WP XSS MAR 2025
WP Cross-Site Scripting
Managed WP & Woo Security Report
Be informed about the latest WP Cross-Site Scripting, identified and reported publicly. WP XSS MAR 2025 is a -54% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Scripting Patch Management.
The following cases made headlines PUBLICLY just last month in the WP XSS MAR 2025 & WP Cross-Site Scripting category:
| 17TRACK for WooCommerce | Cross-Site Scripting (XSS) |
| 3D Photo Gallery | Missing Authorization (BAC) to Cross-Site Scripting (XSS) |
| aBlocks | Cross-Site Scripting (XSS) |
| Accept Donations with PayPal | Cross-Site Scripting (XSS) |
| Active Products Tables for WooCommerce | Cross-Site Scripting (XSS) |
| AcuGIS Leaflet Maps | Multiple Cross-Site Scripting (XSS) |
| Add Linked Images To Gallery | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| ADFO | Cross-Site Scripting (XSS) |
| Ad Inserter Pro | Cross-Site Scripting (XSS) |
| Admire Extra | Cross-Site Scripting (XSS) |
| Adsmonetizer | Cross-Site Scripting (XSS) |
| Advanced AJAX Product Filters | Cross-Site Scripting (XSS) |
| Affiliate Links Manager | Cross-Site Scripting (XSS) |
| AgeChecker.Net | Cross-Site Scripting (XSS) |
| Ajax Search Lite | Cross-Site Scripting (XSS) |
| Album Reviewer | Cross-Site Scripting (XSS) |
| Alert Box Block – Display notice/alerts in the front end | Cross-Site Scripting (XSS) |
| All push notification for WP | Cross-Site Scripting (XSS) |
| Alphabetic Pagination | Cross-Site Scripting (XSS) |
| AMO Team Showcase | Cross-Site Scripting (XSS) from amoteam_skills Shortcode |
| Aparat Responsive | Cross-Site Scripting (XSS) |
| Appointment Buddy Widget | Cross-Site Scripting (XSS) |
| Archive Page | Cross-Site Scripting (XSS) |
| AR For WordPress | Cross-Site Scripting (XSS) |
| Atarim | Cross-Site Scripting (XSS) |
| aThemes Addons for Elementor | Cross-Site Scripting (XSS) |
| Authors Autocomplete Meta Box | Cross-Site Scripting (XSS) |
| Auto SEO | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Autoship Cloud for WooCommerce Subscription Products | Cross-Site Scripting (XSS) |
| AWS S3 for WordPress Plugin – Upcasted | Cross-Site Scripting (XSS) |
| Bandsintown Events | Cross-Site Scripting (XSS) |
| Banner Garden | Cross-Site Scripting (XSS) |
| BEAR | Cross-Site Scripting (XSS) |
| Better Customer List for WooCommerce | Cross-Site Scripting (XSS) |
| Blightly Explorer | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Blog, Posts and Category Filter for Elementor | Cross-Site Scripting (XSS) |
| Booking Package | Cross-Site Scripting (XSS) from Locale Parameter |
| Booking Ultra Pro | Cross-Site Scripting (XSS) |
| BookPress – For Book Authors | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Bootstrap collapse | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| BP Better Messages | Cross-Site Scripting (XSS) from Shortcode |
| Breaking News Ticker | Cross-Site Scripting (XSS) |
| Brizy | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Buddyboss Platform | Cross-Site Scripting (XSS) from 'link_title' |
| BuddyForms | Cross-Site Scripting (XSS) from 'buddyforms_nav' Shortcode |
| BuddyHolis TableSearch | Cross-Site Scripting (XSS) |
| Business Card Block | Cross-Site Scripting (XSS) |
| C9 Admin Dashboard | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| CalendApp | Cross-Site Scripting (XSS) |
| Callback Request | Cross-Site Scripting (XSS) |
| CanadaHelps Embedded Donation Form | Cross-Site Scripting (XSS) |
