Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36405

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
frizzly frizzly
91
Frizzly <= 1.1.0 - Reflected Cross-Site Scripting LOW *-1.1.0 July 2, 2026
free-product-table-for-woocommerce free-product-table-for-woocommerce
89
Free Woocommerce Product Table View <= 1.78 - Missing Authorization LOW *-1.78 July 2, 2026
footnotes-for-wordpress footnotes-for-wordpress
91
Footnotes for WordPress <= 2016.1230 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2016.1230 July 2, 2026
fonts-manager-custom-fonts fonts-manager-custom-fonts
89
Fonts Manager | Custom Fonts <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 2, 2026
filtr8-magazine filtr8-magazine
91
Easy Magazine <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.13 July 2, 2026
feedbucket feedbucket
93
Feedbucket – Website Feedback Tool <= 1.0.6 - Cross-Site Request Forgery LOW *-1.0.6 1.0.7 July 2, 2026
feedblitz-email-subscription feedblitz-email-subscription
91
Subscription Form for Feedblitz <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.9 July 2, 2026
extensions-for-elementor extensions-for-elementor
89
Extensions for Elementor <= 2.0.40 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.40 July 2, 2026
export-all-post-meta export-all-post-meta
91
Export All Post Meta <= 1.2.1 - Missing Authorization LOW *-1.2.1 July 2, 2026
exclusive-blocks exclusive-blocks
91
Design Blocks <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2 July 2, 2026
eventbee-rsvp-widget eventbee-rsvp-widget
91
Eventbee RSVP Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 2, 2026
enable-media-replace enable-media-replace
93
Enable Media Replace <= 4.1.5 - Reflected Cross-Site Scripting LOW *-4.1.5 4.1.6 July 2, 2026
embedding-barcodes-into-product-pages-and-orders embedding-barcodes-into-product-pages-and-orders
93
Barcode Generator for WooCommerce <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-2.0.4 2.0.5 July 2, 2026
embed-extended embed-extended
91
Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more <= 1.4.0 - Cross-Site Request Forgery LOW *-1.4.0 July 2, 2026
ebook-downloader ebook-downloader
87
Ebook Downloader <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 2, 2026
ebook-downloader ebook-downloader
87
Ebook Downloader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 2, 2026
easyappointments easyappointments
93
Easy!Appointments <= 1.4.2 - Cross-Site Request Forgery to Settings Update LOW *-1.4.2 1.4.3 July 2, 2026
donate-me donate-me
93
Donate Me <= 1.2.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.2.5 1.3.0 July 2, 2026
dobsondev-shortcodes dobsondev-shortcodes
91
DobsonDev Shortcodes <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.12 July 2, 2026
dn-footer-contacts dn-footer-contacts
91
DN Footer Contacts <= 1.8 - Cross-Site Request Forgery LOW *-1.8 July 2, 2026
dn-cookie-notice dn-cookie-notice
91
Simple Fixed Notice <= 1.6 - Cross-Site Request Forgery LOW *-1.6 July 2, 2026
dima-take-action dima-take-action
91
Dima Take Action <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.5 July 2, 2026
digiwidgets-image-editor digiwidgets-image-editor
91
DigiWidgets Image Editor <= 1.10 - Unauthenticated Remote Code Execution LOW *-1.10 July 2, 2026
delete-post-revision delete-post-revision
91
Delete Post Revision <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 2, 2026
cue cue
93
Cue <= 2.4.4 - Missing Authorization LOW *-2.4.4 2.4.5 July 2, 2026
css-for-elementor css-for-elementor
89
ElementsCSS Addons for Elementor <= 1.0.8.7 - Unauthenticated Server-Side Request Forgery LOW *-1.0.8.7 July 2, 2026
countdown-builder countdown-builder
91
Countdown & Clock <= 2.8.8 - Authenticated (Contributor+) Remote Code Execution LOW *-2.8.8 2.8.9 July 2, 2026
content-manager-light content-manager-light
89
Content Manager Light <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2 July 2, 2026
content-bot content-bot
91
ContentBot AI Writer <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.4 July 2, 2026
clp-custom-login-page clp-custom-login-page
91
CLP – Custom Login Page by NiteoThemes <= 1.5.5 - Cross-Site Request Forgery LOW *-1.5.5 July 2, 2026
clockify-lite clockify-lite
91
Clockinator Lite <= 1.0.7 - Missing Authorization LOW *-1.0.7 July 2, 2026
client-showcase client-showcase
91
Client Showcase <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.0 July 2, 2026
clearbit clearbit
91
Clearbit Reveal <= 1.0.6 - Cross-Site Request Forgery LOW *-1.0.6 July 2, 2026
cgm-event-calendar cgm-event-calendar
91
