Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

87

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wp-contact-form-iii wp-contact-form-iii N/A WP Contact Form III <= 1.6.2d - Reflected Cross-Site Scripting LOW * - 1.6.2d July 3, 2026
wordpress-mu-secure-invites wordpress-mu-secure-invites N/A Secure Invites <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 3, 2026
simple-post-series simple-post-series N/A Simple Post Series <= 2.4.4 - Reflected Cross-Site Scripting LOW *-2.4.4 July 3, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection LOW *-5.9.4.7 5.9.4.8 July 3, 2026
give give
93
GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure LOW *-3.22.1 3.22.2 July 3, 2026
fancy-box fancy-box
91
FancyBox <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 3, 2026
cookies-pro cookies-pro
91
Cookies Pro <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
cf7-utm-tracking cf7-utm-tracking
91
UTM tags tracking for Contact Form 7 <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1 July 3, 2026
instant-appointment instant-appointment
87
Instant Appointment <= 1.2 - Unauthenticated Arbitrary File Upload LOW *-1.2 July 3, 2026
zhina-twitter-widget zhina-twitter-widget N/A ZhinaTwitterWidget <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
zd-scribd-ipaper zd-scribd-ipaper N/A ZD Scribd iPaper <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
zalo-live-chat zalo-live-chat N/A Zalo Live Chat <= 1.1.0 - Reflected Cross-Site Scripting LOW *-1.1.0 July 3, 2026
wp-geshi-highlight wp-geshi-highlight N/A WP-GeSHi-Highlight <= 1.4.3 Authenticated (Author+) ReDoS LOW *-1.4.3 July 3, 2026
wordpress-theme-demo-bar wordpress-theme-demo-bar N/A Theme Demo Bar <= 1.6.3 - Reflected Cross-Site Scripting LOW *-1.6.3 July 3, 2026
woo-altcoin-payment-gateway woo-altcoin-payment-gateway N/A Bitcoin / AltCoin Payment Gateway for WooCommerce <= 1.7.6 - Reflected Cross-Site Scripting LOW *-1.7.6 July 3, 2026
trust-payments-hosted-payment-pages-integration trust-payments-hosted-payment-pages-integration N/A Trust Payments Gateway for WooCommerce <= 1.1.4 - Unauthenticated SQL Injection LOW *-1.1.4 2.0.0 July 3, 2026
rizzi-guestbook rizzi-guestbook N/A Rizzi Guestbook <= 4.0.1 - Reflected Cross-Site Scripting LOW *-4.0.1 July 3, 2026
random-quotes random-quotes N/A Random Quotes <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 3, 2026
memberspace memberspace
93
MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting LOW *-2.1.13 2.1.14 July 3, 2026
infugrator infugrator
91
Infugrator <= 1.0.3 - Reflected Cross-Site Scripting LOW *-1.0.3 July 3, 2026
google-plus-google google-plus-google
91
Google Plus <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 3, 2026
gdpr-tools gdpr-tools
91
GDPR Tools <= 1.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.2 July 3, 2026
display-post-meta display-post-meta
91
Display Post Meta <= 2.4.4 -Reflected Cross-Site Scripting LOW *-2.4.4 July 3, 2026
aumenu aumenu
91
AuMenu <= 1.1.5 - Reflected Cross-Site Scripting LOW *-1.1.5 July 3, 2026
appreview appreview
95
AppReview <= 0.2.9 - Reflected Cross-Site Scripting LOW *-0.2.9 July 3, 2026
woo-rfq-for-woocommerce woo-rfq-for-woocommerce N/A NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure LOW *-1.9.179 1.9.180 July 3, 2026
order-import-export-for-woocommerce order-import-export-for-woocommerce
93
Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function LOW *-2.6.0 2.6.1 July 3, 2026
order-import-export-for-woocommerce order-import-export-for-woocommerce
93
Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter LOW *-2.6.0 2.6.1 July 3, 2026
order-import-export-for-woocommerce order-import-export-for-woocommerce
93
Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function LOW *-2.6.0 2.6.1 July 3, 2026
order-import-export-for-woocommerce order-import-export-for-woocommerce
93
Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function LOW *-2.6.0 2.6.1 July 3, 2026
file-away file-away
87
File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read LOW *-3.9.9.0.1 July 3, 2026
wp-event-solution wp-event-solution N/A Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion LOW *-4.0.24 4.0.25 July 3, 2026
wp-event-solution wp-event-solution N/A Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment Status Update LOW *-4.0.24 4.0.25 July 3, 2026
