Since last week, 329 total vulnerabilities emerged in public disclosure. They may affect over 7 million WordPress sites. There are 209 plugin vulnerabilities and 18 theme vulnerabilities with security patches, so run those updates!
Additionally, there are 66 plugin vulnerabilities and 36 theme vulnerabilities with no patch available yet. If you use an unpatched plugin or theme, check their vendors’ intentions and progress on a security release. Suppose no patch is forthcoming or the vulnerable software has been marked “closed” and dropped from the official WordPress theme and plugin repositories. In that case, you should consider deactivation and removal in favor of alternative solutions.
Such an unusually high number of vulnerability reports is due to outdated versions of many plugins and themes that may use a common third-party dependency, Freemius’ WordPress SDK 2.5.9. Please see the Freemius WordPress SDK 2.5.9 Security Disclosure for more details.
?? New Today: Patchstack lists multiple high-severity vulnerabilities in the Ninja Forms plugin, potentially affecting 900k active WordPress sites. These vulnerabilities include a POST-based reflected XSS and broken access control on the form submissions export feature. Please update to version 3.6.26.
WordPress Core Vulnerabilities — Patched
WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins not updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new vulnerabilities that have emerged in plugins, themes, and/or WordPress core since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you find vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.
These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.
Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.
WordPress Plugin Vulnerabilities — Patched
In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!
These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, representing the largest target for attackers.
Essential Addons For Elementor
- Plugin Slug
- essential-addons-for-elementor-lite
- Installations
- 1,000,000+
- Vulnerability
- Sensitive Data Exposure
- Patched in Version
- 5.8.2
- Severity Score
- Medium
Ninja Forms
- Plugin Slug
- ninja-forms
- Installations
- 900,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.6.26
- Severity Score
- High
Ninja Forms
- Plugin Slug
- ninja-forms
- Installations
- 900,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 3.6.26
- Severity Score
- High
Ninja Forms
- Plugin Slug
- ninja-forms
- Installations
- 900,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 3.6.26
- Severity Score
- High
The Events Calendar
- Plugin Slug
- the-events-calendar
- Installations
- 800,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- 6.1.3
- Severity Score
- Medium
The Events Calendar
- Plugin Slug
- the-events-calendar
- Installations
- 800,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 6.1.0
- Severity Score
- High
Popup Maker
- Plugin Slug
- popup-maker
- Installations
- 700,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.10.0
- Severity Score
- High
NextGEN Gallery
- Plugin Slug
- nextgen-gallery
- Installations
- 600,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.4.7
- Severity Score
- High
WP Activity Log
- Plugin Slug
- wp-security-audit-log
- Installations
- 200,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 4.4.3
- Severity Score
- High
404 to 301
- Plugin Slug
- 404-to-301
- Installations
- 100,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.0.6
- Severity Score
- High
Elementor Addon Elements
- Plugin Slug
- addon-elements-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.12
- Severity Score
- High
CAPTCHA 4WP
- Plugin Slug
- advanced-nocaptcha-recaptcha
- Installations
- 100,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 7.0.6
- Severity Score
- High
WP AutoTerms: Privacy Policy Generator (GDPR & CCPA), Terms & Conditions Generator, Cookie Notice Banner
- Plugin Slug
- auto-terms-of-service-and-privacy-policy
- Installations
- 100,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.0
- Severity Score
- High
Blocksy Companion
- Plugin Slug
- blocksy-companion
- Installations
- 100,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.8.47
- Severity Score
- High
Meta Tag Manager
- Plugin Slug
- meta-tag-manager
- Installations
- 100,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1
- Severity Score
- High
Pods
- Plugin Slug
- pods
- Installations
- 100,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.8.23
- Severity Score
- High
TI WooCommerce Wishlist
- Plugin Slug
- ti-woocommerce-wishlist
- Installations
- 100,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.7.0
- Severity Score
- High
Asset CleanUp: Page Speed Booster
- Plugin Slug
- wp-asset-clean-up
- Installations
- 100,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.5.5
- Severity Score
- High
AnyWhere Elementor
- Plugin Slug
- anywhere-elementor
- Installations
- 90,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.8
- Severity Score
- High
EmbedPress
- Plugin Slug
- embedpress
- Installations
- 80,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.3
- Severity Score
- High
Event Tickets
- Plugin Slug
- event-tickets
- Installations
- 70,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 5.6.0
- Severity Score
- High
Easy Watermark
- Plugin Slug
- easy-watermark
- Installations
- 60,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.7
- Severity Score
- High
Simple Author Box
- Plugin Slug
- simple-author-box
- Installations
- 60,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.4
- Severity Score
- High
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content
- Plugin Slug
- wp-letsencrypt-ssl
- Installations
- 60,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 6.3.0
- Severity Score
- High
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
- Plugin Slug
- gutentor
- Installations
- 50,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.3
- Severity Score
- High
Preloader Plus – WordPress Loading Screen Plugin
- Plugin Slug
- preloader-plus
- Installations
- 50,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1
- Severity Score
- High
Spotlight Social Media Feeds
- Plugin Slug
- spotlight-social-photo-feeds
- Installations
- 50,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.6.1
- Severity Score
- High
Weglot Translate – Translate your WordPress website and go multilingual
- Plugin Slug
- weglot
- Installations
- 50,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.9.3
- Severity Score
- High
Better Notifications for WP
- Plugin Slug
- bnfw
- Installations
- 40,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.7
