Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

96

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
c9-blocks c9-blocks
89
C9 Blocks <= 1.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.7 July 1, 2026
awsa-shipping awsa-shipping
91
AWSA Shipping <= 1.3.0 - Reflected Cross-Site Scripting LOW *-1.3.0 July 1, 2026
at-internet at-internet
91
AT Internet SmartTag <= 0.2 - Reflected Cross-Site Scripting LOW *-0.2 July 1, 2026
arconix-faq arconix-faq
97
Arconix FAQ <= 1.9.5 - Reflected Cross-Site Scripting LOW *-1.9.5 1.9.6 July 1, 2026
affiliate-links affiliate-links
97
Affiliate Links Lite <= 3.1.0 - Reflected Cross-Site Scripting LOW *-3.1.0 3.2.0 July 1, 2026
adthrive-ads adthrive-ads
97
Raptive Ads <= 3.7.3 - Reflected Cross-Site Scripting LOW *-3.7.3 3.7.4 July 1, 2026
activity-reactions-for-buddypress activity-reactions-for-buddypress
93
Activity Reactions For Buddypress <= 1.0.22 - Reflected Cross-Site Scripting LOW *-1.0.22 July 1, 2026
accredible-certificates accredible-certificates
97
Accredible Certificates & Open Badges <= 1.4.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter LOW *-1.4.9 1.5.0 July 1, 2026
payment-forms-for-paystack payment-forms-for-paystack N/A Payment Forms for Paystack <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.0.2 4.0.3 July 1, 2026
embedder embedder
91
Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update LOW 1.3-1.3.5 July 1, 2026
azurecurve-shortcodes-in-comments azurecurve-shortcodes-in-comments
91
azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution LOW *-2.0.2 July 1, 2026
order-post order-post N/A ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution LOW *-2.0.2 July 1, 2026
swatchly swatchly N/A Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update LOW 1.2.8-1.4.0 1.4.1 July 1, 2026
suretriggers suretriggers N/A SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation LOW *-1.0.78 1.0.79 July 1, 2026
z-inventory-manager z-inventory-manager N/A PlainInventory <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.1.9 July 1, 2026
youtube-embed youtube-embed N/A YouTube Embed <= 5.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.3.1 5.4 July 1, 2026
ws-audio-player ws-audio-player N/A WS Audio Player <= 1.1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.8 July 1, 2026
wpsolr-free wpsolr-free N/A WPSolr <= 24.0 - Cross-Site Request Forgery to Privilege Escalation LOW *-24.0 24.0.1 July 1, 2026
wpshop wpshop N/A WP shop <= 2.6.0 - Cross-Site Request Forgery to Arbitrary File Upload LOW *-2.6.0 July 1, 2026
wpjobboard wpjobboard N/A WPJobBoard < 5.11.1 - Cross-Site Request Forgery LOW [*, 5.11.1) 5.11.1 July 1, 2026
wp-webinarsystem wp-webinarsystem N/A WebinarPress <= 1.33.27 - Open Redirect LOW *-1.33.27 July 1, 2026
wp-w3all-phpbb-integration wp-w3all-phpbb-integration N/A WP w3all phpBB <= 2.9.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.9.9 3.0.0 July 1, 2026
wp-table-builder wp-table-builder N/A WP Table Builder <= 2.0.5 - Reflected Cross-Site Scripting LOW *-2.0.5 2.0.6 July 1, 2026
wp-subscription-forms wp-subscription-forms N/A WP Subscription Forms <= 1.2.4 - Authenticated (Contributor+) Local File Inclusion LOW *-1.2.4 1.2.5 July 1, 2026
wp-smart-contracts wp-smart-contracts N/A WPSmartContracts <= 2.0.10 - Unauthenticated SQL Injection LOW *-2.0.10 July 1, 2026
wp-show-stats wp-show-stats N/A WP Show Stats <= 1.5 - Cross-Site Request Forgery LOW *-1.5 July 1, 2026
wp-sexylightbox wp-sexylightbox N/A WP SexyLightBox <= 0.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.5.3 July 1, 2026
wp-planification wp-planification N/A WP-Planification <= 2.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.3.1 July 1, 2026
wp-performance-pack wp-performance-pack N/A WP Performance Pack <= 2.5.4 - Cross-Site Request Forgery LOW *-2.5.4 July 1, 2026
wp-online-users-stats wp-online-users-stats N/A WP Online Users Stats <= 1.0.0 - Unauthenticated SQL Injection LOW *-1.0.0 July 1, 2026
wp-map-route-planner wp-map-route-planner N/A WP Map Route Planner <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
wp-inquiries wp-inquiries N/A WP Inquiries <= 0.2.1 - Authenticated (Administrator+) SQL Injection LOW *-0.2.1 July 1, 2026
wp-hide-categories wp-hide-categories N/A WP Hide Categories <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 1, 2026
wp-food wp-food N/A WP Food ordering and Restaurant Menu <= 1.1 - Unauthenticated Local File Inclusion LOW *-1.1 July 1, 2026
wp-editormd wp-editormd N/A WP Editor.md – The Perfect WordPress Markdown Editor <= 10.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-10.2.1 July 1, 2026
