WP XSS APR 2025
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS APR 2025 is a -9% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS APR 2025 & WP Cross-Site Scripting category:
| About Author | Cross-Site Scripting (XSS) |
| Accounting for WooCommerce | Cross-Site Scripting (XSS) |
| Accounting for WooCommerce | Cross-Site Scripting (XSS) |
| Ad Inserter | Cross-Site Scripting (XSS) |
| Ads24 Lite | Cross-Site Scripting (XSS) |
| AdSense Privacy Policy | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Advanced File Manager | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Advanced Form Integration | Cross-Site Scripting (XSS) |
| Advanced iFrame | Cross-Site Scripting (XSS) |
| Advanced Post Search | Cross-Site Scripting (XSS) |
| Advanced Woo Search | Cross-Site Scripting (XSS) from aws_search_terms Shortcode |
| AEC Kiosque | Cross-Site Scripting (XSS) |
| AI Preloader | Cross-Site Scripting (XSS) |
| Alert Box Block – Display notice/alerts in the front end | Cross-Site Scripting (XSS) from Alert Box Block |
| AlphaOmega Captcha & Anti-Spam Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Amazing service box Addons For WPBakery Page Builder | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| amoCRM WebForm | Cross-Site Scripting (XSS) |
| ANAC XML Render | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Another Events Calendar | Cross-Site Scripting (XSS) |
| AppPresser | Unauthenticated Cross-Site Scripting (XSS) |
| AppReview | Cross-Site Scripting (XSS) |
| Are you robot google recaptcha for wordpress | Cross-Site Scripting (XSS) |
| ARPrice | Cross-Site Scripting (XSS) |
| Arrow Maps | Cross-Site Scripting (XSS) |
| Audio Album | Cross-Site Scripting (XSS) |
| AuMenu | Cross-Site Scripting (XSS) |
| AuraMart Theme | Cross-Site Scripting (XSS) |
| AvaiBook | Cross-Site Scripting (XSS) |
| Awesome Surveys | Cross-Site Scripting (XSS) |
| Ayyash Studio | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| banner-manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Beautiful Link Preview | Cross-Site Scripting (XSS) |
| Bee Layer Slider | Cross-Site Scripting (XSS) |
| Better Section Navigation Widget | Cross-Site Scripting (XSS) |
| Better WishList API | Cross-Site Scripting (XSS) |
| binlayerpress | Cross-Site Scripting (XSS) |
| Bitcoin / AltCoin Payment Gateway for WooCommerce | Cross-Site Scripting (XSS) |
| Bitspecter Suite | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Block Spam By Math Reloaded | Cross-Site Scripting (XSS) |
| BlogBuzzTime for WP | Cross-Site Scripting (XSS) |
| Blue Captcha | Cross-Site Scripting (XSS) |
| BMo Expo | Cross-Site Scripting (XSS) |
| BP Email Assign Templates | Cross-Site Scripting (XSS) |
| Breezing Forms | Cross-Site Scripting (XSS) |
| Browser Address Bar Color | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Build Theme | Cross-Site Scripting (XSS) |
| CallPhone'r | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| CAS Maestro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Cazamba | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| CC-IMG-Shortcode | Cross-Site Scripting (XSS) |
| CG Button | Cross-Site Scripting (XSS) |
| Charitable | Cross-Site Scripting (XSS) |
| Chartify | Cross-Site Scripting (XSS) |
| Churel Theme | Cross-Site Scripting (XSS) |
| City Store Theme | Cross-Site Scripting (XSS) |
| Clearout Email Validator | Cross-Site Scripting (XSS) |
| Click to Chat – WP Support All-in-One Floating Widget | Cross-Site Scripting (XSS) |
| Clink | Cross-Site Scripting (XSS) |
| CM WordPress FAQ Plugin | Cross-Site Scripting (XSS) |
| Comment Approved Notifier Extended | Cross-Site Scripting (XSS) |
| Contact Form 7 Material Design | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Contact Form & SMTP Plugin | Cross-Site Scripting (XSS) |
| Cookies Pro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| CopyLink | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Coronavirus (COVID-19) Notice Message | Cross-Site Scripting (XSS) |
