WP XSS APR 2025
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS APR 2025 is a -9% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS APR 2025 & WP Cross-Site Scripting category:
About Author | Cross-Site Scripting (XSS) |
Accounting for WooCommerce | Cross-Site Scripting (XSS) |
Accounting for WooCommerce | Cross-Site Scripting (XSS) |
Ad Inserter | Cross-Site Scripting (XSS) |
Ads24 Lite | Cross-Site Scripting (XSS) |
AdSense Privacy Policy | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Advanced File Manager | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Advanced Form Integration | Cross-Site Scripting (XSS) |
Advanced iFrame | Cross-Site Scripting (XSS) |
Advanced Post Search | Cross-Site Scripting (XSS) |
Advanced Woo Search | Cross-Site Scripting (XSS) from aws_search_terms Shortcode |
AEC Kiosque | Cross-Site Scripting (XSS) |
AI Preloader | Cross-Site Scripting (XSS) |
Alert Box Block – Display notice/alerts in the front end | Cross-Site Scripting (XSS) from Alert Box Block |
AlphaOmega Captcha & Anti-Spam Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Amazing service box Addons For WPBakery Page Builder | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
amoCRM WebForm | Cross-Site Scripting (XSS) |
ANAC XML Render | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Another Events Calendar | Cross-Site Scripting (XSS) |
AppPresser | Unauthenticated Cross-Site Scripting (XSS) |
AppReview | Cross-Site Scripting (XSS) |
Are you robot google recaptcha for wordpress | Cross-Site Scripting (XSS) |
ARPrice | Cross-Site Scripting (XSS) |
Arrow Maps | Cross-Site Scripting (XSS) |
Audio Album | Cross-Site Scripting (XSS) |
AuMenu | Cross-Site Scripting (XSS) |
AuraMart Theme | Cross-Site Scripting (XSS) |
AvaiBook | Cross-Site Scripting (XSS) |
Awesome Surveys | Cross-Site Scripting (XSS) |
Ayyash Studio | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
banner-manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Beautiful Link Preview | Cross-Site Scripting (XSS) |
Bee Layer Slider | Cross-Site Scripting (XSS) |
Better Section Navigation Widget | Cross-Site Scripting (XSS) |
Better WishList API | Cross-Site Scripting (XSS) |
binlayerpress | Cross-Site Scripting (XSS) |
Bitcoin / AltCoin Payment Gateway for WooCommerce | Cross-Site Scripting (XSS) |
Bitspecter Suite | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
Block Spam By Math Reloaded | Cross-Site Scripting (XSS) |
BlogBuzzTime for WP | Cross-Site Scripting (XSS) |
Blue Captcha | Cross-Site Scripting (XSS) |
BMo Expo | Cross-Site Scripting (XSS) |
BP Email Assign Templates | Cross-Site Scripting (XSS) |
Breezing Forms | Cross-Site Scripting (XSS) |
Browser Address Bar Color | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Build Theme | Cross-Site Scripting (XSS) |
CallPhone'r | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
CAS Maestro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Cazamba | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
CC-IMG-Shortcode | Cross-Site Scripting (XSS) |
CG Button | Cross-Site Scripting (XSS) |
Charitable | Cross-Site Scripting (XSS) |
Chartify | Cross-Site Scripting (XSS) |
Churel Theme | Cross-Site Scripting (XSS) |
City Store Theme | Cross-Site Scripting (XSS) |
Clearout Email Validator | Cross-Site Scripting (XSS) |
Click to Chat – WP Support All-in-One Floating Widget | Cross-Site Scripting (XSS) |
Clink | Cross-Site Scripting (XSS) |
CM WordPress FAQ Plugin | Cross-Site Scripting (XSS) |
Comment Approved Notifier Extended | Cross-Site Scripting (XSS) |
Contact Form 7 Material Design | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Contact Form & SMTP Plugin | Cross-Site Scripting (XSS) |
Cookies Pro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
