Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36319

Across tracked plugins

Affected Plugins

90

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wp-recall wp-recall N/A WP-Recall <= 16.26.11 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-16.26.11 16.26.12 July 1, 2026
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets wp-all-import
66
Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 - Use of Vulnerable Component (PHPExcel) LOW *-3.8.0 3.9.0 July 1, 2026
widgets-as-shortcodes widgets-as-shortcodes N/A Widgetize Pages Light <= 3.0 & Widgets as Shortcodes <= 5.9.10 - Reflected Cross-Site Scripting LOW *-5.9.10 July 1, 2026
widgetize-pages-light widgetize-pages-light N/A Widgetize Pages Light <= 3.0 & Widgets as Shortcodes <= 5.9.10 - Reflected Cross-Site Scripting LOW *-3.0 July 1, 2026
vayu-blocks vayu-blocks N/A Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update LOW 1.0.4-1.2.1 1.2.2 July 1, 2026
tutor tutor N/A Tutor LMS <= 3.4.0 - Authenticated (Subscriber+) HTML Injection LOW *-3.4.0 3.4.1 July 1, 2026
totalprocessing-card-payments totalprocessing-card-payments N/A Nomupay Payment Processing Gateway <= 7.1.5 - Authenticated (Subscriber+) Arbitrary File Download LOW *-7.1.5 7.1.6 July 1, 2026
survey-maker survey-maker N/A Survey Maker <= 5.1.6.3 - Unauthenticated Authorization Bypass LOW *-5.1.6.3 5.1.6.4 July 1, 2026
spider-elements spider-elements N/A Spider Elements – Addons for Elementor <= 1.6.3 - Missing Authorization LOW *-1.6.3 1.6.7 July 1, 2026
specia-companion specia-companion N/A Specia Companion <= 4.8 - Missing Authorization LOW *-4.8 July 1, 2026
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms simple-tags
70
WordPress Tag, Category, and Taxonomy Manager – AI Autotagger <= 3.32.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.32.0 3.33.0 July 1, 2026
seo-help seo-help N/A SEO Help <= 6.8.5 - Missing Authorization LOW *-6.8.5 6.8.6 July 1, 2026
qr-master qr-master N/A QR Master <= 1.0.5 - Reflected Cross-Site Scripting LOW *-1.0.5 July 1, 2026
popping-content-light popping-content-light N/A Popping Content Light <= 2.4 - Reflected Cross-Site Scripting LOW *-2.4 July 1, 2026
piotnetforms piotnetforms N/A Piotnet Forms <= 1.0.30 - Authenticated (Editor+) Path Traversal LOW *-1.0.30 July 1, 2026
online-accessibility online-accessibility N/A Accessibility Suite by Online ADA <= 4.18 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-4.18 4.19 July 1, 2026
nearby-locations nearby-locations
91
Nearby Locations <= 1.1.1 - Authenticated (Administrator+) SQL Injection LOW *-1.1.1 July 1, 2026
motors-car-dealership-classified-listings motors-car-dealership-classified-listings
93
Motors – Car Dealership & Classified Listings Plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.4.63 1.4.64 July 1, 2026
motors-car-dealership-classified-listings motors-car-dealership-classified-listings
93
Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 - Missing Authorization to Authenticated (Subscriber+) Wizard Set-up LOW *-1.4.66 1.4.67 July 1, 2026
melapress-login-security-premium melapress-login-security-premium
93
MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion LOW 2.1.0 2.1.1 July 1, 2026
melapress-login-security melapress-login-security
93
MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion LOW 2.1.0 2.1.1 July 1, 2026
internal-link-finder internal-link-finder
93
Internal Link Optimiser <= 5.1.2 - Missing Authorization to Unauthenticated Settings Update LOW *-5.1.2 5.1.3 July 1, 2026
Hive Support | AI-Powered Help Desk, Live Chat and Chatbot hive-support
68
Hive Support <= 1.2.5 - Missing Authorization LOW *-1.2.5 1.2.6 July 1, 2026
Hive Support | AI-Powered Help Desk, Live Chat and Chatbot hive-support
68
Hive Support <= 1.2.5 - Missing Authorization LOW *-1.2.5 1.2.6 July 1, 2026
global-gallery global-gallery
91
Global Gallery <= 8.8.0 - Reflected Cross-Site Scripting LOW *-8.8.0 July 1, 2026
funnel-builder funnel-builder
93
Funnel Builder for WordPress by FunnelKit <= 3.10.1 - Authenticated (Administrator+) SQL Injection LOW *-3.10.1 3.10.2 July 1, 2026
flo-forms flo-forms
89
Flo Forms <= 1.0.43 - Missing Authorization LOW *-1.0.43 July 1, 2026
eazydocs eazydocs
93
EazyDocs <= 2.7.1 - Missing Authorization LOW *-2.7.1 2.7.2 July 1, 2026
dzs-zoomsounds dzs-zoomsounds
83
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download LOW *-6.91 July 1, 2026
coreactivity coreactivity
93
coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated (Subscriber+) SQL Injection LOW *-2.7 2.7.1 July 1, 2026
cm-invitation-codes cm-invitation-codes
93
CM Registration and Invitation Codes <= 2.5.5 - Missing Authorization LOW *-2.5.5 2.5.6 July 1, 2026
circle-image-slider-with-lightbox circle-image-slider-with-lightbox
93