CGM Event Calendar <= 0.8.5 - Reflected Cross-Site Scripting LOW *-0.8.5 July 2, 2026
cartboss cartboss
93
SMS Abandoned Cart Recovery ✦ CartBoss <= 4.1.2 - Missing Authorization LOW *-4.1.2 4.1.3 July 2, 2026
cache-control-by-cacholong cache-control-by-cacholong
89
Cache control by Cacholong <= 5.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.4.1 7.0.0 July 2, 2026
cache-control-by-cacholong cache-control-by-cacholong
89
Cache control by Cacholong <= 5.4.1 - Cross-Site Request Forgery LOW *-5.4.1 July 2, 2026
bulk-user-editor bulk-user-editor
91
Bulk Fields Editor <= 1.8.0 - Missing Authorization LOW *-1.8.0 July 2, 2026
bulk-noindex-nofollow-toolkit-by-mad-fish bulk-noindex-nofollow-toolkit-by-mad-fish
93
Bulk NoIndex & NoFollow Toolkit <= 2.16 - Reflected Cross-Site Scripting LOW *-2.16 2.20 July 2, 2026
buddypress-members-only buddypress-members-only
93
BuddyPress Members Only <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.5.3 3.6.3 July 2, 2026
breaking-news-wp breaking-news-wp
87
Breaking News WP <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.3 July 2, 2026
breaking-news-wp breaking-news-wp
87
Breaking News WP <= 1.3 - Cross-Site Request Forgery to Settings Update LOW *-1.3 July 2, 2026
bookingpress-appointment-booking bookingpress-appointment-booking
93
BookingPress <= 1.1.28 - Authenticated (Administrator+) SQL Injection LOW *-1.1.28 1.1.38 July 2, 2026
boo-recipes boo-recipes
91
Boo Recipes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.1 July 2, 2026
blog-designer-pack blog-designer-pack
93
News & Blog Designer Pack <= 4.0 - Unauthenticated Local File Inclusion LOW *-4.0 4.0.1 July 2, 2026
blockwheels blockwheels
91
BlockWheels <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 2, 2026
black-widgets black-widgets
91
Black Widgets For Elementor <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.9 July 2, 2026
beds24-online-booking beds24-online-booking
93
Beds24 Online Booking <= 2.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.27 2.0.28 July 2, 2026
beam-me-up-scotty beam-me-up-scotty
91
Beam me up Scotty – Back to Top Button <= 1.0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.23 July 2, 2026
awesome-event-booking awesome-event-booking
93
Awesome Event Booking <= 2.8.4 - Reflected Cross-Site Scripting LOW *-2.8.4 2.8.5 July 2, 2026
automatic-featured-images-from-videos automatic-featured-images-from-videos
93
Automatic Featured Images from Videos <= 1.2.4 - Missing Authorization LOW *-1.2.4 1.2.5 July 2, 2026
auto-scroll-for-reading auto-scroll-for-reading
91
Auto scroll for reading <= 1.1.4 - Reflected Cross-Site Scripting LOW *-1.1.4 July 2, 2026
author-bio-shortcode author-bio-shortcode
91
Author Bio Shortcode <= 2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.3 July 2, 2026
atomchat atomchat
91
AtomChat <= 1.1.7 - Missing Authorization LOW *-1.1.7 1.1.8 July 2, 2026
arrow-twitter-feed arrow-twitter-feed
95
Arrow Custom Feed for Twitter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.3 July 2, 2026
append-content append-content
95
Append Content <= 2.1.1 - Cross-Site Request Forgery to Settings Update LOW *-2.1.1 July 2, 2026
all-in-one-performance-accelerator all-in-one-performance-accelerator
95
AIO Performance Profiler, Monitor, Optimize, Compress & Debug <= 1.2 - Unauthenticated Sensitive Information Exposure LOW *-1.2 July 2, 2026
agency-toolkit agency-toolkit
97
Agency Toolkit <= 1.0.24 - Missing Authorization LOW *-1.0.24 1.0.25 July 2, 2026
adverts-click-tracker adverts-click-tracker
95
WordPress Adverts Plugin <= 1.4 - Missing Authorization LOW *-1.4 July 2, 2026
advanced-speed-increaser advanced-speed-increaser
95
Advanced Speed Increaser <= 2.2.1 - Cross-Site Request Forgery LOW *-2.2.1 July 2, 2026
addonskit-for-elementor addonskit-for-elementor
97
Directorist AddonsKit for Elementor <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.6 1.1.7 July 2, 2026
add-to-all add-to-all
97
WebberZone Snippetz <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.1 2.2.0 July 2, 2026
acf-city-selector acf-city-selector
95
ACF City Selector <= 1.16.0 - Unauthenticated Sensitive Information Exposure LOW *-1.16.0 July 2, 2026
abc-notation abc-notation
93
ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.1.3 July 2, 2026
wdesignkit wdesignkit N/A WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.3 1.2.4 July 2, 2026
wp-ultimate-csv-importer wp-ultimate-csv-importer N/A Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-7.19, 7.20 7.19.1 July 2, 2026