wp-easy-menu wp-easy-menu N/A WP-Easy Menu <= 0.41 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.41 July 1, 2026
wp-businessdirectory wp-businessdirectory N/A WP-BusinessDirectory <= 3.1.2 - Unauthenticated Arbitrary File Deletion LOW *-3.1.2 3.1.3 July 1, 2026
wp-abstracts-manuscripts-manager wp-abstracts-manuscripts-manager N/A WP Abstracts <= 2.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.7.4 July 1, 2026
workbox-video-from-vimeo-youtube-plugin workbox-video-from-vimeo-youtube-plugin N/A Workbox Video from Vimeo & Youtube <= 3.2.2 - Reflected Cross-Site Scripting LOW *-3.2.2 July 1, 2026
woocommerce-to-google-merchant-center woocommerce-to-google-merchant-center N/A Woo Product Feed For Marketing Channels <= 1.9.0 - Missing Authorization LOW *-1.9.0 July 1, 2026
woocommerce-multilingual woocommerce-multilingual N/A WooCommerce Multilingual & Multicurrency <= 5.3.8 - Missing Authorization LOW *-5.3.8 5.3.9 July 1, 2026
woocommerce-mis-report woocommerce-mis-report N/A WooCommerce Sales MIS Report <= 4.0.3 - Reflected Cross-Site Scripting LOW *-4.0.3 July 1, 2026
woocommerce-exporter woocommerce-exporter N/A WooCommerce – Store Exporter <= 2.7.4 - Reflected Cross-Site Scripting LOW *-2.7.4 2.7.5 July 1, 2026
wishlist wishlist N/A Wishlist <= 1.0.44 - Authenticated (Subscriber+) SQL Injection LOW *-1.0.44 July 1, 2026
windows-live-writer windows-live-writer N/A Windows Live Writer <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1 July 1, 2026
wetterwarner wetterwarner N/A Wetterwarner <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.7.2 2.8 July 1, 2026
wc-pickupp wc-pickupp N/A WooCommerce Pickupp <= 2.4.0 - Unauthenticated Local File Inclusion LOW *-2.4.0 July 1, 2026
wc-payphone-gateway wc-payphone-gateway N/A WooCommerce – Payphone Gateway <= 3.2.0 - Reflected Cross-Site Scripting LOW *-3.2.0 3.2.1 July 1, 2026
waymark waymark N/A Waymark <= 1.5.2 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-1.5.2 1.5.3 July 1, 2026
waymark waymark N/A Waymark <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.2 1.5.3 July 1, 2026
vkontakte-cross-post vkontakte-cross-post N/A VKontakte Cross-Post <= 0.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.3.2 July 1, 2026
vite-coupon vite-coupon N/A Vite Coupon <= 1.0.9 - Cross-Site Request Forgery to Remote Code Execution LOW *-1.0.9 1.0.10 July 1, 2026
verowa-connect verowa-connect N/A Verowa Connect <= 3.0.5 - Authenticated (Administrator+) SQL Injection LOW *-3.0.5 3.1.0 July 1, 2026
ut-demo-importer ut-demo-importer N/A Ultra Demo Importer <= 1.0.5 - Cross-Site Request Forgery to Remote Code Execution LOW *-1.0.5 July 1, 2026
user-session-synchronizer user-session-synchronizer N/A User Session Synchronizer <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.0 July 1, 2026
user-registration-using-contact-form-7 user-registration-using-contact-form-7 N/A User Registration Using Contact Form 7 <= 2.4 - Cross-Site Request Forgery LOW *-2.4 2.5 July 1, 2026
ultimate-wp-mail ultimate-wp-mail N/A Ultimate WP Mail <= 1.3.9 - Open Redirect LOW *-1.3.9 July 1, 2026
ultimate-bootstrap-elements-for-elementor ultimate-bootstrap-elements-for-elementor N/A Ultimate Bootstrap Elements for Elementor <= 1.4.9 - Unauthenticated Local File Inclusion LOW *-1.4.9 1.5.0 July 1, 2026
twispay twispay N/A Twispay Credit Card Payments <= 2.1.2 - Reflected Cross-Site Scripting LOW *-2.1.2 July 1, 2026
trusty-woo-products-filter trusty-woo-products-filter N/A Shop Products Filter <= 1.2 - Authenticated (Subscriber+) Local File Inclusion LOW *-1.2 July 1, 2026
tournamatch tournamatch N/A Tournamatch <= 4.6.2 - Reflected Cross-Site Scripting LOW *-4.6.2 July 1, 2026
the-world the-world N/A The World <= 0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.4 July 1, 2026
testimonial-slider-showcase-pro testimonial-slider-showcase-pro N/A Testimonial Slider And Showcase Pro <= 2.3.15 - Unauthenticated Local File Inclusion LOW *-2.3.15 July 1, 2026
task-scheduler task-scheduler N/A Task Scheduler <= 1.6.3 - Reflected Cross-Site Scripting LOW *-1.6.3 July 1, 2026
SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder sureforms N/A SureForms – Drag and Drop Form Builder for WordPress <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Settings Update LOW *-1.4.3 1.4.4 July 1, 2026
squeeze squeeze N/A Squeeze <= 1.6 - Authenticated (Admin+) Full Path Disclosure LOW *-1.6 1.6.1 July 1, 2026
squeeze squeeze N/A Squeeze <= 1.6 - Authenticated (Admin+) Arbitrary File Upload LOW *-1.6 1.6.1 July 1, 2026