Team Circle Image Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection LOW *-1.0.4 1.0.5 July 1, 2026
cardgate cardgate
93
CardGate Payments for WooCommerce <= 3.2.1 - Authenticated (Administrator+) SQL Injection LOW *-3.2.1 3.2.2 July 1, 2026
broadstreet broadstreet
93
Broadstreet <= 1.52.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.52.1 1.52.2 July 1, 2026
asgaros-forum asgaros-forum
97
Asgaros Forum <= 3.0.0 - Authenticated (Subscriber+) Authorization Bypass LOW *-3.0.0 3.1.0 July 1, 2026
advanced-cf7-db advanced-cf7-db
95
Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 - Use of Vulnerable Component (PHPExcel) LOW *-2.0.8 2.0.9 July 1, 2026
advanced-advertising-system advanced-advertising-system
95
Advanced Advertising System <= 1.3.1 - Open Redirect LOW *-1.3.1 July 1, 2026
admin-site-enhancements admin-site-enhancements
97
Admin and Site Enhancements (ASE) <= 7.6.9 - Password Protection Bypass LOW *-7.6.9 7.6.10 July 1, 2026
aawp-obfuscator aawp-obfuscator
95
AAWEP Obfuscator <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.0 July 1, 2026
5-sterrenspecialist 5-sterrenspecialist
97
5sterrenspecialist <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 1.5 July 1, 2026
3dprint-lite 3dprint-lite
97
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text' LOW *-2.1.3.6 2.1.3.7 July 1, 2026
3dprint-lite 3dprint-lite
97
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text' LOW *-2.1.3.6 2.1.3.7 July 1, 2026
3dprint-lite 3dprint-lite
97
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text' LOW *-2.1.3.6 2.1.3.7 July 1, 2026
3dprint-lite 3dprint-lite
97
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text' LOW *-2.1.3.6 2.1.3.7 July 1, 2026
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links broken-link-checker-seo
93
Broken Link Checker by AIOSEO <= 1.2.3 - Authenticated (Contributor+) SQL Injection LOW *-1.2.3 1.2.4 July 1, 2026
drag-and-drop-multiple-file-upload-for-woocommerce drag-and-drop-multiple-file-upload-for-woocommerce
93
Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move LOW *-1.1.4 1.1.5 July 1, 2026
dzs-zoomsounds dzs-zoomsounds
83
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation LOW *-6.91 July 1, 2026
dc-woocommerce-multi-vendor dc-woocommerce-multi-vendor
93
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion LOW *-4.2.19 4.2.20 July 1, 2026
kb-support kb-support
91
KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-1.7.4 July 1, 2026
ai-content-pipelines ai-content-pipelines
95
AI Content Pipelines <= 1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-1.6 July 1, 2026
expand-maker expand-maker
89
Read More & Accordion <= 3.4.7 - Cross-Site Request Forgery to Local File Inclusion LOW *-3.4.7 3.4.8 July 1, 2026
wp-update-mail-notification wp-update-mail-notification N/A Email Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-1.1.6 1.2.0 July 1, 2026
link-library link-library
93
Link Library <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Additional Parameters LOW *-7.7.3 7.8 July 1, 2026
yamaps yamaps N/A YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.6.40 0.6.41 July 1, 2026
xpro-theme-builder xpro-theme-builder N/A Xpro Theme Builder <= 1.2.8.4 - Missing Authorization LOW *-1.2.8.4 1.2.8.5 July 1, 2026
xpro-elementor-addons xpro-elementor-addons N/A Xpro Elementor Addons <= 1.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.10 1.4.11 July 1, 2026
wpgenealogy wpgenealogy N/A WP Genealogy – Your Family History Website <= 0.1.9 - Missing Authorization LOW *-0.1.9 July 1, 2026
wpbookit wpbookit N/A WPBookit <= 1.0.7 - Missing Authorization LOW *-1.0.7 1.0.8 July 1, 2026
wp-w3all-phpbb-integration wp-w3all-phpbb-integration N/A WP w3all phpBB <= 2.9.8 - Cross-Site Request Forgery LOW *-2.9.8 2.9.9 July 1, 2026
wp-ulike wp-ulike N/A WP ULike <= 4.7.9.1 - Missing Authorization to Unauthenticated Content Spoofing LOW *-4.7.9.1 4.7.10 July 1, 2026
wp-to-hootsuite wp-to-hootsuite N/A Post to Social Media – WordPress to Hootsuite <= 1.5.9 - Cross-Site Request Forgery LOW *-1.5.9 1.6.0 July 1, 2026
wp-spotlight-search wp-spotlight-search N/A Advanced All in One Admin Search by WP Spotlight <= 1.1.1 - Cross-Site Request Forgery LOW *-1.1.1 1.1.2 July 1, 2026
wp-share-buttons-analytics-by-getsocial wp-share-buttons-analytics-by-getsocial N/A Social Share Buttons & Analytics Plugin – GetSocial.io <= 4.5 - Missing Authorization LOW *-4.5 July 1, 2026
wp-event-manager wp-event-manager N/A WP Event Manager <= 3.2.0 - Missing Authorization LOW *-3.2.0 3.2.1 July 1, 2026
woocommerce-role-pricing woocommerce-role-pricing N/A Woocommerce Role Pricing <= 3.5.5 - Cross-Site Request Forgery LOW *-3.5.5 July 1, 2026
wishlist wishlist N/A Wishlist <= 1.0.44 - Cross-Site Request Forgery LOW *-1.0.44 July 1, 2026
