Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

92

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
GEO Plugin by Squirrly SEO squirrly-seo N/A SEO Plugin by Squirrly SEO <= 12.4.03 - Authenticated (Contributor+) SQL Injection LOW *-12.4.03 12.4.06 July 3, 2026
specific-content-for-mobile specific-content-for-mobile N/A Specific Content For Mobile <= 0.5.3 - Missing Authorization LOW *-0.5.3 0.5.4 July 3, 2026
smart-wishlist-for-more-convert smart-wishlist-for-more-convert N/A MC Woocommerce Wishlist <= 1.8.9 - Authenticated (Administrator+) SQL Injection LOW *-1.8.9 1.9.0 July 3, 2026
sku-for-woocommerce sku-for-woocommerce N/A SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting LOW *-1.6.2 1.6.3 July 3, 2026
skt-addons-for-elementor skt-addons-for-elementor N/A SKT Addons for Elementor <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.5 3.6 July 3, 2026
sitekit sitekit N/A Sitekit <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8 1.9 July 3, 2026
simply-rets simply-rets N/A SimplyRETS Real Estate IDX <= 3.0.5 - Cross-Site Request Forgery LOW *-3.0.5 3.1.0 July 3, 2026
simplebooklet simplebooklet N/A Simplebooklet PDF Viewer and Embedder <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.2 1.1.3 July 3, 2026
serial-codes-generator-and-validator serial-codes-generator-and-validator N/A Serial Codes Generator and Validator with WooCommerce Support <= 2.7.7 - Cross-Site Request Forgery via [placeholder] LOW *-2.7.7 2.7.8 July 3, 2026
sensei-lms sensei-lms N/A Sensei LMS <= 4.24.4 - Missing Authorization LOW *-4.24.4 4.24.5 July 3, 2026
secupress secupress N/A SecuPress Free <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.5.3 2.2.5.4 July 3, 2026
searchiq searchiq N/A SearchIQ <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.7 4.8 July 3, 2026
rometheme-for-elementor rometheme-for-elementor N/A RomethemeKit For Elementor <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation LOW *-1.5.4 1.5.5 July 3, 2026
Five Star Restaurant Reservations – WordPress Booking Plugin restaurant-reservations N/A Five Star Restaurant Reservations <= 2.6.29 - Missing Authorization LOW *-2.6.29 2.6.30 July 3, 2026
recaptcha-for-all recaptcha-for-all N/A reCAPTCHA for all <= 2.22 - Cross-Site Request Forgery LOW *-2.22 2.23 July 3, 2026
quotes-llama quotes-llama N/A Quotes llama <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.0 3.1.1 July 3, 2026
quiz-cat quiz-cat N/A Quiz Cat <= 3.0.8 - Missing Authorization LOW *-3.0.8 3.0.9 July 3, 2026
quick-localization quick-localization N/A Quick Localization <= 0.1.0 - Reflected Cross-Site Scripting LOW *-0.1.0 July 3, 2026
quick-adsense-reloaded quick-adsense-reloaded N/A Ads by WPQuads <= 2.0.87.1 - Unauthenticated SQL Injection LOW *-2.0.87.1 2.0.88 July 3, 2026
quick-adsense-reloaded quick-adsense-reloaded N/A Ads by WPQuads <= 2.0.87.1 - Missing Authorization LOW *-2.0.87.1 2.0.88 July 3, 2026
publish-post-email-notification publish-post-email-notification N/A publish post email notification <= 1.0.2.3 - Cross-Site Request Forgery LOW *-1.0.2.3 1.0.2.4 July 3, 2026
primer-mydata primer-mydata N/A Primer MyData for Woocommerce < 4.2.4 - Reflected Cross-Site Scripting LOW [*, 4.2.4) 4.2.4 July 3, 2026
pesapal-for-woocommerce pesapal-for-woocommerce N/A Pesapal Gateway for Woocommerce <= 2.1.0 - Reflected Cross-Site Scripting LOW *-2.1.0 July 3, 2026
persian-woocommerce-shipping persian-woocommerce-shipping N/A persian-woocommerce-shipping <= 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.2.3 4.2.4 July 3, 2026
our-team-members our-team-members
93