spoiler-block spoiler-block N/A Spoiler Block <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7 July 1, 2026
social-stream-design social-stream-design N/A WP Social Stream Designer <= 1.3 - Authenticated (Administrator+) SQL Injection LOW *-1.3 July 1, 2026
social-crowd social-crowd N/A Social Crowd <= 0.9.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.9.6.1 July 1, 2026
social-bookmarking-reloaded social-bookmarking-reloaded N/A Social Bookmarking RELOADED <= 3.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.18 July 1, 2026
smart-product-gallery-slider smart-product-gallery-slider N/A Smart Product Gallery Slider <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.4 July 1, 2026
site-table-of-contents site-table-of-contents N/A Site Table of Contents <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.3 July 1, 2026
simple-spoiler simple-spoiler N/A Simple Spoiler <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4 1.5 July 1, 2026
simple-post-meta-manager simple-post-meta-manager N/A Simple Post Meta Manager <= 1.0.9 - Reflected Cross-Site Scripting LOW *-1.0.9 July 1, 2026
seo-nutrition-and-print-for-recipes-by-edamam seo-nutrition-and-print-for-recipes-by-edamam N/A SEO, Nutrition and Print for Recipes by Edamam <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.3 July 1, 2026
seo-meta-tags seo-meta-tags N/A Seo Meta Tags <= 1.4 - Cross-Site Request Forgery to Privilege Escalation LOW *-1.4 July 1, 2026
seo-help seo-help N/A SEO Help <= 6.6.1 - Authenticated (Admin+) Server-Side Request Forgery LOW *-6.6.1 July 1, 2026
script-compressor script-compressor N/A Script Compressor <= 1.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7.1 July 1, 2026
scheduled scheduled N/A Scheduled <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
scand-multi-mailer scand-multi-mailer N/A MultiMailer <= 1.0.3 - Reflected Cross-Site Scripting LOW *-1.0.3 July 1, 2026
scand-multi-mailer scand-multi-mailer N/A MultiMailer <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.3 July 1, 2026
rich-table-of-content rich-table-of-content N/A Rich Table of Contents <= 1.4.0 - Missing Authorization LOW *-1.4.0 1.4.1 July 1, 2026
review-stream review-stream N/A Review Stream <= 1.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.7 1.6.8 July 1, 2026
review-stars-count-for-woocommerce review-stars-count-for-woocommerce N/A Review Stars Count For WooCommerce <= 2.0 - Authenticated (Subscriber+) SQL Injection LOW *-2.0 July 1, 2026
revechat revechat N/A REVE Chat <= 6.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-6.2.2 July 1, 2026
restropress restropress N/A RestroPress <= 3.2.8.6 - Reflected Cross-Site Scripting LOW *-3.2.8.6 3.2.8.6.1 July 1, 2026
request-call-back request-call-back N/A Request Call Back <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4.1 July 1, 2026
rentsyst rentsyst N/A RentSyst <= 2.0.92 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.92 2.0.93 July 1, 2026
recaptcha-jetpack recaptcha-jetpack N/A reCAPTCHA Jetpack <= 0.2.2 - Cross-Site Request Forgery LOW *-0.2.2 July 1, 2026
real-estate-manager real-estate-manager N/A Real Estate Manager <= 7.3 - Unauthenticated Local File Inclusion LOW *-7.3 July 1, 2026
print-science-designer print-science-designer N/A Print Science Designer <= 1.3.155 - Unauthenticated Arbitrary File Download LOW *-1.3.155 July 1, 2026
powerpress powerpress N/A PowerPress Podcasting <= 11.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-11.12.5 11.12.6 July 1, 2026
powerpress powerpress N/A PowerPress Podcasting <= 11.12.6 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-11.12.6 11.12.7 July 1, 2026
pojo-accessibility pojo-accessibility N/A One Click Accessibility <= 3.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.1.0 3.2.0 July 1, 2026
plugins-on-steroids plugins-on-steroids N/A Eazy Plugin Manager <= 4.3.0 - Missing Authorization LOW *-4.3.0 4.4.0 July 1, 2026
pagopar-woocommerce-gateway pagopar-woocommerce-gateway N/A Pagopar – WooCommerce Gateway <= 2.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.7.1 2.8.0 July 1, 2026
oxygen-mydata oxygen-mydata N/A Oxygen MyData for WooCommerce <= 1.0.64 - Unauthenticated Arbitrary File Deletion LOW *-1.0.64 1.0.65 July 1, 2026
oppso-unit-converter oppso-unit-converter N/A Oppso Unit Converter <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 July 1, 2026
online-accessibility online-accessibility N/A Accessibility Suite by Online ADA <= 4.18 - Authenticated (Subscriber+) SQL Injection LOW *-4.18 4.19 July 1, 2026
LOW