wedevs-project-manager wedevs-project-manager N/A WP Project Manager <= 2.6.24 - Cross-Site Request Forgery LOW *-2.6.24 2.6.25 July 1, 2026
vk-filter-search vk-filter-search N/A VK Filter Search <= 2.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.20.3 2.20.4 July 1, 2026
video-playlist-for-youtube video-playlist-for-youtube N/A Video Playlist For YouTube <= 6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.6 July 1, 2026
vg-woocarousel vg-woocarousel N/A VG WooCarousel <= 1.3 - Authenticated (Contributor+) Local File Inclusion LOW *-1.3 July 1, 2026
variable-inspector variable-inspector N/A Variable Inspector < 2.7.1 - Missing Authorization LOW [*, 2.7.1) 2.7.1 July 1, 2026
vagonic-sortable vagonic-sortable N/A Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic <= 1.9 - Missing Authorization LOW *-1.9 July 1, 2026
ut-elementor-addons-lite ut-elementor-addons-lite N/A Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.8 1.1.9 July 1, 2026
url-shortify url-shortify N/A URL Shortify <= 1.10.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.10.5.1 1.10.6 July 1, 2026
ultraaddons-elementor-lite ultraaddons-elementor-lite N/A UltraAddons <= 2.0.0 - Cross-Site Request Forgery LOW *-2.0.0 July 1, 2026
ultimate-store-kit ultimate-store-kit N/A Ultimate Store Kit Elementor Addons <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.0 2.6.0 July 1, 2026
ulisting ulisting N/A uListing <= 2.1.9 - Authenticated (Administrator+) SQL Injection LOW *-2.1.9 July 1, 2026
turbo-addons-elementor turbo-addons-elementor N/A Turbo Addons for Elementor <= 1.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.7 1.7.8 July 1, 2026
tockify-events-calendar tockify-events-calendar N/A Tockify Events Calendar <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.13 2.3.0 July 1, 2026
teachpress teachpress N/A teachPress <= 9.0.11 - Authenticated (Contributor+) SQL Injection LOW *-9.0.11 9.0.12 July 1, 2026
Tableberg – Simple Gutenberg Table Block tableberg N/A Table Block by Tableberg <= 0.6.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.6.10 0.6.12 July 1, 2026
swiftxr-3darvr-viewer swiftxr-3darvr-viewer N/A SwiftXR (3D/AR/VR) Viewer <= 1.0.7 - Cross-Site Request Forgery LOW *-1.0.7 1.0.8 July 1, 2026
surveyjs surveyjs N/A SurveyJS <= 1.12.20 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.12.20 1.12.57 July 1, 2026
surveyjs surveyjs N/A SurveyJS <= 1.12.20 - Missing Authorization LOW *-1.12.20 1.12.57 July 1, 2026
stafflist stafflist N/A StaffList <= 3.2.6 - Unauthenticated Sensitive Information Exposure LOW *-3.2.6 July 1, 2026
stafflist stafflist N/A StaffList <= 3.2.6 - Missing Authorization LOW *-3.2.6 July 1, 2026
Split Test For Elementor split-test-for-elementor
89
Split Test For Elementor <= 1.8.3 - Authenticated (Editor+) SQL Injection LOW *-1.8.3 1.8.4 July 1, 2026
Split Test For Elementor split-test-for-elementor
89
Split Test For Elementor <= 1.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.8.4 1.8.5 July 1, 2026
spider-elements spider-elements N/A Spider Elements – Addons for Elementor <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.5 1.6.6 July 1, 2026
sparkle-elementor-kit sparkle-elementor-kit N/A Sparkle Elementor Kit <= 2.0.9 - Authenticated (Contributor+) Local File Inclusion LOW *-2.0.9 July 1, 2026
sliderspack-all-in-one-image-sliders sliderspack-all-in-one-image-sliders N/A Slider a SlidersPack <= 2.3 - Authenticated (Contributor+) Local File Inclusion LOW *-2.3 2.4 July 1, 2026
simply-gallery-block simply-gallery-block N/A Gallery Blocks with Lightbox <= 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.5 3.2.6 July 1, 2026
simple-wp-events simple-wp-events N/A Simple WP Events <= 1.8.17 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.17 1.9.0 July 1, 2026
simple-website-logo simple-website-logo N/A Simple Website Logo <= 1.1 - Missing Authorization LOW *-1.1 July 1, 2026
silvasoft-boekhouden silvasoft-boekhouden N/A Silvasoft boekhouden <= 3.0.1 - Authenticated (Administrator+) SQL Injection LOW *-3.0.1 July 1, 2026
sidebar-manager-light sidebar-manager-light N/A Sidebar Manager Light <= 1.1.8 - Cross-Site Request Forgery LOW *-1.1.8 July 1, 2026
showeblogin-facebook-page-like-box showeblogin-facebook-page-like-box N/A Showeblogin Social <= 7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.0 July 1, 2026
sequential-order-numbers-for-woocommerce sequential-order-numbers-for-woocommerce N/A Sequential Order Numbers for WooCommerce <= 3.6.2 - Cross-Site Request Forgery LOW *-3.6.2 3.6.3 July 1, 2026
secure-copy-content-protection secure-copy-content-protection N/A Secure Copy Content Protection and Content Locking <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.5.5 4.5.6 July 1, 2026
salon-booking-system salon-booking-system N/A Salon booking system <= 10.29.6 - Missing Authorization LOW *-10.29.6 July 1, 2026
LOW

