WP XSS APR 2025
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS APR 2025 is a -9% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS APR 2025 & WP Cross-Site Scripting category:
About Author | Cross-Site Scripting (XSS) |
Accounting for WooCommerce | Cross-Site Scripting (XSS) |
Accounting for WooCommerce | Cross-Site Scripting (XSS) |
Ad Inserter | Cross-Site Scripting (XSS) |
Ads24 Lite | Cross-Site Scripting (XSS) |
AdSense Privacy Policy | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Advanced File Manager | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Advanced Form Integration | Cross-Site Scripting (XSS) |
Advanced iFrame | Cross-Site Scripting (XSS) |
Advanced Post Search | Cross-Site Scripting (XSS) |
Advanced Woo Search | Cross-Site Scripting (XSS) from aws_search_terms Shortcode |
AEC Kiosque | Cross-Site Scripting (XSS) |
AI Preloader | Cross-Site Scripting (XSS) |
Alert Box Block – Display notice/alerts in the front end | Cross-Site Scripting (XSS) from Alert Box Block |
AlphaOmega Captcha & Anti-Spam Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Amazing service box Addons For WPBakery Page Builder | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
amoCRM WebForm | Cross-Site Scripting (XSS) |
ANAC XML Render | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Another Events Calendar | Cross-Site Scripting (XSS) |
AppPresser | Unauthenticated Cross-Site Scripting (XSS) |
AppReview | Cross-Site Scripting (XSS) |
Are you robot google recaptcha for wordpress | Cross-Site Scripting (XSS) |
ARPrice | Cross-Site Scripting (XSS) |
Arrow Maps | Cross-Site Scripting (XSS) |
Audio Album | Cross-Site Scripting (XSS) |
AuMenu | Cross-Site Scripting (XSS) |
AuraMart Theme | Cross-Site Scripting (XSS) |
AvaiBook | Cross-Site Scripting (XSS) |
Awesome Surveys | Cross-Site Scripting (XSS) |
Ayyash Studio | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
banner-manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Beautiful Link Preview | Cross-Site Scripting (XSS) |
Bee Layer Slider | Cross-Site Scripting (XSS) |
Better Section Navigation Widget | Cross-Site Scripting (XSS) |
Better WishList API | Cross-Site Scripting (XSS) |
binlayerpress | Cross-Site Scripting (XSS) |
Bitcoin / AltCoin Payment Gateway for WooCommerce | Cross-Site Scripting (XSS) |
Bitspecter Suite | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Block Spam By Math Reloaded | Cross-Site Scripting (XSS) |
BlogBuzzTime for WP | Cross-Site Scripting (XSS) |
Blue Captcha | Cross-Site Scripting (XSS) |
BMo Expo | Cross-Site Scripting (XSS) |
BP Email Assign Templates | Cross-Site Scripting (XSS) |
Breezing Forms | Cross-Site Scripting (XSS) |
Browser Address Bar Color | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Build Theme | Cross-Site Scripting (XSS) |
CallPhone'r | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
CAS Maestro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Cazamba | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
CC-IMG-Shortcode | Cross-Site Scripting (XSS) |
CG Button | Cross-Site Scripting (XSS) |
Charitable | Cross-Site Scripting (XSS) |
Chartify | Cross-Site Scripting (XSS) |
Churel Theme | Cross-Site Scripting (XSS) |
City Store Theme | Cross-Site Scripting (XSS) |
Clearout Email Validator | Cross-Site Scripting (XSS) |
Click to Chat – WP Support All-in-One Floating Widget | Cross-Site Scripting (XSS) |
Clink | Cross-Site Scripting (XSS) |
CM WordPress FAQ Plugin | Cross-Site Scripting (XSS) |
Comment Approved Notifier Extended | Cross-Site Scripting (XSS) |
Contact Form 7 Material Design | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Contact Form & SMTP Plugin | Cross-Site Scripting (XSS) |
Cookies Pro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