| Card Elements for Elementor | Cross-Site Scripting (XSS) from Profile Card Widget |
| Carousel, Slider, Gallery by WP Carousel | Cross-Site Scripting (XSS) |
| Carousel, Slider, Gallery by WP Carousel | Cross-Site Scripting (XSS) |
| CATS Job Listings | Cross-Site Scripting (XSS) |
| Chalet-Montagne.com Tools | Cross-Site Scripting (XSS) |
| Chaty | Cross-Site Scripting (XSS) |
| CM Ad Change (BAC)r | Cross-Site Scripting (XSS) |
| CM Answers | Cross-Site Scripting (XSS) |
| CM Business Directory Plugin – Business Listing Directory | Cross-Site Scripting (XSS) |
| CM Curated List Manager | Cross-Site Scripting (XSS) |
| CM Custom WordPress Reports and Analytics | Cross-Site Scripting (XSS) |
| CM Download Manager | Cross-Site Scripting (XSS) |
| CM Email Registration Blacklist and Whitelist | Cross-Site Scripting (XSS) |
| CM Email Registration Blacklist and Whitelist | Cross-Site Scripting (XSS) |
| CM Header & Footer Script Loader | Cross-Site Scripting (XSS) |
| CM Header & Footer Script Loader | Cross-Site Scripting (XSS) |
| CM Map Locations | Cross-Site Scripting (XSS) |
| CM On Demand Search And Replace | Cross-Site Scripting (XSS) |
| CM On Demand Search And Replace | Cross-Site Scripting (XSS) |
| CM Pop-Up banners | Cross-Site Scripting (XSS) |
| CM Pop-Up banners | Cross-Site Scripting (XSS) |
| CM Product Recommendation Widget | Cross-Site Scripting (XSS) |
| CM Registration and Invitation Codes | Cross-Site Scripting (XSS) |
| CM Table Of Contents – WordPress TOC Plugin | Cross-Site Scripting (XSS) |
| CM Tooltip Glossary | Cross-Site Scripting (XSS) |
| CM Tooltip Glossary | Cross-Site Scripting (XSS) |
| CM WordPress FAQ Plugin | Cross-Site Scripting (XSS) |
| Coaching Staffs | Cross-Site Scripting (XSS) |
| Contact Form 7 Star Rating | Cross-Site Scripting (XSS) |
| Contact Form 7 Star Rating with font Awesome | Cross-Site Scripting (XSS) |
| Contact Form by WPForms | Cross-Site Scripting (XSS) from fieldHTML Parameter |
| Contact Us By Lord Linus | Cross-Site Scripting (XSS) |
| Content Snippet Manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Contest Gallery | Unauthenticated Cross-Site Scripting (XSS) |
| Cookie Notice Bar | Cross-Site Scripting (XSS) |
| Cosmic Blocks | Cross-Site Scripting (XSS) |
| Countdown Timer | Cross-Site Scripting (XSS) |
| Countdown Timer | Cross-Site Scripting (XSS) |
| Counters Block | Cross-Site Scripting (XSS) |
| Custom Comment Notifications | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom Links On Admin Dashboard Toolbar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| DB Tables Import/Export | Cross-Site Scripting (XSS) |
| DethemeKit For Elementor | Cross-Site Scripting (XSS) |
| Direct Checkout Button for WooCommerce | Cross-Site Scripting (XSS) |
| DL Leadback | Cross-Site Scripting (XSS) |
| Dreamstime Stock Photos | Cross-Site Scripting (XSS) |
| Drivr Lite – Google Drive Plugin | Cross-Site Scripting (XSS) |
| DWT - Directory & Listing Theme | Cross-Site Scripting (XSS) from Shortcode |
| DX-auto-publish | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Dynamic Conditions | Cross-Site Scripting (XSS) |
| Dynamic URL SEO | Cross-Site Scripting (XSS) |
| Easy Amazon Product Information | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Easy Chart Builder for WordPress | Cross-Site Scripting (XSS) |
| Easy Charts | Cross-Site Scripting (XSS) |
| Easy Contact Form Lite | Cross-Site Scripting (XSS) |