c9-blocks

c9-blocks

Score: 89/100 C9 Blocks <= 1.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.7 Patched: Updated: July 1, 2026
LOW

awsa-shipping

awsa-shipping

Score: 91/100 AWSA Shipping <= 1.3.0 - Reflected Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: July 1, 2026
LOW

at-internet

at-internet

Score: 91/100 AT Internet SmartTag <= 0.2 - Reflected Cross-Site Scripting Affected: *-0.2 Patched: Updated: July 1, 2026
LOW

arconix-faq

arconix-faq

Score: 97/100 Arconix FAQ <= 1.9.5 - Reflected Cross-Site Scripting Affected: *-1.9.5 Patched: 1.9.6 Updated: July 1, 2026
LOW

affiliate-links

affiliate-links

Score: 97/100 Affiliate Links Lite <= 3.1.0 - Reflected Cross-Site Scripting Affected: *-3.1.0 Patched: 3.2.0 Updated: July 1, 2026
LOW

adthrive-ads

adthrive-ads

Score: 97/100 Raptive Ads <= 3.7.3 - Reflected Cross-Site Scripting Affected: *-3.7.3 Patched: 3.7.4 Updated: July 1, 2026
LOW

activity-reactions-for-buddypress

activity-reactions-for-buddypress

Score: 93/100 Activity Reactions For Buddypress <= 1.0.22 - Reflected Cross-Site Scripting Affected: *-1.0.22 Patched: Updated: July 1, 2026
LOW

accredible-certificates

accredible-certificates

Score: 97/100 Accredible Certificates & Open Badges <= 1.4.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter Affected: *-1.4.9 Patched: 1.5.0 Updated: July 1, 2026
LOW

