wordfence / famous plugins · 736 affected

Famous plugins · 10k+ installs

Vulnerability statistics for popular WordPress plugins with at least 10,000 active installs — high-impact issues in widely-used software.

10k+ installs only
total vulns · famous
1,706
across 736 plugins
critical
49
popular crit count
high
271
popular high count
famous plugins
736
≥ 10k installs · ≥ 1 vuln
01

Distribution

severity · CWE
severity distributionshare
top CWE classestop 10
CWE-79 · Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 632
CWE-862 · Missing Authorization 382
CWE-352 · Cross-Site Request Forgery (CSRF) 99
CWE-89 · Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 91
CWE-200 · Exposure of Sensitive Information to an Unauthorized Actor 73
CWE-639 · Authorization Bypass Through User-Controlled Key 48
CWE-502 · Deserialization of Untrusted Data 45
CWE-98 · Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 44
CWE-434 · Unrestricted Upload of File with Dangerous Type 44
CWE-918 · Server-Side Request Forgery (SSRF) 42
02

Trends

monthly · yearly · patched
monthly discoverieslast 12 mo
patched status1,625 / 1,706
vulnerabilities by year 2 years
03

Most affected famous plugins

10k+ installs · top 15
top vulnerable famous pluginsby vuln count
GiveWP – Donation Plugin and Fundraising Platform
give · 100,000 installs
2 crit 1 high 13
SureForms – Contact Form, Payment Form & Other Custom Form Builder
sureforms · 400,000 installs
3 high 12
User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
user-registration · 60,000 installs
1 crit 1 high 12
AI Engine – The Chatbot and AI Framework for WordPress
ai-engine · 100,000 installs
1 crit 5 high 11
Download Manager
download-manager · 100,000 installs
2 high 11
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
learnpress · 80,000 installs
11
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons · 600,000 installs
11
Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
wp-event-solution · 10,000 installs
1 crit 8 high 11
The Events Calendar
the-events-calendar · 700,000 installs
2 high 10
Welcart e-Commerce
usc-e-shop · 20,000 installs
1 high 10
Essential Addons for Elementor – Popular Elementor Templates & Widgets
essential-addons-for-elementor-lite · 2,000,000 installs
9
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
forminator · 600,000 installs
2 high 9
Ninja Forms – The Contact Form Builder That Grows With You
ninja-forms · 600,000 installs
3 high 9
Tutor LMS – eLearning and online course solution
tutor · 100,000 installs
9
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
ultimate-member · 200,000 installs
4 high 9
top 10 famous plugins · chartvuln count
04

Impact summary

high impact · widely used
critical · widespread10k+
49
CVEs hitting popular plugins · highest blast radius
high · widespread10k+
271
amber-zone risk · 10k+ install reach
browse famous
view advanced plugins →
filterable table · 10k+ install threshold