| Easy Elementor Addons | Cross-Site Scripting (XSS) |
| Easy Elementor Addons | Cross-Site Scripting (XSS) |
| Easy Form by AYS | Cross-Site Scripting (XSS) |
| Easy MLS Listings Import | Cross-Site Scripting (XSS) |
| Easypromos | Cross-Site Scripting (XSS) from Shortcode |
| Easy Quiz Maker | Cross-Site Scripting (XSS) |
| Easy Related Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Easy WP Tiles | Cross-Site Scripting (XSS) |
| Elementor Website Builder | Cross-Site Scripting (XSS) |
| Elementor Website Builder | Cross-Site Scripting (XSS) |
| Elements kit Elementor addons | Cross-Site Scripting (XSS) from Image Accordion Widget |
| Elfsight Yottie Lite | Cross-Site Scripting (XSS) |
| Embed Google Map | Cross-Site Scripting (XSS) |
| EP4 More Embeds | Cross-Site Scripting (XSS) |
| Essential Addons for Elementor | Cross-Site Scripting (XSS) |
| Essential Blocks for Gutenberg | Cross-Site Scripting (XSS) |
| Eventer | Cross-Site Scripting (XSS) |
| Eventer | Cross-Site Scripting (XSS) from Shortcode |
| Events Planner | Cross-Site Scripting (XSS) |
| Everest Forms | Cross-Site Scripting (XSS) |
| Exclusive Addons Elementor | Cross-Site Scripting (XSS) from Animated Text and Image Comparison Widgets |
| External Video For Everybody | Cross-Site Scripting (XSS) |
| EZ InLinkz linkup | Cross-Site Scripting (XSS) |
| EZ SQL Reports Shortcode Widget and DB Backup | Cross-Site Scripting (XSS) |
| Facilita Form Tracker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Fast Flow | Cross-Site Scripting (XSS) |
| File Icons | Cross-Site Scripting (XSS) |
| Filled In | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Flagged Content | Cross-Site Scripting (XSS) |
| Flashfader | Cross-Site Scripting (XSS) |
| FlexIDX Home Search | Cross-Site Scripting (XSS) |
| flickr-slideshow-wrapper | Cross-Site Scripting (XSS) |
| FM Notification Bar | Cross-Site Scripting (XSS) |
| Font Awesome WP | Cross-Site Scripting (XSS) |
| Fontsampler | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| FoodBakery | Cross-Site Scripting (XSS) |
| Forminator | Cross-Site Scripting (XSS) |
| Forminator | Cross-Site Scripting (XSS) |
| Form Maker by 10Web | Cross-Site Scripting (XSS) |
| Frontend Admin by DynamiApps | Cross-Site Scripting (XSS) |
| Front End Users | Cross-Site Scripting (XSS) |
| FuseDesk | Cross-Site Scripting (XSS) |
| Fyrebox Quizzes | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Gallery | Cross-Site Scripting (XSS) |
| GeoDirectory | Cross-Site Scripting (XSS) from Display_name Parameter |
| Get Posts | Cross-Site Scripting (XSS) |
| Giga Messenger – Express | Cross-Site Scripting (XSS) |
| Glance That | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Global Meta Keyword & Description | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Glossy | Cross-Site Scripting (XSS) |
| Google Drive WP Media | Cross-Site Scripting (XSS) |
| Google Earth Embed | Cross-Site Scripting (XSS) |
| Google Maps for WordPress | Cross-Site Scripting (XSS) |
| Google Maps GPX Viewer | Cross-Site Scripting (XSS) |
| Graceful Email Obfuscation | Cross-Site Scripting (XSS) |
| Greenshift | Cross-Site Scripting (XSS) |
| GS Woocommerce Brands | Cross-Site Scripting (XSS) |
| Gumlet Video | Cross-Site Scripting (XSS) |
| Hostiko Theme | Cross-Site Scripting (XSS) |
| Hover Image Button | Cross-Site Scripting (XSS) |
| .htaccess Login block | Cross-Site Scripting (XSS) |