CopyLink | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Coronavirus (COVID-19) Notice Message | Cross-Site Scripting (XSS) |
Coronavirus (COVID-19) Notice Message | Cross-Site Scripting (XSS) |
Cozy Blocks | Cross-Site Scripting (XSS) |
CRM and Lead Management by vcita | Cross-Site Scripting (XSS) |
CryoKey | Cross-Site Scripting (XSS) from 'ckemail' Parameter |
cTabs | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Currency Switcher for WooCommerce | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
custom-post-edit | Cross-Site Scripting (XSS) |
Custom Product Stickers for Woocommerce | Cross-Site Scripting (XSS) |
Custom Smilies | Cross-Site Scripting (XSS) |
Custom top bar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Debug-Bar-Extender | Cross-Site Scripting (XSS) |
Design Comuni Italia Theme | Unauthenticated Cross-Site Scripting (XSS) |
DesignThemes Core Features | Cross-Site Scripting (XSS) from Shortcode |
DethemeKit For Elementor | Cross-Site Scripting (XSS) |
DICOM Support | Cross-Site Scripting (XSS) |
Digital License Manager | Cross-Site Scripting (XSS) from remove_query_arg Function |
Display Post Meta | Cross-Site Scripting (XSS) |
Domain Theme | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Doneren met Mollie | Cross-Site Scripting (XSS) |
Download HTML TinyMCE Button | Cross-Site Scripting (XSS) |
DP ALTerminator - Missing ALT manager | Cross-Site Scripting (XSS) |
Dr Flex | Cross-Site Scripting (XSS) |
Driving Directions | Cross-Site Scripting (XSS) |
Dropdown Multisite selector | Cross-Site Scripting (XSS) |
Duplicate Page and Post | Cross-Site Scripting (XSS) |
Easy Custom Admin Bar | Cross-Site Scripting (XSS) from msg Parameter |
Easy Image Display | Cross-Site Scripting (XSS) |
Easy Page Transition | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) |
En Masse | Cross-Site Scripting (XSS) |
EO4WP | Cross-Site Scripting (XSS) |
Event post | Cross-Site Scripting (XSS) |
Event post | Cross-Site Scripting (XSS) |
Event post | Cross-Site Scripting (XSS) |
Event Tickets | Cross-Site Scripting (XSS) |
EZ SQL Reports Shortcode Widget and DB Backup | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Fancybox Plus | Cross-Site Scripting (XSS) |
Favorites | Cross-Site Scripting (XSS) |
Featured Image Thumbnail Grid | Cross-Site Scripting (XSS) |
Featured Posts Grid | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Finale Lite | DOM-Based Cross-Site Scripting (XSS) from Countdown Timer |
Fiverrcom Official Search Box | Cross-Site Scripting (XSS) |
Flatty | Cross-Site Scripting (XSS) |
Flexmls® IDX | Cross-Site Scripting (XSS) |
FOMO Pay Chinese Payment Solution | Cross-Site Scripting (XSS) |
FooGallery | Cross-Site Scripting (XSS) from Album Title Size |
FooGallery | Cross-Site Scripting (XSS) |
FormLift for Infusionsoft Web Forms | Cross-Site Scripting (XSS) |
Form Maker by 10Web | Cross-Site Scripting (XSS) |
Frndzk Expandable Bottom Bar | Cross-Site Scripting (XSS) from text Parameter |
Frontend Post Submission | Cross-Site Scripting (XSS) |
FTP Sync | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Gallery for Social Photo | Cross-Site Scripting (XSS) |
GDPR Cookie Compliance | Cross-Site Scripting (XSS) |
GDPR Cookie Compliance | Cross-Site Scripting (XSS) |
GDPR Tools | Cross-Site Scripting (XSS) |
GetSocial | Cross-Site Scripting (XSS) |
GlobalPayments WooCommerce | Cross-Site Scripting (XSS) |
GMO Font Agent | Cross-Site Scripting (XSS) |
GNUCommerce | Cross-Site Scripting (XSS) |
GNUCommerce | Cross-Site Scripting (XSS) |
GNUPress | Cross-Site Scripting (XSS) |
GNUPress | Cross-Site Scripting (XSS) |
Google Font Fix | Cross-Site Scripting (XSS) |
