Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
26625Across tracked plugins
Affected Plugins
94With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| lastudio-element-kit | lastudio-element-kit |
93
|
LA-Studio Element Kit for Elementor <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion | LOW | *-1.4.2 | 1.4.3 | July 3, 2026 | |
| kevins-plugin | kevins-plugin |
93
|
Kevin's <= 2.0.0 - Cross-Site Request Forgery | LOW | *-2.0.0 | 2.0.1 | July 3, 2026 | |
| jobboardwp | jobboardwp |
93
|
JobBoardWP – Job Board Listings and Submissions <= 1.3.0 - Reflected Cross-Site Scripting | LOW | *-1.3.0 | 1.3.1 | July 3, 2026 | |
| iteras | iteras |
93
|
ITERAS <= 1.8.0 - Cross-Site Request Forgery | LOW | *-1.8.0 | 1.8.1 | July 3, 2026 | |
| image-widget | image-widget |
93
|
Image Widget <= 4.4.10 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-4.4.10 | 4.4.11 | July 3, 2026 | |
| icestats | icestats |
91
|
IceStats <= 1.3 - Cross-Site Request Forgery | LOW | *-1.3 | July 3, 2026 | ||
| hotlink2watermark | hotlink2watermark |
91
|
Hotlink2Watermark <= 0.3.2 - Cross-Site Request Forgery | LOW | *-0.3.2 | July 3, 2026 | ||
| hits-counter | hits-counter |
91
|
Post Hits Counter <= 2.8.23 - Reflected Cross-Site Scripting | LOW | *-2.8.23 | July 3, 2026 | ||
| hipaatizer | hipaatizer |
93
|
HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.3.4 | 1.3.5 | July 3, 2026 | |
| gym-management | gym-management |
83
|
WPGYM <= 67.1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | LOW | *-67.1.0 | 67.2.0 | July 3, 2026 | |
| google-plus-share-and-plusone-button | google-plus-share-and-plusone-button |
91
|
Google Plus Share and +1 Button <= 1.0 - Cross-Site Request Forgery | LOW | *-1.0 | July 3, 2026 | ||
| generic-elements-for-elementor | generic-elements-for-elementor |
89
|
Generic Elements <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.2.5 | 1.2.6 | July 3, 2026 | |
| fwdmsp | fwdmsp |
93
|
MP3 Sticky Player <= 8.0 - Unauthenticated Arbitrary File Read/Download | LOW | *-8.0 | 8.0 | July 3, 2026 | |
| FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider | fluent-smtp |
85
|
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider <= 2.2.82 - Unauthenticated PHP Object Injection | LOW | *-2.2.82 | 2.2.83 | July 3, 2026 | |
| favicon-my-blog | favicon-my-blog |
91
|
Favicon My Blog <= 1.0.2 - Cross-Site Request Forgery | LOW | *-1.0.2 | July 3, 2026 | ||
| easy-liveblogs | easy-liveblogs |
93
|
Easy Liveblogs <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.3.5 | 2.3.6 | July 3, 2026 | |
| countdown-timer-block | countdown-timer-block |
91
|
Countdown Timer <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.5 | July 3, 2026 | ||
| continue-shopping-from-cart-page | continue-shopping-from-cart-page |
91
|
Continue Shopping From Cart <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-1.3 | July 3, 2026 | ||
| autolisticle-automatically-update-numbered-list-articles | autolisticle-automatically-update-numbered-list-articles |
93
|
AutoListicle: Automatically Update Numbered List Articles <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.2.3 | 1.2.4 | July 3, 2026 | |
| ai-quiz | ai-quiz |
95
|
AI Quiz <= 1.1 - Missing Authorization | LOW | *-1.1 | July 3, 2026 | ||
| ahmeti-wp-guzel-sozler | ahmeti-wp-guzel-sozler |
95
|
Ahmeti Wp Güzel Sözler <= 4.0 - Cross-Site Request Forgery | LOW | *-4.0 | July 3, 2026 | ||
| advanced-event-manager | advanced-event-manager |
95
|
Advanced Event Manager <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1.6 | July 3, 2026 | ||
| simply-gallery-block | simply-gallery-block | N/A | Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting | LOW | *-3.2.4.2 | 3.2.4.3 | July 3, 2026 | |
| easy-twitter-feeds | easy-twitter-feeds |
93
|
Easy Twitter Feed – Twitter feeds plugin for WP <= 1.2.6 - Authenticated (Contributor+) Post Exposure | LOW | *-1.2.6 | 1.2.7 | July 3, 2026 | |
| sky-elementor-addons | sky-elementor-addons | N/A | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | LOW | *-2.6.2 | 2.6.3 | July 3, 2026 | |
