Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

93

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wp-database-optimizer wp-database-optimizer N/A WP Database Optimizer <= 1.2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.1.3 July 2, 2026
wp-compress-mainwp wp-compress-mainwp N/A WP Compress for MainWP <= 6.30.03 - Authenticated (Subscriber+) Server-Side Request Forgery LOW *-6.30.03 6.30.06 July 2, 2026
wbounce wbounce N/A wBounce <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.1 July 2, 2026
video-embedder video-embedder N/A Video Embedder <= 1.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7.1 1.8 July 2, 2026
usermaven usermaven N/A Usermaven <= 1.2.1 - Cross-Site Request Forgery LOW *-1.2.1 1.2.2 July 2, 2026
ultimate-security-checker ultimate-security-checker N/A Ultimate Security Checker <= 4.2 - Cross-Site Request Forgery LOW *-4.2 July 2, 2026
ultimate-post ultimate-post N/A PostX <= 4.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.1.25 4.1.26 July 2, 2026
ultimate-blocks ultimate-blocks N/A Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.7 3.2.8 July 2, 2026
toggle-box toggle-box N/A Toggle Box <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6 July 2, 2026
the-visitor-counter the-visitor-counter N/A The Visitor Counter <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.3 July 2, 2026
tgg-wp-optimizer tgg-wp-optimizer N/A TGG WP Optimizer <= 1.21 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.21 1.22 July 2, 2026
text-selection-color text-selection-color N/A Text Selection Color <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6 July 2, 2026
terms-of-use-2 terms-of-use-2 N/A Terms of Use <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0 July 2, 2026
sunshine-photo-cart sunshine-photo-cart N/A Sunshine Photo Cart <= 3.4.10 - Unauthenticated PHP Object Injection LOW *-3.4.10 3.4.11 July 2, 2026
slider-bws slider-bws N/A Slider by BestWebSoft <= 1.1.0 - Authenticated (Administrator+) SQL Injection LOW *-1.1.0 1.1.1 July 2, 2026
simple-trackback-disabler simple-trackback-disabler N/A Simple Trackback Disabler <= 1.4 - Cross-Site Request Forgery LOW *-1.4 July 2, 2026
showtime-slideshow showtime-slideshow N/A ShowTime Slideshow <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6 July 2, 2026
rps-include-content rps-include-content N/A RPS Include Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.1 1.2.2 July 2, 2026
pop-up pop-up N/A Pop-Up Chop Chop <= 2.1.7 - Authenticated (Contributor+) Local File Inclusion LOW *-2.1.7 July 2, 2026
pakkelabels-for-woocommerce pakkelabels-for-woocommerce N/A Shipmondo – A complete shipping solution for WooCommerce <= 5.0.3 - Missing Authorization to Authenticated (Customer+) Information Disclosure LOW *-5.0.3 5.0.4 July 2, 2026
paid-membership paid-membership N/A MicroPayments <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.29 2.9.30 July 2, 2026
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction paid-member-subscriptions N/A Paid Member Subscriptions <= 2.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.14.3 2.14.4 July 2, 2026
page-takeover page-takeover
93
Page Takeover <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.6 1.1.7 July 2, 2026
omnileads-scripts-and-tags-manager omnileads-scripts-and-tags-manager
91
OmniLeads Scripts and Tags Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 2, 2026
nertworks-all-in-one-social-share-tools nertworks-all-in-one-social-share-tools
91
NertWorks All in One Social Share Tools <= 1.26 - Cross-Site Request Forgery LOW *-1.26 July 2, 2026
