Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
rewrite rewrite N/A Rewrite <= 0.2.1 - Cross-Site Request Forgery LOW *-0.2.1 July 3, 2026
replace-default-words replace-default-words N/A Replace Default Words <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 3, 2026
related-posts-via-categories related-posts-via-categories N/A Related Posts via Categories <= 2.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1.2 July 3, 2026
proranktracker proranktracker N/A Pro Rank Tracker <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 3, 2026
pretty-file-links pretty-file-links N/A Pretty file links <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.9 July 3, 2026
powerpress powerpress N/A PowerPress Podcasting <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-11.9.17 11.9.18 July 3, 2026
oss-upload oss-upload
91
OSS Upload <= 4.8.9 - Cross-Site Request Forgery LOW *-4.8.9 July 3, 2026
omnify-widget omnify-widget
91
Omnify <= 2.0.3 - Reflected Cross-Site Scripting LOW *-2.0.3 July 3, 2026
odihost-easy-redirect-301 odihost-easy-redirect-301
91
Easy 301 Redirects <= 1.33 - Cross-Site Request Forgery LOW *-1.33 July 3, 2026
nextgen-gallery-voting nextgen-gallery-voting
91
NextGEN Gallery Voting <= 2.7.6 - Reflected Cross-Site Scripting LOW *-2.7.6 July 3, 2026
my-default-post-content my-default-post-content
91
My Default Post Content <= 0.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.7.3 July 3, 2026
my-bootstrap-menu my-bootstrap-menu
91
My Bootstrap Menu <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.1 July 3, 2026
music-press-pro music-press-pro
89
Music Press Pro <= 1.4.6 - Missing Authorization LOW *-1.4.6 July 3, 2026
mobile-navigation mobile-navigation
91
Mobile Navigation <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.5 July 3, 2026
message-ticker message-ticker
91
Message ticker <= 9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-9.3 July 3, 2026
map-contact map-contact
91
Map Contact <= 3.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.0.4 July 3, 2026
login-redirect login-redirect
91
Login Redirect <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.5 July 3, 2026
lightview-plus lightview-plus
91
Lightview Plus <= 3.1.3 - Reflected Cross-Site Scripting LOW *-3.1.3 July 3, 2026
lh-ogp-meta-tags lh-ogp-meta-tags
91
LH OGP Meta <= 1.73 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.73 July 3, 2026
key4ce-osticket-bridge key4ce-osticket-bridge
91
Key4ce osTicket Bridge <= 1.4.0 - Reflected Cross-Site Scripting LOW *-1.4.0 July 3, 2026
jquery-drop-down-menu-plugin jquery-drop-down-menu-plugin
91
jQuery Dropdown Menu <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.0 July 3, 2026
jiangqie-official-website-mini-program jiangqie-official-website-mini-program
91
JiangQie Official Website Mini Program <= 1.8.2 - Authenticated (Administrator+) SQL Injection LOW *-1.8.2 July 3, 2026
issuupress issuupress
91
issuuPress <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.3.2 July 3, 2026
info-boxes-shortcode-and-widget info-boxes-shortcode-and-widget
91
Info Boxes Shortcode and Widget <= 1.15 - Cross-Site Request Forgery LOW *-1.15 July 3, 2026
include-url include-url
89
Include URL <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.3.5 July 3, 2026
include-file include-file
89
include-file <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1 July 3, 2026
image-captcha image-captcha
91
Image Captcha <= 1.2 - Cross-Site Request Forgery LOW *-1.2 July 3, 2026
ig-shortcodes ig-shortcodes
91
IG Shortcodes <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1 July 3, 2026
hacklog-remote-image-autosave hacklog-remote-image-autosave
91
Hacklog Remote Image Autosave <= 2.1.0 - Cross-Site Request Forgery LOW *-2.1.0 July 3, 2026
gp-back-to-top gp-back-to-top
91
GP Back To Top <= 3.0 - Cross-Site Request Forgery LOW *-3.0 July 3, 2026
gmo-font-agent gmo-font-agent
91
GMO Font Agent <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6 July 3, 2026
generate-post-thumbnails generate-post-thumbnails
91
Generate Post Thumbnails <= 0.8 - Cross-Site Request Forgery LOW *-0.8 July 3, 2026
flipdish-ordering-system flipdish-ordering-system
91
Flipdish Ordering System <= 1.5.2 - Cross-Site Request Forgery to Settings Update LOW *-1.5.2 July 3, 2026
flickr-set-slideshows flickr-set-slideshows
89
