Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36405

Across tracked plugins

Affected Plugins

96

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
simple-owl-carousel simple-owl-carousel N/A Simple Owl Carousel <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 July 2, 2026
simple-contact-forms simple-contact-forms N/A Simple Contact Forms <= 1.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6.4 July 2, 2026
simple-audioplayer simple-audioplayer N/A Simple-Audioplayer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 2, 2026
shopper shopper N/A Shopper <= 3.2.5 - Unauthenticated SQL Injection LOW *-3.2.5 3.2.6 July 2, 2026
send-e-mail send-e-mail N/A Send E-mail <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 July 2, 2026
safe-ai-malware-protection-for-wp safe-ai-malware-protection-for-wp N/A Safe Ai Malware Protection for WP <= 1.0.20 - Missing Authorization LOW *-1.0.20 July 2, 2026
rsvpmaker rsvpmaker N/A RSVPMarker <= 11.6.7 - Unauthenticated SQL Injection LOW *-11.6.7 11.6.8 July 2, 2026
rj-quickcharts rj-quickcharts N/A RJ Quickcharts <= 0.6.1 - Authenticated (Subscriber+) SQL Injection LOW *-0.6.1 July 2, 2026
rio-video-gallery rio-video-gallery N/A Rio Video Gallery <= 2.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.3.6 July 2, 2026
richtexteditor richtexteditor N/A Rich Text Editor <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.1 July 2, 2026
related-posts-list-grid-and-slider-all-in-one related-posts-list-grid-and-slider-all-in-one N/A wordpress related Posts with thumbnails <= 3.0.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.0.0.1 July 2, 2026
radius-blocks radius-blocks N/A Radius Blocks <= 2.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference LOW *-2.2.1 July 2, 2026
processing-projects processing-projects N/A Processing Projects <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 2, 2026
powerpack-lite-for-elementor powerpack-lite-for-elementor N/A PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.0 2.9.1 July 2, 2026
postmarkapp-email-integrator postmarkapp-email-integrator N/A PostmarkApp Email Integrator <= 2.4 - Missing Authorization LOW *-2.4 2.5.0 July 2, 2026
postmarkapp-email-integrator postmarkapp-email-integrator N/A PostmarkApp Email Integrator <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.4 2.5.0 July 2, 2026
portfolio-manager-powered-by-behance portfolio-manager-powered-by-behance N/A Behance Portfolio Manager <= 1.7.5 - Authenticated (Contributor+) SQL Injection LOW *-1.7.5 1.8.0 July 2, 2026
ni-woocommerce-product-enquiry ni-woocommerce-product-enquiry
91
Ni WooCommerce Product Enquiry <= 4.1.8 - Missing Authorization LOW *-4.1.8 July 2, 2026
nextcart-woocommerce-migration nextcart-woocommerce-migration
93
Next-Cart Store to WooCommerce Migration <= 3.9.4 - Unauthenticated SQL Injection LOW *-3.9.4 3.9.5 July 2, 2026
nanosupport nanosupport
89
NanoSupport <= 0.6.0 - Missing Authorization LOW *-0.6.0 July 2, 2026
my-auctions-allegro-free-edition my-auctions-allegro-free-edition
89
My auctions allegro <= 3.6.20 - Authenticated (Contributor+) SQL Injection LOW *-3.6.20 3.6.21 July 2, 2026
WP Mobile Bottom Menu mobile-bottom-menu-for-wp
95
WP Mobile Bottom Menu <= 1.4.0 - Missing Authorization LOW *-1.4.0 1.4.1 July 2, 2026
media-library-assistant media-library-assistant
93
Media Library Assistant <= 3.24 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.24 3.25 July 2, 2026
leadfox leadfox
93
Leadfox for WordPress <= 2.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1.9 2.2.0 July 2, 2026
language-icons-flags-switcher language-icons-flags-switcher
91
Flag Icons <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.2 July 2, 2026
infusionsoft-web-form-javascript infusionsoft-web-form-javascript
91
Infusionsoft Web Form JavaScript <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 July 2, 2026
idx-broker-platinum idx-broker-platinum
93
IMPress for IDX Broker <= 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.3 3.2.4 July 2, 2026
history-log-by-click5 history-log-by-click5
89
History Log by click5 <= 1.0.13 - Unauthenticated SQL Injection LOW *-1.0.13 July 2, 2026
gtm-kit gtm-kit
93
GTM Kit <= 2.4.0 - Unauthenticated Sensitive Information Exposure LOW *-2.4.0 2.4.1 July 2, 2026
groundhogg groundhogg
93
Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter LOW *-3.7.4.1 4.0 July 2, 2026
gp-notification-bar gp-notification-bar
91
Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1 July 2, 2026
google-seo-author-snippets google-seo-author-snippets
89
Google SEO Pressor Snippet <= 2.0 - Missing Authorization LOW *-2.0 July 2, 2026