| HT Mega | Cross-Site Scripting (XSS) from block_css and inner_css |
| HT Mega | Cross-Site Scripting (XSS) from Countdown Widget |
| HurryTimer | Cross-Site Scripting (XSS) from Campaign Name |
| Ibtana | Cross-Site Scripting (XSS) |
| iBuildApp | Cross-Site Scripting (XSS) |
| Icon List Block | Cross-Site Scripting (XSS) |
| IE CSS3 Support | Cross-Site Scripting (XSS) |
| igumbi Online Booking | Cross-Site Scripting (XSS) |
| Image Photo Gallery Final Tiles Grid | Cross-Site Scripting (XSS) |
| Image Rotator | Cross-Site Scripting (XSS) |
| Implied Cookie Consent | Cross-Site Scripting (XSS) |
| Include Mastodon Feed | Cross-Site Scripting (XSS) |
| Info Cards – Gutenberg block for creating Beautiful Cards | Cross-Site Scripting (XSS) |
| InLocation | Cross-Site Scripting (XSS) |
| Job Board Manager | Cross-Site Scripting (XSS) |
| JustRows free | Cross-Site Scripting (XSS) |
| Kona Gallery Block | Cross-Site Scripting (XSS) |
| Kush Micro News | Cross-Site Scripting (XSS) |
| Lazy Blocks | Cross-Site Scripting (XSS) |
| LearnPress | Cross-Site Scripting (XSS) |
| Legull | Cross-Site Scripting (XSS) |
| Lenix Elementor Leads addon | Unauthenticated Cross-Site Scripting (XSS) from URL Form Field |
| Leyka | Cross-Site Scripting (XSS) |
| Library Bookshelves | Cross-Site Scripting (XSS) |
| LikeBot | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| Like dislike plus counter | Cross-Site Scripting (XSS) |
| Links in Captions | Cross-Site Scripting (XSS) |
| Listings for Appfolio | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WordPress Listivo - Classified Ads WordPress Theme | Cross-Site Scripting (XSS) |
| List Related Attachments | Cross-Site Scripting (XSS) |
| List Urls | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Live css | Cross-Site Scripting (XSS) |
| Live Streaming Video Player – by SRS Player | Cross-Site Scripting (XSS) |
| Liveticker (by stklcode) | Cross-Site Scripting (XSS) |
| Local Search SEO Contact Page | Cross-Site Scripting (XSS) |
| Login-box | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Login/Signup Popup | Cross-Site Scripting (XSS) from xoo_el_action Shortcode |
| Logo Slider | Cross-Site Scripting (XSS) |
| LTL Freight Quotes – Unishippers Edition | Cross-Site Scripting (XSS) |
| LTL Freight Quotes – Worldwide Express Edition | Cross-Site Scripting (XSS) |
| magayo Lottery Results | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Magic the Gathering Card Tooltips | Cross-Site Scripting (XSS) |
| Marketing Automation | Cross-Site Scripting (XSS) |
| Master Slider | Cross-Site Scripting (XSS) |
| MemorialDay | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Meta Accelerator | Cross-Site Scripting (XSS) |
| Migrate Posts | Post Based Cross-Site Scripting (XSS) |
| Mini Course Generator | Cross-Site Scripting (XSS) |
| MK Google Directions | Cross-Site Scripting (XSS) |
| Mobile | Cross-Site Scripting (XSS) |
| Modal Portfolio | Cross-Site Scripting (XSS) |
| Modal Window | Cross-Site Scripting (XSS) from iframeBox Shortcode |
| Mortgage Calculator / Loan Calculator | Cross-Site Scripting (XSS) |
| Musicbox | Cross-Site Scripting (XSS) |
| Music Press Pro | Cross-Site Scripting (XSS) |
| My Login Logout Plugin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Naver Syndication V2 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Newpost Catch | Cross-Site Scripting (XSS) from npc Shortcode |
| NewsTicker | Cross-Site Scripting (XSS) |