Our Team Members <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure LOW *-2.2 2.3 July 3, 2026
order-status-rules-for-woocommerce order-status-rules-for-woocommerce
93
Scheduled & Automatic Order Status Controller for WooCommerce <= 3.7.1 - Open Redirect LOW *-3.7.1 3.7.2 July 3, 2026
ok-poster-group ok-poster-group
91
OK Poster Group <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 3, 2026
off-canvas-sidebars off-canvas-sidebars
93
Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.5.8.2 0.5.8.4 July 3, 2026
novelist novelist
93
Novelist <= 1.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.3 1.2.4 July 3, 2026
nmedia-mailchimp-widget nmedia-mailchimp-widget
91
Nmedia MailChimp <= 5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-5.4 July 3, 2026
newsletters-lite newsletters-lite
93
Newsletters <= 4.9.9.7 - Authenticated (Administrator+) SQL Injection LOW *-4.9.9.7 4.9.9.8 July 3, 2026
mp-restaurant-menu mp-restaurant-menu
91
Restaurant Menu by MotoPress <= 2.4.4 - Authenticated (Contributor+) Local File Inclusion LOW *-2.4.4 2.4.5 July 3, 2026
metform metform
93
Metform <= 3.9.2 - Authenticated (Admin+) Server-Side Request Forgery LOW *-3.9.2 3.9.3 July 3, 2026
mappress-google-maps-for-wordpress mappress-google-maps-for-wordpress
93
MapPress Maps for WordPress <= 2.94.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.94.9 2.94.10 July 3, 2026
Event Booking Manager for WooCommerce mage-eventpress
82
WpEvently <= 4.2.9 - Authenticated (Contributor+) Local File Inclusion LOW *-4.2.9 4.3.0 July 3, 2026
Event Booking Manager for WooCommerce mage-eventpress
82
WpEvently <= 4.2.9 - Missing Authorization LOW *-4.2.9 4.3.0 July 3, 2026
login-widget-for-ultimate-member login-widget-for-ultimate-member
93
Login Widget for Ultimate Member <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion LOW *-1.1.2 1.1.3 July 3, 2026
liveforms liveforms
91
Live Forms <= 4.8.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-4.8.4 4.8.5 July 3, 2026
listamester listamester
93
Listamester <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.5 2.3.6 July 3, 2026
learnpress learnpress
93
LearnPress <= 4.2.7.5 - Missing Authorization LOW *-4.2.7.5 4.2.7.6 July 3, 2026
leadconnector leadconnector
93
LeadConnector <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.2 3.0.3 July 3, 2026
LatePoint – Calendar Booking Plugin for Appointments and Events latepoint
83
LatePoint <= 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.1.6 5.1.7 July 3, 2026
klarna-checkout-for-woocommerce klarna-checkout-for-woocommerce
93
Klarna Checkout for WooCommerce <= 2.13.4 - Denial of Service LOW *-2.13.4 2.13.5 July 3, 2026
King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder king-addons
76
King Addons for Elementor <= 24.12.58 - Missing Authorization LOW *-24.12.58 24.12.59 July 3, 2026
just-writing-statistics just-writing-statistics
93
Just Writing Statistics <= 5.3 - Missing Authorization LOW *-5.3 5.4 July 3, 2026
js-support-ticket js-support-ticket
93
JS Help Desk <= 2.9.2 - Unauthenticated SQL Injection LOW *-2.9.2 2.9.3 July 3, 2026
js-support-ticket js-support-ticket
93
JS Help Desk <= 2.9.2 - Missing Authorization LOW *-2.9.2 2.9.3 July 3, 2026
js-support-ticket js-support-ticket
93
JS Help Desk <= 2.9.2 - Unauthenticated Local File Inclusion LOW *-2.9.2 2.9.3 July 3, 2026
js-support-ticket js-support-ticket
93
JS Help Desk <= 2.9.1 - Unauthenticated Arbitrary File Download LOW *-2.9.1 2.9.2 July 3, 2026
js-support-ticket js-support-ticket
93
JS Help Desk <= 2.9.2 - Unauthenticated Arbitrary File Deletion LOW *-2.9.2 2.9.3 July 3, 2026
jalbum-bridge jalbum-bridge
93