gf-salesmate-add-on gf-salesmate-add-on
93
Salesmate Add-On for Gravity Forms <= 2.0.3 - Missing Authorization LOW *-2.0.3 2.0.4 July 2, 2026
gf-salesmate-add-on gf-salesmate-add-on
93
Salesmate Add-On for Gravity Forms <= 2.0.3 - Unauthenticated SQL Injection LOW *-2.0.3 2.0.4 July 2, 2026
fusion-builder fusion-builder
93
Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.11.14 3.11.15 July 2, 2026
fusion fusion
91
Fusion <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.3 July 2, 2026
exit-popup-free exit-popup-free
91
Exit Popup Free <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0 July 2, 2026
ethiopian-calendar ethiopian-calendar
91
Ethiopian Calendar <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 July 2, 2026
embed-rentle embed-rentle
93
Twice Commerce <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.1 1.3.2 July 2, 2026
elfsight-testimonials-slider elfsight-testimonials-slider
87
Elfsight Testimonials Slider <= 1.0.1 - Missing Authorization LOW *-1.0.1 July 2, 2026
elfsight-testimonials-slider elfsight-testimonials-slider
87
Elfsight Testimonials Slider <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.1 July 2, 2026
elfsight-testimonials-slider elfsight-testimonials-slider
87
Elfsight Testimonials Slider <= 1.0.1 - Cross-Site Request Forgery to Settings Update LOW *-1.0.1 July 2, 2026
elex-request-a-quote elex-request-a-quote
91
ELEX WooCommerce Request a Quote <= 2.3.5 - Missing Authorization LOW *-2.3.5 July 2, 2026
easy-media-gallery easy-media-gallery
91
Gallery – Photo Albums Plugin <= 1.3.170 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.170 July 2, 2026
dragon-calendar-free-version dragon-calendar-free-version
91
Multi Days Events and Multi Events in One Day Calendar <= 1.1.3 - Cross-Site Request Forgery LOW *-1.1.3 July 2, 2026
designo designo
91
DesignO <= 2.2.0 - Cross-Site Request Forgery LOW *-2.2.0 July 2, 2026
custom-database-applications-by-caspio custom-database-applications-by-caspio
91
Custom Database Applications by Caspio <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1 July 2, 2026
custom-content-scrollbar custom-content-scrollbar
91
Custom Content Scrollbar <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 July 2, 2026
ct-real-estate-core ct-real-estate-core
93
Contempo Real Estate Core <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.6.3 3.6.4 July 2, 2026
cryptocurrency-widgets-pack cryptocurrency-widgets-pack
91
Cryptocurrency Widgets Pack <= 2.0.1 - Missing Authorization LOW *-2.0.1 July 2, 2026
covermanager covermanager
91
CoverManager <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.0.1 July 2, 2026
cookiehint-wp cookiehint-wp
89
CookieHint WP <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 2, 2026
contentmx-content-publisher contentmx-content-publisher
93
ContentMX Content Publisher <= 1.0.6 - Missing Authorization LOW *-1.0.6 1.0.7 July 2, 2026
connector-civicrm-mcrestface connector-civicrm-mcrestface
93
Connector to CiviCRM with CiviMcRestFace <= 1.0.10 - Missing Authorization LOW *-1.0.10 1.0.11 July 2, 2026
checklist checklist
91
Checklist <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.9 July 2, 2026
chatwee chatwee
89
Chat by Chatwee <= 2.1.3 - Missing Authorization LOW *-2.1.3 July 2, 2026
cf7-spreadsheets cf7-spreadsheets
87
CF7 Spreadsheets <= 2.3.2 - Missing Authorization to Settings Update LOW *-2.3.2 July 2, 2026
cbxpoll cbxpoll
91
CBX Poll <= 1.2.7 - Unauthenticated PHP Object Injection LOW *-1.2.7 July 2, 2026
cal-com cal-com
93
Cal.com <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 2.0.0 July 2, 2026
bybrick-accordion bybrick-accordion
91
byBrick Accordion <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 2, 2026
bridge-core bridge-core
93
Bridge Core < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW [*, 3.3.1) 3.3.1 July 2, 2026
awesome-support awesome-support
93
Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-6.3.1 6.3.2 July 2, 2026
auto-post-after-image-upload auto-post-after-image-upload
91
Auto Post After Image Upload <= 1.6 - Missing Authorization LOW *-1.6 July 2, 2026
atomchat atomchat
91
AtomChat <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.6 July 2, 2026
appointy-appointment-scheduler appointy-appointment-scheduler
95
Appointy Appointment Scheduler <= 4.2.1 - Cross-Site Request Forgery to Settings Change LOW *-4.2.1 July 2, 2026
appointify appointify
93
Appointify <= 1.0.8 - Authenticated (Admin+) Arbitrary File Upload LOW *-1.0.8 July 2, 2026
apimo apimo
95
Apimo Connector <= 2.6.3.1 - Cross-Site Request Forgery to Settings Update LOW *-2.6.3.1 July 2, 2026