Flickr set slideshows <= 0.9 - Authenticated (Contributor+) SQL Injection LOW *-0.9 July 3, 2026
fix-rss-feed fix-rss-feed
91
Fix Rss Feeds <= 3.1 - Cross-Site Request Forgery LOW *-3.1 July 3, 2026
fiverr-official-search-box fiverr-official-search-box
91
Fiverr.com Official Search Box <= 1.0.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.8 July 3, 2026
facebook-secret-meta facebook-secret-meta
91
Secret Meta <= 1.2.1 - Reflected Cross-Site Scripting LOW *-1.2.1 July 3, 2026
external-image-replace external-image-replace
89
External image replace <= 1.0.8 - Cross-Site Request Forgery to Settings Update LOW *-1.0.8 July 3, 2026
easy-page-transition easy-page-transition
91
Easy Page Transition <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.1 July 3, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure LOW *-3.3.6.1 3.3.7 July 3, 2026
dokme dokme
91
دکمه، شبکه اجتماعی خرید <= 2.0.6 - Authenticated (Administrator+) SQL Injection LOW *-2.0.6 July 3, 2026
directorist directorist
93
Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing LOW *-8.2 8.3 July 3, 2026
dicom-support dicom-support
93
DICOM Support <= 0.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.10.6 0.10.7 July 3, 2026
designthemes-core-features designthemes-core-features
89
DesignThemes Core Features <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.8 July 3, 2026
ddirections ddirections
91
Driving Directions <= 1.4.4 - Reflected Cross-Site Scripting LOW *-1.4.4 July 3, 2026
custom-script-integration custom-script-integration
91
Custom Script Integration <= 2.1 - Cross-Site Request Forgery LOW *-2.1 July 3, 2026
custom-product-stickers-for-woocommerce custom-product-stickers-for-woocommerce
91
Custom Product Stickers for Woocommerce <= 1.9.0 - Reflected Cross-Site Scripting LOW *-1.9.0 July 3, 2026
ctabs ctabs
91
cTabs <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 3, 2026
copy-menu copy-menu
91
Menu Duplicator <= 1.0 - Missing Authorization LOW *-1.0 July 3, 2026
copy-link copy-link
91
CopyLink <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 3, 2026
clink clink
91
Clink <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2 July 3, 2026
cf7-material-design cf7-material-design
91
Contact Form 7 Material Design <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 3, 2026
cazamba cazamba
91
Cazamba <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 3, 2026
cas-maestro cas-maestro
91
CAS Maestro <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.3 July 3, 2026
callphoner callphoner
91
CallPhone'r <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.1 July 3, 2026
cackle cackle
91
Cackle <= 4.33 - Cross-Site Request Forgery LOW *-4.33 July 3, 2026
browser-address-bar-color browser-address-bar-color
93
Browser Address Bar Color <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.3 3.4.0 July 3, 2026
bmo-expo bmo-expo
91
BMo Expo <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.15 July 3, 2026
blue-captcha blue-captcha
93
Blue Captcha <= 1.7.4 - Reflected Cross-Site Scripting LOW *-1.7.4 2.0.0 July 3, 2026
beautiful-link-preview beautiful-link-preview
91
Beautiful Link Preview <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.5.0 July 3, 2026
banner-manager banner-manager
91
banner-manager <= 16.04.19 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-16.04.19 July 3, 2026
awesome-logos awesome-logos
89
Awesome Logos <= 1.2 - Cross-Site Request Forgery to SQL Injection LOW *-1.2 July 3, 2026
avaibook avaibook
91
AvaiBook <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2 July 3, 2026
auto-load-next-post auto-load-next-post
91
Auto Load Next Post <= 1.5.14 - Cross-Site Request Forgery LOW *-1.5.14 July 3, 2026
arprice arprice
95
ARPrice <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.1.3 July 3, 2026
appexperts appexperts
95
AppExperts <= 1.4.3 - Unauthenticated Sensitive Information Exposure LOW *-1.4.3 1.4.5 July 3, 2026
ap-google-maps ap-google-maps
95
Arrow Maps <= 1.0.9 - Reflected Cross-Site Scripting LOW *-1.0.9 July 3, 2026
anac-xml-render anac-xml-render
95
ANAC XML Render <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5.7 July 3, 2026
alphaomega-captcha-anti-spam alphaomega-captcha-anti-spam
95
AlphaOmega Captcha & Anti-Spam Filter <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.3 July 3, 2026
ai-preloader ai-preloader
95
AI Preloader <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.2 July 3, 2026
