Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36401

Across tracked plugins

Affected Plugins

94

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
upc-ean-barcode-generator upc-ean-barcode-generator N/A UPC/EAN/GTIN Code Generator <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-2.0.2 2.0.3 July 2, 2026
ultimate-push-notifications ultimate-push-notifications N/A Ultimate Push Notifications <= 1.1.8 - Reflected Cross-Site Scripting LOW *-1.1.8 July 2, 2026
tz-plus-gallery tz-plus-gallery N/A TZ PlusGallery <= 1.5.5 - Cross-Site Request Forgery LOW *-1.5.5 July 2, 2026
turisbook-booking-system turisbook-booking-system N/A Turisbook Booking System <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.7 July 2, 2026
tour-booking-manager tour-booking-manager N/A WpTravelly <= 1.8.7 - Authenticated (Contributor+) PHP Object Injection LOW *-1.8.7 1.8.8 July 2, 2026
theme-duplicator theme-duplicator N/A Theme Duplicator <= 1.1 - Cross-Site Request Forgery LOW *-1.1 July 2, 2026
theatre theatre N/A Theater for WordPress <= 0.18.7 - Missing Authorization LOW *-0.18.7 0.18.8 July 2, 2026
the-logo-slider the-logo-slider N/A The Logo Slider <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 2, 2026
team-members-for-elementor team-members-for-elementor N/A Team Members for Elementor Page Builder <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 July 2, 2026
sync-wc-google sync-wc-google N/A Bulk Product Sync <= 8.6 - Cross-Site Request Forgery LOW *-8.6 9.0 July 2, 2026
sticky-add-to-cart-woo sticky-add-to-cart-woo N/A Simple Sticky Add To Cart For WooCommerce <= 1.4.6 - Missing Authorization LOW *-1.4.6 July 2, 2026
srbtranslatin srbtranslatin N/A Srbtranslatin <= 3.2.0 - Unauthenticated Sensitive Information Exposure LOW *-3.2.0 July 2, 2026
sprout-clients sprout-clients N/A Sprout Clients <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2 3.2.1 July 2, 2026
social-testimonials-and-reviews-widget social-testimonials-and-reviews-widget N/A Social proof testimonials and reviews by Repuso <= 5.21 - Missing Authorization LOW *-5.21 5.22 July 2, 2026
snapwidget-wp-instagram-widget snapwidget-wp-instagram-widget N/A SnapWidget Social Photo Feed Widget <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 2, 2026
smm-api smm-api N/A SMM API <= 6.0.30 - Unauthenticated Stored Cross-Site Scripting LOW *-6.0.30 July 2, 2026
smartarget-popup smartarget-popup N/A Smartarget Popup <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4 July 2, 2026
small-package-quotes-wwe-edition small-package-quotes-wwe-edition N/A Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Reflected Cross-Site Scripting LOW *-5.2.18 5.2.19 July 2, 2026
simply-rets simply-rets N/A SimplyRETS Real Estate IDX <= 3.2.2 - Reflected Cross-Site Scripting LOW *-3.2.2 3.2.3 July 2, 2026
simple-post-expiration simple-post-expiration N/A Simple Post Expiration <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 2, 2026
simple-map-no-api simple-map-no-api N/A Simple Map No Api <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9 July 2, 2026
simple-icons simple-icons N/A Simple Icons <= 2.8.4 - Missing Authorization LOW *-2.8.4 July 2, 2026
shortpixel-adaptive-images shortpixel-adaptive-images N/A ShortPixel Adaptive Images <= 3.10.0 - Missing Authorization LOW *-3.10.0 3.10.1 July 2, 2026
shopcred shopcred N/A ShopCred <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.8 July 2, 2026
shiptimize-for-woocommerce shiptimize-for-woocommerce N/A Shiptimize for WooCommerce <= 3.1.86 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-3.1.86 July 2, 2026
ship-per-product ship-per-product N/A Ship Per Product <= 2.1.0 - Missing Authorization LOW *-2.1.0 July 2, 2026
ship-depot ship-depot N/A ShipDepot for WooCommerce <= 1.2.19 - Missing Authorization LOW *-1.2.19 July 2, 2026
sheetdb sheetdb N/A SheetDB <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.4 1.3.5 July 2, 2026
sheet2site sheet2site N/A Sheet2Site <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.18 July 2, 2026
secure-copy-content-protection secure-copy-content-protection N/A Secure Copy Content Protection and Content Locking <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting LOW *-4.4.3 4.4.5 July 2, 2026
scss-wp-editor scss-wp-editor N/A SCSS WP Editor <= 1.2.1 - Cross-Site Request Forgery LOW *-1.2.1 1.2.2 July 2, 2026
salon-booking-system salon-booking-system N/A Salon booking system <= 10.11 - Authenticated Privilege Escalation LOW *-10.11 10.15 July 2, 2026
