Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

93

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
better-wlm-api better-wlm-api
93
Better WishList API <= 1.1.4 - Reflected Cross-Site Scripting LOW *-1.1.4 1.1.5 July 3, 2026
audio-album audio-album
93
Audio Album <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.0 1.5.1 July 3, 2026
anthologize anthologize
95
Anthologize <= 0.8.2 - Cross-Site Request Forgery LOW *-0.8.2 0.8.3 July 3, 2026
Booking for Appointments and Events Calendar – Amelia ameliabooking
97
Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure LOW *-1.2.19 1.2.20 July 3, 2026
ali2woo-lite ali2woo-lite
97
AliNext <= 3.5.1 - Open Redirect LOW *-3.5.1 3.5.4 July 3, 2026
aec-kiosque aec-kiosque
97
AEC Kiosque <= 1.9.3 - Reflected Cross-Site Scripting LOW *-1.9.3 1.9.4 July 3, 2026
advanced-post-search advanced-post-search
95
Advanced Post Search <= 1.1.0 - Reflected Cross-Site Scripting LOW *-1.1.0 July 3, 2026
administrator-z administrator-z
95
Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-2025.03.24 2025.03.27 July 3, 2026
accounting-for-woocommerce accounting-for-woocommerce
97
Accounting for WooCommerce <= 1.6.8 - Unauthenticated Local File Inclusion LOW *-1.6.8 1.6.9 July 3, 2026
about-author about-author
97
About Author <= 1.6.2 - Reflected Cross-Site Scripting LOW *-1.6.2 1.6.3 July 3, 2026
3dprint-lite 3dprint-lite
97
3DPrint Lite <= 2.1.3.5 - Cross-Site Request Forgery LOW *-2.1.3.5 2.1.3.6 July 3, 2026
mediaview mediaview
93
MediaView <= 1.1.2 - Reflected Cross-Site Scripting via id Parameter LOW *-1.1.2 1.1.3 July 3, 2026
wp-ultimate-exporter wp-ultimate-exporter N/A Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection LOW *-2.13 2.14 July 3, 2026
wp-cassify wp-cassify N/A WP Cassify <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.5 2.3.6 July 3, 2026
wip-woocarousel-lite wip-woocarousel-lite N/A WIP WooCarousel Lite <= 1.1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.7 1.1.8 July 3, 2026
TablePress – Tables in WordPress made easy tablepress
86
TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-3.0.4 3.1 July 3, 2026
stock-sync-with-google-sheet-for-woocommerce stock-sync-with-google-sheet-for-woocommerce N/A FlexStock <= 3.13.1 - Authenticated (Administrator+) SQL Injection LOW *-3.13.1 3.13.2 July 3, 2026
postmash-custom postmash-custom N/A postMash Custom – custom post order <= 1.0.3 - Unauthenticated SQL Injection LOW *-1.0.3 July 3, 2026
pdf-for-wpforms pdf-for-wpforms N/A PDF for WPForms <= 5.3.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution LOW *-5.3.0 5.3.1 July 3, 2026
jalbum-bridge jalbum-bridge
93
jAlbum Bridge <= 2.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.18 2.0.19 July 3, 2026
form-maker form-maker
93
Form Maker by 10Web <= 1.15.31 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.15.31 1.15.32 July 3, 2026
football-pool football-pool
93
Football Pool <= 2.12.2 - Cross-Site Request Forgery to Settings Update LOW *-2.12.2 2.12.3 July 3, 2026
charitable charitable
93
Charitable <= 1.8.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.4.7 1.8.4.8 July 3, 2026
product-import-export-for-woo product-import-export-for-woo N/A Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter LOW *-2.5.0 2.5.1 July 3, 2026
product-import-export-for-woo product-import-export-for-woo N/A Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function LOW *-2.5.0 2.5.1 July 3, 2026
product-import-export-for-woo product-import-export-for-woo N/A Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function LOW *-2.5.0 2.5.1 July 3, 2026
product-import-export-for-woo product-import-export-for-woo N/A Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function LOW *-2.5.0 2.5.1 July 3, 2026
zapier zapier N/A Zapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function LOW *-1.5.1 1.5.2 July 3, 2026
WP Compress – Instant Performance & Speed Optimization wp-compress-image-optimizer
61
WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions LOW *-6.30.15 6.30.16 July 3, 2026
advanced-iframe advanced-iframe
97
Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header LOW *-2024.5 2025.0 July 3, 2026
ultimate-blocks ultimate-blocks N/A Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter LOW *-3.2.7 3.2.8 July 3, 2026
event-post event-post
91
Event post <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.9.9 5.9.10 July 3, 2026
crm-customer-relationship-management-by-vcita crm-customer-relationship-management-by-vcita
93
CRM and Lead Management by vcita <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.4 2.7.5 July 3, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.19.0 2.19.1 July 3, 2026
