Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

26625

Across tracked plugins

Affected Plugins

94

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
lastudio-element-kit lastudio-element-kit
93
LA-Studio Element Kit for Elementor <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion LOW *-1.4.2 1.4.3 July 3, 2026
kevins-plugin kevins-plugin
93
Kevin's <= 2.0.0 - Cross-Site Request Forgery LOW *-2.0.0 2.0.1 July 3, 2026
jobboardwp jobboardwp
93
JobBoardWP – Job Board Listings and Submissions <= 1.3.0 - Reflected Cross-Site Scripting LOW *-1.3.0 1.3.1 July 3, 2026
iteras iteras
93
ITERAS <= 1.8.0 - Cross-Site Request Forgery LOW *-1.8.0 1.8.1 July 3, 2026
image-widget image-widget
93
Image Widget <= 4.4.10 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.4.10 4.4.11 July 3, 2026
icestats icestats
91
IceStats <= 1.3 - Cross-Site Request Forgery LOW *-1.3 July 3, 2026
hotlink2watermark hotlink2watermark
91
Hotlink2Watermark <= 0.3.2 - Cross-Site Request Forgery LOW *-0.3.2 July 3, 2026
hits-counter hits-counter
91
Post Hits Counter <= 2.8.23 - Reflected Cross-Site Scripting LOW *-2.8.23 July 3, 2026
hipaatizer hipaatizer
93
HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.4 1.3.5 July 3, 2026
gym-management gym-management
83
WPGYM <= 67.1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation LOW *-67.1.0 67.2.0 July 3, 2026
google-plus-share-and-plusone-button google-plus-share-and-plusone-button
91
Google Plus Share and +1 Button <= 1.0 - Cross-Site Request Forgery LOW *-1.0 July 3, 2026
generic-elements-for-elementor generic-elements-for-elementor
89
Generic Elements <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.5 1.2.6 July 3, 2026
fwdmsp fwdmsp
93
MP3 Sticky Player <= 8.0 - Unauthenticated Arbitrary File Read/Download LOW *-8.0 8.0 July 3, 2026
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider fluent-smtp
85
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider <= 2.2.82 - Unauthenticated PHP Object Injection LOW *-2.2.82 2.2.83 July 3, 2026
favicon-my-blog favicon-my-blog
91
Favicon My Blog <= 1.0.2 - Cross-Site Request Forgery LOW *-1.0.2 July 3, 2026
easy-liveblogs easy-liveblogs
93
Easy Liveblogs <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.5 2.3.6 July 3, 2026
countdown-timer-block countdown-timer-block
91
Countdown Timer <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.5 July 3, 2026
continue-shopping-from-cart-page continue-shopping-from-cart-page
91
Continue Shopping From Cart <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 3, 2026
autolisticle-automatically-update-numbered-list-articles autolisticle-automatically-update-numbered-list-articles
93
AutoListicle: Automatically Update Numbered List Articles <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.3 1.2.4 July 3, 2026
ai-quiz ai-quiz
95
AI Quiz <= 1.1 - Missing Authorization LOW *-1.1 July 3, 2026
ahmeti-wp-guzel-sozler ahmeti-wp-guzel-sozler
95
Ahmeti Wp Güzel Sözler <= 4.0 - Cross-Site Request Forgery LOW *-4.0 July 3, 2026
advanced-event-manager advanced-event-manager
95
Advanced Event Manager <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.6 July 3, 2026
simply-gallery-block simply-gallery-block N/A Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-3.2.4.2 3.2.4.3 July 3, 2026
easy-twitter-feeds easy-twitter-feeds
93
Easy Twitter Feed – Twitter feeds plugin for WP <= 1.2.6 - Authenticated (Contributor+) Post Exposure LOW *-1.2.6 1.2.7 July 3, 2026
sky-elementor-addons sky-elementor-addons N/A Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update LOW *-2.6.2 2.6.3 July 3, 2026
sky-elementor-addons sky-elementor-addons N/A Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update LOW *-2.6.1 2.6.2 July 3, 2026
popup-builder popup-builder N/A Popup Builder <= 4.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.3.4 4.3.5 July 3, 2026
mailmunch mailmunch
93
MailMunch – Grow your Email List <= 3.1.8 - Reflected Cross-Site Scripting LOW *-3.1.8 3.2.0 July 3, 2026
luckywp-table-of-contents luckywp-table-of-contents
93
LuckyWP Table of Contents <= 2.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.1.6 2.1.7 July 3, 2026
learnpress learnpress
93
LearnPress <= 4.2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.2.7.1 4.2.7.2 July 3, 2026
learnpress learnpress
93
LearnPress <= 4.2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.2.7.1 4.2.7.2 July 3, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor kadence-blocks
91
Kadence Blocks <= 3.2.53 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.2.53 3.2.54 July 3, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor kadence-blocks
91
Kadence Blocks <= 3.2.53 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.53 3.2.54 July 3, 2026
