Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

87

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
go-to-top go-to-top
91
Go To Top <= 0.0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.0.8 July 3, 2026
gnupress gnupress
91
GNUPress <= 0.2.9 - Reflected Cross-Site Scripting LOW *-0.2.9 July 3, 2026
gnucommerce gnucommerce
89
GNUCommerce <= 1.5.4 - Reflected Cross-Site Scripting LOW *-1.5.4 July 3, 2026
ftp-sync ftp-sync
91
FTP Sync <= 1.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.6 July 3, 2026
frontpage-category-filter frontpage-category-filter
91
Frontpage category filter <= 1.0.2 - Cross-Site Request Forgery LOW *-1.0.2 July 3, 2026
finale-woocommerce-sales-countdown-timer-discount finale-woocommerce-sales-countdown-timer-discount
91
Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer LOW *-2.19.0 2.20.0 July 3, 2026
featured-posts-grid featured-posts-grid
91
Featured Posts Grid <= 1.7 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.7 July 3, 2026
event-post event-post
91
Event post <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.9.8 5.9.9 July 3, 2026
easy-image-display easy-image-display
91
Easy Image Display <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.5 July 3, 2026
dp-alterminator-missing-alt-manager dp-alterminator-missing-alt-manager
91
DP ALTerminator - Missing ALT manager <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.2 July 3, 2026
domain-theme domain-theme
91
Domain Theme <= 1.3 - Cross-Site Request Forgery LOW *-1.3 July 3, 2026
display-template-name display-template-name
91
Display Template Name <= 1.7.1 - Cross-Site Request Forgery LOW *-1.7.1 July 3, 2026
delete-original-image delete-original-image
91
Delete Original Image <= 0.4 - Cross-Site Request Forgery LOW *-0.4 July 3, 2026
custom-top-bar custom-top-bar
91
Custom top bar <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.2 July 3, 2026
custom-dashboard-page custom-dashboard-page
91
Custom Dashboard Page <= 1.0 - Cross-Site Request Forgery LOW *-1.0 July 3, 2026
contact-form-7-select-box-editor-button contact-form-7-select-box-editor-button
91
Contact Form 7 Select Box Editor Button <= 0.6 - Cross-Site Request Forgery LOW *-0.6 July 3, 2026
cf7-builder cf7-builder
91
Builder for Contact Form 7 by Webconstruct <= 1.2.2 - Cross-Site Request Forgery LOW *-1.2.2 July 3, 2026
bp-email-assign-templates bp-email-assign-templates
93
BP Email Assign Templates <= 1.7 - Authenticated (Admin+) Arbitrary Option Deletion LOW *-1.7 1.8 July 3, 2026
bp-email-assign-templates bp-email-assign-templates
93
BP Email Assign Templates <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6 1.7 July 3, 2026
blog-stats-by-w3counter blog-stats-by-w3counter
91
W3Counter Free Real-Time Web Stats <= 4.1 - Cross-Site Request Forgery LOW *-4.1 July 3, 2026
block-spam-by-math-reloaded block-spam-by-math-reloaded
89
Block Spam By Math Reloaded <= 2.2.4 - Missing Authorization LOW *-2.2.4 July 3, 2026
block-spam-by-math-reloaded block-spam-by-math-reloaded
89
Block Spam By Math Reloaded <= 2.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.2.4 July 3, 2026
bee-layer-slider bee-layer-slider
91
Bee Layer Slider <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 3, 2026
backtotop backtotop
91
Back To Top <= 2.0 - Cross-Site Request Forgery LOW *-2.0 July 3, 2026
awesome-surveys awesome-surveys
91
Awesome Surveys <= 2.0.10 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-2.0.10 July 3, 2026
as-english-admin as-english-admin
95
AS English Admin <= 1.0.0 - Open Redirection LOW *-1.0.0 July 3, 2026
another-events-calendar another-events-calendar
95
Another Events Calendar <= 1.7.0 - Reflected Cross-Site Scripting LOW *-1.7.0 July 3, 2026
amocrm-webform amocrm-webform
95
amoCRM WebForm <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 3, 2026
accounting-for-woocommerce accounting-for-woocommerce
97
Accounting for WooCommerce <=1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.8 1.6.9 July 3, 2026
productdyno productdyno N/A ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting via 'res' Parameter LOW *-1.0.24 1.0.25 July 3, 2026
woocommerce-products-filter woocommerce-products-filter N/A HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion LOW *-1.3.6.5 1.3.6.6 July 3, 2026
qubely qubely N/A Qubely – Advanced Gutenberg Blocks <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_content LOW *-1.8.13 1.8.14 July 3, 2026
photo-gallery photo-gallery N/A Photo Gallery by 10Web <= 1.8.33 - Unauthenticated Stored Cross-Site Scripting LOW *-1.8.33 1.8.34 July 3, 2026