| sky-elementor-addons | sky-elementor-addons | N/A | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update | LOW | *-2.6.1 | 2.6.2 | July 3, 2026 | |
| popup-builder | popup-builder | N/A | Popup Builder <= 4.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-4.3.4 | 4.3.5 | July 3, 2026 | |
| mailmunch | mailmunch |
93
|
MailMunch – Grow your Email List <= 3.1.8 - Reflected Cross-Site Scripting | LOW | *-3.1.8 | 3.2.0 | July 3, 2026 | |
| luckywp-table-of-contents | luckywp-table-of-contents |
93
|
LuckyWP Table of Contents <= 2.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.1.6 | 2.1.7 | July 3, 2026 | |
| learnpress | learnpress |
93
|
LearnPress <= 4.2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-4.2.7.1 | 4.2.7.2 | July 3, 2026 | |
| learnpress | learnpress |
93
|
LearnPress <= 4.2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-4.2.7.1 | 4.2.7.2 | July 3, 2026 | |
| Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | kadence-blocks |
91
|
Kadence Blocks <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.2.53 | 3.2.54 | July 3, 2026 | |
| Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | kadence-blocks |
91
|
Kadence Blocks <= 3.2.53 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.2.53 | 3.2.54 | July 3, 2026 | |
| control-horas | control-horas |
91
|
Control horas <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.1 | July 3, 2026 | ||
| ajax-search-lite | ajax-search-lite |
97
|
Ajax Search Lite <= 4.12.3 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-4.12.3 | 4.12.4 | July 3, 2026 | |
| AI Engine – The Chatbot, AI Framework & MCP for WordPress | ai-engine |
82
|
AI Engine <= 2.6.3 - Authenticated (Admin+) SQL Injection | LOW | *-2.6.3 | 2.6.5 | July 3, 2026 | |
| my-contador-wp | my-contador-wp |
93
|
My Contador lesr <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export | LOW | *-2.0 | 2.1 | July 3, 2026 | |
| aryo-activity-log | aryo-activity-log |
97
|
Activity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context | LOW | *-2.11.1 | 2.11.2 | July 3, 2026 | |
| beds24-online-booking | beds24-online-booking |
93
|
Beds24 Online Booking <= 2.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via beds24-link Shortcode | LOW | *-2.0.27 | 2.0.28 | July 3, 2026 | |
| bard-extra | bard-extra |
93
|
Bard Extra <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import | LOW | *-1.2.7 | 1.2.8 | July 3, 2026 | |
| co-marquage-service-public | co-marquage-service-public |
91
|
Co-marquage service-public.fr <= 0.5.76 - Reflected Cross-Site Scripting via add_query_arg Parameter | LOW | *-0.5.76 | 0.5.77 | July 3, 2026 | |
| lock-user-account | lock-user-account |
91
|
Lock User Account <= 1.0.5 - User Lock Bypass | LOW | *-1.0.5 | July 3, 2026 | ||
| page-parts | page-parts |
93
|
Page Parts <= 1.4.3 - Reflected Cross-Site Scripting | LOW | *-1.4.3 | 1.4.4 | July 3, 2026 | |
| security-force | security-force | N/A | Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting | LOW | *-1.1.6 | July 3, 2026 | ||
| subaccounts-for-woocommerce | subaccounts-for-woocommerce | N/A | Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting | LOW | *-1.6.0 | 1.6.1 | July 3, 2026 | |
| include-mastodon-feed | include-mastodon-feed |
93
|
Include Mastodon Feed <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.9.4 | 1.9.6 | July 3, 2026 | |
| suevafree-essential-kit | suevafree-essential-kit | N/A | SuevaFree Essential Kit <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1.3 | 1.1.4 | July 3, 2026 | |
| salavat-counter | salavat-counter | N/A | salavat counter Plugin <= 0.9.4 - Reflected Cross-Site Scripting | LOW | *-0.9.4 | 0.9.5 | July 3, 2026 | |
| recipepress-reloaded | recipepress-reloaded | N/A | RecipePress Reloaded <= 2.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.12.0 | July 3, 2026 | ||
| grey-owl-lightbox | grey-owl-lightbox |
93
|
Grey Owl Lightbox <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.6.1 | 2.0.0 | July 3, 2026 | |
| grid-view-gallery | grid-view-gallery |
91
|