wp-recall

wp-recall

Score: N/A WP-Recall <= 16.26.11 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-16.26.11 Patched: 16.26.12 Updated: July 1, 2026
LOW

widgets-as-shortcodes

widgets-as-shortcodes

Score: N/A Widgetize Pages Light <= 3.0 & Widgets as Shortcodes <= 5.9.10 - Reflected Cross-Site Scripting Affected: *-5.9.10 Patched: Updated: July 1, 2026
LOW

widgetize-pages-light

widgetize-pages-light

Score: N/A Widgetize Pages Light <= 3.0 & Widgets as Shortcodes <= 5.9.10 - Reflected Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 1, 2026
LOW

vayu-blocks

vayu-blocks

Score: N/A Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update Affected: 1.0.4-1.2.1 Patched: 1.2.2 Updated: July 1, 2026
LOW

tutor

tutor

Score: N/A Tutor LMS <= 3.4.0 - Authenticated (Subscriber+) HTML Injection Affected: *-3.4.0 Patched: 3.4.1 Updated: July 1, 2026
LOW

totalprocessing-card-payments

totalprocessing-card-payments

Score: N/A Nomupay Payment Processing Gateway <= 7.1.5 - Authenticated (Subscriber+) Arbitrary File Download Affected: *-7.1.5 Patched: 7.1.6 Updated: July 1, 2026
LOW

