Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
maxi-blocks	maxi-blocks	93	Maxi Blocks <= 2.1.9 - Authenticated (Author+) Stored Cross-Site Scripting via Style Card REST API	LOW	*-2.1.9	2.1.10	June 29, 2026
wp-mail-gateway	wp-mail-gateway	N/A	WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_provider_config' AJAX Action	LOW	*-1.8	1.8.1	June 29, 2026
woocommerce-call-for-price	woocommerce-call-for-price	N/A	Call for Price for WooCommerce <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Call for Price' Label Settings	LOW	*-4.2.0	4.3.0	June 29, 2026
woo-thank-you-page-nextmove-lite	woo-thank-you-page-nextmove-lite	N/A	NextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xlwcty_current_date' Shortcode	LOW	*-2.23.0	2.24.0	June 29, 2026
widget-options	widget-options	N/A	Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic	LOW	*-4.2.2	4.2.3	June 29, 2026
wc-frontend-manager	wc-frontend-manager	N/A	WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User Deletion	LOW	*-6.7.25	6.7.26	June 29, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor	royal-elementor-addons	N/A	Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter	LOW	*-1.7.1057	1.7.1058	June 29, 2026
paid-memberships-pro	paid-memberships-pro	N/A	Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption	LOW	*-3.6.5	3.6.6	June 29, 2026
my-social-feeds	my-social-feeds	N/A	My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action	LOW	*-1.0.4	1.0.5	June 29, 2026
gravityforms	gravityforms	93	Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Consent Field Hidden Input	LOW	*-2.9.30	2.9.31	June 29, 2026
gravityforms	gravityforms	93	Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Calculation Product Field in Repeater	LOW	*-2.10.0	2.10.1	June 29, 2026
gravityforms	gravityforms	93	Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Product Option	LOW	*-2.10.0	2.10.1	June 29, 2026
gravityforms	gravityforms	93	Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater	LOW	*-2.10.0	2.10.1	June 29, 2026
gravityforms	gravityforms	93	Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater	LOW	*-2.10.0	2.10.1	June 29, 2026
geo-mashup	geo-mashup	93	Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter	LOW	*-1.13.18	1.13.19	June 29, 2026
geo-mashup	geo-mashup	93	Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter	LOW	*-1.13.18	1.13.19	June 29, 2026
geo-mashup	geo-mashup	93	Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'map_post_type' Parameter	LOW	*-1.13.18	1.13.19	June 29, 2026
extended-widget-options	extended-widget-options	93	Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic	LOW	*-5.3.2	5.3.3	June 29, 2026
dokan-lite	dokan-lite	93	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint	LOW	*-4.3.1	4.3.2	June 29, 2026
customer-area	customer-area	89	WP Customer Area <= 8.3.4 - Authenticated (Custom+) Path Traversal	LOW	*-8.3.4	8.3.5	June 29, 2026
temporary-login	temporary-login	N/A	Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover	LOW	*-1.0.0	1.1.0	June 29, 2026
yet-another-stars-rating	yet-another-stars-rating	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.4.12	3.4.15	June 29, 2026
xt-woo-variation-swatches	xt-woo-variation-swatches	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.9.4	1.9.7	June 29, 2026
xt-woo-quick-view-lite	xt-woo-quick-view-lite	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.1.5		June 29, 2026
wps-team	wps-team	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.3.0	3.3.2	June 29, 2026
WPIDE – File Manager & Code Editor	wpide	92	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.5.1	3.5.2	June 29, 2026
wpbits-addons-for-elementor	wpbits-addons-for-elementor	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.7		June 29, 2026
wp-top-news	wp-top-news	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.4.1	2.4.3	June 29, 2026
wp-stripe-donation	wp-stripe-donation	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.2.6	3.2.9	June 29, 2026
wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages	wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.25.16	2.25.19	June 29, 2026
wp-post-author	wp-post-author	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.8.3	3.8.4	June 29, 2026
wp-notification-bell	wp-notification-bell	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.4.2	1.4.3	June 29, 2026
wp-meta-and-date-remover	wp-meta-and-date-remover	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.3.4	2.3.5	June 29, 2026
wp-letsencrypt-ssl	wp-letsencrypt-ssl	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-7.7.0	7.7.3	June 29, 2026
wp-fail2ban	wp-fail2ban	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-5.3.4	5.4.0	June 29, 2026
WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards	wp-data-access	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-5.5.31	5.5.32	June 29, 2026
wp-coupons-and-deals	wp-coupons-and-deals	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.2.2	3.2.3	June 29, 2026
wp-books-gallery	wp-books-gallery	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-4.6.8	4.7.6	June 29, 2026
wp-auto-republish	wp-auto-republish	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.5.8		June 29, 2026
StoreCustomizer – A plugin to Customize all WooCommerce Pages	woocustomizer	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.5.9	2.6.0	June 29, 2026
woocommerce-pay-per-post	woocommerce-pay-per-post	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.1.26	3.1.28	June 29, 2026
woo-permalink-manager	woo-permalink-manager	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.3.11		June 29, 2026
woo-floating-cart-lite	woo-floating-cart-lite	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.8.4		June 29, 2026
woo-coupon-usage	woo-coupon-usage	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-5.17.2	5.19.0	June 29, 2026
woo-conditional-payment-gateways	woo-conditional-payment-gateways	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.16.3	1.16.4	June 29, 2026
woo-authorize-net-gateway-aim	woo-authorize-net-gateway-aim	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-6.1.13	6.1.14	June 29, 2026
widgets-on-pages	widgets-on-pages	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.7		June 29, 2026
widget-for-eventbrite-api	widget-for-eventbrite-api	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-6.1.10	6.1.11	June 29, 2026
Advanced Booking & Appointment System – Webba Booking Calendar	webba-booking-lite	70	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-5.0.57	5.1.8	June 29, 2026
