Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
noakes-menu-manager noakes-menu-manager N/A Nav Menu Manager <= 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.5 3.2.6 July 1, 2026
nino-social-connect nino-social-connect N/A Nino Social Connect <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0 July 1, 2026
nimbata-call-tracking nimbata-call-tracking N/A Nimbata Call Tracking <= 1.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7.2 July 1, 2026
newsboard newsboard N/A NewsBoard Post and RSS Scroller <= 1.2.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.12 July 1, 2026
nepali-date-utilities nepali-date-utilities N/A Nepali Date Utilities <= 1.0.13 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.13 July 1, 2026
neon-product-designer-for-woocommerce neon-product-designer-for-woocommerce N/A Neon Product Designer <= 2.1.1 - Unauthenticated SQL Injection LOW *-2.1.1 July 1, 2026
myworks-woo-sync-for-quickbooks-online myworks-woo-sync-for-quickbooks-online
93
MyWorks WooCommerce Sync for QuickBooks Online <= 2.9.1 - Reflected Cross-Site Scripting LOW *-2.9.1 2.9.2 July 1, 2026
multiple-location-google-map multiple-location-google-map
91
Multiple Location Google Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 1, 2026
motors-car-dealership-classified-listings motors-car-dealership-classified-listings
93
Motors <= 1.4.71 - Unauthenticated Local File Inclusion LOW *-1.4.71 1.4.72 July 1, 2026
more-mime-type-filters more-mime-type-filters
91
More Mime Type Filters <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.3 July 1, 2026
mobile-smart mobile-smart
91
Mobile Smart <= v1.3.16 - Reflected Cross-Site Scripting LOW * - v1.3.16 July 1, 2026
mmx-make-me-christmas mmx-make-me-christmas
91
MMX – Make Me Christmas <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
mergado-marketing-pack mergado-marketing-pack
89
Mergado Pack <= 4.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.1.1 July 1, 2026
material-dashboard material-dashboard
93
Material Dashboard <= 1.4.5 - Authenticated (Subscriber+) Local File Inclusion LOW *-1.4.5 1.4.6 July 1, 2026
mapsvg-lite-interactive-vector-maps mapsvg-lite-interactive-vector-maps
93
MapSVG Lite <= 8.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-8.6.6 8.6.7 July 1, 2026
mapsvg-lite-interactive-vector-maps mapsvg-lite-interactive-vector-maps
93
MapSVG Lite <= 8.6.4 - Missing Authorization LOW *-8.6.4 8.6.5 July 1, 2026
mailhawk mailhawk
93
WordPress SMTP Service, Email Delivery Solved! — MailHawk <= 1.3.1 - Unauthenticated Local File Inclusion LOW *-1.3.1 1.3.2 July 1, 2026
magazine-lister-for-yumpu magazine-lister-for-yumpu
91
ePaper Lister for Yumpu <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.0 July 1, 2026
logo-showcase-ultimate logo-showcase-ultimate
93
Logo Showcase Ultimate <= 1.4.4 - Authenticated (Contributor+) Local File Inclusion LOW *-1.4.4 1.4.5 July 1, 2026
lock-your-updates lock-your-updates
91
Lock Your Updates <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 1, 2026
link-shield link-shield
89
Link Shield <= 0.5.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.5.4 July 1, 2026
language-field language-field
91
Language Field <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.9 July 1, 2026
keycaptcha keycaptcha
91
KeyCAPTCHA <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.5.1 July 1, 2026
js-jobs js-jobs
81
JS Job Manager <= 2.0.2 - Unauthenticated Local File Inclusion LOW *-2.0.2 July 1, 2026
job-board-manager job-board-manager
83
Job Board Manager <= 2.1.60 - Authenticated (Contributor+) PHP Object Injection LOW *-2.1.60 July 1, 2026
ip2location-world-clock ip2location-world-clock
93
IP2Location World Clock <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.9 1.1.10 July 1, 2026
interactive-us-map interactive-us-map
91
Interactive US Map <= 2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.7 July 1, 2026
interactive-geo-maps interactive-geo-maps
93
Interactive Geo Maps <= 1.6.24 - Reflected Cross-Site Scripting LOW *-1.6.24 1.6.25 July 1, 2026
insert-html-here insert-html-here
91
Insert HTML Here <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 1, 2026
indieblocks indieblocks
93
IndieBlocks <= 0.13.1 - Unauthenticated Server-Side Request Forgery LOW *-0.13.1 0.13.2 July 1, 2026
idonate idonate
89
IDonate <= 2.1.9 - Unauthenticated Local File Inclusion LOW *-2.1.9 July 1, 2026
html5-video-player-with-playlist html5-video-player-with-playlist
89
HTML5 Video Player with Playlist <= 2.50 - Reflected Cross-Site Scripting LOW *-2.50 July 1, 2026
fraudlabs-pro-for-woocommerce fraudlabs-pro-for-woocommerce
93
FraudLabs Pro for WooCommerce <= 2.22.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.22.8 2.22.9 July 1, 2026
