Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36320

Across tracked plugins

Affected Plugins

96

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
salon-booking-system salon-booking-system N/A Salon booking system <= 10.29.6 - Missing Authorization LOW *-10.29.6 July 1, 2026
s2member s2member N/A s2Member <= 250419 - Authenticated (Administrator+) Local File Inclusion LOW *-250419 250424 July 1, 2026
rollbar rollbar N/A Rollbar <= 2.7.1 - Cross-Site Request Forgery LOW *-2.7.1 3.0.0 July 1, 2026
riovizual riovizual N/A Table Block by RioVizual <= 2.3.1 - Cross-Site Request Forgery LOW *-2.3.1 2.3.2 July 1, 2026
revive-so revive-so N/A Revive.so – Bulk Rewrite and Republish Blog Posts <= 2.0.3 - Missing Authorization LOW *-2.0.3 2.0.4 July 1, 2026
real-estate-manager real-estate-manager N/A Real Estate Manager <= 7.3 - Authenticated (Contributor+) Local File Inclusion LOW *-7.3 July 1, 2026
rdp-wiki-embed rdp-wiki-embed N/A RDP Wiki Embed <= 1.2.20 - Cross-Site Request Forgery LOW *-1.2.20 July 1, 2026
radius-blocks radius-blocks N/A Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Local File Inclusion LOW *-2.2.1 July 1, 2026
qr-code-tag-for-wc-from-goaskle-com qr-code-tag-for-wc-from-goaskle-com N/A QR Code Tag for WC order emails <= 1.9.36 - Cross-Site Request Forgery LOW *-1.9.36 July 1, 2026
privy-crm-integration privy-crm-integration N/A Privyr CRM <= 1.0.2 - Missing Authorization LOW *-1.0.2 1.0.3 July 1, 2026
posts-table-filterable posts-table-filterable N/A TableOn – WordPress Posts Table Filterable <= 1.0.5.1 - Missing Authorization LOW *-1.0.5.1 1.0.6 July 1, 2026
portfolio-manager-powered-by-behance portfolio-manager-powered-by-behance N/A Behance Portfolio Manager <= 1.7.5 - Authenticated (Administrator+) SQL Injection LOW *-1.7.5 1.8.0 July 1, 2026
piotnet-addons-for-elementor piotnet-addons-for-elementor N/A Piotnet Addons For Elementor <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.36 July 1, 2026
pay-with-contact-form-7 pay-with-contact-form-7 N/A Pay with Contact Form 7 <= 1.0.4 - Authenticated (Administrator+) SQL Injection LOW *-1.0.4 July 1, 2026
order-delivery-date order-delivery-date N/A Order Delivery Date for WooCommerce 2.0 - 12.3.1- Unauthenticated Arbitrary Options Update LOW [2.0, 12.3.1) 12.3.1 July 1, 2026
onoffice-for-wp-websites onoffice-for-wp-websites N/A onOffice for WP-Websites <= 6.5 - Authenticated (Administrator+) SQL Injection LOW *-6.5 6.5.1 July 1, 2026
ni-woocommerce-cost-of-goods ni-woocommerce-cost-of-goods N/A Ni WooCommerce Cost Of Goods <= 3.2.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-3.2.8 3.2.9 July 1, 2026
news-kit-elementor-addons news-kit-elementor-addons N/A News Kit Elementor Addons <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.6 July 1, 2026
news-element news-element N/A News Element Elementor Blog Magazine <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.7 July 1, 2026
music-pack-for-elementor music-pack-for-elementor
91
Musician's Pack for Elementor <= 1.8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.4.1 July 1, 2026
mp3-music-player-by-sonaar mp3-music-player-by-sonaar
93
MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.9.4 - Missing Authorization LOW *-5.9.4 5.9.5 July 1, 2026
motors-car-dealership-classified-listings motors-car-dealership-classified-listings
93
Motors <= 1.4.71 - Authenticated (Contributor+) Local File Inclusion LOW *-1.4.71 1.4.72 July 1, 2026
motors-car-dealership-classified-listings motors-car-dealership-classified-listings
93
Motors <= 1.4.71 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.71 1.4.72 July 1, 2026
meeting-scheduler-by-vcita meeting-scheduler-by-vcita
93
Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.2 - Authenticated (Subscriber+) Sensitive Information Exposure LOW *-4.5.2 4.6.0 July 1, 2026
masterstudy-lms-learning-management-system masterstudy-lms-learning-management-system
93
MasterStudy LMS <= 3.5.28 - Authenticated (Contributor+) Local File Inclusion LOW *-3.5.28 3.5.29 July 1, 2026
masterstudy-lms-learning-management-system masterstudy-lms-learning-management-system
93
MasterStudy LMS <= 3.5.28 - Missing Authorization LOW *-3.5.28 3.5.29 July 1, 2026
maps-for-wp maps-for-wp
91
Maps for WP <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.4 1.2.5 July 1, 2026
m1downloadlist m1downloadlist
91
m1.DownloadList <= 0.23 - Authenticated (Contributor+) Sensitive Information Disclosure LOW *-0.23 July 1, 2026
liveforms liveforms
91
Contact Form, Drag and Drop Form Builder Plugin <= 4.8.5 - Missing Authorization LOW *-4.8.5 July 1, 2026
live-chat-support-by-social-intents live-chat-support-by-social-intents
91
Social Intents <= 1.6.14 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.14 July 1, 2026
libro-de-reclamaciones-y-quejas libro-de-reclamaciones-y-quejas
91
Libro de Reclamaciones y Quejas <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.9 July 1, 2026