payment-forms-for-paystack

payment-forms-for-paystack

Score: N/A Payment Forms for Paystack <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.2 Patched: 4.0.3 Updated: July 1, 2026
LOW

embedder

embedder

Score: 91/100 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update Affected: 1.3-1.3.5 Patched: Updated: July 1, 2026
LOW

azurecurve-shortcodes-in-comments

azurecurve-shortcodes-in-comments

Score: 91/100 azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution Affected: *-2.0.2 Patched: Updated: July 1, 2026
LOW

order-post

order-post

Score: N/A ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution Affected: *-2.0.2 Patched: Updated: July 1, 2026
LOW

swatchly

swatchly

Score: N/A Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update Affected: 1.2.8-1.4.0 Patched: 1.4.1 Updated: July 1, 2026
LOW

suretriggers

suretriggers

Score: N/A SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation Affected: *-1.0.78 Patched: 1.0.79 Updated: July 1, 2026
LOW

z-inventory-manager

z-inventory-manager

Score: N/A PlainInventory <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.1.9 Patched: Updated: July 1, 2026
LOW

youtube-embed

youtube-embed

Score: N/A YouTube Embed <= 5.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.3.1 Patched: 5.4 Updated: July 1, 2026
LOW

ws-audio-player

ws-audio-player

Score: N/A WS Audio Player <= 1.1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.8 Patched: Updated: July 1, 2026
LOW

wpsolr-free

wpsolr-free

Score: N/A WPSolr <= 24.0 - Cross-Site Request Forgery to Privilege Escalation Affected: *-24.0 Patched: 24.0.1 Updated: July 1, 2026
LOW

wpshop

wpshop

Score: N/A WP shop <= 2.6.0 - Cross-Site Request Forgery to Arbitrary File Upload Affected: *-2.6.0 Patched: Updated: July 1, 2026
LOW

wpjobboard

wpjobboard

Score: N/A WPJobBoard < 5.11.1 - Cross-Site Request Forgery Affected: [*, 5.11.1) Patched: 5.11.1 Updated: July 1, 2026
LOW

wp-webinarsystem

wp-webinarsystem

Score: N/A WebinarPress <= 1.33.27 - Open Redirect Affected: *-1.33.27 Patched: Updated: July 1, 2026
LOW

wp-w3all-phpbb-integration

wp-w3all-phpbb-integration

Score: N/A WP w3all phpBB <= 2.9.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.9.9 Patched: 3.0.0 Updated: July 1, 2026
LOW

wp-table-builder

wp-table-builder

Score: N/A WP Table Builder <= 2.0.5 - Reflected Cross-Site Scripting Affected: *-2.0.5 Patched: 2.0.6 Updated: July 1, 2026
LOW

wp-subscription-forms

wp-subscription-forms

Score: N/A WP Subscription Forms <= 1.2.4 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.2.4 Patched: 1.2.5 Updated: July 1, 2026
LOW

wp-smart-contracts

wp-smart-contracts

Score: N/A WPSmartContracts <= 2.0.10 - Unauthenticated SQL Injection Affected: *-2.0.10 Patched: Updated: July 1, 2026
LOW

wp-show-stats

wp-show-stats

Score: N/A WP Show Stats <= 1.5 - Cross-Site Request Forgery Affected: *-1.5 Patched: Updated: July 1, 2026
LOW

wp-sexylightbox

wp-sexylightbox

Score: N/A WP SexyLightBox <= 0.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.5.3 Patched: Updated: July 1, 2026
LOW

wp-planification

wp-planification

Score: N/A WP-Planification <= 2.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.3.1 Patched: Updated: July 1, 2026
LOW

wp-performance-pack

wp-performance-pack

Score: N/A WP Performance Pack <= 2.5.4 - Cross-Site Request Forgery Affected: *-2.5.4 Patched: Updated: July 1, 2026
LOW

wp-online-users-stats

wp-online-users-stats

Score: N/A WP Online Users Stats <= 1.0.0 - Unauthenticated SQL Injection Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

wp-map-route-planner

wp-map-route-planner

Score: N/A WP Map Route Planner <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