jAlbum Bridge <= 2.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.17 2.0.18 July 3, 2026
ip-locator ip-locator
93
IP Locator <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.1.0 4.2.0 July 3, 2026
integration-for-contact-form-7-and-google-sheets integration-for-contact-form-7-and-google-sheets
93
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.0.9 - Cross-Site Request Forgery LOW *-1.0.9 1.1.0 July 3, 2026
image-wall image-wall
93
Image Wall <= 3.0 - Reflected Cross-Site Scripting LOW *-3.0 3.1 July 3, 2026
ideal-wp-login-logo-changer ideal-wp-login-logo-changer
93
Custom Login Logo <= 1.1.7 - Cross-Site Request Forgery LOW *-1.1.7 1.1.8 July 3, 2026
hostel hostel
93
Hostel <= 1.1.5 - Reflected Cross-Site Scripting LOW *-1.1.5 1.1.5.5 July 3, 2026
hm-cool-author-box-widget hm-cool-author-box-widget
93
Cool Author Box <= 2.9.9 - Missing Authorization LOW *-2.9.9 3.0.0 July 3, 2026
hesabfa-accounting hesabfa-accounting
89
Hesabfa Accounting <= 2.1.8 - Cross-Site Request Forgery LOW *-2.1.8 2.2.0 July 3, 2026
happy-elementor-addons happy-elementor-addons
93
Happy Addons for Elementor <= 3.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.16.2 3.16.3 July 3, 2026
h5pxapikatchu h5pxapikatchu
93
SNORDIAN's H5PxAPIkatchu <= 0.4.14 - Missing Authorization LOW *-0.4.14 0.4.15 July 3, 2026
Gum Addon for Elementor gum-elementor-addon
98
Gum Elementor Addon <= 1.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.10 1.3.11 July 3, 2026
greenshift-animation-and-page-builder-blocks greenshift-animation-and-page-builder-blocks
93
Greenshift <= 11.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-11.0.2 11.1 July 3, 2026
Greek Multi Tool – Greeklish Slugs, Permalinks & Transliteration greek-multi-tool
90
Greek Multi Tool – Fix peralinks, accents, auto create menus and more <= 2.3.1 - Missing Authorization LOW *-2.3.1 2.3.2 July 3, 2026
google-font-fix google-font-fix
91
Google Font Fix <= 2.3.1 - Reflected Cross-Site Scripting LOW *-2.3.1 July 3, 2026
giveasap giveasap
91
Simple Giveaways <= 2.48.1 - Authenticated (Contributor+) SQL Injection LOW *-2.48.1 2.48.2 July 3, 2026
gift-message-for-woocommerce gift-message-for-woocommerce
93
Gift Message for WooCommerce <= 1.7.8 - Cross-Site Request Forgery LOW *-1.7.8 1.7.9 July 3, 2026
fw-integration-for-emailoctopus fw-integration-for-emailoctopus
93
EO4WP <= 1.0.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.8.4 1.0.8.5 July 3, 2026
fulltext-search fulltext-search
93
WP Fast Total Search <= 1.79.262 - Missing Authorization LOW *-1.79.262 1.79.264 July 3, 2026
float-menu float-menu
93
Float menu <= 6.1.2 - Cross-Site Request Forgery to Settings Update LOW *-6.1.2 6.1.3 July 3, 2026
flickr-set-slideshows flickr-set-slideshows
89
Flickr set slideshows <= 0.9 - Authenticated (Subscriber+) SQL Injection LOW *-0.9 July 3, 2026
flexible-cookies flexible-cookies
93
Flexible Cookies <= 1.1.8 - Cross-Site Request Forgery LOW *-1.1.8 1.1.9 July 3, 2026
fb-reviews-widget fb-reviews-widget
93
Trust.Reviews <= 2.3 - Missing Authorization LOW *-2.3 2.4 July 3, 2026
exchange-rates exchange-rates
93
Exchange Rates <= 1.2.2 - Missing Authorization LOW *-1.2.2 1.2.3 July 3, 2026
Event Tickets and Registration event-tickets
86
Event Tickets <= 5.20.0 - Reflected Cross-Site Scripting LOW *-5.20.0 5.20.1 July 3, 2026
essential-real-estate essential-real-estate
87
Essential Real Estate <= 5.2.0 - Unauthenticated Local File Inclusion LOW *-5.2.0 5.2.1 July 3, 2026
erp erp
93
WP ERP <= 1.13.4 - Missing Authorization LOW *-1.13.4 1.14.0 July 3, 2026
enhanced-e-commerce-for-woocommerce-store enhanced-e-commerce-for-woocommerce-store
93