advanced-dewplayer advanced-dewplayer
95
Advanced Dewplayer <= 1.6 - Missing Authorization LOW *-1.6 July 3, 2026
adsense-privacy-policy adsense-privacy-policy
95
AdSense Privacy Policy <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.1 July 3, 2026
spatialmatch-free-lifestyle-search spatialmatch-free-lifestyle-search N/A SpatialMatch IDX <= 3.0.9 - Reflected Cross-Site Scripting LOW *-3.0.9 July 3, 2026
gf2pdf gf2pdf
91
Gravity 2 PDF <= 3.1.3 - Reflected Cross-Site Scripting LOW *-3.1.3 July 3, 2026
docpro docpro
91
Docpro <= 2.0.1 - Unauthenticated Local File Inclusion LOW *-2.0.1 July 3, 2026
custom-smilies-se custom-smilies-se
91
Custom Smilies <= 2.9.2 - Reflected Cross-Site Scripting LOW *-2.9.2 July 3, 2026
zenphotopress zenphotopress N/A ZenphotoPress <= 1.8 - Reflected Cross-Site Scripting LOW *-1.8 July 3, 2026
are-you-robot-recaptcha are-you-robot-recaptcha
95
Are you robot google recaptcha for wordpress <= 2.2 - Reflected Cross-Site Scripting LOW *-2.2 July 3, 2026
users-customers-import-export-for-wp-woocommerce users-customers-import-export-for-wp-woocommerce N/A Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function LOW *-2.6.2 2.6.3 July 3, 2026
users-customers-import-export-for-wp-woocommerce users-customers-import-export-for-wp-woocommerce N/A Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function LOW *-2.6.2 2.6.3 July 3, 2026
users-customers-import-export-for-wp-woocommerce users-customers-import-export-for-wp-woocommerce N/A Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter LOW *-2.6.2 2.6.3 July 3, 2026
users-customers-import-export-for-wp-woocommerce users-customers-import-export-for-wp-woocommerce N/A Export and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function LOW *-2.6.2 2.6.3 July 3, 2026
bitspecter-suite bitspecter-suite
93
Bitspecter Suite <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-1.0.0 1.1.0 July 3, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder fluentform
78
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing LOW *-5.2.12 6.0.0 July 3, 2026
make-builder make-builder
93
Make Builder <= 1.1.10 - Authenticated (Subscriber+) Server-Side Request Forgery via make_builder_ajax_subscribe Function LOW *-1.1.10 1.1.11 July 3, 2026
cryokey cryokey
91
CryoKey <= 2.4 - Reflected Cross-Site Scripting via 'ckemail' Parameter LOW *-2.4 July 3, 2026
cits-support-svg-webp-media-upload cits-support-svg-webp-media-upload
89
CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update LOW *-4.2 July 3, 2026
cits-support-svg-webp-media-upload cits-support-svg-webp-media-upload
89
CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion LOW *-4.2 July 3, 2026
gotcha-gesture-based-captcha gotcha-gesture-based-captcha
91
Gotcha | Gesture-based Captcha <= 1.0.0 - Reflected Cross-Site Scripting via menu Parameter LOW *-1.0.0 July 3, 2026
easy-custom-admin-bar easy-custom-admin-bar
91
Easy Custom Admin Bar <= 1.0 - Reflected Cross-Site Scripting via msg Parameter LOW *-1.0 July 3, 2026
block-logic block-logic
93
Block Logic <= 1.0.8 - Authenticated (Contributor+) Remote Code Execution LOW *-1.0.8 2.0.0 July 3, 2026
multi-video-box multi-video-box
91
Multi Video Box <= 1.5.2 - Reflected Cross-Site Scripting via video_id and group_id Parameters LOW *-1.5.2 July 3, 2026
code-clone code-clone
91
Code Clone <= 0.9 - Authenticated (Administrator+) SQL Injection via snippetId Parameter LOW *-0.9 July 3, 2026
wcfm-marketplace-rest-api wcfm-marketplace-rest-api N/A WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection LOW *-1.6.2 1.6.3 July 3, 2026
newsletters-lite newsletters-lite
93
Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter LOW *-4.9.9.7 4.9.9.8 July 3, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection LOW *-5.9.4.5 5.9.4.6 July 3, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management LOW *-5.9.4.4 5.9.4.5 July 3, 2026
motors-car-dealership-classified-listings motors-car-dealership-classified-listings
93
Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation LOW *-1.4.57 1.4.58 July 3, 2026
wp-marketing-automations wp-marketing-automations N/A Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' LOW *-3.5.1 3.5.2 July 3, 2026
wp-gcalendar wp-gcalendar N/A WP Google Calendar Manager <= 2.1 - Authenticated (Subscriber+) SQL Injection LOW *-2.1 July 3, 2026
LOW