currency-switcher currency-switcher
93
WPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution LOW *-1.2.0.4 1.2.0.5 July 3, 2026
appsero-helper appsero-helper
97
Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3.2 1.3.3 July 3, 2026
pagelayer pagelayer
93
Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification LOW *-1.9.8 1.9.9 July 3, 2026
wpbookit wpbookit N/A WPBookit <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.1 1.0.2 July 3, 2026
xpro-elementor-addons xpro-elementor-addons N/A 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.6.7 1.4.6.8 July 3, 2026
slingblocks slingblocks N/A SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.0 1.6.0 July 3, 2026
wp-recall wp-recall N/A WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Unauthenticated SQL Injection LOW *-16.26.10 16.26.12 July 3, 2026
wp-recall wp-recall N/A WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuction LOW *-16.26.10 16.26.12 July 3, 2026
bws-smtp bws-smtp
93
SMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload LOW *-1.1.9 1.2.0 July 3, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App post-smtp
87
Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter LOW *-3.1.2 3.1.3 July 3, 2026
Gallery by FooGallery foogallery
82
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size LOW *-2.4.29 2.4.30 July 3, 2026
Gallery by FooGallery foogallery
82
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates LOW *-2.4.29 2.4.30 July 3, 2026
shortcode-cleaner-lite shortcode-cleaner-lite N/A Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export LOW *-1.0.9 July 3, 2026
allow-php-execute allow-php-execute
95
Allow PHP Execute <= 1.0 - Authenticated (Editor+) PHP Code Injection LOW *-1.0 July 3, 2026
post-meta-data-manager post-meta-data-manager N/A Post Meta Data Manager <= 1.4.4 - Authentciated (Admin+) Multisite Privilege Escalation LOW *-1.4.4 July 3, 2026
years-since years-since N/A Years Since – Timeless <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.1 July 3, 2026
code-snippets-cpt code-snippets-cpt
91
Code Snippets CPT <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution LOW *-2.1.0 July 3, 2026
wish-list-for-woocommerce wish-list-for-woocommerce N/A Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name LOW *-3.1.7 3.1.8 July 3, 2026
wp-recall wp-recall N/A WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-16.26.10 16.26.12 July 3, 2026
wp-recall wp-recall N/A WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure LOW *-16.26.10 16.26.12 July 3, 2026
woocommerce-delivery-notes woocommerce-delivery-notes N/A Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-5.4.1 5.5.0 July 3, 2026
widgetkit-for-elementor widgetkit-for-elementor N/A All-in-One Addons for Elementor – WidgetKit <= 2.5.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates LOW *-2.5.5 July 3, 2026
wc-checkout-getnet wc-checkout-getnet N/A Plugin Oficial – Getnet para WooCommerce <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.8.0 1.8.1 July 3, 2026
wc-checkout-getnet wc-checkout-getnet N/A Plugin Oficial – Getnet para WooCommerce <= 1.8.0 - Reflected Cross-Site Scripting LOW *-1.8.0 1.8.1 July 3, 2026
vikrentcar vikrentcar N/A VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.4.2 1.4.3 July 3, 2026
the-plus-addons-for-elementor-page-builder the-plus-addons-for-elementor-page-builder N/A The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets LOW *-6.2.2 6.2.3 July 3, 2026
product-input-fields-for-woocommerce product-input-fields-for-woocommerce N/A Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload LOW *-1.12.0 1.12.1 July 3, 2026
post-lockdown post-lockdown N/A Post Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure LOW *-4.0.2 4.0.3 July 3, 2026
miniorange-login-openid miniorange-login-openid
91
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass LOW *-200.3.9 200.3.10 July 3, 2026
javo-core javo-core
86
Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup LOW *-3.0.0.080 3.0.0.266 July 3, 2026
ht-mega-for-elementor ht-mega-for-elementor
93
HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget LOW *-2.8.2 2.8.3 July 3, 2026
gallery-styles gallery-styles
93
Gallery Styles <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.4 1.3.5 July 3, 2026
essential-blocks essential-blocks
93
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.3.1 5.3.2 July 3, 2026
aiomatic-automatic-ai-content-writer aiomatic-automatic-ai-content-writer
97
Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions LOW *-2.3.6 2.3.7 July 3, 2026
GEO Plugin by Squirrly SEO squirrly-seo N/A SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter LOW *-12.4.05 12.4.06 July 3, 2026
related-post related-post N/A Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW 2.0.59 2.0.60 July 3, 2026
vk-blocks vk-blocks N/A VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure LOW *-1.94.2.2 1.95.0.3 July 3, 2026
wpgetapi wpgetapi N/A WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery LOW *-2.2.10 2.25.1 July 3, 2026
supportcandy supportcandy N/A SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference LOW *-3.3.0 3.3.1 July 3, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin simply-schedule-appointments N/A Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting LOW *-1.6.8.3 1.6.8.5 July 3, 2026
fwduvp fwduvp
89
Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download LOW *-10.0 10.1 July 3, 2026
eventer eventer
89
Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id LOW *-3.9.9.2 3.9.9.3 July 3, 2026
hmapsprem hmapsprem
91
Hero Maps Premium - Customizable Google Maps Plugin <= 2.3.9 - Authenticated (Subscriber+) SQL Injection LOW *-2.3.9 July 3, 2026
iwjob iwjob
89
InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset LOW *-3.5.1 July 3, 2026
EventPrime – Events Calendar, Bookings and Tickets eventprime-event-calendar-management
74
EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export LOW *-4.0.7.3 4.0.7.4 July 3, 2026
wpcom-member wpcom-member N/A WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone' LOW *-1.7.5 1.7.6 July 3, 2026
woocommerce-multi-currency woocommerce-multi-currency N/A CURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL Injection LOW *-2.3.6 2.3.7 July 3, 2026
wishlist wishlist N/A Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.43 1.0.44 July 3, 2026
uipress-lite uipress-lite N/A UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-3.5.04 3.5.05 July 3, 2026
solace-extra solace-extra N/A Solace Extra <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.3.0 1.3.1 July 3, 2026
school-management school-management N/A School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task' LOW *-92.0.0 93.0.0 July 3, 2026
school-management school-management N/A School Management System for Wordpress <= 92.0.0 - Authenticated (Student+) SQL Injection via 'view-attendance' LOW *-92.0.0 93.0.0 July 3, 2026
school-management school-management N/A School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting LOW *-93.0.0 July 3, 2026
school-management school-management N/A School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion LOW *-93.0.0 July 3, 2026
school-management school-management N/A School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation LOW *-93.0.0 July 3, 2026
platformly-for-woocommerce platformly-for-woocommerce N/A Platform.ly for WooCommerce <= 1.1.6 - Unauthenticated Blind Server-Side Request Forgery LOW *-1.1.6 1.1.7 July 3, 2026
MailPoet – Newsletters, Email Marketing, and Automation mailpoet
91
MailPoet <= 5.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.5.1 5.5.2 July 3, 2026
ip-based-login ip-based-login
93
IP Based Login <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.4.0 2.4.1 July 3, 2026
ip-based-login ip-based-login
93
IP Based Login <= 2.4.0 - Cross-Site Request forgery to Log Deletion LOW *-2.4.0 2.4.1 July 3, 2026
gallery-plugin gallery-plugin
93
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection LOW *-4.7.3 4.7.4 July 3, 2026
flexmls-idx flexmls-idx
93
Flexmls® IDX <= 3.14.27 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.14.28 3.14.29 July 3, 2026
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution file-manager-advanced
66
Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload LOW *-5.2.14 5.3.0 July 3, 2026
event-tickets-with-ticket-scanner event-tickets-with-ticket-scanner
93
Event Tickets with Ticket Scanner <= 2.5.3 - Cross-Site Request Forgery to Arbitrary Ticket Deletion LOW *-2.5.3 2.5.4 July 3, 2026
ditty-news-ticker ditty-news-ticker
93
Ditty <= 3.1.51 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-3.1.51 3.1.52 July 3, 2026
cs-framework cs-framework
91
CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-7.0 7.1 July 3, 2026
cs-framework cs-framework
91
CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read LOW *-7.1 July 3, 2026
aweber-web-form-widget aweber-web-form-widget
93
AWeber <= 7.3.20 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-7.3.20 7.3.21 July 3, 2026
LOW