Conversios.io <= 7.2.3 - Missing Authorization LOW *-7.2.3 7.2.4 July 3, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress email-subscribers
65
Email Subscribers & Newsletters <= 5.7.51 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.7.51 5.7.52 July 3, 2026
elisqlreports elisqlreports
93
EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.08 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-5.25.08 5.25.10 July 3, 2026
elisqlreports elisqlreports
93
EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.08 - Cross-Site Request Forgery LOW *-5.25.08 5.25.10 July 3, 2026
ecab-taxi-booking-manager ecab-taxi-booking-manager
93
Taxi Booking Manager for WooCommerce <= 1.2.1 - Missing Authorization LOW *-1.2.1 1.2.2 July 3, 2026
Drag and Drop Multiple File Upload for Contact Form 7 drag-and-drop-multiple-file-upload-contact-form-7
93
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion LOW *-1.3.8.7 1.3.8.8 July 3, 2026
Drag and Drop Multiple File Upload for Contact Form 7 drag-and-drop-multiple-file-upload-contact-form-7
93
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion LOW *-1.3.8.8 1.3.8.9 July 3, 2026
dr-flex dr-flex
93
Dr. Flex <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.0 2.0.1 July 3, 2026
doneren-met-mollie doneren-met-mollie
93
Doneren met Mollie <= 2.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.10.7 2.10.8 July 3, 2026
custom-fields-account-registration-for-woocommerce custom-fields-account-registration-for-woocommerce
93
Custom Fields Account Registration For Woocommerce <= 1.1 - Cross-Site Request Forgery LOW *-1.1 1.2 July 3, 2026
custom-field-for-wp-job-manager custom-field-for-wp-job-manager
93
Custom Field For WP Job Manager <= 1.4 - Cross-Site Request Forgery LOW *-1.4 1.5 July 3, 2026
currency-switcher-for-woocommerce currency-switcher-for-woocommerce
93
Currency Switcher for WooCommerce <= 0.0.7 - Cross-Site Request Forgery LOW *-0.0.7 0.0.8 July 3, 2026
cozy-addons cozy-addons
93
Cozy Blocks <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.6 2.1.7 July 3, 2026
comment-approved-notifier-extended comment-approved-notifier-extended
93
Comment Approved Notifier Extended <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.2 5.3 July 3, 2026
codeflavors-vimeo-video-post-lite codeflavors-vimeo-video-post-lite
93
Vimeotheque <= 2.3.4.2 - Authenticated (Contributor+) SQL Injection LOW *-2.3.4.2 2.3.4.3 July 3, 2026
cm-download-manager cm-download-manager
93
CM Download Manager <= 2.9.6 - Unauthenticated Arbitrary File Deletion LOW *-2.9.6 3.0.0 July 3, 2026
clearout-email-validator clearout-email-validator
93
Clearout Email Validator <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.2.0 3.2.1 July 3, 2026
christmas-panda christmas-panda
93
Christmas Panda <= 1.0.4 - Cross-Site Request Forgery LOW *-1.0.4 1.1.0 July 3, 2026
chart-builder chart-builder
93
Chartify <= 3.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.1.7 3.1.9 July 3, 2026
cart-tracking-for-woocommerce cart-tracking-for-woocommerce
93
Cart tracking for WooCommerce <= 1.0.16 - Authenticated (Administrator+) SQL Injection LOW *-1.0.16 1.0.17 July 3, 2026
breezing-forms breezing-forms
91
Breezing Forms <= 1.2.8.11 - Reflected Cross-Site Scripting LOW *-1.2.8.11 July 3, 2026
bizcalendar-web bizcalendar-web
93
bizcalendar-web <= 1.1.0.34 - Authenticated (Administrator+) SQL Injection LOW *-1.1.0.34 1.1.0.35 July 3, 2026
bit-integrations bit-integrations
93
Bit Integrations <= 2.4.10 - Open Redirect LOW *-2.4.10 2.5.0 July 3, 2026
bit-form bit-form
93
Bit Form – Contact Form Plugin <= 2.18.0 - Open Redirect LOW *-2.18.0 2.18.1 July 3, 2026
LOW