mobile-dj-manager mobile-dj-manager
91
MDJM Event Management <= 1.7.5.2 - Authenticated (Subscriber+) PHP Object Injection LOW *-1.7.5.2 1.7.5.3 July 2, 2026
microblog-poster microblog-poster
91
Microblog Poster <= 2.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1.6 July 2, 2026
material-dashboard material-dashboard
93
Material Dashboard <= 1.4.5 - Unauthenticated Privilege Escalation LOW *-1.4.5 1.4.6 July 2, 2026
lws-sms lws-sms
91
LWS SMS <= 2.4.1 - Cross-Site Request Forgery LOW *-2.4.1 July 2, 2026
login-alert login-alert
91
Login Alert <= 0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.2.1 July 2, 2026
leaky-paywall leaky-paywall
93
Leaky Paywall <= 4.21.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.21.7 4.21.8 July 2, 2026
kk-i-like-it kk-i-like-it
91
KK I Like It <= 1.7.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7.5.3 July 2, 2026
kento-wp-stats kento-wp-stats
91
Kento WordPress Stats <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 2, 2026
hostel hostel
93
Hostel <= 1.1.5.5 - Reflected Cross-Site Scripting LOW *-1.1.5.5 1.1.5.6 July 2, 2026
formlift formlift
93
FormLift for Infusionsoft Web Forms <= 7.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.5.19 7.5.20 July 2, 2026
flatty-flat-admin-theme flatty-flat-admin-theme
91
Flatty <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0.0 July 2, 2026
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor elementskit-lite
95
ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.7 3.4.8 July 2, 2026
duplicate-post-and-page duplicate-post-and-page
89
Duplicate Page and Post <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0 July 2, 2026
duplicate-post-and-page duplicate-post-and-page
89
Duplicate Page and Post <= 1.0 - Authenticated (Contributor+) SQL Injection LOW *-1.0 July 2, 2026
dropdown-multisite-selector dropdown-multisite-selector
93
Dropdown Multisite selector < 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW [*, 0.9.4) 0.9.4 July 2, 2026
different-shipping-and-billing-address-for-woocommerce different-shipping-and-billing-address-for-woocommerce
93
Multiple Shipping And Billing Address For Woocommerce <= 1.5 - Unauthenticated PHP Object Injection LOW *-1.5 1.6 July 2, 2026
clear-sucuri-cache clear-sucuri-cache
91
Clear Sucuri Cache <= 1.4 - Missing Authorization LOW *-1.4 July 2, 2026
browser-caching-with-htaccess browser-caching-with-htaccess
91
Browser Caching with .htaccess 1.2.1 - Cross-Site Request Forgery LOW 1.2.1 July 2, 2026
bit-assist bit-assist
93
Bit Assist <= 1.5.4 - Unauthenticated Path Traversal LOW *-1.5.4 1.5.5 July 2, 2026
better-section-navigation better-section-navigation
93
Better Section Navigation Widget <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.1 1.7.0 July 2, 2026
td-composer td-composer N/A tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-5.3 5.4 July 2, 2026
Advanced Google reCAPTCHA advanced-google-recaptcha
89
Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter LOW *-1.29 1.30 July 2, 2026
td-composer td-composer N/A tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username' LOW *-5.3 5.4 July 2, 2026
kubio kubio
93
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion LOW *-2.5.1 2.5.2 July 2, 2026
zoho-subscriptions zoho-subscriptions N/A Zoho Billing – Embed Payment Form <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.0 4.1 July 2, 2026
z-companion z-companion N/A Z Companion <= 1.0.13 - Missing Authorization LOW *-1.0.13 1.1.0 July 2, 2026