go-to-top

go-to-top

Score: 91/100 Go To Top <= 0.0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.0.8 Patched: Updated: July 3, 2026
LOW

gnupress

gnupress

Score: 91/100 GNUPress <= 0.2.9 - Reflected Cross-Site Scripting Affected: *-0.2.9 Patched: Updated: July 3, 2026
LOW

gnucommerce

gnucommerce

Score: 89/100 GNUCommerce <= 1.5.4 - Reflected Cross-Site Scripting Affected: *-1.5.4 Patched: Updated: July 3, 2026
LOW

ftp-sync

ftp-sync

Score: 91/100 FTP Sync <= 1.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.6 Patched: Updated: July 3, 2026
LOW

frontpage-category-filter

frontpage-category-filter

Score: 91/100 Frontpage category filter <= 1.0.2 - Cross-Site Request Forgery Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

finale-woocommerce-sales-countdown-timer-discount

finale-woocommerce-sales-countdown-timer-discount

Score: 91/100 Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer Affected: *-2.19.0 Patched: 2.20.0 Updated: July 3, 2026
LOW

featured-posts-grid

featured-posts-grid

Score: 91/100 Featured Posts Grid <= 1.7 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 3, 2026
LOW

event-post

event-post

Score: 91/100 Event post <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.9.8 Patched: 5.9.9 Updated: July 3, 2026
LOW

easy-image-display

easy-image-display

Score: 91/100 Easy Image Display <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.5 Patched: Updated: July 3, 2026
LOW

dp-alterminator-missing-alt-manager

dp-alterminator-missing-alt-manager

Score: 91/100 DP ALTerminator - Missing ALT manager <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

domain-theme

domain-theme

Score: 91/100 Domain Theme <= 1.3 - Cross-Site Request Forgery Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

display-template-name

display-template-name

Score: 91/100 Display Template Name <= 1.7.1 - Cross-Site Request Forgery Affected: *-1.7.1 Patched: Updated: July 3, 2026
LOW

delete-original-image

delete-original-image

Score: 91/100 Delete Original Image <= 0.4 - Cross-Site Request Forgery Affected: *-0.4 Patched: Updated: July 3, 2026
LOW

custom-top-bar

custom-top-bar

Score: 91/100 Custom top bar <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: July 3, 2026
LOW

custom-dashboard-page

custom-dashboard-page

Score: 91/100 Custom Dashboard Page <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

contact-form-7-select-box-editor-button

contact-form-7-select-box-editor-button

Score: 91/100 Contact Form 7 Select Box Editor Button <= 0.6 - Cross-Site Request Forgery Affected: *-0.6 Patched: Updated: July 3, 2026
LOW

cf7-builder

cf7-builder

Score: 91/100 Builder for Contact Form 7 by Webconstruct <= 1.2.2 - Cross-Site Request Forgery Affected: *-1.2.2 Patched: Updated: July 3, 2026
LOW

bp-email-assign-templates

bp-email-assign-templates

Score: 93/100 BP Email Assign Templates <= 1.7 - Authenticated (Admin+) Arbitrary Option Deletion Affected: *-1.7 Patched: 1.8 Updated: July 3, 2026
LOW

bp-email-assign-templates

bp-email-assign-templates

Score: 93/100 BP Email Assign Templates <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6 Patched: 1.7 Updated: July 3, 2026
LOW

blog-stats-by-w3counter

blog-stats-by-w3counter

Score: 91/100 W3Counter Free Real-Time Web Stats <= 4.1 - Cross-Site Request Forgery Affected: *-4.1 Patched: Updated: July 3, 2026
LOW

block-spam-by-math-reloaded

block-spam-by-math-reloaded

Score: 89/100 Block Spam By Math Reloaded <= 2.2.4 - Missing Authorization Affected: *-2.2.4 Patched: Updated: July 3, 2026
LOW