survey-maker

survey-maker

Score: N/A Survey Maker <= 5.1.6.3 - Unauthenticated Authorization Bypass Affected: *-5.1.6.3 Patched: 5.1.6.4 Updated: July 1, 2026
LOW

spider-elements

spider-elements

Score: N/A Spider Elements – Addons for Elementor <= 1.6.3 - Missing Authorization Affected: *-1.6.3 Patched: 1.6.7 Updated: July 1, 2026
LOW

specia-companion

specia-companion

Score: N/A Specia Companion <= 4.8 - Missing Authorization Affected: *-4.8 Patched: Updated: July 1, 2026
LOW

seo-help

seo-help

Score: N/A SEO Help <= 6.8.5 - Missing Authorization Affected: *-6.8.5 Patched: 6.8.6 Updated: July 1, 2026
LOW

qr-master

qr-master

Score: N/A QR Master <= 1.0.5 - Reflected Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

popping-content-light

popping-content-light

Score: N/A Popping Content Light <= 2.4 - Reflected Cross-Site Scripting Affected: *-2.4 Patched: Updated: July 1, 2026
LOW

piotnetforms

piotnetforms

Score: N/A Piotnet Forms <= 1.0.30 - Authenticated (Editor+) Path Traversal Affected: *-1.0.30 Patched: Updated: July 1, 2026
LOW

online-accessibility

online-accessibility

Score: N/A Accessibility Suite by Online ADA <= 4.18 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-4.18 Patched: 4.19 Updated: July 1, 2026
LOW

nearby-locations

nearby-locations

Score: 91/100 Nearby Locations <= 1.1.1 - Authenticated (Administrator+) SQL Injection Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

motors-car-dealership-classified-listings

motors-car-dealership-classified-listings

Score: 93/100 Motors – Car Dealership & Classified Listings Plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.4.63 Patched: 1.4.64 Updated: July 1, 2026
LOW

motors-car-dealership-classified-listings

motors-car-dealership-classified-listings

Score: 93/100 Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 - Missing Authorization to Authenticated (Subscriber+) Wizard Set-up Affected: *-1.4.66 Patched: 1.4.67 Updated: July 1, 2026
LOW

melapress-login-security-premium

melapress-login-security-premium

Score: 93/100 MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Affected: 2.1.0 Patched: 2.1.1 Updated: July 1, 2026
LOW

melapress-login-security

melapress-login-security

Score: 93/100 MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Affected: 2.1.0 Patched: 2.1.1 Updated: July 1, 2026
LOW

internal-link-finder

internal-link-finder

Score: 93/100 Internal Link Optimiser <= 5.1.2 - Missing Authorization to Unauthenticated Settings Update Affected: *-5.1.2 Patched: 5.1.3 Updated: July 1, 2026
LOW

global-gallery

global-gallery

Score: 91/100 Global Gallery <= 8.8.0 - Reflected Cross-Site Scripting Affected: *-8.8.0 Patched: Updated: July 1, 2026
LOW

funnel-builder

funnel-builder

Score: 93/100 Funnel Builder for WordPress by FunnelKit <= 3.10.1 - Authenticated (Administrator+) SQL Injection Affected: *-3.10.1 Patched: 3.10.2 Updated: July 1, 2026
LOW

flo-forms

flo-forms

Score: 89/100 Flo Forms <= 1.0.43 - Missing Authorization Affected: *-1.0.43 Patched: Updated: July 1, 2026
LOW

eazydocs

eazydocs

Score: 93/100 EazyDocs <= 2.7.1 - Missing Authorization Affected: *-2.7.1 Patched: 2.7.2 Updated: July 1, 2026
LOW

dzs-zoomsounds

dzs-zoomsounds

Score: 83/100 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download Affected: *-6.91 Patched: Updated: July 1, 2026
LOW

coreactivity

coreactivity

Score: 93/100 coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated (Subscriber+) SQL Injection Affected: *-2.7 Patched: 2.7.1 Updated: July 1, 2026
LOW

cm-invitation-codes

cm-invitation-codes

Score: 93/100 CM Registration and Invitation Codes <= 2.5.5 - Missing Authorization Affected: *-2.5.5 Patched: 2.5.6 Updated: July 1, 2026
LOW

circle-image-slider-with-lightbox

circle-image-slider-with-lightbox

Score: 93/100 Team Circle Image Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection Affected: *-1.0.4 Patched: 1.0.5 Updated: July 1, 2026
LOW