foliopress-wysiwyg foliopress-wysiwyg
93
Foliopress WYSIWYG <= 2.6.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.6.18 2.6.19 July 1, 2026
flexytalk-widget flexytalk-widget
91
FrescoChat Live Chat <= 3.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.2.6 July 1, 2026
flexi flexi
89
Flexi – Guest Submit <= 4.28 - Unauthenticated Local File Inclusion LOW *-4.28 July 1, 2026
flags-widget flags-widget
91
Flags Widget <= 1.0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.7 July 1, 2026
firsth3tagadsense firsth3tagadsense
91
Sandwich Adsense <= 4.0.2 - Missing Authorization LOW *-4.0.2 July 1, 2026
fat-coming-soon fat-coming-soon
91
FAT Cooming Soon <= 1.1 - Unauthenticated Local File Inclusion LOW *-1.1 July 1, 2026
eventon-lite eventon-lite
93
EventON <= 2.4 - Unauthenticated Local File Inclusion LOW *-2.4 2.4.1 July 1, 2026
essential-breadcrumbs essential-breadcrumbs
89
Essential Breadcrumbs <= 1.1.1 - Cross-Site Request Forgery to Privilege Escalation LOW *-1.1.1 July 1, 2026
error-log-viewer-wp error-log-viewer-wp
91
Error Log Viewer <= 1.0.5 - Authenticated (Subscriber+) SQL Injection LOW *-1.0.5 July 1, 2026
Epeken All Kurir for Woocommerce epeken-all-kurir
67
Epeken All Kurir <= 1.4.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.6.2 July 1, 2026
EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading easyfonts
98
Easyfonts <= 1.1.2 - Cross-Site Request Forgery LOW *-1.1.2 1.1.3 July 1, 2026
easy-post-duplicator easy-post-duplicator
89
Easy Post Duplicator <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 1, 2026
easy-post-duplicator easy-post-duplicator
89
Easy Post Duplicator <= 1.0.1 - Authenticated (Subscriber+) SQL Injection LOW *-1.0.1 July 1, 2026
easy-custom-css easy-custom-css
91
Easy Custom CSS <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
duplicate-title-checker duplicate-title-checker
91
Duplicate Title Checker <= 1.2 - Authenticated (Subscriber+) SQL Injection LOW *-1.2 July 1, 2026
doppler-form doppler-form
93
Doppler Forms <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.5.1 2.6.0 July 1, 2026
debounce-io-email-validator debounce-io-email-validator
93
DeBounce Email Validator <= 5.8.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-5.8.1 5.8.2 July 1, 2026
database-toolset database-toolset
87
Database Toolset <= 1.8.4 - Unauthenticated Arbitrary File Deletion LOW *-1.8.4 July 1, 2026
czater czater
91
Czater.pl – live chat i telefon <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.5 July 1, 2026
customize-login-page customize-login-page
91
Customize Login Page <= 1.1 - Cross-Site Request Forgery LOW *-1.1 July 1, 2026
custom-smilies custom-smilies
91
Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 1, 2026
custom-posts-order custom-posts-order
93
Custom Posts Order <= 4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.4 4.5 July 1, 2026
connector-civicrm-mcrestface connector-civicrm-mcrestface
93
Connector to CiviCRM with CiviMcRestFace <= 1.0.8 - Reflected Cross-Site Scripting LOW *-1.0.8 1.0.9 July 1, 2026
connect-daily-web-calendar connect-daily-web-calendar
91
WordPress Events Calendar Plugin – connectDaily <= 1.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5.4 1.5.5 July 1, 2026
comment-validation-reloaded comment-validation-reloaded
91
Comment Validation Reloaded <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.5 July 1, 2026
codescar-radio-widget codescar-radio-widget
91
Codescar Radio Widget <= 0.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.4.2 July 1, 2026
click-pledge-connect click-pledge-connect
93
Click & Pledge Connect Plugin <= 2.24080000-WP6.6.1 - Unauthenticated SQL Injection LOW * - 2.24080000-WP6.6.1 2.24120000-WP6.7.1 July 1, 2026
chillpay-payment-gateway chillpay-payment-gateway
93
ChillPay WooCommerce <= 2.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.5.3 2.6.0 July 1, 2026
chat2 chat2
93
Chat2 <= 4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.0 4.1 July 1, 2026
cg-scroll-to-top cg-scroll-to-top
91
CG Scroll To Top <= 3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.5 July 1, 2026
cf7-manual-spam-blocker cf7-manual-spam-blocker
91
WordPress Spam Blocker <= 2.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.4 July 1, 2026
canonical-attachments canonical-attachments
91
Canonical Attachments <= 1.7 - Unauthenticated Stored Cross-Site Scripting LOW *-1.7 July 1, 2026
Calculated Fields Form calculated-fields-form
70
Calculated Fields Form <= 5.2.61 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-5.2.61 5.2.62 July 1, 2026
calais-auto-tagger calais-auto-tagger
91
WP Calais Auto Tagger <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0 July 1, 2026
build-app-online build-app-online
85
