WordPress Vulnerability Report — July 30, 2025

In this report, 113 vulnerabilities have been publicly disclosed. Security patches for 60 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 53 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

3. WordPress Themes — 13 Patched / 11 Unpatched

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.8.2 was released on July 15, 2025. This maintenance release includes fixes for 20 Core tickets and 15 Block Editor issues. For a full list of bug fixes, please refer to the release candidate announcement.

WordPress Plugins — 50 Patched / 50 Unpatched

Plugin:: Structured Content (JSON-LD) #wpsc
Plugin Slug:: structured-content
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-4608

Plugin:: Graphina – Elementor Charts and Graphs
Plugin Slug:: graphina-elementor-charts-and-graphs
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-23968

Plugin:: WP Links Page
Plugin Slug:: wp-links-page
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30998

Plugin:: Video Blogster Lite
Plugin Slug:: video-blogster-lite
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-47689

Plugin:: Featured Image Plus – Quick & Bulk Edit with Unsplash
Plugin Slug:: featured-image-plus
Installations: 700+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5818

Plugin:: WP Pipes
Plugin Slug:: wp-pipes
Installations: 500+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-28979

Plugin:: CaptionPix
Plugin Slug:: captionpix
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-52788

Plugin:: ONLYOFFICE Docs
Plugin Slug:: onlyoffice
Installations: 100+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-6380

Plugin:: Nginx Cache Purge Preload
Plugin Slug:: fastcgi-cache-purge-and-preload-nginx
Installations: 70+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-6213

Plugin:: AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT
Plugin Slug:: artificial-intelligence-auto-content-generator
Installations: 60+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-50029

Plugin:: Supreme Addons for Beaver Builder –
Plugin Slug:: supreme-addons-for-beaver-builder-lite
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-3669

Plugin:: WP Get The Table
Plugin Slug:: wp-get-the-table
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6387

Plugin:: WooCommerce Point Of Sale (POS)
Plugin Slug:: woo-point-of-salepos
Installations: 40+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-52820

Plugin:: Advanced Google Universal Analytics
Plugin Slug:: advanced-google-universal-analytics
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-28962

Plugin:: Affiliate Plus
Plugin Slug:: affiliate-plus
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7690

Plugin:: Post Grid Master
Plugin Slug:: ajax-filter-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-5084

Plugin:: Birth Chart Compatibility
Plugin Slug:: birth-chart-compatibility
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6082

Plugin:: bSecure – Your Universal Checkout
Plugin Slug:: bsecure
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-6187

Plugin:: Valuation Calculator
Plugin Slug:: commercial-real-estate-valuation-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5753

Plugin:: Droip
Plugin Slug:: droip
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-5831

Plugin:: Droip
Plugin Slug:: droip
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-5835

Plugin:: Fan Page
Plugin Slug:: fan-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6681

Plugin:: Fleetwire Fleet Management
Plugin Slug:: fleetwire-fleet-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6261

Plugin:: Get Youtube Subs
Plugin Slug:: get-youtube-subs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7966

Plugin:: hiWeb Export Posts
Plugin Slug:: hiweb-export-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7640

Plugin:: iThoughts Advanced Code Editor
Plugin Slug:: ithoughts-advanced-code-editor
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7835

Plugin:: Latest Post Accordian Slider
Plugin Slug:: latest-post-accordian-slider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7687

Plugin:: Like & Share My Site
Plugin Slug:: like-share-my-site
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7685

Plugin:: LoginWP – Pro
Plugin Slug:: loginwp-pro
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-46255

Plugin:: Mine CloudVod
Plugin Slug:: mine-cloudvod
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-8071

Plugin:: muse.ai video embedding
Plugin Slug:: muse-ai
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6262

Plugin:: My Reservation System
Plugin Slug:: my-reservation-system
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7022

Plugin:: Omnishop
Plugin Slug:: omnishop
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6215

Plugin:: Omnishop
Plugin Slug:: omnishop
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6214

Plugin:: Orion Login with SMS
Plugin Slug:: orion-login-with-sms
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7692

Plugin:: The E-Commerce ERP
Plugin Slug:: profitori
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-52800

Plugin:: Qwizcards
Plugin Slug:: qwiz-online-quizzes-and-flashcards
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6174

Plugin:: Realty Portal – Agent
Plugin Slug:: realty-portal-agent
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6190

Plugin:: RT-Theme 18 | Extensions
Plugin Slug:: rt18-extensions
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-32288

Plugin:: Social Streams
Plugin Slug:: social-streams
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-7722

Plugin:: Station Pro
Plugin Slug:: station-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7959

Plugin:: Supermalink
Plugin Slug:: supermalink
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-49433

Plugin:: Tablesome Table Premium
Plugin Slug:: tablesome-premium
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-30944

Plugin:: Taeggie Feed
Plugin Slug:: taeggie-feed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6382

Plugin:: Voltax Video Player
Plugin Slug:: voltax-video-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6539

Plugin:: WP Applink
Plugin Slug:: wp-applink
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6385