xili-dictionary xili-dictionary N/A xili-dictionary <= 2.12.5 - Reflected Cross-Site Scripting LOW *-2.12.5 2.12.5.1 July 2, 2026
wpshopgermany-it-recht-kanzlei wpshopgermany-it-recht-kanzlei N/A wpShopGermany IT-RECHT KANZLEI <= 2.0 - Cross-Site Request Forgery LOW *-2.0 2.1 July 2, 2026
wpguppy-lite wpguppy-lite N/A WPGuppy <= 1.1.3 - Authenticated (Subscriber+) SQL Injection LOW *-1.1.3 1.1.4 July 2, 2026
WP Extended – The Ultimate WordPress Toolkit wpextended N/A The Ultimate WordPress Toolkit – WP Extended <= 3.0.14 - Reflected Cross-Site Scripting LOW *-3.0.14 3.0.15 July 2, 2026
wpc-smart-upsell-funnel wpc-smart-upsell-funnel N/A WPC Smart Upsell Funnel for WooCommerce <= 3.0.4 - Authenticated (Subscriber+) Arbitrary Options Update LOW *-3.0.4 3.0.5 July 2, 2026
wp2leads wp2leads N/A WP2LEADS <= 3.4.5 - Reflected Cross-Site Scripting LOW *-3.4.5 3.4.7 July 2, 2026
WP Travel Engine – Tour Booking Plugin – Tour Operator Software wp-travel-engine N/A WP Travel Engine <= 6.3.5 - Authenticated (Contributor+) Local File Inclusion LOW *-6.3.5 6.3.6 July 2, 2026
WP Travel Engine – Tour Booking Plugin – Tour Operator Software wp-travel-engine N/A WP Travel Engine <= 6.3.5 - Unauthenticated Local File Inclusion LOW *-6.3.5 6.3.6 July 2, 2026
wp-team-manager wp-team-manager N/A Team Manager <= 2.1.23 - Authenticated (Contributor+) Local File Inclusion LOW *-2.1.23 2.2.0 July 2, 2026
wp-subscription-forms wp-subscription-forms N/A WP Subscription Forms <= 1.2.3 - Authenticated (Contributor+) SQL Injection LOW *-1.2.3 1.2.4 July 2, 2026
wp-posts-carousel wp-posts-carousel N/A WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.7 1.3.8 July 2, 2026
wp-plugin-contact-form-7 wp-plugin-contact-form-7 N/A VaultRE Contact Form 7 <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0 July 2, 2026
wp-marketing-automations wp-marketing-automations N/A Automation By Autonami <= 3.5.1 - Open Redirect LOW *-3.5.1 3.5.2 July 2, 2026
wp-leads-builder-any-crm wp-leads-builder-any-crm N/A Lead Form Data Collection to CRM <= 3.0.1 - Authenticated (Contributor+) SQL Injection LOW *-3.0.1 3.1 July 2, 2026
wp-job-manager-colors wp-job-manager-colors N/A Job Colors for WP Job Manager <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.4 July 2, 2026
wp-google-street-view wp-google-street-view N/A WP Google Street View <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.5 1.1.6 July 2, 2026
WP Google Review Slider wp-google-places-review-slider
70
WP Google Review Slider <= 16.0 - Cross-Site Request Forgery to SQL Injection LOW *-16.0 16.1 July 2, 2026
wp-cards wp-cards N/A WP Cards <= 1.5.1 - Reflected Cross-Site Scripting LOW *-1.5.1 July 2, 2026
wp-cafe wp-cafe N/A WPCafe <= 2.2.31 - Authenticated (Contributor+) Local File Inclusion LOW *-2.2.31 2.2.32 July 2, 2026
wp-analytify wp-analytify N/A Analytify <= 5.5.1 - Missing Authorization to Authenticated (Subscriber+) Minor Settings Update LOW *-5.5.1 6.0.0 July 2, 2026
woo-fattureincloud woo-fattureincloud N/A WooCommerce Fattureincloud <= 2.6.7 - Reflected Cross-Site Scripting LOW *-2.6.7 2.6.8 July 2, 2026
wishsuite wishsuite N/A WishSuite <= 1.4.4 - Authenticated (Contributor+) Local File Inclusion LOW *-1.4.4 1.4.5 July 2, 2026
webtexttool webtexttool N/A Textmetrics <= 3.6.1 - Missing Authorization LOW *-3.6.1 3.6.2 July 2, 2026
wc-product-author wc-product-author N/A Product Author for WooCommerce <= 1.0.7 - Cross-Site Request Forgery LOW *-1.0.7 1.0.8 July 2, 2026
wa-chatbox-manager wa-chatbox-manager N/A Chatbox Manager <= 1.2.2 - Missing Authorization LOW *-1.2.2 1.2.3 July 2, 2026