CopyLink | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Coronavirus (COVID-19) Notice Message | Cross-Site Scripting (XSS) |
Coronavirus (COVID-19) Notice Message | Cross-Site Scripting (XSS) |
Cozy Blocks | Cross-Site Scripting (XSS) |
CRM and Lead Management by vcita | Cross-Site Scripting (XSS) |
CryoKey | Cross-Site Scripting (XSS) from 'ckemail' Parameter |
cTabs | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Currency Switcher for WooCommerce | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
custom-post-edit | Cross-Site Scripting (XSS) |
Custom Product Stickers for Woocommerce | Cross-Site Scripting (XSS) |
Custom Smilies | Cross-Site Scripting (XSS) |
Custom top bar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Debug-Bar-Extender | Cross-Site Scripting (XSS) |
Design Comuni Italia Theme | Unauthenticated Cross-Site Scripting (XSS) |
DesignThemes Core Features | Cross-Site Scripting (XSS) from Shortcode |
DethemeKit For Elementor | Cross-Site Scripting (XSS) |
DICOM Support | Cross-Site Scripting (XSS) |
Digital License Manager | Cross-Site Scripting (XSS) from remove_query_arg Function |
Display Post Meta | Cross-Site Scripting (XSS) |
Domain Theme | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Doneren met Mollie | Cross-Site Scripting (XSS) |
Download HTML TinyMCE Button | Cross-Site Scripting (XSS) |
DP ALTerminator - Missing ALT manager | Cross-Site Scripting (XSS) |
Dr Flex | Cross-Site Scripting (XSS) |
Driving Directions | Cross-Site Scripting (XSS) |
Dropdown Multisite selector | Cross-Site Scripting (XSS) |
Duplicate Page and Post | Cross-Site Scripting (XSS) |
Easy Custom Admin Bar | Cross-Site Scripting (XSS) from msg Parameter |
Easy Image Display | Cross-Site Scripting (XSS) |
Easy Page Transition | Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Cross-Site Scripting (XSS) |
En Masse | Cross-Site Scripting (XSS) |
EO4WP | Cross-Site Scripting (XSS) |
Event post | Cross-Site Scripting (XSS) |
Event post | Cross-Site Scripting (XSS) |
Event post | Cross-Site Scripting (XSS) |
Event Tickets | Cross-Site Scripting (XSS) |
EZ SQL Reports Shortcode Widget and DB Backup | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Fancybox Plus | Cross-Site Scripting (XSS) |
Favorites | Cross-Site Scripting (XSS) |
Featured Image Thumbnail Grid | Cross-Site Scripting (XSS) |
Featured Posts Grid | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Finale Lite | DOM-Based Cross-Site Scripting (XSS) from Countdown Timer |
Fiverrcom Official Search Box | Cross-Site Scripting (XSS) |
Flatty | Cross-Site Scripting (XSS) |
Flexmls® IDX | Cross-Site Scripting (XSS) |
FOMO Pay Chinese Payment Solution | Cross-Site Scripting (XSS) |
FooGallery | Cross-Site Scripting (XSS) from Album Title Size |
FooGallery | Cross-Site Scripting (XSS) |
FormLift for Infusionsoft Web Forms | Cross-Site Scripting (XSS) |
Form Maker by 10Web | Cross-Site Scripting (XSS) |
Frndzk Expandable Bottom Bar | Cross-Site Scripting (XSS) from text Parameter |
Frontend Post Submission | Cross-Site Scripting (XSS) |
FTP Sync | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Gallery for Social Photo | Cross-Site Scripting (XSS) |
GDPR Cookie Compliance | Cross-Site Scripting (XSS) |
GDPR Cookie Compliance | Cross-Site Scripting (XSS) |
GDPR Tools | Cross-Site Scripting (XSS) |
GetSocial | Cross-Site Scripting (XSS) |
GlobalPayments WooCommerce | Cross-Site Scripting (XSS) |
GMO Font Agent | Cross-Site Scripting (XSS) |
GNUCommerce | Cross-Site Scripting (XSS) |
GNUCommerce | Cross-Site Scripting (XSS) |
GNUPress | Cross-Site Scripting (XSS) |
GNUPress | Cross-Site Scripting (XSS) |
Google Font Fix | Cross-Site Scripting (XSS) |
Google News Editors Picks Feed Generator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Google News Editors Picks Feed Generator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Google Plus | Cross-Site Scripting (XSS) |