ayyash-studio ayyash-studio
91
Ayyash Studio <= 1.0.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-1.0.3 July 3, 2026
amazing-service-box-visual-composer-addons amazing-service-box-visual-composer-addons
95
Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-2.0.0 July 3, 2026
smart-maintenance-mode smart-maintenance-mode N/A Smart Maintenance Mode <= 1.5.2 - Reflected Cross-Site Scripting via setstatus Parameter LOW *-1.5.2 1.5.3 July 3, 2026
sh-email-alert sh-email-alert N/A SH Email Alert <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
ultimate-dashboard ultimate-dashboard N/A Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation LOW *-3.8.7 3.8.8 July 3, 2026
advanced-woo-search advanced-woo-search
97
Advanced Woo Search <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode LOW *-3.28 3.29 July 3, 2026
wp-ultimate-csv-importer wp-ultimate-csv-importer N/A Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-7.19, 7.20 7.19.1 July 3, 2026
WordPress Importer wordpress-importer
91
WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection LOW *-0.8.3 0.8.4 July 3, 2026
ultimate-blocks ultimate-blocks N/A Ultimate Blocks – WordPress Blocks Plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.7 3.2.8 July 3, 2026
simple-social-buttons simple-social-buttons N/A Simple Social Media Share Buttons <= 5.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.4.0 6.0.0 July 3, 2026
Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates responsive-addons-for-elementor N/A Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 - Authenticated (Contributor+) Sensitive Information Exposure LOW *-1.6.8 1.6.9 July 3, 2026
quick-interest-slider quick-interest-slider N/A Quick Interest Slider <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.5 3.1.6 July 3, 2026
profit-products-tables-for-woocommerce profit-products-tables-for-woocommerce N/A Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call LOW *-1.0.6.7 1.0.6.8 July 3, 2026
newsletters-lite newsletters-lite
93
Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting LOW *-4.9.9.7 4.9.9.8 July 3, 2026
navigation-tree-elementor navigation-tree-elementor
91
Navigation Tree Elementor <= 1.0.1 - Authenticated (Subscriber+) SQL Injection LOW *-1.0.1 July 3, 2026
job-postings job-postings
91
Jobs for WordPress <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read LOW *-2.7.11 2.7.12 July 3, 2026
feed-instagram-lite feed-instagram-lite
93
Gallery for Social Photo <= 1.0.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0.36 1.0.0.37 July 3, 2026
facebook-pagelike-widget facebook-pagelike-widget
93
Widget for Social Page Feeds <= 6.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-6.4.1 6.4.2 July 3, 2026
displayproduct displayproduct
91
Product Catalog – Catalog for WordPress <= 1.0.4 - Unauthenticated SQL Injection LOW *-1.0.4 July 3, 2026
bwl-advanced-faq-manager bwl-advanced-faq-manager
93
BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update LOW *-2.1.4 2.1.5 July 3, 2026
boldgrid-backup boldgrid-backup
93
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection LOW *-1.16.10 1.17.0 July 3, 2026
advanced-iframe advanced-iframe
97
Advanced iFrame <= 2025.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2025.2 2025.3 July 3, 2026
advanced-iframe advanced-iframe
97
Advanced iFrame <= 2024.5 - Unauthenticated Settings Update LOW *-2024.5 2025.0 July 3, 2026
WP Compress – Instant Performance & Speed Optimization wp-compress-image-optimizer
61
WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function LOW *-6.30.15 6.30.16 July 3, 2026
your-simple-svg-support your-simple-svg-support N/A Your Simple SVG Support <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-1.0.1 1.0.2 July 3, 2026
digital-license-manager digital-license-manager
93
Digital License Manager <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function LOW *-1.7.3 1.7.4 July 3, 2026
wp-church-donation wp-church-donation N/A WP Church Donation <= 1.7 - Unauthenticated Stored Cross-Site Scripting LOW *-1.7 July 3, 2026
alert-box-block alert-box-block
97
Alert Box Block – Display notice/alerts in the front end <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block LOW *-1.1.3 1.1.4 July 3, 2026
frndzk-expandable-bottom-bar frndzk-expandable-bottom-bar
91
Frndzk Expandable Bottom Bar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter LOW *-1.0 July 3, 2026
elisqlreports elisqlreports
93
EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution LOW 4.11.13-5.25.08 5.25.10 July 3, 2026
