WordPress Updates
The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report
Plugin Name: The Events Calendar Key Information Software Type: PluginSoftware Slug: the-events-calendarSoftware Status: ActiveSoftware Author: stellarwpSoftware Downloads: 78,686,265Active Installs: 700,000Last Updated: January 22, 2026Patched Versions: 6.15.13.1Affected Versions: ≤ 6.15.13 Vulnerability Details Name: The Events Calendar ≤ 6.15.13 – Missing Authorization to Authenticated Data Migration ControlTitle: Missing Authorization to Authenticated (Subscriber+) Data Migration ControlType: Missing Authorization…
Newsletter – Send awesome emails from WordPress Vulnerability – Cross-Site Request Forgery to Newsletter Unsubscription – CVE-2026-1051 | WordPress Plugin Vulnerability Report
Plugin Name: Newsletter – Send awesome emails from WordPress Key Information Software Type: PluginSoftware Slug: newsletterSoftware Status: ActiveSoftware Author: satolloSoftware Downloads: 32,725,200 Active Installs: 300,000 Last Updated: January 20, 2026 Patched Versions: 9.1.1 Affected Versions: ≤ 9.1.0 Vulnerability Details Name: Newsletter – Send awesome emails from WordPress ≤ 9.1.0 Title: Cross-Site Request Forgery to Newsletter UnsubscriptionType:…
Custom Fonts – Host Your Fonts Locally Vulnerability – Missing Authorization to Unauthenticated Font Deletion – CVE-2025-14351 | WordPress Plugin Vulnerability Report
Plugin Name: Custom Fonts – Host Your Fonts Locally Key Information Software Type: PluginSoftware Slug: custom-fontsSoftware Status: ActiveSoftware Author: brainstormforceSoftware Downloads: 6,158,177Active Installs: 300,000Last Updated: January 22, 2026Patched Versions: 2.1.17Affected Versions: ≤ 2.1.16 Vulnerability Details Name: Custom Fonts – Host Your Fonts Locally ≤ 2.1.16 Title: Missing Authorization to Unauthenticated Font DeletionType: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NCVE: CVE-2025-14351CVSS Score: 5.3Publicly…
Essential Addons for Elementor – Popular Elementor Templates & Widgets Vulnerability – Missing Authorization to Unauthenticated Sensitive Information Exposure – CVE-2026-1004 | WordPress Plugin Vulnerability Report
Plugin Name: Essential Addons for Elementor – Popular Elementor Templates & Widgets Key Information Software Type: PluginSoftware Slug: essential-addons-for-elementor-liteSoftware Status: ActiveSoftware Author: wpdevteamSoftware Downloads: 117,159,772Active Installs: 2,000,000Last Updated: January 22, 2026Patched Versions: 6.5.6Affected Versions: ≤ 6.5.5 Vulnerability Details Name: Essential Addons for Elementor ≤ 6.5.5 – Missing Authorization to Unauthenticated Sensitive Information ExposureTitle: Missing Authorization…
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic Vulnerability – Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure – CVE-2025-14384 | WordPress Plugin Vulnerability Report
Plugin Name: All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic Key Information: Software Type: PluginSoftware Slug: all-in-one-seo-packSoftware Status: PatchedSoftware Author: smubSoftware Downloads: 196,420,959Active Installs: 3,000,000Last Updated: January 16, 2026Patched Versions: 4.9.3Affected Versions: ≤ 4.9.2 Vulnerability Details: Name: All in One SEO – Powerful SEO Plugin to Boost SEO…
Mollie Payments for WooCommerce Vulnerability – Unauthenticated Full Path Disclosure – CVE-2024-6448 | WordPress Plugin Vulnerability Report
Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 3,421,407 Active Installs: 100,000 Last Updated: August 27, 2024 Patched Versions: 7.8.0 Affected Versions: <= 7.7.0 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.7.0 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6448 CVSS Score: 5.3 Publicly…
Slider & Popup Builder by Depicter Vulnerability – Authenticated (Contributor+) Arbitrary File Upload – CVE-2024-4389 | WordPress Plugin Vulnerability Report
Plugin Name: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel Key Information: Software Type: Plugin Software Slug: depicter Software Status: Active Software Author: averta Software Downloads: 1,314,164 Active Installs: 100,000 Last Updated: August 19, 2024 Patched Versions: 3.1.2 Affected Versions: <=…
Media Library Assistant Vulnerability- Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action – CVE-2024-6823 | WordPress Plugin Vulnerability Report
Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 2,044,116 Active Installs: 70,000 Last Updated: August 18, 2024 Patched Versions: 3.19 Affected Versions: <= 3.18 Vulnerability Details: Name: Media Library Assistant <= 3.18 Title: Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action…
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets – CVE-2024-7247 | WordPress Plugin Vulnerability Report
Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,552,973 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 5.7.3 Affected Versions: <= 5.7.2 Vulnerability Details: Name: Element Pack Elementor Addons…
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4643 | WordPress Plugin Vulnerability Report
Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,552,973 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 5.6.12 Affected Versions: <= 5.6.11 Vulnerability Details: Name: Element Pack Elementor Addons…