cardgate

cardgate

Score: 93/100 CardGate Payments for WooCommerce <= 3.2.1 - Authenticated (Administrator+) SQL Injection Affected: *-3.2.1 Patched: 3.2.2 Updated: July 1, 2026
LOW

broadstreet

broadstreet

Score: 93/100 Broadstreet <= 1.52.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.52.1 Patched: 1.52.2 Updated: July 1, 2026
LOW

asgaros-forum

asgaros-forum

Score: 97/100 Asgaros Forum <= 3.0.0 - Authenticated (Subscriber+) Authorization Bypass Affected: *-3.0.0 Patched: 3.1.0 Updated: July 1, 2026
LOW

advanced-cf7-db

advanced-cf7-db

Score: 95/100 Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 - Use of Vulnerable Component (PHPExcel) Affected: *-2.0.8 Patched: 2.0.9 Updated: July 1, 2026
LOW

advanced-advertising-system

advanced-advertising-system

Score: 95/100 Advanced Advertising System <= 1.3.1 - Open Redirect Affected: *-1.3.1 Patched: Updated: July 1, 2026
LOW

admin-site-enhancements

admin-site-enhancements

Score: 97/100 Admin and Site Enhancements (ASE) <= 7.6.9 - Password Protection Bypass Affected: *-7.6.9 Patched: 7.6.10 Updated: July 1, 2026
LOW

aawp-obfuscator

aawp-obfuscator

Score: 95/100 AAWEP Obfuscator <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

5-sterrenspecialist

5-sterrenspecialist

Score: 97/100 5sterrenspecialist <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: July 1, 2026
LOW

3dprint-lite

3dprint-lite

Score: 97/100 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text' Affected: *-2.1.3.6 Patched: 2.1.3.7 Updated: July 1, 2026
LOW

3dprint-lite

3dprint-lite

Score: 97/100 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text' Affected: *-2.1.3.6 Patched: 2.1.3.7 Updated: July 1, 2026
LOW

3dprint-lite

3dprint-lite

Score: 97/100 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text' Affected: *-2.1.3.6 Patched: 2.1.3.7 Updated: July 1, 2026
LOW

3dprint-lite

3dprint-lite

Score: 97/100 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text' Affected: *-2.1.3.6 Patched: 2.1.3.7 Updated: July 1, 2026
LOW

drag-and-drop-multiple-file-upload-for-woocommerce

drag-and-drop-multiple-file-upload-for-woocommerce

Score: 93/100 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move Affected: *-1.1.4 Patched: 1.1.5 Updated: July 1, 2026
LOW

dzs-zoomsounds

dzs-zoomsounds

Score: 83/100 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation Affected: *-6.91 Patched: Updated: July 1, 2026
LOW

dc-woocommerce-multi-vendor

dc-woocommerce-multi-vendor

Score: 93/100 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion Affected: *-4.2.19 Patched: 4.2.20 Updated: July 1, 2026
LOW

kb-support

kb-support

Score: 91/100 KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-1.7.4 Patched: Updated: July 1, 2026
LOW

ai-content-pipelines

ai-content-pipelines

Score: 95/100 AI Content Pipelines <= 1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.6 Patched: Updated: July 1, 2026
LOW

expand-maker

expand-maker

Score: 89/100 Read More & Accordion <= 3.4.7 - Cross-Site Request Forgery to Local File Inclusion Affected: *-3.4.7 Patched: 3.4.8 Updated: July 1, 2026
LOW

wp-update-mail-notification

wp-update-mail-notification

Score: N/A Email Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.1.6 Patched: 1.2.0 Updated: July 1, 2026
LOW

link-library

link-library

Score: 93/100 Link Library <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Additional Parameters Affected: *-7.7.3 Patched: 7.8 Updated: July 1, 2026
LOW

yamaps

yamaps

Score: N/A YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.6.40 Patched: 0.6.41 Updated: July 1, 2026
LOW

xpro-theme-builder

xpro-theme-builder

Score: N/A Xpro Theme Builder <= 1.2.8.4 - Missing Authorization Affected: *-1.2.8.4 Patched: 1.2.8.5 Updated: July 1, 2026
LOW

xpro-elementor-addons

xpro-elementor-addons

Score: N/A Xpro Elementor Addons <= 1.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.10 Patched: 1.4.11 Updated: July 1, 2026
LOW

