Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36320

Across tracked plugins

Affected Plugins

94

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wp-galleria wp-galleria N/A WordPress Galleria <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 July 1, 2026
wp-crowdfunding wp-crowdfunding N/A WP Crowdfunding <= 2.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.15 2.1.16 July 1, 2026
wp-clone-any-post-type wp-clone-any-post-type N/A WP Clone any post type <= 3.6 - Open Redirect LOW *-3.6 3.7 July 1, 2026
wp-clone-any-post-type wp-clone-any-post-type N/A WP Clone any post type <= 3.6 - Missing Authorization LOW *-3.6 July 1, 2026
wp-chrono wp-chrono N/A WP Chrono <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.4 July 1, 2026
wp-bookmarks wp-bookmarks N/A WP Bookmarks <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 1, 2026
wp-autokeyword wp-autokeyword N/A WP AutoKeyword <= 1.0 - Missing Authorization to Arbitrary Content Deletion LOW *-1.0 July 1, 2026
wp-access-areas wp-access-areas N/A Access Areas <= 1.5.19 - Reflected Cross-Site Scripting LOW *-1.5.19 1.5.20 July 1, 2026
woo-product-tables woo-product-tables N/A Product Table by WBW <= 2.1.4 - Reflected Cross-Site Scripting LOW *-2.1.4 2.1.5 July 1, 2026
woo-order-splitter woo-order-splitter N/A Order Splitter for WooCommerce <= 5.3.0 - Authenticated (Subscriber+) SQL Injection LOW *-5.3.0 5.3.1 July 1, 2026
woo-giftcards woo-giftcards N/A Gift Cards for WooCommerce <= 1.5.8 - Missing Authorization LOW *-1.5.8 July 1, 2026
wiredminds-leadlab wiredminds-leadlab N/A LeadLab by wiredminds <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 1.4 July 1, 2026
webling webling N/A Webling <= 3.9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.9.0 3.9.1 July 1, 2026
wc-checkout-getnet wc-checkout-getnet N/A Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Reflected Cross-Site Scripting LOW *-1.7.3 1.8.0 July 1, 2026
watu watu N/A Watu Quiz <= 3.4.2 - Reflected Cross-Site Scripting LOW *-3.4.2 3.4.3 July 1, 2026
viral-loops-wp-integration viral-loops-wp-integration N/A Viral Loops WP Integration <= 3.8.1 - Unauthenticated Sensitive Information Disclosure LOW *-3.8.1 July 1, 2026
v-form v-form N/A VForm <= 3.1.9 - Reflected Cross-Site Scripting LOW *-3.1.9 3.1.10 July 1, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder user-registration N/A User Registration & Membership <= 4.1.2 - Authentication Bypass LOW *-4.1.2 4.1.3 July 1, 2026
uptime-robot-monitor uptime-robot-monitor N/A Uptime Robot Plugin for WordPress <= 2.3 - Cross-Site Request Forgery LOW *-2.3 July 1, 2026
upc-ean-barcode-generator upc-ean-barcode-generator N/A UPC/EAN/GTIN Code Generator <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-2.0.2 2.0.3 July 1, 2026
ultimate-push-notifications ultimate-push-notifications N/A Ultimate Push Notifications <= 1.1.8 - Reflected Cross-Site Scripting LOW *-1.1.8 July 1, 2026
tz-plus-gallery tz-plus-gallery N/A TZ PlusGallery <= 1.5.5 - Cross-Site Request Forgery LOW *-1.5.5 July 1, 2026
turisbook-booking-system turisbook-booking-system N/A Turisbook Booking System <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.7 July 1, 2026
tour-booking-manager tour-booking-manager N/A WpTravelly <= 1.8.7 - Authenticated (Contributor+) PHP Object Injection LOW *-1.8.7 1.8.8 July 1, 2026
theme-duplicator theme-duplicator N/A Theme Duplicator <= 1.1 - Cross-Site Request Forgery LOW *-1.1 July 1, 2026
theatre theatre N/A Theater for WordPress <= 0.18.7 - Missing Authorization LOW *-0.18.7 0.18.8 July 1, 2026
the-logo-slider the-logo-slider N/A The Logo Slider <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 1, 2026
team-members-for-elementor team-members-for-elementor N/A Team Members for Elementor Page Builder <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 July 1, 2026
sync-wc-google sync-wc-google N/A Bulk Product Sync <= 8.6 - Cross-Site Request Forgery LOW *-8.6 9.0 July 1, 2026
sticky-add-to-cart-woo sticky-add-to-cart-woo N/A Simple Sticky Add To Cart For WooCommerce <= 1.4.6 - Missing Authorization LOW *-1.4.6 July 1, 2026
srbtranslatin srbtranslatin N/A Srbtranslatin <= 3.2.0 - Unauthenticated Sensitive Information Exposure LOW *-3.2.0 July 1, 2026
sprout-clients sprout-clients N/A Sprout Clients <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2 3.2.1 July 1, 2026
social-testimonials-and-reviews-widget social-testimonials-and-reviews-widget N/A Social proof testimonials and reviews by Repuso <= 5.21 - Missing Authorization LOW *-5.21 5.22 July 1, 2026