verge3d verge3d N/A Verge3D <= 4.8.2 - Cross-Site Request Forgery LOW *-4.8.2 4.8.3 July 2, 2026
validar-certificados-de-cursos validar-certificados-de-cursos N/A ValidateCertify <= 1.6.1 - Cross-Site Request Forgery LOW *-1.6.1 1.6.2 July 2, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder user-registration N/A User Registration <= 4.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.0.3 4.0.4 July 2, 2026
ultimate-dashboard ultimate-dashboard N/A Ultimate Dashboard <= 3.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.8.5 3.8.6 July 2, 2026
ultimate-dashboard ultimate-dashboard N/A Ultimate Dashboard <= 3.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.8.5 3.8.6 July 2, 2026
ultimate-dashboard ultimate-dashboard N/A Ultimate Dashboard <= 3.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.8.5 3.8.6 July 2, 2026
twb-woocommerce-reviews twb-woocommerce-reviews N/A TWB Woocommerce Reviews <= 1.7.7 - Cross-Site Request Forgery LOW *-1.7.7 1.7.8 July 2, 2026
TranslatePress – Translate Multilingual sites with AI Translation translatepress-multilingual
68
TranslatePress <= 2.9.6 - Authenticated (Administrator+) PHP Object Injection LOW *-2.9.6 2.9.7 July 2, 2026
tour-booking-manager tour-booking-manager N/A WpTravelly <= 1.8.7 - Authenticated (Contributor+) Local File Inclusion LOW *-1.8.7 1.8.8 July 2, 2026
timetics timetics N/A Timetics <= 1.0.29 - Missing Authorization LOW *-1.0.29 1.0.30 July 2, 2026
tidekey tidekey N/A Tidekey <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 2, 2026
tickera-event-ticketing-system tickera-event-ticketing-system N/A Tickera <= 3.5.5.2 - Missing Authorization LOW *-3.5.5.2 3.5.5.3 July 2, 2026
themify-event-post themify-event-post N/A Themify Event Post <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.2 1.3.3 July 2, 2026
themify-event-post themify-event-post N/A Themify Event Post <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion LOW *-1.3.2 1.3.3 July 2, 2026
the-post-grid the-post-grid N/A The Post Grid <= 7.7.17 - Authenticated (Contributor+) Local File Inclusion LOW *-7.7.17 7.7.18 July 2, 2026
the-pack-addon the-pack-addon N/A The Pack Elementor addons <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.1 2.1.2 July 2, 2026
the-pack-addon the-pack-addon N/A The Pack Elementor addons <= 2.1.1 - Authenticated (Contributor+) Local File Inclusion LOW *-2.1.1 2.1.2 July 2, 2026
terms-and-conditions-per-product terms-and-conditions-per-product N/A Terms & Conditions Per Product <= 1.2.15 - Missing Authorization LOW *-1.2.15 1.2.16 July 2, 2026
syntaxhighlighter syntaxhighlighter N/A SyntaxHighlighter Evolved <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.7.1 3.7.2 July 2, 2026
support-genix-lite support-genix-lite N/A Support Genix <= 1.4.11 - Authenticated (Subscriber+) Insecure Direct Object Reference LOW *-1.4.11 1.4.12 July 2, 2026
support-chat support-chat N/A Click to Chat – WP Support All-in-One Floating Widget <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.4 2.3.5 July 2, 2026
subscribe-to-download-lite subscribe-to-download-lite N/A Subscribe to Download Lite <= 1.2.9 - Authenticated (Contributor+) Local File Inclusion LOW *-1.2.9 1.3.0 July 2, 2026
structured-content structured-content N/A Structured Content <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.3 1.6.4 July 2, 2026
store-locator-widget store-locator-widget N/A Store Locator Widget <= 2025r2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW * - 2025r2 2025r3 July 2, 2026
LOW