| Coronavirus (COVID-19) Notice Message | Cross-Site Scripting (XSS) |
| Cozy Blocks | Cross-Site Scripting (XSS) |
| CRM and Lead Management by vcita | Cross-Site Scripting (XSS) |
| CryoKey | Cross-Site Scripting (XSS) from 'ckemail' Parameter |
| cTabs | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Currency Switcher for WooCommerce | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| custom-post-edit | Cross-Site Scripting (XSS) |
| Custom Product Stickers for Woocommerce | Cross-Site Scripting (XSS) |
| Custom Smilies | Cross-Site Scripting (XSS) |
| Custom top bar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Debug-Bar-Extender | Cross-Site Scripting (XSS) |
| Design Comuni Italia Theme | Unauthenticated Cross-Site Scripting (XSS) |
| DesignThemes Core Features | Cross-Site Scripting (XSS) from Shortcode |
| DethemeKit For Elementor | Cross-Site Scripting (XSS) |
| DICOM Support | Cross-Site Scripting (XSS) |
| Digital License Manager | Cross-Site Scripting (XSS) from remove_query_arg Function |
| Display Post Meta | Cross-Site Scripting (XSS) |
| Domain Theme | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Doneren met Mollie | Cross-Site Scripting (XSS) |
| Download HTML TinyMCE Button | Cross-Site Scripting (XSS) |
| DP ALTerminator - Missing ALT manager | Cross-Site Scripting (XSS) |
| Dr Flex | Cross-Site Scripting (XSS) |
| Driving Directions | Cross-Site Scripting (XSS) |
| Dropdown Multisite selector | Cross-Site Scripting (XSS) |
| Duplicate Page and Post | Cross-Site Scripting (XSS) |
| Easy Custom Admin Bar | Cross-Site Scripting (XSS) from msg Parameter |
| Easy Image Display | Cross-Site Scripting (XSS) |
| Easy Page Transition | Cross-Site Scripting (XSS) |
| Elements kit Elementor addons | Cross-Site Scripting (XSS) |
| En Masse | Cross-Site Scripting (XSS) |
| EO4WP | Cross-Site Scripting (XSS) |
| Event post | Cross-Site Scripting (XSS) |
| Event post | Cross-Site Scripting (XSS) |
| Event post | Cross-Site Scripting (XSS) |
| Event Tickets | Cross-Site Scripting (XSS) |
| EZ SQL Reports Shortcode Widget and DB Backup | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Fancybox Plus | Cross-Site Scripting (XSS) |
| Favorites | Cross-Site Scripting (XSS) |
| Featured Image Thumbnail Grid | Cross-Site Scripting (XSS) |
| Featured Posts Grid | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Finale Lite | DOM-Based Cross-Site Scripting (XSS) from Countdown Timer |
| Fiverrcom Official Search Box | Cross-Site Scripting (XSS) |
| Flatty | Cross-Site Scripting (XSS) |
| Flexmls® IDX | Cross-Site Scripting (XSS) |
| FOMO Pay Chinese Payment Solution | Cross-Site Scripting (XSS) |
| FooGallery | Cross-Site Scripting (XSS) from Album Title Size |
| FooGallery | Cross-Site Scripting (XSS) |
| FormLift for Infusionsoft Web Forms | Cross-Site Scripting (XSS) |
| Form Maker by 10Web | Cross-Site Scripting (XSS) |
| Frndzk Expandable Bottom Bar | Cross-Site Scripting (XSS) from text Parameter |
| Frontend Post Submission | Cross-Site Scripting (XSS) |
| FTP Sync | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Gallery for Social Photo | Cross-Site Scripting (XSS) |
| GDPR Cookie Compliance | Cross-Site Scripting (XSS) |
| GDPR Cookie Compliance | Cross-Site Scripting (XSS) |
| GDPR Tools | Cross-Site Scripting (XSS) |
| GetSocial | Cross-Site Scripting (XSS) |
| GlobalPayments WooCommerce | Cross-Site Scripting (XSS) |
| GMO Font Agent | Cross-Site Scripting (XSS) |
| GNUCommerce | Cross-Site Scripting (XSS) |
| GNUCommerce | Cross-Site Scripting (XSS) |
| GNUPress | Cross-Site Scripting (XSS) |
| GNUPress | Cross-Site Scripting (XSS) |
| Google Font Fix | Cross-Site Scripting (XSS) |
| Google News Editors Picks Feed Generator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Google News Editors Picks Feed Generator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Google Plus | Cross-Site Scripting (XSS) |