rewrite

rewrite

Score: N/A Rewrite <= 0.2.1 - Cross-Site Request Forgery Affected: *-0.2.1 Patched: Updated: July 3, 2026
LOW

replace-default-words

replace-default-words

Score: N/A Replace Default Words <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

related-posts-via-categories

related-posts-via-categories

Score: N/A Related Posts via Categories <= 2.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.2 Patched: Updated: July 3, 2026
LOW

proranktracker

proranktracker

Score: N/A Pro Rank Tracker <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

pretty-file-links

pretty-file-links

Score: N/A Pretty file links <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.9 Patched: Updated: July 3, 2026
LOW

powerpress

powerpress

Score: N/A PowerPress Podcasting <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-11.9.17 Patched: 11.9.18 Updated: July 3, 2026
LOW

oss-upload

oss-upload

Score: 91/100 OSS Upload <= 4.8.9 - Cross-Site Request Forgery Affected: *-4.8.9 Patched: Updated: July 3, 2026
LOW

omnify-widget

omnify-widget

Score: 91/100 Omnify <= 2.0.3 - Reflected Cross-Site Scripting Affected: *-2.0.3 Patched: Updated: July 3, 2026
LOW

odihost-easy-redirect-301

odihost-easy-redirect-301

Score: 91/100 Easy 301 Redirects <= 1.33 - Cross-Site Request Forgery Affected: *-1.33 Patched: Updated: July 3, 2026
LOW

nextgen-gallery-voting

nextgen-gallery-voting

Score: 91/100 NextGEN Gallery Voting <= 2.7.6 - Reflected Cross-Site Scripting Affected: *-2.7.6 Patched: Updated: July 3, 2026
LOW

my-default-post-content

my-default-post-content

Score: 91/100 My Default Post Content <= 0.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.7.3 Patched: Updated: July 3, 2026
LOW

my-bootstrap-menu

my-bootstrap-menu

Score: 91/100 My Bootstrap Menu <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 3, 2026
LOW

music-press-pro

music-press-pro

Score: 89/100 Music Press Pro <= 1.4.6 - Missing Authorization Affected: *-1.4.6 Patched: Updated: July 3, 2026
LOW

mobile-navigation

mobile-navigation

Score: 91/100 Mobile Navigation <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 3, 2026
LOW

message-ticker

message-ticker

Score: 91/100 Message ticker <= 9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-9.3 Patched: Updated: July 3, 2026
LOW

map-contact

map-contact

Score: 91/100 Map Contact <= 3.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0.4 Patched: Updated: July 3, 2026
LOW

login-redirect

login-redirect

Score: 91/100 Login Redirect <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 3, 2026
LOW

lightview-plus

lightview-plus

Score: 91/100 Lightview Plus <= 3.1.3 - Reflected Cross-Site Scripting Affected: *-3.1.3 Patched: Updated: July 3, 2026
LOW

lh-ogp-meta-tags

lh-ogp-meta-tags

Score: 91/100 LH OGP Meta <= 1.73 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.73 Patched: Updated: July 3, 2026
LOW

key4ce-osticket-bridge

key4ce-osticket-bridge

Score: 91/100 Key4ce osTicket Bridge <= 1.4.0 - Reflected Cross-Site Scripting Affected: *-1.4.0 Patched: Updated: July 3, 2026
LOW

jquery-drop-down-menu-plugin

jquery-drop-down-menu-plugin

Score: 91/100 jQuery Dropdown Menu <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 3, 2026
LOW

jiangqie-official-website-mini-program

jiangqie-official-website-mini-program

Score: 91/100 JiangQie Official Website Mini Program <= 1.8.2 - Authenticated (Administrator+) SQL Injection Affected: *-1.8.2 Patched: Updated: July 3, 2026
LOW