ai-auto-tool ai-auto-tool
95
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One <= 2.2.7 - Authenticated (Subscriber+) SQL Injection LOW *-2.2.7 2.2.8 July 2, 2026
advanced-css3-related-posts-widget advanced-css3-related-posts-widget
95
Related Posts Widget with Thumbnails <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 2, 2026
actionwear-products-sync actionwear-products-sync
95
Actionwear products sync < 3.1.13 - Authenticated (Subscriber+) SQL Injection LOW [*, 3.1.13) 3.1.13 July 2, 2026
acme-divi-modules acme-divi-modules
95
ACME Divi Modules <= 1.3.5 - Missing Authorization LOW *-1.3.5 July 2, 2026
ab-google-map-travel ab-google-map-travel
95
AB Google Map Travel <= 4.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.6 July 2, 2026
wp-smushit wp-smushit N/A Smush Image Compression and Optimization <= 3.17.0 - Authenticated (Admin+) Directory Traversal LOW *-3.17.0 3.17.1 July 2, 2026
wp-docs wp-docs N/A WP Docs <= 2.2.6 - Missing Authorization LOW *-2.2.6 2.2.7 July 2, 2026
subscribe-to-download-lite subscribe-to-download-lite N/A Subscribe to Download Lite <= 1.2.9 - Authenticated (Subscriber+) Local File Inclusion LOW *-1.2.9 1.3.0 July 2, 2026
Quiz Maker by AYS quiz-maker
66
Quiz Maker <= 6.6.8.7 - Unauthenticated SQL Injection LOW *-6.6.8.7 6.6.8.8 July 2, 2026
jet-woo-product-gallery jet-woo-product-gallery
93
JetProductGallery <= 2.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.22 2.1.22.1 July 2, 2026
jet-woo-builder jet-woo-builder
93
JetWooBuilder <= 2.1.18 - Authenticated (Contributor+) Local File Inclusion LOW *-2.1.18 2.1.18.1 July 2, 2026
jet-smart-filters jet-smart-filters
93
JetSmartFilters <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.6.3 3.6.4 July 2, 2026
jet-search jet-search
93
JetSearch <= 3.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.5.7 3.5.7.1 July 2, 2026
jet-blocks jet-blocks
93
JetBlocks For Elementor <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.16 1.3.16.1 July 2, 2026
instawp-connect instawp-connect
93
InstaWP Connect <= 0.1.0.82 - Unauthenticated Local File Inclusion LOW *-0.1.0.82 0.1.0.83 July 2, 2026
include-url include-url
89
Include URL <= 0.3.5 - Authenticated (Contributor+) Arbitrary File Download LOW *-0.3.5 July 2, 2026
houzez-property-feed houzez-property-feed
93
Houzez Property Feed <= 2.5.4 - Unauthenticated Arbitrary File Download LOW *-2.5.4 2.5.5 July 2, 2026
cost-calculator-builder cost-calculator-builder
93
Cost Calculator Builder <= 3.2.65 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.65 3.2.66 July 2, 2026
ut-shortcodes ut-shortcodes N/A Shortcodes by United Themes <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution LOW *-5.1.6 5.1.7 July 2, 2026
so-called-air-quotes so-called-air-quotes N/A So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution LOW *-0.1 July 2, 2026
dap-to-autoresponders-daar dap-to-autoresponders-daar
91
DAP to Autoresponders Email Syncing <= 1.0 - Unauthenticated Information Exposure LOW *-1.0 July 2, 2026
checkout-mestres-wp checkout-mestres-wp
91
Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update LOW 8.6.5-8.7.5 July 2, 2026
image-upload-for-bbpress image-upload-for-bbpress
93
Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.1.19 1.1.20 July 2, 2026
soj-soundslides soj-soundslides N/A SoJ Soundslides <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload LOW *-1.2.2 July 2, 2026
omnileads-scripts-and-tags-manager omnileads-scripts-and-tags-manager
91
OmniLeads Scripts and Tags Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 2, 2026
youtube-simplegallery youtube-simplegallery N/A YouTube SimpleGallery <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.6 July 2, 2026
wp-ultimate-search wp-ultimate-search N/A WP Ultimate Search <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.3 July 2, 2026
wp-syntax wp-syntax N/A WP-Syntax <= 1.2 - Authenticated (Author+) Regex Denial of Service LOW *-1.2 July 2, 2026
wp-supersized wp-supersized N/A WP Supersized <= 3.1.6 - Cross-Site Request Forgery LOW *-3.1.6 July 2, 2026
wp-posts-carousel wp-posts-carousel N/A WP Posts Carousel <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.8 1.3.9 July 2, 2026
wp-ogp wp-ogp N/A WP-OGP <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.5 July 2, 2026
wp-embed-facebook wp-embed-facebook N/A Magic Embeds <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.2 July 2, 2026
wp-database-optimizer wp-database-optimizer N/A WP Database Optimizer <= 1.2.1.3 - Cross-Site Request Forgery LOW *-1.2.1.3 July 2, 2026
LOW