review-manager review-manager N/A Review Manager <= 2.2.0 - Missing Authorization LOW *-2.2.0 July 2, 2026
restropress restropress N/A RestroPress <= 3.2.8 - Missing Authorization LOW *-3.2.8 3.2.8.1 July 2, 2026
question-answer question-answer N/A Question Answer <= 1.2.70 - Missing Authorization LOW *-1.2.70 July 2, 2026
query-wrangler query-wrangler N/A Query Wrangler <= 1.5.54 - Cross-Site Request Forgery LOW *-1.5.54 1.5.55 July 2, 2026
publitio publitio N/A Publitio <= 2.1.8 - Missing Authorization LOW *-2.1.8 2.1.9 July 2, 2026
publitio publitio N/A Publitio <= 2.1.8 - Missing Authorization LOW *-2.1.8 2.1.9 July 2, 2026
product-notices-for-woocommerce product-notices-for-woocommerce N/A Product Notices for WooCommerce <= 1.3.3 - Cross-Site Request Forgery LOW *-1.3.3 July 2, 2026
printus-cloud-printing-for-woocommerce printus-cloud-printing-for-woocommerce N/A Printus <= 1.2.6 - Missing Authorization LOW *-1.2.6 1.2.7 July 2, 2026
posten-post-blocks posten-post-blocks N/A Posten <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.0.1 July 2, 2026
post-custom-templates-lite post-custom-templates-lite N/A Post Custom Templates Lite <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.14 July 2, 2026
post-block post-block N/A FancyPost <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.0.1 July 2, 2026
planyo-online-reservation-system planyo-online-reservation-system N/A Planyo online reservation system <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0 July 2, 2026
piotnetforms piotnetforms N/A Piotnet Forms <= 1.0.30 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.0.30 July 2, 2026
piotnetforms piotnetforms N/A Piotnet Forms <= 1.0.30 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.0.30 July 2, 2026
pin-generator pin-generator N/A Pin Generator <= 2.0.0 - Missing Authorization LOW *-2.0.0 2.0.1 July 2, 2026
photoshelter-official-plugin photoshelter-official-plugin N/A PhotoShelter for Photographers Blog Feed Plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.7 July 2, 2026
perfect-font-awesome-integration perfect-font-awesome-integration N/A Perfect Font Awesome Integration <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3 2.3.1 July 2, 2026
pearl-header-builder pearl-header-builder N/A Pearl <= 1.3.9 - Cross-Site Request Forgery LOW *-1.3.9 1.3.10 July 2, 2026
pearl-header-builder pearl-header-builder N/A Pearl <= 1.3.9 - Missing Authorization LOW *-1.3.9 1.3.10 July 2, 2026
pdf-generator-addon-for-elementor-page-builder pdf-generator-addon-for-elementor-page-builder N/A PDF Generator Addon for Elementor Page Builder <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.0 2.2.0 July 2, 2026
pcloud-backup pcloud-backup N/A pCloud Backup <= 1.0.1 - Missing Authorization LOW *-1.0.1 July 2, 2026
pages-order pages-order N/A Pages Order <= 1.1.3 - Reflected Cross-Site Scripting LOW *-1.1.3 July 2, 2026
ownerrez ownerrez N/A OwnerRez <= 1.2.0 - Cross-Site Request Forgery LOW *-1.2.0 1.2.1 July 2, 2026
oracle-cards oracle-cards N/A Oracle Cards Lite <= 1.2.1 - Reflected Cross-Site Scripting LOW *-1.2.1 1.2.2 July 2, 2026
openai-tools-for-wp-wc openai-tools-for-wp-wc N/A OpenAI Tools for WordPress & WooCommerce <= 2.1.5 - Missing Authorization LOW *-2.1.5 July 2, 2026
open-ai-search-bar open-ai-search-bar N/A AI Search Bar <= 2.1 - Unauthenticated Stored Cross-Site Scripting LOW *-2.1 2.2 July 2, 2026
opal-portfolios opal-portfolios N/A Opal Portfolio <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 July 2, 2026
nova-blocks nova-blocks
93
Nova Blocks by Pixelgrade <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.8 2.1.9 July 2, 2026
norse-runes-oracle norse-runes-oracle
93
Norse Rune Oracle Plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.3 1.4.4 July 2, 2026
ni-woocommerce-cost-of-goods ni-woocommerce-cost-of-goods
93
Ni WooCommerce Cost Of Goods <= 3.2.8 - Missing Authorization LOW *-3.2.8 3.2.9 July 2, 2026
news-magazine-and-blog-elements news-magazine-and-blog-elements
91
News, Magazine and Blog Elements <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 July 2, 2026
nemesis-all-in-one nemesis-all-in-one
91
Nemesis All-in-One <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 July 2, 2026
nanosupport nanosupport
89
NanoSupport <= 0.6.0 - Reflected Cross-Site Scripting LOW *-0.6.0 July 2, 2026
mybookprogress mybookprogress
87
MyBookProgress by Stormhill Media <= 1.0.8 - Missing Authorization LOW *-1.0.8 July 2, 2026
mx-time-zone-clocks mx-time-zone-clocks
89
MX Time Zone Clocks <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.1.1 July 2, 2026