snapwidget-wp-instagram-widget snapwidget-wp-instagram-widget N/A SnapWidget Social Photo Feed Widget <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 1, 2026
smm-api smm-api N/A SMM API <= 6.0.30 - Unauthenticated Stored Cross-Site Scripting LOW *-6.0.30 July 1, 2026
smartarget-popup smartarget-popup N/A Smartarget Popup <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4 July 1, 2026
small-package-quotes-wwe-edition small-package-quotes-wwe-edition N/A Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Reflected Cross-Site Scripting LOW *-5.2.18 5.2.19 July 1, 2026
simply-rets simply-rets N/A SimplyRETS Real Estate IDX <= 3.2.2 - Reflected Cross-Site Scripting LOW *-3.2.2 3.2.3 July 1, 2026
simple-post-expiration simple-post-expiration N/A Simple Post Expiration <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 1, 2026
simple-map-no-api simple-map-no-api N/A Simple Map No Api <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9 July 1, 2026
simple-icons simple-icons N/A Simple Icons <= 2.8.4 - Missing Authorization LOW *-2.8.4 July 1, 2026
shortpixel-adaptive-images shortpixel-adaptive-images N/A ShortPixel Adaptive Images <= 3.10.0 - Missing Authorization LOW *-3.10.0 3.10.1 July 1, 2026
shopcred shopcred N/A ShopCred <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.8 July 1, 2026
shiptimize-for-woocommerce shiptimize-for-woocommerce N/A Shiptimize for WooCommerce <= 3.1.86 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-3.1.86 July 1, 2026
ship-per-product ship-per-product N/A Ship Per Product <= 2.1.0 - Missing Authorization LOW *-2.1.0 July 1, 2026
ship-depot ship-depot N/A ShipDepot for WooCommerce <= 1.2.19 - Missing Authorization LOW *-1.2.19 July 1, 2026
sheetdb sheetdb N/A SheetDB <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.4 1.3.5 July 1, 2026
sheet2site sheet2site N/A Sheet2Site <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.18 July 1, 2026
secure-copy-content-protection secure-copy-content-protection N/A Secure Copy Content Protection and Content Locking <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting LOW *-4.4.3 4.4.5 July 1, 2026
scss-wp-editor scss-wp-editor N/A SCSS WP Editor <= 1.2.1 - Cross-Site Request Forgery LOW *-1.2.1 1.2.2 July 1, 2026
salon-booking-system salon-booking-system N/A Salon booking system <= 10.11 - Authenticated Privilege Escalation LOW *-10.11 10.15 July 1, 2026
review-manager review-manager N/A Review Manager <= 2.2.0 - Missing Authorization LOW *-2.2.0 July 1, 2026
restropress restropress N/A RestroPress <= 3.2.8 - Missing Authorization LOW *-3.2.8 3.2.8.1 July 1, 2026
question-answer question-answer N/A Question Answer <= 1.2.70 - Missing Authorization LOW *-1.2.70 July 1, 2026
query-wrangler query-wrangler N/A Query Wrangler <= 1.5.54 - Cross-Site Request Forgery LOW *-1.5.54 1.5.55 July 1, 2026
publitio publitio N/A Publitio <= 2.1.8 - Missing Authorization LOW *-2.1.8 2.1.9 July 1, 2026
publitio publitio N/A Publitio <= 2.1.8 - Missing Authorization LOW *-2.1.8 2.1.9 July 1, 2026
product-notices-for-woocommerce product-notices-for-woocommerce N/A Product Notices for WooCommerce <= 1.3.3 - Cross-Site Request Forgery LOW *-1.3.3 July 1, 2026
printus-cloud-printing-for-woocommerce printus-cloud-printing-for-woocommerce N/A Printus <= 1.2.6 - Missing Authorization LOW *-1.2.6 1.2.7 July 1, 2026
posten-post-blocks posten-post-blocks N/A Posten <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.0.1 July 1, 2026
post-custom-templates-lite post-custom-templates-lite N/A Post Custom Templates Lite <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.14 July 1, 2026
post-block post-block N/A FancyPost <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.0.1 July 1, 2026
planyo-online-reservation-system planyo-online-reservation-system N/A Planyo online reservation system <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0 July 1, 2026
piotnetforms piotnetforms N/A Piotnet Forms <= 1.0.30 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.0.30 July 1, 2026
piotnetforms piotnetforms N/A Piotnet Forms <= 1.0.30 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.0.30 July 1, 2026
pin-generator pin-generator N/A Pin Generator <= 2.0.0 - Missing Authorization LOW *-2.0.0 2.0.1 July 1, 2026
photoshelter-official-plugin photoshelter-official-plugin N/A PhotoShelter for Photographers Blog Feed Plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.7 July 1, 2026