control-horas control-horas
91
Control horas <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 3, 2026
ajax-search-lite ajax-search-lite
97
Ajax Search Lite <= 4.12.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.12.3 4.12.4 July 3, 2026
AI Engine – The Chatbot, AI Framework & MCP for WordPress ai-engine
82
AI Engine <= 2.6.3 - Authenticated (Admin+) SQL Injection LOW *-2.6.3 2.6.5 July 3, 2026
my-contador-wp my-contador-wp
93
My Contador lesr <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export LOW *-2.0 2.1 July 3, 2026
aryo-activity-log aryo-activity-log
97
Activity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context LOW *-2.11.1 2.11.2 July 3, 2026
beds24-online-booking beds24-online-booking
93
Beds24 Online Booking <= 2.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via beds24-link Shortcode LOW *-2.0.27 2.0.28 July 3, 2026
bard-extra bard-extra
93
Bard Extra <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import LOW *-1.2.7 1.2.8 July 3, 2026
co-marquage-service-public co-marquage-service-public
91
Co-marquage service-public.fr <= 0.5.76 - Reflected Cross-Site Scripting via add_query_arg Parameter LOW *-0.5.76 0.5.77 July 3, 2026
lock-user-account lock-user-account
91
Lock User Account <= 1.0.5 - User Lock Bypass LOW *-1.0.5 July 3, 2026
page-parts page-parts
93
Page Parts <= 1.4.3 - Reflected Cross-Site Scripting LOW *-1.4.3 1.4.4 July 3, 2026
security-force security-force N/A Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting LOW *-1.1.6 July 3, 2026
subaccounts-for-woocommerce subaccounts-for-woocommerce N/A Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting LOW *-1.6.0 1.6.1 July 3, 2026
include-mastodon-feed include-mastodon-feed
93
Include Mastodon Feed <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.4 1.9.6 July 3, 2026
suevafree-essential-kit suevafree-essential-kit N/A SuevaFree Essential Kit <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.3 1.1.4 July 3, 2026
salavat-counter salavat-counter N/A salavat counter Plugin <= 0.9.4 - Reflected Cross-Site Scripting LOW *-0.9.4 0.9.5 July 3, 2026
recipepress-reloaded recipepress-reloaded N/A RecipePress Reloaded <= 2.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.12.0 July 3, 2026
grey-owl-lightbox grey-owl-lightbox
93
Grey Owl Lightbox <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.1 2.0.0 July 3, 2026
grid-view-gallery grid-view-gallery
91
Grid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object Injection LOW *-1.0 July 3, 2026
f4-improvements f4-improvements
91
F4 Improvements <= 1.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-1.9.0 July 3, 2026
shine-pdf shine-pdf N/A Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
lazy-load-videos-and-sticky-control lazy-load-videos-and-sticky-control
91
Lazy load videos and sticky control <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.0 July 3, 2026
friendly-functions-for-welcart friendly-functions-for-welcart
93
Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-1.2.4 1.2.5 July 3, 2026
bulletin-announcements bulletin-announcements
93
Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting LOW *-3.11.7 3.12 July 3, 2026
dino-game dino-game
93
Dino Game – Embed Google Chrome Dinosaur Game in WordPress <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 1.2.0 July 3, 2026
product-designer product-designer N/A Product Designer <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-1.0.36 1.0.37 July 3, 2026
slick-sitemap slick-sitemap N/A Slick Sitemap <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.0 July 3, 2026
peepso-core peepso-core N/A Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App <=7.0.3.0 - Reflected Cross-Site Scripting LOW *-7.0.3.0 7.0.4.0 July 3, 2026
tailored-tools tailored-tools N/A Tailored Tools <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.4 July 3, 2026
stream-status-for-twitch stream-status-for-twitch N/A StreamWeasels Online Status Bar <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.9 2.1.10 July 3, 2026
stratum stratum N/A Stratum – Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates LOW *-1.4.4 1.4.5 July 3, 2026
sticky-social-icons sticky-social-icons N/A Sticky Social Icons <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.1 July 3, 2026
sp-blog-designer sp-blog-designer N/A SP Blog Designer <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion LOW *-1.0.0 July 3, 2026
sky-elementor-addons sky-elementor-addons N/A Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template LOW *-2.6.1 2.6.2 July 3, 2026
simple-membership simple-membership N/A Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor LOW *-4.5.5 4.5.6 July 3, 2026