Gotcha | Cross-Site Scripting (XSS) from menu Parameter |
Go To Top | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Gravity 2 PDF | Cross-Site Scripting (XSS) |
Greek Multi Tool – Fix peralinks, accents, auto create menus and more | Unauthenticated Cross-Site Scripting (XSS) |
Greenshift | Cross-Site Scripting (XSS) |
Gum Elementor Addon | Cross-Site Scripting (XSS) |
Happy Addons for Elementor | Cross-Site Scripting (XSS) |
Hashtags | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Hester Theme | Cross-Site Scripting (XSS) |
Hostel | Cross-Site Scripting (XSS) |
Hostel | Cross-Site Scripting (XSS) |
HT Mega | DOM-Based Cross-Site Scripting (XSS) from Countdown Widget |
HT Mega | Cross-Site Scripting (XSS) from Multiple Widgets |
IG Shortcodes | Cross-Site Scripting (XSS) |
Image Wall | Cross-Site Scripting (XSS) |
Improve My City | Cross-Site Scripting (XSS) |
include-file | Cross-Site Scripting (XSS) |
Include URL | Cross-Site Scripting (XSS) |
Infugrator | Cross-Site Scripting (XSS) |
Insert Code | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
In Stock Mailer for WooCommerce | Cross-Site Scripting (XSS) |
In Stock Mailer for WooCommerce | Cross-Site Scripting (XSS) |
IP Based Login | Cross-Site Scripting (XSS) |
IP Locator | Cross-Site Scripting (XSS) |
issuuPress | Cross-Site Scripting (XSS) |
Já-Já Pagamentos for WooCommerce | Cross-Site Scripting (XSS) |
jAlbum Bridge | Cross-Site Scripting (XSS) |
jAlbum Bridge | Cross-Site Scripting (XSS) |
Job Colors for WP Job Manager | Cross-Site Scripting (XSS) |
Jobs for WordPress | Cross-Site Scripting (XSS) |
jQuery Dropdown Menu | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Kento WordPress Stats | Cross-Site Scripting (XSS) |
Key4ce osTicket Bridge | Cross-Site Scripting (XSS) |
KK I Like It | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
LatePoint | Cross-Site Scripting (XSS) |
Lava Ajax Search | Cross-Site Scripting (XSS) |
LeadConnector | Cross-Site Scripting (XSS) |
Leaky Paywall | Cross-Site Scripting (XSS) |
LH OGP Meta | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Lightview Plus | Cross-Site Scripting (XSS) |
Limit Bio | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
Limit Bio | Cross-Site Scripting (XSS) |
Link My Posts | Cross-Site Scripting (XSS) |
Listamester | Cross-Site Scripting (XSS) |
List Mixcloud | Cross-Site Scripting (XSS) |
List of Posts from each Category plugin for WordPress | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
LIVE TV | Cross-Site Scripting (XSS) |
Login Alert | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Login Redirect | Cross-Site Scripting (XSS) |
Lunar | Cross-Site Scripting (XSS) |
m1DownloadList | Cross-Site Scripting (XSS) |
Magic Embeds | Cross-Site Scripting (XSS) |
Management-screen-droptiles | Cross-Site Scripting (XSS) |
Map Contact | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Master Addons for Elementor | Cross-Site Scripting (XSS) from id Parameter |
Master Addons for Elementor | Cross-Site Scripting (XSS) from Multiple Widgets |
Master Slider | Cross-Site Scripting (XSS) from ms_slider Shortcode |
MaxA/B | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
mEintopf | Cross-Site Scripting (XSS) |
MemberSpace | Cross-Site Scripting (XSS) |
Members page only for logged in users | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Message ticker | Cross-Site Scripting (XSS) |
Microblog Poster | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
MicroPayments | Cross-Site Scripting (XSS) |
MicroPayments | Cross-Site Scripting (XSS) |
Mobile Navigation | Cross-Site Scripting (XSS) |
MorningTime Lite Theme | Cross-Site Scripting (XSS)Remote Code Execution (BAC) |