Build App Online <= 1.0.23 - Unauthenticated Local File Inclusion LOW *-1.0.23 July 1, 2026
buddypress-humanity buddypress-humanity
91
Buddypress Humanity <= 1.2 - Cross-Site Request Forgery to Privilege Escalation LOW *-1.2 July 1, 2026
brizy-pro brizy-pro
93
Brizy Pro <= 2.8.0 - Missing Authorization LOW *-2.8.0 2.8.1 July 1, 2026
brizy-pro brizy-pro
93
Brizy Pro <= 2.8.0 - Cross-Site Request Forgery LOW *-2.8.0 2.8.1 July 1, 2026
bp-social-connect bp-social-connect
91
BP Social Connect <= 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.2 July 1, 2026
automatic-ban-ip automatic-ban-ip
91
Automatic Ban IP <= 1.0.7 - Reflected Cross-Site Scripting LOW *-1.0.7 July 1, 2026
aria-font aria-font
95
Aria Font <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4 July 1, 2026
anytrack-affiliate-link-manager anytrack-affiliate-link-manager
95
AnyTrack Affiliate Link Manager <= 1.0.4 - Missing Authorization LOW *-1.0.4 1.5.5 July 1, 2026
anant-addons-for-elementor anant-addons-for-elementor
95
Anant Addons for Elementor <= 1.1.8 - Cross-Site Request Forgery to Arbitrary Plugin Installation LOW *-1.1.8 1.1.9 July 1, 2026
all-push-notification all-push-notification
92
All push notification for WP <= 1.5.3 - Cross-Site Request Forgery to SQL Injection LOW *-1.5.3 July 1, 2026
ald-login-page ald-login-page
97
ALD Login Page <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 1.3 July 1, 2026
age-gate age-gate
97
Age Gate <= 3.5.4 - Missing Authorization LOW *-3.5.4 3.6.0 July 1, 2026
af-tell-a-friend af-tell-a-friend
95
AF Tell a Friend <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4 July 1, 2026
advanced-tag-list advanced-tag-list
95
Advanced Tag Lists <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 1, 2026
admin-menu-post-list admin-menu-post-list
95
Admin Menu Post List <= 2.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0.7 July 1, 2026
accordions accordions
97
Accordion <= 2.3.11 - Authenticated (Contributor+) PHP Object Injection LOW *-2.3.11 2.3.12 July 1, 2026
aba-payway-woocommerce-payment-gateway aba-payway-woocommerce-payment-gateway
97
ABA PayWay Payment Gateway for WooCommerce <= 2.1.4 - Reflected Cross-Site Scripting LOW *-2.1.4 2.1.5 July 1, 2026
wedevs-project-manager wedevs-project-manager N/A WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload LOW *-2.6.22 2.6.23 July 1, 2026
wp-user-profiles wp-user-profiles N/A WP User Profiles <= 2.6.2 - Authenticated (Subscriber+) Privilege Escalation LOW *-2.6.2 July 1, 2026
wp-remote-thumbnail wp-remote-thumbnail N/A WP Remote Thumbnail <= 1.3.2 - Authenticated (Contributor+) Arbitrary File Upload LOW *-1.3.2 July 1, 2026
sync-wc-google sync-wc-google N/A Bulk Product Sync <= 8.6 - Unauthenticated SQL Injection LOW *-8.6 9.0 July 1, 2026
site-notify site-notify N/A Site Notify <= 1.0 - Missing Authorization LOW *-1.0 July 1, 2026
processing-projects processing-projects N/A Processing Projects <= 1.0.2 - Authenticated (Shop Manager+) Arbitrary File Upload LOW *-1.0.2 July 1, 2026
Event Booking Manager for WooCommerce mage-eventpress
82
WpEvently <= 4.3.6 - Authenticated (Contributor+) PHP Object Injection LOW *-4.3.6 4.3.7 July 1, 2026
insert-or-embed-articulate-content-into-wordpress insert-or-embed-articulate-content-into-wordpress
93
Insert or Embed Articulate Content into WordPress <= 4.3000000025 - Authenticated (Editor+) Arbitrary File Upload LOW *-4.3000000025 4.3000000026 July 1, 2026
Hive Support | AI-Powered Help Desk, Live Chat and Chatbot hive-support
68
Hive Support <= 1.2.11 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.2.11 1.2.12 July 1, 2026
Calculated Fields Form calculated-fields-form
70
Calculated Fields Form <= 5.2.61 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-5.2.61 5.2.62 July 1, 2026
accept-sagepay-payments-using-contact-form-7 accept-sagepay-payments-using-contact-form-7
97
Accept SagePay Payments Using Contact Form 7 <= 2.0 - Unauthenticated Information Exposure LOW *-2.0 2.1 July 1, 2026
motors-car-dealership-classified-listings motors-car-dealership-classified-listings
93
Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation LOW *-1.4.64 1.4.65 July 1, 2026
wpfront-user-role-editor wpfront-user-role-editor N/A WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function LOW *-4.2.1 4.2.2 July 1, 2026
green-money-payment-gateway green-money-payment-gateway
93
GreenPay(tm) by Green.Money 3.0.0 - 3.0.9 - Unauthenticated Information Exposure LOW 3.0.0-3.0.9 3.0.10 July 1, 2026
melhor-envio-cotacao melhor-envio-cotacao
93
Melhor Envio <= 2.15.11 - Unauthenticated Sensitive Information Exposure via Hardcoded Hash LOW *-2.15.11 2.15.12 July 1, 2026
simple-wp-events simple-wp-events N/A Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion LOW *-1.8.17 1.9.0 July 1, 2026
LOW