Google News Editors Picks Feed Generator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Google News Editors Picks Feed Generator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Google Plus | Cross-Site Scripting (XSS) |
Gotcha | Cross-Site Scripting (XSS) from menu Parameter |
Go To Top | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Gravity 2 PDF | Cross-Site Scripting (XSS) |
Greek Multi Tool – Fix peralinks, accents, auto create menus and more | Unauthenticated Cross-Site Scripting (XSS) |
Greenshift | Cross-Site Scripting (XSS) |
Gum Elementor Addon | Cross-Site Scripting (XSS) |
Happy Addons for Elementor | Cross-Site Scripting (XSS) |
Hashtags | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Hester Theme | Cross-Site Scripting (XSS) |
Hostel | Cross-Site Scripting (XSS) |
Hostel | Cross-Site Scripting (XSS) |
HT Mega | DOM-Based Cross-Site Scripting (XSS) from Countdown Widget |
HT Mega | Cross-Site Scripting (XSS) from Multiple Widgets |
IG Shortcodes | Cross-Site Scripting (XSS) |
Image Wall | Cross-Site Scripting (XSS) |
Improve My City | Cross-Site Scripting (XSS) |
include-file | Cross-Site Scripting (XSS) |
Include URL | Cross-Site Scripting (XSS) |
Infugrator | Cross-Site Scripting (XSS) |
Insert Code | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
In Stock Mailer for WooCommerce | Cross-Site Scripting (XSS) |
In Stock Mailer for WooCommerce | Cross-Site Scripting (XSS) |
IP Based Login | Cross-Site Scripting (XSS) |
IP Locator | Cross-Site Scripting (XSS) |
issuuPress | Cross-Site Scripting (XSS) |
Já-Já Pagamentos for WooCommerce | Cross-Site Scripting (XSS) |
jAlbum Bridge | Cross-Site Scripting (XSS) |
jAlbum Bridge | Cross-Site Scripting (XSS) |
Job Colors for WP Job Manager | Cross-Site Scripting (XSS) |
Jobs for WordPress | Cross-Site Scripting (XSS) |
jQuery Dropdown Menu | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Kento WordPress Stats | Cross-Site Scripting (XSS) |
Key4ce osTicket Bridge | Cross-Site Scripting (XSS) |
KK I Like It | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
LatePoint | Cross-Site Scripting (XSS) |
Lava Ajax Search | Cross-Site Scripting (XSS) |
LeadConnector | Cross-Site Scripting (XSS) |
Leaky Paywall | Cross-Site Scripting (XSS) |
LH OGP Meta | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Lightview Plus | Cross-Site Scripting (XSS) |
Limit Bio | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
Limit Bio | Cross-Site Scripting (XSS) |
Link My Posts | Cross-Site Scripting (XSS) |
Listamester | Cross-Site Scripting (XSS) |
List Mixcloud | Cross-Site Scripting (XSS) |
List of Posts from each Category plugin for WordPress | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
LIVE TV | Cross-Site Scripting (XSS) |
Login Alert | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Login Redirect | Cross-Site Scripting (XSS) |
Lunar | Cross-Site Scripting (XSS) |
m1DownloadList | Cross-Site Scripting (XSS) |
Magic Embeds | Cross-Site Scripting (XSS) |
Management-screen-droptiles | Cross-Site Scripting (XSS) |
Map Contact | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Master Addons for Elementor | Cross-Site Scripting (XSS) from id Parameter |
Master Addons for Elementor | Cross-Site Scripting (XSS) from Multiple Widgets |
Master Slider | Cross-Site Scripting (XSS) from ms_slider Shortcode |
MaxA/B | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
mEintopf | Cross-Site Scripting (XSS) |
MemberSpace | Cross-Site Scripting (XSS) |
Members page only for logged in users | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Message ticker | Cross-Site Scripting (XSS) |
Microblog Poster | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
MicroPayments | Cross-Site Scripting (XSS) |
MicroPayments | Cross-Site Scripting (XSS) |
Mobile Navigation | Cross-Site Scripting (XSS) |
