WordPress Vulnerability Report — September 10, 2025

In this report, 297 vulnerabilities have been publicly disclosed. Security patches for 93 of these plugins and themes are now available, so please run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 204 plugin and theme vulnerabilities, and no patch has been available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

3. WordPress Themes — 10 Patched / 92 Unpatched

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.8.2 was released on July 15, 2025. This maintenance release includes fixes for 20 Core tickets and 15 Block Editor issues. For a full list of bug fixes, please refer to the release candidate announcement.

WordPress Plugins — 83 Patched / 112 Unpatched

Plugin:: Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58783

Plugin:: ARI Fancy Lightbox – Popup for WordPress
Plugin Slug:: ari-fancy-lightbox
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58784

Plugin:: Ray Enterprise Translation
Plugin Slug:: lingotek-translation
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58785

Plugin:: Themify Popup
Plugin Slug:: themify-popup
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58787

Plugin:: Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions
Plugin Slug:: wp-full-stripe-free
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58789

Plugin:: Ibtana – Ecommerce Product Addons
Plugin Slug:: ibtana-ecommerce-product-addons
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58786

Plugin:: License Manager for WooCommerce
Plugin Slug:: license-manager-for-woocommerce
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58788

Plugin:: Authors List
Plugin Slug:: authors-list
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58792

Plugin:: Social Sharing Plugin – Kiwi
Plugin Slug:: kiwi-social-share
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58790

Plugin:: Payoneer Checkout
Plugin Slug:: payoneer-checkout
Installations: 5,000+
Vulnerability:: Content Spoofing
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58795

Plugin:: Assistant – Every Day Productivity Apps
Plugin Slug:: assistant
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-53307

Plugin:: BCM Duplicate Menu
Plugin Slug:: bcm-duplicate-menu
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58798

Plugin:: Elementor Element Condition
Plugin Slug:: ele-conditions
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58796

Plugin:: Notification for Telegram
Plugin Slug:: notification-for-telegram
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58794

Plugin:: SEO Auto Linker
Plugin Slug:: wpa-seo-auto-linker
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58791

Plugin:: WPB Elementor Addons
Plugin Slug:: wpb-elementor-addons
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58793

Plugin:: Custom WooCommerce Checkout Fields Editor
Plugin Slug:: add-fields-to-checkout-page-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58799

Plugin:: Ninja Charts – WordPress Charts and Graphs Plugin
Plugin Slug:: ninja-charts
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58797

Plugin:: Responder
Plugin Slug:: responder
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58801

Plugin:: TrustMate.io – WooCommerce integration
Plugin Slug:: trustmate-io-integration-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58802

Plugin:: Widgetize Pages Light
Plugin Slug:: widgetize-pages-light
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58805

Plugin:: WP Email Template
Plugin Slug:: wp-email-template
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58800

Plugin:: WordPress Error Monitoring by Bugsnag
Plugin Slug:: bugsnag
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58806

Plugin:: WordPress prettyPhoto
Plugin Slug:: prettyphoto
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58808

Plugin:: Purge Varnish Cache
Plugin Slug:: purge-varnish
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58807

Plugin:: Brilliant Web-to-Lead for Salesforce
Plugin Slug:: salesforce-wordpress-to-lead
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58809

Plugin:: Simple Link List Widget
Plugin Slug:: simple-link-list-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58810

Plugin:: Ultimate Client Dash
Plugin Slug:: ulimate-client-dash
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58811

Plugin:: Aitasi Coming Soon
Plugin Slug:: aitasi-coming-soon
Installations: 1,000+
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58815

Plugin:: Great Restaurant Menu WP
Plugin Slug:: best-restaurant-menu-by-pricelisto
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58812

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-59005

Plugin:: Easy Flash Embed
Plugin Slug:: easy-flash-embed
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48105

Plugin:: Product Carousel Slider for Elementor
Plugin Slug:: ecommerce-product-carousel-slider-for-elementor
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2025-58816

Plugin:: GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership
Plugin Slug:: gourl-bitcoin-payment-gateway-paid-downloads-membership
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48102

Plugin:: StagTools
Plugin Slug:: stagtools
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58814

Plugin:: Today’s Date Inserter
Plugin Slug:: todays-date-inserter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-48103

Plugin:: Bulk Featured Image
Plugin Slug:: bulk-featured-image
Installations: 900+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-58819