wc-thanks-redirect	wc-thanks-redirect	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-4.2.0	4.2.1	June 29, 2026
wc-place-order-without-payment	wc-place-order-without-payment	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.6.5	2.6.7	June 29, 2026
wc-hkdigital-acba-gateway	wc-hkdigital-acba-gateway	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.2.6		June 29, 2026
wc-cashapp	wc-cashapp	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-6.0.2		June 29, 2026
url-shortify	url-shortify	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.10.4	1.10.5.1	June 29, 2026
unlimited-elements-for-elementor	unlimited-elements-for-elementor	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.5.140	1.5.141	June 29, 2026
ultimeter	ultimeter	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.0.5	3.0.7	June 29, 2026
tripetto	tripetto	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-8.0.7	8.0.8	June 29, 2026
treepress	treepress	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.0.6	3.0.7	June 29, 2026
text-to-audio	text-to-audio	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.7.34	1.8.12	June 29, 2026
tablesome	tablesome	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.1.13	1.1.17	June 29, 2026
TablePress – Tables in WordPress made easy	tablepress	86	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.0.2	3.0.3	June 29, 2026
streamweasels-twitch-integration	streamweasels-twitch-integration	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.9.2	1.9.3	June 29, 2026
spotlight-social-photo-feeds	spotlight-social-photo-feeds	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.7.0	1.7.1	June 29, 2026
spice-post-slider	spice-post-slider	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.1	2.2	June 29, 2026
smart-phone-field-for-gravity-forms	smart-phone-field-for-gravity-forms	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.1.6	2.2.0	June 29, 2026
simply-gallery-block	simply-gallery-block	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.2.4.4	3.2.4.5	June 29, 2026
shortcodes-ultimate	shortcodes-ultimate	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-7.3.3	7.3.4	June 29, 2026
share-this-image	share-this-image	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.07	2.08	June 29, 2026
send-users-email	send-users-email	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.5.10	1.6.2	June 29, 2026
Security Ninja – WordPress Security & Firewall	security-ninja	88	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-5.222	5.225	June 29, 2026
role-and-customer-based-pricing-for-woocommerce	role-and-customer-based-pricing-for-woocommerce	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.6.0	1.6.1	June 29, 2026
restricted-content	restricted-content	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.3.0	2.3.1	June 29, 2026
restaurant-cafe-addon-for-elementor	restaurant-cafe-addon-for-elementor	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.5.8	1.6.1	June 29, 2026
remove-add-to-cart-woocommerce	remove-add-to-cart-woocommerce	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.4.7		June 29, 2026
radio-station	radio-station	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.5.9	2.5.17	June 29, 2026
radio-player	radio-player	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.0.82	2.0.83	June 29, 2026
product-layouts	product-layouts	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.3.1	1.3.5	June 29, 2026
primary-addon-for-elementor	primary-addon-for-elementor	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.6.0	1.6.5	June 29, 2026
premmerce-woocommerce-product-filter	premmerce-woocommerce-product-filter	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.7.3		June 29, 2026
post-to-google-my-business	post-to-google-my-business	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.1.28	3.2.2	June 29, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App	post-smtp	87	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.0.0	3.1.0	June 29, 2026
Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider	post-slider-and-carousel	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.2.7	3.2.9	June 29, 2026
post-list-designer	post-list-designer	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.3.7	3.3.8	June 29, 2026
PDF Poster – Display PDF Files with Custom Viewer	pdf-poster	96	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.2.0	2.3.1	June 29, 2026
open-user-map	open-user-map	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.4.0	1.4.1	June 29, 2026
ocean-extra	ocean-extra	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.4.2	2.4.4	June 29, 2026
music-player-for-elementor	music-player-for-elementor	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.4.1	2.4.4	June 29, 2026
mobile-menu	mobile-menu	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.8.6	2.8.7	June 29, 2026
menu-image	menu-image	N/A	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.12	3.13	June 29, 2026
master-addons	master-addons	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.0.7.2	2.0.7.3	June 29, 2026
mapster-wp-maps	mapster-wp-maps	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.9.0	1.21.0	June 29, 2026
map-location-picker-at-checkout-for-woocommerce	map-location-picker-at-checkout-for-woocommerce	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.10.6	1.10.8	June 29, 2026
logo-showcase-with-slick-slider	logo-showcase-with-slick-slider	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.2.7	3.2.9	June 29, 2026
justified-gallery	justified-gallery	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.9.0	1.10.0	June 29, 2026
joli-table-of-contents	joli-table-of-contents	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.6.0	2.6.1	June 29, 2026
internal-links	internal-links	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.24.6	2.25.2	June 29, 2026
interactive-geo-maps	interactive-geo-maps	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.6.22	1.6.23	June 29, 2026
integrate-google-drive	integrate-google-drive	91	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.4.9	1.5.0	June 29, 2026
Independent Analytics – WordPress Analytics Plugin	independent-analytics	69	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.9.7	2.10.0	June 29, 2026
inavii-social-feed-for-elementor	inavii-social-feed-for-elementor	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.7.0	2.7.7	June 29, 2026