mobile-app mobile-app
93
Mobile App Canvas <= 3.8.2 - Missing Authorization LOW *-3.8.2 3.8.3 July 2, 2026
mfolio-lite mfolio-lite
91
mFolio Lite <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2 July 2, 2026
material-dashboard material-dashboard
93
Material Dashboard <= 1.4.5 - Unauthenticated Local File Inclusion LOW *-1.4.5 1.4.6 July 2, 2026
marketer-addons marketer-addons
91
Marketer Addons <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 2, 2026
Magical Blocks – Elementor Style Blocks for Gutenberg magical-blocks
99
Magical Blocks <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.12 2.0.0 July 2, 2026
limit-max-ips-per-user limit-max-ips-per-user
91
Limit Max IPs Per User <= 1.5 - Reflected Cross-Site Scripting LOW *-1.5 July 2, 2026
lightweight-and-responsive-youtube-embed lightweight-and-responsive-youtube-embed
89
Lightweight and Responsive Youtube Embed <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 2, 2026
lightweight-and-responsive-youtube-embed lightweight-and-responsive-youtube-embed
89
Lightweight and Responsive Youtube Embed <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 2, 2026
leartes-try-exchange-rates leartes-try-exchange-rates
91
Leartes TRY Exchange Rates <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1 July 2, 2026
leadquizzes leadquizzes
91
LeadQuizzes <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 2, 2026
labinator-content-types-duplicator labinator-content-types-duplicator
91
Labinator Content Types Duplicator <= 1.1.3 - Cross-Site Request Forgery LOW *-1.1.3 July 2, 2026
json-structuring-markup json-structuring-markup
91
JSON Structuring Markup <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1 July 2, 2026
js-jobs js-jobs
81
JS Job Manager <= 2.0.2 - Missing Authorization LOW *-2.0.2 July 2, 2026
js-jobs js-jobs
81
JS Job Manager <= 2.0.2 - Authenticated Insecure Direct Object Reference LOW *-2.0.2 July 2, 2026
job-board-manager job-board-manager
83
Job Board Manager <= 2.1.60 - Missing Authorization LOW *-2.1.60 July 2, 2026
job-board-light job-board-light
87
JobBoard Job listing <= 1.2.7 - Missing Authorization LOW *-1.2.7 July 2, 2026
job-board-light job-board-light
87
JobBoard Job listing <= 1.2.7 - Authenticated (Employer+) Insecure Direct Object Reference LOW *-1.2.7 July 2, 2026
integration-of-zoho-crm-and-contact-form-7 integration-of-zoho-crm-and-contact-form-7
91
Integration of Zoho CRM and Contact Form 7 <= 1.0.6 - Open Redirect LOW *-1.0.6 July 2, 2026
hypotext hypotext
91
Hypotext <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 2, 2026
Hyperlink Group Block hyperlink-group-block
96
Hyperlink Group Block <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.1 2.0.2 July 2, 2026
HTML Forms – Simple WordPress Forms Plugin html-forms
86
HTML Forms <= 1.5.1 - Unauthenticated Stored Cross-Site Scripting LOW *-1.5.1 1.5.2 July 2, 2026
hmh-footer-builder-for-elementor hmh-footer-builder-for-elementor
91
HMH Footer Builder For Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 2, 2026
gutena-kit gutena-kit
93
Gutena Kit – Gutenberg Blocks and Templates <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.7 2.0.8 July 2, 2026
gosign-posts-slider-block gosign-posts-slider-block
89
Gosign – Posts Slider Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 2, 2026
google-seo-author-snippets google-seo-author-snippets
89
Google SEO Pressor Snippet <= 2.0 - Cross-Site Request Forgery LOW *-2.0 July 2, 2026
getastra getastra
89
Astra Security Suite <= 0.2 - Missing Authorization LOW *-0.2 July 2, 2026
gdpr-cookie-notice gdpr-cookie-notice
91
GDPR Cookie Notice <= 1.2.0 - Missing Authorization LOW *-1.2.0 July 2, 2026
gb-gallery-slideshow gb-gallery-slideshow
89
GB Gallery Slideshow <= 1.3 - Missing Authorization LOW *-1.3 July 2, 2026
front-end-only-users front-end-only-users
89
Front End Users <= 3.2.32 - Reflected Cross-Site Scripting LOW *-3.2.32 3.2.33 July 2, 2026
frizzly frizzly
91
Frizzly <= 1.1.0 - Reflected Cross-Site Scripting LOW *-1.1.0 July 2, 2026
free-product-table-for-woocommerce free-product-table-for-woocommerce
89
Free Woocommerce Product Table View <= 1.78 - Missing Authorization LOW *-1.78 July 2, 2026
footnotes-for-wordpress footnotes-for-wordpress
91
Footnotes for WordPress <= 2016.1230 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2016.1230 July 2, 2026
fonts-manager-custom-fonts fonts-manager-custom-fonts
89
Fonts Manager | Custom Fonts <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 2, 2026
LOW