Plugin:: WP Notification Bell
Plugin Slug:: wp-notification-bell
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58821

Plugin:: Developer Tools Blocker
Plugin Slug:: swiftninjapro-inspect-element-console-blocker
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58818

Plugin:: Carousel Ultimate
Plugin Slug:: carousel
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58820

Plugin:: WP Mail
Plugin Slug:: wp-mail
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58822

Plugin:: Comment Form WP – Customize Default Comment Form
Plugin Slug:: comment-form-wp
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58825

Plugin:: Get Cash
Plugin Slug:: get-cash
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58823

Plugin:: ???? ???
Plugin Slug:: mshop-naver-talktalk
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58828

Plugin:: WP Publication Archive
Plugin Slug:: wp-publication-archive
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58826

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Installations: 400+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2025-58827

Plugin:: Parallax Scrolling Enllax.js
Plugin Slug:: parallax-scrolling-enllax-js
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58831

Plugin:: Parallax Scrolling Enllax.js
Plugin Slug:: parallax-scrolling-enllax-js
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58830

Plugin:: Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Plugin Slug:: ai-auto-tool
Installations: 200+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58829

Plugin:: Bonus for Woo
Plugin Slug:: bonus-for-woo
Installations: 200+
Vulnerability:: Other Vulnerability Type
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58835

Plugin:: Custom Team Manager
Plugin Slug:: custom-team-manager
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58840

Plugin:: Donation Forms WP by Givecloud
Plugin Slug:: donation-forms-by-givecloud
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58842

Plugin:: eDS Responsive Menu
Plugin Slug:: eds-responsive-menu
Installations: 200+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58839

Plugin:: Invelity MyGLS connect
Plugin Slug:: invelity-mygls-connect
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58833

Plugin:: Media Author
Plugin Slug:: media-author
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58841

Plugin:: Search by Google
Plugin Slug:: search-google
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58832

Plugin:: Smooth Accordion
Plugin Slug:: smooth-accordion
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58838

Plugin:: SS Font Awesome Icon
Plugin Slug:: ss-font-awesome-icon
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58837

Plugin:: short.io
Plugin Slug:: wp-shortcm
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58834

Plugin:: Add to Feedly
Plugin Slug:: add-to-feedly
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58859

Plugin:: AP HoneyPot WordPress Plugin
Plugin Slug:: ap-honeypot
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58855

Plugin:: Auto Last Youtube Video
Plugin Slug:: auto-last-youtube-video
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58843

Plugin:: Boxed Content
Plugin Slug:: boxed-content
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58851

Plugin:: WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule
Plugin Slug:: buffer-my-post
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58846

Plugin:: Bulk Watermark
Plugin Slug:: bulk-watermark
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58845

Plugin:: connectDaily Events Calendar Plugin
Plugin Slug:: connect-daily-web-calendar
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58862

Plugin:: Table of content
Plugin Slug:: content-table
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58857

Plugin:: Database to Excel
Plugin Slug:: database-to-excel
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58844

Plugin:: FW Anker
Plugin Slug:: fw-anker
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58836

Plugin:: Hide Real Download Path
Plugin Slug:: hide-real-download-path
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58849

Plugin:: MSTW League Manager
Plugin Slug:: mstw-league-manager
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58852

Plugin:: Popping Sidebars and Widgets Light
Plugin Slug:: popping-sidebars-and-widgets-light
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58853

Plugin:: Quick Event Calendar
Plugin Slug:: quick-event-calendar
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58861

Plugin:: Showpass WordPress Extension
Plugin Slug:: showpass
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58850

Plugin:: Ultimate AJAX Login
Plugin Slug:: ultimate-ajax-login
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58854

Plugin:: WN Flipbox Pro
Plugin Slug:: wn-flipbox-pro
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58847

Plugin:: Woocommerce Notify Updated Product
Plugin Slug:: woocommerce-notify-updated-product
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58856

Plugin:: WP likes
Plugin Slug:: wp-likes
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58848

Plugin:: WPB Image Widget
Plugin Slug:: wpb-image-widget
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58858

Plugin:: Enable Latex
Plugin Slug:: enable-latex
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58860

Plugin:: Zoomify embed for WP
Plugin Slug:: zoom-image-shortcode
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58863