estatebud-properties-listings estatebud-properties-listings
89
Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Settings Update LOW *-5.5.0 July 3, 2026
teachpress teachpress N/A teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete LOW *-9.0.9 9.0.10 July 3, 2026
yummly-rich-recipes yummly-rich-recipes N/A Yummly Rich Recipes <= 4.2 - Cross-Site Request Forgery LOW *-4.2 July 3, 2026
wpeventticketing wpeventticketing N/A WP Event Ticketing <= 1.3.4 - Reflected Cross-Site Scripting LOW *-1.3.4 July 3, 2026
wp2wb wp2wb N/A WordPres 同步微博 <= 1.1.0 - Cross-Site Request Forgery LOW *-1.1.0 July 3, 2026
wp-social-widget wp-social-widget N/A WP Social Widget <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.6 2.2.7 July 3, 2026
wp-ride-booking wp-ride-booking N/A WP Ride Booking <= 2.4 - Cross-Site Request Forgery LOW *-2.4 July 3, 2026
wp-profitshare wp-profitshare N/A WP Profitshare <= 1.4.9 - Authenticated (Editor+) SQL Injection LOW *-1.4.9 July 3, 2026
wp-parallax-content-slider wp-parallax-content-slider N/A WP Parallax Content Slider <= 0.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.9.8 July 3, 2026
wp-odoo-form-integrator wp-odoo-form-integrator N/A WP Odoo Form Integrator <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.0 July 3, 2026
wp-multi-store-locator wp-multi-store-locator N/A WP Multistore Locator <= 2.5.2 - Unauthenticated SQL Injection LOW *-2.5.2 July 3, 2026
wp-hotjar wp-hotjar N/A WP Hotjar <= 0.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.0.3 July 3, 2026
wp-featured-entries wp-featured-entries N/A WP Featured Entries <= 1.0 - Authenticated (Contributor+) SQL Injection LOW *-1.0 July 3, 2026
wp-e-commerce-style-email wp-e-commerce-style-email N/A WP e-Commerce Style Email <= 0.6.2 - Cross-Site Request Forgery to Remote Code Execution LOW *-0.6.2 July 3, 2026
wp-colorful-tag-cloud wp-colorful-tag-cloud N/A WP Colorful Tag Cloud <= 2.0.1 - Reflected Cross-Site Scripting LOW *-2.0.1 July 3, 2026
wordpress-sql-backup wordpress-sql-backup N/A WordPress SQL Backup <= 3.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.5.2 July 3, 2026
wordpress-admin-bar-improved wordpress-admin-bar-improved N/A WordPress Admin Bar Improved <= 3.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.3.5 July 3, 2026
web-directory-free web-directory-free N/A Web Directory Free <= 1.7.6 - Unauthenticated SQL Injection LOW *-1.7.6 1.7.7 July 3, 2026
weather-layer weather-layer N/A Weather Layer <= 4.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.2.1 July 3, 2026
wa11y wa11y N/A wA11y – The Web Accessibility Toolbox <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.3 July 3, 2026
visual-text-editor visual-text-editor N/A Visual Text Editor <= 1.2.1 - Authenticated (Contributor+) Remote Code Execution LOW *-1.2.1 July 3, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder user-registration N/A User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation LOW *-4.1.1 4.1.2 July 3, 2026
upload-quota-per-user upload-quota-per-user N/A Upload Quota per User <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.3 July 3, 2026
ultimate-bar ultimate-bar N/A Top Bar <= 3.3 - Missing Authorization LOW *-3.3 July 3, 2026
typekit typekit N/A Typekit plugin for WordPress <= 1.2.3 - Cross-Site Request Forgery LOW *-1.2.3 July 3, 2026
translator translator N/A Translator <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.3 July 3, 2026
teleport teleport N/A Teleport <= 1.2.4 - Reflected Cross-Site Scripting LOW *-1.2.4 July 3, 2026
super-static-cache super-static-cache N/A Super Static Cache <= 3.3.5 - Cross-Site Request Forgery LOW *-3.3.5 July 3, 2026
super-simple-subscriptions super-simple-subscriptions N/A Super Simple Subscriptions <= 1.1.0 - Authenticated (Administrator+) SQL Injection LOW *-1.1.0 July 3, 2026
stedb-forms stedb-forms N/A STEdb Forms <= 1.0.4 - Authenticated (Administrator+) SQL Injection LOW *-1.0.4 July 3, 2026
speakpipe-voicemail-for-websites speakpipe-voicemail-for-websites N/A SpeakPipe <= 0.2 - Cross-Site Request Forgery LOW *-0.2 July 3, 2026
sourceplay-navermap sourceplay-navermap N/A sourceplay-navermap <= 0.0.2 - Missing Authorization LOW *-0.0.2 July 3, 2026
soundcloud-ultimate soundcloud-ultimate N/A SoundCloud Ultimate <= 1.5 - Cross-Site Request Forgery LOW *-1.5 July 3, 2026
simple-rating simple-rating N/A Simple Rating <= 1.4 - Cross-Site Request Forgery LOW *-1.4 July 3, 2026
simple-optimizer simple-optimizer N/A Simple Optimizer <= 1.2.7 - Cross-Site Request Forgery LOW *-1.2.7 July 3, 2026
shuffle shuffle N/A Shuffle <= 0.5 - Authenticated (Subscriber+) SQL Injection LOW *-0.5 July 3, 2026
LOW