MorningTime Lite Theme | Cross-Site Scripting (XSS)Remote Code Execution (BAC) |
Multi Video Box | Cross-Site Scripting (XSS) from video_id and group_id Parameters |
My Bootstrap Menu | Cross-Site Scripting (XSS) |
My Default Post Content | Cross-Site Scripting (XSS) |
My Quota | Cross-Site Scripting (XSS) |
Narnoo Operator | Cross-Site Scripting (XSS) |
Nested Pages | Cross-Site Scripting (XSS) |
newseqo Theme | Cross-Site Scripting (XSS) |
Newsletters | Cross-Site Scripting (XSS) from To Parameter |
Newsletters | Unauthenticated Cross-Site Scripting (XSS) |
NextGEN Gallery Voting | Cross-Site Scripting (XSS) |
Ninja Pages | Cross-Site Scripting (XSS) |
Nmedia MailChimp | Cross-Site Scripting (XSS) |
No Disposable Email | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Notibar | Cross-Site Scripting (XSS) |
Novelist | Cross-Site Scripting (XSS) |
NS Simple Intro Loader | Cross-Site Scripting (XSS) |
Off-Canvas Sidebars & Menus (Slidebars) | Cross-Site Scripting (XSS) |
Off Page SEO | Cross-Site Scripting (XSS) |
OK Poster Group | Cross-Site Scripting (XSS) |
Omnify | Cross-Site Scripting (XSS) |
OmniLeads Scripts and Tags Manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Page Takeover | Cross-Site Scripting (XSS) |
Paid Member Subscriptions | Cross-Site Scripting (XSS) |
Passbeemedia Web Push Notification | Cross-Site Scripting (XSS) |
Pesapal Gateway for Woocommerce | Cross-Site Scripting (XSS) |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) |
Picture Gallery | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
pipDisqus | Cross-Site Scripting (XSS) |
pixelstats | Cross-Site Scripting (XSS) |
Pixobe Cartography | Cross-Site Scripting (XSS) |
Point Maker | Cross-Site Scripting (XSS) |
Poll Maker | Cross-Site Scripting (XSS) |
Portfolio and Projects | Cross-Site Scripting (XSS) |
Post Read Time | Cross-Site Scripting (XSS) |
PostX | Cross-Site Scripting (XSS) |
Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin | Cross-Site Scripting (XSS) |
Pretty file links | Cross-Site Scripting (XSS) |
price-calc | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Primer MyData for Woocommerce | Cross-Site Scripting (XSS) |
Product Puller | Cross-Site Scripting (XSS) |
Pro Rank Tracker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Quick Interest Slider | Cross-Site Scripting (XSS) |
Quick Localization | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
Quotes llama | Cross-Site Scripting (XSS) |
RainbowNews Theme | Cross-Site Scripting (XSS) |
Random Image Selector | Cross-Site Scripting (XSS) |
Random Quotes | Cross-Site Scripting (XSS) |
Rankcheckerio Integration | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Rankcheckerio Integration | Cross-Site Scripting (XSS) |
Razorpay Subscription Button Elementor Plugin | Cross-Site Scripting (XSS) from add_query_arg and remove_query_arg Functions |
RDP inGroups+ | Cross-Site Scripting (XSS) |
RDP Linkedin Login | Cross-Site Scripting (XSS) |
Recently Purchased Products For Woo | Cross-Site Scripting (XSS) from view Parameter |
Registrations for the Events Calendar | Cross-Site Scripting (XSS) |
Related Post | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
Related Posts from Categories | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Replace Default Words | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Reservit Hotel | Cross-Site Scripting (XSS) |
Responsive Slider by MetaSlider | Cross-Site Scripting (XSS) |
Rizzi Guestbook | Cross-Site Scripting (XSS) |
RPS Include Content | Cross-Site Scripting (XSS) |
RWS Enquiry And Lead Follow-up | Cross-Site Scripting (XSS) |
S3Bubble Media Streaming | Cross-Site Scripting (XSS) |
S3Bubble Media Streaming | Cross-Site Scripting (XSS) |
Schedule | Cross-Site Scripting (XSS) |