Plugin:: ???
Plugin Slug:: jinshuju
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58864

Plugin:: Compact Admin
Plugin Slug:: compact-admin
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58865

Plugin:: Site Info
Plugin Slug:: site-info-dashboard-widget
Installations: 70+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2025-58866

Plugin:: Aparat Video Shortcode
Plugin Slug:: aparat-shortcode
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58876

Plugin:: Easy Download Media Counter
Plugin Slug:: easy-download-media-counter
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58867

Plugin:: Floating Window Music Player
Plugin Slug:: floating-window-music-player
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-48104

Plugin:: Master Paper Collapse Toggle
Plugin Slug:: master-paper-collapse-toggle
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58871

Plugin:: SimaCookie
Plugin Slug:: simasicher-dsgvo-cookie
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58869

Plugin:: SimaCookie
Plugin Slug:: simasicher-dsgvo-cookie
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58868

Plugin:: Pushe Web Push Notification
Plugin Slug:: pushe-webpush
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58873

Plugin:: Simple Price Calculator
Plugin Slug:: simple-price-calculator-basic
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58872

Plugin:: WP Github Gist
Plugin Slug:: wp-github-gist
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58875

Plugin:: WP-GraphViz
Plugin Slug:: wp-graphviz
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58870

Plugin:: WordPress StoryMap Plugin
Plugin Slug:: wp-storymap
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58874

Plugin:: New Simple Gallery
Plugin Slug:: new-simple-gallery
Installations: 30+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-58881

Plugin:: Simple Text Slider
Plugin Slug:: simple-text-slider
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58882

Plugin:: Course Booking Platform
Plugin Slug:: course-booking-platform
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58887

Plugin:: Instant Locations
Plugin Slug:: instant-locations
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58886

Plugin:: Constant Contact for WordPress
Plugin Slug:: constant-contact-api
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-48101

Plugin:: FAT Event – WordPress Event and Calendar Booking
Plugin Slug:: fat-event
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-22508

Plugin:: Make, formerly Integromat Connector
Plugin Slug:: integromat-connector
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-6085

Plugin:: PopAd
Plugin Slug:: popad
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-9616

Plugin:: Recent Posts Widget Extended
Plugin Slug:: recent-posts-widget-extended
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-6757

Plugin:: Search Cloud One
Plugin Slug:: search-cloud-one
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58883

Plugin:: Spirit Framework
Plugin Slug:: spirit-framework
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-49428

Plugin:: Translate This gTranslate Shortcode
Plugin Slug:: translate-this-google-translate-web-element-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58880

Plugin:: Uxper Booking
Plugin Slug:: uxper-booking
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-49891

Plugin:: vipdrv
Plugin Slug:: vipdrv-vip-test-drive
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58884

Plugin:: Woocommerce Gifts Product
Plugin Slug:: woo-gift-product
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58878

Plugin:: WooCommerce Single Page Checkout
Plugin Slug:: woo-single-page-checkout
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58804

Plugin:: WordPress Helpdesk Integration
Plugin Slug:: wp-helpdesk-integration
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-9990

Plugin:: Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 600,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 6.1.2
Severity Score:: Medium
CVE:: 2025-9260

Plugin:: Admin Menu Editor
Plugin Slug:: admin-menu-editor
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.14.1
Severity Score:: Medium
CVE:: 2025-9493

Plugin:: Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.2
Severity Score:: Medium
CVE:: 2025-9219

Plugin:: Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2025-58593

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.6
Severity Score:: Medium
CVE:: 2025-8268

Plugin:: Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Blocks, and Elementor Widgets)
Plugin Slug:: content-views-query-and-display-post-page
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2
Severity Score:: Medium
CVE:: 2025-8722

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.13
Severity Score:: Medium
CVE:: 2025-58594

Plugin:: User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
Plugin Slug:: user-registration
Installations: 60,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.4.0
Severity Score:: High
CVE:: 2025-9085

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Content Injection
Patched in Version:: 3.5.4.3
Severity Score:: Medium
CVE:: 2025-9489

Plugin:: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
Plugin Slug:: easy-facebook-likebox
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.6.8
Severity Score:: Medium
CVE:: 2025-6067

Plugin:: Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 10.2.6
Severity Score:: Critical
CVE:: 2025-49401

Plugin:: Ditty – Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.1.58
Severity Score:: High
CVE:: 2025-8085