lastudio-element-kit lastudio-element-kit
93
LA-Studio Element Kit for Elementor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.1 1.5.2 July 1, 2026
lafka-plugin lafka-plugin
91
Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update LOW *-7.1.0 July 1, 2026
just-post-preview just-post-preview
91
Just Post Preview Widget <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion LOW *-1.1.1 July 1, 2026
js-jobs js-jobs
81
JS Job Manager <= 2.0.2 - Authenticated (Contributor+) Local File Inclusion LOW *-2.0.2 July 1, 2026
jobwp jobwp
93
JobWP <= 2.3.9 - Cross-Site Request Forgery LOW *-2.3.9 2.4.0 July 1, 2026
jetpack-feedback-exporter jetpack-feedback-exporter
91
Jetpack Feedback Exporter <= 1.23 - Unauthenticated Sensitive Information Exposure LOW *-1.23 July 1, 2026
intelly-welcome-bar intelly-welcome-bar
91
Welcome Bar <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0.4 July 1, 2026
intelly-posts-footer-manager intelly-posts-footer-manager
91
Posts Footer Manager <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.2.0 July 1, 2026
instantsearch-for-woocommerce instantsearch-for-woocommerce
93
Search, Filters & Merchandising for WooCommerce <= 3.0.58 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.58 3.0.59 July 1, 2026
gutenify gutenify
91
Gutenify <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.7 1.5.8 July 1, 2026
googleanalytics googleanalytics
91
ShareThis Dashboard for Google Analytics <= 3.2.3 - Cross-Site Request Forgery LOW *-3.2.3 3.2.4 July 1, 2026
google-maps-easy google-maps-easy
93
Easy Google Maps <= 1.11.18 - Authenticated (Author+) XML Entity Injection LOW *-1.11.18 1.11.19 July 1, 2026
gallery-for-ultimate-member gallery-for-ultimate-member
91
Video & Photo Gallery for Ultimate Member <= 1.1.3 - Authenticated (Administrator+) SQL Injection LOW *-1.1.3 July 1, 2026
funnelcockpit funnelcockpit
93
FunnelCockpit <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4.3 1.4.4 July 1, 2026
freetobook-responsive-widget freetobook-responsive-widget
93
Freetobook Responsive Widget <= 1.1 - Cross-Site Request Forgery LOW *-1.1 1.1.1 July 1, 2026
foobox-image-lightbox foobox-image-lightbox
93
FooBox Image Lightbox <= 2.7.33 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-2.7.33 2.7.34 July 1, 2026
fami-woocommerce-compare fami-woocommerce-compare
91
Fami WooCommerce Compare <= 1.0.5 - Unauthenticated Local File Inclusion LOW *-1.0.5 July 1, 2026
falling-things falling-things
93
Falling things <= 1.08 - Authenticated (Editor+) SQL Injection LOW *-1.08 1.09 July 1, 2026
ez-form-calculator-premium ez-form-calculator-premium
91
ez Form Calculator - WordPress plugin <= 2.14.1.2 - Reflected Cross-Site Scripting LOW *-2.14.1.2 July 1, 2026
eventon-lite eventon-lite
93
EventON <= 2.4.1 - Authenticated (Contributor+) Local File Inclusion LOW *-2.4.1 2.4.2 July 1, 2026
emma-emarketing-plugin emma-emarketing-plugin
91
Emma for WordPress <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.3 July 1, 2026
embed-chessboard embed-chessboard
91
Embed Chessboard <= 3.07.00 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.07.00 July 1, 2026
ecwid-shopping-cart ecwid-shopping-cart
93
Ecwid Shopping Cart <= 7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.0 7.0.1 July 1, 2026
easync-booking easync-booking
93
eaSYNC <= 1.3.19 - Missing Authorization LOW *-1.3.19 1.3.21 July 1, 2026
easy-wp-optimizer easy-wp-optimizer
91
Easy WP Optimizer <= 1.1.0 - Missing Authorization LOW *-1.1.0 July 1, 2026
easy-query easy-query
91
Easy Query – WP Query Builder <= 2.0.4 - Authenticated (Administrator+) SQL Injection LOW *-2.0.4 July 1, 2026
easy-contact easy-contact
91
Easy Contact <= 0.1.2 - Reflected Cross-Site Scripting LOW *-0.1.2 July 1, 2026
dzs-zoomsounds dzs-zoomsounds
83
ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-6.91 July 1, 2026
dyapress dyapress
91
DyaPress ERP/CRM <= 18.0.2.0 - Unauthenticated Local File Inclusion LOW *-18.0.2.0 July 1, 2026
doppler-form doppler-form
93
Doppler Forms <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.1 2.6.0 July 1, 2026
display-product-variations-dropdown-on-shop-page display-product-variations-dropdown-on-shop-page
91
Display product variations dropdown on shop page <= 1.1.3 - Missing Authorization LOW *-1.1.3 July 1, 2026
directorypress directorypress
93
DirectoryPress <= 3.6.22 - Cross-Site Request Forgery LOW *-3.6.22 3.6.23 July 1, 2026
dethemekit-for-elementor dethemekit-for-elementor
89
DethemeKit For Elementor <= 2.1.10 - Missing Authorization LOW *-2.1.10 July 1, 2026
daisycon daisycon
93
Daisycon prijsvergelijkers <= 4.8.4 - Authenticated (Contributor+) SQL Injection LOW *-4.8.4 4.9.0 July 1, 2026
course-booking-system course-booking-system
93
Course Booking System <= 6.1 - Missing Authorization LOW *-6.1 6.1.1 July 1, 2026
contact-form-with-a-meeting-scheduler-by-vcita contact-form-with-a-meeting-scheduler-by-vcita
93