Custom Twitter Feeds – A Tweets Widget or X Feed Widget custom-twitter-feeds
75
Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function LOW *-2.2.5 2.3.0 July 3, 2026
zielke-design-project-gallery zielke-design-project-gallery N/A Zielke Design Project Gallery <= 2.5.0 - Reflected Cross-Site Scripting LOW *-2.5.0 July 3, 2026
your-lightbox your-lightbox N/A Your Lightbox <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
xpro-elementor-addons xpro-elementor-addons N/A 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget LOW *-1.4.7.1 1.4.8 July 3, 2026
wp-multitasking wp-multitasking N/A WP MultiTasking <= 0.1.12 - Cross-Site Request Forgery to Header/Footer/Body Script Update LOW *-0.1.12 July 3, 2026
wp-multitasking wp-multitasking N/A WP MultiTasking <= 0.1.12 - Cross-Site Request Forgery to Permalink Suffix Update LOW *-0.1.12 July 3, 2026
wordpressplugin-upgrade-time-out-plugin wordpressplugin-upgrade-time-out-plugin N/A WordPress/Plugin Upgrade Time Out Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
pixobe-cartography pixobe-cartography N/A Pixobe Cartography <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 3, 2026
off-page-seo off-page-seo
91
Off Page SEO <= 3.0.3 - Reflected Cross-Site Scripting LOW *-3.0.3 July 3, 2026
narnoo-shortcodes narnoo-shortcodes
91
Narnoo Operator <= 2.0.0 - Reflected Cross-Site Scripting LOW *-2.0.0 July 3, 2026
live-tv live-tv
91
LIVE TV <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 3, 2026
ht-mega-for-elementor ht-mega-for-elementor
93
HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets LOW *-2.8.3 2.8.4 July 3, 2026
WP Ghost (Hide My WP Ghost) – Security & Firewall hide-my-wp
79
Hide My WP Ghost <= 5.4.01 - Unauthenticated Local File Inclusion LOW *-5.4.01 5.4.02 July 3, 2026
frontend-post-submission frontend-post-submission
91
Frontend Post Submission <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
front-end-post-edit front-end-post-edit
91
custom-post-edit <= 1.0.4 - Reflected Cross-Site Scripting LOW *-1.0.4 July 3, 2026
en-masse-wp en-masse-wp
91
En Masse <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
database-audit database-audit
91
WP Database Audit <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
cxc-sawa cxc-sawa
91
Management-screen-droptiles <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
content-glass-button content-glass-button
91
CG Button <= 1.0.5.6 - Reflected Cross-Site Scripting LOW *-1.0.5.6 July 3, 2026
age-gate age-gate
97
Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang' LOW *-3.5.3 3.5.4 July 3, 2026
file-away file-away
87
File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function LOW *-3.9.9.0.1 July 3, 2026
ahathat ahathat
92
AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter LOW *-1.6 July 3, 2026
wp-foodbakery wp-foodbakery N/A FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions LOW *-4.7 4.8 July 3, 2026
wp-foodbakery wp-foodbakery N/A FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions LOW *-4.7 July 3, 2026
wp-ad-management wp-ad-management N/A Ads24 Lite <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
ultimate-gallery ultimate-gallery N/A ULTIMATE VIDEO GALLERY <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 July 3, 2026
super-slider super-slider N/A SUPER RESPONSIVE SLIDER <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 July 3, 2026
stencies stencies N/A Stencies <= 0.58 - Reflected Cross-Site Scripting LOW *-0.58 July 3, 2026
snow-storm snow-storm N/A Snow Storm <= 1.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.4.6 1.4.7 July 3, 2026
sleekplan sleekplan N/A Sleekplan <= 0.2.0 - Reflected Cross-Site Scripting LOW *-0.2.0 July 3, 2026
site-editor-google-map site-editor-google-map N/A Site Editor Google Map <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 3, 2026
sf-booking sf-booking N/A Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover LOW *-5.0 5.1 July 3, 2026
s2member-pro s2member-pro N/A s2Member Pro <= 250214 - Authenticated (Contributor+) Local File Inclusion to Remote Code Execution via Shortcode LOW *-250214 250419 July 3, 2026
rws-enquiry rws-enquiry N/A RWS Enquiry And Lead Follow-up <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