better-wlm-api

better-wlm-api

Score: 93/100 Better WishList API <= 1.1.4 - Reflected Cross-Site Scripting Affected: *-1.1.4 Patched: 1.1.5 Updated: July 3, 2026
LOW

audio-album

audio-album

Score: 93/100 Audio Album <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.0 Patched: 1.5.1 Updated: July 3, 2026
LOW

anthologize

anthologize

Score: 95/100 Anthologize <= 0.8.2 - Cross-Site Request Forgery Affected: *-0.8.2 Patched: 0.8.3 Updated: July 3, 2026
LOW

ali2woo-lite

ali2woo-lite

Score: 97/100 AliNext <= 3.5.1 - Open Redirect Affected: *-3.5.1 Patched: 3.5.4 Updated: July 3, 2026
LOW

aec-kiosque

aec-kiosque

Score: 97/100 AEC Kiosque <= 1.9.3 - Reflected Cross-Site Scripting Affected: *-1.9.3 Patched: 1.9.4 Updated: July 3, 2026
LOW

advanced-post-search

advanced-post-search

Score: 95/100 Advanced Post Search <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 3, 2026
LOW

administrator-z

administrator-z

Score: 95/100 Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-2025.03.24 Patched: 2025.03.27 Updated: July 3, 2026
LOW

accounting-for-woocommerce

accounting-for-woocommerce

Score: 97/100 Accounting for WooCommerce <= 1.6.8 - Unauthenticated Local File Inclusion Affected: *-1.6.8 Patched: 1.6.9 Updated: July 3, 2026
LOW

about-author

about-author

Score: 97/100 About Author <= 1.6.2 - Reflected Cross-Site Scripting Affected: *-1.6.2 Patched: 1.6.3 Updated: July 3, 2026
LOW