| NextGen Cooliris Gallery | Cross-Site Scripting (XSS) |
| NextGEN Gallery | Cross-Site Scripting (XSS) |
| NGG Smart Image Search | Cross-Site Scripting (XSS) |
| Notif Bell | Cross-Site Scripting (XSS) |
| Om Stripe | Cross-Site Scripting (XSS) |
| On Page SEO + Whatsapp Chat Button | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Open Hours | Cross-Site Scripting (XSS) |
| Optimate Ads | Cross-Site Scripting (XSS) |
| Orbit Fox by ThemeIsle | Cross-Site Scripting (XSS) |
| OWL Carousel Slider | Cross-Site Scripting (XSS) |
| Page/Post Specific Social Share Buttons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Pago por Redsys | Cross-Site Scripting (XSS) |
| Pathomation | Cross-Site Scripting (XSS) |
| Paytm Payment Donation | Cross-Site Scripting (XSS) |
| Pie Calendar | Cross-Site Scripting (XSS) from piecal Shortcode |
| PiwigoPress | Cross-Site Scripting (XSS) |
| PlayerJS | Cross-Site Scripting (XSS) |
| Pollin | Cross-Site Scripting (XSS) |
| Pop Up | Cross-Site Scripting (XSS) |
| Popup Builder | Cross-Site Scripting (XSS) |
| Post Grid and Gutenberg Blocks | Cross-Site Scripting (XSS) |
| Post SMTP | Unauthenticated Cross-Site Scripting (XSS) |
| Post Sync | Cross-Site Scripting (XSS) |
| Post Thumbs | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Prezi Embedder | Cross-Site Scripting (XSS) |
| Pricing Table by PickPlugins | Cross-Site Scripting (XSS) |
| Product Blocks for WooCommerce | Cross-Site Scripting (XSS) |
| Product Catalog Simple | Cross-Site Scripting (XSS) from show_products Shortcode |
| Product Table For WooCommerce | Cross-Site Scripting (XSS) |
| ProfilePress | Cross-Site Scripting (XSS) |
| Profile Widget Ninja | Cross-Site Scripting (XSS) |
| Protected wp-login | Cross-Site Scripting (XSS) |
| Pure Chat | Cross-Site Scripting (XSS) from purechatWidgetName Parameter |
| pushBIZ | Cross-Site Scripting (XSS) |
| Puzzles Theme | Cross-Site Scripting (XSS) from Shortcode |
| Puzzles Theme | Missing Authorization (BAC) to Cross-Site Scripting (XSS) |
| Qi Addons For Elementor | Cross-Site Scripting (XSS) |
| QR Code for WooCommerce | Cross-Site Scripting (XSS) |
| Qubely – Advanced Gutenberg Blocks | Cross-Site Scripting (XSS) |
| Quiz Organizer | Cross-Site Scripting (XSS) |
| Quote Comments | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Quotes llama | Cross-Site Scripting (XSS) |
| R3W InstaFeed | Cross-Site Scripting (XSS) |
| Rank Math SEO | Cross-Site Scripting (XSS) from Rank Math API |
| Reaction Buttons | Cross-Site Scripting (XSS) |
| Reactive Mortgage Calculator | Cross-Site Scripting (XSS) |
| Read More Copy Link | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Rebuild Permalinks | Cross-Site Scripting (XSS) |
| Related Posts Line-up-Exactly by Milliard | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Responsive Flickr Slideshow | Cross-Site Scripting (XSS) |
| Responsive iframe | Cross-Site Scripting (XSS) |
| Responsive Modal Builder for High Conversion – Easy Popups | Cross-Site Scripting (XSS) |
| Restrict Taxonomies | Cross-Site Scripting (XSS) |
| ReverbNation Widgets | Cross-Site Scripting (XSS) |
| Rife Elementor Extensions & Templates | Cross-Site Scripting (XSS) from Writing Effect Headline Shortcode |
| Rise Blocks | Cross-Site Scripting (XSS) from TitleTag Parameter |
| RJ Quickcharts | Cross-Site Scripting (XSS) |
| Royal Elementor Addons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| RSS Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| RSS in Page | Cross-Site Scripting (XSS) |