rdp-linkedin-login rdp-linkedin-login N/A RDP Linkedin Login <= 1.7.0 - Reflected Cross-Site Scripting LOW *-1.7.0 July 3, 2026
rdp-ingroups rdp-ingroups N/A RDP inGroups+ <= 1.0.6 - Reflected Cross-Site Scripting LOW *-1.0.6 July 3, 2026
product-puller product-puller N/A Product Puller <= 1.5.1 - Reflected Cross-Site Scripting LOW *-1.5.1 July 3, 2026
ns-simple-intro-loader ns-simple-intro-loader
91
NS Simple Intro Loader <= 2.2.3 - Reflected Cross-Site Scripting LOW *-2.2.3 July 3, 2026
lifterlms lifterlms
93
LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing LOW *-8.0.1 8.0.2 July 3, 2026
improve-my-city improve-my-city
91
Improve My City <= 1.6 - Unauthenticated Stored Cross-Site Scripting LOW *-1.6 July 3, 2026
global-payments-woocommerce global-payments-woocommerce
93
GlobalPayments WooCommerce <= 1.13.2 - Reflected Cross-Site Scripting LOW *-1.13.2 1.13.3 July 3, 2026
fomo-payment-gateway-for-woocommerce fomo-payment-gateway-for-woocommerce
95
FOMO Pay Chinese Payment Solution <= 2.0.4 - Reflected Cross-Site Scripting LOW *-2.0.4 July 3, 2026
boombox-theme-extensions boombox-theme-extensions
93
BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password LOW *-1.8.0 1.8.1 July 3, 2026
wp-email-delivery wp-email-delivery N/A WP Email Delivery <= 1.20.11.23 - Reflected Cross-Site Scripting LOW *-1.20.11.23 July 3, 2026
wp-azure-offload wp-azure-offload N/A WP Azure offload <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 3, 2026
wc-ja-ja-pagamentos-multicaixa-express wc-ja-ja-pagamentos-multicaixa-express N/A Já-Já Pagamentos for WooCommerce <= 1.3.0 - Reflected Cross-Site Scripting LOW *-1.3.0 July 3, 2026
schedule schedule N/A Schedule <= 1.0.0 - Unauthenticated SQL Injection LOW *-1.0.0 July 3, 2026
linkedin-lite linkedin-lite
91
LinkedIn Lite <= 1.0 - Unauthenticated Local File Inclusion LOW *-1.0 July 3, 2026
gs-logo-slider gs-logo-slider
93
Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution LOW *-3.7.3 3.7.4 July 3, 2026
getshop-ecommerce getshop-ecommerce
91
GetShop ecommerce <= 1.3 - Unauthenticated Local File Inclusion LOW *-1.3 July 3, 2026
formality formality
93
Formality <= 1.5.7 - Unauthenticated Local File Inclusion LOW *-1.5.7 1.5.8 July 3, 2026
custom-field-list-widget custom-field-list-widget
91
Custom Field List Widget <= 1.5.1 - Unauthenticated Local File Inclusion LOW *-1.5.1 July 3, 2026
tripetto tripetto N/A Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion LOW *-8.0.9 8.0.10 July 3, 2026
give give
93
Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function LOW *-3.22.0 3.22.1 July 3, 2026
tripetto tripetto N/A WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting LOW *-8.0.9 8.0.10 July 3, 2026
wp01 wp01 N/A WP01 – Speed, Security, SEO consultant <= 2.6.2 - Authenticated (Subscriber+) Arbitrary File Download LOW *-2.6.2 July 3, 2026
zoorum-comments zoorum-comments N/A Zoorum Comments <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.9 July 3, 2026
pixelstats pixelstats N/A pixelstats <= 0.8.2 - Reflected Cross-Site Scripting LOW *-0.8.2 July 3, 2026
wc-affiliate wc-affiliate N/A WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-all LOW *-2.5.3 2.6 July 3, 2026
wpschoolpress wpschoolpress N/A School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Arbitrary User Deletion LOW *-2.2.16 2.2.17 July 3, 2026
wpschoolpress wpschoolpress N/A School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Parent+) SQL Injection LOW *-2.2.16 2.2.17 July 3, 2026
wpschoolpress wpschoolpress N/A School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Privilege Escalation via Account Takeover LOW *-2.2.16 2.2.17 July 3, 2026
wpschoolpress wpschoolpress N/A School Management System – WPSchoolPress <= 2.2.17 - Authenticated (Teacher+) SQL Injection LOW *-2.2.17 2.2.18 July 3, 2026
ulisting ulisting N/A Directory Listings WordPress plugin – uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation LOW *-2.2.0 July 3, 2026
ulisting ulisting N/A Directory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection LOW *-2.2.0 July 3, 2026
WP Test Email wp-test-email
90
WP Test Email <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting LOW *-1.1.8 1.1.9 July 3, 2026
wp-responsive-thumbnail-slider wp-responsive-thumbnail-slider N/A Thumbnail carousel slider <= 1.0.4 - Authenticated (Admin+) SQL Injection LOW *-1.0.4 1.0.5 July 3, 2026
LOW