School Management | Cross-Site Scripting (XSS) |
SearchIQ | Cross-Site Scripting (XSS) |
SearchIQ | Cross-Site Scripting (XSS) |
Secret Meta | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
SecuPress Free | Cross-Site Scripting (XSS) |
Secure Invites | Cross-Site Scripting (XSS) |
SEO Tools | Cross-Site Scripting (XSS) |
SEO Tools | Cross-Site Scripting (XSS) |
SH Email Alert | Cross-Site Scripting (XSS) |
ShopLentor | DOM-Based Cross-Site Scripting (XSS) from Flash Sale Countdown Module |
Shortcodes Ultimate | Cross-Site Scripting (XSS) from src Parameter |
ShowTime Slideshow | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Simple Amazon Affiliate | Cross-Site Scripting (XSS) |
Simple Banner | Cross-Site Scripting (XSS) |
Simplebooklet PDF Viewer and Embedder | Cross-Site Scripting (XSS) |
Simple Notification | Cross-Site Scripting (XSS) |
Simple Post Series | Cross-Site Scripting (XSS) |
Simple Rating | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Simply Schedule Appointments | Cross-Site Scripting (XSS) |
Site Editor Google Map | Cross-Site Scripting (XSS) |
Sitekit | Cross-Site Scripting (XSS) |
Site Reviews | Unauthenticated Cross-Site Scripting (XSS) |
Skitter Slideshow | Cross-Site Scripting (XSS) |
SKT Addons for Elementor | Cross-Site Scripting (XSS) |
SKU Generator for WooCommerce | Cross-Site Scripting (XSS) |
Sleekplan | Cross-Site Scripting (XSS) |
Slider by 10Web | Cross-Site Scripting (XSS) from Widget |
Slider by 10Web | Cross-Site Scripting (XSS) |
Smart Maintenance Mode | Cross-Site Scripting (XSS) |
Smart Maintenance Mode | Cross-Site Scripting (XSS) from setstatus Parameter |
Social Share And Social Locker | Cross-Site Scripting (XSS) |
Social Snap | Cross-Site Scripting (XSS) |
Social Snap | Cross-Site Scripting (XSS) |
SpatialMatch IDX | Cross-Site Scripting (XSS) |
Spectra | Cross-Site Scripting (XSS) |
SpotBot | Cross-Site Scripting (XSS) |
Stencies | Cross-Site Scripting (XSS) |
StoreBiz Theme | Cross-Site Scripting (XSS) |
Store Locator Widget | r Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Structured Content | Cross-Site Scripting (XSS) |
Stylish Google Sheet Reader | Cross-Site Scripting (XSS) |
Stylish Price List | Cross-Site Scripting (XSS) |
SUPER RESPONSIVE SLIDER | Cross-Site Scripting (XSS) |
SyntaxHighlighter Evolved | Cross-Site Scripting (XSS) |
Tabbed Login Widget | Cross-Site Scripting (XSS) |
TabGarb Pro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
TablePress | Cross-Site Scripting (XSS) |
tagDiv Composer | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
tagDiv Composer | Cross-Site Scripting (XSS) from 'account_id' and 'account_username' |
TBTestimonials | Cross-Site Scripting (XSS) |
Teleport | Cross-Site Scripting (XSS) |
Terms of Use | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Text Selection Color | Cross-Site Scripting (XSS) |
TGG WP Optimizer | Cross-Site Scripting (XSS) |
Theme Demo Bar | Cross-Site Scripting (XSS) |
Themify Event Post | Cross-Site Scripting (XSS) |
The Pack Elementor addons | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) from Multiple Widgets |
The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) |
The Visitor Counter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Tidekey | Cross-Site Scripting (XSS) |
Toggle Box | Cross-Site Scripting (XSS) |
Translator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Traveler Theme | Cross-Site Scripting (XSS) |
Ultimate Blocks | Cross-Site Scripting (XSS) |
ULTIMATE VIDEO GALLERY | Cross-Site Scripting (XSS) |
Unlimited Theme | Cross-Site Scripting (XSS) |
Upload Quota per User | Cross-Site Scripting (XSS) |
URL Shortener | Conversion Tracking | AB Testing | WooCommerce | Cross-Site Scripting (XSS) |
User Registration | Cross-Site Scripting (XSS) |