shopready-elementor-addon shopready-elementor-addon N/A Shopready <= 3.5 - Authenticated (Contributor+) Local File Inclusion LOW *-3.5 July 3, 2026
pure-css-circle-progress-bar pure-css-circle-progress-bar N/A Pure CSS Circle Progress bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2 July 3, 2026
pricing-table-addon-for-elementor pricing-table-addon-for-elementor N/A Pricing table addon for elementor <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion LOW *-1.0.0 July 3, 2026
pathomation pathomation N/A Pathomation <= 2.5.1 - Unauthenticated Arbitrary File Upload LOW *-2.5.1 July 3, 2026
office-locator office-locator
89
Office Locator <= 1.3.0 - Authenticated (Contributor+) Local File Inclusion LOW *-1.3.0 July 3, 2026
meteor-slides meteor-slides
89
Meteor Slides <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.5.7 July 3, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor kadence-blocks
91
Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.3.3 3.3.4 July 3, 2026
imbachat-widget imbachat-widget
91
ImbaChat <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.4 July 3, 2026
image-horizontal-reel-scroll-slideshow image-horizontal-reel-scroll-slideshow
91
Image horizontal reel scroll slideshow <= 13.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-13.4 July 3, 2026
if-so if-so
93
If-So Dynamic Content Personalization <= 1.9.2.1 - Authenticated (Contributor+) Post Disclosure LOW *-1.9.2.1 1.9.2.2 July 3, 2026
happyforms happyforms
93
Happyforms <= 1.26.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.26.2 1.26.3 July 3, 2026
dynamic-to-top dynamic-to-top
91
Dynamic "To Top" 3.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW 3.5.2 July 3, 2026
distance-based-shipping-calculator distance-based-shipping-calculator
93
Distance Based Shipping Calculator <= 2.0.23 - Authenticated (Subscriber+) SQL Injection LOW *-2.0.23 2.0.24 July 3, 2026
contest-code-checker contest-code-checker
91
Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting LOW *-2.0.3 2.0.4 July 3, 2026
cf7-email-add-on cf7-email-add-on
93
Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion LOW *-1.9 2.0 July 3, 2026
button-block button-block
93
Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure LOW *-1.1.4 1.1.5 July 3, 2026
bsk-gravity-forms-custom-validation bsk-gravity-forms-custom-validation
93
BSK Forms Validation <= 1.7 - Reflected Cross-Site Scripting LOW *-1.7 1.8 July 3, 2026
branda-white-labeling branda-white-labeling
93
Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting LOW *-3.4.21 3.4.22 July 3, 2026
Block Editor Bootstrap Blocks block-editor-bootstrap-blocks
98
Block Editor Bootstrap Blocks <= 6.6.1 - Reflected Cross-Site Scripting via tab LOW *-6.6.1 6.6.2 July 3, 2026
anonymous-restricted-content anonymous-restricted-content
97
Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-1.6.5 1.6.6 July 3, 2026
affiliate-toolkit-starter affiliate-toolkit-starter
95
affiliate-toolkit <= 3.6.7 - Reflected Cross-Site Scripting LOW *-3.6.7 3.6.8 July 3, 2026
Add Chat App Button add-whatsapp-button
99
Add Chat App Button <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.5 2.1.8 July 3, 2026
absolute-addons absolute-addons
95
Absolute Addons For Elementor <= 1.0.14 - Authenticated (Contributor+) Local File Inclusion LOW *-1.0.14 July 3, 2026
Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform sugar-calendar-lite N/A Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting LOW *-3.3.0 3.4.0 July 3, 2026
gd-bbpress-attachments gd-bbpress-attachments
93
GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting LOW *-4.7.2 4.7.3 July 3, 2026
gd-rating-system gd-rating-system
93
GD Rating System <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via extra_class Parameter LOW *-3.6.1 3.6.2 July 3, 2026
system-dashboard system-dashboard N/A System Dashboard <= 2.8.14 - Unauthenticated Stored Cross-Site Scripting LOW *-2.8.14 2.8.15 July 3, 2026
system-dashboard system-dashboard N/A System Dashboard <= 2.8.14 - Authenticated (Admin+) Arbitrary File Read LOW *-2.8.14 2.8.15 July 3, 2026
sirv sirv N/A Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion LOW *-7.3.0 7.3.1 July 3, 2026
save-as-pdf-by-pdfcrowd save-as-pdf-by-pdfcrowd N/A Save as PDF Plugin by Pdfcrowd <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.2.1 4.2.2 July 3, 2026
revisionary revisionary N/A PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure LOW *-3.5.15 3.5.16 July 3, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion LOW *-5.9.3.6 5.9.3.7 July 3, 2026
portfolio-builder-elementor portfolio-builder-elementor N/A Elementor Portfolio Builder <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 3, 2026
LOW