block-spam-by-math-reloaded

block-spam-by-math-reloaded

Score: 89/100 Block Spam By Math Reloaded <= 2.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.4 Patched: Updated: July 3, 2026
LOW

bee-layer-slider

bee-layer-slider

Score: 91/100 Bee Layer Slider <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

backtotop

backtotop

Score: 91/100 Back To Top <= 2.0 - Cross-Site Request Forgery Affected: *-2.0 Patched: Updated: July 3, 2026
LOW

awesome-surveys

awesome-surveys

Score: 91/100 Awesome Surveys <= 2.0.10 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-2.0.10 Patched: Updated: July 3, 2026
LOW

as-english-admin

as-english-admin

Score: 95/100 AS English Admin <= 1.0.0 - Open Redirection Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

another-events-calendar

another-events-calendar

Score: 95/100 Another Events Calendar <= 1.7.0 - Reflected Cross-Site Scripting Affected: *-1.7.0 Patched: Updated: July 3, 2026
LOW

amocrm-webform

amocrm-webform

Score: 95/100 amoCRM WebForm <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

accounting-for-woocommerce

accounting-for-woocommerce

Score: 97/100 Accounting for WooCommerce <=1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.8 Patched: 1.6.9 Updated: July 3, 2026
LOW

productdyno

productdyno

Score: N/A ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting via 'res' Parameter Affected: *-1.0.24 Patched: 1.0.25 Updated: July 3, 2026
LOW

woocommerce-products-filter

woocommerce-products-filter

Score: N/A HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion Affected: *-1.3.6.5 Patched: 1.3.6.6 Updated: July 3, 2026
LOW

qubely

qubely

Score: N/A Qubely – Advanced Gutenberg Blocks <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_content Affected: *-1.8.13 Patched: 1.8.14 Updated: July 3, 2026
LOW

photo-gallery

photo-gallery

Score: N/A Photo Gallery by 10Web <= 1.8.33 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.8.33 Patched: 1.8.34 Updated: July 3, 2026
LOW

currency-switcher

currency-switcher

Score: 93/100 WPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution Affected: *-1.2.0.4 Patched: 1.2.0.5 Updated: July 3, 2026
LOW

appsero-helper

appsero-helper

Score: 97/100 Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.3.3 Updated: July 3, 2026
LOW

pagelayer

pagelayer

Score: 93/100 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification Affected: *-1.9.8 Patched: 1.9.9 Updated: July 3, 2026
LOW

wpbookit

wpbookit

Score: N/A WPBookit <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: July 3, 2026
LOW

xpro-elementor-addons

xpro-elementor-addons

Score: N/A 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.6.7 Patched: 1.4.6.8 Updated: July 3, 2026
LOW

slingblocks

slingblocks

Score: N/A SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.0 Patched: 1.6.0 Updated: July 3, 2026
LOW

wp-recall

wp-recall

Score: N/A WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Unauthenticated SQL Injection Affected: *-16.26.10 Patched: 16.26.12 Updated: July 3, 2026
LOW

wp-recall

wp-recall

Score: N/A WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuction Affected: *-16.26.10 Patched: 16.26.12 Updated: July 3, 2026
LOW

bws-smtp

bws-smtp

Score: 93/100 SMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-1.1.9 Patched: 1.2.0 Updated: July 3, 2026
LOW

Gallery by FooGallery

foogallery

Score: 82/100 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size Affected: *-2.4.29 Patched: 2.4.30 Updated: July 3, 2026
LOW

Gallery by FooGallery

foogallery

Score: 82/100 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates Affected: *-2.4.29 Patched: 2.4.30 Updated: July 3, 2026
LOW

shortcode-cleaner-lite

shortcode-cleaner-lite

Score: N/A Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export Affected: *-1.0.9 Patched: Updated: July 3, 2026
LOW

allow-php-execute

allow-php-execute

Score: 95/100 Allow PHP Execute <= 1.0 - Authenticated (Editor+) PHP Code Injection Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

post-meta-data-manager

post-meta-data-manager

Score: N/A Post Meta Data Manager <= 1.4.4 - Authentciated (Admin+) Multisite Privilege Escalation Affected: *-1.4.4 Patched: Updated: July 3, 2026
LOW