Plugin:: WP JobHunt
Plugin Slug:: wp-jobhunt
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6585

Plugin:: WP Wallcreeper
Plugin Slug:: wp-wallcreeper
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-7822

Plugin:: YANewsflash
Plugin Slug:: yanewsflash
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6054

Plugin:: YouTube Embed – YouTube Gallery, Vimeo Gallery – WordPress Plugin
Plugin Slug:: youram-youtube-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6692

Plugin:: Elementor Website Builder – More Than Just a Page Builder
Plugin Slug:: elementor
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.30.3
Severity Score:: Medium
CVE:: 2025-4566

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.4.3
Severity Score:: Medium
CVE:: 2025-8015

Plugin:: Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: Broken Authentication
Patched in Version:: 3.3.0
Severity Score:: High
CVE:: 2025-24000

Plugin:: SureForms – Drag and Drop Form Builder for WordPress
Plugin Slug:: sureforms
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.2
Severity Score:: High
CVE:: 2025-5921

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 100,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.9.5
Severity Score:: Medium
CVE:: 2025-7780

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.21
Severity Score:: Medium
CVE:: 2025-4370

Plugin:: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Plugin Slug:: post-and-page-builder
Installations: 60,000+
Vulnerability:: Path Traversal
Patched in Version:: 1.27.9
Severity Score:: Medium
CVE:: 2025-52712

Plugin:: User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.0
Severity Score:: Medium
CVE:: 2025-6831

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4.2
Severity Score:: Medium
CVE:: 2025-7495

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2025.6
Severity Score:: Medium
CVE:: 2025-6987

Plugin:: Timber
Plugin Slug:: timber-library
Installations: 30,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 1.23.3
Severity Score:: Medium
CVE:: 2024-45411

Plugin:: Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks
Plugin Slug:: advanced-gutenberg
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.3.2
Severity Score:: High
CVE:: 2025-48332

Plugin:: CSS & JavaScript Toolbox
Plugin Slug:: css-javascript-toolbox
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 12.0.3
Severity Score:: High
CVE:: 2025-3703

Plugin:: GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.98
Severity Score:: Critical
CVE:: 2024-13507

Plugin:: Wonder Slider Lite
Plugin Slug:: wonderplugin-slider-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 14.5
Severity Score:: Medium
CVE:: 2025-7501

Plugin:: WP REST Cache
Plugin Slug:: wp-rest-cache
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2025.1.1
Severity Score:: High
CVE:: 2025-52716

Plugin:: WPeMatico RSS Feed Fetcher
Plugin Slug:: wpematico
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.8.8
Severity Score:: Medium
CVE:: 2025-8103

Plugin:: Security Ninja – WordPress Security Plugin & Firewall
Plugin Slug:: security-ninja
Installations: 9,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 5.243
Severity Score:: Medium
CVE:: 2025-8009

Plugin:: ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.9.5.4
Severity Score:: High
CVE:: 2025-49033

Plugin:: Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
Plugin Slug:: extensions-for-cf7
Installations: 6,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.2.9
Severity Score:: High
CVE:: 2025-7645

Plugin:: Simple File List
Plugin Slug:: simple-file-list
Installations: 6,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 6.1.15
Severity Score:: High
CVE:: 2025-54021

Plugin:: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Plugin Slug:: magical-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2025-8196

Plugin:: Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions
Plugin Slug:: wp-memory
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.99
Severity Score:: Medium
CVE:: 2025-8104

Plugin:: Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings
Plugin Slug:: hydra-booking
Installations: 3,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.1.19
Severity Score:: High
CVE:: 2025-7689

Plugin:: Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery
Plugin Slug:: pixel-gallery
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2025-7644

Plugin:: Geo Mashup
Plugin Slug:: geo-mashup
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.13.17
Severity Score:: Critical
CVE:: 2025-48293

Plugin:: Melapress Login Security
Plugin Slug:: melapress-login-security
Installations: 2,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.2.0
Severity Score:: Critical
CVE:: 2025-6895

Plugin:: Custom API for WP
Plugin Slug:: custom-api-for-wp
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 4.2.3
Severity Score:: Critical
CVE:: 2025-54049

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.8013
Severity Score:: Critical
CVE:: 2025-7437

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8013
Severity Score:: Medium
CVE:: 2025-7486

Plugin:: Frontend File Manager Plugin
Plugin Slug:: nmedia-user-file-uploader
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 22.0
Severity Score:: High
CVE:: 2023-7306

Plugin:: SEOPress for MainWP
Plugin Slug:: seopress-for-mainwp
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5
Severity Score:: High
CVE:: 2025-48298

Plugin:: StreamWeasels Twitch Integration
Plugin Slug:: streamweasels-twitch-integration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.4
Severity Score:: Medium
CVE:: 2025-7809

Plugin:: SureDash
Plugin Slug:: suredash
Installations: 500+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.1.0
Severity Score:: High
CVE:: 2025-48164

Plugin:: CRM and Lead Management by vcita
Plugin Slug:: crm-customer-relationship-management-by-vcita
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2025-5240

