wordfence / famous plugins · 873 affected

Famous plugins · 10k+ installs

Vulnerability statistics for popular WordPress plugins with at least 10,000 active installs — high-impact issues in widely-used software.

10k+ installs only
total vulns · famous
2,532
across 873 plugins
critical
69
popular crit count
high
444
popular high count
famous plugins
873
≥ 10k installs · ≥ 1 vuln
01

Distribution

severity · CWE
severity distributionshare
top CWE classestop 20
CWE-79 · Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 865
CWE-862 · Missing Authorization 623
CWE-89 · Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 150
CWE-352 · Cross-Site Request Forgery (CSRF) 134
CWE-200 · Exposure of Sensitive Information to an Unauthorized Actor 110
CWE-639 · Authorization Bypass Through User-Controlled Key 91
CWE-22 · Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 69
CWE-502 · Deserialization of Untrusted Data 68
CWE-918 · Server-Side Request Forgery (SSRF) 58
CWE-434 · Unrestricted Upload of File with Dangerous Type 55
02

Trends

monthly · yearly · patched
monthly discoverieslast 12 mo
patched status2,462 / 2,532
vulnerabilities by year 2 years
03

Most affected famous plugins

10k+ installs · top 15
top vulnerable famous pluginsby vuln count
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons · 600,000 installs
3 high 25
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
user-registration · 60,000 installs
3 crit 2 high 24
LatePoint – Calendar Booking Plugin for Appointments and Events
latepoint · 100,000 installs
1 crit 8 high 23
Tutor LMS – eLearning and online course solution
tutor · 100,000 installs
3 high 23
Download Manager
download-manager · 100,000 installs
2 high 17
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
learnpress · 70,000 installs
1 crit 16
wpForo Forum
wpforo · 20,000 installs
9 high 16
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
forminator · 600,000 installs
3 high 15
GiveWP – Donation Plugin and Fundraising Platform
give · 100,000 installs
2 crit 1 high 15
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
simply-schedule-appointments · 60,000 installs
6 high 15
SureForms – Contact Form, Payment Form & Other Custom Form Builder
sureforms · 500,000 installs
5 high 15
Bold Page Builder
bold-page-builder · 40,000 installs
14
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
quiz-master-next · 40,000 installs
2 high 14
Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)
wp-event-solution · 10,000 installs
1 crit 9 high 14
AI Engine – The Chatbot, AI Framework & MCP for WordPress
ai-engine · 100,000 installs
1 crit 7 high 13
top 10 famous plugins · chartvuln count
04

Impact summary

high impact · widely used
critical · widespread10k+
69
CVEs hitting popular plugins · highest blast radius
high · widespread10k+
444
amber-zone risk · 10k+ install reach
browse famous
view advanced plugins →
filterable table · 10k+ install threshold