years-since

years-since

Score: N/A Years Since – Timeless <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 3, 2026
LOW

code-snippets-cpt

code-snippets-cpt

Score: 91/100 Code Snippets CPT <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-2.1.0 Patched: Updated: July 3, 2026
LOW

wish-list-for-woocommerce

wish-list-for-woocommerce

Score: N/A Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name Affected: *-3.1.7 Patched: 3.1.8 Updated: July 3, 2026
LOW

wp-recall

wp-recall

Score: N/A WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-16.26.10 Patched: 16.26.12 Updated: July 3, 2026
LOW

wp-recall

wp-recall

Score: N/A WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure Affected: *-16.26.10 Patched: 16.26.12 Updated: July 3, 2026
LOW

woocommerce-delivery-notes

woocommerce-delivery-notes

Score: N/A Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-5.4.1 Patched: 5.5.0 Updated: July 3, 2026
LOW

widgetkit-for-elementor

widgetkit-for-elementor

Score: N/A All-in-One Addons for Elementor – WidgetKit <= 2.5.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates Affected: *-2.5.5 Patched: Updated: July 3, 2026
LOW

wc-checkout-getnet

wc-checkout-getnet

Score: N/A Plugin Oficial – Getnet para WooCommerce <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.8.0 Patched: 1.8.1 Updated: July 3, 2026
LOW

wc-checkout-getnet

wc-checkout-getnet

Score: N/A Plugin Oficial – Getnet para WooCommerce <= 1.8.0 - Reflected Cross-Site Scripting Affected: *-1.8.0 Patched: 1.8.1 Updated: July 3, 2026
LOW

vikrentcar

vikrentcar

Score: N/A VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.4.2 Patched: 1.4.3 Updated: July 3, 2026
LOW

the-plus-addons-for-elementor-page-builder

the-plus-addons-for-elementor-page-builder

Score: N/A The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-6.2.2 Patched: 6.2.3 Updated: July 3, 2026
LOW

product-input-fields-for-woocommerce

product-input-fields-for-woocommerce

Score: N/A Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload Affected: *-1.12.0 Patched: 1.12.1 Updated: July 3, 2026
LOW

post-lockdown

post-lockdown

Score: N/A Post Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure Affected: *-4.0.2 Patched: 4.0.3 Updated: July 3, 2026
LOW

miniorange-login-openid

miniorange-login-openid

Score: 91/100 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass Affected: *-200.3.9 Patched: 200.3.10 Updated: July 3, 2026
LOW

javo-core

javo-core

Score: 86/100 Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup Affected: *-3.0.0.080 Patched: 3.0.0.266 Updated: July 3, 2026
LOW

ht-mega-for-elementor

ht-mega-for-elementor

Score: 93/100 HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget Affected: *-2.8.2 Patched: 2.8.3 Updated: July 3, 2026
LOW

gallery-styles

gallery-styles

Score: 93/100 Gallery Styles <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.4 Patched: 1.3.5 Updated: July 3, 2026
LOW

essential-blocks

essential-blocks

Score: 93/100 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.3.1 Patched: 5.3.2 Updated: July 3, 2026
LOW

aiomatic-automatic-ai-content-writer

aiomatic-automatic-ai-content-writer

Score: 97/100 Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions Affected: *-2.3.6 Patched: 2.3.7 Updated: July 3, 2026
LOW

GEO Plugin by Squirrly SEO

squirrly-seo

Score: N/A SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter Affected: *-12.4.05 Patched: 12.4.06 Updated: July 3, 2026
LOW

related-post

related-post

Score: N/A Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: 2.0.59 Patched: 2.0.60 Updated: July 3, 2026
LOW

vk-blocks

vk-blocks

Score: N/A VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure Affected: *-1.94.2.2 Patched: 1.95.0.3 Updated: July 3, 2026
LOW

wpgetapi

wpgetapi

Score: N/A WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery Affected: *-2.2.10 Patched: 2.25.1 Updated: July 3, 2026
LOW

supportcandy

supportcandy

Score: N/A SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference Affected: *-3.3.0 Patched: 3.3.1 Updated: July 3, 2026
LOW

fwduvp

fwduvp

Score: 89/100 Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download Affected: *-10.0 Patched: 10.1 Updated: July 3, 2026
LOW

eventer

eventer

Score: 89/100 Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id Affected: *-3.9.9.2 Patched: 3.9.9.3 Updated: July 3, 2026
LOW

hmapsprem

hmapsprem

Score: 91/100 Hero Maps Premium - Customizable Google Maps Plugin <= 2.3.9 - Authenticated (Subscriber+) SQL Injection Affected: *-2.3.9 Patched: Updated: July 3, 2026
LOW

iwjob

iwjob

Score: 89/100 InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset Affected: *-3.5.1 Patched: Updated: July 3, 2026
LOW