upc-ean-barcode-generator

upc-ean-barcode-generator

Score: N/A UPC/EAN/GTIN Code Generator <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-2.0.2 Patched: 2.0.3 Updated: July 2, 2026
LOW

ultimate-push-notifications

ultimate-push-notifications

Score: N/A Ultimate Push Notifications <= 1.1.8 - Reflected Cross-Site Scripting Affected: *-1.1.8 Patched: Updated: July 2, 2026
LOW

tz-plus-gallery

tz-plus-gallery

Score: N/A TZ PlusGallery <= 1.5.5 - Cross-Site Request Forgery Affected: *-1.5.5 Patched: Updated: July 2, 2026
LOW

turisbook-booking-system

turisbook-booking-system

Score: N/A Turisbook Booking System <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.7 Patched: Updated: July 2, 2026
LOW

tour-booking-manager

tour-booking-manager

Score: N/A WpTravelly <= 1.8.7 - Authenticated (Contributor+) PHP Object Injection Affected: *-1.8.7 Patched: 1.8.8 Updated: July 2, 2026
LOW

theme-duplicator

theme-duplicator

Score: N/A Theme Duplicator <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: July 2, 2026
LOW

theatre

theatre

Score: N/A Theater for WordPress <= 0.18.7 - Missing Authorization Affected: *-0.18.7 Patched: 0.18.8 Updated: July 2, 2026
LOW

the-logo-slider

the-logo-slider

Score: N/A The Logo Slider <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 2, 2026
LOW