perfect-font-awesome-integration perfect-font-awesome-integration N/A Perfect Font Awesome Integration <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3 2.3.1 July 1, 2026
pearl-header-builder pearl-header-builder N/A Pearl <= 1.3.9 - Cross-Site Request Forgery LOW *-1.3.9 1.3.10 July 1, 2026
pearl-header-builder pearl-header-builder N/A Pearl <= 1.3.9 - Missing Authorization LOW *-1.3.9 1.3.10 July 1, 2026
pdf-generator-addon-for-elementor-page-builder pdf-generator-addon-for-elementor-page-builder N/A PDF Generator Addon for Elementor Page Builder <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.0 2.2.0 July 1, 2026
pcloud-backup pcloud-backup N/A pCloud Backup <= 1.0.1 - Missing Authorization LOW *-1.0.1 July 1, 2026
pages-order pages-order N/A Pages Order <= 1.1.3 - Reflected Cross-Site Scripting LOW *-1.1.3 July 1, 2026
ownerrez ownerrez N/A OwnerRez <= 1.2.0 - Cross-Site Request Forgery LOW *-1.2.0 1.2.1 July 1, 2026
oracle-cards oracle-cards N/A Oracle Cards Lite <= 1.2.1 - Reflected Cross-Site Scripting LOW *-1.2.1 1.2.2 July 1, 2026
openai-tools-for-wp-wc openai-tools-for-wp-wc N/A OpenAI Tools for WordPress & WooCommerce <= 2.1.5 - Missing Authorization LOW *-2.1.5 July 1, 2026
open-ai-search-bar open-ai-search-bar N/A AI Search Bar <= 2.1 - Unauthenticated Stored Cross-Site Scripting LOW *-2.1 2.2 July 1, 2026
opal-portfolios opal-portfolios N/A Opal Portfolio <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 July 1, 2026
nova-blocks nova-blocks N/A Nova Blocks by Pixelgrade <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.8 2.1.9 July 1, 2026
norse-runes-oracle norse-runes-oracle N/A Norse Rune Oracle Plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.3 1.4.4 July 1, 2026
ni-woocommerce-cost-of-goods ni-woocommerce-cost-of-goods N/A Ni WooCommerce Cost Of Goods <= 3.2.8 - Missing Authorization LOW *-3.2.8 3.2.9 July 1, 2026
news-magazine-and-blog-elements news-magazine-and-blog-elements N/A News, Magazine and Blog Elements <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 July 1, 2026
nemesis-all-in-one nemesis-all-in-one N/A Nemesis All-in-One <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 July 1, 2026
nanosupport nanosupport
89
NanoSupport <= 0.6.0 - Reflected Cross-Site Scripting LOW *-0.6.0 July 1, 2026
mybookprogress mybookprogress
87
MyBookProgress by Stormhill Media <= 1.0.8 - Missing Authorization LOW *-1.0.8 July 1, 2026
mx-time-zone-clocks mx-time-zone-clocks
89
MX Time Zone Clocks <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.1.1 July 1, 2026
mobile-app mobile-app
93
Mobile App Canvas <= 3.8.2 - Missing Authorization LOW *-3.8.2 3.8.3 July 1, 2026
mfolio-lite mfolio-lite
91
mFolio Lite <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2 July 1, 2026
material-dashboard material-dashboard
93
Material Dashboard <= 1.4.5 - Unauthenticated Local File Inclusion LOW *-1.4.5 1.4.6 July 1, 2026
marketer-addons marketer-addons
91
Marketer Addons <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 1, 2026
Magical Blocks – Elementor Style Blocks for Gutenberg magical-blocks
99
Magical Blocks <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.12 2.0.0 July 1, 2026
limit-max-ips-per-user limit-max-ips-per-user
91
Limit Max IPs Per User <= 1.5 - Reflected Cross-Site Scripting LOW *-1.5 July 1, 2026
lightweight-and-responsive-youtube-embed lightweight-and-responsive-youtube-embed
89
Lightweight and Responsive Youtube Embed <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
lightweight-and-responsive-youtube-embed lightweight-and-responsive-youtube-embed
89
Lightweight and Responsive Youtube Embed <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 1, 2026
leartes-try-exchange-rates leartes-try-exchange-rates
91
Leartes TRY Exchange Rates <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1 July 1, 2026
leadquizzes leadquizzes
91
LeadQuizzes <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 1, 2026
labinator-content-types-duplicator labinator-content-types-duplicator
91
Labinator Content Types Duplicator <= 1.1.3 - Cross-Site Request Forgery LOW *-1.1.3 July 1, 2026
json-structuring-markup json-structuring-markup
91
JSON Structuring Markup <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1 July 1, 2026
js-jobs js-jobs
81
JS Job Manager <= 2.0.2 - Missing Authorization LOW *-2.0.2 July 1, 2026
js-jobs js-jobs
81
JS Job Manager <= 2.0.2 - Authenticated Insecure Direct Object Reference LOW *-2.0.2 July 1, 2026
LOW