lastudio-element-kit

lastudio-element-kit

Score: 93/100 LA-Studio Element Kit for Elementor <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.4.2 Patched: 1.4.3 Updated: July 3, 2026
LOW

kevins-plugin

kevins-plugin

Score: 93/100 Kevin's <= 2.0.0 - Cross-Site Request Forgery Affected: *-2.0.0 Patched: 2.0.1 Updated: July 3, 2026
LOW

jobboardwp

jobboardwp

Score: 93/100 JobBoardWP – Job Board Listings and Submissions <= 1.3.0 - Reflected Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: July 3, 2026
LOW

iteras

iteras

Score: 93/100 ITERAS <= 1.8.0 - Cross-Site Request Forgery Affected: *-1.8.0 Patched: 1.8.1 Updated: July 3, 2026
LOW

image-widget

image-widget

Score: 93/100 Image Widget <= 4.4.10 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.4.10 Patched: 4.4.11 Updated: July 3, 2026
LOW

icestats

icestats

Score: 91/100 IceStats <= 1.3 - Cross-Site Request Forgery Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

hotlink2watermark

hotlink2watermark

Score: 91/100 Hotlink2Watermark <= 0.3.2 - Cross-Site Request Forgery Affected: *-0.3.2 Patched: Updated: July 3, 2026
LOW

hits-counter

hits-counter

Score: 91/100 Post Hits Counter <= 2.8.23 - Reflected Cross-Site Scripting Affected: *-2.8.23 Patched: Updated: July 3, 2026
LOW

hipaatizer

hipaatizer

Score: 93/100 HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.4 Patched: 1.3.5 Updated: July 3, 2026
LOW

gym-management

gym-management

Score: 83/100 WPGYM <= 67.1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-67.1.0 Patched: 67.2.0 Updated: July 3, 2026
LOW

google-plus-share-and-plusone-button

google-plus-share-and-plusone-button

Score: 91/100 Google Plus Share and +1 Button <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

generic-elements-for-elementor

generic-elements-for-elementor

Score: 89/100 Generic Elements <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.5 Patched: 1.2.6 Updated: July 3, 2026
LOW

fwdmsp

fwdmsp

Score: 93/100 MP3 Sticky Player <= 8.0 - Unauthenticated Arbitrary File Read/Download Affected: *-8.0 Patched: 8.0 Updated: July 3, 2026
LOW

favicon-my-blog

favicon-my-blog

Score: 91/100 Favicon My Blog <= 1.0.2 - Cross-Site Request Forgery Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

easy-liveblogs

easy-liveblogs

Score: 93/100 Easy Liveblogs <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.5 Patched: 2.3.6 Updated: July 3, 2026
LOW

countdown-timer-block

countdown-timer-block

Score: 91/100 Countdown Timer <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 3, 2026
LOW

continue-shopping-from-cart-page

continue-shopping-from-cart-page

Score: 91/100 Continue Shopping From Cart <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

autolisticle-automatically-update-numbered-list-articles

autolisticle-automatically-update-numbered-list-articles

Score: 93/100 AutoListicle: Automatically Update Numbered List Articles <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: July 3, 2026
LOW

ai-quiz

ai-quiz

Score: 95/100 AI Quiz <= 1.1 - Missing Authorization Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