- Severity Score
- High
Stop User Enumeration
- Plugin Slug
- stop-user-enumeration
- Installations
- 40,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.0
- Severity Score
- High
Mail Bank – #1 Mail SMTP Plugin for WordPress
- Plugin Slug
- wp-mail-bank
- Installations
- 40,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.0.13
- Severity Score
- High
Gutenberg Block Editor Toolkit
- Plugin Slug
- block-options
- Installations
- 30,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.17
- Severity Score
- High
Divi Contact Form 7
- Plugin Slug
- cf7-styler-for-divi
- Installations
- 30,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.3
- Severity Score
- High
Cost Calculator Builder
- Plugin Slug
- cost-calculator-builder
- Installations
- 30,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.3.3
- Severity Score
- High
Image Photo Gallery Final Tiles Grid
- Plugin Slug
- final-tiles-grid-gallery-lite
- Installations
- 30,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.5.8
- Severity Score
- High
Hide Admin Bar Based on User Roles
- Plugin Slug
- hide-admin-bar-based-on-user-roles
- Installations
- 30,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.8
- Severity Score
- High
Divi Carousel Lite
- Plugin Slug
- wow-carousel-for-divi-lite
- Installations
- 30,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.12
- Severity Score
- High
WP Google Review Slider
- Plugin Slug
- wp-google-places-review-slider
- Installations
- 30,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 12.6
- Severity Score
- High
DiviTorque – Divi Theme, Divi Builder and Extra Theme
- Plugin Slug
- addons-for-divi
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.6.0
- Severity Score
- High
Contact Form 7 Skins
- Plugin Slug
- contact-form-7-skins
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1.1
- Severity Score
- High
Greenshift – animation and page builder blocks
- Plugin Slug
- greenshift-animation-and-page-builder-blocks
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 4.8.1
- Severity Score
- High
New User Approve
- Plugin Slug
- new-user-approve
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.5.1
- Severity Score
- High
HP Everywhere
- Plugin Slug
- php-everywhere
- Installations
- 20,000+
- Vulnerability
- Remote Code Execution (RCE)
- Patched in Version
- 3.0.0
- Severity Score
- Critical
PHP Everywhere
- Plugin Slug
- php-everywhere
- Installations
- 20,000+
- Vulnerability
- Remote Code Execution (RCE)
- Patched in Version
- 3.0.0
- Severity Score
- Critical
PHP Everywhere
- Plugin Slug
- php-everywhere
- Installations
- 20,000+
- Vulnerability
- Remote Code Execution (RCE)
- Patched in Version
- 3.0.0
- Severity Score
- Critical
Redirect 404 Error Page to Homepage or Custom Page with Logs
- Plugin Slug
- redirect-404-error-page-to-homepage-or-custom-page
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.8.0
- Severity Score
- High
Gallery Blocks with Lightbox
- Plugin Slug
- simply-gallery-block
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.1.5
- Severity Score
- High
Disable Emojis & Disable Embeds for WordPress Performance & SpeedUp
- Plugin Slug
- wp-disable
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.5.0
- Severity Score
- High
Media Library Categories
- Plugin Slug
- wp-media-library-categories
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.1
- Severity Score
- Medium
WP to Twitter
- Plugin Slug
- wp-to-twitter
- Installations
- 20,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.3.0
- Severity Score
- High
Product Feed Manager
- Plugin Slug
- best-woocommerce-feed
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.0
- Severity Score
- High
DeMomentSomTres WordPress Export Posts With Images
- Plugin Slug
- demomentsomtres-wp-export
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 20200610
- Severity Score
- High
Enjoy Social Feed plugin for WordPress website
- Plugin Slug
- enjoy-instagram-instagram-responsive-images-gallery-and-carousel
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 6.2.1
- Severity Score
- High
eRoom – Zoom Meetings & Webinar
- Plugin Slug
- eroom-zoom-meetings-webinar
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.4
- Severity Score
- High
MasterStudy LMS
- Plugin Slug
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.8.0
- Severity Score
- High
Notification
- Plugin Slug
- notification
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 6.1.0
- Severity Score
- High
PowerPack Lite for Beaver Builder
- Plugin Slug
- powerpack-addon-for-beaver-builder
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.9.3
- Severity Score
- High
Seo Optimized Images
- Plugin Slug
- seo-optimized-images
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1
- Severity Score
- High
WP News and Scrolling Widgets
- Plugin Slug
- sp-news-and-widget
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 4.2
- Severity Score
- High
Stop WP Emails Going to Spam
- Plugin Slug
- stop-wp-emails-going-to-spam
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.0
- Severity Score
- High
WooCommerce Tiered Price Table
- Plugin Slug
- tier-pricing-table
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.5.1
- Severity Score
- High
WP Review Slider
- Plugin Slug
- wp-facebook-reviews
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.6
- Severity Score
- High
WP Mail Log
- Plugin Slug
- wp-mail-log
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.1
- Severity Score
- High
WP VR
- Plugin Slug
- wpvr
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.2
- Severity Score
- High
ACF Frontend – Add and edit posts, pages, users and more all from the frontend
- Plugin Slug
- acf-frontend-form-element
- Installations
- 9,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.8.0
- Severity Score
- High
HuCommerce | Magyar WooCommerce kiegészítések
- Plugin Slug
- surbma-magyar-woocommerce
- Installations
- 9,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2022.0.3
- Severity Score
- High
Post to Google My Business (Google Business Profile)
- Plugin Slug
- post-to-google-my-business
- Installations
- 8,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.1.14
- Severity Score
- High
PublishPress Planner: Organize and Schedule Your WordPress Content
- Plugin Slug
- publishpress
- Installations
- 7,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.9.5
- Severity Score
- High
Salon booking system
- Plugin Slug
- salon-booking-system
- Installations
- 7,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 8.4.9
- Severity Score
- High
Easy Photography Portfolio
- Plugin Slug
- photography-portfolio