wp-contact-form-iii

wp-contact-form-iii

Score: N/A WP Contact Form III <= 1.6.2d - Reflected Cross-Site Scripting Affected: * - 1.6.2d Patched: Updated: July 3, 2026
LOW

wordpress-mu-secure-invites

wordpress-mu-secure-invites

Score: N/A Secure Invites <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

simple-post-series

simple-post-series

Score: N/A Simple Post Series <= 2.4.4 - Reflected Cross-Site Scripting Affected: *-2.4.4 Patched: Updated: July 3, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection Affected: *-5.9.4.7 Patched: 5.9.4.8 Updated: July 3, 2026
LOW

give

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-3.22.1 Patched: 3.22.2 Updated: July 3, 2026
LOW

fancy-box

fancy-box

Score: 91/100 FancyBox <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

cookies-pro

cookies-pro

Score: 91/100 Cookies Pro <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

cf7-utm-tracking

cf7-utm-tracking

Score: 91/100 UTM tags tracking for Contact Form 7 <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 3, 2026
LOW

instant-appointment

instant-appointment

Score: 87/100 Instant Appointment <= 1.2 - Unauthenticated Arbitrary File Upload Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

zhina-twitter-widget

zhina-twitter-widget

Score: N/A ZhinaTwitterWidget <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

zd-scribd-ipaper

zd-scribd-ipaper

Score: N/A ZD Scribd iPaper <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

zalo-live-chat

zalo-live-chat

Score: N/A Zalo Live Chat <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 3, 2026
LOW

wp-geshi-highlight

wp-geshi-highlight

Score: N/A WP-GeSHi-Highlight <= 1.4.3 Authenticated (Author+) ReDoS Affected: *-1.4.3 Patched: Updated: July 3, 2026
LOW

wordpress-theme-demo-bar

wordpress-theme-demo-bar

Score: N/A Theme Demo Bar <= 1.6.3 - Reflected Cross-Site Scripting Affected: *-1.6.3 Patched: Updated: July 3, 2026
LOW

woo-altcoin-payment-gateway

woo-altcoin-payment-gateway

Score: N/A Bitcoin / AltCoin Payment Gateway for WooCommerce <= 1.7.6 - Reflected Cross-Site Scripting Affected: *-1.7.6 Patched: Updated: July 3, 2026
LOW

trust-payments-hosted-payment-pages-integration

trust-payments-hosted-payment-pages-integration

Score: N/A Trust Payments Gateway for WooCommerce <= 1.1.4 - Unauthenticated SQL Injection Affected: *-1.1.4 Patched: 2.0.0 Updated: July 3, 2026
LOW

rizzi-guestbook

rizzi-guestbook

Score: N/A Rizzi Guestbook <= 4.0.1 - Reflected Cross-Site Scripting Affected: *-4.0.1 Patched: Updated: July 3, 2026
LOW

random-quotes

random-quotes

Score: N/A Random Quotes <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

memberspace

memberspace

Score: 93/100 MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting Affected: *-2.1.13 Patched: 2.1.14 Updated: July 3, 2026
LOW

infugrator

infugrator

Score: 91/100 Infugrator <= 1.0.3 - Reflected Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 3, 2026
LOW

google-plus-google

google-plus-google

Score: 91/100 Google Plus <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

gdpr-tools

gdpr-tools

Score: 91/100 GDPR Tools <= 1.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