Multi Video Box | Cross-Site Scripting (XSS) from video_id and group_id Parameters |
My Bootstrap Menu | Cross-Site Scripting (XSS) |
My Default Post Content | Cross-Site Scripting (XSS) |
My Quota | Cross-Site Scripting (XSS) |
Narnoo Operator | Cross-Site Scripting (XSS) |
Nested Pages | Cross-Site Scripting (XSS) |
newseqo Theme | Cross-Site Scripting (XSS) |
Newsletters | Cross-Site Scripting (XSS) from To Parameter |
Newsletters | Unauthenticated Cross-Site Scripting (XSS) |
NextGEN Gallery Voting | Cross-Site Scripting (XSS) |
Ninja Pages | Cross-Site Scripting (XSS) |
Nmedia MailChimp | Cross-Site Scripting (XSS) |
No Disposable Email | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Notibar | Cross-Site Scripting (XSS) |
Novelist | Cross-Site Scripting (XSS) |
NS Simple Intro Loader | Cross-Site Scripting (XSS) |
Off-Canvas Sidebars & Menus (Slidebars) | Cross-Site Scripting (XSS) |
Off Page SEO | Cross-Site Scripting (XSS) |
OK Poster Group | Cross-Site Scripting (XSS) |
Omnify | Cross-Site Scripting (XSS) |
OmniLeads Scripts and Tags Manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Page Takeover | Cross-Site Scripting (XSS) |
Paid Member Subscriptions | Cross-Site Scripting (XSS) |
Passbeemedia Web Push Notification | Cross-Site Scripting (XSS) |
Pesapal Gateway for Woocommerce | Cross-Site Scripting (XSS) |
Photo Gallery by 10Web | Cross-Site Scripting (XSS) |
Picture Gallery | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
pipDisqus | Cross-Site Scripting (XSS) |
pixelstats | Cross-Site Scripting (XSS) |
Pixobe Cartography | Cross-Site Scripting (XSS) |
Point Maker | Cross-Site Scripting (XSS) |
Poll Maker | Cross-Site Scripting (XSS) |
Portfolio and Projects | Cross-Site Scripting (XSS) |
Post Read Time | Cross-Site Scripting (XSS) |
PostX | Cross-Site Scripting (XSS) |
Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin | Cross-Site Scripting (XSS) |
Pretty file links | Cross-Site Scripting (XSS) |
price-calc | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Primer MyData for Woocommerce | Cross-Site Scripting (XSS) |
Product Puller | Cross-Site Scripting (XSS) |
Pro Rank Tracker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Quick Interest Slider | Cross-Site Scripting (XSS) |
Quick Localization | Cross-Site Scripting (XSS) |
Quiz And Survey Master | Cross-Site Scripting (XSS) |
Quotes llama | Cross-Site Scripting (XSS) |
RainbowNews Theme | Cross-Site Scripting (XSS) |
Random Image Selector | Cross-Site Scripting (XSS) |
Random Quotes | Cross-Site Scripting (XSS) |
Rankcheckerio Integration | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Rankcheckerio Integration | Cross-Site Scripting (XSS) |
Razorpay Subscription Button Elementor Plugin | Cross-Site Scripting (XSS) from add_query_arg and remove_query_arg Functions |
RDP inGroups+ | Cross-Site Scripting (XSS) |
RDP Linkedin Login | Cross-Site Scripting (XSS) |
Recently Purchased Products For Woo | Cross-Site Scripting (XSS) from view Parameter |
Registrations for the Events Calendar | Cross-Site Scripting (XSS) |
Related Post | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
Related Posts from Categories | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Replace Default Words | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Reservit Hotel | Cross-Site Scripting (XSS) |
Responsive Slider by MetaSlider | Cross-Site Scripting (XSS) |
Rizzi Guestbook | Cross-Site Scripting (XSS) |
RPS Include Content | Cross-Site Scripting (XSS) |
RWS Enquiry And Lead Follow-up | Cross-Site Scripting (XSS) |
S3Bubble Media Streaming | Cross-Site Scripting (XSS) |
S3Bubble Media Streaming | Cross-Site Scripting (XSS) |
Schedule | Cross-Site Scripting (XSS) |
School Management | Cross-Site Scripting (XSS) |
SearchIQ | Cross-Site Scripting (XSS) |
SearchIQ | Cross-Site Scripting (XSS) |