LOW

maxi-blocks

Score: 93/100 Maxi Blocks <= 2.1.9 - Authenticated (Author+) Stored Cross-Site Scripting via Style Card REST API Affected: *-2.1.9 Patched: 2.1.10 Updated: June 29, 2026

LOW

Score: N/A WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_provider_config' AJAX Action Affected: *-1.8 Patched: 1.8.1 Updated: June 29, 2026

LOW

woocommerce-call-for-price

Score: N/A Call for Price for WooCommerce <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Call for Price' Label Settings Affected: *-4.2.0 Patched: 4.3.0 Updated: June 29, 2026

LOW

woo-thank-you-page-nextmove-lite

Score: N/A NextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xlwcty_current_date' Shortcode Affected: *-2.23.0 Patched: 2.24.0 Updated: June 29, 2026

LOW

widget-options

Score: N/A Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic Affected: *-4.2.2 Patched: 4.2.3 Updated: June 29, 2026

LOW

wc-frontend-manager

Score: N/A WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User Deletion Affected: *-6.7.25 Patched: 6.7.26 Updated: June 29, 2026

LOW

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Score: N/A Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter Affected: *-1.7.1057 Patched: 1.7.1058 Updated: June 29, 2026

LOW

paid-memberships-pro

Score: N/A Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption Affected: *-3.6.5 Patched: 3.6.6 Updated: June 29, 2026

LOW

my-social-feeds

Score: N/A My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action Affected: *-1.0.4 Patched: 1.0.5 Updated: June 29, 2026

LOW

gravityforms

Score: 93/100 Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Consent Field Hidden Input Affected: *-2.9.30 Patched: 2.9.31 Updated: June 29, 2026

LOW

gravityforms

Score: 93/100 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Calculation Product Field in Repeater Affected: *-2.10.0 Patched: 2.10.1 Updated: June 29, 2026

LOW

gravityforms

Score: 93/100 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Product Option Affected: *-2.10.0 Patched: 2.10.1 Updated: June 29, 2026

LOW

gravityforms

Score: 93/100 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater Affected: *-2.10.0 Patched: 2.10.1 Updated: June 29, 2026

LOW

gravityforms

Score: 93/100 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater Affected: *-2.10.0 Patched: 2.10.1 Updated: June 29, 2026

LOW

geo-mashup

Score: 93/100 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter Affected: *-1.13.18 Patched: 1.13.19 Updated: June 29, 2026

LOW

geo-mashup

Score: 93/100 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter Affected: *-1.13.18 Patched: 1.13.19 Updated: June 29, 2026

LOW

geo-mashup

Score: 93/100 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'map_post_type' Parameter Affected: *-1.13.18 Patched: 1.13.19 Updated: June 29, 2026

LOW

extended-widget-options

Score: 93/100 Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic Affected: *-5.3.2 Patched: 5.3.3 Updated: June 29, 2026