| Gotcha | Cross-Site Scripting (XSS) from menu Parameter |
| Go To Top | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Gravity 2 PDF | Cross-Site Scripting (XSS) |
| Greek Multi Tool – Fix peralinks, accents, auto create menus and more | Unauthenticated Cross-Site Scripting (XSS) |
| Greenshift | Cross-Site Scripting (XSS) |
| Gum Elementor Addon | Cross-Site Scripting (XSS) |
| Happy Addons for Elementor | Cross-Site Scripting (XSS) |
| Hashtags | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Hester Theme | Cross-Site Scripting (XSS) |
| Hostel | Cross-Site Scripting (XSS) |
| Hostel | Cross-Site Scripting (XSS) |
| HT Mega | DOM-Based Cross-Site Scripting (XSS) from Countdown Widget |
| HT Mega | Cross-Site Scripting (XSS) from Multiple Widgets |
| IG Shortcodes | Cross-Site Scripting (XSS) |
| Image Wall | Cross-Site Scripting (XSS) |
| Improve My City | Cross-Site Scripting (XSS) |
| include-file | Cross-Site Scripting (XSS) |
| Include URL | Cross-Site Scripting (XSS) |
| Infugrator | Cross-Site Scripting (XSS) |
| Insert Code | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| In Stock Mailer for WooCommerce | Cross-Site Scripting (XSS) |
| In Stock Mailer for WooCommerce | Cross-Site Scripting (XSS) |
| IP Based Login | Cross-Site Scripting (XSS) |
| IP Locator | Cross-Site Scripting (XSS) |
| issuuPress | Cross-Site Scripting (XSS) |
| Já-Já Pagamentos for WooCommerce | Cross-Site Scripting (XSS) |
| jAlbum Bridge | Cross-Site Scripting (XSS) |
| jAlbum Bridge | Cross-Site Scripting (XSS) |
| Job Colors for WP Job Manager | Cross-Site Scripting (XSS) |
| Jobs for WordPress | Cross-Site Scripting (XSS) |
| jQuery Dropdown Menu | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Kento WordPress Stats | Cross-Site Scripting (XSS) |
| Key4ce osTicket Bridge | Cross-Site Scripting (XSS) |
| KK I Like It | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| LatePoint | Cross-Site Scripting (XSS) |
| Lava Ajax Search | Cross-Site Scripting (XSS) |
| LeadConnector | Cross-Site Scripting (XSS) |
| Leaky Paywall | Cross-Site Scripting (XSS) |
| LH OGP Meta | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Lightview Plus | Cross-Site Scripting (XSS) |
| Limit Bio | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Limit Bio | Cross-Site Scripting (XSS) |
| Link My Posts | Cross-Site Scripting (XSS) |
| Listamester | Cross-Site Scripting (XSS) |
| List Mixcloud | Cross-Site Scripting (XSS) |
| List of Posts from each Category plugin for WordPress | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| LIVE TV | Cross-Site Scripting (XSS) |
| Login Alert | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Login Redirect | Cross-Site Scripting (XSS) |
| Lunar | Cross-Site Scripting (XSS) |
| m1DownloadList | Cross-Site Scripting (XSS) |
| Magic Embeds | Cross-Site Scripting (XSS) |
| Management-screen-droptiles | Cross-Site Scripting (XSS) |
| Map Contact | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Master Addons for Elementor | Cross-Site Scripting (XSS) from id Parameter |
| Master Addons for Elementor | Cross-Site Scripting (XSS) from Multiple Widgets |
| Master Slider | Cross-Site Scripting (XSS) from ms_slider Shortcode |
| MaxA/B | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| mEintopf | Cross-Site Scripting (XSS) |
| MemberSpace | Cross-Site Scripting (XSS) |
| Members page only for logged in users | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Message ticker | Cross-Site Scripting (XSS) |
| Microblog Poster | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| MicroPayments | Cross-Site Scripting (XSS) |
| MicroPayments | Cross-Site Scripting (XSS) |
| Mobile Navigation | Cross-Site Scripting (XSS) |
| MorningTime Lite Theme | Cross-Site Scripting (XSS)Remote Code Execution (BAC) |