wp-database-optimizer

wp-database-optimizer

Score: N/A WP Database Optimizer <= 1.2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.1.3 Patched: Updated: July 2, 2026
LOW

wp-compress-mainwp

wp-compress-mainwp

Score: N/A WP Compress for MainWP <= 6.30.03 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-6.30.03 Patched: 6.30.06 Updated: July 2, 2026
LOW

wbounce

wbounce

Score: N/A wBounce <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.1 Patched: Updated: July 2, 2026
LOW

video-embedder

video-embedder

Score: N/A Video Embedder <= 1.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7.1 Patched: 1.8 Updated: July 2, 2026
LOW

usermaven

usermaven

Score: N/A Usermaven <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: 1.2.2 Updated: July 2, 2026
LOW

ultimate-security-checker

ultimate-security-checker

Score: N/A Ultimate Security Checker <= 4.2 - Cross-Site Request Forgery Affected: *-4.2 Patched: Updated: July 2, 2026
LOW

ultimate-post

ultimate-post

Score: N/A PostX <= 4.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.25 Patched: 4.1.26 Updated: July 2, 2026
LOW

ultimate-blocks

ultimate-blocks

Score: N/A Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.7 Patched: 3.2.8 Updated: July 2, 2026
LOW

toggle-box

toggle-box

Score: N/A Toggle Box <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 2, 2026
LOW

the-visitor-counter

the-visitor-counter

Score: N/A The Visitor Counter <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.3 Patched: Updated: July 2, 2026
LOW

tgg-wp-optimizer

tgg-wp-optimizer

Score: N/A TGG WP Optimizer <= 1.21 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.21 Patched: 1.22 Updated: July 2, 2026
LOW

text-selection-color

text-selection-color

Score: N/A Text Selection Color <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 2, 2026
LOW

terms-of-use-2

terms-of-use-2

Score: N/A Terms of Use <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 2, 2026
LOW

sunshine-photo-cart

sunshine-photo-cart

Score: N/A Sunshine Photo Cart <= 3.4.10 - Unauthenticated PHP Object Injection Affected: *-3.4.10 Patched: 3.4.11 Updated: July 2, 2026
LOW

slider-bws

slider-bws

Score: N/A Slider by BestWebSoft <= 1.1.0 - Authenticated (Administrator+) SQL Injection Affected: *-1.1.0 Patched: 1.1.1 Updated: July 2, 2026
LOW

simple-trackback-disabler

simple-trackback-disabler

Score: N/A Simple Trackback Disabler <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: July 2, 2026
LOW

showtime-slideshow

showtime-slideshow

Score: N/A ShowTime Slideshow <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 2, 2026
LOW

rps-include-content

rps-include-content

Score: N/A RPS Include Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: July 2, 2026
LOW

pop-up

pop-up

Score: N/A Pop-Up Chop Chop <= 2.1.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.1.7 Patched: Updated: July 2, 2026
LOW

pakkelabels-for-woocommerce

pakkelabels-for-woocommerce

Score: N/A Shipmondo – A complete shipping solution for WooCommerce <= 5.0.3 - Missing Authorization to Authenticated (Customer+) Information Disclosure Affected: *-5.0.3 Patched: 5.0.4 Updated: July 2, 2026
LOW

paid-membership

paid-membership

Score: N/A MicroPayments <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.29 Patched: 2.9.30 Updated: July 2, 2026
LOW

page-takeover

page-takeover

Score: 93/100 Page Takeover <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.6 Patched: 1.1.7 Updated: July 2, 2026
LOW

omnileads-scripts-and-tags-manager

omnileads-scripts-and-tags-manager

Score: 91/100 OmniLeads Scripts and Tags Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 2, 2026
LOW

nertworks-all-in-one-social-share-tools

nertworks-all-in-one-social-share-tools

Score: 91/100 NertWorks All in One Social Share Tools <= 1.26 - Cross-Site Request Forgery Affected: *-1.26 Patched: Updated: July 2, 2026
LOW

mobile-dj-manager

mobile-dj-manager

Score: 91/100 MDJM Event Management <= 1.7.5.2 - Authenticated (Subscriber+) PHP Object Injection Affected: *-1.7.5.2 Patched: 1.7.5.3 Updated: July 2, 2026
LOW

microblog-poster

microblog-poster

Score: 91/100 Microblog Poster <= 2.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.6 Patched: Updated: July 2, 2026
LOW

material-dashboard

material-dashboard

Score: 93/100 Material Dashboard <= 1.4.5 - Unauthenticated Privilege Escalation Affected: *-1.4.5 Patched: 1.4.6 Updated: July 2, 2026
LOW

lws-sms

lws-sms

Score: 91/100 LWS SMS <= 2.4.1 - Cross-Site Request Forgery Affected: *-2.4.1 Patched: Updated: July 2, 2026
LOW

login-alert

login-alert

Score: 91/100 Login Alert <= 0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.2.1 Patched: Updated: July 2, 2026
LOW