wp-inquiries

wp-inquiries

Score: N/A WP Inquiries <= 0.2.1 - Authenticated (Administrator+) SQL Injection Affected: *-0.2.1 Patched: Updated: July 1, 2026
LOW

wp-hide-categories

wp-hide-categories

Score: N/A WP Hide Categories <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

wp-food

wp-food

Score: N/A WP Food ordering and Restaurant Menu <= 1.1 - Unauthenticated Local File Inclusion Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

wp-editormd

wp-editormd

Score: N/A WP Editor.md – The Perfect WordPress Markdown Editor <= 10.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-10.2.1 Patched: Updated: July 1, 2026
LOW

wp-easy-menu

wp-easy-menu

Score: N/A WP-Easy Menu <= 0.41 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.41 Patched: Updated: July 1, 2026
LOW

wp-businessdirectory

wp-businessdirectory

Score: N/A WP-BusinessDirectory <= 3.1.2 - Unauthenticated Arbitrary File Deletion Affected: *-3.1.2 Patched: 3.1.3 Updated: July 1, 2026
LOW

wp-abstracts-manuscripts-manager

wp-abstracts-manuscripts-manager

Score: N/A WP Abstracts <= 2.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.7.4 Patched: Updated: July 1, 2026
LOW

workbox-video-from-vimeo-youtube-plugin

workbox-video-from-vimeo-youtube-plugin

Score: N/A Workbox Video from Vimeo & Youtube <= 3.2.2 - Reflected Cross-Site Scripting Affected: *-3.2.2 Patched: Updated: July 1, 2026
LOW

woocommerce-to-google-merchant-center

woocommerce-to-google-merchant-center

Score: N/A Woo Product Feed For Marketing Channels <= 1.9.0 - Missing Authorization Affected: *-1.9.0 Patched: Updated: July 1, 2026
LOW

woocommerce-multilingual

woocommerce-multilingual

Score: N/A WooCommerce Multilingual & Multicurrency <= 5.3.8 - Missing Authorization Affected: *-5.3.8 Patched: 5.3.9 Updated: July 1, 2026
LOW

woocommerce-mis-report

woocommerce-mis-report

Score: N/A WooCommerce Sales MIS Report <= 4.0.3 - Reflected Cross-Site Scripting Affected: *-4.0.3 Patched: Updated: July 1, 2026
LOW

woocommerce-exporter

woocommerce-exporter

Score: N/A WooCommerce – Store Exporter <= 2.7.4 - Reflected Cross-Site Scripting Affected: *-2.7.4 Patched: 2.7.5 Updated: July 1, 2026
LOW

wishlist

wishlist

Score: N/A Wishlist <= 1.0.44 - Authenticated (Subscriber+) SQL Injection Affected: *-1.0.44 Patched: Updated: July 1, 2026
LOW

windows-live-writer

windows-live-writer

Score: N/A Windows Live Writer <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 1, 2026
LOW

wetterwarner

wetterwarner

Score: N/A Wetterwarner <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.7.2 Patched: 2.8 Updated: July 1, 2026
LOW

wc-pickupp

wc-pickupp

Score: N/A WooCommerce Pickupp <= 2.4.0 - Unauthenticated Local File Inclusion Affected: *-2.4.0 Patched: Updated: July 1, 2026
LOW

wc-payphone-gateway

wc-payphone-gateway

Score: N/A WooCommerce – Payphone Gateway <= 3.2.0 - Reflected Cross-Site Scripting Affected: *-3.2.0 Patched: 3.2.1 Updated: July 1, 2026
LOW

waymark

waymark

Score: N/A Waymark <= 1.5.2 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.5.2 Patched: 1.5.3 Updated: July 1, 2026
LOW

waymark

waymark

Score: N/A Waymark <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.2 Patched: 1.5.3 Updated: July 1, 2026
LOW

vkontakte-cross-post

vkontakte-cross-post

Score: N/A VKontakte Cross-Post <= 0.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.3.2 Patched: Updated: July 1, 2026
LOW

vite-coupon

vite-coupon

Score: N/A Vite Coupon <= 1.0.9 - Cross-Site Request Forgery to Remote Code Execution Affected: *-1.0.9 Patched: 1.0.10 Updated: July 1, 2026
LOW

verowa-connect

verowa-connect

Score: N/A Verowa Connect <= 3.0.5 - Authenticated (Administrator+) SQL Injection Affected: *-3.0.5 Patched: 3.1.0 Updated: July 1, 2026
LOW