ahmeti-wp-guzel-sozler

ahmeti-wp-guzel-sozler

Score: 95/100 Ahmeti Wp Güzel Sözler <= 4.0 - Cross-Site Request Forgery Affected: *-4.0 Patched: Updated: July 3, 2026
LOW

advanced-event-manager

advanced-event-manager

Score: 95/100 Advanced Event Manager <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.6 Patched: Updated: July 3, 2026
LOW

simply-gallery-block

simply-gallery-block

Score: N/A Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.2.4.2 Patched: 3.2.4.3 Updated: July 3, 2026
LOW

easy-twitter-feeds

easy-twitter-feeds

Score: 93/100 Easy Twitter Feed – Twitter feeds plugin for WP <= 1.2.6 - Authenticated (Contributor+) Post Exposure Affected: *-1.2.6 Patched: 1.2.7 Updated: July 3, 2026
LOW

sky-elementor-addons

sky-elementor-addons

Score: N/A Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update Affected: *-2.6.2 Patched: 2.6.3 Updated: July 3, 2026
LOW

sky-elementor-addons

sky-elementor-addons

Score: N/A Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update Affected: *-2.6.1 Patched: 2.6.2 Updated: July 3, 2026
LOW

popup-builder

popup-builder

Score: N/A Popup Builder <= 4.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.3.4 Patched: 4.3.5 Updated: July 3, 2026
LOW

mailmunch

mailmunch

Score: 93/100 MailMunch – Grow your Email List <= 3.1.8 - Reflected Cross-Site Scripting Affected: *-3.1.8 Patched: 3.2.0 Updated: July 3, 2026
LOW

luckywp-table-of-contents

luckywp-table-of-contents

Score: 93/100 LuckyWP Table of Contents <= 2.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: July 3, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress <= 4.2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.2.7.1 Patched: 4.2.7.2 Updated: July 3, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress <= 4.2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.2.7.1 Patched: 4.2.7.2 Updated: July 3, 2026
LOW

control-horas

control-horas

Score: 91/100 Control horas <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

ajax-search-lite

ajax-search-lite

Score: 97/100 Ajax Search Lite <= 4.12.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.12.3 Patched: 4.12.4 Updated: July 3, 2026
LOW

my-contador-wp

my-contador-wp

Score: 93/100 My Contador lesr <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export Affected: *-2.0 Patched: 2.1 Updated: July 3, 2026
LOW

aryo-activity-log

aryo-activity-log

Score: 97/100 Activity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context Affected: *-2.11.1 Patched: 2.11.2 Updated: July 3, 2026
LOW

beds24-online-booking

beds24-online-booking

Score: 93/100 Beds24 Online Booking <= 2.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via beds24-link Shortcode Affected: *-2.0.27 Patched: 2.0.28 Updated: July 3, 2026
LOW

bard-extra

bard-extra

Score: 93/100 Bard Extra <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import Affected: *-1.2.7 Patched: 1.2.8 Updated: July 3, 2026
LOW

co-marquage-service-public

co-marquage-service-public

Score: 91/100 Co-marquage service-public.fr <= 0.5.76 - Reflected Cross-Site Scripting via add_query_arg Parameter Affected: *-0.5.76 Patched: 0.5.77 Updated: July 3, 2026
LOW

lock-user-account

lock-user-account

Score: 91/100 Lock User Account <= 1.0.5 - User Lock Bypass Affected: *-1.0.5 Patched: Updated: July 3, 2026
LOW

page-parts

page-parts

Score: 93/100 Page Parts <= 1.4.3 - Reflected Cross-Site Scripting Affected: *-1.4.3 Patched: 1.4.4 Updated: July 3, 2026
LOW

security-force

security-force

Score: N/A Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting Affected: *-1.1.6 Patched: Updated: July 3, 2026
LOW

subaccounts-for-woocommerce

subaccounts-for-woocommerce

Score: N/A Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting Affected: *-1.6.0 Patched: 1.6.1 Updated: July 3, 2026
LOW

include-mastodon-feed

include-mastodon-feed

Score: 93/100 Include Mastodon Feed <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.4 Patched: 1.9.6 Updated: July 3, 2026
LOW

suevafree-essential-kit

suevafree-essential-kit

Score: N/A SuevaFree Essential Kit <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: 1.1.4 Updated: July 3, 2026
LOW