Grid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object Injection | LOW | *-1.0 | July 3, 2026 | ||
| f4-improvements | f4-improvements |
91
|
F4 Improvements <= 1.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | LOW | *-1.9.0 | July 3, 2026 | ||
| shine-pdf | shine-pdf | N/A | Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0 | July 3, 2026 | ||
| lazy-load-videos-and-sticky-control | lazy-load-videos-and-sticky-control |
91
|
Lazy load videos and sticky control <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.0.0 | July 3, 2026 | ||
| friendly-functions-for-welcart | friendly-functions-for-welcart |
93
|
Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | LOW | *-1.2.4 | 1.2.5 | July 3, 2026 | |
| bulletin-announcements | bulletin-announcements |
93
|
Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting | LOW | *-3.11.7 | 3.12 | July 3, 2026 | |
| dino-game | dino-game |
93
|
Dino Game – Embed Google Chrome Dinosaur Game in WordPress <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1.0 | 1.2.0 | July 3, 2026 | |
| product-designer | product-designer | N/A | Product Designer <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | LOW | *-1.0.36 | 1.0.37 | July 3, 2026 | |
| slick-sitemap | slick-sitemap | N/A | Slick Sitemap <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.0.0 | July 3, 2026 | ||
| peepso-core | peepso-core | N/A | Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App <=7.0.3.0 - Reflected Cross-Site Scripting | LOW | *-7.0.3.0 | 7.0.4.0 | July 3, 2026 | |
| tailored-tools | tailored-tools | N/A | Tailored Tools <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.8.4 | July 3, 2026 | ||
| stream-status-for-twitch | stream-status-for-twitch | N/A | StreamWeasels Online Status Bar <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.1.9 | 2.1.10 | July 3, 2026 | |
| stratum | stratum | N/A | Stratum – Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | LOW | *-1.4.4 | 1.4.5 | July 3, 2026 | |
| sticky-social-icons | sticky-social-icons | N/A | Sticky Social Icons <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.2.1 | July 3, 2026 | ||
| sp-blog-designer | sp-blog-designer | N/A | SP Blog Designer <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion | LOW | *-1.0.0 | July 3, 2026 | ||
| sky-elementor-addons | sky-elementor-addons | N/A | Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template | LOW | *-2.6.1 | 2.6.2 | July 3, 2026 | |
| simple-membership | simple-membership | N/A | Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor | LOW | *-4.5.5 | 4.5.6 | July 3, 2026 | |
| shopready-elementor-addon | shopready-elementor-addon | N/A | Shopready <= 3.5 - Authenticated (Contributor+) Local File Inclusion | LOW | *-3.5 | July 3, 2026 | ||
| pure-css-circle-progress-bar | pure-css-circle-progress-bar | N/A | Pure CSS Circle Progress bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.2 | July 3, 2026 | ||
| pricing-table-addon-for-elementor | pricing-table-addon-for-elementor | N/A | Pricing table addon for elementor <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion | LOW | *-1.0.0 | July 3, 2026 | ||
| pathomation | pathomation | N/A | Pathomation <= 2.5.1 - Unauthenticated Arbitrary File Upload | LOW | *-2.5.1 | July 3, 2026 | ||
| office-locator | office-locator |
89
|
Office Locator <= 1.3.0 - Authenticated (Contributor+) Local File Inclusion | LOW | *-1.3.0 | July 3, 2026 | ||
| meteor-slides | meteor-slides |
89
|
Meteor Slides <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.5.7 | July 3, 2026 | ||
| Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | kadence-blocks |
91
|
Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.3.3 | 3.3.4 | July 3, 2026 | |
| imbachat-widget | imbachat-widget |
91
|
ImbaChat <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.1.4 | July 3, 2026 | ||
| image-horizontal-reel-scroll-slideshow | image-horizontal-reel-scroll-slideshow |
91
|
Image horizontal reel scroll slideshow <= 13.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-13.4 | July 3, 2026 | ||
| if-so | if-so |
93
|