leaky-paywall

leaky-paywall

Score: 93/100 Leaky Paywall <= 4.21.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.21.7 Patched: 4.21.8 Updated: July 2, 2026
LOW

kk-i-like-it

kk-i-like-it

Score: 91/100 KK I Like It <= 1.7.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7.5.3 Patched: Updated: July 2, 2026
LOW

kento-wp-stats

kento-wp-stats

Score: 91/100 Kento WordPress Stats <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 2, 2026
LOW

hostel

hostel

Score: 93/100 Hostel <= 1.1.5.5 - Reflected Cross-Site Scripting Affected: *-1.1.5.5 Patched: 1.1.5.6 Updated: July 2, 2026
LOW

formlift

formlift

Score: 93/100 FormLift for Infusionsoft Web Forms <= 7.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.5.19 Patched: 7.5.20 Updated: July 2, 2026
LOW

flatty-flat-admin-theme

flatty-flat-admin-theme

Score: 91/100 Flatty <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 2, 2026
LOW

duplicate-post-and-page

duplicate-post-and-page

Score: 89/100 Duplicate Page and Post <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

duplicate-post-and-page

duplicate-post-and-page

Score: 89/100 Duplicate Page and Post <= 1.0 - Authenticated (Contributor+) SQL Injection Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

dropdown-multisite-selector

dropdown-multisite-selector

Score: 93/100 Dropdown Multisite selector < 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 0.9.4) Patched: 0.9.4 Updated: July 2, 2026
LOW

different-shipping-and-billing-address-for-woocommerce

different-shipping-and-billing-address-for-woocommerce

Score: 93/100 Multiple Shipping And Billing Address For Woocommerce <= 1.5 - Unauthenticated PHP Object Injection Affected: *-1.5 Patched: 1.6 Updated: July 2, 2026
LOW

clear-sucuri-cache

clear-sucuri-cache

Score: 91/100 Clear Sucuri Cache <= 1.4 - Missing Authorization Affected: *-1.4 Patched: Updated: July 2, 2026
LOW

browser-caching-with-htaccess

browser-caching-with-htaccess

Score: 91/100 Browser Caching with .htaccess 1.2.1 - Cross-Site Request Forgery Affected: 1.2.1 Patched: Updated: July 2, 2026
LOW

bit-assist

bit-assist

Score: 93/100 Bit Assist <= 1.5.4 - Unauthenticated Path Traversal Affected: *-1.5.4 Patched: 1.5.5 Updated: July 2, 2026
LOW

better-section-navigation

better-section-navigation

Score: 93/100 Better Section Navigation Widget <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: 1.7.0 Updated: July 2, 2026
LOW

td-composer

td-composer

Score: N/A tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-5.3 Patched: 5.4 Updated: July 2, 2026
LOW

Advanced Google reCAPTCHA

advanced-google-recaptcha

Score: 89/100 Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter Affected: *-1.29 Patched: 1.30 Updated: July 2, 2026
LOW

td-composer

td-composer

Score: N/A tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username' Affected: *-5.3 Patched: 5.4 Updated: July 2, 2026
LOW

kubio

kubio

Score: 93/100 Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion Affected: *-2.5.1 Patched: 2.5.2 Updated: July 2, 2026
LOW

zoho-subscriptions

zoho-subscriptions

Score: N/A Zoho Billing – Embed Payment Form <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0 Patched: 4.1 Updated: July 2, 2026
LOW

z-companion

z-companion

Score: N/A Z Companion <= 1.0.13 - Missing Authorization Affected: *-1.0.13 Patched: 1.1.0 Updated: July 2, 2026
LOW

xili-dictionary

xili-dictionary

Score: N/A xili-dictionary <= 2.12.5 - Reflected Cross-Site Scripting Affected: *-2.12.5 Patched: 2.12.5.1 Updated: July 2, 2026
LOW

wpshopgermany-it-recht-kanzlei

wpshopgermany-it-recht-kanzlei

Score: N/A wpShopGermany IT-RECHT KANZLEI <= 2.0 - Cross-Site Request Forgery Affected: *-2.0 Patched: 2.1 Updated: July 2, 2026
LOW