3dprint-lite

3dprint-lite

Score: 97/100 3DPrint Lite <= 2.1.3.5 - Cross-Site Request Forgery Affected: *-2.1.3.5 Patched: 2.1.3.6 Updated: July 3, 2026
LOW

mediaview

mediaview

Score: 93/100 MediaView <= 1.1.2 - Reflected Cross-Site Scripting via id Parameter Affected: *-1.1.2 Patched: 1.1.3 Updated: July 3, 2026
LOW

wp-ultimate-exporter

wp-ultimate-exporter

Score: N/A Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection Affected: *-2.13 Patched: 2.14 Updated: July 3, 2026
LOW

wp-cassify

wp-cassify

Score: N/A WP Cassify <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.5 Patched: 2.3.6 Updated: July 3, 2026
LOW

wip-woocarousel-lite

wip-woocarousel-lite

Score: N/A WIP WooCarousel Lite <= 1.1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.7 Patched: 1.1.8 Updated: July 3, 2026
LOW

TablePress – Tables in WordPress made easy

tablepress

Score: 86/100 TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.0.4 Patched: 3.1 Updated: July 3, 2026
LOW

stock-sync-with-google-sheet-for-woocommerce

stock-sync-with-google-sheet-for-woocommerce

Score: N/A FlexStock <= 3.13.1 - Authenticated (Administrator+) SQL Injection Affected: *-3.13.1 Patched: 3.13.2 Updated: July 3, 2026
LOW

postmash-custom

postmash-custom

Score: N/A postMash Custom – custom post order <= 1.0.3 - Unauthenticated SQL Injection Affected: *-1.0.3 Patched: Updated: July 3, 2026
LOW

pdf-for-wpforms

pdf-for-wpforms

Score: N/A PDF for WPForms <= 5.3.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-5.3.0 Patched: 5.3.1 Updated: July 3, 2026
LOW

jalbum-bridge

jalbum-bridge

Score: 93/100 jAlbum Bridge <= 2.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.18 Patched: 2.0.19 Updated: July 3, 2026
LOW

form-maker

form-maker

Score: 93/100 Form Maker by 10Web <= 1.15.31 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.15.31 Patched: 1.15.32 Updated: July 3, 2026
LOW

football-pool

football-pool

Score: 93/100 Football Pool <= 2.12.2 - Cross-Site Request Forgery to Settings Update Affected: *-2.12.2 Patched: 2.12.3 Updated: July 3, 2026
LOW

charitable

charitable

Score: 93/100 Charitable <= 1.8.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.4.7 Patched: 1.8.4.8 Updated: July 3, 2026
LOW

product-import-export-for-woo

product-import-export-for-woo

Score: N/A Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter Affected: *-2.5.0 Patched: 2.5.1 Updated: July 3, 2026
LOW

product-import-export-for-woo

product-import-export-for-woo

Score: N/A Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function Affected: *-2.5.0 Patched: 2.5.1 Updated: July 3, 2026
LOW

product-import-export-for-woo

product-import-export-for-woo

Score: N/A Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function Affected: *-2.5.0 Patched: 2.5.1 Updated: July 3, 2026
LOW

product-import-export-for-woo

product-import-export-for-woo

Score: N/A Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function Affected: *-2.5.0 Patched: 2.5.1 Updated: July 3, 2026
LOW

zapier

zapier

Score: N/A Zapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function Affected: *-1.5.1 Patched: 1.5.2 Updated: July 3, 2026
LOW

advanced-iframe

advanced-iframe

Score: 97/100 Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header Affected: *-2024.5 Patched: 2025.0 Updated: July 3, 2026
LOW

ultimate-blocks

ultimate-blocks

Score: N/A Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter Affected: *-3.2.7 Patched: 3.2.8 Updated: July 3, 2026
LOW