If-So Dynamic Content Personalization <= 1.9.2.1 - Authenticated (Contributor+) Post Disclosure | LOW | *-1.9.2.1 | 1.9.2.2 | July 3, 2026 | |
| happyforms | happyforms |
93
|
Happyforms <= 1.26.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.26.2 | 1.26.3 | July 3, 2026 | |
| dynamic-to-top | dynamic-to-top |
91
|
Dynamic "To Top" 3.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | 3.5.2 | July 3, 2026 | ||
| distance-based-shipping-calculator | distance-based-shipping-calculator |
93
|
Distance Based Shipping Calculator <= 2.0.23 - Authenticated (Subscriber+) SQL Injection | LOW | *-2.0.23 | 2.0.24 | July 3, 2026 | |
| contest-code-checker | contest-code-checker |
91
|
Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting | LOW | *-2.0.3 | 2.0.4 | July 3, 2026 | |
| cf7-email-add-on | cf7-email-add-on |
93
|
Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion | LOW | *-1.9 | 2.0 | July 3, 2026 | |
| button-block | button-block |
93
|
Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure | LOW | *-1.1.4 | 1.1.5 | July 3, 2026 | |
| bsk-gravity-forms-custom-validation | bsk-gravity-forms-custom-validation |
93
|
BSK Forms Validation <= 1.7 - Reflected Cross-Site Scripting | LOW | *-1.7 | 1.8 | July 3, 2026 | |
| branda-white-labeling | branda-white-labeling |
93
|
Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting | LOW | *-3.4.21 | 3.4.22 | July 3, 2026 | |
| Block Editor Bootstrap Blocks | block-editor-bootstrap-blocks |
98
|
Block Editor Bootstrap Blocks <= 6.6.1 - Reflected Cross-Site Scripting via tab | LOW | *-6.6.1 | 6.6.2 | July 3, 2026 | |
| anonymous-restricted-content | anonymous-restricted-content |
97
|
Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | LOW | *-1.6.5 | 1.6.6 | July 3, 2026 | |
| affiliate-toolkit-starter | affiliate-toolkit-starter |
95
|
affiliate-toolkit <= 3.6.7 - Reflected Cross-Site Scripting | LOW | *-3.6.7 | 3.6.8 | July 3, 2026 | |
| Add Chat App Button | add-whatsapp-button |
99
|
Add Chat App Button <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-2.1.5 | 2.1.8 | July 3, 2026 | |
| absolute-addons | absolute-addons |
95
|
Absolute Addons For Elementor <= 1.0.14 - Authenticated (Contributor+) Local File Inclusion | LOW | *-1.0.14 | July 3, 2026 | ||
| Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform | sugar-calendar-lite | N/A | Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting | LOW | *-3.3.0 | 3.4.0 | July 3, 2026 | |
| gd-bbpress-attachments | gd-bbpress-attachments |
93
|
GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting | LOW | *-4.7.2 | 4.7.3 | July 3, 2026 | |
| gd-rating-system | gd-rating-system |
93
|
GD Rating System <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via extra_class Parameter | LOW | *-3.6.1 | 3.6.2 | July 3, 2026 | |
| system-dashboard | system-dashboard | N/A | System Dashboard <= 2.8.14 - Unauthenticated Stored Cross-Site Scripting | LOW | *-2.8.14 | 2.8.15 | July 3, 2026 | |
| system-dashboard | system-dashboard | N/A | System Dashboard <= 2.8.14 - Authenticated (Admin+) Arbitrary File Read | LOW | *-2.8.14 | 2.8.15 | July 3, 2026 | |
| sirv | sirv | N/A | Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion | LOW | *-7.3.0 | 7.3.1 | July 3, 2026 | |
| save-as-pdf-by-pdfcrowd | save-as-pdf-by-pdfcrowd | N/A | Save as PDF Plugin by Pdfcrowd <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.2.1 | 4.2.2 | July 3, 2026 | |
| revisionary | revisionary | N/A | PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure | LOW | *-3.5.15 | 3.5.16 | July 3, 2026 | |
| profilegrid-user-profiles-groups-and-communities | profilegrid-user-profiles-groups-and-communities | N/A | ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion | LOW | *-5.9.3.6 | 5.9.3.7 | July 3, 2026 | |
| portfolio-builder-elementor | portfolio-builder-elementor | N/A | Elementor Portfolio Builder <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.0 | July 3, 2026 |
lastudio-element-kit
lastudio-element-kit
kevins-plugin
kevins-plugin
jobboardwp
jobboardwp
iteras
iteras
image-widget
image-widget