team-members-for-elementor

team-members-for-elementor

Score: N/A Team Members for Elementor Page Builder <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 2, 2026
LOW

sync-wc-google

sync-wc-google

Score: N/A Bulk Product Sync <= 8.6 - Cross-Site Request Forgery Affected: *-8.6 Patched: 9.0 Updated: July 2, 2026
LOW

sticky-add-to-cart-woo

sticky-add-to-cart-woo

Score: N/A Simple Sticky Add To Cart For WooCommerce <= 1.4.6 - Missing Authorization Affected: *-1.4.6 Patched: Updated: July 2, 2026
LOW

srbtranslatin

srbtranslatin

Score: N/A Srbtranslatin <= 3.2.0 - Unauthenticated Sensitive Information Exposure Affected: *-3.2.0 Patched: Updated: July 2, 2026
LOW

sprout-clients

sprout-clients

Score: N/A Sprout Clients <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2 Patched: 3.2.1 Updated: July 2, 2026
LOW

social-testimonials-and-reviews-widget

social-testimonials-and-reviews-widget

Score: N/A Social proof testimonials and reviews by Repuso <= 5.21 - Missing Authorization Affected: *-5.21 Patched: 5.22 Updated: July 2, 2026
LOW

snapwidget-wp-instagram-widget

snapwidget-wp-instagram-widget

Score: N/A SnapWidget Social Photo Feed Widget <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 2, 2026
LOW

smm-api

smm-api

Score: N/A SMM API <= 6.0.30 - Unauthenticated Stored Cross-Site Scripting Affected: *-6.0.30 Patched: Updated: July 2, 2026
LOW

smartarget-popup

smartarget-popup

Score: N/A Smartarget Popup <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 2, 2026
LOW

small-package-quotes-wwe-edition

small-package-quotes-wwe-edition

Score: N/A Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Reflected Cross-Site Scripting Affected: *-5.2.18 Patched: 5.2.19 Updated: July 2, 2026
LOW

simply-rets

simply-rets

Score: N/A SimplyRETS Real Estate IDX <= 3.2.2 - Reflected Cross-Site Scripting Affected: *-3.2.2 Patched: 3.2.3 Updated: July 2, 2026
LOW

simple-post-expiration

simple-post-expiration

Score: N/A Simple Post Expiration <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 2, 2026
LOW

simple-map-no-api

simple-map-no-api

Score: N/A Simple Map No Api <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9 Patched: Updated: July 2, 2026
LOW

simple-icons

simple-icons

Score: N/A Simple Icons <= 2.8.4 - Missing Authorization Affected: *-2.8.4 Patched: Updated: July 2, 2026
LOW

shortpixel-adaptive-images

shortpixel-adaptive-images

Score: N/A ShortPixel Adaptive Images <= 3.10.0 - Missing Authorization Affected: *-3.10.0 Patched: 3.10.1 Updated: July 2, 2026
LOW

shopcred

shopcred

Score: N/A ShopCred <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.8 Patched: Updated: July 2, 2026
LOW

shiptimize-for-woocommerce

shiptimize-for-woocommerce

Score: N/A Shiptimize for WooCommerce <= 3.1.86 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-3.1.86 Patched: Updated: July 2, 2026
LOW

ship-per-product

ship-per-product

Score: N/A Ship Per Product <= 2.1.0 - Missing Authorization Affected: *-2.1.0 Patched: Updated: July 2, 2026
LOW

ship-depot

ship-depot

Score: N/A ShipDepot for WooCommerce <= 1.2.19 - Missing Authorization Affected: *-1.2.19 Patched: Updated: July 2, 2026
LOW

sheetdb

sheetdb

Score: N/A SheetDB <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.4 Patched: 1.3.5 Updated: July 2, 2026
LOW

sheet2site

sheet2site

Score: N/A Sheet2Site <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.18 Patched: Updated: July 2, 2026
LOW

secure-copy-content-protection

secure-copy-content-protection

Score: N/A Secure Copy Content Protection and Content Locking <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.4.3 Patched: 4.4.5 Updated: July 2, 2026
LOW