- Installations
- 5,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.9
- Severity Score
- High
Quiz Cat
- Plugin Slug
- quiz-cat
- Installations
- 5,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.0
- Severity Score
- High
WooCommerce Google Ads Dynamic Remarketing
- Plugin Slug
- woocommerce-google-dynamic-retargeting-tag
- Installations
- 5,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.7.17
- Severity Score
- High
WP Travel
- Plugin Slug
- wp-travel
- Installations
- 5,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 4.2.0
- Severity Score
- High
WpStream – Live Streaming, Video on Demand, Pay Per View
- Plugin Slug
- wpstream
- Installations
- 5,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 4.5.5
- Severity Score
- Medium
ACF-VC Integrator
- Plugin Slug
- acf-vc-integrator
- Installations
- 4,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.1
- Severity Score
- High
AnyComment
- Plugin Slug
- anycomment
- Installations
- 4,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 0.0.99
- Severity Score
- High
WordPress Tag Cloud Plugin – Tag Groups
- Plugin Slug
- tag-groups
- Installations
- 4,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.0
- Severity Score
- High
Search Console
- Plugin Slug
- search-console
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.2.2
- Severity Score
- High
Discussion Board
- Plugin Slug
- wp-discussion-board
- Installations
- 3,000+
- Vulnerability
- Content Injection
- Patched in Version
- 2.4.9
- Severity Score
- Medium
Photo Engine
- Plugin Slug
- wplr-sync
- Installations
- 3,000+
- Vulnerability
- Insecure Direct Object References (IDOR)
- Patched in Version
- 6.2.6
- Severity Score
- Medium
Image Carousel For Divi
- Plugin Slug
- image-carousel-for-divi
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.6.1
- Severity Score
- High
Market Exporter
- Plugin Slug
- market-exporter
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.19
- Severity Score
- High
Multiple Page Generator Plugin – MPG
- Plugin Slug
- multiple-pages-generator-by-porthas
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.0.0
- Severity Score
- High
Share This Image
- Plugin Slug
- share-this-image
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.81
- Severity Score
- High
Client Invoicing by Sprout Invoices
- Plugin Slug
- sprout-invoices
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 19.1
- Severity Score
- High
Integration for WooCommerce and Zoho CRM
- Plugin Slug
- woo-zoho
- Installations
- 2,000+
- Vulnerability
- Open Redirection
- Patched in Version
- 1.3.7
- Severity Score
- Medium
Spanish Market Enhancements for WooCommerce
- Plugin Slug
- woocommerce-es
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1
- Severity Score
- High
Pay For Post with WooCommerce
- Plugin Slug
- woocommerce-pay-per-post
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.1.11
- Severity Score
- High
360 Javascript Viewer
- Plugin Slug
- 360deg-javascript-viewer
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.5.3
- Severity Score
- High
Activity Log For MainWP
- Plugin Slug
- activity-log-mainwp
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.0
- Severity Score
- High
WooCommerce Attribute Stock – Share Stock Between Products (Lite Version)
- Plugin Slug
- attribute-stock-for-woocommerce
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.0
- Severity Score
- High
Message Filter for Contact Form 7
- Plugin Slug
- cf7-message-filter
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.3
- Severity Score
- High
Church Admin
- Plugin Slug
- church-admin
- Installations
- 1,000+
- Vulnerability
- Server Side Request Forgery (SSRF)
- Patched in Version
- 3.8.0
- Severity Score
- Medium
TempTool [Show Current Template Info]
- Plugin Slug
- current-template-name
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.10
- Severity Score
- High
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]
- Plugin Slug
- faq-for-woocommerce
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.0
- Severity Score
- High
WordPress Team Members – GS Plugins
- Plugin Slug
- gs-team-members
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.2.2
- Severity Score
- High
Remove Duplicate Posts
- Plugin Slug
- remove-duplicate-posts
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3
- Severity Score
- High
WP Required Taxonomies – Categories and Tags Mandatory
- Plugin Slug
- required-taxonomies
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.8
- Severity Score
- High
SV Proven Expert
- Plugin Slug
- sv-provenexpert
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.00
- Severity Score
- High
SV Tracking Manager
- Plugin Slug
- sv-tracking-manager
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.00
- Severity Score
- High
UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode)
- Plugin Slug
- ultraaddons-elementor-lite
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.0
- Severity Score
- High
WooBuddy
- Plugin Slug
- wc4bp
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.4.16
- Severity Score
- High
Live Sales Notification for Woocommerce – Woomotiv
- Plugin Slug
- woomotiv
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.4
- Severity Score
- High
Integration for WooCommerce and QuickBooks
- Plugin Slug
- wp-woocommerce-quickbooks
- Installations
- 1,000+
- Vulnerability
- Open Redirection
- Patched in Version
- 1.2.4
- Severity Score
- Medium
wpShopGermany IT-RECHT KANZLEI
- Plugin Slug
- wpshopgermany-it-recht-kanzlei
- Installations
- 900+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.8
- Severity Score
- Medium
WordPress Gallery Plugin – Limb Image Gallery
- Plugin Slug
- limb-gallery
- Installations
- 800+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.5.6
- Severity Score
- High
GraphComment Comment system
- Plugin Slug
- graphcomment-comment-system
- Installations
- 700+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.3.5
- Severity Score
- High
Terms & Conditions Per Product
- Plugin Slug
- terms-and-conditions-per-product
- Installations
- 700+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.6
- Severity Score
- High
Chamber Dashboard Business Directory
- Plugin Slug
- chamber-dashboard-business-directory
- Installations
- 600+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.3.2
- Severity Score
- High
Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor
- Plugin Slug
- embed-docs
- Installations
- 600+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.0.1
- Severity Score
- High
Embed Video Thumbnail
- Plugin Slug
- embed-video-thumbnail
- Installations
- 600+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.1