| Multi Video Box | Cross-Site Scripting (XSS) from video_id and group_id Parameters |
| My Bootstrap Menu | Cross-Site Scripting (XSS) |
| My Default Post Content | Cross-Site Scripting (XSS) |
| My Quota | Cross-Site Scripting (XSS) |
| Narnoo Operator | Cross-Site Scripting (XSS) |
| Nested Pages | Cross-Site Scripting (XSS) |
| newseqo Theme | Cross-Site Scripting (XSS) |
| Newsletters | Cross-Site Scripting (XSS) from To Parameter |
| Newsletters | Unauthenticated Cross-Site Scripting (XSS) |
| NextGEN Gallery Voting | Cross-Site Scripting (XSS) |
| Ninja Pages | Cross-Site Scripting (XSS) |
| Nmedia MailChimp | Cross-Site Scripting (XSS) |
| No Disposable Email | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Notibar | Cross-Site Scripting (XSS) |
| Novelist | Cross-Site Scripting (XSS) |
| NS Simple Intro Loader | Cross-Site Scripting (XSS) |
| Off-Canvas Sidebars & Menus (Slidebars) | Cross-Site Scripting (XSS) |
| Off Page SEO | Cross-Site Scripting (XSS) |
| OK Poster Group | Cross-Site Scripting (XSS) |
| Omnify | Cross-Site Scripting (XSS) |
| OmniLeads Scripts and Tags Manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Page Takeover | Cross-Site Scripting (XSS) |
| Paid Member Subscriptions | Cross-Site Scripting (XSS) |
| Passbeemedia Web Push Notification | Cross-Site Scripting (XSS) |
| Pesapal Gateway for Woocommerce | Cross-Site Scripting (XSS) |
| Photo Gallery by 10Web | Cross-Site Scripting (XSS) |
| Picture Gallery | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| pipDisqus | Cross-Site Scripting (XSS) |
| pixelstats | Cross-Site Scripting (XSS) |
| Pixobe Cartography | Cross-Site Scripting (XSS) |
| Point Maker | Cross-Site Scripting (XSS) |
| Poll Maker | Cross-Site Scripting (XSS) |
| Portfolio and Projects | Cross-Site Scripting (XSS) |
| Post Read Time | Cross-Site Scripting (XSS) |
| PostX | Cross-Site Scripting (XSS) |
| Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin | Cross-Site Scripting (XSS) |
| Pretty file links | Cross-Site Scripting (XSS) |
| price-calc | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Primer MyData for Woocommerce | Cross-Site Scripting (XSS) |
| Product Puller | Cross-Site Scripting (XSS) |
| Pro Rank Tracker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Quick Interest Slider | Cross-Site Scripting (XSS) |
| Quick Localization | Cross-Site Scripting (XSS) |
| Quiz And Survey Master | Cross-Site Scripting (XSS) |
| Quotes llama | Cross-Site Scripting (XSS) |
| RainbowNews Theme | Cross-Site Scripting (XSS) |
| Random Image Selector | Cross-Site Scripting (XSS) |
| Random Quotes | Cross-Site Scripting (XSS) |
| Rankcheckerio Integration | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Rankcheckerio Integration | Cross-Site Scripting (XSS) |
| Razorpay Subscription Button Elementor Plugin | Cross-Site Scripting (XSS) from add_query_arg and remove_query_arg Functions |
| RDP inGroups+ | Cross-Site Scripting (XSS) |
| RDP Linkedin Login | Cross-Site Scripting (XSS) |
| Recently Purchased Products For Woo | Cross-Site Scripting (XSS) from view Parameter |
| Registrations for the Events Calendar | Cross-Site Scripting (XSS) |
| Related Post | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Related Posts from Categories | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Replace Default Words | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Reservit Hotel | Cross-Site Scripting (XSS) |
| Responsive Slider by MetaSlider | Cross-Site Scripting (XSS) |
| Rizzi Guestbook | Cross-Site Scripting (XSS) |
| RPS Include Content | Cross-Site Scripting (XSS) |
| RWS Enquiry And Lead Follow-up | Cross-Site Scripting (XSS) |
| S3Bubble Media Streaming | Cross-Site Scripting (XSS) |
| S3Bubble Media Streaming | Cross-Site Scripting (XSS) |
| Schedule | Cross-Site Scripting (XSS) |
| School Management | Cross-Site Scripting (XSS) |
| SearchIQ | Cross-Site Scripting (XSS) |
| SearchIQ | Cross-Site Scripting (XSS) |