simple-owl-carousel

simple-owl-carousel

Score: N/A Simple Owl Carousel <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 2, 2026
LOW

simple-contact-forms

simple-contact-forms

Score: N/A Simple Contact Forms <= 1.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6.4 Patched: Updated: July 2, 2026
LOW

simple-audioplayer

simple-audioplayer

Score: N/A Simple-Audioplayer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 2, 2026
LOW

shopper

shopper

Score: N/A Shopper <= 3.2.5 - Unauthenticated SQL Injection Affected: *-3.2.5 Patched: 3.2.6 Updated: July 2, 2026
LOW

send-e-mail

send-e-mail

Score: N/A Send E-mail <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 2, 2026
LOW

safe-ai-malware-protection-for-wp

safe-ai-malware-protection-for-wp

Score: N/A Safe Ai Malware Protection for WP <= 1.0.20 - Missing Authorization Affected: *-1.0.20 Patched: Updated: July 2, 2026
LOW

rsvpmaker

rsvpmaker

Score: N/A RSVPMarker <= 11.6.7 - Unauthenticated SQL Injection Affected: *-11.6.7 Patched: 11.6.8 Updated: July 2, 2026
LOW

rj-quickcharts

rj-quickcharts

Score: N/A RJ Quickcharts <= 0.6.1 - Authenticated (Subscriber+) SQL Injection Affected: *-0.6.1 Patched: Updated: July 2, 2026
LOW

rio-video-gallery

rio-video-gallery

Score: N/A Rio Video Gallery <= 2.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.3.6 Patched: Updated: July 2, 2026
LOW

richtexteditor

richtexteditor

Score: N/A Rich Text Editor <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 2, 2026
LOW

related-posts-list-grid-and-slider-all-in-one

related-posts-list-grid-and-slider-all-in-one

Score: N/A wordpress related Posts with thumbnails <= 3.0.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0.0.1 Patched: Updated: July 2, 2026
LOW