display-post-meta

display-post-meta

Score: 91/100 Display Post Meta <= 2.4.4 -Reflected Cross-Site Scripting Affected: *-2.4.4 Patched: Updated: July 3, 2026
LOW

aumenu

aumenu

Score: 91/100 AuMenu <= 1.1.5 - Reflected Cross-Site Scripting Affected: *-1.1.5 Patched: Updated: July 3, 2026
LOW

appreview

appreview

Score: 95/100 AppReview <= 0.2.9 - Reflected Cross-Site Scripting Affected: *-0.2.9 Patched: Updated: July 3, 2026
LOW

woo-rfq-for-woocommerce

woo-rfq-for-woocommerce

Score: N/A NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure Affected: *-1.9.179 Patched: 1.9.180 Updated: July 3, 2026
LOW

order-import-export-for-woocommerce

order-import-export-for-woocommerce

Score: 93/100 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function Affected: *-2.6.0 Patched: 2.6.1 Updated: July 3, 2026
LOW

order-import-export-for-woocommerce

order-import-export-for-woocommerce

Score: 93/100 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter Affected: *-2.6.0 Patched: 2.6.1 Updated: July 3, 2026
LOW

order-import-export-for-woocommerce

order-import-export-for-woocommerce

Score: 93/100 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function Affected: *-2.6.0 Patched: 2.6.1 Updated: July 3, 2026
LOW

order-import-export-for-woocommerce

order-import-export-for-woocommerce

Score: 93/100 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function Affected: *-2.6.0 Patched: 2.6.1 Updated: July 3, 2026
LOW

file-away

file-away

Score: 87/100 File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read Affected: *-3.9.9.0.1 Patched: Updated: July 3, 2026
LOW

wp-event-solution

wp-event-solution

Score: N/A Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.0.24 Patched: 4.0.25 Updated: July 3, 2026
LOW

wp-event-solution

wp-event-solution

Score: N/A Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment Status Update Affected: *-4.0.24 Patched: 4.0.25 Updated: July 3, 2026
LOW

zielke-design-project-gallery

zielke-design-project-gallery

Score: N/A Zielke Design Project Gallery <= 2.5.0 - Reflected Cross-Site Scripting Affected: *-2.5.0 Patched: Updated: July 3, 2026
LOW

your-lightbox

your-lightbox

Score: N/A Your Lightbox <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

xpro-elementor-addons

xpro-elementor-addons

Score: N/A 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget Affected: *-1.4.7.1 Patched: 1.4.8 Updated: July 3, 2026
LOW

wp-multitasking

wp-multitasking

Score: N/A WP MultiTasking <= 0.1.12 - Cross-Site Request Forgery to Header/Footer/Body Script Update Affected: *-0.1.12 Patched: Updated: July 3, 2026
LOW

wp-multitasking

wp-multitasking

Score: N/A WP MultiTasking <= 0.1.12 - Cross-Site Request Forgery to Permalink Suffix Update Affected: *-0.1.12 Patched: Updated: July 3, 2026
LOW

wordpressplugin-upgrade-time-out-plugin

wordpressplugin-upgrade-time-out-plugin

Score: N/A WordPress/Plugin Upgrade Time Out Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

pixobe-cartography

pixobe-cartography

Score: N/A Pixobe Cartography <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

off-page-seo

off-page-seo

Score: 91/100 Off Page SEO <= 3.0.3 - Reflected Cross-Site Scripting Affected: *-3.0.3 Patched: Updated: July 3, 2026
LOW

narnoo-shortcodes

narnoo-shortcodes

Score: 91/100 Narnoo Operator <= 2.0.0 - Reflected Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 3, 2026
LOW

live-tv

live-tv

Score: 91/100 LIVE TV <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

ht-mega-for-elementor

ht-mega-for-elementor

Score: 93/100 HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-2.8.3 Patched: 2.8.4 Updated: July 3, 2026
LOW

frontend-post-submission

frontend-post-submission

Score: 91/100 Frontend Post Submission <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

front-end-post-edit

front-end-post-edit

Score: 91/100 custom-post-edit <= 1.0.4 - Reflected Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 3, 2026
LOW

en-masse-wp

en-masse-wp

Score: 91/100 En Masse <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

database-audit

database-audit

Score: 91/100 WP Database Audit <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