- Severity Score
- High
WordPress Form Builder Plugin – Gutenberg Forms
- Plugin Slug
- forms-gutenberg
- Installations
- 600+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.0
- Severity Score
- High
FormsCRM
- Plugin Slug
- formscrm
- Installations
- 600+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.6
- Severity Score
- High
WZ Followed Posts – Display what visitors are reading
- Plugin Slug
- where-did-they-go-from-here
- Installations
- 600+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1.0
- Severity Score
- High
Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss
- Plugin Slug
- buddyforms-members
- Installations
- 500+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.12
- Severity Score
- High
WPEventPartners Demo Import
- Plugin Slug
- wep-demo-import
- Installations
- 500+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.4
- Severity Score
- High
Advanced WC Analytics – Google Analytics Dashboard for WooCommerce
- Plugin Slug
- advance-wc-analytics
- Installations
- 400+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.4.0
- Severity Score
- High
Display WP Admin Pages in the Frontend – WP Frontend Admin
- Plugin Slug
- display-admin-page-on-frontend
- Installations
- 400+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.21.1
- Severity Score
- High
Product Filter Widget for Elementor
- Plugin Slug
- product-filter-widget-for-elementor
- Installations
- 400+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.2
- Severity Score
- High
what3words Address Field
- Plugin Slug
- 3-word-address-validation-field
- Installations
- 300+
- Vulnerability
- Sensitive Data Exposure
- Patched in Version
- 4.0.1
- Severity Score
- Medium
Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form
- Plugin Slug
- buddyforms-acf
- Installations
- 300+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.5
- Severity Score
- High
BuddyForms Ultimate Member
- Plugin Slug
- buddyforms-ultimate-member
- Installations
- 300+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.8
- Severity Score
- High
Gift Message for WooCommerce
- Plugin Slug
- gift-message-for-woocommerce
- Installations
- 300+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.7.5
- Severity Score
- High
Ultimate LinkedIn Integration
- Plugin Slug
- linkedin-login
- Installations
- 300+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0
- Severity Score
- High
Shipping for Nova Poshta
- Plugin Slug
- nova-poshta-ttn
- Installations
- 300+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.8.1
- Severity Score
- High
Spice Blocks
- Plugin Slug
- spice-blocks
- Installations
- 300+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3
- Severity Score
- High
WooCommerce Country Catalogs – Product Country Restrictions
- Plugin Slug
- woo-country-restrictions-advanced
- Installations
- 300+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.14.3
- Severity Score
- High
2MB Autocode
- Plugin Slug
- 2mb-autocode
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.6
- Severity Score
- High
Checkbox
- Plugin Slug
- checkbox
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 0.8.5
- Severity Score
- High
WordPress Image Compression and Optimizer Plugin – CheetahO
- Plugin Slug
- cheetaho-image-optimizer
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.3.1
- Severity Score
- High
Multicollab – Google Doc-Style Editorial Commenting for WordPress
- Plugin Slug
- commenting-feature
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.2
- Severity Score
- High
Content Blocks Builder
- Plugin Slug
- content-blocks-builder
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.3.17
- Severity Score
- High
WordPress Job Board and Recruitment Plugin – JobWP
- Plugin Slug
- jobwp
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0
- Severity Score
- High
Joli FAQ SEO – WordPress FAQ Plugin
- Plugin Slug
- joli-faq-seo
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.1
- Severity Score
- High
RSS Control
- Plugin Slug
- rss-control
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.0.8
- Severity Score
- High
Simple Tour Guide
- Plugin Slug
- simple-tour-guide
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.6
- Severity Score
- High
Coming Soon Pages for WordPress – Coming Soon Booster
- Plugin Slug
- wp-coming-soon-booster
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.7
- Severity Score
- High
WP SPID Italia
- Plugin Slug
- wp-spid-italia
- Installations
- 200+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.5
- Severity Score
- High
AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT
- Plugin Slug
- artificial-intelligence-auto-content-generator
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.0.0
- Severity Score
- High
Coming Soon Master
- Plugin Slug
- coming-soon-master
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2
- Severity Score
- High
EthereumICO
- Plugin Slug
- ethereumico
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.4.4
- Severity Score
- High
Files Download Delay
- Plugin Slug
- files-download-delay
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.9
- Severity Score
- High
Bulk Landing Page Creator for WordPress – LPagery
- Plugin Slug
- lpagery
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.6
- Severity Score
- High
Mobile App Editor – WordPress to Android App Builder
- Plugin Slug
- mobile-app-editor
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.0
- Severity Score
- High
Search Field for Gravity Forms
- Plugin Slug
- search-field-for-gravity-forms
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 0.6
- Severity Score
- High
Stellar Places
- Plugin Slug
- stellar-places
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1
- Severity Score
- High
Subaccounts for WooCommerce
- Plugin Slug
- subaccounts-for-woocommerce
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.0
- Severity Score
- High
WN Flipbox Pro
- Plugin Slug
- wn-flipbox-pro
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.1
- Severity Score
- High
Bing Custom Search for WordPress
- Plugin Slug
- wp-bing-search
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.6.3
- Severity Score
- High
WP Tools Divi Blog Carousel
- Plugin Slug
- wp-tools-divi-blog-carousel
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.1
- Severity Score
- High
Display Data on your site! Create Dynamic Content Templates from any form of data. Works with ACF, Pods, BuddyPress/ BuddyBoss
- Plugin Slug
- buddyforms-hook-fields
- Installations
- 90+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.2
- Severity Score
- High
Contact Form By Mega Forms – Drag and Drop Form Builder