radius-blocks

radius-blocks

Score: N/A Radius Blocks <= 2.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-2.2.1 Patched: Updated: July 2, 2026
LOW

processing-projects

processing-projects

Score: N/A Processing Projects <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 2, 2026
LOW

powerpack-lite-for-elementor

powerpack-lite-for-elementor

Score: N/A PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.0 Patched: 2.9.1 Updated: July 2, 2026
LOW

postmarkapp-email-integrator

postmarkapp-email-integrator

Score: N/A PostmarkApp Email Integrator <= 2.4 - Missing Authorization Affected: *-2.4 Patched: 2.5.0 Updated: July 2, 2026
LOW

postmarkapp-email-integrator

postmarkapp-email-integrator

Score: N/A PostmarkApp Email Integrator <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.4 Patched: 2.5.0 Updated: July 2, 2026
LOW

portfolio-manager-powered-by-behance

portfolio-manager-powered-by-behance

Score: N/A Behance Portfolio Manager <= 1.7.5 - Authenticated (Contributor+) SQL Injection Affected: *-1.7.5 Patched: 1.8.0 Updated: July 2, 2026
LOW

ni-woocommerce-product-enquiry

ni-woocommerce-product-enquiry

Score: 91/100 Ni WooCommerce Product Enquiry <= 4.1.8 - Missing Authorization Affected: *-4.1.8 Patched: Updated: July 2, 2026
LOW

nextcart-woocommerce-migration

nextcart-woocommerce-migration

Score: 93/100 Next-Cart Store to WooCommerce Migration <= 3.9.4 - Unauthenticated SQL Injection Affected: *-3.9.4 Patched: 3.9.5 Updated: July 2, 2026
LOW

nanosupport

nanosupport

Score: 89/100 NanoSupport <= 0.6.0 - Missing Authorization Affected: *-0.6.0 Patched: Updated: July 2, 2026
LOW

my-auctions-allegro-free-edition

my-auctions-allegro-free-edition

Score: 89/100 My auctions allegro <= 3.6.20 - Authenticated (Contributor+) SQL Injection Affected: *-3.6.20 Patched: 3.6.21 Updated: July 2, 2026
LOW

WP Mobile Bottom Menu

mobile-bottom-menu-for-wp

Score: 95/100 WP Mobile Bottom Menu <= 1.4.0 - Missing Authorization Affected: *-1.4.0 Patched: 1.4.1 Updated: July 2, 2026
LOW

media-library-assistant

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.24 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.24 Patched: 3.25 Updated: July 2, 2026
LOW

leadfox

leadfox

Score: 93/100 Leadfox for WordPress <= 2.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.9 Patched: 2.2.0 Updated: July 2, 2026
LOW

language-icons-flags-switcher

language-icons-flags-switcher

Score: 91/100 Flag Icons <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 2, 2026
LOW

infusionsoft-web-form-javascript

infusionsoft-web-form-javascript

Score: 91/100 Infusionsoft Web Form JavaScript <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 2, 2026
LOW

idx-broker-platinum

idx-broker-platinum

Score: 93/100 IMPress for IDX Broker <= 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.3 Patched: 3.2.4 Updated: July 2, 2026
LOW

history-log-by-click5

history-log-by-click5

Score: 89/100 History Log by click5 <= 1.0.13 - Unauthenticated SQL Injection Affected: *-1.0.13 Patched: Updated: July 2, 2026
LOW

gtm-kit

gtm-kit

Score: 93/100 GTM Kit <= 2.4.0 - Unauthenticated Sensitive Information Exposure Affected: *-2.4.0 Patched: 2.4.1 Updated: July 2, 2026
LOW

groundhogg

groundhogg

Score: 93/100 Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter Affected: *-3.7.4.1 Patched: 4.0 Updated: July 2, 2026
LOW

gp-notification-bar

gp-notification-bar

Score: 91/100 Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 2, 2026
LOW

google-seo-author-snippets

google-seo-author-snippets

Score: 89/100 Google SEO Pressor Snippet <= 2.0 - Missing Authorization Affected: *-2.0 Patched: Updated: July 2, 2026
LOW