salavat-counter

salavat-counter

Score: N/A salavat counter Plugin <= 0.9.4 - Reflected Cross-Site Scripting Affected: *-0.9.4 Patched: 0.9.5 Updated: July 3, 2026
LOW

recipepress-reloaded

recipepress-reloaded

Score: N/A RecipePress Reloaded <= 2.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.12.0 Patched: Updated: July 3, 2026
LOW

grey-owl-lightbox

grey-owl-lightbox

Score: 93/100 Grey Owl Lightbox <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: 2.0.0 Updated: July 3, 2026
LOW

grid-view-gallery

grid-view-gallery

Score: 91/100 Grid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object Injection Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

f4-improvements

f4-improvements

Score: 91/100 F4 Improvements <= 1.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.9.0 Patched: Updated: July 3, 2026
LOW

shine-pdf

shine-pdf

Score: N/A Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

lazy-load-videos-and-sticky-control

lazy-load-videos-and-sticky-control

Score: 91/100 Lazy load videos and sticky control <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.0 Patched: Updated: July 3, 2026
LOW

friendly-functions-for-welcart

friendly-functions-for-welcart

Score: 93/100 Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-1.2.4 Patched: 1.2.5 Updated: July 3, 2026
LOW

bulletin-announcements

bulletin-announcements

Score: 93/100 Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting Affected: *-3.11.7 Patched: 3.12 Updated: July 3, 2026
LOW

dino-game

dino-game

Score: 93/100 Dino Game – Embed Google Chrome Dinosaur Game in WordPress <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.2.0 Updated: July 3, 2026
LOW

product-designer

product-designer

Score: N/A Product Designer <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.0.36 Patched: 1.0.37 Updated: July 3, 2026
LOW

slick-sitemap

slick-sitemap

Score: N/A Slick Sitemap <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 3, 2026
LOW

peepso-core

peepso-core

Score: N/A Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App <=7.0.3.0 - Reflected Cross-Site Scripting Affected: *-7.0.3.0 Patched: 7.0.4.0 Updated: July 3, 2026
LOW

tailored-tools

tailored-tools

Score: N/A Tailored Tools <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.4 Patched: Updated: July 3, 2026
LOW

stream-status-for-twitch

stream-status-for-twitch

Score: N/A StreamWeasels Online Status Bar <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.9 Patched: 2.1.10 Updated: July 3, 2026
LOW

stratum

stratum

Score: N/A Stratum – Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates Affected: *-1.4.4 Patched: 1.4.5 Updated: July 3, 2026
LOW

sticky-social-icons

sticky-social-icons

Score: N/A Sticky Social Icons <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 3, 2026
LOW

sp-blog-designer

sp-blog-designer

Score: N/A SP Blog Designer <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

sky-elementor-addons

sky-elementor-addons

Score: N/A Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template Affected: *-2.6.1 Patched: 2.6.2 Updated: July 3, 2026
LOW

simple-membership

simple-membership

Score: N/A Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor Affected: *-4.5.5 Patched: 4.5.6 Updated: July 3, 2026
LOW

shopready-elementor-addon

shopready-elementor-addon

Score: N/A Shopready <= 3.5 - Authenticated (Contributor+) Local File Inclusion Affected: *-3.5 Patched: Updated: July 3, 2026
LOW

pure-css-circle-progress-bar

pure-css-circle-progress-bar

Score: N/A Pure CSS Circle Progress bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

pricing-table-addon-for-elementor

pricing-table-addon-for-elementor

Score: N/A Pricing table addon for elementor <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

pathomation

pathomation

Score: N/A Pathomation <= 2.5.1 - Unauthenticated Arbitrary File Upload Affected: *-2.5.1 Patched: Updated: July 3, 2026
LOW

office-locator

office-locator

Score: 89/100 Office Locator <= 1.3.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.3.0 Patched: Updated: July 3, 2026
LOW

meteor-slides

meteor-slides

Score: 89/100 Meteor Slides <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.7 Patched: Updated: July 3, 2026
LOW

imbachat-widget

imbachat-widget

Score: 91/100 ImbaChat <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.4 Patched: Updated: July 3, 2026
LOW

image-horizontal-reel-scroll-slideshow

image-horizontal-reel-scroll-slideshow

Score: 91/100 Image horizontal reel scroll slideshow <= 13.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-13.4 Patched: Updated: July 3, 2026
LOW