Secret Meta | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
SecuPress Free | Cross-Site Scripting (XSS) |
Secure Invites | Cross-Site Scripting (XSS) |
SEO Tools | Cross-Site Scripting (XSS) |
SEO Tools | Cross-Site Scripting (XSS) |
SH Email Alert | Cross-Site Scripting (XSS) |
ShopLentor | DOM-Based Cross-Site Scripting (XSS) from Flash Sale Countdown Module |
Shortcodes Ultimate | Cross-Site Scripting (XSS) from src Parameter |
ShowTime Slideshow | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Simple Amazon Affiliate | Cross-Site Scripting (XSS) |
Simple Banner | Cross-Site Scripting (XSS) |
Simplebooklet PDF Viewer and Embedder | Cross-Site Scripting (XSS) |
Simple Notification | Cross-Site Scripting (XSS) |
Simple Post Series | Cross-Site Scripting (XSS) |
Simple Rating | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Simply Schedule Appointments | Cross-Site Scripting (XSS) |
Site Editor Google Map | Cross-Site Scripting (XSS) |
Sitekit | Cross-Site Scripting (XSS) |
Site Reviews | Unauthenticated Cross-Site Scripting (XSS) |
Skitter Slideshow | Cross-Site Scripting (XSS) |
SKT Addons for Elementor | Cross-Site Scripting (XSS) |
SKU Generator for WooCommerce | Cross-Site Scripting (XSS) |
Sleekplan | Cross-Site Scripting (XSS) |
Slider by 10Web | Cross-Site Scripting (XSS) from Widget |
Slider by 10Web | Cross-Site Scripting (XSS) |
Smart Maintenance Mode | Cross-Site Scripting (XSS) |
Smart Maintenance Mode | Cross-Site Scripting (XSS) from setstatus Parameter |
Social Share And Social Locker | Cross-Site Scripting (XSS) |
Social Snap | Cross-Site Scripting (XSS) |
Social Snap | Cross-Site Scripting (XSS) |
SpatialMatch IDX | Cross-Site Scripting (XSS) |
Spectra | Cross-Site Scripting (XSS) |
SpotBot | Cross-Site Scripting (XSS) |
Stencies | Cross-Site Scripting (XSS) |
StoreBiz Theme | Cross-Site Scripting (XSS) |
Store Locator Widget | r Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Structured Content | Cross-Site Scripting (XSS) |
Stylish Google Sheet Reader | Cross-Site Scripting (XSS) |
Stylish Price List | Cross-Site Scripting (XSS) |
SUPER RESPONSIVE SLIDER | Cross-Site Scripting (XSS) |
SyntaxHighlighter Evolved | Cross-Site Scripting (XSS) |
Tabbed Login Widget | Cross-Site Scripting (XSS) |
TabGarb Pro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
TablePress | Cross-Site Scripting (XSS) |
tagDiv Composer | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
tagDiv Composer | Cross-Site Scripting (XSS) from 'account_id' and 'account_username' |
TBTestimonials | Cross-Site Scripting (XSS) |
Teleport | Cross-Site Scripting (XSS) |
Terms of Use | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Text Selection Color | Cross-Site Scripting (XSS) |
TGG WP Optimizer | Cross-Site Scripting (XSS) |
Theme Demo Bar | Cross-Site Scripting (XSS) |
Themify Event Post | Cross-Site Scripting (XSS) |
The Pack Elementor addons | Cross-Site Scripting (XSS) |
The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) from Multiple Widgets |
The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) |
The Visitor Counter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Tidekey | Cross-Site Scripting (XSS) |
Toggle Box | Cross-Site Scripting (XSS) |
Translator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Traveler Theme | Cross-Site Scripting (XSS) |
Ultimate Blocks | Cross-Site Scripting (XSS) |
ULTIMATE VIDEO GALLERY | Cross-Site Scripting (XSS) |
Unlimited Theme | Cross-Site Scripting (XSS) |
Upload Quota per User | Cross-Site Scripting (XSS) |
URL Shortener | Conversion Tracking | AB Testing | WooCommerce | Cross-Site Scripting (XSS) |
User Registration | Cross-Site Scripting (XSS) |
UTM tags tracking for Contact Form 7 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