| Secret Meta | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SecuPress Free | Cross-Site Scripting (XSS) |
| Secure Invites | Cross-Site Scripting (XSS) |
| SEO Tools | Cross-Site Scripting (XSS) |
| SEO Tools | Cross-Site Scripting (XSS) |
| SH Email Alert | Cross-Site Scripting (XSS) |
| ShopLentor | DOM-Based Cross-Site Scripting (XSS) from Flash Sale Countdown Module |
| Shortcodes Ultimate | Cross-Site Scripting (XSS) from src Parameter |
| ShowTime Slideshow | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Amazon Affiliate | Cross-Site Scripting (XSS) |
| Simple Banner | Cross-Site Scripting (XSS) |
| Simplebooklet PDF Viewer and Embedder | Cross-Site Scripting (XSS) |
| Simple Notification | Cross-Site Scripting (XSS) |
| Simple Post Series | Cross-Site Scripting (XSS) |
| Simple Rating | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simply Schedule Appointments | Cross-Site Scripting (XSS) |
| Site Editor Google Map | Cross-Site Scripting (XSS) |
| Sitekit | Cross-Site Scripting (XSS) |
| Site Reviews | Unauthenticated Cross-Site Scripting (XSS) |
| Skitter Slideshow | Cross-Site Scripting (XSS) |
| SKT Addons for Elementor | Cross-Site Scripting (XSS) |
| SKU Generator for WooCommerce | Cross-Site Scripting (XSS) |
| Sleekplan | Cross-Site Scripting (XSS) |
| Slider by 10Web | Cross-Site Scripting (XSS) from Widget |
| Slider by 10Web | Cross-Site Scripting (XSS) |
| Smart Maintenance Mode | Cross-Site Scripting (XSS) |
| Smart Maintenance Mode | Cross-Site Scripting (XSS) from setstatus Parameter |
| Social Share And Social Locker | Cross-Site Scripting (XSS) |
| Social Snap | Cross-Site Scripting (XSS) |
| Social Snap | Cross-Site Scripting (XSS) |
| SpatialMatch IDX | Cross-Site Scripting (XSS) |
| Spectra | Cross-Site Scripting (XSS) |
| SpotBot | Cross-Site Scripting (XSS) |
| Stencies | Cross-Site Scripting (XSS) |
| StoreBiz Theme | Cross-Site Scripting (XSS) |
| Store Locator Widget | r Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Structured Content | Cross-Site Scripting (XSS) |
| Stylish Google Sheet Reader | Cross-Site Scripting (XSS) |
| Stylish Price List | Cross-Site Scripting (XSS) |
| SUPER RESPONSIVE SLIDER | Cross-Site Scripting (XSS) |
| SyntaxHighlighter Evolved | Cross-Site Scripting (XSS) |
| Tabbed Login Widget | Cross-Site Scripting (XSS) |
| TabGarb Pro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| TablePress | Cross-Site Scripting (XSS) |
| tagDiv Composer | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| tagDiv Composer | Cross-Site Scripting (XSS) from 'account_id' and 'account_username' |
| TBTestimonials | Cross-Site Scripting (XSS) |
| Teleport | Cross-Site Scripting (XSS) |
| Terms of Use | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Text Selection Color | Cross-Site Scripting (XSS) |
| TGG WP Optimizer | Cross-Site Scripting (XSS) |
| Theme Demo Bar | Cross-Site Scripting (XSS) |
| Themify Event Post | Cross-Site Scripting (XSS) |
| The Pack Elementor addons | Cross-Site Scripting (XSS) |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) from Multiple Widgets |
| The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) |
| The Visitor Counter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Tidekey | Cross-Site Scripting (XSS) |
| Toggle Box | Cross-Site Scripting (XSS) |
| Translator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Traveler Theme | Cross-Site Scripting (XSS) |
| Ultimate Blocks | Cross-Site Scripting (XSS) |
| ULTIMATE VIDEO GALLERY | Cross-Site Scripting (XSS) |
| Unlimited Theme | Cross-Site Scripting (XSS) |
| Upload Quota per User | Cross-Site Scripting (XSS) |
| URL Shortener | Conversion Tracking | AB Testing | WooCommerce | Cross-Site Scripting (XSS) |
| User Registration | Cross-Site Scripting (XSS) |
| UTM tags tracking for Contact Form 7 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| VaultRE Contact Form 7 | Cross-Site Scripting (XSS) |