- Plugin Slug
- mega-forms
- Installations
- 90+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.3
- Severity Score
- High
Ultimate Custom ScrollBar
- Plugin Slug
- ultimate-custom-scrollbar
- Installations
- 90+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2
- Severity Score
- High
WPGutenBlog Demo Import
- Plugin Slug
- layouts-importer
- Installations
- 80+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.3
- Severity Score
- High
SV100 Companion
- Plugin Slug
- sv100-companion
- Installations
- 80+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.00
- Severity Score
- High
Blocks Product Editor for WooCommerce
- Plugin Slug
- blocks-product-editor-for-woocommerce
- Installations
- 70+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.2
- Severity Score
- High
Variable Inspector
- Plugin Slug
- variable-inspector
- Installations
- 70+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.4.0
- Severity Score
- High
Stripe Express
- Plugin Slug
- wp-stripe-express
- Installations
- 60+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.12.1
- Severity Score
- High
BuddyForms Form Elements for WooCommerce
- Plugin Slug
- buddyforms-woocommerce-form-elements
- Installations
- 50+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.3
- Severity Score
- High
Order Redirects for WooCommerce
- Plugin Slug
- order-redirects-for-woocommerce
- Installations
- 40+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 0.8.1
- Severity Score
- High
Simple blueprint installer
- Plugin Slug
- simple-blueprint-installer
- Installations
- 40+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.2
- Severity Score
- High
BuddyForms Moderation ( Former: Review Logic )
- Plugin Slug
- buddyforms-review
- Installations
- 30+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.8
- Severity Score
- High
Import Holded for WooCommerce or Easy Digital Downloads
- Plugin Slug
- import-holded-products-woocommerce
- Installations
- 30+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0
- Severity Score
- High
Order Picking For WooCommerce
- Plugin Slug
- order-picking-for-woocommerce
- Installations
- 30+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.2
- Severity Score
- High
ShortcodeHub – MultiPurpose Shortcode Builder
- Plugin Slug
- shortcodehub
- Installations
- 30+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4.0
- Severity Score
- High
WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms
- Plugin Slug
- wpeform-lite
- Installations
- 30+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.6.5
- Severity Score
- High
CO2ok: carbon offsetting for e-commerce
- Plugin Slug
- co2ok-for-woocommerce
- Installations
- 20+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.4
- Severity Score
- High
SV Forms
- Plugin Slug
- sv-forms
- Installations
- 20+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.02
- Severity Score
- High
SV Posts
- Plugin Slug
- sv-posts
- Installations
- 20+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.00
- Severity Score
- High
Video Analytics for Cloudflare Stream
- Plugin Slug
- video-analytics-for-cloudflare-stream
- Installations
- 20+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2
- Severity Score
- High
WP Table Pixie
- Plugin Slug
- wp-table-pixie
- Installations
- 20+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.0
- Severity Score
- High
CF7 ReCaptcha Mine
- Plugin Slug
- cf7-recaptcha-mine
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.0
- Severity Score
- High
Convoworks WP
- Plugin Slug
- convoworks-wp
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 0.22.15
- Severity Score
- High
Custom Welcome Guide
- Plugin Slug
- custom-welcome-guide
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.9
- Severity Score
- High
DeMomentSomTres Gravity Forms Improvements
- Plugin Slug
- demomentsomtres-gravity-forms-improvements
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 201805021810
- Severity Score
- High
Fast Custom Social Share by CodeBard
- Plugin Slug
- fast-custom-social-share-by-codebard
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.0
- Severity Score
- High
Contact form builder for Gutenberg – Formello
- Plugin Slug
- formello
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.3.1
- Severity Score
- High
Menukaart – Restaurant Menu & Online Ordering with WooCommerce
- Plugin Slug
- menukaart
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.4
- Severity Score
- High
SV Columns Manager
- Plugin Slug
- sv-columns-manager
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.00
- Severity Score
- High
Divi Testimonial Plus
- Plugin Slug
- website-testimonials
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 6.1.1
- Severity Score
- High
WP Signals
- Plugin Slug
- wp-signals
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.0
- Severity Score
- High
BuddyForms Anonymous Author
- Plugin
- BuddyForms Anonymous Author
- Plugin Slug
- buddyforms-anonymous-author
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1
- Severity Score
- High
BuddyForms Attach Post with Group
- Plugin
- BuddyForms Attach Post with Group
- Plugin Slug
- buddyforms-attach-posts-to-groups-extension
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.3
- Severity Score
- High
BuddyForms Hierarchical Posts
- Plugin
- BuddyForms Hierarchical Posts
- Plugin Slug
- buddyforms-hierarchical-posts
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.4
- Severity Score
- High
BuddyForms Posts 2 Posts
- Plugin
- BuddyForms Posts 2 Posts
- Plugin Slug
- buddyforms-posts-to-posts-integration
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1
- Severity Score
- High
BuddyForms Remote
- Plugin
- BuddyForms Remote
- Plugin Slug
- buddyforms-remote
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.5
- Severity Score
- High
Caldera Forms
- Plugin
- Caldera Forms
- Plugin Slug
- caldera-forms
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.7.5.1
- Severity Score
- High
Simple Freemius Shop
- Plugin
- Simple Freemius Shop
- Plugin Slug
- checkout-freemius-rewamped
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.0
- Severity Score
- High
Convert Pro
- Plugin
- Convert Pro
- Plugin Slug
- convertpro
- Vulnerability
- Broken Access Control
- Patched in Version
- 1.7.6
- Severity Score
- High
DeMomentSomTres Subscribe
- Plugin
- DeMomentSomTres Subscribe
- Plugin Slug
- demomentsomtres-mailchimp-subscribe
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.201903272301
- Severity Score
- High
DEV.LAND
- Plugin Slug
- dev-land
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.0.5
- Severity Score
- High