| s2Member Pro | Cross-Site Scripting (XSS) |
| seekXL Snapr | Cross-Site Scripting (XSS) |
| SendPulse Email Marketing Newsletter | Cross-Site Scripting (XSS) |
| Sensly Online Presence | Cross-Site Scripting (XSS) |
| Services Section block | Cross-Site Scripting (XSS) |
| Shipmozo Courier Tracking | Cross-Site Scripting (XSS) |
| ShopSite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Show notice or message on admin area | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| sidebarTabs | Cross-Site Scripting (XSS) |
| Simple Add Pages or Posts | Cross-Site Scripting (XSS) |
| Simple Auto Tag | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple catalogue | Cross-Site Scripting (XSS) |
| Simple Certain Time to Show Content | Cross-Site Scripting (XSS) |
| Simple Charts | Cross-Site Scripting (XSS) |
| Simple Documentation | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Email Subscriber | Cross-Site Scripting (XSS) |
| Simple Google Calendar Outlook Events Block Widget | Cross-Site Scripting (XSS) |
| Simple Image Sizes | Cross-Site Scripting (XSS) |
| Simple Pricing Tables For WPBakery Page Builder | Cross-Site Scripting (XSS) |
| Simple Responsive Menu | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Select All Text Box | Cross-Site Scripting (XSS) |
| Simple User Profile | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Video Management System | Cross-Site Scripting (XSS) |
| Sina Extension for Elementor | Cross-Site Scripting (XSS) from Fancy Text, Countdown Widget, and Login Form Shortcodes |
| Site Mailer | Unauthenticated Cross-Site Scripting (XSS) |
| SKT Blocks – Gutenberg based Page Builder | Cross-Site Scripting (XSS) |
| Smartarget | Cross-Site Scripting (XSS) |
| Smart Countdown FX | Cross-Site Scripting (XSS) |
| Smart DoFollow | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Smart Maintenance & Countdown | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SMTP for Amazon SES | Unauthenticated Cross-Site Scripting (XSS) from Email Logs |
| SMTP for SendGrid – YaySMTP | Unauthenticated Cross-Site Scripting (XSS) from Email Logs |
| SMTP for Sendinblue – YaySMTP | Unauthenticated Cross-Site Scripting (XSS) from Email Logs |
| Social Links | Cross-Site Scripting (XSS) |
| Social Warfare | Cross-Site Scripting (XSS) |
| Spiritual Gifts Survey | Cross-Site Scripting (XSS) |
| Staff Directory Plugin: Company Directory | Cross-Site Scripting (XSS) |
| StaffList | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Status Update (BAC)r | Cross-Site Scripting (XSS) |
| Sticky Content | Cross-Site Scripting (XSS) |
| Store Locator Widget | Cross-Site Scripting (XSS) |
| Stray Random Quotes | Cross-Site Scripting (XSS) |
| Style Tweaker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Stylish Google Sheet Read (BAC)er | Cross-Site Scripting (XSS) |
| Subscribe2 | Unauthenticated Cross-Site Scripting (XSS) from IP Parameter |
| SuperSaaS – online appointment scheduling | Cross-Site Scripting (XSS) from after Parameter |
| Super Store Finder | Unauthenticated SQL Injection (SQLi) to Cross-Site Scripting (XSS) |
| Survey Maker | Cross-Site Scripting (XSS) |
| SVG Support | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| SVG Support | Cross-Site Scripting (XSS) from Dependency |
| SW Plus | Cross-Site Scripting (XSS) |
| Table of Contents Block | Cross-Site Scripting (XSS) |