cxc-sawa

cxc-sawa

Score: 91/100 Management-screen-droptiles <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

content-glass-button

content-glass-button

Score: 91/100 CG Button <= 1.0.5.6 - Reflected Cross-Site Scripting Affected: *-1.0.5.6 Patched: Updated: July 3, 2026
LOW

age-gate

age-gate

Score: 97/100 Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang' Affected: *-3.5.3 Patched: 3.5.4 Updated: July 3, 2026
LOW

file-away

file-away

Score: 87/100 File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function Affected: *-3.9.9.0.1 Patched: Updated: July 3, 2026
LOW

ahathat

ahathat

Score: 92/100 AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter Affected: *-1.6 Patched: Updated: July 3, 2026
LOW

wp-foodbakery

wp-foodbakery

Score: N/A FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions Affected: *-4.7 Patched: 4.8 Updated: July 3, 2026
LOW

wp-foodbakery

wp-foodbakery

Score: N/A FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions Affected: *-4.7 Patched: Updated: July 3, 2026
LOW

wp-ad-management

wp-ad-management

Score: N/A Ads24 Lite <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

ultimate-gallery

ultimate-gallery

Score: N/A ULTIMATE VIDEO GALLERY <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 3, 2026
LOW

super-slider

super-slider

Score: N/A SUPER RESPONSIVE SLIDER <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 3, 2026
LOW

stencies

stencies

Score: N/A Stencies <= 0.58 - Reflected Cross-Site Scripting Affected: *-0.58 Patched: Updated: July 3, 2026
LOW

snow-storm

snow-storm

Score: N/A Snow Storm <= 1.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.6 Patched: 1.4.7 Updated: July 3, 2026
LOW

sleekplan

sleekplan

Score: N/A Sleekplan <= 0.2.0 - Reflected Cross-Site Scripting Affected: *-0.2.0 Patched: Updated: July 3, 2026
LOW

site-editor-google-map

site-editor-google-map

Score: N/A Site Editor Google Map <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

sf-booking

sf-booking

Score: N/A Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover Affected: *-5.0 Patched: 5.1 Updated: July 3, 2026
LOW

s2member-pro

s2member-pro

Score: N/A s2Member Pro <= 250214 - Authenticated (Contributor+) Local File Inclusion to Remote Code Execution via Shortcode Affected: *-250214 Patched: 250419 Updated: July 3, 2026
LOW

rws-enquiry

rws-enquiry

Score: N/A RWS Enquiry And Lead Follow-up <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

rdp-linkedin-login

rdp-linkedin-login

Score: N/A RDP Linkedin Login <= 1.7.0 - Reflected Cross-Site Scripting Affected: *-1.7.0 Patched: Updated: July 3, 2026
LOW

rdp-ingroups

rdp-ingroups

Score: N/A RDP inGroups+ <= 1.0.6 - Reflected Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: July 3, 2026
LOW

product-puller

product-puller

Score: N/A Product Puller <= 1.5.1 - Reflected Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 3, 2026
LOW

ns-simple-intro-loader

ns-simple-intro-loader

Score: 91/100 NS Simple Intro Loader <= 2.2.3 - Reflected Cross-Site Scripting Affected: *-2.2.3 Patched: Updated: July 3, 2026
LOW

lifterlms

lifterlms

Score: 93/100 LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing Affected: *-8.0.1 Patched: 8.0.2 Updated: July 3, 2026
LOW

improve-my-city

improve-my-city

Score: 91/100 Improve My City <= 1.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 3, 2026
LOW

global-payments-woocommerce

global-payments-woocommerce

Score: 93/100 GlobalPayments WooCommerce <= 1.13.2 - Reflected Cross-Site Scripting Affected: *-1.13.2 Patched: 1.13.3 Updated: July 3, 2026
LOW

fomo-payment-gateway-for-woocommerce

fomo-payment-gateway-for-woocommerce

Score: 95/100 FOMO Pay Chinese Payment Solution <= 2.0.4 - Reflected Cross-Site Scripting Affected: *-2.0.4 Patched: Updated: July 3, 2026
LOW

boombox-theme-extensions

boombox-theme-extensions

Score: 93/100 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password Affected: *-1.8.0 Patched: 1.8.1 Updated: July 3, 2026
LOW