yayextra yayextra N/A YayExtra <= 1.5.2 - Missing Authorization LOW *-1.5.2 1.5.3 July 2, 2026
xv-random-quotes xv-random-quotes N/A XV Random Quotes <= 2.0.0 - Unauthenticated SQL Injection LOW *-2.0.0 2.0.1 July 2, 2026
wpcargo wpcargo N/A WPCargo Track & Trace <= 8.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference LOW *-8.0.1 July 2, 2026
wp-realestate wp-realestate N/A WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register' LOW *-1.6.26 1.6.27 July 2, 2026
wp-link-preview wp-link-preview N/A WP Link Preview <= 1.4.1 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-1.4.1 July 2, 2026
wp-date-and-time-shortcode wp-date-and-time-shortcode N/A WP Date and Time Shortcode <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.7 2.6.8 July 2, 2026
wp-copy-media-url wp-copy-media-url N/A WP Copy Media URL <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1 July 2, 2026
wp-church-donation wp-church-donation N/A WP Church Donation <= 1.7 - Cross-Site Request Forgery LOW *-1.7 July 2, 2026
wp-autokeyword wp-autokeyword N/A WP AutoKeyword <= 1.0 - Unauthenticated SQL Injection LOW *-1.0 July 2, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools woocommerce-jetpack
65
Booster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting LOW *-7.2.4 7.2.5 July 2, 2026
wholesale-pricing-woocommerce wholesale-pricing-woocommerce N/A Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 4.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.0.2 4.0.3 July 2, 2026
welcome-popup welcome-popup N/A Welcome Popup <= 1.0.10 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.10 July 2, 2026
webd-woocommerce-advanced-reporting-statistics webd-woocommerce-advanced-reporting-statistics N/A Advanced WooCommerce Product Sales Reporting <= 4.1.1 - Unauthenticated SQL Injection LOW *-4.1.1 4.1.2 July 2, 2026
vitepos-lite vitepos-lite N/A Vitepos <= 3.1.4 - Missing Authorization LOW *-3.1.4 3.1.5 July 2, 2026
varnish-wp varnish-wp N/A Varnish WordPress <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7 July 2, 2026
useinfluence useinfluence N/A Useinfluence <= 1.0.8 - Cross-Site Request Forgery LOW *-1.0.8 July 2, 2026
uptime-robot-monitor uptime-robot-monitor N/A Uptime Robot Plugin for WordPress <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3 July 2, 2026
uptime-robot-monitor uptime-robot-monitor N/A Uptime Robot Plugin for WordPress <= 2.3 - Authenticated (Contributor+) SQL Injection LOW *-2.3 July 2, 2026
ultimate-push-notifications ultimate-push-notifications N/A Ultimate Push Notifications <= 1.1.8 - Authenticated (Subscriber+) SQL Injection LOW *-1.1.8 July 2, 2026
ultimate-live-cricket-lite ultimate-live-cricket-lite N/A Ultimate Live Cricket WordPress Lite <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.2 July 2, 2026
trackserver trackserver N/A Trackserver <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.1.0 5.1.1 July 2, 2026
timeline-event-history timeline-event-history N/A Timeline Event History <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2 July 2, 2026
themesflat-addons-for-elementor themesflat-addons-for-elementor N/A Themesflat Addons For Elementor <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.1 2.3.2 July 2, 2026
terms-before-download terms-before-download N/A Terms Before Download <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 July 2, 2026
swiss-toolkit-for-wp swiss-toolkit-for-wp N/A Swiss Toolkit For WP <= 1.4.0 - Missing Authorization LOW *-1.4.0 1.4.1 July 2, 2026
swiss-toolkit-for-wp swiss-toolkit-for-wp N/A Swiss Toolkit For WP <= 1.4.1 - Missing Authorization LOW *-1.4.1 July 2, 2026
staticpress staticpress N/A StaticPress <= 0.4.5 - Missing Authorization LOW *-0.4.5 July 2, 2026
sp-blog-designer sp-blog-designer N/A SP Blog Designer <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution LOW *-1.0.0 July 2, 2026
sms-alert sms-alert N/A SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation LOW *-3.7.9 3.8.0 July 2, 2026
slider-path slider-path N/A Slider Path for Elementor <= 3.0.0 - Missing Authorization LOW *-3.0.0 July 2, 2026
sliced-invoices sliced-invoices N/A Sliced Invoices <= 3.9.5 - Missing Authorization LOW *-3.9.5 July 2, 2026
simplepress simplepress N/A Simple:Press <= 6.10.5 - Missing Authorization LOW *-6.11.5 6.11.6 July 2, 2026
simple-owl-carousel simple-owl-carousel N/A Simple Owl Carousel <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 July 2, 2026
simple-contact-forms simple-contact-forms N/A Simple Contact Forms <= 1.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6.4 July 2, 2026
LOW

