Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report
Plugin Name: Yoast SEO – Advanced SEO with real-time guidance and built-in AI Key Information: Software Type: PluginSoftware Slug: wordpress-seoSoftware…
The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report
Plugin Name: The Events Calendar Key Information Software Type: PluginSoftware Slug: the-events-calendarSoftware Status: ActiveSoftware Author: stellarwpSoftware Downloads: 78,686,265Active Installs: 700,000Last…
Newsletter – Send awesome emails from WordPress Vulnerability – Cross-Site Request Forgery to Newsletter Unsubscription – CVE-2026-1051 | WordPress Plugin Vulnerability Report
Plugin Name: Newsletter – Send awesome emails from WordPress Key Information Software Type: PluginSoftware Slug: newsletterSoftware Status: ActiveSoftware Author: satolloSoftware…
Custom Fonts – Host Your Fonts Locally Vulnerability – Missing Authorization to Unauthenticated Font Deletion – CVE-2025-14351 | WordPress Plugin Vulnerability Report
Plugin Name: Custom Fonts – Host Your Fonts Locally Key Information Software Type: PluginSoftware Slug: custom-fontsSoftware Status: ActiveSoftware Author: brainstormforceSoftware…
Essential Addons for Elementor – Popular Elementor Templates & Widgets Vulnerability – Missing Authorization to Unauthenticated Sensitive Information Exposure – CVE-2026-1004 | WordPress Plugin Vulnerability Report
Plugin Name: Essential Addons for Elementor – Popular Elementor Templates & Widgets Key Information Software Type: PluginSoftware Slug: essential-addons-for-elementor-liteSoftware Status:…
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic Vulnerability – Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure – CVE-2025-14384 | WordPress Plugin Vulnerability Report
Plugin Name: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic Key Information: Software…
Starter Templates Vulnerability – Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass – CVE-2025-13065 | WordPress Plugin Vulnerability Report
Plugin Name: Starter Templates – AI-Powered Templates for Elementor & Gutenberg Key Information: Software Type: PluginSoftware Slug: astra-sitesSoftware Status: ActiveSoftware…
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report
Plugin Name: Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Key Information: Software Type:…
SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report
Plugin Name: SiteSEO – SEO Simplified Key Information: Software Type: PluginSoftware Slug: siteseoSoftware Status: ActiveSoftware Author: softaculousSoftware Downloads: 976,564Active Installs:…
Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report
Plugin Name: Qi Blocks Key Information: Software Type: PluginSoftware Slug: qi-blocksSoftware Status: ActiveSoftware Author: qodeinteractiveSoftware Downloads: 648,392Active Installs: 60,000Last Updated:…
LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report
Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads:…
Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software…