Plugin:: Klarna Order Management for WooCommerce
Plugin Slug:: klarna-order-management-for-woocommerce
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.9.9
Severity Score:: Medium
CVE:: 2025-58598

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.5.2
Severity Score:: Medium
CVE:: 2025-8360

Plugin:: Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin
Plugin Slug:: mailoptin
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.75.1
Severity Score:: Medium
CVE:: 2025-58596

Plugin:: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
Plugin Slug:: userswp
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.45
Severity Score:: Critical
CVE:: 2025-10003

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2025-58597

Plugin:: Classified Listing – AI-Powered Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.7
Severity Score:: Medium
CVE:: 2025-58601

Plugin:: MasterStudy LMS WordPress Plugin – for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.16
Severity Score:: Medium
CVE:: 2025-54744

Plugin:: Multi Step Form
Plugin Slug:: multi-step-form
Installations: 10,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.7.26
Severity Score:: High
CVE:: 2025-9515

Plugin:: Order Delivery Date for WooCommerce
Plugin Slug:: order-delivery-date-for-woocommerce
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.0
Severity Score:: Medium
CVE:: 2025-58599

Plugin:: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.16.0
Severity Score:: Medium
CVE:: 2025-58600

Plugin:: Sticky Side Buttons
Plugin Slug:: sticky-side-buttons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2023-3666

Plugin:: Malcure Malware Scanner — #1 Toolset for Malware Removal
Plugin Slug:: wp-malware-removal
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 16.9
Severity Score:: Medium
CVE:: 2025-3701

Plugin:: AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
Plugin Slug:: automatorwp
Installations: 9,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 5.3.7
Severity Score:: High
CVE:: 2025-9539

Plugin:: AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress
Plugin Slug:: automatorwp
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.8
Severity Score:: Medium
CVE:: 2025-9542

Plugin:: If-So Dynamic Content Personalization
Plugin Slug:: if-so
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.4.1
Severity Score:: Medium
CVE:: 2025-58602

Plugin:: aThemes Addons for Elementor
Plugin Slug:: athemes-addons-for-elementor-lite
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2025-8149

Plugin:: Email Marketing, Email Automation, Newsletter & Cart Abandonment for WordPress and WooCommerce – Mail Mint
Plugin Slug:: mail-mint
Installations: 6,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.18.6
Severity Score:: High
CVE:: 2025-58604

Plugin:: Surfer – WordPress Plugin
Plugin Slug:: surferseo
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.5.584
Severity Score:: Medium
CVE:: 2025-58603

Plugin:: Cookie Notice & Consent Banner for GDPR & CCPA Compliance
Plugin Slug:: cookie-notice-and-consent-banner
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.12
Severity Score:: Medium
CVE:: 2025-58607

Plugin:: WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
Plugin Slug:: delicious-recipes
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.8
Severity Score:: Medium
CVE:: 2025-58605

Plugin:: MediaPress
Plugin Slug:: mediapress
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.6.0
Severity Score:: High
CVE:: 2025-58608

Plugin:: Latest Post Shortcode
Plugin Slug:: latest-post-shortcode
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 14.10
Severity Score:: Medium
CVE:: 2025-58609

Plugin:: Gallery PhotoBlocks
Plugin Slug:: photoblocks-grid-gallery
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2025-58610

Plugin:: Posts Table with Search & Sort
Plugin Slug:: posts-data-table
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.11
Severity Score:: Medium
CVE:: 2025-58613

Plugin:: Property Hive
Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2025-58612

Plugin:: Tickera – WordPress Event Ticketing
Plugin Slug:: tickera-event-ticketing-system
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.5.5.8
Severity Score:: Medium
CVE:: 2025-58611

Plugin:: Amministrazione Trasparente
Plugin Slug:: amministrazione-trasparente
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1
Severity Score:: Medium
CVE:: 2025-5083

Plugin:: Tooltipy (tooltips for WP)
Plugin Slug:: bluet-keywords-tooltip-generator
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.9
Severity Score:: Medium
CVE:: 2025-58614

Plugin:: Easy Timer
Plugin Slug:: easy-timer
Installations: 1,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 4.2.2
Severity Score:: High
CVE:: 2025-9519