frizzly

frizzly

Score: 91/100 Frizzly <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 2, 2026
LOW

free-product-table-for-woocommerce

free-product-table-for-woocommerce

Score: 89/100 Free Woocommerce Product Table View <= 1.78 - Missing Authorization Affected: *-1.78 Patched: Updated: July 2, 2026
LOW

footnotes-for-wordpress

footnotes-for-wordpress

Score: 91/100 Footnotes for WordPress <= 2016.1230 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2016.1230 Patched: Updated: July 2, 2026
LOW

fonts-manager-custom-fonts

fonts-manager-custom-fonts

Score: 89/100 Fonts Manager | Custom Fonts <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 2, 2026
LOW

filtr8-magazine

filtr8-magazine

Score: 91/100 Easy Magazine <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.13 Patched: Updated: July 2, 2026
LOW

feedbucket

feedbucket

Score: 93/100 Feedbucket – Website Feedback Tool <= 1.0.6 - Cross-Site Request Forgery Affected: *-1.0.6 Patched: 1.0.7 Updated: July 2, 2026
LOW

feedblitz-email-subscription

feedblitz-email-subscription

Score: 91/100 Subscription Form for Feedblitz <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: Updated: July 2, 2026
LOW

extensions-for-elementor

extensions-for-elementor

Score: 89/100 Extensions for Elementor <= 2.0.40 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.40 Patched: Updated: July 2, 2026
LOW

export-all-post-meta

export-all-post-meta

Score: 91/100 Export All Post Meta <= 1.2.1 - Missing Authorization Affected: *-1.2.1 Patched: Updated: July 2, 2026
LOW

exclusive-blocks

exclusive-blocks

Score: 91/100 Design Blocks <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 2, 2026
LOW

eventbee-rsvp-widget

eventbee-rsvp-widget

Score: 91/100 Eventbee RSVP Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

enable-media-replace

enable-media-replace

Score: 93/100 Enable Media Replace <= 4.1.5 - Reflected Cross-Site Scripting Affected: *-4.1.5 Patched: 4.1.6 Updated: July 2, 2026
LOW