scss-wp-editor

scss-wp-editor

Score: N/A SCSS WP Editor <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: 1.2.2 Updated: July 2, 2026
LOW

salon-booking-system

salon-booking-system

Score: N/A Salon booking system <= 10.11 - Authenticated Privilege Escalation Affected: *-10.11 Patched: 10.15 Updated: July 2, 2026
LOW

review-manager

review-manager

Score: N/A Review Manager <= 2.2.0 - Missing Authorization Affected: *-2.2.0 Patched: Updated: July 2, 2026
LOW

restropress

restropress

Score: N/A RestroPress <= 3.2.8 - Missing Authorization Affected: *-3.2.8 Patched: 3.2.8.1 Updated: July 2, 2026
LOW

question-answer

question-answer

Score: N/A Question Answer <= 1.2.70 - Missing Authorization Affected: *-1.2.70 Patched: Updated: July 2, 2026
LOW

query-wrangler

query-wrangler

Score: N/A Query Wrangler <= 1.5.54 - Cross-Site Request Forgery Affected: *-1.5.54 Patched: 1.5.55 Updated: July 2, 2026
LOW

publitio

publitio

Score: N/A Publitio <= 2.1.8 - Missing Authorization Affected: *-2.1.8 Patched: 2.1.9 Updated: July 2, 2026
LOW

publitio

publitio

Score: N/A Publitio <= 2.1.8 - Missing Authorization Affected: *-2.1.8 Patched: 2.1.9 Updated: July 2, 2026
LOW

product-notices-for-woocommerce

product-notices-for-woocommerce

Score: N/A Product Notices for WooCommerce <= 1.3.3 - Cross-Site Request Forgery Affected: *-1.3.3 Patched: Updated: July 2, 2026
LOW

printus-cloud-printing-for-woocommerce

printus-cloud-printing-for-woocommerce

Score: N/A Printus <= 1.2.6 - Missing Authorization Affected: *-1.2.6 Patched: 1.2.7 Updated: July 2, 2026
LOW

posten-post-blocks

posten-post-blocks

Score: N/A Posten <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.0.1 Patched: Updated: July 2, 2026
LOW

post-custom-templates-lite

post-custom-templates-lite

Score: N/A Post Custom Templates Lite <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.14 Patched: Updated: July 2, 2026
LOW

post-block

post-block

Score: N/A FancyPost <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.0.1 Patched: Updated: July 2, 2026
LOW

planyo-online-reservation-system

planyo-online-reservation-system

Score: N/A Planyo online reservation system <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 2, 2026
LOW

piotnetforms

piotnetforms

Score: N/A Piotnet Forms <= 1.0.30 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.0.30 Patched: Updated: July 2, 2026
LOW

piotnetforms

piotnetforms

Score: N/A Piotnet Forms <= 1.0.30 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.0.30 Patched: Updated: July 2, 2026
LOW

pin-generator

pin-generator

Score: N/A Pin Generator <= 2.0.0 - Missing Authorization Affected: *-2.0.0 Patched: 2.0.1 Updated: July 2, 2026
LOW

photoshelter-official-plugin

photoshelter-official-plugin

Score: N/A PhotoShelter for Photographers Blog Feed Plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.7 Patched: Updated: July 2, 2026
LOW

perfect-font-awesome-integration

perfect-font-awesome-integration

Score: N/A Perfect Font Awesome Integration <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: 2.3.1 Updated: July 2, 2026
LOW

pearl-header-builder

pearl-header-builder

Score: N/A Pearl <= 1.3.9 - Cross-Site Request Forgery Affected: *-1.3.9 Patched: 1.3.10 Updated: July 2, 2026
LOW

pearl-header-builder

pearl-header-builder

Score: N/A Pearl <= 1.3.9 - Missing Authorization Affected: *-1.3.9 Patched: 1.3.10 Updated: July 2, 2026
LOW

pdf-generator-addon-for-elementor-page-builder

pdf-generator-addon-for-elementor-page-builder

Score: N/A PDF Generator Addon for Elementor Page Builder <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.0 Patched: 2.2.0 Updated: July 2, 2026
LOW