Plugin:: ELEX WooCommerce Google Shopping (Google Product Feed)
Plugin Slug:: elex-woocommerce-google-product-feed-plugin-basic
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.4.4
Severity Score:: High
CVE:: 2025-10046

Plugin:: F4 Media Taxonomies
Plugin Slug:: f4-media-taxonomies
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2025-58617

Plugin:: InPost Gallery
Plugin Slug:: inpost-gallery
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1.4.6
Severity Score:: High
CVE:: 2025-57889

Plugin:: Mobile Contact Line
Plugin Slug:: mobile-contact-line
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.1
Severity Score:: Medium
CVE:: 2025-58622

Plugin:: PDF for WPForms + Drag and Drop Template Builder
Plugin Slug:: pdf-for-wpforms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.3.0
Severity Score:: Medium
CVE:: 2025-58620

Plugin:: WordPress Events Calendar Plugin – Pie Calendar
Plugin Slug:: pie-calendar
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.9
Severity Score:: Medium
CVE:: 2025-58618

Plugin:: PuzzleMe for WordPress
Plugin Slug:: puzzleme
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2025-58621

Plugin:: Quick Paypal Payments
Plugin Slug:: quick-paypal-payments
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.7.47
Severity Score:: Medium
CVE:: 2025-27003

Plugin:: Frisbii Pay
Plugin Slug:: reepay-checkout-gateway
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.3
Severity Score:: Medium
CVE:: 2025-58616

Plugin:: SKT Addons for Elementor
Plugin Slug:: skt-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8
Severity Score:: Medium
CVE:: 2025-8564

Plugin:: Vayu Blocks – Website Builder for the Block Editor
Plugin Slug:: vayu-blocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.10
Severity Score:: Medium
CVE:: 2025-9378

Plugin:: WP Bannerize Pro
Plugin Slug:: wp-bannerize-pro
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.11.0
Severity Score:: Medium
CVE:: 2025-58615

Plugin:: WP Flow Plus
Plugin Slug:: wp-imageflow2
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.6
Severity Score:: Medium
CVE:: 2025-58625

Plugin:: Show Eventbrite Events – Event Feed for Eventbrite
Plugin Slug:: event-feed-for-eventbrite
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2025-58623

Plugin:: Exchange Rates
Plugin Slug:: exchange-rates
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2025-58624

Plugin:: RumbleTalk Live Group Chat – HTML5
Plugin Slug:: rumbletalk-chat-a-chat-with-themes
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.3.6
Severity Score:: Medium
CVE:: 2025-58626

Plugin:: Simple Matomo Tracking Code
Plugin Slug:: simple-matomo-tracking-code
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2025-58630

Plugin:: Dadevarzan WordPress Common
Plugin Slug:: dadevarzan-common
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2025-58632

Plugin:: IssueM
Plugin Slug:: issuem
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.1
Severity Score:: Medium
CVE:: 2025-58631

Plugin:: Booking Ultra Pro Appointments Booking Calendar Plugin
Plugin Slug:: booking-ultra-pro
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.22
Severity Score:: Medium
CVE:: 2025-58633

Plugin:: Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net
Plugin Slug:: peachpay-for-woocommerce
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.117.5
Severity Score:: Medium
CVE:: 2025-58634

Plugin:: Support Genix – Helpdesk & Customer Support Ticket System
Plugin Slug:: support-genix-lite
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.24
Severity Score:: Medium
CVE:: 2025-58635

Plugin:: immonex Kickstart
Plugin Slug:: immonex-kickstart
Installations: 300+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.11.13
Severity Score:: High
CVE:: 2025-58637

Plugin:: Contact Form By Mega Forms – Drag and Drop Form Builder
Plugin Slug:: mega-forms
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2025-58639

Plugin:: Cloud SAML SSO – Single Sign On Login
Plugin Slug:: cloud-sso-single-sign-on
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.20
Severity Score:: High
CVE:: 2025-7040

Plugin:: Cloud SAML SSO – Single Sign On Login
Plugin Slug:: cloud-sso-single-sign-on
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.20
Severity Score:: Medium
CVE:: 2025-7045

Plugin:: Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF
Plugin Slug:: document-engine
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2025-58640

Plugin:: Smart Table Builder
Plugin Slug:: smart-table-builder
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2025-9126

Plugin:: StreamWeasels Kick Integration
Plugin Slug:: streamweasels-kick-integration
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2025-9442

