theme Slug:realhomes
Vulnerability:Privilege Escalation
Patched in Version:No Fix
Severity Score:Critical
CVE:2024-32444
AdForest
Theme:AdForest
Theme Slug:adforest
Vulnerability:Broken Authentication
Patched in Version:5.1.9
Severity Score:Critical
CVE:2024-12857
Avada
Theme:Avada
Theme Slug:avada
Vulnerability:Broken Access Control
Patched in Version:7.11.11
Severity Score:Medium
CVE:2025-24748
Betheme
Theme:Betheme
Theme Slug:betheme
Vulnerability:Cross Site Scripting (XSS)
Patched in Version:27.6.2
Severity Score:Medium
CVE:2025-0450
Houzez
Theme:Houzez
Theme Slug:houzez
Vulnerability:Broken Access Control
Patched in Version:3.4.2
Severity Score:Medium
CVE:2025-24747
Houzez
Theme:Houzez
Theme Slug:houzez
Vulnerability:Broken Access Control
Patched in Version:3.4.2
Severity Score:Medium
CVE:2025-24754
uDesign
Theme:uDesign
Theme Slug:udesign
Vulnerability:Broken Access Control
Patched in Version:4.11.3
Severity Score:Medium
CVE:2025-24757
Zox News
Theme:Zox News
Theme Slug:zox-news
Vulnerability:Broken Access Control
Patched in Version:3.17.0
Severity Score:High
CVE:2024-11936