GEO Plugin by Squirrly SEO

squirrly-seo

Score: N/A SEO Plugin by Squirrly SEO <= 12.4.03 - Authenticated (Contributor+) SQL Injection Affected: *-12.4.03 Patched: 12.4.06 Updated: July 3, 2026
LOW

specific-content-for-mobile

specific-content-for-mobile

Score: N/A Specific Content For Mobile <= 0.5.3 - Missing Authorization Affected: *-0.5.3 Patched: 0.5.4 Updated: July 3, 2026
LOW

smart-wishlist-for-more-convert

smart-wishlist-for-more-convert

Score: N/A MC Woocommerce Wishlist <= 1.8.9 - Authenticated (Administrator+) SQL Injection Affected: *-1.8.9 Patched: 1.9.0 Updated: July 3, 2026
LOW

sku-for-woocommerce

sku-for-woocommerce

Score: N/A SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting Affected: *-1.6.2 Patched: 1.6.3 Updated: July 3, 2026
LOW

skt-addons-for-elementor

skt-addons-for-elementor

Score: N/A SKT Addons for Elementor <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.5 Patched: 3.6 Updated: July 3, 2026
LOW

sitekit

sitekit

Score: N/A Sitekit <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8 Patched: 1.9 Updated: July 3, 2026
LOW

simply-rets

simply-rets

Score: N/A SimplyRETS Real Estate IDX <= 3.0.5 - Cross-Site Request Forgery Affected: *-3.0.5 Patched: 3.1.0 Updated: July 3, 2026
LOW

simplebooklet

simplebooklet

Score: N/A Simplebooklet PDF Viewer and Embedder <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: July 3, 2026
LOW

serial-codes-generator-and-validator

serial-codes-generator-and-validator

Score: N/A Serial Codes Generator and Validator with WooCommerce Support <= 2.7.7 - Cross-Site Request Forgery via [placeholder] Affected: *-2.7.7 Patched: 2.7.8 Updated: July 3, 2026
LOW

sensei-lms

sensei-lms

Score: N/A Sensei LMS <= 4.24.4 - Missing Authorization Affected: *-4.24.4 Patched: 4.24.5 Updated: July 3, 2026
LOW

secupress

secupress

Score: N/A SecuPress Free <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.5.3 Patched: 2.2.5.4 Updated: July 3, 2026
LOW

searchiq

searchiq

Score: N/A SearchIQ <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.7 Patched: 4.8 Updated: July 3, 2026
LOW

rometheme-for-elementor

rometheme-for-elementor

Score: N/A RomethemeKit For Elementor <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Affected: *-1.5.4 Patched: 1.5.5 Updated: July 3, 2026
LOW

recaptcha-for-all

recaptcha-for-all

Score: N/A reCAPTCHA for all <= 2.22 - Cross-Site Request Forgery Affected: *-2.22 Patched: 2.23 Updated: July 3, 2026
LOW

quotes-llama

quotes-llama

Score: N/A Quotes llama <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.0 Patched: 3.1.1 Updated: July 3, 2026
LOW

quiz-cat

quiz-cat

Score: N/A Quiz Cat <= 3.0.8 - Missing Authorization Affected: *-3.0.8 Patched: 3.0.9 Updated: July 3, 2026
LOW

quick-localization

quick-localization

Score: N/A Quick Localization <= 0.1.0 - Reflected Cross-Site Scripting Affected: *-0.1.0 Patched: Updated: July 3, 2026
LOW

quick-adsense-reloaded

quick-adsense-reloaded

Score: N/A Ads by WPQuads <= 2.0.87.1 - Unauthenticated SQL Injection Affected: *-2.0.87.1 Patched: 2.0.88 Updated: July 3, 2026
LOW

quick-adsense-reloaded

quick-adsense-reloaded

Score: N/A Ads by WPQuads <= 2.0.87.1 - Missing Authorization Affected: *-2.0.87.1 Patched: 2.0.88 Updated: July 3, 2026
LOW

publish-post-email-notification

publish-post-email-notification

Score: N/A publish post email notification <= 1.0.2.3 - Cross-Site Request Forgery Affected: *-1.0.2.3 Patched: 1.0.2.4 Updated: July 3, 2026
LOW

primer-mydata

primer-mydata

Score: N/A Primer MyData for Woocommerce < 4.2.4 - Reflected Cross-Site Scripting Affected: [*, 4.2.4) Patched: 4.2.4 Updated: July 3, 2026
LOW

pesapal-for-woocommerce

pesapal-for-woocommerce

Score: N/A Pesapal Gateway for Woocommerce <= 2.1.0 - Reflected Cross-Site Scripting Affected: *-2.1.0 Patched: Updated: July 3, 2026
LOW

persian-woocommerce-shipping

persian-woocommerce-shipping

Score: N/A persian-woocommerce-shipping <= 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.3 Patched: 4.2.4 Updated: July 3, 2026
LOW

our-team-members

our-team-members

Score: 93/100 Our Team Members <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure Affected: *-2.2 Patched: 2.3 Updated: July 3, 2026
LOW

order-status-rules-for-woocommerce

order-status-rules-for-woocommerce

Score: 93/100 Scheduled & Automatic Order Status Controller for WooCommerce <= 3.7.1 - Open Redirect Affected: *-3.7.1 Patched: 3.7.2 Updated: July 3, 2026
LOW

ok-poster-group

ok-poster-group

Score: 91/100 OK Poster Group <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