noakes-menu-manager

noakes-menu-manager

Score: N/A Nav Menu Manager <= 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.5 Patched: 3.2.6 Updated: July 1, 2026
LOW

nino-social-connect

nino-social-connect

Score: N/A Nino Social Connect <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 1, 2026
LOW

nimbata-call-tracking

nimbata-call-tracking

Score: N/A Nimbata Call Tracking <= 1.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7.2 Patched: Updated: July 1, 2026
LOW

newsboard

newsboard

Score: N/A NewsBoard Post and RSS Scroller <= 1.2.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.12 Patched: Updated: July 1, 2026
LOW

nepali-date-utilities

nepali-date-utilities

Score: N/A Nepali Date Utilities <= 1.0.13 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.13 Patched: Updated: July 1, 2026
LOW

neon-product-designer-for-woocommerce

neon-product-designer-for-woocommerce

Score: N/A Neon Product Designer <= 2.1.1 - Unauthenticated SQL Injection Affected: *-2.1.1 Patched: Updated: July 1, 2026
LOW

myworks-woo-sync-for-quickbooks-online

myworks-woo-sync-for-quickbooks-online

Score: 93/100 MyWorks WooCommerce Sync for QuickBooks Online <= 2.9.1 - Reflected Cross-Site Scripting Affected: *-2.9.1 Patched: 2.9.2 Updated: July 1, 2026
LOW

multiple-location-google-map

multiple-location-google-map

Score: 91/100 Multiple Location Google Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