gf-salesmate-add-on

gf-salesmate-add-on

Score: 93/100 Salesmate Add-On for Gravity Forms <= 2.0.3 - Missing Authorization Affected: *-2.0.3 Patched: 2.0.4 Updated: July 2, 2026
LOW

gf-salesmate-add-on

gf-salesmate-add-on

Score: 93/100 Salesmate Add-On for Gravity Forms <= 2.0.3 - Unauthenticated SQL Injection Affected: *-2.0.3 Patched: 2.0.4 Updated: July 2, 2026
LOW

fusion-builder

fusion-builder

Score: 93/100 Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.11.14 Patched: 3.11.15 Updated: July 2, 2026
LOW

fusion

fusion

Score: 91/100 Fusion <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.3 Patched: Updated: July 2, 2026
LOW

exit-popup-free

exit-popup-free

Score: 91/100 Exit Popup Free <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

ethiopian-calendar

ethiopian-calendar

Score: 91/100 Ethiopian Calendar <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 2, 2026
LOW

embed-rentle

embed-rentle

Score: 93/100 Twice Commerce <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.2 Updated: July 2, 2026
LOW

elfsight-testimonials-slider

elfsight-testimonials-slider

Score: 87/100 Elfsight Testimonials Slider <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: July 2, 2026
LOW

elfsight-testimonials-slider

elfsight-testimonials-slider

Score: 87/100 Elfsight Testimonials Slider <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 2, 2026
LOW

elfsight-testimonials-slider

elfsight-testimonials-slider

Score: 87/100 Elfsight Testimonials Slider <= 1.0.1 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.1 Patched: Updated: July 2, 2026
LOW

elex-request-a-quote

elex-request-a-quote

Score: 91/100 ELEX WooCommerce Request a Quote <= 2.3.5 - Missing Authorization Affected: *-2.3.5 Patched: Updated: July 2, 2026
LOW

easy-media-gallery

easy-media-gallery

Score: 91/100 Gallery – Photo Albums Plugin <= 1.3.170 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.170 Patched: Updated: July 2, 2026
LOW

dragon-calendar-free-version

dragon-calendar-free-version

Score: 91/100 Multi Days Events and Multi Events in One Day Calendar <= 1.1.3 - Cross-Site Request Forgery Affected: *-1.1.3 Patched: Updated: July 2, 2026
LOW

designo

designo

Score: 91/100 DesignO <= 2.2.0 - Cross-Site Request Forgery Affected: *-2.2.0 Patched: Updated: July 2, 2026
LOW

custom-database-applications-by-caspio

custom-database-applications-by-caspio

Score: 91/100 Custom Database Applications by Caspio <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 2, 2026
LOW

custom-content-scrollbar

custom-content-scrollbar

Score: 91/100 Custom Content Scrollbar <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 2, 2026
LOW

ct-real-estate-core

ct-real-estate-core

Score: 93/100 Contempo Real Estate Core <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.6.3 Patched: 3.6.4 Updated: July 2, 2026
LOW

cryptocurrency-widgets-pack

cryptocurrency-widgets-pack

Score: 91/100 Cryptocurrency Widgets Pack <= 2.0.1 - Missing Authorization Affected: *-2.0.1 Patched: Updated: July 2, 2026
LOW

covermanager

covermanager

Score: 91/100 CoverManager <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.0.1 Patched: Updated: July 2, 2026
LOW

cookiehint-wp

cookiehint-wp

Score: 89/100 CookieHint WP <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 2, 2026
LOW

contentmx-content-publisher

contentmx-content-publisher

Score: 93/100 ContentMX Content Publisher <= 1.0.6 - Missing Authorization Affected: *-1.0.6 Patched: 1.0.7 Updated: July 2, 2026
LOW

connector-civicrm-mcrestface

connector-civicrm-mcrestface

Score: 93/100 Connector to CiviCRM with CiviMcRestFace <= 1.0.10 - Missing Authorization Affected: *-1.0.10 Patched: 1.0.11 Updated: July 2, 2026
LOW

checklist

checklist

Score: 91/100 Checklist <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.9 Patched: Updated: July 2, 2026
LOW