issuupress

issuupress

Score: 91/100 issuuPress <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: July 3, 2026
LOW

info-boxes-shortcode-and-widget

info-boxes-shortcode-and-widget

Score: 91/100 Info Boxes Shortcode and Widget <= 1.15 - Cross-Site Request Forgery Affected: *-1.15 Patched: Updated: July 3, 2026
LOW

include-url

include-url

Score: 89/100 Include URL <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.3.5 Patched: Updated: July 3, 2026
LOW

include-file

include-file

Score: 89/100 include-file <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1 Patched: Updated: July 3, 2026
LOW

image-captcha

image-captcha

Score: 91/100 Image Captcha <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

ig-shortcodes

ig-shortcodes

Score: 91/100 IG Shortcodes <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1 Patched: Updated: July 3, 2026
LOW

hacklog-remote-image-autosave

hacklog-remote-image-autosave

Score: 91/100 Hacklog Remote Image Autosave <= 2.1.0 - Cross-Site Request Forgery Affected: *-2.1.0 Patched: Updated: July 3, 2026
LOW

gp-back-to-top

gp-back-to-top

Score: 91/100 GP Back To Top <= 3.0 - Cross-Site Request Forgery Affected: *-3.0 Patched: Updated: July 3, 2026
LOW

gmo-font-agent

gmo-font-agent

Score: 91/100 GMO Font Agent <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 3, 2026
LOW

generate-post-thumbnails

generate-post-thumbnails

Score: 91/100 Generate Post Thumbnails <= 0.8 - Cross-Site Request Forgery Affected: *-0.8 Patched: Updated: July 3, 2026
LOW

flipdish-ordering-system

flipdish-ordering-system

Score: 91/100 Flipdish Ordering System <= 1.5.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.5.2 Patched: Updated: July 3, 2026
LOW

flickr-set-slideshows

flickr-set-slideshows

Score: 89/100 Flickr set slideshows <= 0.9 - Authenticated (Contributor+) SQL Injection Affected: *-0.9 Patched: Updated: July 3, 2026
LOW

fix-rss-feed

fix-rss-feed

Score: 91/100 Fix Rss Feeds <= 3.1 - Cross-Site Request Forgery Affected: *-3.1 Patched: Updated: July 3, 2026
LOW

fiverr-official-search-box

fiverr-official-search-box

Score: 91/100 Fiverr.com Official Search Box <= 1.0.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.8 Patched: Updated: July 3, 2026
LOW

facebook-secret-meta

facebook-secret-meta

Score: 91/100 Secret Meta <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 3, 2026
LOW

external-image-replace

external-image-replace

Score: 89/100 External image replace <= 1.0.8 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.8 Patched: Updated: July 3, 2026
LOW

easy-page-transition

easy-page-transition

Score: 91/100 Easy Page Transition <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

dokme

dokme

Score: 91/100 دکمه، شبکه اجتماعی خرید <= 2.0.6 - Authenticated (Administrator+) SQL Injection Affected: *-2.0.6 Patched: Updated: July 3, 2026
LOW

directorist

directorist

Score: 93/100 Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing Affected: *-8.2 Patched: 8.3 Updated: July 3, 2026
LOW

dicom-support

dicom-support

Score: 93/100 DICOM Support <= 0.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.10.6 Patched: 0.10.7 Updated: July 3, 2026
LOW

designthemes-core-features

designthemes-core-features

Score: 89/100 DesignThemes Core Features <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.8 Patched: Updated: July 3, 2026
LOW

ddirections

ddirections

Score: 91/100 Driving Directions <= 1.4.4 - Reflected Cross-Site Scripting Affected: *-1.4.4 Patched: Updated: July 3, 2026
LOW

custom-script-integration

custom-script-integration

Score: 91/100 Custom Script Integration <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: Updated: July 3, 2026
LOW

custom-product-stickers-for-woocommerce

custom-product-stickers-for-woocommerce

Score: 91/100 Custom Product Stickers for Woocommerce <= 1.9.0 - Reflected Cross-Site Scripting Affected: *-1.9.0 Patched: Updated: July 3, 2026
LOW

ctabs

ctabs

Score: 91/100 cTabs <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

copy-menu

copy-menu

Score: 91/100 Menu Duplicator <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

copy-link

copy-link

Score: 91/100 CopyLink <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

clink

clink

Score: 91/100 Clink <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 3, 2026
LOW