motors-car-dealership-classified-listings

motors-car-dealership-classified-listings

Score: 93/100 Motors <= 1.4.71 - Unauthenticated Local File Inclusion Affected: *-1.4.71 Patched: 1.4.72 Updated: July 1, 2026
LOW

more-mime-type-filters

more-mime-type-filters

Score: 91/100 More Mime Type Filters <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.3 Patched: Updated: July 1, 2026
LOW

mobile-smart

mobile-smart

Score: 91/100 Mobile Smart <= v1.3.16 - Reflected Cross-Site Scripting Affected: * - v1.3.16 Patched: Updated: July 1, 2026
LOW

mmx-make-me-christmas

mmx-make-me-christmas

Score: 91/100 MMX – Make Me Christmas <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

mergado-marketing-pack

mergado-marketing-pack

Score: 89/100 Mergado Pack <= 4.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.1.1 Patched: Updated: July 1, 2026
LOW

material-dashboard

material-dashboard

Score: 93/100 Material Dashboard <= 1.4.5 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.4.5 Patched: 1.4.6 Updated: July 1, 2026
LOW

mapsvg-lite-interactive-vector-maps

mapsvg-lite-interactive-vector-maps

Score: 93/100 MapSVG Lite <= 8.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.6.6 Patched: 8.6.7 Updated: July 1, 2026
LOW

mapsvg-lite-interactive-vector-maps

mapsvg-lite-interactive-vector-maps

Score: 93/100 MapSVG Lite <= 8.6.4 - Missing Authorization Affected: *-8.6.4 Patched: 8.6.5 Updated: July 1, 2026
LOW

mailhawk

mailhawk

Score: 93/100 WordPress SMTP Service, Email Delivery Solved! — MailHawk <= 1.3.1 - Unauthenticated Local File Inclusion Affected: *-1.3.1 Patched: 1.3.2 Updated: July 1, 2026
LOW

magazine-lister-for-yumpu

magazine-lister-for-yumpu

Score: 91/100 ePaper Lister for Yumpu <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.0 Patched: Updated: July 1, 2026
LOW

logo-showcase-ultimate

logo-showcase-ultimate

Score: 93/100 Logo Showcase Ultimate <= 1.4.4 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.4.4 Patched: 1.4.5 Updated: July 1, 2026
LOW

lock-your-updates

lock-your-updates

Score: 91/100 Lock Your Updates <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

link-shield

link-shield

Score: 89/100 Link Shield <= 0.5.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.5.4 Patched: Updated: July 1, 2026
LOW

language-field

language-field

Score: 91/100 Language Field <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.9 Patched: Updated: July 1, 2026
LOW

keycaptcha

keycaptcha

Score: 91/100 KeyCAPTCHA <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.5.1 Patched: Updated: July 1, 2026
LOW

js-jobs

js-jobs

Score: 81/100 JS Job Manager <= 2.0.2 - Unauthenticated Local File Inclusion Affected: *-2.0.2 Patched: Updated: July 1, 2026
LOW

job-board-manager

job-board-manager

Score: 83/100 Job Board Manager <= 2.1.60 - Authenticated (Contributor+) PHP Object Injection Affected: *-2.1.60 Patched: Updated: July 1, 2026
LOW

ip2location-world-clock

ip2location-world-clock

Score: 93/100 IP2Location World Clock <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.9 Patched: 1.1.10 Updated: July 1, 2026
LOW

interactive-us-map

interactive-us-map

Score: 91/100 Interactive US Map <= 2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.7 Patched: Updated: July 1, 2026
LOW

interactive-geo-maps

interactive-geo-maps

Score: 93/100 Interactive Geo Maps <= 1.6.24 - Reflected Cross-Site Scripting Affected: *-1.6.24 Patched: 1.6.25 Updated: July 1, 2026
LOW

insert-html-here

insert-html-here

Score: 91/100 Insert HTML Here <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

indieblocks

indieblocks

Score: 93/100 IndieBlocks <= 0.13.1 - Unauthenticated Server-Side Request Forgery Affected: *-0.13.1 Patched: 0.13.2 Updated: July 1, 2026
LOW

idonate

idonate

Score: 89/100 IDonate <= 2.1.9 - Unauthenticated Local File Inclusion Affected: *-2.1.9 Patched: Updated: July 1, 2026
LOW