ut-demo-importer

ut-demo-importer

Score: N/A Ultra Demo Importer <= 1.0.5 - Cross-Site Request Forgery to Remote Code Execution Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

user-session-synchronizer

user-session-synchronizer

Score: N/A User Session Synchronizer <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.0 Patched: Updated: July 1, 2026
LOW

user-registration-using-contact-form-7

user-registration-using-contact-form-7

Score: N/A User Registration Using Contact Form 7 <= 2.4 - Cross-Site Request Forgery Affected: *-2.4 Patched: 2.5 Updated: July 1, 2026
LOW

ultimate-wp-mail

ultimate-wp-mail

Score: N/A Ultimate WP Mail <= 1.3.9 - Open Redirect Affected: *-1.3.9 Patched: Updated: July 1, 2026
LOW

ultimate-bootstrap-elements-for-elementor

ultimate-bootstrap-elements-for-elementor

Score: N/A Ultimate Bootstrap Elements for Elementor <= 1.4.9 - Unauthenticated Local File Inclusion Affected: *-1.4.9 Patched: 1.5.0 Updated: July 1, 2026
LOW

twispay

twispay

Score: N/A Twispay Credit Card Payments <= 2.1.2 - Reflected Cross-Site Scripting Affected: *-2.1.2 Patched: Updated: July 1, 2026
LOW

trusty-woo-products-filter

trusty-woo-products-filter

Score: N/A Shop Products Filter <= 1.2 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

tournamatch

tournamatch

Score: N/A Tournamatch <= 4.6.2 - Reflected Cross-Site Scripting Affected: *-4.6.2 Patched: Updated: July 1, 2026
LOW

the-world

the-world

Score: N/A The World <= 0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.4 Patched: Updated: July 1, 2026
LOW

testimonial-slider-showcase-pro

testimonial-slider-showcase-pro

Score: N/A Testimonial Slider And Showcase Pro <= 2.3.15 - Unauthenticated Local File Inclusion Affected: *-2.3.15 Patched: Updated: July 1, 2026
LOW

task-scheduler

task-scheduler

Score: N/A Task Scheduler <= 1.6.3 - Reflected Cross-Site Scripting Affected: *-1.6.3 Patched: Updated: July 1, 2026
LOW

squeeze

squeeze

Score: N/A Squeeze <= 1.6 - Authenticated (Admin+) Full Path Disclosure Affected: *-1.6 Patched: 1.6.1 Updated: July 1, 2026
LOW

squeeze

squeeze

Score: N/A Squeeze <= 1.6 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.6 Patched: 1.6.1 Updated: July 1, 2026
LOW

spoiler-block

spoiler-block

Score: N/A Spoiler Block <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 1, 2026
LOW

social-stream-design

social-stream-design

Score: N/A WP Social Stream Designer <= 1.3 - Authenticated (Administrator+) SQL Injection Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

social-crowd

social-crowd

Score: N/A Social Crowd <= 0.9.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.9.6.1 Patched: Updated: July 1, 2026
LOW

social-bookmarking-reloaded

social-bookmarking-reloaded

Score: N/A Social Bookmarking RELOADED <= 3.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.18 Patched: Updated: July 1, 2026
LOW

smart-product-gallery-slider

smart-product-gallery-slider

Score: N/A Smart Product Gallery Slider <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 1, 2026
LOW

site-table-of-contents

site-table-of-contents

Score: N/A Site Table of Contents <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.3 Patched: Updated: July 1, 2026
LOW

simple-spoiler

simple-spoiler

Score: N/A Simple Spoiler <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: July 1, 2026
LOW

simple-post-meta-manager

simple-post-meta-manager

Score: N/A Simple Post Meta Manager <= 1.0.9 - Reflected Cross-Site Scripting Affected: *-1.0.9 Patched: Updated: July 1, 2026
LOW

seo-nutrition-and-print-for-recipes-by-edamam

seo-nutrition-and-print-for-recipes-by-edamam

Score: N/A SEO, Nutrition and Print for Recipes by Edamam <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.3 Patched: Updated: July 1, 2026
LOW