embedding-barcodes-into-product-pages-and-orders

embedding-barcodes-into-product-pages-and-orders

Score: 93/100 Barcode Generator for WooCommerce <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-2.0.4 Patched: 2.0.5 Updated: July 2, 2026
LOW

embed-extended

embed-extended

Score: 91/100 Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more <= 1.4.0 - Cross-Site Request Forgery Affected: *-1.4.0 Patched: Updated: July 2, 2026
LOW

ebook-downloader

ebook-downloader

Score: 87/100 Ebook Downloader <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

ebook-downloader

ebook-downloader

Score: 87/100 Ebook Downloader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

easyappointments

easyappointments

Score: 93/100 Easy!Appointments <= 1.4.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.4.2 Patched: 1.4.3 Updated: July 2, 2026
LOW

donate-me

donate-me

Score: 93/100 Donate Me <= 1.2.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.2.5 Patched: 1.3.0 Updated: July 2, 2026
LOW

dobsondev-shortcodes

dobsondev-shortcodes

Score: 91/100 DobsonDev Shortcodes <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.12 Patched: Updated: July 2, 2026
LOW

dn-footer-contacts

dn-footer-contacts

Score: 91/100 DN Footer Contacts <= 1.8 - Cross-Site Request Forgery Affected: *-1.8 Patched: Updated: July 2, 2026
LOW

dn-cookie-notice

dn-cookie-notice

Score: 91/100 Simple Fixed Notice <= 1.6 - Cross-Site Request Forgery Affected: *-1.6 Patched: Updated: July 2, 2026
LOW

dima-take-action

dima-take-action

Score: 91/100 Dima Take Action <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 2, 2026
LOW

digiwidgets-image-editor

digiwidgets-image-editor

Score: 91/100 DigiWidgets Image Editor <= 1.10 - Unauthenticated Remote Code Execution Affected: *-1.10 Patched: Updated: July 2, 2026
LOW

delete-post-revision

delete-post-revision

Score: 91/100 Delete Post Revision <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 2, 2026
LOW

cue

cue

Score: 93/100 Cue <= 2.4.4 - Missing Authorization Affected: *-2.4.4 Patched: 2.4.5 Updated: July 2, 2026
LOW

css-for-elementor

css-for-elementor

Score: 89/100 ElementsCSS Addons for Elementor <= 1.0.8.7 - Unauthenticated Server-Side Request Forgery Affected: *-1.0.8.7 Patched: Updated: July 2, 2026
LOW

countdown-builder

countdown-builder

Score: 91/100 Countdown & Clock <= 2.8.8 - Authenticated (Contributor+) Remote Code Execution Affected: *-2.8.8 Patched: 2.8.9 Updated: July 2, 2026
LOW

content-manager-light

content-manager-light

Score: 89/100 Content Manager Light <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2 Patched: Updated: July 2, 2026
LOW

content-bot

content-bot

Score: 91/100 ContentBot AI Writer <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.4 Patched: Updated: July 2, 2026
LOW

clp-custom-login-page

clp-custom-login-page

Score: 91/100 CLP – Custom Login Page by NiteoThemes <= 1.5.5 - Cross-Site Request Forgery Affected: *-1.5.5 Patched: Updated: July 2, 2026
LOW

clockify-lite

clockify-lite

Score: 91/100 Clockinator Lite <= 1.0.7 - Missing Authorization Affected: *-1.0.7 Patched: Updated: July 2, 2026
LOW

client-showcase

client-showcase

Score: 91/100 Client Showcase <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 2, 2026
LOW

clearbit

clearbit

Score: 91/100 Clearbit Reveal <= 1.0.6 - Cross-Site Request Forgery Affected: *-1.0.6 Patched: Updated: July 2, 2026
LOW

cgm-event-calendar

cgm-event-calendar

Score: 91/100 CGM Event Calendar <= 0.8.5 - Reflected Cross-Site Scripting Affected: *-0.8.5 Patched: Updated: July 2, 2026
LOW