wp-email-delivery

wp-email-delivery

Score: N/A WP Email Delivery <= 1.20.11.23 - Reflected Cross-Site Scripting Affected: *-1.20.11.23 Patched: Updated: July 3, 2026
LOW

wp-azure-offload

wp-azure-offload

Score: N/A WP Azure offload <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 3, 2026
LOW

wc-ja-ja-pagamentos-multicaixa-express

wc-ja-ja-pagamentos-multicaixa-express

Score: N/A Já-Já Pagamentos for WooCommerce <= 1.3.0 - Reflected Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: July 3, 2026
LOW

schedule

schedule

Score: N/A Schedule <= 1.0.0 - Unauthenticated SQL Injection Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

linkedin-lite

linkedin-lite

Score: 91/100 LinkedIn Lite <= 1.0 - Unauthenticated Local File Inclusion Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

gs-logo-slider

gs-logo-slider

Score: 93/100 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution Affected: *-3.7.3 Patched: 3.7.4 Updated: July 3, 2026
LOW

getshop-ecommerce

getshop-ecommerce

Score: 91/100 GetShop ecommerce <= 1.3 - Unauthenticated Local File Inclusion Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

formality

formality

Score: 93/100 Formality <= 1.5.7 - Unauthenticated Local File Inclusion Affected: *-1.5.7 Patched: 1.5.8 Updated: July 3, 2026
LOW

custom-field-list-widget

custom-field-list-widget

Score: 91/100 Custom Field List Widget <= 1.5.1 - Unauthenticated Local File Inclusion Affected: *-1.5.1 Patched: Updated: July 3, 2026
LOW

tripetto

tripetto

Score: N/A Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion Affected: *-8.0.9 Patched: 8.0.10 Updated: July 3, 2026
LOW

give

give

Score: 93/100 Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function Affected: *-3.22.0 Patched: 3.22.1 Updated: July 3, 2026
LOW

tripetto

tripetto

Score: N/A WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-8.0.9 Patched: 8.0.10 Updated: July 3, 2026
LOW

wp01

wp01

Score: N/A WP01 – Speed, Security, SEO consultant <= 2.6.2 - Authenticated (Subscriber+) Arbitrary File Download Affected: *-2.6.2 Patched: Updated: July 3, 2026
LOW

zoorum-comments

zoorum-comments

Score: N/A Zoorum Comments <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.9 Patched: Updated: July 3, 2026
LOW

pixelstats

pixelstats

Score: N/A pixelstats <= 0.8.2 - Reflected Cross-Site Scripting Affected: *-0.8.2 Patched: Updated: July 3, 2026
LOW

wc-affiliate

wc-affiliate

Score: N/A WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-all Affected: *-2.5.3 Patched: 2.6 Updated: July 3, 2026
LOW

wpschoolpress

wpschoolpress

Score: N/A School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Arbitrary User Deletion Affected: *-2.2.16 Patched: 2.2.17 Updated: July 3, 2026
LOW

wpschoolpress

wpschoolpress

Score: N/A School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Parent+) SQL Injection Affected: *-2.2.16 Patched: 2.2.17 Updated: July 3, 2026
LOW

wpschoolpress

wpschoolpress

Score: N/A School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Privilege Escalation via Account Takeover Affected: *-2.2.16 Patched: 2.2.17 Updated: July 3, 2026
LOW

wpschoolpress

wpschoolpress

Score: N/A School Management System – WPSchoolPress <= 2.2.17 - Authenticated (Teacher+) SQL Injection Affected: *-2.2.17 Patched: 2.2.18 Updated: July 3, 2026
LOW

ulisting

ulisting

Score: N/A Directory Listings WordPress plugin – uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation Affected: *-2.2.0 Patched: Updated: July 3, 2026
LOW

ulisting

ulisting

Score: N/A Directory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection Affected: *-2.2.0 Patched: Updated: July 3, 2026
LOW

WP Test Email

wp-test-email

Score: 90/100 WP Test Email <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1.8 Patched: 1.1.9 Updated: July 3, 2026
LOW

wp-responsive-thumbnail-slider

wp-responsive-thumbnail-slider

Score: N/A Thumbnail carousel slider <= 1.0.4 - Authenticated (Admin+) SQL Injection Affected: *-1.0.4 Patched: 1.0.5 Updated: July 3, 2026

Showing 11201 to 11300 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 03:43 UTC.