DokoBuilder : DIY Product Bundle for WooCommerce
- Plugin Slug
- doko-box-builder
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.1
- Severity Score
- High
Expandable Paywall
- Plugin Slug
- expandable-paywall
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.17
- Severity Score
- High
External Media Upload
- Plugin
- External Media Upload
- Plugin Slug
- external-media-upload
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 0.4
- Severity Score
- High
Frontend Admin – Add and edit posts, pages, users and more all from the frontend
- Plugin
- Frontend Admin – Add and edit posts, pages, users and more all from the frontend
- Plugin Slug
- frontend-admin
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.8.0
- Severity Score
- High
Gallery Bank
- Plugin
- Gallery Bank
- Plugin Slug
- gallery-bank
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 4.0.19
- Severity Score
- High
Map Plugin alternative to Google Maps using MapQuest, with directions
- Plugin
- Map Plugin alternative to Google Maps using MapQuest, with directions
- Plugin Slug
- get-directions
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.16.2
- Severity Score
- High
Information for help
- Plugin
- Information for help
- Plugin Slug
- information-for-help
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 0.0.3
- Severity Score
- High
Google Maps Plugin by Intergeo
- Plugin
- Google Maps Plugin by Intergeo
- Plugin Slug
- intergeo-maps
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.6
- Severity Score
- High
Oxygen Builder
- Plugin
- Oxygen Builder
- Plugin Slug
- oxygen
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 4.4
- Severity Score
- Medium
Popups
- Plugin
- Popups
- Plugin Slug
- popups
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.8
- Severity Score
- High
Remove WP Update Nags
- Plugin
- Remove WP Update Nags
- Plugin Slug
- remove-wp-update-nags
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.5.0
- Severity Score
- High
SV Media Library
- Plugin Slug
- sv-media-library
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.00
- Severity Score
- High
BuddyPress Groups Integration for WooCommerce
- Plugin
- BuddyPress Groups Integration for WooCommerce
- Plugin Slug
- wc4bp-groups
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.1
- Severity Score
- High
WP Cloud Server
- Plugin
- WP Cloud Server
- Plugin Slug
- wp-cloud-server
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.0
- Severity Score
- High
WP Native Articles – Instant Articles Plugin for WordPress
- Plugin
- WP Native Articles – Instant Articles Plugin for WordPress
- Plugin Slug
- wp-native-articles
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.0
- Severity Score
- High
Schema Pro
- Plugin
- Schema Pro
- Plugin Slug
- wp-schema-pro
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- 2.7.8
- Severity Score
- Medium
WP Scrive by Webbstart
- Plugin
- WP Scrive by Webbstart
- Plugin Slug
- wp-scrive
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.4
- Severity Score
- High
WPCasa Mail Alert
- Plugin
- WPCasa Mail Alert
- Plugin Slug
- wpcasa-mail-alert
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 3.3.0
- Severity Score
- High
WordPress Plugin Vulnerabilities — Unpatched
This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.
WPS Limit Login
- Plugin Slug
- wps-limit-login
- Installations
- 60,000+
- Vulnerability
- Race Condition
- Patched in Version
- No Fix
- Severity Score
- Low
Custom Field Template
- Plugin Slug
- custom-field-template
- Installations
- 50,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Social Share Icons & Social Share Buttons
- Plugin Slug
- ultimate-social-media-plus
- Installations
- 30,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
WP-CopyProtect [Protect your blog posts]
- Plugin Slug
- wp-copyprotect
- Installations
- 20,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
Elastic Email Sender
- Plugin Slug
- elastic-email-sender
- Installations
- 10,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
GTmetrix for WordPress
- Plugin Slug
- gtmetrix-for-wordpress
- Installations
- 10,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
Molongui
- Plugin Slug
- molongui-authorship
- Installations
- 9,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Pinpoint Booking System
- Plugin Slug
- booking-system
- Installations
- 5,000+
- Vulnerability
- Content Spoofing
- Patched in Version
- No Fix
- Severity Score
- Medium
Borderless
- Plugin Slug
- borderless
- Installations
- 5,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
Art Decoration Shortcode
- Plugin Slug
- art-decoration-shortcode
- Installations
- 4,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
Banner Management For WooCommerce
- Plugin Slug
- banner-management-for-woocommerce
- Installations
- 4,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
Fraud Prevention For Woocommerce
- Plugin Slug
- woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers
- Installations
- 4,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
Google Map Shortcode
- Plugin Slug
- google-map-shortcode
- Installations
- 3,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
MultiParcels Shipping For WooCommerce
- Plugin Slug
- multiparcels-shipping-for-woocommerce
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Server Info
- Plugin Slug
- server-info
- Installations
- 3,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Language
- Plugin Slug
- wordpress-language
- Installations
- 3,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
WP Emoji One
- Plugin Slug
- wp-emoji-one
- Installations
- 3,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
WP Quick Post Duplicator
- Plugin Slug
- wp-quick-post-duplicator
- Installations
- 3,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
Booster Elementor Addons
- Plugin Slug
- booster-for-elementor
- Installations
- 2,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
Instant CSS
- Plugin Slug
- instant-css
- Installations
- 2,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
CodeBard’s Patron Button and Widgets for Patreon
- Plugin Slug
- patron-button-and-widgets-by-codebard
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Simple Googlebot Visit
- Plugin Slug
- simple-googlebot-visit
- Installations
- 2,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
QR code MeCard/vCard generator
- Plugin Slug
- wp-qrcode-me-v-card
- Installations
- 2,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
WRC Pricing Tables
- Plugin Slug
- wrc-pricing-tables
- Installations
- 2,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
Audio Player with Playlist Ultimate