off-canvas-sidebars

off-canvas-sidebars

Score: 93/100 Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.5.8.2 Patched: 0.5.8.4 Updated: July 3, 2026
LOW

novelist

novelist

Score: 93/100 Novelist <= 1.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: July 3, 2026
LOW

nmedia-mailchimp-widget

nmedia-mailchimp-widget

Score: 91/100 Nmedia MailChimp <= 5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-5.4 Patched: Updated: July 3, 2026
LOW

newsletters-lite

newsletters-lite

Score: 93/100 Newsletters <= 4.9.9.7 - Authenticated (Administrator+) SQL Injection Affected: *-4.9.9.7 Patched: 4.9.9.8 Updated: July 3, 2026
LOW

mp-restaurant-menu

mp-restaurant-menu

Score: 91/100 Restaurant Menu by MotoPress <= 2.4.4 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.4.4 Patched: 2.4.5 Updated: July 3, 2026
LOW

metform

metform

Score: 93/100 Metform <= 3.9.2 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-3.9.2 Patched: 3.9.3 Updated: July 3, 2026
LOW

mappress-google-maps-for-wordpress

mappress-google-maps-for-wordpress

Score: 93/100 MapPress Maps for WordPress <= 2.94.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.94.9 Patched: 2.94.10 Updated: July 3, 2026
LOW

Event Booking Manager for WooCommerce

mage-eventpress

Score: 82/100 WpEvently <= 4.2.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.2.9 Patched: 4.3.0 Updated: July 3, 2026
LOW

login-widget-for-ultimate-member

login-widget-for-ultimate-member

Score: 93/100 Login Widget for Ultimate Member <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.2 Patched: 1.1.3 Updated: July 3, 2026
LOW

liveforms

liveforms

Score: 91/100 Live Forms <= 4.8.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-4.8.4 Patched: 4.8.5 Updated: July 3, 2026
LOW

listamester

listamester

Score: 93/100 Listamester <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.5 Patched: 2.3.6 Updated: July 3, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress <= 4.2.7.5 - Missing Authorization Affected: *-4.2.7.5 Patched: 4.2.7.6 Updated: July 3, 2026
LOW

leadconnector

leadconnector

Score: 93/100 LeadConnector <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.2 Patched: 3.0.3 Updated: July 3, 2026
LOW

klarna-checkout-for-woocommerce

klarna-checkout-for-woocommerce

Score: 93/100 Klarna Checkout for WooCommerce <= 2.13.4 - Denial of Service Affected: *-2.13.4 Patched: 2.13.5 Updated: July 3, 2026
LOW

just-writing-statistics

just-writing-statistics

Score: 93/100 Just Writing Statistics <= 5.3 - Missing Authorization Affected: *-5.3 Patched: 5.4 Updated: July 3, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk <= 2.9.2 - Unauthenticated SQL Injection Affected: *-2.9.2 Patched: 2.9.3 Updated: July 3, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk <= 2.9.2 - Missing Authorization Affected: *-2.9.2 Patched: 2.9.3 Updated: July 3, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk <= 2.9.2 - Unauthenticated Local File Inclusion Affected: *-2.9.2 Patched: 2.9.3 Updated: July 3, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk <= 2.9.1 - Unauthenticated Arbitrary File Download Affected: *-2.9.1 Patched: 2.9.2 Updated: July 3, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk <= 2.9.2 - Unauthenticated Arbitrary File Deletion Affected: *-2.9.2 Patched: 2.9.3 Updated: July 3, 2026
LOW

jalbum-bridge

jalbum-bridge

Score: 93/100 jAlbum Bridge <= 2.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.17 Patched: 2.0.18 Updated: July 3, 2026
LOW

ip-locator

ip-locator

Score: 93/100 IP Locator <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.0 Patched: 4.2.0 Updated: July 3, 2026
LOW

integration-for-contact-form-7-and-google-sheets

integration-for-contact-form-7-and-google-sheets

Score: 93/100 Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.0.9 - Cross-Site Request Forgery Affected: *-1.0.9 Patched: 1.1.0 Updated: July 3, 2026
LOW

image-wall

image-wall

Score: 93/100 Image Wall <= 3.0 - Reflected Cross-Site Scripting Affected: *-3.0 Patched: 3.1 Updated: July 3, 2026
LOW

ideal-wp-login-logo-changer

ideal-wp-login-logo-changer

Score: 93/100 Custom Login Logo <= 1.1.7 - Cross-Site Request Forgery Affected: *-1.1.7 Patched: 1.1.8 Updated: July 3, 2026
LOW