seo-meta-tags

seo-meta-tags

Score: N/A Seo Meta Tags <= 1.4 - Cross-Site Request Forgery to Privilege Escalation Affected: *-1.4 Patched: Updated: July 1, 2026
LOW

seo-help

seo-help

Score: N/A SEO Help <= 6.6.1 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-6.6.1 Patched: Updated: July 1, 2026
LOW

script-compressor

script-compressor

Score: N/A Script Compressor <= 1.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7.1 Patched: Updated: July 1, 2026
LOW

scheduled

scheduled

Score: N/A Scheduled <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

scand-multi-mailer

scand-multi-mailer

Score: N/A MultiMailer <= 1.0.3 - Reflected Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 1, 2026
LOW

scand-multi-mailer

scand-multi-mailer

Score: N/A MultiMailer <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 1, 2026
LOW

rich-table-of-content

rich-table-of-content

Score: N/A Rich Table of Contents <= 1.4.0 - Missing Authorization Affected: *-1.4.0 Patched: 1.4.1 Updated: July 1, 2026
LOW

review-stream

review-stream

Score: N/A Review Stream <= 1.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.7 Patched: 1.6.8 Updated: July 1, 2026
LOW

review-stars-count-for-woocommerce

review-stars-count-for-woocommerce

Score: N/A Review Stars Count For WooCommerce <= 2.0 - Authenticated (Subscriber+) SQL Injection Affected: *-2.0 Patched: Updated: July 1, 2026
LOW

revechat

revechat

Score: N/A REVE Chat <= 6.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-6.2.2 Patched: Updated: July 1, 2026
LOW

restropress

restropress

Score: N/A RestroPress <= 3.2.8.6 - Reflected Cross-Site Scripting Affected: *-3.2.8.6 Patched: 3.2.8.6.1 Updated: July 1, 2026
LOW

request-call-back

request-call-back

Score: N/A Request Call Back <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 1, 2026
LOW

rentsyst

rentsyst

Score: N/A RentSyst <= 2.0.92 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.92 Patched: 2.0.93 Updated: July 1, 2026
LOW

recaptcha-jetpack

recaptcha-jetpack

Score: N/A reCAPTCHA Jetpack <= 0.2.2 - Cross-Site Request Forgery Affected: *-0.2.2 Patched: Updated: July 1, 2026
LOW

real-estate-manager

real-estate-manager

Score: N/A Real Estate Manager <= 7.3 - Unauthenticated Local File Inclusion Affected: *-7.3 Patched: Updated: July 1, 2026
LOW

print-science-designer

print-science-designer

Score: N/A Print Science Designer <= 1.3.155 - Unauthenticated Arbitrary File Download Affected: *-1.3.155 Patched: Updated: July 1, 2026
LOW

powerpress

powerpress

Score: N/A PowerPress Podcasting <= 11.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-11.12.5 Patched: 11.12.6 Updated: July 1, 2026
LOW

powerpress

powerpress

Score: N/A PowerPress Podcasting <= 11.12.6 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-11.12.6 Patched: 11.12.7 Updated: July 1, 2026
LOW

pojo-accessibility

pojo-accessibility

Score: N/A One Click Accessibility <= 3.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.0 Patched: 3.2.0 Updated: July 1, 2026
LOW

plugins-on-steroids

plugins-on-steroids

Score: N/A Eazy Plugin Manager <= 4.3.0 - Missing Authorization Affected: *-4.3.0 Patched: 4.4.0 Updated: July 1, 2026
LOW

pagopar-woocommerce-gateway

pagopar-woocommerce-gateway

Score: N/A Pagopar – WooCommerce Gateway <= 2.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.7.1 Patched: 2.8.0 Updated: July 1, 2026
LOW

oxygen-mydata

oxygen-mydata

Score: N/A Oxygen MyData for WooCommerce <= 1.0.64 - Unauthenticated Arbitrary File Deletion Affected: *-1.0.64 Patched: 1.0.65 Updated: July 1, 2026
LOW

oppso-unit-converter

oppso-unit-converter

Score: N/A Oppso Unit Converter <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

online-accessibility

online-accessibility

Score: N/A Accessibility Suite by Online ADA <= 4.18 - Authenticated (Subscriber+) SQL Injection Affected: *-4.18 Patched: 4.19 Updated: July 1, 2026

Showing 9901 to 10000 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 10:16 UTC.