cartboss

cartboss

Score: 93/100 SMS Abandoned Cart Recovery ✦ CartBoss <= 4.1.2 - Missing Authorization Affected: *-4.1.2 Patched: 4.1.3 Updated: July 2, 2026
LOW

cache-control-by-cacholong

cache-control-by-cacholong

Score: 89/100 Cache control by Cacholong <= 5.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.4.1 Patched: 7.0.0 Updated: July 2, 2026
LOW

cache-control-by-cacholong

cache-control-by-cacholong

Score: 89/100 Cache control by Cacholong <= 5.4.1 - Cross-Site Request Forgery Affected: *-5.4.1 Patched: Updated: July 2, 2026
LOW

bulk-user-editor

bulk-user-editor

Score: 91/100 Bulk Fields Editor <= 1.8.0 - Missing Authorization Affected: *-1.8.0 Patched: Updated: July 2, 2026
LOW

bulk-noindex-nofollow-toolkit-by-mad-fish

bulk-noindex-nofollow-toolkit-by-mad-fish

Score: 93/100 Bulk NoIndex & NoFollow Toolkit <= 2.16 - Reflected Cross-Site Scripting Affected: *-2.16 Patched: 2.20 Updated: July 2, 2026
LOW

buddypress-members-only

buddypress-members-only

Score: 93/100 BuddyPress Members Only <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.3 Patched: 3.6.3 Updated: July 2, 2026
LOW

breaking-news-wp

breaking-news-wp

Score: 87/100 Breaking News WP <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 2, 2026
LOW

breaking-news-wp

breaking-news-wp

Score: 87/100 Breaking News WP <= 1.3 - Cross-Site Request Forgery to Settings Update Affected: *-1.3 Patched: Updated: July 2, 2026
LOW

bookingpress-appointment-booking

bookingpress-appointment-booking

Score: 93/100 BookingPress <= 1.1.28 - Authenticated (Administrator+) SQL Injection Affected: *-1.1.28 Patched: 1.1.38 Updated: July 2, 2026
LOW

boo-recipes

boo-recipes

Score: 91/100 Boo Recipes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.1 Patched: Updated: July 2, 2026
LOW

blog-designer-pack

blog-designer-pack

Score: 93/100 News & Blog Designer Pack <= 4.0 - Unauthenticated Local File Inclusion Affected: *-4.0 Patched: 4.0.1 Updated: July 2, 2026
LOW

blockwheels

blockwheels

Score: 91/100 BlockWheels <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 2, 2026
LOW

black-widgets

black-widgets

Score: 91/100 Black Widgets For Elementor <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.9 Patched: Updated: July 2, 2026
LOW

beds24-online-booking

beds24-online-booking

Score: 93/100 Beds24 Online Booking <= 2.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.27 Patched: 2.0.28 Updated: July 2, 2026
LOW

beam-me-up-scotty

beam-me-up-scotty

Score: 91/100 Beam me up Scotty – Back to Top Button <= 1.0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.23 Patched: Updated: July 2, 2026
LOW

awesome-event-booking

awesome-event-booking

Score: 93/100 Awesome Event Booking <= 2.8.4 - Reflected Cross-Site Scripting Affected: *-2.8.4 Patched: 2.8.5 Updated: July 2, 2026
LOW

automatic-featured-images-from-videos

automatic-featured-images-from-videos

Score: 93/100 Automatic Featured Images from Videos <= 1.2.4 - Missing Authorization Affected: *-1.2.4 Patched: 1.2.5 Updated: July 2, 2026
LOW

auto-scroll-for-reading

auto-scroll-for-reading

Score: 91/100 Auto scroll for reading <= 1.1.4 - Reflected Cross-Site Scripting Affected: *-1.1.4 Patched: Updated: July 2, 2026
LOW

author-bio-shortcode

author-bio-shortcode

Score: 91/100 Author Bio Shortcode <= 2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.3 Patched: Updated: July 2, 2026
LOW

atomchat

atomchat

Score: 91/100 AtomChat <= 1.1.7 - Missing Authorization Affected: *-1.1.7 Patched: 1.1.8 Updated: July 2, 2026
LOW

arrow-twitter-feed

arrow-twitter-feed

Score: 95/100 Arrow Custom Feed for Twitter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.3 Patched: Updated: July 2, 2026
LOW