| TCBD Tooltip | Cross-Site Scripting (XSS) |
| Team Builder For WPBakery Page Builder | Cross-Site Scripting (XSS) |
| Team Section Block | Cross-Site Scripting (XSS) |
| Terms Dictionary | Cross-Site Scripting (XSS) |
| Testimonials | Unauthenticated Cross-Site Scripting (XSS) |
| Theasys | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| ThemeMakers PayPal Express Checkout | Cross-Site Scripting (XSS) from Shortcode |
| ThemeMakers Stripe Checkout | Cross-Site Scripting (XSS) from Shortcode |
| The Plus Addons for Elementor Page Builder Lite | Cross-Site Scripting (XSS) |
| Threepress | Cross-Site Scripting (XSS) |
| Timeline Block | Cross-Site Scripting (XSS) |
| TinyMCE Advanced qTranslate fix editor problems | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Top Bar – PopUps – by WPOptin | Cross-Site Scripting (XSS) |
| TransFinanz | Cross-Site Scripting (XSS) |
| Tribulant Gallery Voting | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| TTT Crop | Cross-Site Scripting (XSS) |
| Tube Video Ads Lite | Cross-Site Scripting (XSS) |
| Typed JS | Cross-Site Scripting (XSS) from typespeed Parameter |
| Ultimate Classified Listings | Cross-Site Scripting (XSS) from Title Parameter |
| UltraEmbed | Cross-Site Scripting (XSS) |
| UMich OIDC Login | Cross-Site Scripting (XSS) |
| Uncode Theme | Cross-Site Scripting (XSS) from mle-description |
| Uncomplicated SEO | Cross-Site Scripting (XSS) |
| UniTimetable | Cross-Site Scripting (XSS) |
| Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Cross-Site Scripting (XSS) from Transparent Split Hero Widget |
| URL-Preview-Box | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| User List | Cross-Site Scripting (XSS) |
| User Private Files | Cross-Site Scripting (XSS) |
| User Role | Cross-Site Scripting (XSS) |
| Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce | Cross-Site Scripting (XSS) |
| Vertex Addons for Elementor | Cross-Site Scripting (XSS) |
| Video.js HLS Player | Cross-Site Scripting (XSS) |
| Video Lessons Manager | Cross-Site Scripting (XSS) |
| Vignette Ads | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| ViperBar | Cross-Site Scripting (XSS) |
| Visitor Details | Cross-Site Scripting (XSS) |
| Visualizer | Cross-Site Scripting (XSS) from Import Data From File |
| VR-Frases | Cross-Site Scripting (XSS) |
| VR-Frases | Cross-Site Scripting (XSS) to SQL Injection (SQLi) |
| Waymark | Cross-Site Scripting (XSS) |
| Web Accessibility By accessiBe | Cross-Site Scripting (XSS) |
| Web Stories Enhancer | Cross-Site Scripting (XSS) |
| Welcart e-Commerce | Unauthenticated Cross-Site Scripting (XSS) from name Parameter |
| what3words Address Field | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Wibiya Toolbar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Widget BUY.BOX | Cross-Site Scripting (XSS) |
| Wired Impact Volunteer Management | Cross-Site Scripting (XSS) |
| Wise Forms | Unauthenticated Cross-Site Scripting (XSS) |
| Wonder Video Embed | Cross-Site Scripting (XSS) from Shortcode |
| WOO Codice Fiscale | Cross-Site Scripting (XSS) |
| WooCommerce Cart Count Shortcode | Cross-Site Scripting (XSS) |
| WooCommerce Display Products by Tags | Cross-Site Scripting (XSS) |
| WooCommerce HTML5 Video | Cross-Site Scripting (XSS) |
| Woocommerce – Loi Hamon | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Woocommerce osCommerce Sync | Cross-Site Scripting (XSS) |
| WooCommerce Pricing – Product Pricing | Cross-Site Scripting (XSS) |