| Video Embedder | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Video Share VOD | Cross-Site Scripting (XSS) |
| wA11y – The Web Accessibility Toolbox | Cross-Site Scripting (XSS) |
| WATI Chat and Notification | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| wBounce | Cross-Site Scripting (XSS) |
| Weather Layer | Cross-Site Scripting (XSS) |
| Whitish Lite Theme | Cross-Site Scripting (XSS) |
| WIP WooCarousel Lite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WooCommerce | Cross-Site Scripting (XSS) |
| WooCommerce Fattureincloud | Cross-Site Scripting (XSS) |
| WordPress Admin Bar Improved | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Unauthenticated Cross-Site Scripting (XSS) |
| wordpress login form to anywhere | Cross-Site Scripting (XSS) |
| WordPres 同步微博 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WoWPth | Cross-Site Scripting (XSS) |
| WP2LEADS | Cross-Site Scripting (XSS) |
| WP-Advanced-Search | Cross-Site Scripting (XSS) |
| WP AntiDDOS | Cross-Site Scripting (XSS) |
| WP Azure offload | Cross-Site Scripting (XSS) |
| WP Cards | Cross-Site Scripting (XSS) |
| WP Cassify | Cross-Site Scripting (XSS) |
| WP Click Info | Cross-Site Scripting (XSS) |
| WP Colorful Tag Cloud | Cross-Site Scripting (XSS) |
| WP Compare Tables | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Contact Form III | d Cross-Site Scripting (XSS) |
| WP Database Audit | Cross-Site Scripting (XSS) |
| WP Database Optimizer | Cross-Site Scripting (XSS) |
| WP Discord Post | Cross-Site Scripting (XSS) |
| WP e-Customers Beta | Cross-Site Scripting (XSS) |
| WP Email Delivery | Cross-Site Scripting (XSS) |
| WP Event Ticketing | Cross-Site Scripting (XSS) |
| WP Google Street View | Cross-Site Scripting (XSS) |
| WP Hotjar | Cross-Site Scripting (XSS) |
| WP jQuery Persian Datepicker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Last Modified | Cross-Site Scripting (XSS) |
| WP Login Control | Cross-Site Scripting (XSS) |
| WP Login Control | Cross-Site Scripting (XSS) |
| WP Odoo Form Integrator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP-OGP | Cross-Site Scripting (XSS) |
| WP Parallax Content Slider | Cross-Site Scripting (XSS) |
| WP-PManager | Cross-Site Scripting (XSS) |
| WP Posts Carousel | Cross-Site Scripting (XSS) from auto_play_timeout Parameter |
| WP Posts Carousel | Cross-Site Scripting (XSS) |
| WP Posts Carousel | Cross-Site Scripting (XSS) |
| WP Recipe Maker | Cross-Site Scripting (XSS) |
| WP Simple Slideshow | Cross-Site Scripting (XSS) |
| WP Social Widget | Cross-Site Scripting (XSS) |
| WP SVG Upload | Cross-Site Scripting (XSS) from SVG |
| WP Tabs | Cross-Site Scripting (XSS) |
| WP Test Email | Unauthenticated Cross-Site Scripting (XSS) |
| WP Ultimate Search | Cross-Site Scripting (XSS) |
| WP Weixin Theme | Cross-Site Scripting (XSS) |
| xili-dictionary | Cross-Site Scripting (XSS) |
| XV Random Quotes | Cross-Site Scripting (XSS) |
| XV Random Quotes | Cross-Site Scripting (XSS) |
| Years Since | Cross-Site Scripting (XSS) |
| Your Lightbox | Cross-Site Scripting (XSS) |
| Your Simple SVG Support | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| YouTube SimpleGallery | Cross-Site Scripting (XSS) |
| Zalo Live Chat | Cross-Site Scripting (XSS) |
| ZD Scribd iPaper | Cross-Site Scripting (XSS) |
| ZenphotoPress | Cross-Site Scripting (XSS) |
| ZhinaTwitterWidget | Cross-Site Scripting (XSS) |
| Zielke Design Project Gallery | Cross-Site Scripting (XSS) |
| Zoho Billing – Embed Payment Form | Cross-Site Scripting (XSS) |
| Zoorum Comments | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) | Cross-Site Scripting (XSS) |
| WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
| WordPress Cross-Site Scripting (XSS) reported in 2024: | 3806 |
| WordPress Cross-Site Scripting (XSS) reported in 2025: | 2234 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