wpguppy-lite

wpguppy-lite

Score: N/A WPGuppy <= 1.1.3 - Authenticated (Subscriber+) SQL Injection Affected: *-1.1.3 Patched: 1.1.4 Updated: July 2, 2026
LOW

wpc-smart-upsell-funnel

wpc-smart-upsell-funnel

Score: N/A WPC Smart Upsell Funnel for WooCommerce <= 3.0.4 - Authenticated (Subscriber+) Arbitrary Options Update Affected: *-3.0.4 Patched: 3.0.5 Updated: July 2, 2026
LOW

wp2leads

wp2leads

Score: N/A WP2LEADS <= 3.4.5 - Reflected Cross-Site Scripting Affected: *-3.4.5 Patched: 3.4.7 Updated: July 2, 2026
LOW

wp-team-manager

wp-team-manager

Score: N/A Team Manager <= 2.1.23 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.1.23 Patched: 2.2.0 Updated: July 2, 2026
LOW

wp-subscription-forms

wp-subscription-forms

Score: N/A WP Subscription Forms <= 1.2.3 - Authenticated (Contributor+) SQL Injection Affected: *-1.2.3 Patched: 1.2.4 Updated: July 2, 2026
LOW

wp-posts-carousel

wp-posts-carousel

Score: N/A WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.7 Patched: 1.3.8 Updated: July 2, 2026
LOW

wp-plugin-contact-form-7

wp-plugin-contact-form-7

Score: N/A VaultRE Contact Form 7 <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 2, 2026
LOW

wp-marketing-automations

wp-marketing-automations

Score: N/A Automation By Autonami <= 3.5.1 - Open Redirect Affected: *-3.5.1 Patched: 3.5.2 Updated: July 2, 2026
LOW

wp-leads-builder-any-crm

wp-leads-builder-any-crm

Score: N/A Lead Form Data Collection to CRM <= 3.0.1 - Authenticated (Contributor+) SQL Injection Affected: *-3.0.1 Patched: 3.1 Updated: July 2, 2026
LOW

wp-job-manager-colors

wp-job-manager-colors

Score: N/A Job Colors for WP Job Manager <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 2, 2026
LOW

wp-google-street-view

wp-google-street-view

Score: N/A WP Google Street View <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.6 Updated: July 2, 2026
LOW

WP Google Review Slider

wp-google-places-review-slider

Score: 70/100 WP Google Review Slider <= 16.0 - Cross-Site Request Forgery to SQL Injection Affected: *-16.0 Patched: 16.1 Updated: July 2, 2026
LOW

wp-cards

wp-cards

Score: N/A WP Cards <= 1.5.1 - Reflected Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 2, 2026
LOW

wp-cafe

wp-cafe

Score: N/A WPCafe <= 2.2.31 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.2.31 Patched: 2.2.32 Updated: July 2, 2026
LOW

wp-analytify

wp-analytify

Score: N/A Analytify <= 5.5.1 - Missing Authorization to Authenticated (Subscriber+) Minor Settings Update Affected: *-5.5.1 Patched: 6.0.0 Updated: July 2, 2026
LOW

woo-fattureincloud

woo-fattureincloud

Score: N/A WooCommerce Fattureincloud <= 2.6.7 - Reflected Cross-Site Scripting Affected: *-2.6.7 Patched: 2.6.8 Updated: July 2, 2026
LOW

wishsuite

wishsuite

Score: N/A WishSuite <= 1.4.4 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.4.4 Patched: 1.4.5 Updated: July 2, 2026
LOW

webtexttool

webtexttool

Score: N/A Textmetrics <= 3.6.1 - Missing Authorization Affected: *-3.6.1 Patched: 3.6.2 Updated: July 2, 2026
LOW

wc-product-author

wc-product-author

Score: N/A Product Author for WooCommerce <= 1.0.7 - Cross-Site Request Forgery Affected: *-1.0.7 Patched: 1.0.8 Updated: July 2, 2026
LOW

wa-chatbox-manager

wa-chatbox-manager

Score: N/A Chatbox Manager <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: 1.2.3 Updated: July 2, 2026
LOW