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Score: 74/100 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export Affected: *-4.0.7.3 Patched: 4.0.7.4 Updated: July 3, 2026
LOW

wpcom-member

wpcom-member

Score: N/A WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone' Affected: *-1.7.5 Patched: 1.7.6 Updated: July 3, 2026
LOW

woocommerce-multi-currency

woocommerce-multi-currency

Score: N/A CURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL Injection Affected: *-2.3.6 Patched: 2.3.7 Updated: July 3, 2026
LOW

wishlist

wishlist

Score: N/A Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.43 Patched: 1.0.44 Updated: July 3, 2026
LOW

uipress-lite

uipress-lite

Score: N/A UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-3.5.04 Patched: 3.5.05 Updated: July 3, 2026
LOW

solace-extra

solace-extra

Score: N/A Solace Extra <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.3.0 Patched: 1.3.1 Updated: July 3, 2026
LOW

school-management

school-management

Score: N/A School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task' Affected: *-92.0.0 Patched: 93.0.0 Updated: July 3, 2026
LOW

school-management

school-management

Score: N/A School Management System for Wordpress <= 92.0.0 - Authenticated (Student+) SQL Injection via 'view-attendance' Affected: *-92.0.0 Patched: 93.0.0 Updated: July 3, 2026
LOW

school-management

school-management

Score: N/A School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting Affected: *-93.0.0 Patched: Updated: July 3, 2026
LOW

school-management

school-management

Score: N/A School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion Affected: *-93.0.0 Patched: Updated: July 3, 2026
LOW

school-management

school-management

Score: N/A School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation Affected: *-93.0.0 Patched: Updated: July 3, 2026
LOW

platformly-for-woocommerce

platformly-for-woocommerce

Score: N/A Platform.ly for WooCommerce <= 1.1.6 - Unauthenticated Blind Server-Side Request Forgery Affected: *-1.1.6 Patched: 1.1.7 Updated: July 3, 2026
LOW

ip-based-login

ip-based-login

Score: 93/100 IP Based Login <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.4.0 Patched: 2.4.1 Updated: July 3, 2026
LOW

ip-based-login

ip-based-login

Score: 93/100 IP Based Login <= 2.4.0 - Cross-Site Request forgery to Log Deletion Affected: *-2.4.0 Patched: 2.4.1 Updated: July 3, 2026
LOW

gallery-plugin

gallery-plugin

Score: 93/100 Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection Affected: *-4.7.3 Patched: 4.7.4 Updated: July 3, 2026
LOW

flexmls-idx

flexmls-idx

Score: 93/100 Flexmls® IDX <= 3.14.27 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.14.28 Patched: 3.14.29 Updated: July 3, 2026
LOW

event-tickets-with-ticket-scanner

event-tickets-with-ticket-scanner

Score: 93/100 Event Tickets with Ticket Scanner <= 2.5.3 - Cross-Site Request Forgery to Arbitrary Ticket Deletion Affected: *-2.5.3 Patched: 2.5.4 Updated: July 3, 2026
LOW

ditty-news-ticker

ditty-news-ticker

Score: 93/100 Ditty <= 3.1.51 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.1.51 Patched: 3.1.52 Updated: July 3, 2026
LOW

cs-framework

cs-framework

Score: 91/100 CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-7.0 Patched: 7.1 Updated: July 3, 2026
LOW

cs-framework

cs-framework

Score: 91/100 CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read Affected: *-7.1 Patched: Updated: July 3, 2026
LOW

aweber-web-form-widget

aweber-web-form-widget

Score: 93/100 AWeber <= 7.3.20 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-7.3.20 Patched: 7.3.21 Updated: July 3, 2026

Showing 11401 to 11500 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 06:01 UTC.