html5-video-player-with-playlist

html5-video-player-with-playlist

Score: 89/100 HTML5 Video Player with Playlist <= 2.50 - Reflected Cross-Site Scripting Affected: *-2.50 Patched: Updated: July 1, 2026
LOW

fraudlabs-pro-for-woocommerce

fraudlabs-pro-for-woocommerce

Score: 93/100 FraudLabs Pro for WooCommerce <= 2.22.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.22.8 Patched: 2.22.9 Updated: July 1, 2026
LOW

foliopress-wysiwyg

foliopress-wysiwyg

Score: 93/100 Foliopress WYSIWYG <= 2.6.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.6.18 Patched: 2.6.19 Updated: July 1, 2026
LOW

flexytalk-widget

flexytalk-widget

Score: 91/100 FrescoChat Live Chat <= 3.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.2.6 Patched: Updated: July 1, 2026
LOW

flexi

flexi

Score: 89/100 Flexi – Guest Submit <= 4.28 - Unauthenticated Local File Inclusion Affected: *-4.28 Patched: Updated: July 1, 2026
LOW

flags-widget

flags-widget

Score: 91/100 Flags Widget <= 1.0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.7 Patched: Updated: July 1, 2026
LOW

firsth3tagadsense

firsth3tagadsense

Score: 91/100 Sandwich Adsense <= 4.0.2 - Missing Authorization Affected: *-4.0.2 Patched: Updated: July 1, 2026
LOW

fat-coming-soon

fat-coming-soon

Score: 91/100 FAT Cooming Soon <= 1.1 - Unauthenticated Local File Inclusion Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

eventon-lite

eventon-lite

Score: 93/100 EventON <= 2.4 - Unauthenticated Local File Inclusion Affected: *-2.4 Patched: 2.4.1 Updated: July 1, 2026
LOW

essential-breadcrumbs

essential-breadcrumbs

Score: 89/100 Essential Breadcrumbs <= 1.1.1 - Cross-Site Request Forgery to Privilege Escalation Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

error-log-viewer-wp

error-log-viewer-wp

Score: 91/100 Error Log Viewer <= 1.0.5 - Authenticated (Subscriber+) SQL Injection Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

Epeken All Kurir for Woocommerce

epeken-all-kurir

Score: 67/100 Epeken All Kurir <= 1.4.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.6.2 Patched: Updated: July 1, 2026
LOW

easy-post-duplicator

easy-post-duplicator

Score: 89/100 Easy Post Duplicator <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

easy-post-duplicator

easy-post-duplicator

Score: 89/100 Easy Post Duplicator <= 1.0.1 - Authenticated (Subscriber+) SQL Injection Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

easy-custom-css

easy-custom-css

Score: 91/100 Easy Custom CSS <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

duplicate-title-checker

duplicate-title-checker

Score: 91/100 Duplicate Title Checker <= 1.2 - Authenticated (Subscriber+) SQL Injection Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

doppler-form

doppler-form

Score: 93/100 Doppler Forms <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.5.1 Patched: 2.6.0 Updated: July 1, 2026
LOW

debounce-io-email-validator

debounce-io-email-validator

Score: 93/100 DeBounce Email Validator <= 5.8.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-5.8.1 Patched: 5.8.2 Updated: July 1, 2026
LOW

database-toolset

database-toolset

Score: 87/100 Database Toolset <= 1.8.4 - Unauthenticated Arbitrary File Deletion Affected: *-1.8.4 Patched: Updated: July 1, 2026
LOW

czater

czater

Score: 91/100 Czater.pl – live chat i telefon <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

customize-login-page

customize-login-page

Score: 91/100 Customize Login Page <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

custom-smilies

custom-smilies

Score: 91/100 Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

custom-posts-order

custom-posts-order

Score: 93/100 Custom Posts Order <= 4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.4 Patched: 4.5 Updated: July 1, 2026
LOW

connector-civicrm-mcrestface

connector-civicrm-mcrestface

Score: 93/100 Connector to CiviCRM with CiviMcRestFace <= 1.0.8 - Reflected Cross-Site Scripting Affected: *-1.0.8 Patched: 1.0.9 Updated: July 1, 2026
LOW