wpgenealogy

wpgenealogy

Score: N/A WP Genealogy – Your Family History Website <= 0.1.9 - Missing Authorization Affected: *-0.1.9 Patched: Updated: July 1, 2026
LOW

wpbookit

wpbookit

Score: N/A WPBookit <= 1.0.7 - Missing Authorization Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

wp-w3all-phpbb-integration

wp-w3all-phpbb-integration

Score: N/A WP w3all phpBB <= 2.9.8 - Cross-Site Request Forgery Affected: *-2.9.8 Patched: 2.9.9 Updated: July 1, 2026
LOW

wp-ulike

wp-ulike

Score: N/A WP ULike <= 4.7.9.1 - Missing Authorization to Unauthenticated Content Spoofing Affected: *-4.7.9.1 Patched: 4.7.10 Updated: July 1, 2026
LOW

wp-to-hootsuite

wp-to-hootsuite

Score: N/A Post to Social Media – WordPress to Hootsuite <= 1.5.9 - Cross-Site Request Forgery Affected: *-1.5.9 Patched: 1.6.0 Updated: July 1, 2026
LOW

wp-spotlight-search

wp-spotlight-search

Score: N/A Advanced All in One Admin Search by WP Spotlight <= 1.1.1 - Cross-Site Request Forgery Affected: *-1.1.1 Patched: 1.1.2 Updated: July 1, 2026
LOW

wp-share-buttons-analytics-by-getsocial

wp-share-buttons-analytics-by-getsocial

Score: N/A Social Share Buttons & Analytics Plugin – GetSocial.io <= 4.5 - Missing Authorization Affected: *-4.5 Patched: Updated: July 1, 2026
LOW

wp-event-manager

wp-event-manager

Score: N/A WP Event Manager <= 3.2.0 - Missing Authorization Affected: *-3.2.0 Patched: 3.2.1 Updated: July 1, 2026
LOW

woocommerce-role-pricing

woocommerce-role-pricing

Score: N/A Woocommerce Role Pricing <= 3.5.5 - Cross-Site Request Forgery Affected: *-3.5.5 Patched: Updated: July 1, 2026
LOW

wishlist

wishlist

Score: N/A Wishlist <= 1.0.44 - Cross-Site Request Forgery Affected: *-1.0.44 Patched: Updated: July 1, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.24 - Cross-Site Request Forgery Affected: *-2.6.24 Patched: 2.6.25 Updated: July 1, 2026
LOW

vk-filter-search

vk-filter-search

Score: N/A VK Filter Search <= 2.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.20.3 Patched: 2.20.4 Updated: July 1, 2026
LOW

video-playlist-for-youtube

video-playlist-for-youtube

Score: N/A Video Playlist For YouTube <= 6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.6 Patched: Updated: July 1, 2026
LOW

vg-woocarousel

vg-woocarousel

Score: N/A VG WooCarousel <= 1.3 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

variable-inspector

variable-inspector

Score: N/A Variable Inspector < 2.7.1 - Missing Authorization Affected: [*, 2.7.1) Patched: 2.7.1 Updated: July 1, 2026
LOW

vagonic-sortable

vagonic-sortable

Score: N/A Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic <= 1.9 - Missing Authorization Affected: *-1.9 Patched: Updated: July 1, 2026
LOW

ut-elementor-addons-lite

ut-elementor-addons-lite

Score: N/A Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.8 Patched: 1.1.9 Updated: July 1, 2026
LOW

url-shortify

url-shortify

Score: N/A URL Shortify <= 1.10.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.10.5.1 Patched: 1.10.6 Updated: July 1, 2026
LOW

ultraaddons-elementor-lite

ultraaddons-elementor-lite

Score: N/A UltraAddons <= 2.0.0 - Cross-Site Request Forgery Affected: *-2.0.0 Patched: Updated: July 1, 2026
LOW

ultimate-store-kit

ultimate-store-kit

Score: N/A Ultimate Store Kit Elementor Addons <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.0 Patched: 2.6.0 Updated: July 1, 2026
LOW

ulisting

ulisting

Score: N/A uListing <= 2.1.9 - Authenticated (Administrator+) SQL Injection Affected: *-2.1.9 Patched: Updated: July 1, 2026
LOW

turbo-addons-elementor

turbo-addons-elementor

Score: N/A Turbo Addons for Elementor <= 1.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.7 Patched: 1.7.8 Updated: July 1, 2026
LOW

tockify-events-calendar

tockify-events-calendar

Score: N/A Tockify Events Calendar <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.13 Patched: 2.3.0 Updated: July 1, 2026
LOW

teachpress

teachpress

Score: N/A teachPress <= 9.0.11 - Authenticated (Contributor+) SQL Injection Affected: *-9.0.11 Patched: 9.0.12 Updated: July 1, 2026
LOW