icestats
icestats
hotlink2watermark
hotlink2watermark
hits-counter
hits-counter
hipaatizer
hipaatizer
gym-management
gym-management
google-plus-share-and-plusone-button
google-plus-share-and-plusone-button
generic-elements-for-elementor
generic-elements-for-elementor
fwdmsp
fwdmsp
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider
fluent-smtp
favicon-my-blog
favicon-my-blog
easy-liveblogs
easy-liveblogs
countdown-timer-block
countdown-timer-block
continue-shopping-from-cart-page
continue-shopping-from-cart-page
autolisticle-automatically-update-numbered-list-articles
autolisticle-automatically-update-numbered-list-articles
ai-quiz
ai-quiz
ahmeti-wp-guzel-sozler
ahmeti-wp-guzel-sozler
advanced-event-manager
advanced-event-manager
simply-gallery-block
simply-gallery-block
easy-twitter-feeds
easy-twitter-feeds
sky-elementor-addons
sky-elementor-addons
sky-elementor-addons
sky-elementor-addons
popup-builder
popup-builder
mailmunch
mailmunch
luckywp-table-of-contents
luckywp-table-of-contents
learnpress
learnpress
learnpress
learnpress
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
kadence-blocks
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
kadence-blocks
control-horas
control-horas
ajax-search-lite
ajax-search-lite
AI Engine – The Chatbot, AI Framework & MCP for WordPress
ai-engine
my-contador-wp
my-contador-wp
aryo-activity-log
aryo-activity-log
beds24-online-booking
beds24-online-booking
bard-extra
bard-extra
co-marquage-service-public
co-marquage-service-public
lock-user-account
lock-user-account
page-parts
page-parts
security-force
security-force
subaccounts-for-woocommerce
subaccounts-for-woocommerce
include-mastodon-feed
include-mastodon-feed
suevafree-essential-kit
suevafree-essential-kit
salavat-counter
salavat-counter
recipepress-reloaded
recipepress-reloaded
grey-owl-lightbox
grey-owl-lightbox
grid-view-gallery
grid-view-gallery
f4-improvements
f4-improvements
shine-pdf
shine-pdf
lazy-load-videos-and-sticky-control
lazy-load-videos-and-sticky-control
friendly-functions-for-welcart
friendly-functions-for-welcart
bulletin-announcements
bulletin-announcements
dino-game
dino-game
product-designer
product-designer
slick-sitemap
slick-sitemap
peepso-core
peepso-core
tailored-tools
tailored-tools
stream-status-for-twitch
stream-status-for-twitch
stratum
stratum
sticky-social-icons
sticky-social-icons
sp-blog-designer
sp-blog-designer
sky-elementor-addons
sky-elementor-addons
simple-membership
simple-membership
shopready-elementor-addon
shopready-elementor-addon
pure-css-circle-progress-bar
pure-css-circle-progress-bar
pricing-table-addon-for-elementor
pricing-table-addon-for-elementor
pathomation
pathomation
office-locator
office-locator
meteor-slides
meteor-slides
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
kadence-blocks
imbachat-widget
imbachat-widget
image-horizontal-reel-scroll-slideshow
image-horizontal-reel-scroll-slideshow
if-so
if-so
happyforms
happyforms
dynamic-to-top
dynamic-to-top
distance-based-shipping-calculator
distance-based-shipping-calculator
contest-code-checker
contest-code-checker
cf7-email-add-on
cf7-email-add-on
button-block
button-block
bsk-gravity-forms-custom-validation
bsk-gravity-forms-custom-validation
branda-white-labeling
branda-white-labeling
Block Editor Bootstrap Blocks
block-editor-bootstrap-blocks
anonymous-restricted-content
anonymous-restricted-content
affiliate-toolkit-starter
affiliate-toolkit-starter
Add Chat App Button
add-whatsapp-button
absolute-addons
absolute-addons
Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform
sugar-calendar-lite
gd-bbpress-attachments
gd-bbpress-attachments
gd-rating-system
gd-rating-system
system-dashboard
system-dashboard
system-dashboard
system-dashboard
sirv
sirv
save-as-pdf-by-pdfcrowd
save-as-pdf-by-pdfcrowd
revisionary
revisionary
profilegrid-user-profiles-groups-and-communities
profilegrid-user-profiles-groups-and-communities
portfolio-builder-elementor
portfolio-builder-elementor
Showing 11301 to 11400 of 26625 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 3, 2026 at 04:48 UTC.