wp-galleria

wp-galleria

Score: N/A WordPress Galleria <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 1, 2026
LOW

wp-crowdfunding

wp-crowdfunding

Score: N/A WP Crowdfunding <= 2.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.15 Patched: 2.1.16 Updated: July 1, 2026
LOW

wp-clone-any-post-type

wp-clone-any-post-type

Score: N/A WP Clone any post type <= 3.6 - Open Redirect Affected: *-3.6 Patched: 3.7 Updated: July 1, 2026
LOW

wp-clone-any-post-type

wp-clone-any-post-type

Score: N/A WP Clone any post type <= 3.6 - Missing Authorization Affected: *-3.6 Patched: Updated: July 1, 2026
LOW

wp-chrono

wp-chrono

Score: N/A WP Chrono <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.4 Patched: Updated: July 1, 2026
LOW

wp-bookmarks

wp-bookmarks

Score: N/A WP Bookmarks <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

wp-autokeyword

wp-autokeyword

Score: N/A WP AutoKeyword <= 1.0 - Missing Authorization to Arbitrary Content Deletion Affected: *-1.0 Patched: Updated: July 1, 2026
LOW

wp-access-areas

wp-access-areas

Score: N/A Access Areas <= 1.5.19 - Reflected Cross-Site Scripting Affected: *-1.5.19 Patched: 1.5.20 Updated: July 1, 2026
LOW

woo-product-tables

woo-product-tables

Score: N/A Product Table by WBW <= 2.1.4 - Reflected Cross-Site Scripting Affected: *-2.1.4 Patched: 2.1.5 Updated: July 1, 2026
LOW