connect-daily-web-calendar

connect-daily-web-calendar

Score: 91/100 WordPress Events Calendar Plugin – connectDaily <= 1.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5.4 Patched: 1.5.5 Updated: July 1, 2026
LOW

comment-validation-reloaded

comment-validation-reloaded

Score: 91/100 Comment Validation Reloaded <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.5 Patched: Updated: July 1, 2026
LOW

codescar-radio-widget

codescar-radio-widget

Score: 91/100 Codescar Radio Widget <= 0.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.4.2 Patched: Updated: July 1, 2026
LOW

click-pledge-connect

click-pledge-connect

Score: 93/100 Click & Pledge Connect Plugin <= 2.24080000-WP6.6.1 - Unauthenticated SQL Injection Affected: * - 2.24080000-WP6.6.1 Patched: 2.24120000-WP6.7.1 Updated: July 1, 2026
LOW

chillpay-payment-gateway

chillpay-payment-gateway

Score: 93/100 ChillPay WooCommerce <= 2.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.5.3 Patched: 2.6.0 Updated: July 1, 2026
LOW

chat2

chat2

Score: 93/100 Chat2 <= 4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.0 Patched: 4.1 Updated: July 1, 2026
LOW

cg-scroll-to-top

cg-scroll-to-top

Score: 91/100 CG Scroll To Top <= 3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.5 Patched: Updated: July 1, 2026
LOW

cf7-manual-spam-blocker

cf7-manual-spam-blocker

Score: 91/100 WordPress Spam Blocker <= 2.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.4 Patched: Updated: July 1, 2026
LOW

canonical-attachments

canonical-attachments

Score: 91/100 Canonical Attachments <= 1.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 1, 2026
LOW

Calculated Fields Form

calculated-fields-form

Score: 70/100 Calculated Fields Form <= 5.2.61 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.2.61 Patched: 5.2.62 Updated: July 1, 2026
LOW

calais-auto-tagger

calais-auto-tagger

Score: 91/100 WP Calais Auto Tagger <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 1, 2026
LOW

build-app-online

build-app-online

Score: 85/100 Build App Online <= 1.0.23 - Unauthenticated Local File Inclusion Affected: *-1.0.23 Patched: Updated: July 1, 2026
LOW

buddypress-humanity

buddypress-humanity

Score: 91/100 Buddypress Humanity <= 1.2 - Cross-Site Request Forgery to Privilege Escalation Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

brizy-pro

brizy-pro

Score: 93/100 Brizy Pro <= 2.8.0 - Missing Authorization Affected: *-2.8.0 Patched: 2.8.1 Updated: July 1, 2026
LOW

brizy-pro

brizy-pro

Score: 93/100 Brizy Pro <= 2.8.0 - Cross-Site Request Forgery Affected: *-2.8.0 Patched: 2.8.1 Updated: July 1, 2026
LOW

bp-social-connect

bp-social-connect

Score: 91/100 BP Social Connect <= 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.2 Patched: Updated: July 1, 2026
LOW

automatic-ban-ip

automatic-ban-ip

Score: 91/100 Automatic Ban IP <= 1.0.7 - Reflected Cross-Site Scripting Affected: *-1.0.7 Patched: Updated: July 1, 2026
LOW

aria-font

aria-font

Score: 95/100 Aria Font <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 1, 2026
LOW

anytrack-affiliate-link-manager

anytrack-affiliate-link-manager

Score: 95/100 AnyTrack Affiliate Link Manager <= 1.0.4 - Missing Authorization Affected: *-1.0.4 Patched: 1.5.5 Updated: July 1, 2026
LOW

anant-addons-for-elementor

anant-addons-for-elementor

Score: 95/100 Anant Addons for Elementor <= 1.1.8 - Cross-Site Request Forgery to Arbitrary Plugin Installation Affected: *-1.1.8 Patched: 1.1.9 Updated: July 1, 2026
LOW

all-push-notification

all-push-notification

Score: 92/100 All push notification for WP <= 1.5.3 - Cross-Site Request Forgery to SQL Injection Affected: *-1.5.3 Patched: Updated: July 1, 2026
LOW

ald-login-page

ald-login-page

Score: 97/100 ALD Login Page <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: 1.3 Updated: July 1, 2026
LOW