Plugin:: ReachShip WooCommerce Multi-Carrier & Conditional Shipping
Plugin Slug:: elex-reachship-multi-carrier-conditional-shipping
Installations: 100+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.3.2
Severity Score:: Critical
CVE:: 2025-53213

Plugin:: Dataverse Integration
Plugin Slug:: integration-cds
Installations: 100+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.81.1
Severity Score:: High
CVE:: 2025-7695

Plugin:: Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition
Plugin Slug:: webinar-ignition
Installations: 100+
Vulnerability:: Broken Authentication
Patched in Version:: 4.03.33
Severity Score:: Critical
CVE:: 2025-6441

Plugin:: CM Map Locations – Visualize and share your locations in a few clicks
Plugin Slug:: cm-map-locations
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.7
Severity Score:: High
CVE:: 2025-48151

Plugin:: WPBookit
Plugin Slug:: wpbookit
Installations: 30+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.0.7
Severity Score:: Critical
CVE:: 2025-7852

Plugin:: Elite Video Player
Plugin Slug:: elite-video-player
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.0.7
Severity Score:: High
CVE:: 2025-54044

Plugin:: Foxypress
Plugin Slug:: foxypress
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.4.2.2
Severity Score:: Critical
CVE:: 2012-10020

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5
Severity Score:: Medium
CVE:: 2025-4968

Plugin:: Responsive HTML5 Audio Player PRO With Playlist
Plugin Slug:: lbg-audio2-html5
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.9
Severity Score:: High
CVE:: 2025-54056

Plugin:: Universal Video Player – Addon for WPBakery Page Builder
Plugin Slug:: lbg-universal-video-player-addon-visual-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2.0
Severity Score:: High
CVE:: 2025-53559

Plugin:: Simple Business Directory Pro
Plugin Slug:: simple-business-directory-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 15.5.2
Severity Score:: High
CVE:: 2025-48162

Plugin:: Support Board
Plugin Slug:: supportboard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.1
Severity Score:: High
CVE:: 2025-54027

Plugin:: Support Board
Plugin Slug:: supportboard
Vulnerability:: Local File Inclusion
Patched in Version:: 3.8.1
Severity Score:: High
CVE:: 2025-54031

Plugin:: Youtube Vimeo Video Player and Slider WP Plugin
Plugin Slug:: video-player-youtube-vimeo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9
Severity Score:: High
CVE:: 2025-48159

Plugin:: Wonder Slider
Plugin Slug:: wonderplugin-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 14.5
Severity Score:: Medium
CVE:: 2025-7501

WordPress Themes — 10 Patched / 3 Unpatched

Theme:: Educenter
Theme Slug:: educenter
Downloads: 175,744
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-5529

Theme:: News Magazine X
Theme Slug:: news-magazine-x
Downloads: 27,720
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-24766

Theme:: VidMov
Theme Slug:: vidmov
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-25172

Theme:: Bricks Builder
Theme Slug:: bricks
Vulnerability:: SQL Injection
Patched in Version:: 2.0
Severity Score:: Critical
CVE:: 2025-6495

Theme:: Caliris
Theme Slug:: caliris-wp
Vulnerability:: Local File Inclusion
Patched in Version:: 1.6
Severity Score:: High
CVE:: 2025-48160

Theme:: Cena Store
Theme Slug:: cena
Vulnerability:: Local File Inclusion
Patched in Version:: 2.11.27
Severity Score:: High
CVE:: 2025-48171

Theme:: KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme
Theme Slug:: kallyas
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 4.22.0
Severity Score:: High
CVE:: 2025-6989

Theme:: KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme
Theme Slug:: kallyas
Vulnerability:: Local File Inclusion
Patched in Version:: 4.22.0
Severity Score:: High
CVE:: 2025-6991

Theme:: MediCenter – Health Medical Clinic
Theme Slug:: medicenter
Vulnerability:: PHP Object Injection
Patched in Version:: 15.2
Severity Score:: Critical
CVE:: 2025-54014

Theme:: MinimogWP
Theme Slug:: minimog
Vulnerability:: Content Injection
Patched in Version:: 3.9.1
Severity Score:: High
CVE:: 2025-8198

Theme:: Jobmonster
Theme Slug:: noo-jobmonster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.9
Severity Score:: High
CVE:: 2025-53201

Theme:: Platform
Theme Slug:: platform
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.4
Severity Score:: Critical
CVE:: 2015-10143

Theme:: WoodMart
Theme Slug:: woodmart
Vulnerability:: Broken Access Control
Patched in Version:: 8.2.7
Severity Score:: Medium
CVE:: 2025-8097

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — July 30, 2025 appeared first on SolidWP.

Click here to continue reading this article.

Your WordPress News Dashboard

WordPress Vulnerability Report — July 30, 2025

Table of Contents

WordPress Core

WordPress Plugins — 50 Patched / 50 Unpatched

WordPress Themes — 10 Patched / 3 Unpatched

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Sarah Ulmer

Latest posts

Text widget

Sponsored by WP Mayor

Latest posts

Built with WP RSS Aggregator