woo-order-splitter

woo-order-splitter

Score: N/A Order Splitter for WooCommerce <= 5.3.0 - Authenticated (Subscriber+) SQL Injection Affected: *-5.3.0 Patched: 5.3.1 Updated: July 1, 2026
LOW

woo-giftcards

woo-giftcards

Score: N/A Gift Cards for WooCommerce <= 1.5.8 - Missing Authorization Affected: *-1.5.8 Patched: Updated: July 1, 2026
LOW

wiredminds-leadlab

wiredminds-leadlab

Score: N/A LeadLab by wiredminds <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: 1.4 Updated: July 1, 2026
LOW

webling

webling

Score: N/A Webling <= 3.9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.9.0 Patched: 3.9.1 Updated: July 1, 2026
LOW

wc-checkout-getnet

wc-checkout-getnet

Score: N/A Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Reflected Cross-Site Scripting Affected: *-1.7.3 Patched: 1.8.0 Updated: July 1, 2026
LOW

watu

watu

Score: N/A Watu Quiz <= 3.4.2 - Reflected Cross-Site Scripting Affected: *-3.4.2 Patched: 3.4.3 Updated: July 1, 2026
LOW

viral-loops-wp-integration

viral-loops-wp-integration

Score: N/A Viral Loops WP Integration <= 3.8.1 - Unauthenticated Sensitive Information Disclosure Affected: *-3.8.1 Patched: Updated: July 1, 2026
LOW

v-form

v-form

Score: N/A VForm <= 3.1.9 - Reflected Cross-Site Scripting Affected: *-3.1.9 Patched: 3.1.10 Updated: July 1, 2026
LOW

uptime-robot-monitor

uptime-robot-monitor

Score: N/A Uptime Robot Plugin for WordPress <= 2.3 - Cross-Site Request Forgery Affected: *-2.3 Patched: Updated: July 1, 2026
LOW

upc-ean-barcode-generator

upc-ean-barcode-generator

Score: N/A UPC/EAN/GTIN Code Generator <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-2.0.2 Patched: 2.0.3 Updated: July 1, 2026
LOW

ultimate-push-notifications

ultimate-push-notifications

Score: N/A Ultimate Push Notifications <= 1.1.8 - Reflected Cross-Site Scripting Affected: *-1.1.8 Patched: Updated: July 1, 2026
LOW

tz-plus-gallery

tz-plus-gallery

Score: N/A TZ PlusGallery <= 1.5.5 - Cross-Site Request Forgery Affected: *-1.5.5 Patched: Updated: July 1, 2026
LOW

turisbook-booking-system

turisbook-booking-system

Score: N/A Turisbook Booking System <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.7 Patched: Updated: July 1, 2026
LOW

tour-booking-manager

tour-booking-manager

Score: N/A WpTravelly <= 1.8.7 - Authenticated (Contributor+) PHP Object Injection Affected: *-1.8.7 Patched: 1.8.8 Updated: July 1, 2026
LOW

theme-duplicator

theme-duplicator

Score: N/A Theme Duplicator <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: July 1, 2026
LOW

theatre

theatre

Score: N/A Theater for WordPress <= 0.18.7 - Missing Authorization Affected: *-0.18.7 Patched: 0.18.8 Updated: July 1, 2026
LOW

the-logo-slider

the-logo-slider

Score: N/A The Logo Slider <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

team-members-for-elementor

team-members-for-elementor

Score: N/A Team Members for Elementor Page Builder <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 1, 2026
LOW

sync-wc-google

sync-wc-google

Score: N/A Bulk Product Sync <= 8.6 - Cross-Site Request Forgery Affected: *-8.6 Patched: 9.0 Updated: July 1, 2026
LOW

sticky-add-to-cart-woo

sticky-add-to-cart-woo

Score: N/A Simple Sticky Add To Cart For WooCommerce <= 1.4.6 - Missing Authorization Affected: *-1.4.6 Patched: Updated: July 1, 2026
LOW