Contact Form Builder by vcita <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.10.4 4.10.5 July 1, 2026
computer-repair-shop computer-repair-shop
93
CRM WordPress Plugin – RepairBuddy <= 3.8213 - Missing Authorization LOW *-3.8213 3.8214 July 1, 2026
colibri-page-builder colibri-page-builder
93
Colibri Page Builder <= 1.0.319 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.319 1.0.332 July 1, 2026
cmp-coming-soon-maintenance cmp-coming-soon-maintenance
93
CMP – Coming Soon & Maintenance <= 4.1.13 - Authenticated (Admin+) Arbitrary File Upload LOW *-4.1.13 4.1.15 July 1, 2026
cleverreach-wc cleverreach-wc
93
Official CleverReach Plugin for WooCommerce <= 3.4.4 - Cross-Site Request Forgery to Settings Update LOW *-3.4.4 3.4.7 July 1, 2026
chamber-dashboard-business-directory chamber-dashboard-business-directory
89
Chamber Dashboard Business Directory <= 3.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.3.11 July 1, 2026
cf7-zendesk cf7-zendesk
93
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.3 - Cross-Site Request Forgery LOW *-1.1.3 1.1.4 July 1, 2026
catch-dark-mode catch-dark-mode
93
Catch Dark Mode <= 2.0.1 - Authenticated (Contributor+) Local File Inclusion LOW *-2.0.1 2.1 July 1, 2026
bwd-elementor-addons bwd-elementor-addons
91
BWD Elementor Addons <= 4.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.3.20 July 1, 2026
buddyforms buddyforms
89
BuddyForms <= 2.8.17 - Authenticated (Contributor+) Local File Inclusion LOW *-2.8.17 July 1, 2026
broken-images-redirection broken-images-redirection
93
404 Image Redirection (Replace Broken Images) <= 1.4 - Cross-Site Request Forgery LOW *-1.4 2.0.0 July 1, 2026
broadstreet broadstreet
93
Broadstreet <= 1.51.1 - Cross-Site Request Forgery LOW *-1.51.1 1.52.2 July 1, 2026
brizy brizy
93
Brizy <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.7 2.7.8 July 1, 2026
bookingor bookingor
91
Bookingor <= 2.0.1 - Missing Authorization LOW *-2.0.1 2.0.2 July 1, 2026
beds24-online-booking beds24-online-booking
93
Beds24 Online Booking <= 2.0.28 - Authenticated (Contributor+) Local File Inclusion LOW *-2.0.28 2.0.29 July 1, 2026
bBlocks – Essential Gutenberg Blocks & Patterns Collection b-blocks
90
B Blocks - The ultimate block collection <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.0 2.0.1 July 1, 2026
athemes-addons-for-elementor-lite athemes-addons-for-elementor-lite
93
aThemes Addons for Elementor <= 1.1.3 - Authenticated (Contributor+) Local File Inclusion LOW *-1.1.3 1.1.4 July 1, 2026
arkhe-blocks arkhe-blocks
95
Arkhe Blocks <= 2.27.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.27.1 July 1, 2026
ai-image-alt-text-generator-for-wp ai-image-alt-text-generator-for-wp
95
Ai Image Alt Text Generator for WP <= 1.1.1 - Missing Authorization LOW *-1.1.1 1.1.2 July 1, 2026
ai-image-alt-text-generator-for-wp ai-image-alt-text-generator-for-wp
95
Ai Image Alt Text Generator for WP <= 1.1.5 - Authenticated (Subscriber+) Sensitive Information Exposure LOW *-1.1.5 July 1, 2026
ai-content-creator ai-content-creator
97
AI Content Creator <= 1.2.6 - Cross-Site Request Forgery LOW *-1.2.6 1.3.0 July 1, 2026
advanced-woo-labels advanced-woo-labels
97
Advanced Woo Labels <= 2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.15 2.16 July 1, 2026
administrator-z administrator-z
95
Administrator Z < 2026.05.10 - Cross-Site Request Forgery LOW [*, 2026.05.10) 2026.05.10 July 1, 2026
administrator-z administrator-z
95
Administrator Z <= 2025.09.27 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2025.09.27 July 1, 2026
admail admail
95
AdMail – Multilingual Back in-Stock Notifier for WooCommerce <= 1.7.0 - Missing Authorization LOW *-1.7.0 July 1, 2026
activecampaign-subscription-forms activecampaign-subscription-forms
97
ActiveCampaign <= 8.1.16 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-8.1.16 8.1.17 July 1, 2026
6storage-rentals 6storage-rentals
92
6Storage Rentals <= 2.19.4 - Missing Authorization LOW *-2.19.4 July 1, 2026
1-click-migration 1-click-migration
95
1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure LOW *-2.2 July 1, 2026
1-click-backup-restore-database-by-sunbytes 1-click-backup-restore-database-by-sunbytes
95
1-Click Backup & Restore Database <= 1.0.3 - Missing Authorization LOW *-1.0.3 July 1, 2026
simple-banner simple-banner N/A Simple Banner <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.0.4 3.0.5 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site Scripting LOW 4.0.1-7.2.4 7.2.5 July 1, 2026
woo-product-filter woo-product-filter N/A Product Filter by WBW <= 2.7.9 - Unauthenticated SQL Injection via filtersDataBackend Parameter LOW *-2.7.9 2.8.0 July 1, 2026
td-composer td-composer N/A TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation LOW *-5.3 5.4 July 1, 2026
countdown-builder countdown-builder
91
Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion LOW *-2.8.9.1 2.9.0 July 1, 2026
LOW

salon-booking-system

salon-booking-system

Score: N/A Salon booking system <= 10.29.6 - Missing Authorization Affected: *-10.29.6 Patched: Updated: July 1, 2026
LOW

s2member

s2member

Score: N/A s2Member <= 250419 - Authenticated (Administrator+) Local File Inclusion Affected: *-250419 Patched: 250424 Updated: July 1, 2026
LOW

rollbar

rollbar

Score: N/A Rollbar <= 2.7.1 - Cross-Site Request Forgery Affected: *-2.7.1 Patched: 3.0.0 Updated: July 1, 2026
LOW

riovizual

riovizual

Score: N/A Table Block by RioVizual <= 2.3.1 - Cross-Site Request Forgery Affected: *-2.3.1 Patched: 2.3.2 Updated: July 1, 2026
LOW

revive-so

revive-so

Score: N/A Revive.so – Bulk Rewrite and Republish Blog Posts <= 2.0.3 - Missing Authorization Affected: *-2.0.3 Patched: 2.0.4 Updated: July 1, 2026
LOW

real-estate-manager

real-estate-manager

Score: N/A Real Estate Manager <= 7.3 - Authenticated (Contributor+) Local File Inclusion Affected: *-7.3 Patched: Updated: July 1, 2026
LOW

rdp-wiki-embed

rdp-wiki-embed

Score: N/A RDP Wiki Embed <= 1.2.20 - Cross-Site Request Forgery Affected: *-1.2.20 Patched: Updated: July 1, 2026
LOW

radius-blocks

radius-blocks

Score: N/A Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.2.1 Patched: Updated: July 1, 2026
LOW

qr-code-tag-for-wc-from-goaskle-com

qr-code-tag-for-wc-from-goaskle-com

Score: N/A QR Code Tag for WC order emails <= 1.9.36 - Cross-Site Request Forgery Affected: *-1.9.36 Patched: Updated: July 1, 2026
LOW

privy-crm-integration

privy-crm-integration

Score: N/A Privyr CRM <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: 1.0.3 Updated: July 1, 2026
LOW

posts-table-filterable

posts-table-filterable

Score: N/A TableOn – WordPress Posts Table Filterable <= 1.0.5.1 - Missing Authorization Affected: *-1.0.5.1 Patched: 1.0.6 Updated: July 1, 2026
LOW

portfolio-manager-powered-by-behance

portfolio-manager-powered-by-behance

Score: N/A Behance Portfolio Manager <= 1.7.5 - Authenticated (Administrator+) SQL Injection Affected: *-1.7.5 Patched: 1.8.0 Updated: July 1, 2026
LOW

piotnet-addons-for-elementor

piotnet-addons-for-elementor

Score: N/A Piotnet Addons For Elementor <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.36 Patched: Updated: July 1, 2026
LOW

pay-with-contact-form-7

pay-with-contact-form-7

Score: N/A Pay with Contact Form 7 <= 1.0.4 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.4 Patched: Updated: July 1, 2026
LOW

order-delivery-date

order-delivery-date

Score: N/A Order Delivery Date for WooCommerce 2.0 - 12.3.1- Unauthenticated Arbitrary Options Update Affected: [2.0, 12.3.1) Patched: 12.3.1 Updated: July 1, 2026
LOW

onoffice-for-wp-websites

onoffice-for-wp-websites

Score: N/A onOffice for WP-Websites <= 6.5 - Authenticated (Administrator+) SQL Injection Affected: *-6.5 Patched: 6.5.1 Updated: July 1, 2026
LOW

ni-woocommerce-cost-of-goods

ni-woocommerce-cost-of-goods

Score: N/A Ni WooCommerce Cost Of Goods <= 3.2.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.2.8 Patched: 3.2.9 Updated: July 1, 2026
LOW

news-kit-elementor-addons

news-kit-elementor-addons

Score: N/A News Kit Elementor Addons <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: Updated: July 1, 2026
LOW

news-element

news-element

Score: N/A News Element Elementor Blog Magazine <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: Updated: July 1, 2026
LOW

music-pack-for-elementor

music-pack-for-elementor

Score: 91/100 Musician's Pack for Elementor <= 1.8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.4.1 Patched: Updated: July 1, 2026
LOW

mp3-music-player-by-sonaar

mp3-music-player-by-sonaar

Score: 93/100 MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.9.4 - Missing Authorization Affected: *-5.9.4 Patched: 5.9.5 Updated: July 1, 2026
LOW

motors-car-dealership-classified-listings

motors-car-dealership-classified-listings

Score: 93/100 Motors <= 1.4.71 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.4.71 Patched: 1.4.72 Updated: July 1, 2026
LOW

motors-car-dealership-classified-listings

motors-car-dealership-classified-listings

Score: 93/100 Motors <= 1.4.71 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.71 Patched: 1.4.72 Updated: July 1, 2026
LOW

meeting-scheduler-by-vcita

meeting-scheduler-by-vcita

Score: 93/100 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.2 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-4.5.2 Patched: 4.6.0 Updated: July 1, 2026
LOW

masterstudy-lms-learning-management-system

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS <= 3.5.28 - Authenticated (Contributor+) Local File Inclusion Affected: *-3.5.28 Patched: 3.5.29 Updated: July 1, 2026
LOW

masterstudy-lms-learning-management-system

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS <= 3.5.28 - Missing Authorization Affected: *-3.5.28 Patched: 3.5.29 Updated: July 1, 2026
LOW

maps-for-wp

maps-for-wp

Score: 91/100 Maps for WP <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.4 Patched: 1.2.5 Updated: July 1, 2026
LOW

m1downloadlist

m1downloadlist

Score: 91/100 m1.DownloadList <= 0.23 - Authenticated (Contributor+) Sensitive Information Disclosure Affected: *-0.23 Patched: Updated: July 1, 2026
LOW

liveforms

liveforms

Score: 91/100 Contact Form, Drag and Drop Form Builder Plugin <= 4.8.5 - Missing Authorization Affected: *-4.8.5 Patched: Updated: July 1, 2026
LOW