Plugin:: Html Social share buttons
Plugin Slug:: html-social-share-buttons
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2025-9849

Plugin:: Optio Dentistry
Plugin Slug:: optio-dentistry
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3
Severity Score:: Medium
CVE:: 2025-9853

Plugin:: atec Debug
Plugin Slug:: atec-debug
Installations: 40+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.2.23
Severity Score:: High
CVE:: 2025-9518

Plugin:: atec Debug
Plugin Slug:: atec-debug
Installations: 40+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.2.23
Severity Score:: High
CVE:: 2025-9517

Plugin:: atec Debug
Plugin Slug:: atec-debug
Installations: 40+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.2.23
Severity Score:: Medium
CVE:: 2025-9516

Plugin:: LTL Freight Quotes – Day & Ross Edition
Plugin Slug:: ltl-freight-quotes-day-ross-edition
Installations: 10+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.1.12
Severity Score:: High
CVE:: 2025-58642

Plugin:: ZIP Code Based Content Protection
Plugin Slug:: zip-code-based-content-protection
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.1
Severity Score:: High
CVE:: 2025-59008

Plugin:: Biagiotti Core
Plugin Slug:: biagiotti-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2025-9057

Plugin:: Exit Intent Popup
Plugin Slug:: exitintentpopup
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2025-58641

Plugin:: LTL Freight Quotes – Daylight Edition
Plugin Slug:: ltl-freight-quotes-daylight-edition
Vulnerability:: PHP Object Injection
Patched in Version:: 2.2.8
Severity Score:: High
CVE:: 2025-58643

Plugin:: LTL Freight Quotes – TQL Edition
Plugin Slug:: ltl-freight-quotes-tql-edition
Vulnerability:: PHP Object Injection
Patched in Version:: 1.2.7
Severity Score:: High
CVE:: 2025-58644

Plugin:: Mikado Core
Plugin Slug:: mikado-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: Medium
CVE:: 2025-9058

Plugin:: Wilmer Core
Plugin Slug:: wilmer-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.6
Severity Score:: Medium
CVE:: 2025-9061

WordPress Themes — 10 Patched / 92 Unpatched

Theme:: ConsultStreet
Theme Slug:: consultstreet
Downloads: 581,213
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58813

Theme:: Shk Corporate
Theme Slug:: shk-corporate
Downloads: 105,547
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58824

Theme:: SoftMe
Theme Slug:: softme
Downloads: 155,328
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2025-58817

Theme:: Abogado
Theme Slug:: abogado
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Accalia
Theme Slug:: accalia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Adrena
Theme Slug:: adrena
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Advice
Theme Slug:: advice
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Agora
Theme Slug:: agora
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Alanzo
Theme Slug:: alanzo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Albertino
Theme Slug:: albertino
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Alhambra
Theme Slug:: alhambra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: A.Williams
Theme Slug:: alisha-williams
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: AlphaColor
Theme Slug:: alpha-color
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Anesta
Theme Slug:: anesta
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Angela
Theme Slug:: angela
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: AI ANN
Theme Slug:: ann
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Anubia
Theme Slug:: anubia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Artesia
Theme Slug:: artesia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Asclepius
Theme Slug:: asclepius
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Belicia
Theme Slug:: belicia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: BeYoga
Theme Slug:: beyoga
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Birdily | Travel Agency & Tour Booking WordPress Theme
Theme Slug:: birdily
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Bonko
Theme Slug:: bonko
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Booklovers
Theme Slug:: booklovers
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Callie Britt
Theme Slug:: callie-britt
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Camelia
Theme Slug:: camelia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Carlax
Theme Slug:: carlax
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Carz
Theme Slug:: carz
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: ChainPress
Theme Slug:: chainpress
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Chakra
Theme Slug:: chakra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Chardonnay
Theme Slug:: chardonnay
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Childy
Theme Slug:: childly
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Chrimson
Theme Slug:: chrimson
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: City Hostel
Theme Slug:: cityhostel
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: 69 Clothing
Theme Slug:: clothing69
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Corredo
Theme Slug:: corredo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Credit Card Experience
Theme Slug:: creditcard
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Crework
Theme Slug:: crework
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Custom Made
Theme Slug:: custom-made
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Def
Theme Slug:: def
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Doccure
Theme Slug:: doccure
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-9112