UTM tags tracking for Contact Form 7 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
VaultRE Contact Form 7 | Cross-Site Scripting (XSS) |
Video Embedder | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Video Share VOD | Cross-Site Scripting (XSS) |
wA11y – The Web Accessibility Toolbox | Cross-Site Scripting (XSS) |
WATI Chat and Notification | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
wBounce | Cross-Site Scripting (XSS) |
Weather Layer | Cross-Site Scripting (XSS) |
Whitish Lite Theme | Cross-Site Scripting (XSS) |
WIP WooCarousel Lite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WooCommerce | Cross-Site Scripting (XSS) |
WooCommerce Fattureincloud | Cross-Site Scripting (XSS) |
WordPress Admin Bar Improved | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Unauthenticated Cross-Site Scripting (XSS) |
wordpress login form to anywhere | Cross-Site Scripting (XSS) |
WordPres 同步微博 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WoWPth | Cross-Site Scripting (XSS) |
WP2LEADS | Cross-Site Scripting (XSS) |
WP-Advanced-Search | Cross-Site Scripting (XSS) |
WP AntiDDOS | Cross-Site Scripting (XSS) |
WP Azure offload | Cross-Site Scripting (XSS) |
WP Cards | Cross-Site Scripting (XSS) |
WP Cassify | Cross-Site Scripting (XSS) |
WP Click Info | Cross-Site Scripting (XSS) |
WP Colorful Tag Cloud | Cross-Site Scripting (XSS) |
WP Compare Tables | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Contact Form III | d Cross-Site Scripting (XSS) |
WP Database Audit | Cross-Site Scripting (XSS) |
WP Database Optimizer | Cross-Site Scripting (XSS) |
WP Discord Post | Cross-Site Scripting (XSS) |
WP e-Customers Beta | Cross-Site Scripting (XSS) |
WP Email Delivery | Cross-Site Scripting (XSS) |
WP Event Ticketing | Cross-Site Scripting (XSS) |
WP Google Street View | Cross-Site Scripting (XSS) |
WP Hotjar | Cross-Site Scripting (XSS) |
WP jQuery Persian Datepicker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Last Modified | Cross-Site Scripting (XSS) |
WP Login Control | Cross-Site Scripting (XSS) |
WP Login Control | Cross-Site Scripting (XSS) |
WP Odoo Form Integrator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP-OGP | Cross-Site Scripting (XSS) |
WP Parallax Content Slider | Cross-Site Scripting (XSS) |
WP-PManager | Cross-Site Scripting (XSS) |
WP Posts Carousel | Cross-Site Scripting (XSS) from auto_play_timeout Parameter |
WP Posts Carousel | Cross-Site Scripting (XSS) |
WP Posts Carousel | Cross-Site Scripting (XSS) |
WP Recipe Maker | Cross-Site Scripting (XSS) |
WP Simple Slideshow | Cross-Site Scripting (XSS) |
WP Social Widget | Cross-Site Scripting (XSS) |
WP SVG Upload | Cross-Site Scripting (XSS) from SVG |
WP Tabs | Cross-Site Scripting (XSS) |
WP Test Email | Unauthenticated Cross-Site Scripting (XSS) |
WP Ultimate Search | Cross-Site Scripting (XSS) |
WP Weixin Theme | Cross-Site Scripting (XSS) |
xili-dictionary | Cross-Site Scripting (XSS) |
XV Random Quotes | Cross-Site Scripting (XSS) |
XV Random Quotes | Cross-Site Scripting (XSS) |
Years Since | Cross-Site Scripting (XSS) |
Your Lightbox | Cross-Site Scripting (XSS) |
Your Simple SVG Support | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
YouTube SimpleGallery | Cross-Site Scripting (XSS) |
Zalo Live Chat | Cross-Site Scripting (XSS) |
ZD Scribd iPaper | Cross-Site Scripting (XSS) |
ZenphotoPress | Cross-Site Scripting (XSS) |
ZhinaTwitterWidget | Cross-Site Scripting (XSS) |
Zielke Design Project Gallery | Cross-Site Scripting (XSS) |
Zoho Billing – Embed Payment Form | Cross-Site Scripting (XSS) |
Zoorum Comments | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 3806 |
WordPress Cross-Site Scripting (XSS) reported in 2025: | 2234 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.