cf7-material-design

cf7-material-design

Score: 91/100 Contact Form 7 Material Design <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

cazamba

cazamba

Score: 91/100 Cazamba <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

cas-maestro

cas-maestro

Score: 91/100 CAS Maestro <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: July 3, 2026
LOW

callphoner

callphoner

Score: 91/100 CallPhone'r <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 3, 2026
LOW

cackle

cackle

Score: 91/100 Cackle <= 4.33 - Cross-Site Request Forgery Affected: *-4.33 Patched: Updated: July 3, 2026
LOW

browser-address-bar-color

browser-address-bar-color

Score: 93/100 Browser Address Bar Color <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.3 Patched: 3.4.0 Updated: July 3, 2026
LOW

bmo-expo

bmo-expo

Score: 91/100 BMo Expo <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.15 Patched: Updated: July 3, 2026
LOW

blue-captcha

blue-captcha

Score: 93/100 Blue Captcha <= 1.7.4 - Reflected Cross-Site Scripting Affected: *-1.7.4 Patched: 2.0.0 Updated: July 3, 2026
LOW

beautiful-link-preview

beautiful-link-preview

Score: 91/100 Beautiful Link Preview <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.0 Patched: Updated: July 3, 2026
LOW

banner-manager

banner-manager

Score: 91/100 banner-manager <= 16.04.19 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-16.04.19 Patched: Updated: July 3, 2026
LOW

awesome-logos

awesome-logos

Score: 89/100 Awesome Logos <= 1.2 - Cross-Site Request Forgery to SQL Injection Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

avaibook

avaibook

Score: 91/100 AvaiBook <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

auto-load-next-post

auto-load-next-post

Score: 91/100 Auto Load Next Post <= 1.5.14 - Cross-Site Request Forgery Affected: *-1.5.14 Patched: Updated: July 3, 2026
LOW

arprice

arprice

Score: 95/100 ARPrice <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.3 Patched: Updated: July 3, 2026
LOW

appexperts

appexperts

Score: 95/100 AppExperts <= 1.4.3 - Unauthenticated Sensitive Information Exposure Affected: *-1.4.3 Patched: 1.4.5 Updated: July 3, 2026
LOW

ap-google-maps

ap-google-maps

Score: 95/100 Arrow Maps <= 1.0.9 - Reflected Cross-Site Scripting Affected: *-1.0.9 Patched: Updated: July 3, 2026
LOW

anac-xml-render

anac-xml-render

Score: 95/100 ANAC XML Render <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5.7 Patched: Updated: July 3, 2026
LOW

alphaomega-captcha-anti-spam

alphaomega-captcha-anti-spam

Score: 95/100 AlphaOmega Captcha & Anti-Spam Filter <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.3 Patched: Updated: July 3, 2026
LOW

ai-preloader

ai-preloader

Score: 95/100 AI Preloader <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

advanced-dewplayer

advanced-dewplayer

Score: 95/100 Advanced Dewplayer <= 1.6 - Missing Authorization Affected: *-1.6 Patched: Updated: July 3, 2026
LOW

adsense-privacy-policy

adsense-privacy-policy

Score: 95/100 AdSense Privacy Policy <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 3, 2026
LOW

spatialmatch-free-lifestyle-search

spatialmatch-free-lifestyle-search

Score: N/A SpatialMatch IDX <= 3.0.9 - Reflected Cross-Site Scripting Affected: *-3.0.9 Patched: Updated: July 3, 2026
LOW

gf2pdf

gf2pdf

Score: 91/100 Gravity 2 PDF <= 3.1.3 - Reflected Cross-Site Scripting Affected: *-3.1.3 Patched: Updated: July 3, 2026
LOW

docpro

docpro

Score: 91/100 Docpro <= 2.0.1 - Unauthenticated Local File Inclusion Affected: *-2.0.1 Patched: Updated: July 3, 2026
LOW

custom-smilies-se

custom-smilies-se

Score: 91/100 Custom Smilies <= 2.9.2 - Reflected Cross-Site Scripting Affected: *-2.9.2 Patched: Updated: July 3, 2026
LOW

zenphotopress

zenphotopress

Score: N/A ZenphotoPress <= 1.8 - Reflected Cross-Site Scripting Affected: *-1.8 Patched: Updated: July 3, 2026
LOW