hostel

hostel

Score: 93/100 Hostel <= 1.1.5 - Reflected Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.5.5 Updated: July 3, 2026
LOW

hm-cool-author-box-widget

hm-cool-author-box-widget

Score: 93/100 Cool Author Box <= 2.9.9 - Missing Authorization Affected: *-2.9.9 Patched: 3.0.0 Updated: July 3, 2026
LOW

hesabfa-accounting

hesabfa-accounting

Score: 89/100 Hesabfa Accounting <= 2.1.8 - Cross-Site Request Forgery Affected: *-2.1.8 Patched: 2.2.0 Updated: July 3, 2026
LOW

happy-elementor-addons

happy-elementor-addons

Score: 93/100 Happy Addons for Elementor <= 3.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.16.2 Patched: 3.16.3 Updated: July 3, 2026
LOW

h5pxapikatchu

h5pxapikatchu

Score: 93/100 SNORDIAN's H5PxAPIkatchu <= 0.4.14 - Missing Authorization Affected: *-0.4.14 Patched: 0.4.15 Updated: July 3, 2026
LOW

Gum Addon for Elementor

gum-elementor-addon

Score: 98/100 Gum Elementor Addon <= 1.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.10 Patched: 1.3.11 Updated: July 3, 2026
LOW

greenshift-animation-and-page-builder-blocks

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift <= 11.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-11.0.2 Patched: 11.1 Updated: July 3, 2026
LOW

google-font-fix

google-font-fix

Score: 91/100 Google Font Fix <= 2.3.1 - Reflected Cross-Site Scripting Affected: *-2.3.1 Patched: Updated: July 3, 2026
LOW

giveasap

giveasap

Score: 91/100 Simple Giveaways <= 2.48.1 - Authenticated (Contributor+) SQL Injection Affected: *-2.48.1 Patched: 2.48.2 Updated: July 3, 2026
LOW

gift-message-for-woocommerce

gift-message-for-woocommerce

Score: 93/100 Gift Message for WooCommerce <= 1.7.8 - Cross-Site Request Forgery Affected: *-1.7.8 Patched: 1.7.9 Updated: July 3, 2026
LOW

fw-integration-for-emailoctopus

fw-integration-for-emailoctopus

Score: 93/100 EO4WP <= 1.0.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.8.4 Patched: 1.0.8.5 Updated: July 3, 2026
LOW

fulltext-search

fulltext-search

Score: 93/100 WP Fast Total Search <= 1.79.262 - Missing Authorization Affected: *-1.79.262 Patched: 1.79.264 Updated: July 3, 2026
LOW

float-menu

float-menu

Score: 93/100 Float menu <= 6.1.2 - Cross-Site Request Forgery to Settings Update Affected: *-6.1.2 Patched: 6.1.3 Updated: July 3, 2026
LOW

flickr-set-slideshows

flickr-set-slideshows

Score: 89/100 Flickr set slideshows <= 0.9 - Authenticated (Subscriber+) SQL Injection Affected: *-0.9 Patched: Updated: July 3, 2026
LOW

flexible-cookies

flexible-cookies

Score: 93/100 Flexible Cookies <= 1.1.8 - Cross-Site Request Forgery Affected: *-1.1.8 Patched: 1.1.9 Updated: July 3, 2026
LOW

fb-reviews-widget

fb-reviews-widget

Score: 93/100 Trust.Reviews <= 2.3 - Missing Authorization Affected: *-2.3 Patched: 2.4 Updated: July 3, 2026
LOW

exchange-rates

exchange-rates

Score: 93/100 Exchange Rates <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: 1.2.3 Updated: July 3, 2026
LOW

Event Tickets and Registration

event-tickets

Score: 86/100 Event Tickets <= 5.20.0 - Reflected Cross-Site Scripting Affected: *-5.20.0 Patched: 5.20.1 Updated: July 3, 2026
LOW

essential-real-estate

essential-real-estate

Score: 87/100 Essential Real Estate <= 5.2.0 - Unauthenticated Local File Inclusion Affected: *-5.2.0 Patched: 5.2.1 Updated: July 3, 2026
LOW

erp

erp

Score: 93/100 WP ERP <= 1.13.4 - Missing Authorization Affected: *-1.13.4 Patched: 1.14.0 Updated: July 3, 2026
LOW

enhanced-e-commerce-for-woocommerce-store

enhanced-e-commerce-for-woocommerce-store

Score: 93/100 Conversios.io <= 7.2.3 - Missing Authorization Affected: *-7.2.3 Patched: 7.2.4 Updated: July 3, 2026
LOW

elisqlreports

elisqlreports

Score: 93/100 EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.08 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-5.25.08 Patched: 5.25.10 Updated: July 3, 2026
LOW

elisqlreports

elisqlreports

Score: 93/100 EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.08 - Cross-Site Request Forgery Affected: *-5.25.08 Patched: 5.25.10 Updated: July 3, 2026
LOW

ecab-taxi-booking-manager

ecab-taxi-booking-manager

Score: 93/100 Taxi Booking Manager for WooCommerce <= 1.2.1 - Missing Authorization Affected: *-1.2.1 Patched: 1.2.2 Updated: July 3, 2026
LOW