VaultRE Contact Form 7 | Cross-Site Scripting (XSS) |
Video Embedder | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Video Share VOD | Cross-Site Scripting (XSS) |
wA11y – The Web Accessibility Toolbox | Cross-Site Scripting (XSS) |
WATI Chat and Notification | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
wBounce | Cross-Site Scripting (XSS) |
Weather Layer | Cross-Site Scripting (XSS) |
Whitish Lite Theme | Cross-Site Scripting (XSS) |
WIP WooCarousel Lite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WooCommerce | Cross-Site Scripting (XSS) |
WooCommerce Fattureincloud | Cross-Site Scripting (XSS) |
WordPress Admin Bar Improved | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Unauthenticated Cross-Site Scripting (XSS) |
wordpress login form to anywhere | Cross-Site Scripting (XSS) |
WordPres 同步微博 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WoWPth | Cross-Site Scripting (XSS) |
WP2LEADS | Cross-Site Scripting (XSS) |
WP-Advanced-Search | Cross-Site Scripting (XSS) |
WP AntiDDOS | Cross-Site Scripting (XSS) |
WP Azure offload | Cross-Site Scripting (XSS) |
WP Cards | Cross-Site Scripting (XSS) |
WP Cassify | Cross-Site Scripting (XSS) |
WP Click Info | Cross-Site Scripting (XSS) |
WP Colorful Tag Cloud | Cross-Site Scripting (XSS) |
WP Compare Tables | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Contact Form III | d Cross-Site Scripting (XSS) |
WP Database Audit | Cross-Site Scripting (XSS) |
WP Database Optimizer | Cross-Site Scripting (XSS) |
WP Discord Post | Cross-Site Scripting (XSS) |
WP e-Customers Beta | Cross-Site Scripting (XSS) |
WP Email Delivery | Cross-Site Scripting (XSS) |
WP Event Ticketing | Cross-Site Scripting (XSS) |
WP Google Street View | Cross-Site Scripting (XSS) |
WP Hotjar | Cross-Site Scripting (XSS) |
WP jQuery Persian Datepicker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Last Modified | Cross-Site Scripting (XSS) |
WP Login Control | Cross-Site Scripting (XSS) |
WP Login Control | Cross-Site Scripting (XSS) |
WP Odoo Form Integrator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP-OGP | Cross-Site Scripting (XSS) |
WP Parallax Content Slider | Cross-Site Scripting (XSS) |
WP-PManager | Cross-Site Scripting (XSS) |
WP Posts Carousel | Cross-Site Scripting (XSS) from auto_play_timeout Parameter |
WP Posts Carousel | Cross-Site Scripting (XSS) |
WP Posts Carousel | Cross-Site Scripting (XSS) |
WP Recipe Maker | Cross-Site Scripting (XSS) |
WP Simple Slideshow | Cross-Site Scripting (XSS) |
WP Social Widget | Cross-Site Scripting (XSS) |
WP SVG Upload | Cross-Site Scripting (XSS) from SVG |
WP Tabs | Cross-Site Scripting (XSS) |
WP Test Email | Unauthenticated Cross-Site Scripting (XSS) |
WP Ultimate Search | Cross-Site Scripting (XSS) |
WP Weixin Theme | Cross-Site Scripting (XSS) |
xili-dictionary | Cross-Site Scripting (XSS) |
XV Random Quotes | Cross-Site Scripting (XSS) |
XV Random Quotes | Cross-Site Scripting (XSS) |
Years Since | Cross-Site Scripting (XSS) |
Your Lightbox | Cross-Site Scripting (XSS) |
Your Simple SVG Support | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
YouTube SimpleGallery | Cross-Site Scripting (XSS) |
Zalo Live Chat | Cross-Site Scripting (XSS) |
ZD Scribd iPaper | Cross-Site Scripting (XSS) |
ZenphotoPress | Cross-Site Scripting (XSS) |
ZhinaTwitterWidget | Cross-Site Scripting (XSS) |
Zielke Design Project Gallery | Cross-Site Scripting (XSS) |
Zoho Billing – Embed Payment Form | Cross-Site Scripting (XSS) |
Zoorum Comments | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) | Cross-Site Scripting (XSS) |
WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
WordPress Cross-Site Scripting (XSS) reported in 2024: | 3806 |
WordPress Cross-Site Scripting (XSS) reported in 2025: | 2234 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.