| WordPress Activity-o-meter | Cross-Site Scripting (XSS) |
| WordPress FormCraft - Premium WordPress Form Builder plugin | Unauthenticated Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| WordPress Photo Gallery – Image Gallery | Cross-Site Scripting (XSS) |
| WOW Entrance Effects (WEE!) | Cross-Site Scripting (XSS) |
| WP About Author | Cross-Site Scripting (XSS) |
| WP Activity Log | Unauthenticated Cross-Site Scripting (XSS) |
| WP Admin Custom Page | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP-Appbox | Cross-Site Scripting (XSS) from appbox Shortcode |
| WP-Asambleas | Cross-Site Scripting (XSS) |
| WP-BibTeX | Cross-Site Scripting (XSS) |
| WP Church Center | Cross-Site Scripting (XSS) |
| WP Custom Post RSS Feed | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP doodlez | Cross-Site Scripting (XSS) |
| WP Dream Carousel | Cross-Site Scripting (XSS) |
| WP Email Newsletter | Cross-Site Scripting (XSS) |
| WP Event Aggregator | Cross-Site Scripting (XSS) |
| WP Extra Fields | Cross-Site Scripting (XSS) |
| WP Finance | Cross-Site Scripting (XSS) |
| WP Finance | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| WP-FormAssembly | Cross-Site Scripting (XSS) from Shortcode |
| WP Frontend Submit | Cross-Site Scripting (XSS) |
| WP Google Map | Cross-Site Scripting (XSS) |
| WP Html Page Sitemap | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Keyword Monitor | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Less Compiler | Cross-Site Scripting (XSS) |
| WPMovieLibrary | Cross-Site Scripting (XSS) |
| WP PHPList | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WPPizza | Cross-Site Scripting (XSS) |
| WP Pricing Table | Cross-Site Scripting (XSS) |
| WP Project Manager | Cross-Site Scripting (XSS) |
| WP Projects Portfolio | Cross-Site Scripting (XSS) |
| WP Projects Portfolio | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| WP Responsive Auto Fit Text | Cross-Site Scripting (XSS) |
| WP SimpleWeather | Cross-Site Scripting (XSS) |
| WP Social SEO Booster – Knowledge Graph Social Signals SEO | Cross-Site Scripting (XSS) |
| WP Social Stream | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP ULike | Cross-Site Scripting (XSS) |
| WP Video Posts | Cross-Site Scripting (XSS) |
| WP Wiki Tooltip | Cross-Site Scripting (XSS) |
| WPYog Documents | Cross-Site Scripting (XSS) |
| Yahoo BOSS | Cross-Site Scripting (XSS) |
| Yay! Forms | Cross-Site Scripting (XSS) |
| YaySMTP | Unauthenticated Cross-Site Scripting (XSS) |
| YouTube Playlists with Schema | Cross-Site Scripting (XSS) |
| Zigaform – Form Builder Lite | Cross-Site Scripting (XSS) |
| Zigaform – Price Calculator & Cost Estimation Form Builder Lite | Cross-Site Scripting (XSS) |
| Ziggeo | Cross-Site Scripting (XSS) |
| ZMSEO | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| 无觅相关文章插件 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WordPress Cross-Site Scripting (XSS) reported in 2023: | 2928 |
| WordPress Cross-Site Scripting (XSS) reported in 2024: | 3806 |
| WordPress Cross-Site Scripting (XSS) reported in 2025: | 1830 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Scripting Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Scripting audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) Vulnerability reports (monthly) owlpower services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and…
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.
