PT-2026-46360 · Undefined · Undefined
Published
2026-06-04
·
Updated
2026-06-04
·
CVE-2025-69151
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
That number got my attention.
I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public.
Attackers don't wait.
Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix.
If you're running any of them, the recommendation is simple:
Remove them immediately.
And here's the important part:
Disabling the plugin is not enough. You need to delete it.
I've seen plenty of site owners deactivate vulnerable plugins and assume the problem is solved. Sometimes the vulnerable code remains on the server. Sometimes attackers know exactly where to look. Sometimes a forgotten plugin sits there for months until someone finds a way to abuse it.
That's the part that bothers me.
This isn't theoretical. Earlier this week we covered a Drupal vulnerability where attacks started just 51 minutes after public disclosure.
Fifty-one minutes.
I had to read that twice.
People often imagine attackers manually reading security advisories and deciding what to target next. That's not how much of this works anymore. The moment details become public, automated systems start fingerprinting targets, probing websites, and looking for victims.
If one of these 146 plugins is installed on your site, don't put it on next week's to-do list.
Check the list.
If it's there, remove it.
Not disable.
Delete.
CVE-ID Plugin Name
CVE-2025-11993 WooCommerce Infinite Scroll and Ajax Pagination
CVE-2025-14361 Woocommerce Envato Affiliates
CVE-2025-22741 Felan Framework
CVE-2025-53440 Confidant - Startup & Consulting Services WordPress Theme
CVE-2025-58705 Crafti - Handmade Store WordPress Theme
CVE-2025-58707 Spin - Cricket Team Sports WordPress Theme + AI
CVE-2025-58897 Fermentio - Brewery and Winemaking Restaurant WordPress Theme
CVE-2025-58924 Geya - Renewable Energy & Ecology WordPress Theme
CVE-2025-62745 Team Showcase
CVE-2025-69104 Qreatix - Interactive Portfolio WordPress Theme
CVE-2025-69105 Nyla - A Fresh & Modern WooCommerce Theme
CVE-2025-69106 Imba
CVE-2025-69107 Rosaleen
CVE-2025-69108 Hot Coffee | Coffee Shop & Cafe WordPress Theme
CVE-2025-69109 SeaFood Company - Fish Restaurant WordPress Theme
CVE-2025-69110 AirSupply | Conditioning Company and Heating Services WordPress Theme + RTL
CVE-2025-69111 Reisen | Auto Store & Car Repair WordPress Theme
CVE-2025-69112 Planty
CVE-2025-69113 Modenee (Moderne)
CVE-2025-69113 Nexio
CVE-2025-69114 MaxiNet - Internet & IPTV Provider Elementor Template Kit
CVE-2025-69115 LuxMed | Medicine & Healthcare Doctor WordPress Theme
CVE-2025-69116 Iona - Handmade & Crafts Shop WordPress Theme
CVE-2025-69117 Ingenioso
CVE-2025-69118 CopyPress
CVE-2025-69119 Corbesier
CVE-2025-69120 Dazzle - Manufacturing & Factory Elementor Pro template Kit
CVE-2025-69121 Deliciosa
CVE-2025-69123 Snow Club | Ski Resort and Snowboard Classes WordPress Theme
CVE-2025-69124 Especio - Food Blog Elementor Pro Template Kit
CVE-2025-69125 Food Drop | Meal Ordering & Delivery Mobile App WordPress Theme
CVE-2025-69126 Fortius
CVE-2025-69127 Plumbing - Plumber and Handyman WordPress Theme
CVE-2025-69128 JobCareer
CVE-2025-69135 Events Schedule - WordPress Events Calendar Plugin
CVE-2025-69136 Wanium - A Elegant Multi-Concept Theme
CVE-2025-69137 Genemy - Creative Minimal Landing Page Builder
CVE-2025-69138 Genemy - Creative Minimal Landing Page Builder
CVE-2025-69139 CarZone - A Complete Car Dealer HTML Wire-Frame
CVE-2025-69141 Kelly Young
CVE-2025-69142 Abele
CVE-2025-69143 Mission
CVE-2025-69144 Preservation
CVE-2025-69145 Gat
CVE-2025-69146 Dom
CVE-2025-69147 Putter
CVE-2025-69148 quirky
CVE-2025-69149 Top Dog
CVE-2025-69150 Medeus
CVE-2025-69151 Grand Car Rental | Limousine HTML Template
CVE-2025-69157 Gamic - Gaming Metaverse Game & Crypto WordPress Theme