Theme:: Doccure
Theme Slug:: doccure
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-9114

Theme:: Doccure
Theme Slug:: doccure
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2025-9113

Theme:: Drone Media
Theme Slug:: drone-media
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Edema
Theme Slug:: edema
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Elementra
Theme Slug:: elementra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Fortunio
Theme Slug:: fortunio
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Good Wine
Theme Slug:: good-wine-shop
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Gravity
Theme Slug:: gravity
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Gutentype
Theme Slug:: gutentype
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Hampton
Theme Slug:: hampton
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Happy Rider
Theme Slug:: happy-rider
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Healthy Blog
Theme Slug:: healthy-blog
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Heaven11
Theme Slug:: heaven11
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Hello Summer
Theme Slug:: hello-summer
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Hogwords
Theme Slug:: hogwords
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: HotLock
Theme Slug:: hotlock
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Insurance Ancora
Theme Slug:: insurance-ancora
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Juno
Theme Slug:: junotoys
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Kargo
Theme Slug:: kargo
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Lab
Theme Slug:: lab
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Laundry City
Theme Slug:: laundrycity
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: MediaFlex
Theme Slug:: mediaflex
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Nazareth
Theme Slug:: nazareth
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: OldStory
Theme Slug:: oldstory
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Partiso
Theme Slug:: partiso
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: PathWell
Theme Slug:: pathwell
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Planet Shakers
Theme Slug:: planet-shakers
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Plastica
Theme Slug:: plastica
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Let’s Play
Theme Slug:: playhockey
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Podium
Theme Slug:: podium
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Preston
Theme Slug:: preston
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: ProDent
Theme Slug:: prodent
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: ProGuards
Theme Slug:: proguards
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: ProRange
Theme Slug:: prorange
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Qwery
Theme Slug:: qwery
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Samadhi
Theme Slug:: samadhi
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Smart Casa
Theme Slug:: smart-casa
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: SoccerClub
Theme Slug:: soccerclub
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Softic
Theme Slug:: softic
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Solio
Theme Slug:: solio
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: StevenWatkins
Theme Slug:: steven-watkins
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Stratego
Theme Slug:: stratego
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Studeon
Theme Slug:: studeon
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Tantra
Theme Slug:: tantra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Tax Help
Theme Slug:: tax-help
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Translang
Theme Slug:: translang
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Travesia
Theme Slug:: travesia
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Vagabonds
Theme Slug:: vagabonds
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Wine House
Theme Slug:: wine-house
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: Wise Move
Theme Slug:: wisemove
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: WotaHub
Theme Slug:: wotahub
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2025-26592

Theme:: OceanWP
Theme Slug:: oceanwp
Downloads: 8,786,658
Vulnerability:: Settings Change
Patched in Version:: 4.1.2
Severity Score:: Medium
CVE:: 2025-8944

Theme:: SaasLauncher
Theme Slug:: saaslauncher
Downloads: 67,440
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2025-58606

Theme:: AdForest
Theme Slug:: adforest
Vulnerability:: Broken Authentication
Patched in Version:: 6.0.10
Severity Score:: Critical
CVE:: 2025-8359

Theme:: Flatsome
Theme Slug:: flatsome
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.20.1
Severity Score:: Medium
CVE:: 2025-8684

Theme:: Goza
Theme Slug:: goza-theme
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.2.3
Severity Score:: High
CVE:: 2025-10134

Theme:: Goza
Theme Slug:: goza-theme
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.2.3
Severity Score:: Critical
CVE:: 2025-5394

Theme:: Miraculous
Theme Slug:: miraculous
Vulnerability:: SQL Injection
Patched in Version:: 2.0.9
Severity Score:: Critical
CVE:: 2025-58628

Theme:: Oblo
Theme Slug:: oblo
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.5
Severity Score:: High
CVE:: 2025-48290

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: Content Injection
Patched in Version:: 19.9.8
Severity Score:: High
CVE:: 2025-7366

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 19.9.8
Severity Score:: Medium
CVE:: 2025-7368

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — September 10, 2025 appeared first on SolidWP.

Click here to continue reading this article.

Your WordPress News Dashboard

WordPress Vulnerability Report — September 10, 2025

Table of Contents

WordPress Core

WordPress Plugins — 83 Patched / 112 Unpatched