event-post

event-post

Score: 91/100 Event post <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.9.9 Patched: 5.9.10 Updated: July 3, 2026
LOW

crm-customer-relationship-management-by-vcita

crm-customer-relationship-management-by-vcita

Score: 93/100 CRM and Lead Management by vcita <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.4 Patched: 2.7.5 Updated: July 3, 2026
LOW

ayyash-studio

ayyash-studio

Score: 91/100 Ayyash Studio <= 1.0.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.0.3 Patched: Updated: July 3, 2026
LOW

amazing-service-box-visual-composer-addons

amazing-service-box-visual-composer-addons

Score: 95/100 Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-2.0.0 Patched: Updated: July 3, 2026
LOW

smart-maintenance-mode

smart-maintenance-mode

Score: N/A Smart Maintenance Mode <= 1.5.2 - Reflected Cross-Site Scripting via setstatus Parameter Affected: *-1.5.2 Patched: 1.5.3 Updated: July 3, 2026
LOW

sh-email-alert

sh-email-alert

Score: N/A SH Email Alert <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

ultimate-dashboard

ultimate-dashboard

Score: N/A Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation Affected: *-3.8.7 Patched: 3.8.8 Updated: July 3, 2026
LOW

advanced-woo-search

advanced-woo-search

Score: 97/100 Advanced Woo Search <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode Affected: *-3.28 Patched: 3.29 Updated: July 3, 2026
LOW

wp-ultimate-csv-importer

wp-ultimate-csv-importer

Score: N/A Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-7.19, 7.20 Patched: 7.19.1 Updated: July 3, 2026
LOW

WordPress Importer

wordpress-importer

Score: 91/100 WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection Affected: *-0.8.3 Patched: 0.8.4 Updated: July 3, 2026
LOW

ultimate-blocks

ultimate-blocks

Score: N/A Ultimate Blocks – WordPress Blocks Plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.7 Patched: 3.2.8 Updated: July 3, 2026
LOW

simple-social-buttons

simple-social-buttons

Score: N/A Simple Social Media Share Buttons <= 5.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.4.0 Patched: 6.0.0 Updated: July 3, 2026
LOW

quick-interest-slider

quick-interest-slider

Score: N/A Quick Interest Slider <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.5 Patched: 3.1.6 Updated: July 3, 2026
LOW

profit-products-tables-for-woocommerce

profit-products-tables-for-woocommerce

Score: N/A Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call Affected: *-1.0.6.7 Patched: 1.0.6.8 Updated: July 3, 2026
LOW

newsletters-lite

newsletters-lite

Score: 93/100 Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.9.9.7 Patched: 4.9.9.8 Updated: July 3, 2026
LOW

navigation-tree-elementor

navigation-tree-elementor

Score: 91/100 Navigation Tree Elementor <= 1.0.1 - Authenticated (Subscriber+) SQL Injection Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

job-postings

job-postings

Score: 91/100 Jobs for WordPress <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read Affected: *-2.7.11 Patched: 2.7.12 Updated: July 3, 2026
LOW

feed-instagram-lite

feed-instagram-lite

Score: 93/100 Gallery for Social Photo <= 1.0.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0.36 Patched: 1.0.0.37 Updated: July 3, 2026
LOW

facebook-pagelike-widget

facebook-pagelike-widget

Score: 93/100 Widget for Social Page Feeds <= 6.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.4.1 Patched: 6.4.2 Updated: July 3, 2026
LOW

displayproduct

displayproduct

Score: 91/100 Product Catalog – Catalog for WordPress <= 1.0.4 - Unauthenticated SQL Injection Affected: *-1.0.4 Patched: Updated: July 3, 2026
LOW

bwl-advanced-faq-manager

bwl-advanced-faq-manager

Score: 93/100 BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update Affected: *-2.1.4 Patched: 2.1.5 Updated: July 3, 2026
LOW