verge3d

verge3d

Score: N/A Verge3D <= 4.8.2 - Cross-Site Request Forgery Affected: *-4.8.2 Patched: 4.8.3 Updated: July 2, 2026
LOW

validar-certificados-de-cursos

validar-certificados-de-cursos

Score: N/A ValidateCertify <= 1.6.1 - Cross-Site Request Forgery Affected: *-1.6.1 Patched: 1.6.2 Updated: July 2, 2026
LOW

ultimate-dashboard

ultimate-dashboard

Score: N/A Ultimate Dashboard <= 3.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.8.5 Patched: 3.8.6 Updated: July 2, 2026
LOW

ultimate-dashboard

ultimate-dashboard

Score: N/A Ultimate Dashboard <= 3.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.8.5 Patched: 3.8.6 Updated: July 2, 2026
LOW

ultimate-dashboard

ultimate-dashboard

Score: N/A Ultimate Dashboard <= 3.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.8.5 Patched: 3.8.6 Updated: July 2, 2026
LOW

twb-woocommerce-reviews

twb-woocommerce-reviews

Score: N/A TWB Woocommerce Reviews <= 1.7.7 - Cross-Site Request Forgery Affected: *-1.7.7 Patched: 1.7.8 Updated: July 2, 2026
LOW

tour-booking-manager

tour-booking-manager

Score: N/A WpTravelly <= 1.8.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.8.7 Patched: 1.8.8 Updated: July 2, 2026
LOW

timetics

timetics

Score: N/A Timetics <= 1.0.29 - Missing Authorization Affected: *-1.0.29 Patched: 1.0.30 Updated: July 2, 2026
LOW

tidekey

tidekey

Score: N/A Tidekey <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 2, 2026
LOW

tickera-event-ticketing-system

tickera-event-ticketing-system

Score: N/A Tickera <= 3.5.5.2 - Missing Authorization Affected: *-3.5.5.2 Patched: 3.5.5.3 Updated: July 2, 2026
LOW

themify-event-post

themify-event-post

Score: N/A Themify Event Post <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.3.3 Updated: July 2, 2026
LOW

themify-event-post

themify-event-post

Score: N/A Themify Event Post <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.3.2 Patched: 1.3.3 Updated: July 2, 2026
LOW

the-post-grid

the-post-grid

Score: N/A The Post Grid <= 7.7.17 - Authenticated (Contributor+) Local File Inclusion Affected: *-7.7.17 Patched: 7.7.18 Updated: July 2, 2026
LOW

the-pack-addon

the-pack-addon

Score: N/A The Pack Elementor addons <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.1 Patched: 2.1.2 Updated: July 2, 2026
LOW

the-pack-addon

the-pack-addon

Score: N/A The Pack Elementor addons <= 2.1.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.1.1 Patched: 2.1.2 Updated: July 2, 2026
LOW

terms-and-conditions-per-product

terms-and-conditions-per-product

Score: N/A Terms & Conditions Per Product <= 1.2.15 - Missing Authorization Affected: *-1.2.15 Patched: 1.2.16 Updated: July 2, 2026
LOW

syntaxhighlighter

syntaxhighlighter

Score: N/A SyntaxHighlighter Evolved <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.1 Patched: 3.7.2 Updated: July 2, 2026
LOW

support-genix-lite

support-genix-lite

Score: N/A Support Genix <= 1.4.11 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-1.4.11 Patched: 1.4.12 Updated: July 2, 2026
LOW

support-chat

support-chat

Score: N/A Click to Chat – WP Support All-in-One Floating Widget <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.4 Patched: 2.3.5 Updated: July 2, 2026
LOW

subscribe-to-download-lite

subscribe-to-download-lite

Score: N/A Subscribe to Download Lite <= 1.2.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.2.9 Patched: 1.3.0 Updated: July 2, 2026
LOW

structured-content

structured-content

Score: N/A Structured Content <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.3 Patched: 1.6.4 Updated: July 2, 2026
LOW

store-locator-widget

store-locator-widget

Score: N/A Store Locator Widget <= 2025r2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: * - 2025r2 Patched: 2025r3 Updated: July 2, 2026

Showing 10801 to 10900 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 2, 2026 at 22:46 UTC.