srbtranslatin

srbtranslatin

Score: N/A Srbtranslatin <= 3.2.0 - Unauthenticated Sensitive Information Exposure Affected: *-3.2.0 Patched: Updated: July 1, 2026
LOW

sprout-clients

sprout-clients

Score: N/A Sprout Clients <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2 Patched: 3.2.1 Updated: July 1, 2026
LOW

social-testimonials-and-reviews-widget

social-testimonials-and-reviews-widget

Score: N/A Social proof testimonials and reviews by Repuso <= 5.21 - Missing Authorization Affected: *-5.21 Patched: 5.22 Updated: July 1, 2026
LOW

snapwidget-wp-instagram-widget

snapwidget-wp-instagram-widget

Score: N/A SnapWidget Social Photo Feed Widget <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 1, 2026
LOW

smm-api

smm-api

Score: N/A SMM API <= 6.0.30 - Unauthenticated Stored Cross-Site Scripting Affected: *-6.0.30 Patched: Updated: July 1, 2026
LOW

smartarget-popup

smartarget-popup

Score: N/A Smartarget Popup <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 1, 2026
LOW

small-package-quotes-wwe-edition

small-package-quotes-wwe-edition

Score: N/A Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Reflected Cross-Site Scripting Affected: *-5.2.18 Patched: 5.2.19 Updated: July 1, 2026
LOW

simply-rets

simply-rets

Score: N/A SimplyRETS Real Estate IDX <= 3.2.2 - Reflected Cross-Site Scripting Affected: *-3.2.2 Patched: 3.2.3 Updated: July 1, 2026
LOW

simple-post-expiration

simple-post-expiration

Score: N/A Simple Post Expiration <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

simple-map-no-api

simple-map-no-api

Score: N/A Simple Map No Api <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9 Patched: Updated: July 1, 2026
LOW

simple-icons

simple-icons

Score: N/A Simple Icons <= 2.8.4 - Missing Authorization Affected: *-2.8.4 Patched: Updated: July 1, 2026
LOW

shortpixel-adaptive-images

shortpixel-adaptive-images

Score: N/A ShortPixel Adaptive Images <= 3.10.0 - Missing Authorization Affected: *-3.10.0 Patched: 3.10.1 Updated: July 1, 2026
LOW

shopcred

shopcred

Score: N/A ShopCred <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.8 Patched: Updated: July 1, 2026
LOW

shiptimize-for-woocommerce

shiptimize-for-woocommerce

Score: N/A Shiptimize for WooCommerce <= 3.1.86 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-3.1.86 Patched: Updated: July 1, 2026
LOW

ship-per-product

ship-per-product

Score: N/A Ship Per Product <= 2.1.0 - Missing Authorization Affected: *-2.1.0 Patched: Updated: July 1, 2026
LOW

ship-depot

ship-depot

Score: N/A ShipDepot for WooCommerce <= 1.2.19 - Missing Authorization Affected: *-1.2.19 Patched: Updated: July 1, 2026
LOW

sheetdb

sheetdb

Score: N/A SheetDB <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.4 Patched: 1.3.5 Updated: July 1, 2026
LOW

sheet2site

sheet2site

Score: N/A Sheet2Site <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.18 Patched: Updated: July 1, 2026
LOW

secure-copy-content-protection

secure-copy-content-protection

Score: N/A Secure Copy Content Protection and Content Locking <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.4.3 Patched: 4.4.5 Updated: July 1, 2026
LOW

scss-wp-editor

scss-wp-editor

Score: N/A SCSS WP Editor <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: 1.2.2 Updated: July 1, 2026
LOW

salon-booking-system

salon-booking-system

Score: N/A Salon booking system <= 10.11 - Authenticated Privilege Escalation Affected: *-10.11 Patched: 10.15 Updated: July 1, 2026
LOW

review-manager

review-manager

Score: N/A Review Manager <= 2.2.0 - Missing Authorization Affected: *-2.2.0 Patched: Updated: July 1, 2026
LOW

restropress

restropress

Score: N/A RestroPress <= 3.2.8 - Missing Authorization Affected: *-3.2.8 Patched: 3.2.8.1 Updated: July 1, 2026
LOW