boldgrid-backup

boldgrid-backup

Score: 93/100 Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection Affected: *-1.16.10 Patched: 1.17.0 Updated: July 3, 2026
LOW

advanced-iframe

advanced-iframe

Score: 97/100 Advanced iFrame <= 2025.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2025.2 Patched: 2025.3 Updated: July 3, 2026
LOW

advanced-iframe

advanced-iframe

Score: 97/100 Advanced iFrame <= 2024.5 - Unauthenticated Settings Update Affected: *-2024.5 Patched: 2025.0 Updated: July 3, 2026
LOW

your-simple-svg-support

your-simple-svg-support

Score: N/A Your Simple SVG Support <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.0.1 Patched: 1.0.2 Updated: July 3, 2026
LOW

digital-license-manager

digital-license-manager

Score: 93/100 Digital License Manager <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function Affected: *-1.7.3 Patched: 1.7.4 Updated: July 3, 2026
LOW

wp-church-donation

wp-church-donation

Score: N/A WP Church Donation <= 1.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 3, 2026
LOW

alert-box-block

alert-box-block

Score: 97/100 Alert Box Block – Display notice/alerts in the front end <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block Affected: *-1.1.3 Patched: 1.1.4 Updated: July 3, 2026
LOW

frndzk-expandable-bottom-bar

frndzk-expandable-bottom-bar

Score: 91/100 Frndzk Expandable Bottom Bar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

elisqlreports

elisqlreports

Score: 93/100 EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution Affected: 4.11.13-5.25.08 Patched: 5.25.10 Updated: July 3, 2026
LOW

estatebud-properties-listings

estatebud-properties-listings

Score: 89/100 Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Settings Update Affected: *-5.5.0 Patched: Updated: July 3, 2026
LOW

teachpress

teachpress

Score: N/A teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete Affected: *-9.0.9 Patched: 9.0.10 Updated: July 3, 2026
LOW

yummly-rich-recipes

yummly-rich-recipes

Score: N/A Yummly Rich Recipes <= 4.2 - Cross-Site Request Forgery Affected: *-4.2 Patched: Updated: July 3, 2026
LOW

wpeventticketing

wpeventticketing

Score: N/A WP Event Ticketing <= 1.3.4 - Reflected Cross-Site Scripting Affected: *-1.3.4 Patched: Updated: July 3, 2026
LOW

wp2wb

wp2wb

Score: N/A WordPres 同步微博 <= 1.1.0 - Cross-Site Request Forgery Affected: *-1.1.0 Patched: Updated: July 3, 2026
LOW

wp-social-widget

wp-social-widget

Score: N/A WP Social Widget <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.6 Patched: 2.2.7 Updated: July 3, 2026
LOW

wp-ride-booking

wp-ride-booking

Score: N/A WP Ride Booking <= 2.4 - Cross-Site Request Forgery Affected: *-2.4 Patched: Updated: July 3, 2026
LOW

wp-profitshare

wp-profitshare

Score: N/A WP Profitshare <= 1.4.9 - Authenticated (Editor+) SQL Injection Affected: *-1.4.9 Patched: Updated: July 3, 2026
LOW

wp-parallax-content-slider

wp-parallax-content-slider

Score: N/A WP Parallax Content Slider <= 0.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.9.8 Patched: Updated: July 3, 2026
LOW

wp-odoo-form-integrator

wp-odoo-form-integrator

Score: N/A WP Odoo Form Integrator <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 3, 2026
LOW

wp-multi-store-locator

wp-multi-store-locator

Score: N/A WP Multistore Locator <= 2.5.2 - Unauthenticated SQL Injection Affected: *-2.5.2 Patched: Updated: July 3, 2026
LOW

wp-hotjar

wp-hotjar

Score: N/A WP Hotjar <= 0.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.0.3 Patched: Updated: July 3, 2026
LOW

wp-featured-entries

wp-featured-entries

Score: N/A WP Featured Entries <= 1.0 - Authenticated (Contributor+) SQL Injection Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