- Plugin Slug
- audio-player-with-playlist-ultimate
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
Client Portal : SuiteDash Direct Login
- Plugin Slug
- client-portal-suitedash-login
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
Go Fetch Jobs (for WP Job Manager)
- Plugin Slug
- go-fetch-jobs-wp-job-manager
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Mobile Address Bar Changer
- Plugin Slug
- mobile-address-bar-changer
- Installations
- 1,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
Perelink Pro
- Plugin Slug
- perelink
- Installations
- 1,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
Post List With Featured Image
- Plugin Slug
- post-list-with-featured-image
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Post Affiliate Pro
- Plugin Slug
- postaffiliatepro
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
Remove Duplicate Posts
- Plugin Slug
- remove-duplicate-posts
- Installations
- 1,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
Donations Made Easy – Smart Donations
- Plugin Slug
- smart-donations
- Installations
- 1,000+
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
Taboola
- Plugin Slug
- taboola
- Installations
- 1,000+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
Exifography
- Plugin Slug
- thesography
- Installations
- 1,000+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
Onepage Builder – Easiest Landing Page Builder For WordPress
- Plugin Slug
- tx-onepager
- Installations
- 1,000+
- Vulnerability
- SQL Injection
- Patched in Version
- No Fix
- Severity Score
- Medium
eaSYNC
- Plugin Slug
- easync-booking
- Installations
- 300+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Post Connector
- Plugin Slug
- post-connector
- Installations
- 100+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
Smarty for WordPress
- Plugin Slug
- smarty-for-wordpress
- Installations
- 100+
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
Gestion-Pymes
- Plugin Slug
- gestion-pymes
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- Medium
Woocommerce Delivery Date Premium
- Plugin Slug
- woocommerce-delivery-date
- Installations
- 10+
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
bbResolutions
- Plugin
- bbResolutions
- Plugin Slug
- bbresolutions
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
BlogPost – BlogPost Widgets – Amazing Blog Layouts
- Plugin
- BlogPost – BlogPost Widgets – Amazing Blog Layouts
- Plugin Slug
- blogpost-widgets
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
CF7 Constant Contact Fields Mapping
- Plugin
- CF7 Constant Contact Fields Mapping
- Plugin Slug
- cf7-constant-contact-fields-mapping
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
WP Clone Menu
- Plugin
- WP Clone Menu
- Plugin Slug
- clone-menu
- Vulnerability
- Broken Access Control
- Patched in Version
- No Fix
- Severity Score
- Medium
DancePress (TRWA)
- Plugin
- DancePress (TRWA)
- Plugin Slug
- dancepress-trwa
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
DeMomentSomTres Immediate Send
- Plugin
- DeMomentSomTres Immediate Send
- Plugin Slug
- demomentsomtres-mailchimp-immediate-send
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Disabler
- Plugin
- Disabler
- Plugin Slug
- disabler
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
WordPress Easy Call Now Button by elixirs.io
- Plugin
- WordPress Easy Call Now Button by elixirs.io
- Plugin Slug
- easy-call-now-button
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Extend Filter Products By Price Widget
- Plugin
- Extend Filter Products By Price Widget
- Plugin Slug
- extend-filter-products-by-price-widget
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Easy Responsive Pricing Tables
- Plugin
- Easy Responsive Pricing Tables
- Plugin Slug
- fullworks-pricing-tables
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Jupiter X Core
- Plugin
- JupiterX Core
- Plugin Slug
- jupiterx-core
- Vulnerability
- Arbitrary File Download
- Patched in Version
- No Fix
- Severity Score
- High
WP Logger
- Plugin Slug
- lite-wp-logger
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
LWS Affiliation
- Plugin
- LWS Affiliation
- Plugin Slug
- lws-affiliation
- Vulnerability
- Local File Inclusion
- Patched in Version
- No Fix
- Severity Score
- Critical
Menu Item Scheduler
- Plugin
- Menu Item Scheduler
- Plugin Slug
- menu-item-scheduler
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Protect Uploads with Login – Protect Your Uploads
- Plugin
- Protect Uploads with Login – Protect Your Uploads
- Plugin Slug
- protect-uploads-with-login-page
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Quasar form
- Plugin
- Quasar form
- Plugin Slug
- quasar-form
- Vulnerability
- SQL Injection
- Patched in Version
- No Fix
- Severity Score
- High
Role Based Bulk Quantity Pricing
- Plugin Slug
- role-based-bulk-quantity-pricing
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Page Builder for Gutenberg – StarterBlocks
- Plugin
- Page Builder for Gutenberg – StarterBlocks
- Plugin Slug
- starterblocks
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Subscribe to Category
- Plugin
- Subscribe to Category
- Plugin Slug
- subscribe-to-category
- Vulnerability
- SQL Injection
- Patched in Version
- No Fix
- Severity Score
- Critical
tagDiv Composer
- Plugin
- tagDiv Composer
- Plugin Slug
- td-composer
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- High
Ultra Elementor Addons
- Plugin
- Ultra Elementor Addons
- Plugin Slug
- ultra-elementor-addons
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
WordPress Auto SEO Plugin – Upfiv SEO Wizard
- Plugin
- WordPress Auto SEO Plugin – Upfiv SEO Wizard
- Plugin Slug
- upfiv-complete-all-in-one-seo-wizard
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
User Email Verification for WooCommerce
- Plugin
- User Email Verification for WooCommerce
- Plugin Slug
- woo-confirmation-email
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
WP-FlyBox
- Plugin
- WP-FlyBox
- Plugin Slug
- wp-flybox
- Vulnerability
- Cross Site Request Forgery (CSRF)
- Patched in Version
- No Fix
- Severity Score
- Medium
WooCommerce Sync for Google Sheet
- Plugin
- WordPress WooCommerce Sync for Google Sheet
- Plugin Slug
- wp-woo-commerce-sync-for-g-sheet
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
WordPress Theme Vulnerabilities
In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information we provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you must find an alternative theme. Deactivate and delete persistently unpatched themes and those marked “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, delete it.