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

Score: 93/100 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion Affected: *-1.3.8.7 Patched: 1.3.8.8 Updated: July 3, 2026
LOW

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

Score: 93/100 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion Affected: *-1.3.8.8 Patched: 1.3.8.9 Updated: July 3, 2026
LOW

dr-flex

dr-flex

Score: 93/100 Dr. Flex <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.0.1 Updated: July 3, 2026
LOW

doneren-met-mollie

doneren-met-mollie

Score: 93/100 Doneren met Mollie <= 2.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.10.7 Patched: 2.10.8 Updated: July 3, 2026
LOW

custom-fields-account-registration-for-woocommerce

custom-fields-account-registration-for-woocommerce

Score: 93/100 Custom Fields Account Registration For Woocommerce <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: 1.2 Updated: July 3, 2026
LOW

custom-field-for-wp-job-manager

custom-field-for-wp-job-manager

Score: 93/100 Custom Field For WP Job Manager <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: 1.5 Updated: July 3, 2026
LOW

currency-switcher-for-woocommerce

currency-switcher-for-woocommerce

Score: 93/100 Currency Switcher for WooCommerce <= 0.0.7 - Cross-Site Request Forgery Affected: *-0.0.7 Patched: 0.0.8 Updated: July 3, 2026
LOW

cozy-addons

cozy-addons

Score: 93/100 Cozy Blocks <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: July 3, 2026
LOW

comment-approved-notifier-extended

comment-approved-notifier-extended

Score: 93/100 Comment Approved Notifier Extended <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.2 Patched: 5.3 Updated: July 3, 2026
LOW

codeflavors-vimeo-video-post-lite

codeflavors-vimeo-video-post-lite

Score: 93/100 Vimeotheque <= 2.3.4.2 - Authenticated (Contributor+) SQL Injection Affected: *-2.3.4.2 Patched: 2.3.4.3 Updated: July 3, 2026
LOW

cm-download-manager

cm-download-manager

Score: 93/100 CM Download Manager <= 2.9.6 - Unauthenticated Arbitrary File Deletion Affected: *-2.9.6 Patched: 3.0.0 Updated: July 3, 2026
LOW

clearout-email-validator

clearout-email-validator

Score: 93/100 Clearout Email Validator <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.0 Patched: 3.2.1 Updated: July 3, 2026
LOW

christmas-panda

christmas-panda

Score: 93/100 Christmas Panda <= 1.0.4 - Cross-Site Request Forgery Affected: *-1.0.4 Patched: 1.1.0 Updated: July 3, 2026
LOW

chart-builder

chart-builder

Score: 93/100 Chartify <= 3.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.7 Patched: 3.1.9 Updated: July 3, 2026
LOW

cart-tracking-for-woocommerce

cart-tracking-for-woocommerce

Score: 93/100 Cart tracking for WooCommerce <= 1.0.16 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.16 Patched: 1.0.17 Updated: July 3, 2026
LOW

breezing-forms

breezing-forms

Score: 91/100 Breezing Forms <= 1.2.8.11 - Reflected Cross-Site Scripting Affected: *-1.2.8.11 Patched: Updated: July 3, 2026
LOW

bizcalendar-web

bizcalendar-web

Score: 93/100 bizcalendar-web <= 1.1.0.34 - Authenticated (Administrator+) SQL Injection Affected: *-1.1.0.34 Patched: 1.1.0.35 Updated: July 3, 2026
LOW

bit-integrations

bit-integrations

Score: 93/100 Bit Integrations <= 2.4.10 - Open Redirect Affected: *-2.4.10 Patched: 2.5.0 Updated: July 3, 2026
LOW

bit-form

bit-form

Score: 93/100 Bit Form – Contact Form Plugin <= 2.18.0 - Open Redirect Affected: *-2.18.0 Patched: 2.18.1 Updated: July 3, 2026

Showing 10901 to 11000 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 00:06 UTC.