pcloud-backup

pcloud-backup

Score: N/A pCloud Backup <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: July 2, 2026
LOW

pages-order

pages-order

Score: N/A Pages Order <= 1.1.3 - Reflected Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: July 2, 2026
LOW

ownerrez

ownerrez

Score: N/A OwnerRez <= 1.2.0 - Cross-Site Request Forgery Affected: *-1.2.0 Patched: 1.2.1 Updated: July 2, 2026
LOW

oracle-cards

oracle-cards

Score: N/A Oracle Cards Lite <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: July 2, 2026
LOW

openai-tools-for-wp-wc

openai-tools-for-wp-wc

Score: N/A OpenAI Tools for WordPress & WooCommerce <= 2.1.5 - Missing Authorization Affected: *-2.1.5 Patched: Updated: July 2, 2026
LOW

open-ai-search-bar

open-ai-search-bar

Score: N/A AI Search Bar <= 2.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.1 Patched: 2.2 Updated: July 2, 2026
LOW

opal-portfolios

opal-portfolios

Score: N/A Opal Portfolio <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 2, 2026
LOW

nova-blocks

nova-blocks

Score: 93/100 Nova Blocks by Pixelgrade <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.8 Patched: 2.1.9 Updated: July 2, 2026
LOW

norse-runes-oracle

norse-runes-oracle

Score: 93/100 Norse Rune Oracle Plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: 1.4.4 Updated: July 2, 2026
LOW

ni-woocommerce-cost-of-goods

ni-woocommerce-cost-of-goods

Score: 93/100 Ni WooCommerce Cost Of Goods <= 3.2.8 - Missing Authorization Affected: *-3.2.8 Patched: 3.2.9 Updated: July 2, 2026
LOW

news-magazine-and-blog-elements

news-magazine-and-blog-elements

Score: 91/100 News, Magazine and Blog Elements <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 2, 2026
LOW

nemesis-all-in-one

nemesis-all-in-one

Score: 91/100 Nemesis All-in-One <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 2, 2026
LOW

nanosupport

nanosupport

Score: 89/100 NanoSupport <= 0.6.0 - Reflected Cross-Site Scripting Affected: *-0.6.0 Patched: Updated: July 2, 2026
LOW

mybookprogress

mybookprogress

Score: 87/100 MyBookProgress by Stormhill Media <= 1.0.8 - Missing Authorization Affected: *-1.0.8 Patched: Updated: July 2, 2026
LOW

mx-time-zone-clocks

mx-time-zone-clocks

Score: 89/100 MX Time Zone Clocks <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.1.1 Patched: Updated: July 2, 2026
LOW

mobile-app

mobile-app

Score: 93/100 Mobile App Canvas <= 3.8.2 - Missing Authorization Affected: *-3.8.2 Patched: 3.8.3 Updated: July 2, 2026
LOW

mfolio-lite

mfolio-lite

Score: 91/100 mFolio Lite <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 2, 2026
LOW

material-dashboard

material-dashboard

Score: 93/100 Material Dashboard <= 1.4.5 - Unauthenticated Local File Inclusion Affected: *-1.4.5 Patched: 1.4.6 Updated: July 2, 2026
LOW

marketer-addons

marketer-addons

Score: 91/100 Marketer Addons <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 2, 2026
LOW

limit-max-ips-per-user

limit-max-ips-per-user

Score: 91/100 Limit Max IPs Per User <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 2, 2026
LOW

lightweight-and-responsive-youtube-embed

lightweight-and-responsive-youtube-embed

Score: 89/100 Lightweight and Responsive Youtube Embed <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 2, 2026
LOW

lightweight-and-responsive-youtube-embed

lightweight-and-responsive-youtube-embed

Score: 89/100 Lightweight and Responsive Youtube Embed <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 2, 2026
LOW

leartes-try-exchange-rates

leartes-try-exchange-rates

Score: 91/100 Leartes TRY Exchange Rates <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 2, 2026
LOW

leadquizzes

leadquizzes

Score: 91/100 LeadQuizzes <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 2, 2026
LOW