Bootstrap Blog
- Theme Slug
- bootstrap-blog
- Downloads
- 87,177
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 10.2.3
- Severity Score
- High
Ona
- Theme Slug
- ona
- Downloads
- 86,847
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.18.3
- Severity Score
- High
Yuki
- Theme Slug
- yuki
- Downloads
- 74,316
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Techism
- Theme Slug
- techism
- Downloads
- 58,069
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Chic Lifestyle
- Theme Slug
- chic-lifestyle
- Downloads
- 57,532
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 10.0.8
- Severity Score
- High
Lifestyle Magazine
- Theme Slug
- lifestyle-magazine
- Downloads
- 49,638
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 10.2.1
- Severity Score
- High
SalesZone
- Theme Slug
- saleszone
- Downloads
- 45,813
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Travel Tour
- Theme Slug
- travel-tour
- Downloads
- 39,431
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.0
- Severity Score
- High
Brand
- Theme Slug
- brand
- Downloads
- 32,911
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
WP Sierra
- Theme Slug
- wp-sierra
- Downloads
- 31,861
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Eighteen tags
- Theme Slug
- eighteen-tags
- Downloads
- 26,056
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Hasium
- Theme Slug
- hasium
- Downloads
- 23,338
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Broadcast Lite
- Theme Slug
- broadcast-lite
- Downloads
- 21,268
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.0.8
- Severity Score
- High
Salzburg Blog
- Theme Slug
- salzburg-blog
- Downloads
- 21,114
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Everse
- Theme Slug
- everse
- Downloads
- 19,143
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.8.12
- Severity Score
- High
Speculor
- Theme Slug
- speculor
- Downloads
- 17,306
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Meridia
- Theme Slug
- meridia
- Downloads
- 16,976
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 2.2.8
- Severity Score
- High
Aquarella Lite
- Theme Slug
- aquarella-lite
- Downloads
- 16,673
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Consultpress Lite
- Theme Slug
- consultpress-lite
- Downloads
- 15,868
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Topcat Lite
- Theme Slug
- topcat-lite
- Downloads
- 15,747
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Shuban
- Theme Slug
- shuban
- Downloads
- 13,783
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Purus
- Theme Slug
- purus
- Downloads
- 13,561
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Elation
- Theme Slug
- elation
- Downloads
- 13,250
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
GutenBook
- Theme Slug
- gutenbook
- Downloads
- 13,216
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Chained
- Theme Slug
- chained
- Downloads
- 12,157
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Elasta
- Theme Slug
- elasta
- Downloads
- 11,744
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.9
- Severity Score
- High
Purosa
- Theme Slug
- purosa
- Downloads
- 11,224
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.3
- Severity Score
- High
LearnMore
- Theme Slug
- learnmore
- Downloads
- 9,915
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
WPCake
- Theme Slug
- wpcake
- Downloads
- 8,708
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Nokke
- Theme Slug
- nokke
- Downloads
- 8,472
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.4
- Severity Score
- High
Arendelle
- Theme Slug
- arendelle
- Downloads
- 8,463
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.13
- Severity Score
- High
PixiGo
- Theme Slug
- pixigo
- Downloads
- 7,670
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
WP Moose
- Theme Slug
- wp-moose
- Downloads
- 7,516
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
G Blog
- Theme Slug
- g-blog
- Downloads
- 6,993
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
NicheBase
- Theme Slug
- nichebase
- Downloads
- 6,985
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.2.3
- Severity Score
- High
Cuisine Palace
- Theme Slug
- cuisine-palace
- Downloads
- 6,091
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Amela
- Theme Slug
- amela
- Downloads
- 6,063
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.14
- Severity Score
- High
Agncy
- Theme Slug
- agncy
- Downloads
- 6,032
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Travel Agency Booking
- Theme Slug
- travel-agency-booking
- Downloads
- 5,703
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Bootstrap Fitness
- Theme Slug
- bootstrap-fitness
- Downloads
- 5,569
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.6
- Severity Score
- High
Bootstrap Coach
- Theme Slug
- bootstrap-coach
- Downloads
- 5,146
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.2
- Severity Score
- High
Blockst
- Theme Slug
- blockst
- Downloads
- 3,309
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.0.9
- Severity Score
- High
Relax Spa
- Theme Slug
- relax-spa
- Downloads
- 2,572
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- 1.1.1
- Severity Score
- High
Villar
- Theme Slug
- villar
- Downloads
- 3,995
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
BlogHub
- Theme Slug
- bloghub
- Downloads
- 3,575
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Viralike
- Theme Slug
- viralike
- Downloads
- 3,245
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
NewsHit
- Theme Slug
- newshit
- Downloads
- 3,073
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Simplifii
- Theme Slug
- simplifii
- Downloads
- 2,700
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Roven Blog
- Theme Slug
- roven-blog
- Downloads
- 2,598
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Krste
- Theme Slug
- krste
- Downloads
- 2,526
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Unakit
- Theme Slug
- unakit
- Downloads
- 2,259
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Temp Mail X
- Theme Slug
- temp-mail-x
- Downloads
- 2,215
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Rovenstart
- Theme Slug
- rovenstart
- Downloads
- 1,845
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High
Bani
- Theme
- Bani
- Theme Slug
- bani
- Vulnerability
- Cross Site Scripting (XSS)
- Patched in Version
- No Fix
- Severity Score
- High

Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.