chatwee

chatwee

Score: 89/100 Chat by Chatwee <= 2.1.3 - Missing Authorization Affected: *-2.1.3 Patched: Updated: July 2, 2026
LOW

cf7-spreadsheets

cf7-spreadsheets

Score: 87/100 CF7 Spreadsheets <= 2.3.2 - Missing Authorization to Settings Update Affected: *-2.3.2 Patched: Updated: July 2, 2026
LOW

cbxpoll

cbxpoll

Score: 91/100 CBX Poll <= 1.2.7 - Unauthenticated PHP Object Injection Affected: *-1.2.7 Patched: Updated: July 2, 2026
LOW

cal-com

cal-com

Score: 93/100 Cal.com <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: 2.0.0 Updated: July 2, 2026
LOW

bybrick-accordion

bybrick-accordion

Score: 91/100 byBrick Accordion <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

bridge-core

bridge-core

Score: 93/100 Bridge Core < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 3.3.1) Patched: 3.3.1 Updated: July 2, 2026
LOW

awesome-support

awesome-support

Score: 93/100 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-6.3.1 Patched: 6.3.2 Updated: July 2, 2026
LOW

auto-post-after-image-upload

auto-post-after-image-upload

Score: 91/100 Auto Post After Image Upload <= 1.6 - Missing Authorization Affected: *-1.6 Patched: Updated: July 2, 2026
LOW

atomchat

atomchat

Score: 91/100 AtomChat <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.6 Patched: Updated: July 2, 2026
LOW

appointy-appointment-scheduler

appointy-appointment-scheduler

Score: 95/100 Appointy Appointment Scheduler <= 4.2.1 - Cross-Site Request Forgery to Settings Change Affected: *-4.2.1 Patched: Updated: July 2, 2026
LOW

appointify

appointify

Score: 93/100 Appointify <= 1.0.8 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.0.8 Patched: Updated: July 2, 2026
LOW

apimo

apimo

Score: 95/100 Apimo Connector <= 2.6.3.1 - Cross-Site Request Forgery to Settings Update Affected: *-2.6.3.1 Patched: Updated: July 2, 2026
LOW

ai-auto-tool

ai-auto-tool

Score: 95/100 Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One <= 2.2.7 - Authenticated (Subscriber+) SQL Injection Affected: *-2.2.7 Patched: 2.2.8 Updated: July 2, 2026
LOW

advanced-css3-related-posts-widget

advanced-css3-related-posts-widget

Score: 95/100 Related Posts Widget with Thumbnails <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 2, 2026
LOW

actionwear-products-sync

actionwear-products-sync

Score: 95/100 Actionwear products sync < 3.1.13 - Authenticated (Subscriber+) SQL Injection Affected: [*, 3.1.13) Patched: 3.1.13 Updated: July 2, 2026
LOW

acme-divi-modules

acme-divi-modules

Score: 95/100 ACME Divi Modules <= 1.3.5 - Missing Authorization Affected: *-1.3.5 Patched: Updated: July 2, 2026
LOW

ab-google-map-travel

ab-google-map-travel

Score: 95/100 AB Google Map Travel <= 4.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.6 Patched: Updated: July 2, 2026
LOW

wp-smushit

wp-smushit

Score: N/A Smush Image Compression and Optimization <= 3.17.0 - Authenticated (Admin+) Directory Traversal Affected: *-3.17.0 Patched: 3.17.1 Updated: July 2, 2026
LOW

wp-docs

wp-docs

Score: N/A WP Docs <= 2.2.6 - Missing Authorization Affected: *-2.2.6 Patched: 2.2.7 Updated: July 2, 2026
LOW

subscribe-to-download-lite

subscribe-to-download-lite

Score: N/A Subscribe to Download Lite <= 1.2.9 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.2.9 Patched: 1.3.0 Updated: July 2, 2026
LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker <= 6.6.8.7 - Unauthenticated SQL Injection Affected: *-6.6.8.7 Patched: 6.6.8.8 Updated: July 2, 2026
LOW

jet-woo-product-gallery

jet-woo-product-gallery

Score: 93/100 JetProductGallery <= 2.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.22 Patched: 2.1.22.1 Updated: July 2, 2026
LOW