question-answer

question-answer

Score: N/A Question Answer <= 1.2.70 - Missing Authorization Affected: *-1.2.70 Patched: Updated: July 1, 2026
LOW

query-wrangler

query-wrangler

Score: N/A Query Wrangler <= 1.5.54 - Cross-Site Request Forgery Affected: *-1.5.54 Patched: 1.5.55 Updated: July 1, 2026
LOW

publitio

publitio

Score: N/A Publitio <= 2.1.8 - Missing Authorization Affected: *-2.1.8 Patched: 2.1.9 Updated: July 1, 2026
LOW

publitio

publitio

Score: N/A Publitio <= 2.1.8 - Missing Authorization Affected: *-2.1.8 Patched: 2.1.9 Updated: July 1, 2026
LOW

product-notices-for-woocommerce

product-notices-for-woocommerce

Score: N/A Product Notices for WooCommerce <= 1.3.3 - Cross-Site Request Forgery Affected: *-1.3.3 Patched: Updated: July 1, 2026
LOW

printus-cloud-printing-for-woocommerce

printus-cloud-printing-for-woocommerce

Score: N/A Printus <= 1.2.6 - Missing Authorization Affected: *-1.2.6 Patched: 1.2.7 Updated: July 1, 2026
LOW

posten-post-blocks

posten-post-blocks

Score: N/A Posten <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.0.1 Patched: Updated: July 1, 2026
LOW

post-custom-templates-lite

post-custom-templates-lite

Score: N/A Post Custom Templates Lite <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.14 Patched: Updated: July 1, 2026
LOW

post-block

post-block

Score: N/A FancyPost <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.0.1 Patched: Updated: July 1, 2026
LOW

planyo-online-reservation-system

planyo-online-reservation-system

Score: N/A Planyo online reservation system <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 1, 2026
LOW

piotnetforms

piotnetforms

Score: N/A Piotnet Forms <= 1.0.30 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.0.30 Patched: Updated: July 1, 2026
LOW

piotnetforms

piotnetforms

Score: N/A Piotnet Forms <= 1.0.30 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.0.30 Patched: Updated: July 1, 2026
LOW

pin-generator

pin-generator

Score: N/A Pin Generator <= 2.0.0 - Missing Authorization Affected: *-2.0.0 Patched: 2.0.1 Updated: July 1, 2026
LOW

photoshelter-official-plugin

photoshelter-official-plugin

Score: N/A PhotoShelter for Photographers Blog Feed Plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.7 Patched: Updated: July 1, 2026
LOW

perfect-font-awesome-integration

perfect-font-awesome-integration

Score: N/A Perfect Font Awesome Integration <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: 2.3.1 Updated: July 1, 2026
LOW

pearl-header-builder

pearl-header-builder

Score: N/A Pearl <= 1.3.9 - Cross-Site Request Forgery Affected: *-1.3.9 Patched: 1.3.10 Updated: July 1, 2026
LOW

pearl-header-builder

pearl-header-builder

Score: N/A Pearl <= 1.3.9 - Missing Authorization Affected: *-1.3.9 Patched: 1.3.10 Updated: July 1, 2026
LOW

pdf-generator-addon-for-elementor-page-builder

pdf-generator-addon-for-elementor-page-builder

Score: N/A PDF Generator Addon for Elementor Page Builder <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.0 Patched: 2.2.0 Updated: July 1, 2026
LOW

pcloud-backup

pcloud-backup

Score: N/A pCloud Backup <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

pages-order

pages-order

Score: N/A Pages Order <= 1.1.3 - Reflected Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: July 1, 2026
LOW

ownerrez

ownerrez

Score: N/A OwnerRez <= 1.2.0 - Cross-Site Request Forgery Affected: *-1.2.0 Patched: 1.2.1 Updated: July 1, 2026
LOW

oracle-cards

oracle-cards

Score: N/A Oracle Cards Lite <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: July 1, 2026
LOW

openai-tools-for-wp-wc

openai-tools-for-wp-wc

Score: N/A OpenAI Tools for WordPress & WooCommerce <= 2.1.5 - Missing Authorization Affected: *-2.1.5 Patched: Updated: July 1, 2026
LOW