are-you-robot-recaptcha

are-you-robot-recaptcha

Score: 95/100 Are you robot google recaptcha for wordpress <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 3, 2026
LOW

users-customers-import-export-for-wp-woocommerce

users-customers-import-export-for-wp-woocommerce

Score: N/A Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function Affected: *-2.6.2 Patched: 2.6.3 Updated: July 3, 2026
LOW

users-customers-import-export-for-wp-woocommerce

users-customers-import-export-for-wp-woocommerce

Score: N/A Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function Affected: *-2.6.2 Patched: 2.6.3 Updated: July 3, 2026
LOW

users-customers-import-export-for-wp-woocommerce

users-customers-import-export-for-wp-woocommerce

Score: N/A Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter Affected: *-2.6.2 Patched: 2.6.3 Updated: July 3, 2026
LOW

users-customers-import-export-for-wp-woocommerce

users-customers-import-export-for-wp-woocommerce

Score: N/A Export and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function Affected: *-2.6.2 Patched: 2.6.3 Updated: July 3, 2026
LOW

bitspecter-suite

bitspecter-suite

Score: 93/100 Bitspecter Suite <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.0.0 Patched: 1.1.0 Updated: July 3, 2026
LOW

make-builder

make-builder

Score: 93/100 Make Builder <= 1.1.10 - Authenticated (Subscriber+) Server-Side Request Forgery via make_builder_ajax_subscribe Function Affected: *-1.1.10 Patched: 1.1.11 Updated: July 3, 2026
LOW

cryokey

cryokey

Score: 91/100 CryoKey <= 2.4 - Reflected Cross-Site Scripting via 'ckemail' Parameter Affected: *-2.4 Patched: Updated: July 3, 2026
LOW

cits-support-svg-webp-media-upload

cits-support-svg-webp-media-upload

Score: 89/100 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update Affected: *-4.2 Patched: Updated: July 3, 2026
LOW

cits-support-svg-webp-media-upload

cits-support-svg-webp-media-upload

Score: 89/100 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion Affected: *-4.2 Patched: Updated: July 3, 2026
LOW

gotcha-gesture-based-captcha

gotcha-gesture-based-captcha

Score: 91/100 Gotcha | Gesture-based Captcha <= 1.0.0 - Reflected Cross-Site Scripting via menu Parameter Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

easy-custom-admin-bar

easy-custom-admin-bar

Score: 91/100 Easy Custom Admin Bar <= 1.0 - Reflected Cross-Site Scripting via msg Parameter Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

block-logic

block-logic

Score: 93/100 Block Logic <= 1.0.8 - Authenticated (Contributor+) Remote Code Execution Affected: *-1.0.8 Patched: 2.0.0 Updated: July 3, 2026
LOW

multi-video-box

multi-video-box

Score: 91/100 Multi Video Box <= 1.5.2 - Reflected Cross-Site Scripting via video_id and group_id Parameters Affected: *-1.5.2 Patched: Updated: July 3, 2026
LOW

code-clone

code-clone

Score: 91/100 Code Clone <= 0.9 - Authenticated (Administrator+) SQL Injection via snippetId Parameter Affected: *-0.9 Patched: Updated: July 3, 2026
LOW

wcfm-marketplace-rest-api

wcfm-marketplace-rest-api

Score: N/A WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection Affected: *-1.6.2 Patched: 1.6.3 Updated: July 3, 2026
LOW

newsletters-lite

newsletters-lite

Score: 93/100 Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter Affected: *-4.9.9.7 Patched: 4.9.9.8 Updated: July 3, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection Affected: *-5.9.4.5 Patched: 5.9.4.6 Updated: July 3, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management Affected: *-5.9.4.4 Patched: 5.9.4.5 Updated: July 3, 2026
LOW

motors-car-dealership-classified-listings

motors-car-dealership-classified-listings

Score: 93/100 Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation Affected: *-1.4.57 Patched: 1.4.58 Updated: July 3, 2026
LOW

wp-marketing-automations

wp-marketing-automations

Score: N/A Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' Affected: *-3.5.1 Patched: 3.5.2 Updated: July 3, 2026
LOW

wp-gcalendar

wp-gcalendar

Score: N/A WP Google Calendar Manager <= 2.1 - Authenticated (Subscriber+) SQL Injection Affected: *-2.1 Patched: Updated: July 3, 2026

Showing 11101 to 11200 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 02:29 UTC.