LOW

dokan-lite

Score: 93/100 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint Affected: *-4.3.1 Patched: 4.3.2 Updated: June 29, 2026

LOW

customer-area

Score: 89/100 WP Customer Area <= 8.3.4 - Authenticated (Custom+) Path Traversal Affected: *-8.3.4 Patched: 8.3.5 Updated: June 29, 2026

LOW

temporary-login

Score: N/A Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover Affected: *-1.0.0 Patched: 1.1.0 Updated: June 29, 2026

LOW

yet-another-stars-rating

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.4.12 Patched: 3.4.15 Updated: June 29, 2026

LOW

xt-woo-variation-swatches

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.9.4 Patched: 1.9.7 Updated: June 29, 2026

LOW

xt-woo-quick-view-lite

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.1.5 Patched: Updated: June 29, 2026

LOW

wps-team

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.3.0 Patched: 3.3.2 Updated: June 29, 2026

LOW

WPIDE – File Manager & Code Editor

wpide

Score: 92/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.5.1 Patched: 3.5.2 Updated: June 29, 2026

LOW

wpbits-addons-for-elementor

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

wp-top-news

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.4.1 Patched: 2.4.3 Updated: June 29, 2026

LOW

wp-stripe-donation

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.2.6 Patched: 3.2.9 Updated: June 29, 2026

LOW

wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.25.16 Patched: 2.25.19 Updated: June 29, 2026

LOW

wp-post-author

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.8.3 Patched: 3.8.4 Updated: June 29, 2026

LOW

wp-notification-bell

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.4.2 Patched: 1.4.3 Updated: June 29, 2026

LOW

wp-meta-and-date-remover

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.3.4 Patched: 2.3.5 Updated: June 29, 2026

LOW

wp-letsencrypt-ssl

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-7.7.0 Patched: 7.7.3 Updated: June 29, 2026

LOW

wp-fail2ban

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-5.3.4 Patched: 5.4.0 Updated: June 29, 2026

LOW

WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards

wp-data-access

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-5.5.31 Patched: 5.5.32 Updated: June 29, 2026

LOW

wp-coupons-and-deals

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.2.2 Patched: 3.2.3 Updated: June 29, 2026

LOW

wp-books-gallery

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-4.6.8 Patched: 4.7.6 Updated: June 29, 2026

LOW

wp-auto-republish

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.5.8 Patched: Updated: June 29, 2026

LOW

StoreCustomizer – A plugin to Customize all WooCommerce Pages

woocustomizer

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.5.9 Patched: 2.6.0 Updated: June 29, 2026

LOW

woocommerce-pay-per-post

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.1.26 Patched: 3.1.28 Updated: June 29, 2026

LOW

woo-permalink-manager

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.3.11 Patched: Updated: June 29, 2026

LOW

woo-floating-cart-lite

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.8.4 Patched: Updated: June 29, 2026

LOW

woo-coupon-usage

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-5.17.2 Patched: 5.19.0 Updated: June 29, 2026

LOW

woo-conditional-payment-gateways

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.16.3 Patched: 1.16.4 Updated: June 29, 2026

LOW

woo-authorize-net-gateway-aim

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-6.1.13 Patched: 6.1.14 Updated: June 29, 2026

LOW

widgets-on-pages

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

widget-for-eventbrite-api

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-6.1.10 Patched: 6.1.11 Updated: June 29, 2026

LOW

Advanced Booking & Appointment System – Webba Booking Calendar

webba-booking-lite

Score: 70/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-5.0.57 Patched: 5.1.8 Updated: June 29, 2026

LOW

wc-thanks-redirect

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-4.2.0 Patched: 4.2.1 Updated: June 29, 2026

LOW

wc-place-order-without-payment

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.6.5 Patched: 2.6.7 Updated: June 29, 2026

LOW

wc-hkdigital-acba-gateway

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.2.6 Patched: Updated: June 29, 2026

LOW

wc-cashapp

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-6.0.2 Patched: Updated: June 29, 2026

LOW

url-shortify

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.10.4 Patched: 1.10.5.1 Updated: June 29, 2026

LOW

unlimited-elements-for-elementor

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.5.140 Patched: 1.5.141 Updated: June 29, 2026

LOW

ultimeter

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.0.5 Patched: 3.0.7 Updated: June 29, 2026

LOW

tripetto

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-8.0.7 Patched: 8.0.8 Updated: June 29, 2026

LOW

treepress

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.0.6 Patched: 3.0.7 Updated: June 29, 2026

LOW

text-to-audio

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.7.34 Patched: 1.8.12 Updated: June 29, 2026

LOW

tablesome

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.1.13 Patched: 1.1.17 Updated: June 29, 2026