Tableberg – Simple Gutenberg Table Block

tableberg

Score: N/A Table Block by Tableberg <= 0.6.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.6.10 Patched: 0.6.12 Updated: July 1, 2026
LOW

swiftxr-3darvr-viewer

swiftxr-3darvr-viewer

Score: N/A SwiftXR (3D/AR/VR) Viewer <= 1.0.7 - Cross-Site Request Forgery Affected: *-1.0.7 Patched: 1.0.8 Updated: July 1, 2026
LOW

surveyjs

surveyjs

Score: N/A SurveyJS <= 1.12.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.12.20 Patched: 1.12.57 Updated: July 1, 2026
LOW

surveyjs

surveyjs

Score: N/A SurveyJS <= 1.12.20 - Missing Authorization Affected: *-1.12.20 Patched: 1.12.57 Updated: July 1, 2026
LOW

stafflist

stafflist

Score: N/A StaffList <= 3.2.6 - Unauthenticated Sensitive Information Exposure Affected: *-3.2.6 Patched: Updated: July 1, 2026
LOW

stafflist

stafflist

Score: N/A StaffList <= 3.2.6 - Missing Authorization Affected: *-3.2.6 Patched: Updated: July 1, 2026
LOW

Split Test For Elementor

split-test-for-elementor

Score: 89/100 Split Test For Elementor <= 1.8.3 - Authenticated (Editor+) SQL Injection Affected: *-1.8.3 Patched: 1.8.4 Updated: July 1, 2026
LOW

Split Test For Elementor

split-test-for-elementor

Score: 89/100 Split Test For Elementor <= 1.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.8.4 Patched: 1.8.5 Updated: July 1, 2026
LOW

spider-elements

spider-elements

Score: N/A Spider Elements – Addons for Elementor <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.5 Patched: 1.6.6 Updated: July 1, 2026
LOW

sparkle-elementor-kit

sparkle-elementor-kit

Score: N/A Sparkle Elementor Kit <= 2.0.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.0.9 Patched: Updated: July 1, 2026
LOW

sliderspack-all-in-one-image-sliders

sliderspack-all-in-one-image-sliders

Score: N/A Slider a SlidersPack <= 2.3 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.3 Patched: 2.4 Updated: July 1, 2026
LOW

simply-gallery-block

simply-gallery-block

Score: N/A Gallery Blocks with Lightbox <= 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.5 Patched: 3.2.6 Updated: July 1, 2026
LOW

simple-wp-events

simple-wp-events

Score: N/A Simple WP Events <= 1.8.17 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.17 Patched: 1.9.0 Updated: July 1, 2026
LOW

simple-website-logo

simple-website-logo

Score: N/A Simple Website Logo <= 1.1 - Missing Authorization Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

silvasoft-boekhouden

silvasoft-boekhouden

Score: N/A Silvasoft boekhouden <= 3.0.1 - Authenticated (Administrator+) SQL Injection Affected: *-3.0.1 Patched: Updated: July 1, 2026
LOW

sidebar-manager-light

sidebar-manager-light

Score: N/A Sidebar Manager Light <= 1.1.8 - Cross-Site Request Forgery Affected: *-1.1.8 Patched: Updated: July 1, 2026
LOW

showeblogin-facebook-page-like-box

showeblogin-facebook-page-like-box

Score: N/A Showeblogin Social <= 7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.0 Patched: Updated: July 1, 2026
LOW

sequential-order-numbers-for-woocommerce

sequential-order-numbers-for-woocommerce

Score: N/A Sequential Order Numbers for WooCommerce <= 3.6.2 - Cross-Site Request Forgery Affected: *-3.6.2 Patched: 3.6.3 Updated: July 1, 2026
LOW

secure-copy-content-protection

secure-copy-content-protection

Score: N/A Secure Copy Content Protection and Content Locking <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.5.5 Patched: 4.5.6 Updated: July 1, 2026
LOW

salon-booking-system

salon-booking-system

Score: N/A Salon booking system <= 10.29.6 - Missing Authorization Affected: *-10.29.6 Patched: Updated: July 1, 2026

Showing 10101 to 10200 of 36319 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 12:37 UTC.