append-content

append-content

Score: 95/100 Append Content <= 2.1.1 - Cross-Site Request Forgery to Settings Update Affected: *-2.1.1 Patched: Updated: July 2, 2026
LOW

all-in-one-performance-accelerator

all-in-one-performance-accelerator

Score: 95/100 AIO Performance Profiler, Monitor, Optimize, Compress & Debug <= 1.2 - Unauthenticated Sensitive Information Exposure Affected: *-1.2 Patched: Updated: July 2, 2026
LOW

agency-toolkit

agency-toolkit

Score: 97/100 Agency Toolkit <= 1.0.24 - Missing Authorization Affected: *-1.0.24 Patched: 1.0.25 Updated: July 2, 2026
LOW

adverts-click-tracker

adverts-click-tracker

Score: 95/100 WordPress Adverts Plugin <= 1.4 - Missing Authorization Affected: *-1.4 Patched: Updated: July 2, 2026
LOW

advanced-speed-increaser

advanced-speed-increaser

Score: 95/100 Advanced Speed Increaser <= 2.2.1 - Cross-Site Request Forgery Affected: *-2.2.1 Patched: Updated: July 2, 2026
LOW

addonskit-for-elementor

addonskit-for-elementor

Score: 97/100 Directorist AddonsKit for Elementor <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.6 Patched: 1.1.7 Updated: July 2, 2026
LOW

add-to-all

add-to-all

Score: 97/100 WebberZone Snippetz <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.1 Patched: 2.2.0 Updated: July 2, 2026
LOW

acf-city-selector

acf-city-selector

Score: 95/100 ACF City Selector <= 1.16.0 - Unauthenticated Sensitive Information Exposure Affected: *-1.16.0 Patched: Updated: July 2, 2026
LOW

abc-notation

abc-notation

Score: 93/100 ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.1.3 Patched: Updated: July 2, 2026
LOW

wdesignkit

wdesignkit

Score: N/A WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: July 2, 2026
LOW

wp-ultimate-csv-importer

wp-ultimate-csv-importer

Score: N/A Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-7.19, 7.20 Patched: 7.19.1 Updated: July 2, 2026
LOW

yayextra

yayextra

Score: N/A YayExtra <= 1.5.2 - Missing Authorization Affected: *-1.5.2 Patched: 1.5.3 Updated: July 2, 2026
LOW

xv-random-quotes

xv-random-quotes

Score: N/A XV Random Quotes <= 2.0.0 - Unauthenticated SQL Injection Affected: *-2.0.0 Patched: 2.0.1 Updated: July 2, 2026
LOW

wpcargo

wpcargo

Score: N/A WPCargo Track & Trace <= 8.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference Affected: *-8.0.1 Patched: Updated: July 2, 2026
LOW

wp-realestate

wp-realestate

Score: N/A WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register' Affected: *-1.6.26 Patched: 1.6.27 Updated: July 2, 2026
LOW

wp-link-preview

wp-link-preview

Score: N/A WP Link Preview <= 1.4.1 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.4.1 Patched: Updated: July 2, 2026
LOW

wp-date-and-time-shortcode

wp-date-and-time-shortcode

Score: N/A WP Date and Time Shortcode <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.7 Patched: 2.6.8 Updated: July 2, 2026
LOW

wp-copy-media-url

wp-copy-media-url

Score: N/A WP Copy Media URL <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 2, 2026
LOW

wp-church-donation

wp-church-donation

Score: N/A WP Church Donation <= 1.7 - Cross-Site Request Forgery Affected: *-1.7 Patched: Updated: July 2, 2026
LOW

wp-autokeyword

wp-autokeyword

Score: N/A WP AutoKeyword <= 1.0 - Unauthenticated SQL Injection Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

wholesale-pricing-woocommerce

wholesale-pricing-woocommerce

Score: N/A Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 4.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.2 Patched: 4.0.3 Updated: July 2, 2026
LOW

welcome-popup

welcome-popup

Score: N/A Welcome Popup <= 1.0.10 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.10 Patched: Updated: July 2, 2026
LOW