LOW

TablePress – Tables in WordPress made easy

tablepress

Score: 86/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.0.2 Patched: 3.0.3 Updated: June 29, 2026

LOW

streamweasels-twitch-integration

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.9.2 Patched: 1.9.3 Updated: June 29, 2026

LOW

spotlight-social-photo-feeds

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.7.0 Patched: 1.7.1 Updated: June 29, 2026

LOW

spice-post-slider

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.1 Patched: 2.2 Updated: June 29, 2026

LOW

smart-phone-field-for-gravity-forms

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.1.6 Patched: 2.2.0 Updated: June 29, 2026

LOW

simply-gallery-block

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.2.4.4 Patched: 3.2.4.5 Updated: June 29, 2026

LOW

shortcodes-ultimate

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-7.3.3 Patched: 7.3.4 Updated: June 29, 2026

LOW

share-this-image

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.07 Patched: 2.08 Updated: June 29, 2026

LOW

send-users-email

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.5.10 Patched: 1.6.2 Updated: June 29, 2026

LOW

Security Ninja – WordPress Security & Firewall

security-ninja

Score: 88/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-5.222 Patched: 5.225 Updated: June 29, 2026

LOW

role-and-customer-based-pricing-for-woocommerce

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.6.0 Patched: 1.6.1 Updated: June 29, 2026

LOW

restricted-content

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.3.0 Patched: 2.3.1 Updated: June 29, 2026

LOW

restaurant-cafe-addon-for-elementor

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.5.8 Patched: 1.6.1 Updated: June 29, 2026

LOW

remove-add-to-cart-woocommerce

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.4.7 Patched: Updated: June 29, 2026

LOW

radio-station

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.5.9 Patched: 2.5.17 Updated: June 29, 2026

LOW

radio-player

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.0.82 Patched: 2.0.83 Updated: June 29, 2026

LOW

product-layouts

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.3.1 Patched: 1.3.5 Updated: June 29, 2026

LOW

primary-addon-for-elementor

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.6.0 Patched: 1.6.5 Updated: June 29, 2026

LOW

premmerce-woocommerce-product-filter

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.7.3 Patched: Updated: June 29, 2026

LOW

post-to-google-my-business

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.1.28 Patched: 3.2.2 Updated: June 29, 2026

LOW

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Score: 87/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.0.0 Patched: 3.1.0 Updated: June 29, 2026

LOW

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider

post-slider-and-carousel

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.2.7 Patched: 3.2.9 Updated: June 29, 2026

LOW

post-list-designer

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.3.7 Patched: 3.3.8 Updated: June 29, 2026

LOW

PDF Poster – Display PDF Files with Custom Viewer

pdf-poster

Score: 96/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.2.0 Patched: 2.3.1 Updated: June 29, 2026

LOW

open-user-map

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.4.0 Patched: 1.4.1 Updated: June 29, 2026

LOW

ocean-extra

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.4.2 Patched: 2.4.4 Updated: June 29, 2026

LOW

music-player-for-elementor

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.4.1 Patched: 2.4.4 Updated: June 29, 2026

LOW

mobile-menu

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.8.6 Patched: 2.8.7 Updated: June 29, 2026

LOW

menu-image

Score: N/A Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.12 Patched: 3.13 Updated: June 29, 2026

LOW

master-addons

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.0.7.2 Patched: 2.0.7.3 Updated: June 29, 2026

LOW

mapster-wp-maps

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.9.0 Patched: 1.21.0 Updated: June 29, 2026

LOW

map-location-picker-at-checkout-for-woocommerce

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.10.6 Patched: 1.10.8 Updated: June 29, 2026

LOW

logo-showcase-with-slick-slider

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.2.7 Patched: 3.2.9 Updated: June 29, 2026

LOW

justified-gallery

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.9.0 Patched: 1.10.0 Updated: June 29, 2026

LOW

joli-table-of-contents

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.6.0 Patched: 2.6.1 Updated: June 29, 2026

LOW

internal-links

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.24.6 Patched: 2.25.2 Updated: June 29, 2026

LOW

interactive-geo-maps

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.6.22 Patched: 1.6.23 Updated: June 29, 2026

LOW

integrate-google-drive

Score: 91/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.4.9 Patched: 1.5.0 Updated: June 29, 2026

LOW

Independent Analytics – WordPress Analytics Plugin

independent-analytics

Score: 69/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.9.7 Patched: 2.10.0 Updated: June 29, 2026

LOW

inavii-social-feed-for-elementor

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.7.0 Patched: 2.7.7 Updated: June 29, 2026

Showing 1001 to 1100 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 05:45 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List