The most recent plugin and theme vulnerability report shows some 400+ plugins and 25+ theme vulnerabilities that need attention today.

WordPress Plugin And Theme Vulnerability Report

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. Our teams work diligently for our customers to ensure a safe environment online to do business.

WordPress Plugin Vulnerabilities – Unauthorized AJAX Calls via Freemius


The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorization in some of its AJAX actions. As a result, any authenticated users, such as subscribers could access the debug logs. Unauthenticated attackers could also make a logged-in admin toggle the debug mode via a CSRF attack.

Proof of Concept

The PoC will be displayed on March 14, 2022, to give users the time to update.

View the growing list of 400+ plugins and 25+ themes with vulnerabilities published on WPScan.

Plugin And Theme Vulnerability Report For WordPress Admins

Thank you for viewing our Plugin And Theme Vulnerability Report. Please share this post with your friends to help get the word out and make WordPress safer for everyone!