CVE-2025-69158 Granola - SEO & Marketing Agency WordPress Theme
CVE-2025-69159 Printo
CVE-2025-69160 Gita
CVE-2025-69161 snowy
CVE-2025-69162 Grecko | Business WordPress Theme
CVE-2025-69163 WineShop - Food & Wine Store WordPress Theme
CVE-2025-69164 Skyward
CVE-2025-69165 Choreo
CVE-2025-69166 Gunslinger
CVE-2025-69167 Eros
CVE-2025-69168 Spike - Volleyball Sports WordPress Theme
CVE-2025-69170 Eventicity
CVE-2025-69171 Orpheus
CVE-2025-69172 Resurs - Physiotherapy & Psychology Rehabilitation WordPress Theme
CVE-2025-69173 tipsy
CVE-2025-69174 Etude - Design Agency & Branding Agency WordPress Theme
CVE-2025-69175 Line Agency | Interior Design & Architecture WordPress Theme
CVE-2025-69176 ITactics - IT Solutions & Digital Startup WordPress Theme + AI
CVE-2025-69177 Roneous - Creative Multi-Purpose WordPress Theme
CVE-2025-69178 Truemag
CVE-2025-69179 Support Ticket Management System for WordPress
CVE-2026-2030 WP Bakery Page Builder Addons by Livemesh (Stored XSS via Shortcode)
CVE-2026-2288 myLinksDump
CVE-2026-2289 rexCrawler
CVE-2026-3279 Enable jQuery Migrate Helper
CVE-2026-3348 MinhNhut Link Gateway (Admin Stored XSS)
CVE-2026-3349 MinhNhut Link Gateway (Reflected XSS)
CVE-2026-3895 WP Bakery Page Builder Addons by Livemesh (Missing Authorization)
CVE-2026-3896 Livemesh SiteOrigin Widgets
CVE-2026-3897 Livemesh Addons for Beaver Builder
CVE-2026-39655 Mayosis Core
CVE-2026-39661 sw core
CVE-2026-42737 VikBooking Hotel Booking Engine & PMS
CVE-2026-4290 WP Travel Pro
CVE-2026-6169 affiliate-toolkit - Multi-Network Affiliate & Amazon Product Display
CVE-2026-7614 Old Posts Highlighter
CVE-2026-7618 EnvialoSimple: Email Marketing y Newsletters
CVE-2026-8040 faq shortcode
CVE-2026-8048 My Email Shortcode
CVE-2026-8701 GNTT Post Title Ticker
CVE-2026-8702 GBI To Print
CVE-2026-8703 Endless Scroll
CVE-2026-8707 NS Product icon badge
CVE-2026-8708 Genzel breadcrumbs
CVE-2026-8760 Login with OTP
CVE-2026-8787 Admin Chat Management (Firebase Support & Chat Management)
CVE-2026-8837 WP Iframe Geo Style for Amazon affiliates
CVE-2026-8842 Google+ Link Name
CVE-2026-8844 Responsive Check
CVE-2026-8845 Islamic Database
CVE-2026-8846 Tuxquote
CVE-2026-8847 Dideo
CVE-2026-8866 jQuery googleslides
CVE-2026-8867 Post Categories Gallery
CVE-2026-8868 Single Mailchimp
CVE-2026-8869 Mutual Funds Data
CVE-2026-8870 Team Master - A Modern WordPress Team Showcase
CVE-2026-8871 Formidable Kinetic
CVE-2026-8873 Content Slideshow
CVE-2026-8874 Cryptocurrency Prijsvergelijking Widget
CVE-2026-8875 Easy Prism Syntax Highlighter
CVE-2026-8876 LiveSmart Video Chat
CVE-2026-8877 Responsive Video Embedder
CVE-2026-8878 Github Shortcode
CVE-2026-8884 Instant-Quote.co Quotation Page
CVE-2026-8886 hk shortcode
CVE-2026-8887 Listen Shortcode
CVE-2026-8891 BitForm - Data management solution for WordPress
CVE-2026-8894 iWR Tooltip
CVE-2026-8897 Shortcode Buddy
CVE-2026-8898 Events In City
CVE-2026-8899 Auto Thumbnails
CVE-2026-8903 Two-factor authentication (formerly IP Vault)
CVE-2026-8911 WP AutoBuzz
CVE-2026-8912 WP Promoter (CSRF to Stored XSS)
CVE-2026-8938 auto making JSON-LD
CVE-2026-8939 Search Simple Fields
CVE-2026-8940 GoStats for WordPress
CVE-2026-8941 CDN Linker lite
CVE-2026-8942 MetaMagic SEO Plugin
CVE-2026-8994 Login with NEAR
CVE-2026-9014 WP Promoter (Missing Authorization)
CVE-2026-9200 Query Shortcode
CVE-2026-24527 Autoship Cloud for WooCommerce Subscription Products
CVE-2026-24528 Brikk - Directory & Listing WordPress Theme
CVE-2026-24582 FlexTable - Data Table Sync with Google Sheets
CVE-2026-24586 Newses
CVE-2026-49045 Adminimize
CVE-2026-49046 Duplicate Page and Post
CVE-2026-49047 DearFlip - PDF Flipbook
CVE-2026-49052 ElementsKit Elementor Addons (second)
CVE-2026-49053 ElementsKit Elementor Addons (first)
CVE-2026-49054 The Post Grid
CVE-2026-49059 Meta for WooCommerce
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined