Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36320

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
uncanny-automator uncanny-automator N/A Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation LOW *-6.3.0.2 6.4.0 July 1, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File Upload LOW 4.0.1-7.2.4 7.2.5 July 1, 2026
xv-random-quotes xv-random-quotes N/A XV Random Quotes <= 1.41 - Reflected Cross-Site Scripting LOW *-1.41 2.0.1 July 1, 2026
wptobe-signinup wptobe-signinup N/A Wptobe-signinup <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 July 1, 2026
wp-identicon wp-identicon N/A WP_Identicon <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 1, 2026
woffice-core woffice-core N/A Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval LOW *-5.4.21 5.4.22 July 1, 2026
woffice-core woffice-core N/A Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-5.4.21 5.4.22 July 1, 2026
vehica-core vehica-core N/A Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation LOW *-1.0.97 1.0.98 July 1, 2026
turitop-booking-system turitop-booking-system N/A TuriTop Booking System <= 1.0.10 - Missing Authorization LOW *-1.0.10 July 1, 2026
textme-sms-integration textme-sms-integration N/A TextMe SMS <= 1.9.1 - Missing Authorization LOW *-1.9.1 1.9.2 July 1, 2026
testimonial testimonial N/A Testimonial Slider <= 2.0.13 - Authenticated (Contributor+) PHP Object Injection LOW *-2.0.13 2.0.14 July 1, 2026
team-display team-display N/A Team Builder <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 1, 2026
tailpress tailpress N/A TailPress <= 0.4.4 - Unauthenticated Sensitive Information Exposure LOW *-0.4.4 July 1, 2026
small-package-quotes-wwe-edition small-package-quotes-wwe-edition N/A Small Package Quotes – Worldwide Express Edition <= 5.2.19 - Missing Authorization LOW *-5.2.19 5.2.20 July 1, 2026
publitio publitio N/A Publitio <= 2.2.1 - Authenticated (Contributor+) Arbitrary File Read LOW *-2.2.1 2.2.2 July 1, 2026
powerpress-multisite powerpress-multisite N/A Blubrry PowerPress Podcasting plugin MultiSite add-on <= 0.1.1 - Reflected Cross-Site Scripting LOW *-0.1.1 July 1, 2026
payday payday N/A Payday <= 3.3.13 - Missing Authorization LOW *-3.3.13 July 1, 2026
mybookprogress mybookprogress
87
MyBookProgress by Stormhill Media <= 1.0.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.8 July 1, 2026
latest-custom-post-type-updates latest-custom-post-type-updates
91
Latest Custom Post Type Updates <= 1.3.0 - Reflected Cross-Site Scripting LOW *-1.3.0 July 1, 2026
keywords-highlight-tool keywords-highlight-tool
91
Search engine keywords highlighter <= 0.1.3 - Reflected Cross-Site Scripting LOW *-0.1.3 July 1, 2026
include-file include-file
89
include-file <= 1 - Authenticated (Contributor+) Arbitrary File Download LOW *-1 July 1, 2026
fpw-category-thumbnails fpw-category-thumbnails
95
FPW Category Thumbnails <= 1.9.5 - Missing Authorization LOW *-1.9.5 July 1, 2026
fonto fonto
93
Fonto <= 1.2.2 - Authenticated (Author+) Arbitrary File Download LOW *-1.2.2 1.2.3 July 1, 2026
flickr-photostream flickr-photostream
91
Flickr Photostream <= 3.1.8 - Reflected Cross-Site Scripting LOW *-3.1.8 July 1, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress email-subscribers
65
Email Subscribers & Newsletters <= 5.7.49 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.7.49 5.7.50 July 1, 2026
docxpresso docxpresso
91
Docxpresso <= 2.6 - Authenticated (Contributor+) Arbitrary File Download LOW *-2.6 July 1, 2026
debounce-io-email-validator debounce-io-email-validator
93
DeBounce Email Validator <= 5.7 - Unauthenticated Local File Inclusion LOW *-5.7 5.71 July 1, 2026
cm-header-footer-script-loader cm-header-footer-script-loader
93
CM Header and Footer <= 1.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.2.4 1.2.5 July 1, 2026
cf7-spreadsheets cf7-spreadsheets
87
CF7 Spreadsheets <= 2.3.2 - Reflected Cross-Site Scripting LOW *-2.3.2 July 1, 2026
category-posts category-posts
93
Category Posts Widget <= 4.9.19 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.9.19 4.9.20 July 1, 2026
category-icon category-icon
93
Category Icon <= 1.0.1 - Authenticated (Author+) Arbitrary File Download LOW *-1.0.1 1.0.2 July 1, 2026
booking-calendar-and-notification booking-calendar-and-notification
87
Booking Calendar and Notification <= 4.0.3 - Unauthenticated SQL Injection LOW *-4.0.3 July 1, 2026
booking-calendar-and-notification booking-calendar-and-notification
87
Booking Calendar and Notification <= 4.0.3 - Authentication Bypass LOW *-4.0.3 July 1, 2026
modula-best-grid-gallery modula-best-grid-gallery
93
Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library LOW *-2.10.1 2.10.2 July 1, 2026
unlimited-elements-for-elementor unlimited-elements-for-elementor N/A Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.142 1.5.143 July 1, 2026
Big Boom Directory big-boom-directory
93
Big Boom Directory <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.0 2.5.1 July 1, 2026
user-submitted-posts user-submitted-posts N/A User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-20241026 20250327 July 1, 2026
wr-price-list-for-woocommerce wr-price-list-for-woocommerce N/A WR Price List Manager For Woocommerce <= 1.0.8 - Missing Authorization to Arbitrary Content Deletion LOW *-1.0.8 July 1, 2026
wpforo wpforo N/A wpForo Forum <= 2.4.3 - Authenticated (Subscriber+) Privilege Escalation LOW *-2.4.3 2.4.4 July 1, 2026
wp-video-playlist wp-video-playlist N/A WP Video Playlist <= 1.1.2 - Missing Authorization to Unauthenticated Settings Update LOW *-1.1.2 July 1, 2026
woo-tumblog woo-tumblog N/A WooTumblog <= 2.1.4 - Missing Authorization to Unauthenticated Content Injection LOW *-2.1.4 July 1, 2026
widget-manager-light widget-manager-light N/A Widget Manager Light <= 1.18 - Missing Authorization LOW *-1.18 July 1, 2026
wedesin-html-sitemap wedesin-html-sitemap N/A Digihood HTML Sitemap <= 3.1.1 - Reflected Cross-Site Scripting LOW *-3.1.1 July 1, 2026
web-directory-free web-directory-free N/A Web Directory Free <= 1.7.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7.6 1.7.8 July 1, 2026
videos videos N/A Videos <= 1.0.5 - Reflected Cross-Site Scripting LOW *-1.0.5 July 1, 2026
ticket-help-desk-system-lite ticket-help-desk-system-lite N/A Support Helpdesk Ticket System Lite <= 4.5.2 - Reflected Cross-Site Scripting LOW *-4.5.2 July 1, 2026
team-rosters team-rosters N/A Team Rosters <= 4.7 - Reflected Cross-Site Scripting LOW *-4.7 4.8 July 1, 2026
social-share-and-social-locker-arsocial social-share-and-social-locker-arsocial N/A Social Share And Social Locker <= 1.4.2 - Unauthenticated SQL Injection LOW *-1.4.2 July 1, 2026
social-share-and-social-locker-arsocial social-share-and-social-locker-arsocial N/A Social Share And Social Locker <= 1.4.1 - Reflected Cross-Site Scripting LOW *-1.4.1 July 1, 2026
snow-storm snow-storm N/A Snow Storm <= 1.4.6 - Reflected Cross-Site Scripting LOW *-1.4.6 1.4.7 July 1, 2026
sequel sequel N/A Sequel <= 1.0.11 - Reflected Cross-Site Scripting LOW *-1.0.11 1.0.13 July 1, 2026
seo-automatic-seo-tools seo-automatic-seo-tools N/A SEO Tools <= 4.0.7 - Reflected Cross-Site Scripting LOW *-4.0.7 July 1, 2026
richtexteditor richtexteditor N/A Rich Text Editor <= 1.0.1 - Missing Authorization LOW *-1.0.1 July 1, 2026
residential-address-detection residential-address-detection N/A Residential Address Detection <= 2.5.4 - Missing Authorization LOW *-2.5.4 2.5.5 July 1, 2026
pepro-cf7-database pepro-cf7-database N/A PeproDev CF7 Database <= 2.0.0 - Unauthenticated Stored Cross-Site Scripting LOW *-2.0.0 July 1, 2026
minimalistic-event-manager minimalistic-event-manager
91
Minimalistic Event Manager <= 1.1.1 - Missing Authorization LOW *-1.1.1 July 1, 2026
migrate-shopify-to-woocommerce migrate-shopify-to-woocommerce
91
Shopify to WooCommerce Migration <= 1.3.0 - Missing Authorization to Unauthenticated Settings Update LOW *-1.3.0 July 1, 2026
mediaview mediaview
93
MediaView <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 1.1.3 July 1, 2026
luckywp-table-of-contents luckywp-table-of-contents
93
LuckyWP Table of Contents <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-2.1.10 2.1.11 July 1, 2026
local-magic local-magic
89
Local Magic <= 2.6.0 - Missing Authorization LOW *-2.6.0 July 1, 2026
lexicata lexicata
89
Lexicata <= 1.0.16 - Reflected Cross-Site Scripting LOW *-1.0.16 July 1, 2026
gnucommerce gnucommerce
89
GNUCommerce <= 1.5.4 - Unauthenticated PHP Object Injection LOW *-1.5.4 July 1, 2026
get-bookings-wp get-bookings-wp
89
GetBookingsWP <= 1.1.27 - Missing Authorization LOW *-1.1.27 July 1, 2026
free-product-table-for-woocommerce free-product-table-for-woocommerce
89
Free Woocommerce Product Table View <= 1.78 - Missing Authorization to Arbitrary Content Deletion LOW *-1.78 July 1, 2026
custom-registration-form-builder-with-submission-manager custom-registration-form-builder-with-submission-manager
93
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-6.0.4.3 6.0.4.4 July 1, 2026
contact-form-vcard-generator contact-form-vcard-generator
87
Contact Form vCard Generator <= 2.4 - Unauthenticated Stored Cross-Site Scripting LOW *-2.4 July 1, 2026
clients clients
89
Clients <= 1.1.4 - Missing Authorization LOW *-1.1.4 July 1, 2026
botnet-attack-blocker botnet-attack-blocker
89
Botnet Attack Blocker <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.0.0 July 1, 2026
awesome-logos awesome-logos
89
Awesome Logos <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 1, 2026
apptivo-business-site apptivo-business-site
95
Apptivo Business Site CRM <= 5.3 - Missing Authorization to Arbitrary Content Deletion LOW *-5.3 5.4 July 1, 2026
advanced-typekit advanced-typekit
95
Advanced Typekit <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.1 July 1, 2026
front-end-only-users front-end-only-users
89
Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload LOW *-3.2.32 3.2.33 July 1, 2026
front-end-only-users front-end-only-users
89
Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection LOW *-3.2.32 3.2.33 July 1, 2026
gift-certificate-creator gift-certificate-creator
91
Gift Certificate Creator <= 1.1.0 - Reflected Cross-Site Scripting via receip_address Parameter LOW *-1.1.0 July 1, 2026
demo-awesome demo-awesome
91
Demo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin Activation LOW *-1.0.3 July 1, 2026
video-sidebar-widget video-sidebar-widget N/A Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting LOW *-1.0.0.3 July 1, 2026
wp-time-machine wp-time-machine N/A wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.4.0 July 1, 2026
advanced-search-by-my-solr-server advanced-search-by-my-solr-server
95
Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.5 July 1, 2026
shopperapproved-reviews shopperapproved-reviews N/A Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW 2.0-2.1 2.2 July 1, 2026
smartifw smartifw N/A Smart Icons For WordPress <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-1.0.4 July 1, 2026
insert-headers-and-footers-script insert-headers-and-footers-script
93
Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update LOW *-1.1.2 1.1.3 July 1, 2026
zoho-flow zoho-flow N/A Zoho Flow <= 2.13.3 - Missing Authorization LOW *-2.13.3 2.13.4 July 1, 2026
xili-language xili-language N/A xili-language <= 2.21.2 - Reflected Cross-Site Scripting LOW *-2.21.2 2.21.3 July 1, 2026
wpsitemap wpsitemap N/A WP Sitemap <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
wpsite-follow-us-badges wpsite-follow-us-badges N/A Follow Us Badges <= 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.11 July 1, 2026
wpshare247-elementor-addons wpshare247-elementor-addons N/A WPSHARE247 Elementor Addons <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4 July 1, 2026
wpop-elementor-addons wpop-elementor-addons N/A WPoperation Elementor Addons <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.9 July 1, 2026
wpmbytplayer wpmbytplayer N/A mb.YTPlayer <= 3.3.8 - Missing Authorization LOW *-3.3.8 July 1, 2026
wpcleaner wpcleaner N/A WP Cleaner <= 1.1.5 - Reflected Cross-Site Scripting LOW *-1.1.5 July 1, 2026
wpc-smart-linked-products wpc-smart-linked-products N/A WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce <= 1.3.5 - Authenticated (Contributor+) Privilege Escalation LOW *-1.3.5 1.3.6 July 1, 2026
wpadcenter wpadcenter N/A WP AdCenter <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.8 2.5.9 July 1, 2026
wp-webinarsystem wp-webinarsystem N/A WebinarPress <= 1.33.27 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.33.27 July 1, 2026
wp-webinarsystem wp-webinarsystem N/A WebinarPress <= 1.33.27 - Missing Authorization LOW *-1.33.27 July 1, 2026
wp-simple-html-sitemap wp-simple-html-sitemap N/A WP Simple HTML Sitemap <= 3.5 - Missing Authorization LOW *-3.5 3.6 July 1, 2026
wp-proposals wp-proposals N/A WP Proposals <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-2.3 July 1, 2026
wp-profitshare wp-profitshare N/A WP Profitshare <= 1.4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.9 July 1, 2026
wp-plugin-info-card wp-plugin-info-card N/A WP Plugin Info Card <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.3.0 5.3.1 July 1, 2026
wp-optin-wheel wp-optin-wheel N/A WP Optin Wheel <= 1.4.7 - Authenticated (Admin+) Server-Side Request Forgery LOW *-1.4.7 1.4.8 July 1, 2026
wp-modal-popup-with-cookie-integration wp-modal-popup-with-cookie-integration N/A WP Modal Popup with Cookie Integration <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.4 2.5 July 1, 2026
wp-less wp-less N/A WP-LESS <= 1.9.6 - Unauthenticated Sensitive Information Disclosure LOW *-1.9.6 1.9.7 July 1, 2026
LOW

uncanny-automator

uncanny-automator

Score: N/A Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-6.3.0.2 Patched: 6.4.0 Updated: July 1, 2026
LOW

xv-random-quotes

xv-random-quotes

Score: N/A XV Random Quotes <= 1.41 - Reflected Cross-Site Scripting Affected: *-1.41 Patched: 2.0.1 Updated: July 1, 2026
LOW

wptobe-signinup

wptobe-signinup

Score: N/A Wptobe-signinup <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 1, 2026
LOW

wp-identicon

wp-identicon

Score: N/A WP_Identicon <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 1, 2026
LOW

woffice-core

woffice-core

Score: N/A Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval Affected: *-5.4.21 Patched: 5.4.22 Updated: July 1, 2026
LOW

woffice-core

woffice-core

Score: N/A Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-5.4.21 Patched: 5.4.22 Updated: July 1, 2026
LOW

vehica-core

vehica-core

Score: N/A Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.0.97 Patched: 1.0.98 Updated: July 1, 2026
LOW

turitop-booking-system

turitop-booking-system

Score: N/A TuriTop Booking System <= 1.0.10 - Missing Authorization Affected: *-1.0.10 Patched: Updated: July 1, 2026
LOW

textme-sms-integration

textme-sms-integration

Score: N/A TextMe SMS <= 1.9.1 - Missing Authorization Affected: *-1.9.1 Patched: 1.9.2 Updated: July 1, 2026
LOW

testimonial

testimonial

Score: N/A Testimonial Slider <= 2.0.13 - Authenticated (Contributor+) PHP Object Injection Affected: *-2.0.13 Patched: 2.0.14 Updated: July 1, 2026
LOW

team-display

team-display

Score: N/A Team Builder <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

tailpress

tailpress

Score: N/A TailPress <= 0.4.4 - Unauthenticated Sensitive Information Exposure Affected: *-0.4.4 Patched: Updated: July 1, 2026
LOW

small-package-quotes-wwe-edition

small-package-quotes-wwe-edition

Score: N/A Small Package Quotes – Worldwide Express Edition <= 5.2.19 - Missing Authorization Affected: *-5.2.19 Patched: 5.2.20 Updated: July 1, 2026
LOW

publitio

publitio

Score: N/A Publitio <= 2.2.1 - Authenticated (Contributor+) Arbitrary File Read Affected: *-2.2.1 Patched: 2.2.2 Updated: July 1, 2026
LOW

powerpress-multisite

powerpress-multisite

Score: N/A Blubrry PowerPress Podcasting plugin MultiSite add-on <= 0.1.1 - Reflected Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: July 1, 2026
LOW

payday

payday

Score: N/A Payday <= 3.3.13 - Missing Authorization Affected: *-3.3.13 Patched: Updated: July 1, 2026
LOW

mybookprogress

mybookprogress

Score: 87/100 MyBookProgress by Stormhill Media <= 1.0.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.8 Patched: Updated: July 1, 2026
LOW

latest-custom-post-type-updates

latest-custom-post-type-updates

Score: 91/100 Latest Custom Post Type Updates <= 1.3.0 - Reflected Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: July 1, 2026
LOW

keywords-highlight-tool

keywords-highlight-tool

Score: 91/100 Search engine keywords highlighter <= 0.1.3 - Reflected Cross-Site Scripting Affected: *-0.1.3 Patched: Updated: July 1, 2026
LOW

include-file

include-file

Score: 89/100 include-file <= 1 - Authenticated (Contributor+) Arbitrary File Download Affected: *-1 Patched: Updated: July 1, 2026
LOW

fpw-category-thumbnails

fpw-category-thumbnails

Score: 95/100 FPW Category Thumbnails <= 1.9.5 - Missing Authorization Affected: *-1.9.5 Patched: Updated: July 1, 2026
LOW

fonto

fonto

Score: 93/100 Fonto <= 1.2.2 - Authenticated (Author+) Arbitrary File Download Affected: *-1.2.2 Patched: 1.2.3 Updated: July 1, 2026
LOW

flickr-photostream

flickr-photostream

Score: 91/100 Flickr Photostream <= 3.1.8 - Reflected Cross-Site Scripting Affected: *-3.1.8 Patched: Updated: July 1, 2026
LOW

docxpresso

docxpresso

Score: 91/100 Docxpresso <= 2.6 - Authenticated (Contributor+) Arbitrary File Download Affected: *-2.6 Patched: Updated: July 1, 2026
LOW

debounce-io-email-validator

debounce-io-email-validator

Score: 93/100 DeBounce Email Validator <= 5.7 - Unauthenticated Local File Inclusion Affected: *-5.7 Patched: 5.71 Updated: July 1, 2026
LOW

cm-header-footer-script-loader

cm-header-footer-script-loader

Score: 93/100 CM Header and Footer <= 1.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.2.4 Patched: 1.2.5 Updated: July 1, 2026
LOW

cf7-spreadsheets

cf7-spreadsheets

Score: 87/100 CF7 Spreadsheets <= 2.3.2 - Reflected Cross-Site Scripting Affected: *-2.3.2 Patched: Updated: July 1, 2026
LOW

category-posts

category-posts

Score: 93/100 Category Posts Widget <= 4.9.19 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.9.19 Patched: 4.9.20 Updated: July 1, 2026
LOW

category-icon

category-icon

Score: 93/100 Category Icon <= 1.0.1 - Authenticated (Author+) Arbitrary File Download Affected: *-1.0.1 Patched: 1.0.2 Updated: July 1, 2026
LOW

booking-calendar-and-notification

booking-calendar-and-notification

Score: 87/100 Booking Calendar and Notification <= 4.0.3 - Unauthenticated SQL Injection Affected: *-4.0.3 Patched: Updated: July 1, 2026
LOW

booking-calendar-and-notification

booking-calendar-and-notification

Score: 87/100 Booking Calendar and Notification <= 4.0.3 - Authentication Bypass Affected: *-4.0.3 Patched: Updated: July 1, 2026
LOW

modula-best-grid-gallery

modula-best-grid-gallery

Score: 93/100 Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library Affected: *-2.10.1 Patched: 2.10.2 Updated: July 1, 2026
LOW

unlimited-elements-for-elementor

unlimited-elements-for-elementor

Score: N/A Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.142 Patched: 1.5.143 Updated: July 1, 2026
LOW

Big Boom Directory

big-boom-directory

Score: 93/100 Big Boom Directory <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.0 Patched: 2.5.1 Updated: July 1, 2026
LOW

user-submitted-posts

user-submitted-posts

Score: N/A User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-20241026 Patched: 20250327 Updated: July 1, 2026
LOW

wr-price-list-for-woocommerce

wr-price-list-for-woocommerce

Score: N/A WR Price List Manager For Woocommerce <= 1.0.8 - Missing Authorization to Arbitrary Content Deletion Affected: *-1.0.8 Patched: Updated: July 1, 2026
LOW

wpforo

wpforo

Score: N/A wpForo Forum <= 2.4.3 - Authenticated (Subscriber+) Privilege Escalation Affected: *-2.4.3 Patched: 2.4.4 Updated: July 1, 2026
LOW

wp-video-playlist

wp-video-playlist

Score: N/A WP Video Playlist <= 1.1.2 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.1.2 Patched: Updated: July 1, 2026
LOW

woo-tumblog

woo-tumblog

Score: N/A WooTumblog <= 2.1.4 - Missing Authorization to Unauthenticated Content Injection Affected: *-2.1.4 Patched: Updated: July 1, 2026
LOW

widget-manager-light

widget-manager-light

Score: N/A Widget Manager Light <= 1.18 - Missing Authorization Affected: *-1.18 Patched: Updated: July 1, 2026
LOW

wedesin-html-sitemap

wedesin-html-sitemap

Score: N/A Digihood HTML Sitemap <= 3.1.1 - Reflected Cross-Site Scripting Affected: *-3.1.1 Patched: Updated: July 1, 2026
LOW

web-directory-free

web-directory-free

Score: N/A Web Directory Free <= 1.7.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7.6 Patched: 1.7.8 Updated: July 1, 2026
LOW

videos

videos

Score: N/A Videos <= 1.0.5 - Reflected Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 1, 2026
LOW

ticket-help-desk-system-lite

ticket-help-desk-system-lite

Score: N/A Support Helpdesk Ticket System Lite <= 4.5.2 - Reflected Cross-Site Scripting Affected: *-4.5.2 Patched: Updated: July 1, 2026
LOW

team-rosters

team-rosters

Score: N/A Team Rosters <= 4.7 - Reflected Cross-Site Scripting Affected: *-4.7 Patched: 4.8 Updated: July 1, 2026
LOW

social-share-and-social-locker-arsocial

social-share-and-social-locker-arsocial

Score: N/A Social Share And Social Locker <= 1.4.2 - Unauthenticated SQL Injection Affected: *-1.4.2 Patched: Updated: July 1, 2026
LOW

social-share-and-social-locker-arsocial

social-share-and-social-locker-arsocial

Score: N/A Social Share And Social Locker <= 1.4.1 - Reflected Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 1, 2026
LOW

snow-storm

snow-storm

Score: N/A Snow Storm <= 1.4.6 - Reflected Cross-Site Scripting Affected: *-1.4.6 Patched: 1.4.7 Updated: July 1, 2026
LOW

sequel

sequel

Score: N/A Sequel <= 1.0.11 - Reflected Cross-Site Scripting Affected: *-1.0.11 Patched: 1.0.13 Updated: July 1, 2026
LOW

seo-automatic-seo-tools

seo-automatic-seo-tools

Score: N/A SEO Tools <= 4.0.7 - Reflected Cross-Site Scripting Affected: *-4.0.7 Patched: Updated: July 1, 2026
LOW

richtexteditor

richtexteditor

Score: N/A Rich Text Editor <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

residential-address-detection

residential-address-detection

Score: N/A Residential Address Detection <= 2.5.4 - Missing Authorization Affected: *-2.5.4 Patched: 2.5.5 Updated: July 1, 2026
LOW

pepro-cf7-database

pepro-cf7-database

Score: N/A PeproDev CF7 Database <= 2.0.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 1, 2026
LOW

minimalistic-event-manager

minimalistic-event-manager

Score: 91/100 Minimalistic Event Manager <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

migrate-shopify-to-woocommerce

migrate-shopify-to-woocommerce

Score: 91/100 Shopify to WooCommerce Migration <= 1.3.0 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.3.0 Patched: Updated: July 1, 2026
LOW

mediaview

mediaview

Score: 93/100 MediaView <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: July 1, 2026
LOW

luckywp-table-of-contents

luckywp-table-of-contents

Score: 93/100 LuckyWP Table of Contents <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-2.1.10 Patched: 2.1.11 Updated: July 1, 2026
LOW

local-magic

local-magic

Score: 89/100 Local Magic <= 2.6.0 - Missing Authorization Affected: *-2.6.0 Patched: Updated: July 1, 2026
LOW

lexicata

lexicata

Score: 89/100 Lexicata <= 1.0.16 - Reflected Cross-Site Scripting Affected: *-1.0.16 Patched: Updated: July 1, 2026
LOW

gnucommerce

gnucommerce

Score: 89/100 GNUCommerce <= 1.5.4 - Unauthenticated PHP Object Injection Affected: *-1.5.4 Patched: Updated: July 1, 2026
LOW

get-bookings-wp

get-bookings-wp

Score: 89/100 GetBookingsWP <= 1.1.27 - Missing Authorization Affected: *-1.1.27 Patched: Updated: July 1, 2026
LOW

free-product-table-for-woocommerce

free-product-table-for-woocommerce

Score: 89/100 Free Woocommerce Product Table View <= 1.78 - Missing Authorization to Arbitrary Content Deletion Affected: *-1.78 Patched: Updated: July 1, 2026
LOW

custom-registration-form-builder-with-submission-manager

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-6.0.4.3 Patched: 6.0.4.4 Updated: July 1, 2026
LOW

contact-form-vcard-generator

contact-form-vcard-generator

Score: 87/100 Contact Form vCard Generator <= 2.4 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.4 Patched: Updated: July 1, 2026
LOW

clients

clients

Score: 89/100 Clients <= 1.1.4 - Missing Authorization Affected: *-1.1.4 Patched: Updated: July 1, 2026
LOW

botnet-attack-blocker

botnet-attack-blocker

Score: 89/100 Botnet Attack Blocker <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 1, 2026
LOW

awesome-logos

awesome-logos

Score: 89/100 Awesome Logos <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 1, 2026
LOW

apptivo-business-site

apptivo-business-site

Score: 95/100 Apptivo Business Site CRM <= 5.3 - Missing Authorization to Arbitrary Content Deletion Affected: *-5.3 Patched: 5.4 Updated: July 1, 2026
LOW

advanced-typekit

advanced-typekit

Score: 95/100 Advanced Typekit <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

front-end-only-users

front-end-only-users

Score: 89/100 Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload Affected: *-3.2.32 Patched: 3.2.33 Updated: July 1, 2026
LOW

front-end-only-users

front-end-only-users

Score: 89/100 Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection Affected: *-3.2.32 Patched: 3.2.33 Updated: July 1, 2026
LOW

gift-certificate-creator

gift-certificate-creator

Score: 91/100 Gift Certificate Creator <= 1.1.0 - Reflected Cross-Site Scripting via receip_address Parameter Affected: *-1.1.0 Patched: Updated: July 1, 2026
LOW

demo-awesome

demo-awesome

Score: 91/100 Demo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin Activation Affected: *-1.0.3 Patched: Updated: July 1, 2026
LOW

video-sidebar-widget

video-sidebar-widget

Score: N/A Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting Affected: *-1.0.0.3 Patched: Updated: July 1, 2026
LOW

wp-time-machine

wp-time-machine

Score: N/A wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.4.0 Patched: Updated: July 1, 2026
LOW

advanced-search-by-my-solr-server

advanced-search-by-my-solr-server

Score: 95/100 Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.5 Patched: Updated: July 1, 2026
LOW

shopperapproved-reviews

shopperapproved-reviews

Score: N/A Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: 2.0-2.1 Patched: 2.2 Updated: July 1, 2026
LOW

smartifw

smartifw

Score: N/A Smart Icons For WordPress <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.0.4 Patched: Updated: July 1, 2026
LOW

insert-headers-and-footers-script

insert-headers-and-footers-script

Score: 93/100 Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update Affected: *-1.1.2 Patched: 1.1.3 Updated: July 1, 2026
LOW

zoho-flow

zoho-flow

Score: N/A Zoho Flow <= 2.13.3 - Missing Authorization Affected: *-2.13.3 Patched: 2.13.4 Updated: July 1, 2026
LOW

xili-language

xili-language

Score: N/A xili-language <= 2.21.2 - Reflected Cross-Site Scripting Affected: *-2.21.2 Patched: 2.21.3 Updated: July 1, 2026
LOW

wpsitemap

wpsitemap

Score: N/A WP Sitemap <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

wpsite-follow-us-badges

wpsite-follow-us-badges

Score: N/A Follow Us Badges <= 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.11 Patched: Updated: July 1, 2026
LOW

wpshare247-elementor-addons

wpshare247-elementor-addons

Score: N/A WPSHARE247 Elementor Addons <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4 Patched: Updated: July 1, 2026
LOW

wpop-elementor-addons

wpop-elementor-addons

Score: N/A WPoperation Elementor Addons <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.9 Patched: Updated: July 1, 2026
LOW

wpmbytplayer

wpmbytplayer

Score: N/A mb.YTPlayer <= 3.3.8 - Missing Authorization Affected: *-3.3.8 Patched: Updated: July 1, 2026
LOW

wpcleaner

wpcleaner

Score: N/A WP Cleaner <= 1.1.5 - Reflected Cross-Site Scripting Affected: *-1.1.5 Patched: Updated: July 1, 2026
LOW

wpc-smart-linked-products

wpc-smart-linked-products

Score: N/A WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce <= 1.3.5 - Authenticated (Contributor+) Privilege Escalation Affected: *-1.3.5 Patched: 1.3.6 Updated: July 1, 2026
LOW

wpadcenter

wpadcenter

Score: N/A WP AdCenter <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.8 Patched: 2.5.9 Updated: July 1, 2026
LOW

wp-webinarsystem

wp-webinarsystem

Score: N/A WebinarPress <= 1.33.27 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.33.27 Patched: Updated: July 1, 2026
LOW

wp-webinarsystem

wp-webinarsystem

Score: N/A WebinarPress <= 1.33.27 - Missing Authorization Affected: *-1.33.27 Patched: Updated: July 1, 2026
LOW

wp-simple-html-sitemap

wp-simple-html-sitemap

Score: N/A WP Simple HTML Sitemap <= 3.5 - Missing Authorization Affected: *-3.5 Patched: 3.6 Updated: July 1, 2026
LOW

wp-proposals

wp-proposals

Score: N/A WP Proposals <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: July 1, 2026
LOW

wp-profitshare

wp-profitshare

Score: N/A WP Profitshare <= 1.4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.9 Patched: Updated: July 1, 2026
LOW

wp-plugin-info-card

wp-plugin-info-card

Score: N/A WP Plugin Info Card <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.3.0 Patched: 5.3.1 Updated: July 1, 2026
LOW

wp-optin-wheel

wp-optin-wheel

Score: N/A WP Optin Wheel <= 1.4.7 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-1.4.7 Patched: 1.4.8 Updated: July 1, 2026
LOW

wp-modal-popup-with-cookie-integration

wp-modal-popup-with-cookie-integration

Score: N/A WP Modal Popup with Cookie Integration <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.4 Patched: 2.5 Updated: July 1, 2026
LOW

wp-less

wp-less

Score: N/A WP-LESS <= 1.9.6 - Unauthenticated Sensitive Information Disclosure Affected: *-1.9.6 Patched: 1.9.7 Updated: July 1, 2026

Showing 10301 to 10400 of 36320 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 14:56 UTC.