WordPress plugin update
Starter Templates Vulnerability – Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass – CVE-2025-13065 | WordPress Plugin Vulnerability Report
Plugin Name: Starter Templates – AI-Powered Templates for Elementor & Gutenberg Key Information: Software Type: PluginSoftware Slug: astra-sitesSoftware Status: ActiveSoftware Author: brainstormforceSoftware Downloads: 86,521,101Active Installs: 2,000,000Last Updated: December 6, 2025Patched Versions: 4.4.42Affected Versions: ≤ 4.4.41 Vulnerability Details: Name: Starter Templates ≤ 4.4.41 – Authenticated (Author+) Arbitrary File Upload via WXR Upload BypassTitle: Authenticated (Author+) Arbitrary…
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report
Plugin Name: Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Key Information: Software Type: PluginSoftware Slug: post-smtpSoftware Status: ActiveSoftware Author: saadiqbalSoftware Downloads: 17,580,355Active Installs: 400,000Last Updated: November 1, 2025Patched Versions: 3.6.1Affected Versions: ≤ 3.6.0 Vulnerability Details: Name: Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP &…
SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report
Plugin Name: SiteSEO – SEO Simplified Key Information: Software Type: PluginSoftware Slug: siteseoSoftware Status: ActiveSoftware Author: softaculousSoftware Downloads: 976,564Active Installs: 400,000Last Updated: November 1, 2025Patched Versions: 1.3.2Affected Versions: ≤ 1.3.1 Vulnerability Details: Name: SiteSEO – SEO Simplified ≤ 1.3.1 – Missing Authorization to Authenticated (Author+) Plugin Settings UpdateType: Missing AuthorizationCVE: CVE-2025-12367CVSS Score: 4.3 (Medium)Publicly Published:…
Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report
Plugin Name: Qi Blocks Key Information: Software Type: PluginSoftware Slug: qi-blocksSoftware Status: ActiveSoftware Author: qodeinteractiveSoftware Downloads: 648,392Active Installs: 60,000Last Updated: October 2025Patched Versions: 1.4.4Affected Versions: ≤ 1.4.3 Vulnerability Details Name: Qi Blocks ≤ 1.4.3Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NCVE: CVE-2025-12180CVSS Score: 4.3Publicly Published: October 31, 2025Researcher: Adrian LukitaDescription:The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in…
Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,783,086 Active Installs: 100,000 Last Updated: September 14, 2024 Patched Versions: 1.13.6, 1.13.7 Affected Versions: <= 1.13.5, <= 1.13.6 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.13.5 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-4401 CVSS Score:…
Beaver Builder – WordPress Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter – CVE-2024-7895 | WordPress Plugin Vulnerability Report
Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 10,741,953 Active Installs: 100,000 Last Updated: September 3, 2024 Patched Versions: 2.8.3.6 Affected Versions: <= 2.8.3.5 Vulnerability Details: Name: Beaver Builder (Lite Version) <= 2.8.3.5 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-7895 CVSS Score:…
Jeg Elementor Kit Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File – CVE-2024-6804 | WordPress Plugin Vulnerability Report
Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,587,316 Active Installs: 200,000 Last Updated: September 14, 2024 Patched Versions: 2.6.8 Affected Versions: <= 2.6.7 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.7 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-6804 CVSS Score: 6.4 Publicly Published: August…
Photo Gallery by 10Web – Mobile-Friendly Image Gallery Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG & Path Traversal via esc_dir Function – CVE-2024-5426, CVE-2024-5481 | WordPress Plugin Vulnerability Report
Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10Web Software Downloads: 18,052,863 Active Installs: 200,000 Last Updated: June 19, 2024 Patched Versions: 1.8.24 Affected Versions: <= 1.8.23 Vulnerability 1 Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <=…
Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2618 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 28,801,489 Active Installs: 1,000,000 Last Updated: May 23, 2024 Patched Versions: 1.6.26.1 Affected Versions: <= 1.6.26 Vulnerability Details: Name: Elementor Header & Footer Builder <= 1.6.26 – Authenticated (Contributor+) Stored Cross-Site Scripting…
ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report
Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 13,011,623 Active Installs: 200,000 Last Updated: May 22, 2024 Patched Versions: 4.15.9 Affected Versions: <= 4.15.8 Vulnerability Details: Name: ProfilePress <= 4.15.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget Type: Improper Neutralization…