open-ai-search-bar

open-ai-search-bar

Score: N/A AI Search Bar <= 2.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.1 Patched: 2.2 Updated: July 1, 2026
LOW

opal-portfolios

opal-portfolios

Score: N/A Opal Portfolio <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 1, 2026
LOW

nova-blocks

nova-blocks

Score: N/A Nova Blocks by Pixelgrade <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.8 Patched: 2.1.9 Updated: July 1, 2026
LOW

norse-runes-oracle

norse-runes-oracle

Score: N/A Norse Rune Oracle Plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: 1.4.4 Updated: July 1, 2026
LOW

ni-woocommerce-cost-of-goods

ni-woocommerce-cost-of-goods

Score: N/A Ni WooCommerce Cost Of Goods <= 3.2.8 - Missing Authorization Affected: *-3.2.8 Patched: 3.2.9 Updated: July 1, 2026
LOW

news-magazine-and-blog-elements

news-magazine-and-blog-elements

Score: N/A News, Magazine and Blog Elements <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 1, 2026
LOW

nemesis-all-in-one

nemesis-all-in-one

Score: N/A Nemesis All-in-One <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 1, 2026
LOW

nanosupport

nanosupport

Score: 89/100 NanoSupport <= 0.6.0 - Reflected Cross-Site Scripting Affected: *-0.6.0 Patched: Updated: July 1, 2026
LOW

mybookprogress

mybookprogress

Score: 87/100 MyBookProgress by Stormhill Media <= 1.0.8 - Missing Authorization Affected: *-1.0.8 Patched: Updated: July 1, 2026
LOW

mx-time-zone-clocks

mx-time-zone-clocks

Score: 89/100 MX Time Zone Clocks <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.1.1 Patched: Updated: July 1, 2026
LOW

mobile-app

mobile-app

Score: 93/100 Mobile App Canvas <= 3.8.2 - Missing Authorization Affected: *-3.8.2 Patched: 3.8.3 Updated: July 1, 2026
LOW

mfolio-lite

mfolio-lite

Score: 91/100 mFolio Lite <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 1, 2026
LOW

material-dashboard

material-dashboard

Score: 93/100 Material Dashboard <= 1.4.5 - Unauthenticated Local File Inclusion Affected: *-1.4.5 Patched: 1.4.6 Updated: July 1, 2026
LOW

marketer-addons

marketer-addons

Score: 91/100 Marketer Addons <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 1, 2026
LOW

limit-max-ips-per-user

limit-max-ips-per-user

Score: 91/100 Limit Max IPs Per User <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 1, 2026
LOW

lightweight-and-responsive-youtube-embed

lightweight-and-responsive-youtube-embed

Score: 89/100 Lightweight and Responsive Youtube Embed <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

lightweight-and-responsive-youtube-embed

lightweight-and-responsive-youtube-embed

Score: 89/100 Lightweight and Responsive Youtube Embed <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 1, 2026
LOW

leartes-try-exchange-rates

leartes-try-exchange-rates

Score: 91/100 Leartes TRY Exchange Rates <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 1, 2026
LOW

leadquizzes

leadquizzes

Score: 91/100 LeadQuizzes <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 1, 2026
LOW

labinator-content-types-duplicator

labinator-content-types-duplicator

Score: 91/100 Labinator Content Types Duplicator <= 1.1.3 - Cross-Site Request Forgery Affected: *-1.1.3 Patched: Updated: July 1, 2026
LOW

json-structuring-markup

json-structuring-markup

Score: 91/100 JSON Structuring Markup <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 1, 2026
LOW

js-jobs

js-jobs

Score: 81/100 JS Job Manager <= 2.0.2 - Missing Authorization Affected: *-2.0.2 Patched: Updated: July 1, 2026
LOW

js-jobs

js-jobs

Score: 81/100 JS Job Manager <= 2.0.2 - Authenticated Insecure Direct Object Reference Affected: *-2.0.2 Patched: Updated: July 1, 2026

Showing 10401 to 10500 of 36320 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 1, 2026 at 16:15 UTC.