wp-e-commerce-style-email

wp-e-commerce-style-email

Score: N/A WP e-Commerce Style Email <= 0.6.2 - Cross-Site Request Forgery to Remote Code Execution Affected: *-0.6.2 Patched: Updated: July 3, 2026
LOW

wp-colorful-tag-cloud

wp-colorful-tag-cloud

Score: N/A WP Colorful Tag Cloud <= 2.0.1 - Reflected Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 3, 2026
LOW

wordpress-sql-backup

wordpress-sql-backup

Score: N/A WordPress SQL Backup <= 3.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.5.2 Patched: Updated: July 3, 2026
LOW

wordpress-admin-bar-improved

wordpress-admin-bar-improved

Score: N/A WordPress Admin Bar Improved <= 3.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.3.5 Patched: Updated: July 3, 2026
LOW

web-directory-free

web-directory-free

Score: N/A Web Directory Free <= 1.7.6 - Unauthenticated SQL Injection Affected: *-1.7.6 Patched: 1.7.7 Updated: July 3, 2026
LOW

weather-layer

weather-layer

Score: N/A Weather Layer <= 4.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.2.1 Patched: Updated: July 3, 2026
LOW

wa11y

wa11y

Score: N/A wA11y – The Web Accessibility Toolbox <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 3, 2026
LOW

visual-text-editor

visual-text-editor

Score: N/A Visual Text Editor <= 1.2.1 - Authenticated (Contributor+) Remote Code Execution Affected: *-1.2.1 Patched: Updated: July 3, 2026
LOW

upload-quota-per-user

upload-quota-per-user

Score: N/A Upload Quota per User <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

ultimate-bar

ultimate-bar

Score: N/A Top Bar <= 3.3 - Missing Authorization Affected: *-3.3 Patched: Updated: July 3, 2026
LOW

typekit

typekit

Score: N/A Typekit plugin for WordPress <= 1.2.3 - Cross-Site Request Forgery Affected: *-1.2.3 Patched: Updated: July 3, 2026
LOW

translator

translator

Score: N/A Translator <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.3 Patched: Updated: July 3, 2026
LOW

teleport

teleport

Score: N/A Teleport <= 1.2.4 - Reflected Cross-Site Scripting Affected: *-1.2.4 Patched: Updated: July 3, 2026
LOW

super-static-cache

super-static-cache

Score: N/A Super Static Cache <= 3.3.5 - Cross-Site Request Forgery Affected: *-3.3.5 Patched: Updated: July 3, 2026
LOW

super-simple-subscriptions

super-simple-subscriptions

Score: N/A Super Simple Subscriptions <= 1.1.0 - Authenticated (Administrator+) SQL Injection Affected: *-1.1.0 Patched: Updated: July 3, 2026
LOW

stedb-forms

stedb-forms

Score: N/A STEdb Forms <= 1.0.4 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.4 Patched: Updated: July 3, 2026
LOW

speakpipe-voicemail-for-websites

speakpipe-voicemail-for-websites

Score: N/A SpeakPipe <= 0.2 - Cross-Site Request Forgery Affected: *-0.2 Patched: Updated: July 3, 2026
LOW

sourceplay-navermap

sourceplay-navermap

Score: N/A sourceplay-navermap <= 0.0.2 - Missing Authorization Affected: *-0.0.2 Patched: Updated: July 3, 2026
LOW

soundcloud-ultimate

soundcloud-ultimate

Score: N/A SoundCloud Ultimate <= 1.5 - Cross-Site Request Forgery Affected: *-1.5 Patched: Updated: July 3, 2026
LOW

simple-rating

simple-rating

Score: N/A Simple Rating <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: July 3, 2026
LOW

simple-optimizer

simple-optimizer

Score: N/A Simple Optimizer <= 1.2.7 - Cross-Site Request Forgery Affected: *-1.2.7 Patched: Updated: July 3, 2026
LOW

shuffle

shuffle

Score: N/A Shuffle <= 0.5 - Authenticated (Subscriber+) SQL Injection Affected: *-0.5 Patched: Updated: July 3, 2026

Showing 11001 to 11100 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 01:21 UTC.