jet-woo-builder

jet-woo-builder

Score: 93/100 JetWooBuilder <= 2.1.18 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.1.18 Patched: 2.1.18.1 Updated: July 2, 2026
LOW

jet-smart-filters

jet-smart-filters

Score: 93/100 JetSmartFilters <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.3 Patched: 3.6.4 Updated: July 2, 2026
LOW

jet-search

jet-search

Score: 93/100 JetSearch <= 3.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5.7 Patched: 3.5.7.1 Updated: July 2, 2026
LOW

jet-blocks

jet-blocks

Score: 93/100 JetBlocks For Elementor <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.16 Patched: 1.3.16.1 Updated: July 2, 2026
LOW

instawp-connect

instawp-connect

Score: 93/100 InstaWP Connect <= 0.1.0.82 - Unauthenticated Local File Inclusion Affected: *-0.1.0.82 Patched: 0.1.0.83 Updated: July 2, 2026
LOW

include-url

include-url

Score: 89/100 Include URL <= 0.3.5 - Authenticated (Contributor+) Arbitrary File Download Affected: *-0.3.5 Patched: Updated: July 2, 2026
LOW

houzez-property-feed

houzez-property-feed

Score: 93/100 Houzez Property Feed <= 2.5.4 - Unauthenticated Arbitrary File Download Affected: *-2.5.4 Patched: 2.5.5 Updated: July 2, 2026
LOW

cost-calculator-builder

cost-calculator-builder

Score: 93/100 Cost Calculator Builder <= 3.2.65 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.65 Patched: 3.2.66 Updated: July 2, 2026
LOW

ut-shortcodes

ut-shortcodes

Score: N/A Shortcodes by United Themes <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution Affected: *-5.1.6 Patched: 5.1.7 Updated: July 2, 2026
LOW

so-called-air-quotes

so-called-air-quotes

Score: N/A So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution Affected: *-0.1 Patched: Updated: July 2, 2026
LOW

dap-to-autoresponders-daar

dap-to-autoresponders-daar

Score: 91/100 DAP to Autoresponders Email Syncing <= 1.0 - Unauthenticated Information Exposure Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

checkout-mestres-wp

checkout-mestres-wp

Score: 91/100 Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update Affected: 8.6.5-8.7.5 Patched: Updated: July 2, 2026
LOW

image-upload-for-bbpress

image-upload-for-bbpress

Score: 93/100 Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.1.19 Patched: 1.1.20 Updated: July 2, 2026
LOW

soj-soundslides

soj-soundslides

Score: N/A SoJ Soundslides <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-1.2.2 Patched: Updated: July 2, 2026
LOW

omnileads-scripts-and-tags-manager

omnileads-scripts-and-tags-manager

Score: 91/100 OmniLeads Scripts and Tags Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 2, 2026
LOW

youtube-simplegallery

youtube-simplegallery

Score: N/A YouTube SimpleGallery <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.6 Patched: Updated: July 2, 2026
LOW

wp-ultimate-search

wp-ultimate-search

Score: N/A WP Ultimate Search <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.3 Patched: Updated: July 2, 2026
LOW

wp-syntax

wp-syntax

Score: N/A WP-Syntax <= 1.2 - Authenticated (Author+) Regex Denial of Service Affected: *-1.2 Patched: Updated: July 2, 2026
LOW

wp-supersized

wp-supersized

Score: N/A WP Supersized <= 3.1.6 - Cross-Site Request Forgery Affected: *-3.1.6 Patched: Updated: July 2, 2026
LOW

wp-posts-carousel

wp-posts-carousel

Score: N/A WP Posts Carousel <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.8 Patched: 1.3.9 Updated: July 2, 2026
LOW

wp-ogp

wp-ogp

Score: N/A WP-OGP <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 2, 2026
LOW

wp-embed-facebook

wp-embed-facebook

Score: N/A Magic Embeds <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.2 Patched: Updated: July 2, 2026
LOW

wp-database-optimizer

wp-database-optimizer

Score: N/A WP Database Optimizer <= 1.2.1.3 - Cross-Site Request Forgery Affected: *-1.2.1.3 Patched: Updated: July 2, 2026

Showing 10701 to 10800 of 36405 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 2, 2026 at 21:36 UTC.