live-chat-support-by-social-intents

live-chat-support-by-social-intents

Score: 91/100 Social Intents <= 1.6.14 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.14 Patched: Updated: July 1, 2026
LOW

libro-de-reclamaciones-y-quejas

libro-de-reclamaciones-y-quejas

Score: 91/100 Libro de Reclamaciones y Quejas <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.9 Patched: Updated: July 1, 2026
LOW

lastudio-element-kit

lastudio-element-kit

Score: 93/100 LA-Studio Element Kit for Elementor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.2 Updated: July 1, 2026
LOW

lafka-plugin

lafka-plugin

Score: 91/100 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update Affected: *-7.1.0 Patched: Updated: July 1, 2026
LOW

just-post-preview

just-post-preview

Score: 91/100 Just Post Preview Widget <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

js-jobs

js-jobs

Score: 81/100 JS Job Manager <= 2.0.2 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.0.2 Patched: Updated: July 1, 2026
LOW

jobwp

jobwp

Score: 93/100 JobWP <= 2.3.9 - Cross-Site Request Forgery Affected: *-2.3.9 Patched: 2.4.0 Updated: July 1, 2026
LOW

jetpack-feedback-exporter

jetpack-feedback-exporter

Score: 91/100 Jetpack Feedback Exporter <= 1.23 - Unauthenticated Sensitive Information Exposure Affected: *-1.23 Patched: Updated: July 1, 2026
LOW

intelly-welcome-bar

intelly-welcome-bar

Score: 91/100 Welcome Bar <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.4 Patched: Updated: July 1, 2026
LOW

intelly-posts-footer-manager

intelly-posts-footer-manager

Score: 91/100 Posts Footer Manager <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.0 Patched: Updated: July 1, 2026
LOW

instantsearch-for-woocommerce

instantsearch-for-woocommerce

Score: 93/100 Search, Filters & Merchandising for WooCommerce <= 3.0.58 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.58 Patched: 3.0.59 Updated: July 1, 2026
LOW

gutenify

gutenify

Score: 91/100 Gutenify <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.7 Patched: 1.5.8 Updated: July 1, 2026
LOW

googleanalytics

googleanalytics

Score: 91/100 ShareThis Dashboard for Google Analytics <= 3.2.3 - Cross-Site Request Forgery Affected: *-3.2.3 Patched: 3.2.4 Updated: July 1, 2026
LOW

google-maps-easy

google-maps-easy

Score: 93/100 Easy Google Maps <= 1.11.18 - Authenticated (Author+) XML Entity Injection Affected: *-1.11.18 Patched: 1.11.19 Updated: July 1, 2026
LOW

gallery-for-ultimate-member

gallery-for-ultimate-member

Score: 91/100 Video & Photo Gallery for Ultimate Member <= 1.1.3 - Authenticated (Administrator+) SQL Injection Affected: *-1.1.3 Patched: Updated: July 1, 2026
LOW

funnelcockpit

funnelcockpit

Score: 93/100 FunnelCockpit <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: 1.4.4 Updated: July 1, 2026
LOW

freetobook-responsive-widget

freetobook-responsive-widget

Score: 93/100 Freetobook Responsive Widget <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: 1.1.1 Updated: July 1, 2026
LOW

foobox-image-lightbox

foobox-image-lightbox

Score: 93/100 FooBox Image Lightbox <= 2.7.33 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.7.33 Patched: 2.7.34 Updated: July 1, 2026
LOW

fami-woocommerce-compare

fami-woocommerce-compare

Score: 91/100 Fami WooCommerce Compare <= 1.0.5 - Unauthenticated Local File Inclusion Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

falling-things

falling-things

Score: 93/100 Falling things <= 1.08 - Authenticated (Editor+) SQL Injection Affected: *-1.08 Patched: 1.09 Updated: July 1, 2026
LOW

ez-form-calculator-premium

ez-form-calculator-premium

Score: 91/100 ez Form Calculator - WordPress plugin <= 2.14.1.2 - Reflected Cross-Site Scripting Affected: *-2.14.1.2 Patched: Updated: July 1, 2026
LOW

eventon-lite

eventon-lite

Score: 93/100 EventON <= 2.4.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.4.1 Patched: 2.4.2 Updated: July 1, 2026
LOW

emma-emarketing-plugin

emma-emarketing-plugin

Score: 91/100 Emma for WordPress <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 1, 2026
LOW

embed-chessboard

embed-chessboard

Score: 91/100 Embed Chessboard <= 3.07.00 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.07.00 Patched: Updated: July 1, 2026
LOW