labinator-content-types-duplicator

labinator-content-types-duplicator

Score: 91/100 Labinator Content Types Duplicator <= 1.1.3 - Cross-Site Request Forgery Affected: *-1.1.3 Patched: Updated: July 2, 2026
LOW

json-structuring-markup

json-structuring-markup

Score: 91/100 JSON Structuring Markup <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 2, 2026
LOW

js-jobs

js-jobs

Score: 81/100 JS Job Manager <= 2.0.2 - Missing Authorization Affected: *-2.0.2 Patched: Updated: July 2, 2026
LOW

js-jobs

js-jobs

Score: 81/100 JS Job Manager <= 2.0.2 - Authenticated Insecure Direct Object Reference Affected: *-2.0.2 Patched: Updated: July 2, 2026
LOW

job-board-manager

job-board-manager

Score: 83/100 Job Board Manager <= 2.1.60 - Missing Authorization Affected: *-2.1.60 Patched: Updated: July 2, 2026
LOW

job-board-light

job-board-light

Score: 87/100 JobBoard Job listing <= 1.2.7 - Missing Authorization Affected: *-1.2.7 Patched: Updated: July 2, 2026
LOW

job-board-light

job-board-light

Score: 87/100 JobBoard Job listing <= 1.2.7 - Authenticated (Employer+) Insecure Direct Object Reference Affected: *-1.2.7 Patched: Updated: July 2, 2026
LOW

integration-of-zoho-crm-and-contact-form-7

integration-of-zoho-crm-and-contact-form-7

Score: 91/100 Integration of Zoho CRM and Contact Form 7 <= 1.0.6 - Open Redirect Affected: *-1.0.6 Patched: Updated: July 2, 2026
LOW

hypotext

hypotext

Score: 91/100 Hypotext <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 2, 2026
LOW

Hyperlink Group Block

hyperlink-group-block

Score: 96/100 Hyperlink Group Block <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: July 2, 2026
LOW

hmh-footer-builder-for-elementor

hmh-footer-builder-for-elementor

Score: 91/100 HMH Footer Builder For Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

gutena-kit

gutena-kit

Score: 93/100 Gutena Kit – Gutenberg Blocks and Templates <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.7 Patched: 2.0.8 Updated: July 2, 2026
LOW

gosign-posts-slider-block

gosign-posts-slider-block

Score: 89/100 Gosign – Posts Slider Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 2, 2026
LOW

google-seo-author-snippets

google-seo-author-snippets

Score: 89/100 Google SEO Pressor Snippet <= 2.0 - Cross-Site Request Forgery Affected: *-2.0 Patched: Updated: July 2, 2026
LOW

getastra

getastra

Score: 89/100 Astra Security Suite <= 0.2 - Missing Authorization Affected: *-0.2 Patched: Updated: July 2, 2026
LOW

gdpr-cookie-notice

gdpr-cookie-notice

Score: 91/100 GDPR Cookie Notice <= 1.2.0 - Missing Authorization Affected: *-1.2.0 Patched: Updated: July 2, 2026
LOW

gb-gallery-slideshow

gb-gallery-slideshow

Score: 89/100 GB Gallery Slideshow <= 1.3 - Missing Authorization Affected: *-1.3 Patched: Updated: July 2, 2026
LOW

front-end-only-users

front-end-only-users

Score: 89/100 Front End Users <= 3.2.32 - Reflected Cross-Site Scripting Affected: *-3.2.32 Patched: 3.2.33 Updated: July 2, 2026
LOW

frizzly

frizzly

Score: 91/100 Frizzly <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 2, 2026
LOW

free-product-table-for-woocommerce

free-product-table-for-woocommerce

Score: 89/100 Free Woocommerce Product Table View <= 1.78 - Missing Authorization Affected: *-1.78 Patched: Updated: July 2, 2026
LOW

footnotes-for-wordpress

footnotes-for-wordpress

Score: 91/100 Footnotes for WordPress <= 2016.1230 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2016.1230 Patched: Updated: July 2, 2026
LOW

fonts-manager-custom-fonts

fonts-manager-custom-fonts

Score: 89/100 Fonts Manager | Custom Fonts <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 2, 2026

Showing 10501 to 10600 of 36401 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 2, 2026 at 19:29 UTC.