age-gate

age-gate

Score: 97/100 Age Gate <= 3.5.4 - Missing Authorization Affected: *-3.5.4 Patched: 3.6.0 Updated: July 1, 2026
LOW

af-tell-a-friend

af-tell-a-friend

Score: 95/100 AF Tell a Friend <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 1, 2026
LOW

advanced-tag-list

advanced-tag-list

Score: 95/100 Advanced Tag Lists <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

admin-menu-post-list

admin-menu-post-list

Score: 95/100 Admin Menu Post List <= 2.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.7 Patched: Updated: July 1, 2026
LOW

accordions

accordions

Score: 97/100 Accordion <= 2.3.11 - Authenticated (Contributor+) PHP Object Injection Affected: *-2.3.11 Patched: 2.3.12 Updated: July 1, 2026
LOW

aba-payway-woocommerce-payment-gateway

aba-payway-woocommerce-payment-gateway

Score: 97/100 ABA PayWay Payment Gateway for WooCommerce <= 2.1.4 - Reflected Cross-Site Scripting Affected: *-2.1.4 Patched: 2.1.5 Updated: July 1, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload Affected: *-2.6.22 Patched: 2.6.23 Updated: July 1, 2026
LOW

wp-user-profiles

wp-user-profiles

Score: N/A WP User Profiles <= 2.6.2 - Authenticated (Subscriber+) Privilege Escalation Affected: *-2.6.2 Patched: Updated: July 1, 2026
LOW

wp-remote-thumbnail

wp-remote-thumbnail

Score: N/A WP Remote Thumbnail <= 1.3.2 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-1.3.2 Patched: Updated: July 1, 2026
LOW

sync-wc-google

sync-wc-google

Score: N/A Bulk Product Sync <= 8.6 - Unauthenticated SQL Injection Affected: *-8.6 Patched: 9.0 Updated: July 1, 2026
LOW

site-notify

site-notify

Score: N/A Site Notify <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

processing-projects

processing-projects

Score: N/A Processing Projects <= 1.0.2 - Authenticated (Shop Manager+) Arbitrary File Upload Affected: *-1.0.2 Patched: Updated: July 1, 2026
LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 WpEvently <= 4.3.6 - Authenticated (Contributor+) PHP Object Injection Affected: *-4.3.6 Patched: 4.3.7 Updated: July 1, 2026
LOW

insert-or-embed-articulate-content-into-wordpress

insert-or-embed-articulate-content-into-wordpress

Score: 93/100 Insert or Embed Articulate Content into WordPress <= 4.3000000025 - Authenticated (Editor+) Arbitrary File Upload Affected: *-4.3000000025 Patched: 4.3000000026 Updated: July 1, 2026
LOW

Calculated Fields Form

calculated-fields-form

Score: 70/100 Calculated Fields Form <= 5.2.61 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.2.61 Patched: 5.2.62 Updated: July 1, 2026
LOW

accept-sagepay-payments-using-contact-form-7

accept-sagepay-payments-using-contact-form-7

Score: 97/100 Accept SagePay Payments Using Contact Form 7 <= 2.0 - Unauthenticated Information Exposure Affected: *-2.0 Patched: 2.1 Updated: July 1, 2026
LOW

motors-car-dealership-classified-listings

motors-car-dealership-classified-listings

Score: 93/100 Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation Affected: *-1.4.64 Patched: 1.4.65 Updated: July 1, 2026
LOW

wpfront-user-role-editor

wpfront-user-role-editor

Score: N/A WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function Affected: *-4.2.1 Patched: 4.2.2 Updated: July 1, 2026
LOW

green-money-payment-gateway

green-money-payment-gateway

Score: 93/100 GreenPay(tm) by Green.Money 3.0.0 - 3.0.9 - Unauthenticated Information Exposure Affected: 3.0.0-3.0.9 Patched: 3.0.10 Updated: July 1, 2026
LOW

melhor-envio-cotacao

melhor-envio-cotacao

Score: 93/100 Melhor Envio <= 2.15.11 - Unauthenticated Sensitive Information Exposure via Hardcoded Hash Affected: *-2.15.11 Patched: 2.15.12 Updated: July 1, 2026
LOW

simple-wp-events

simple-wp-events

Score: N/A Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion Affected: *-1.8.17 Patched: 1.9.0 Updated: July 1, 2026

Showing 10001 to 10100 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 11:29 UTC.