ecwid-shopping-cart

ecwid-shopping-cart

Score: 93/100 Ecwid Shopping Cart <= 7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.0 Patched: 7.0.1 Updated: July 1, 2026
LOW

easync-booking

easync-booking

Score: 93/100 eaSYNC <= 1.3.19 - Missing Authorization Affected: *-1.3.19 Patched: 1.3.21 Updated: July 1, 2026
LOW

easy-wp-optimizer

easy-wp-optimizer

Score: 91/100 Easy WP Optimizer <= 1.1.0 - Missing Authorization Affected: *-1.1.0 Patched: Updated: July 1, 2026
LOW

easy-query

easy-query

Score: 91/100 Easy Query – WP Query Builder <= 2.0.4 - Authenticated (Administrator+) SQL Injection Affected: *-2.0.4 Patched: Updated: July 1, 2026
LOW

easy-contact

easy-contact

Score: 91/100 Easy Contact <= 0.1.2 - Reflected Cross-Site Scripting Affected: *-0.1.2 Patched: Updated: July 1, 2026
LOW

dzs-zoomsounds

dzs-zoomsounds

Score: 83/100 ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-6.91 Patched: Updated: July 1, 2026
LOW

dyapress

dyapress

Score: 91/100 DyaPress ERP/CRM <= 18.0.2.0 - Unauthenticated Local File Inclusion Affected: *-18.0.2.0 Patched: Updated: July 1, 2026
LOW

doppler-form

doppler-form

Score: 93/100 Doppler Forms <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.1 Patched: 2.6.0 Updated: July 1, 2026
LOW

display-product-variations-dropdown-on-shop-page

display-product-variations-dropdown-on-shop-page

Score: 91/100 Display product variations dropdown on shop page <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: Updated: July 1, 2026
LOW

directorypress

directorypress

Score: 93/100 DirectoryPress <= 3.6.22 - Cross-Site Request Forgery Affected: *-3.6.22 Patched: 3.6.23 Updated: July 1, 2026
LOW

dethemekit-for-elementor

dethemekit-for-elementor

Score: 89/100 DethemeKit For Elementor <= 2.1.10 - Missing Authorization Affected: *-2.1.10 Patched: Updated: July 1, 2026
LOW

daisycon

daisycon

Score: 93/100 Daisycon prijsvergelijkers <= 4.8.4 - Authenticated (Contributor+) SQL Injection Affected: *-4.8.4 Patched: 4.9.0 Updated: July 1, 2026
LOW

course-booking-system

course-booking-system

Score: 93/100 Course Booking System <= 6.1 - Missing Authorization Affected: *-6.1 Patched: 6.1.1 Updated: July 1, 2026
LOW

contact-form-with-a-meeting-scheduler-by-vcita

contact-form-with-a-meeting-scheduler-by-vcita

Score: 93/100 Contact Form Builder by vcita <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.10.4 Patched: 4.10.5 Updated: July 1, 2026
LOW

computer-repair-shop

computer-repair-shop

Score: 93/100 CRM WordPress Plugin – RepairBuddy <= 3.8213 - Missing Authorization Affected: *-3.8213 Patched: 3.8214 Updated: July 1, 2026
LOW

colibri-page-builder

colibri-page-builder

Score: 93/100 Colibri Page Builder <= 1.0.319 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.319 Patched: 1.0.332 Updated: July 1, 2026
LOW

cmp-coming-soon-maintenance

cmp-coming-soon-maintenance

Score: 93/100 CMP – Coming Soon & Maintenance <= 4.1.13 - Authenticated (Admin+) Arbitrary File Upload Affected: *-4.1.13 Patched: 4.1.15 Updated: July 1, 2026
LOW

cleverreach-wc

cleverreach-wc

Score: 93/100 Official CleverReach Plugin for WooCommerce <= 3.4.4 - Cross-Site Request Forgery to Settings Update Affected: *-3.4.4 Patched: 3.4.7 Updated: July 1, 2026
LOW

chamber-dashboard-business-directory

chamber-dashboard-business-directory

Score: 89/100 Chamber Dashboard Business Directory <= 3.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.11 Patched: Updated: July 1, 2026
LOW

cf7-zendesk

cf7-zendesk

Score: 93/100 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.3 - Cross-Site Request Forgery Affected: *-1.1.3 Patched: 1.1.4 Updated: July 1, 2026
LOW

catch-dark-mode

catch-dark-mode

Score: 93/100 Catch Dark Mode <= 2.0.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.0.1 Patched: 2.1 Updated: July 1, 2026
LOW

bwd-elementor-addons

bwd-elementor-addons

Score: 91/100 BWD Elementor Addons <= 4.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.3.20 Patched: Updated: July 1, 2026
LOW