webd-woocommerce-advanced-reporting-statistics

webd-woocommerce-advanced-reporting-statistics

Score: N/A Advanced WooCommerce Product Sales Reporting <= 4.1.1 - Unauthenticated SQL Injection Affected: *-4.1.1 Patched: 4.1.2 Updated: July 2, 2026
LOW

vitepos-lite

vitepos-lite

Score: N/A Vitepos <= 3.1.4 - Missing Authorization Affected: *-3.1.4 Patched: 3.1.5 Updated: July 2, 2026
LOW

varnish-wp

varnish-wp

Score: N/A Varnish WordPress <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 2, 2026
LOW

useinfluence

useinfluence

Score: N/A Useinfluence <= 1.0.8 - Cross-Site Request Forgery Affected: *-1.0.8 Patched: Updated: July 2, 2026
LOW

uptime-robot-monitor

uptime-robot-monitor

Score: N/A Uptime Robot Plugin for WordPress <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: July 2, 2026
LOW

uptime-robot-monitor

uptime-robot-monitor

Score: N/A Uptime Robot Plugin for WordPress <= 2.3 - Authenticated (Contributor+) SQL Injection Affected: *-2.3 Patched: Updated: July 2, 2026
LOW

ultimate-push-notifications

ultimate-push-notifications

Score: N/A Ultimate Push Notifications <= 1.1.8 - Authenticated (Subscriber+) SQL Injection Affected: *-1.1.8 Patched: Updated: July 2, 2026
LOW

ultimate-live-cricket-lite

ultimate-live-cricket-lite

Score: N/A Ultimate Live Cricket WordPress Lite <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.2 Patched: Updated: July 2, 2026
LOW

trackserver

trackserver

Score: N/A Trackserver <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.1.0 Patched: 5.1.1 Updated: July 2, 2026
LOW

timeline-event-history

timeline-event-history

Score: N/A Timeline Event History <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2 Patched: Updated: July 2, 2026
LOW

themesflat-addons-for-elementor

themesflat-addons-for-elementor

Score: N/A Themesflat Addons For Elementor <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.1 Patched: 2.3.2 Updated: July 2, 2026
LOW

terms-before-download

terms-before-download

Score: N/A Terms Before Download <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 2, 2026
LOW

swiss-toolkit-for-wp

swiss-toolkit-for-wp

Score: N/A Swiss Toolkit For WP <= 1.4.0 - Missing Authorization Affected: *-1.4.0 Patched: 1.4.1 Updated: July 2, 2026
LOW

swiss-toolkit-for-wp

swiss-toolkit-for-wp

Score: N/A Swiss Toolkit For WP <= 1.4.1 - Missing Authorization Affected: *-1.4.1 Patched: Updated: July 2, 2026
LOW

staticpress

staticpress

Score: N/A StaticPress <= 0.4.5 - Missing Authorization Affected: *-0.4.5 Patched: Updated: July 2, 2026
LOW

sp-blog-designer

sp-blog-designer

Score: N/A SP Blog Designer <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution Affected: *-1.0.0 Patched: Updated: July 2, 2026
LOW

sms-alert

sms-alert

Score: N/A SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation Affected: *-3.7.9 Patched: 3.8.0 Updated: July 2, 2026
LOW

slider-path

slider-path

Score: N/A Slider Path for Elementor <= 3.0.0 - Missing Authorization Affected: *-3.0.0 Patched: Updated: July 2, 2026
LOW

sliced-invoices

sliced-invoices

Score: N/A Sliced Invoices <= 3.9.5 - Missing Authorization Affected: *-3.9.5 Patched: Updated: July 2, 2026
LOW

simplepress

simplepress

Score: N/A Simple:Press <= 6.10.5 - Missing Authorization Affected: *-6.11.5 Patched: 6.11.6 Updated: July 2, 2026
LOW

simple-owl-carousel

simple-owl-carousel

Score: N/A Simple Owl Carousel <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 2, 2026
LOW

simple-contact-forms

simple-contact-forms

Score: N/A Simple Contact Forms <= 1.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6.4 Patched: Updated: July 2, 2026

Showing 10601 to 10700 of 36405 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 2, 2026 at 20:30 UTC.