if-so

if-so

Score: 93/100 If-So Dynamic Content Personalization <= 1.9.2.1 - Authenticated (Contributor+) Post Disclosure Affected: *-1.9.2.1 Patched: 1.9.2.2 Updated: July 3, 2026
LOW

happyforms

happyforms

Score: 93/100 Happyforms <= 1.26.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.26.2 Patched: 1.26.3 Updated: July 3, 2026
LOW

dynamic-to-top

dynamic-to-top

Score: 91/100 Dynamic "To Top" 3.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: 3.5.2 Patched: Updated: July 3, 2026
LOW

distance-based-shipping-calculator

distance-based-shipping-calculator

Score: 93/100 Distance Based Shipping Calculator <= 2.0.23 - Authenticated (Subscriber+) SQL Injection Affected: *-2.0.23 Patched: 2.0.24 Updated: July 3, 2026
LOW

contest-code-checker

contest-code-checker

Score: 91/100 Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting Affected: *-2.0.3 Patched: 2.0.4 Updated: July 3, 2026
LOW

cf7-email-add-on

cf7-email-add-on

Score: 93/100 Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.9 Patched: 2.0 Updated: July 3, 2026
LOW

button-block

button-block

Score: 93/100 Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure Affected: *-1.1.4 Patched: 1.1.5 Updated: July 3, 2026
LOW

bsk-gravity-forms-custom-validation

bsk-gravity-forms-custom-validation

Score: 93/100 BSK Forms Validation <= 1.7 - Reflected Cross-Site Scripting Affected: *-1.7 Patched: 1.8 Updated: July 3, 2026
LOW

branda-white-labeling

branda-white-labeling

Score: 93/100 Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting Affected: *-3.4.21 Patched: 3.4.22 Updated: July 3, 2026
LOW

Block Editor Bootstrap Blocks

block-editor-bootstrap-blocks

Score: 98/100 Block Editor Bootstrap Blocks <= 6.6.1 - Reflected Cross-Site Scripting via tab Affected: *-6.6.1 Patched: 6.6.2 Updated: July 3, 2026
LOW

anonymous-restricted-content

anonymous-restricted-content

Score: 97/100 Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-1.6.5 Patched: 1.6.6 Updated: July 3, 2026
LOW

affiliate-toolkit-starter

affiliate-toolkit-starter

Score: 95/100 affiliate-toolkit <= 3.6.7 - Reflected Cross-Site Scripting Affected: *-3.6.7 Patched: 3.6.8 Updated: July 3, 2026
LOW

Add Chat App Button

add-whatsapp-button

Score: 99/100 Add Chat App Button <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.5 Patched: 2.1.8 Updated: July 3, 2026
LOW

absolute-addons

absolute-addons

Score: 95/100 Absolute Addons For Elementor <= 1.0.14 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.0.14 Patched: Updated: July 3, 2026
LOW

gd-bbpress-attachments

gd-bbpress-attachments

Score: 93/100 GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting Affected: *-4.7.2 Patched: 4.7.3 Updated: July 3, 2026
LOW

gd-rating-system

gd-rating-system

Score: 93/100 GD Rating System <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via extra_class Parameter Affected: *-3.6.1 Patched: 3.6.2 Updated: July 3, 2026
LOW

system-dashboard

system-dashboard

Score: N/A System Dashboard <= 2.8.14 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.8.14 Patched: 2.8.15 Updated: July 3, 2026
LOW

system-dashboard

system-dashboard

Score: N/A System Dashboard <= 2.8.14 - Authenticated (Admin+) Arbitrary File Read Affected: *-2.8.14 Patched: 2.8.15 Updated: July 3, 2026
LOW

sirv

sirv

Score: N/A Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion Affected: *-7.3.0 Patched: 7.3.1 Updated: July 3, 2026
LOW

save-as-pdf-by-pdfcrowd

save-as-pdf-by-pdfcrowd

Score: N/A Save as PDF Plugin by Pdfcrowd <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.1 Patched: 4.2.2 Updated: July 3, 2026
LOW

revisionary

revisionary

Score: N/A PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-3.5.15 Patched: 3.5.16 Updated: July 3, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion Affected: *-5.9.3.6 Patched: 5.9.3.7 Updated: July 3, 2026
LOW

portfolio-builder-elementor

portfolio-builder-elementor

Score: N/A Elementor Portfolio Builder <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 3, 2026

Showing 11301 to 11400 of 26625 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 04:48 UTC.