buddyforms

buddyforms

Score: 89/100 BuddyForms <= 2.8.17 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.8.17 Patched: Updated: July 1, 2026
LOW

broken-images-redirection

broken-images-redirection

Score: 93/100 404 Image Redirection (Replace Broken Images) <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: 2.0.0 Updated: July 1, 2026
LOW

broadstreet

broadstreet

Score: 93/100 Broadstreet <= 1.51.1 - Cross-Site Request Forgery Affected: *-1.51.1 Patched: 1.52.2 Updated: July 1, 2026
LOW

brizy

brizy

Score: 93/100 Brizy <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.7 Patched: 2.7.8 Updated: July 1, 2026
LOW

bookingor

bookingor

Score: 91/100 Bookingor <= 2.0.1 - Missing Authorization Affected: *-2.0.1 Patched: 2.0.2 Updated: July 1, 2026
LOW

beds24-online-booking

beds24-online-booking

Score: 93/100 Beds24 Online Booking <= 2.0.28 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.0.28 Patched: 2.0.29 Updated: July 1, 2026
LOW

athemes-addons-for-elementor-lite

athemes-addons-for-elementor-lite

Score: 93/100 aThemes Addons for Elementor <= 1.1.3 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.3 Patched: 1.1.4 Updated: July 1, 2026
LOW

arkhe-blocks

arkhe-blocks

Score: 95/100 Arkhe Blocks <= 2.27.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.27.1 Patched: Updated: July 1, 2026
LOW

ai-image-alt-text-generator-for-wp

ai-image-alt-text-generator-for-wp

Score: 95/100 Ai Image Alt Text Generator for WP <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: 1.1.2 Updated: July 1, 2026
LOW

ai-image-alt-text-generator-for-wp

ai-image-alt-text-generator-for-wp

Score: 95/100 Ai Image Alt Text Generator for WP <= 1.1.5 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-1.1.5 Patched: Updated: July 1, 2026
LOW

ai-content-creator

ai-content-creator

Score: 97/100 AI Content Creator <= 1.2.6 - Cross-Site Request Forgery Affected: *-1.2.6 Patched: 1.3.0 Updated: July 1, 2026
LOW

advanced-woo-labels

advanced-woo-labels

Score: 97/100 Advanced Woo Labels <= 2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.15 Patched: 2.16 Updated: July 1, 2026
LOW

administrator-z

administrator-z

Score: 95/100 Administrator Z < 2026.05.10 - Cross-Site Request Forgery Affected: [*, 2026.05.10) Patched: 2026.05.10 Updated: July 1, 2026
LOW

administrator-z

administrator-z

Score: 95/100 Administrator Z <= 2025.09.27 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2025.09.27 Patched: Updated: July 1, 2026
LOW

admail

admail

Score: 95/100 AdMail – Multilingual Back in-Stock Notifier for WooCommerce <= 1.7.0 - Missing Authorization Affected: *-1.7.0 Patched: Updated: July 1, 2026
LOW

activecampaign-subscription-forms

activecampaign-subscription-forms

Score: 97/100 ActiveCampaign <= 8.1.16 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-8.1.16 Patched: 8.1.17 Updated: July 1, 2026
LOW

6storage-rentals

6storage-rentals

Score: 92/100 6Storage Rentals <= 2.19.4 - Missing Authorization Affected: *-2.19.4 Patched: Updated: July 1, 2026
LOW

1-click-migration

1-click-migration

Score: 95/100 1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure Affected: *-2.2 Patched: Updated: July 1, 2026
LOW

1-click-backup-restore-database-by-sunbytes

1-click-backup-restore-database-by-sunbytes

Score: 95/100 1-Click Backup & Restore Database <= 1.0.3 - Missing Authorization Affected: *-1.0.3 Patched: Updated: July 1, 2026
LOW

simple-banner

simple-banner

Score: N/A Simple Banner <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.4 Patched: 3.0.5 Updated: July 1, 2026
LOW

woo-product-filter

woo-product-filter

Score: N/A Product Filter by WBW <= 2.7.9 - Unauthenticated SQL Injection via filtersDataBackend Parameter Affected: *-2.7.9 Patched: 2.8.0 Updated: July 1, 2026
LOW

td-composer

td-composer

Score: N/A TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation Affected: *-5.3 Patched: 5.4 Updated: July 1, 2026
LOW

countdown-builder

countdown-builder

Score: 91/100 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion Affected: *-2.8.9.1 Patched: 2.9.0 Updated: July 1, 2026

Showing 10201 to 10300 of 36320 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 13:50 UTC.