Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36406Across tracked plugins
Affected Plugins
87With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| go-to-top | go-to-top |
91
|
Go To Top <= 0.0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-0.0.8 | July 3, 2026 | ||
| gnupress | gnupress |
91
|
GNUPress <= 0.2.9 - Reflected Cross-Site Scripting | LOW | *-0.2.9 | July 3, 2026 | ||
| gnucommerce | gnucommerce |
89
|
GNUCommerce <= 1.5.4 - Reflected Cross-Site Scripting | LOW | *-1.5.4 | July 3, 2026 | ||
| ftp-sync | ftp-sync |
91
|
FTP Sync <= 1.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-1.1.6 | July 3, 2026 | ||
| frontpage-category-filter | frontpage-category-filter |
91
|
Frontpage category filter <= 1.0.2 - Cross-Site Request Forgery | LOW | *-1.0.2 | July 3, 2026 | ||
| finale-woocommerce-sales-countdown-timer-discount | finale-woocommerce-sales-countdown-timer-discount |
91
|
Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer | LOW | *-2.19.0 | 2.20.0 | July 3, 2026 | |
| featured-posts-grid | featured-posts-grid |
91
|
Featured Posts Grid <= 1.7 - Cross-Site Request Forgery to Cross-Site Scripting | LOW | *-1.7 | July 3, 2026 | ||
| event-post | event-post |
91
|
Event post <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-5.9.8 | 5.9.9 | July 3, 2026 | |
| easy-image-display | easy-image-display |
91
|
Easy Image Display <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.2.5 | July 3, 2026 | ||
| dp-alterminator-missing-alt-manager | dp-alterminator-missing-alt-manager |
91
|
DP ALTerminator - Missing ALT manager <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.0.2 | July 3, 2026 | ||
| domain-theme | domain-theme |
91
|
Domain Theme <= 1.3 - Cross-Site Request Forgery | LOW | *-1.3 | July 3, 2026 | ||
| display-template-name | display-template-name |
91
|
Display Template Name <= 1.7.1 - Cross-Site Request Forgery | LOW | *-1.7.1 | July 3, 2026 | ||
| delete-original-image | delete-original-image |
91
|
Delete Original Image <= 0.4 - Cross-Site Request Forgery | LOW | *-0.4 | July 3, 2026 | ||
| custom-top-bar | custom-top-bar |
91
|
Custom top bar <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-2.0.2 | July 3, 2026 | ||
| custom-dashboard-page | custom-dashboard-page |
91
|
Custom Dashboard Page <= 1.0 - Cross-Site Request Forgery | LOW | *-1.0 | July 3, 2026 | ||
| contact-form-7-select-box-editor-button | contact-form-7-select-box-editor-button |
91
|
Contact Form 7 Select Box Editor Button <= 0.6 - Cross-Site Request Forgery | LOW | *-0.6 | July 3, 2026 | ||
| cf7-builder | cf7-builder |
91
|
Builder for Contact Form 7 by Webconstruct <= 1.2.2 - Cross-Site Request Forgery | LOW | *-1.2.2 | July 3, 2026 | ||
| bp-email-assign-templates | bp-email-assign-templates |
93
|
BP Email Assign Templates <= 1.7 - Authenticated (Admin+) Arbitrary Option Deletion | LOW | *-1.7 | 1.8 | July 3, 2026 | |
| bp-email-assign-templates | bp-email-assign-templates |
93
|
BP Email Assign Templates <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.6 | 1.7 | July 3, 2026 | |
| blog-stats-by-w3counter | blog-stats-by-w3counter |
91
|
W3Counter Free Real-Time Web Stats <= 4.1 - Cross-Site Request Forgery | LOW | *-4.1 | July 3, 2026 | ||
| block-spam-by-math-reloaded | block-spam-by-math-reloaded |
89
|
Block Spam By Math Reloaded <= 2.2.4 - Missing Authorization | LOW | *-2.2.4 | July 3, 2026 | ||
| block-spam-by-math-reloaded | block-spam-by-math-reloaded |
89
|
Block Spam By Math Reloaded <= 2.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-2.2.4 | July 3, 2026 | ||
| bee-layer-slider | bee-layer-slider |
91
|
Bee Layer Slider <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1 | July 3, 2026 | ||
| backtotop | backtotop |
91
|
Back To Top <= 2.0 - Cross-Site Request Forgery | LOW | *-2.0 | July 3, 2026 | ||
| awesome-surveys | awesome-surveys |
91
|
Awesome Surveys <= 2.0.10 - Authenticated (Editor+) Stored Cross-Site Scripting | LOW | *-2.0.10 | July 3, 2026 | ||
| as-english-admin | as-english-admin |
95
|
AS English Admin <= 1.0.0 - Open Redirection | LOW | *-1.0.0 | July 3, 2026 | ||
| another-events-calendar | another-events-calendar |
95
|
Another Events Calendar <= 1.7.0 - Reflected Cross-Site Scripting | LOW | *-1.7.0 | July 3, 2026 | ||
| amocrm-webform | amocrm-webform |
95
|
amoCRM WebForm <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1 | July 3, 2026 | ||
| accounting-for-woocommerce | accounting-for-woocommerce |
97
|
Accounting for WooCommerce <=1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.6.8 | 1.6.9 | July 3, 2026 | |
| productdyno | productdyno | N/A | ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting via 'res' Parameter | LOW | *-1.0.24 | 1.0.25 | July 3, 2026 | |
| woocommerce-products-filter | woocommerce-products-filter | N/A | HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion | LOW | *-1.3.6.5 | 1.3.6.6 | July 3, 2026 | |
| qubely | qubely | N/A | Qubely – Advanced Gutenberg Blocks <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_content | LOW | *-1.8.13 | 1.8.14 | July 3, 2026 | |
| photo-gallery | photo-gallery | N/A | Photo Gallery by 10Web <= 1.8.33 - Unauthenticated Stored Cross-Site Scripting | LOW | *-1.8.33 | 1.8.34 | July 3, 2026 | |
| currency-switcher | currency-switcher |
93
|
WPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution | LOW | *-1.2.0.4 | 1.2.0.5 | July 3, 2026 | |
| appsero-helper | appsero-helper |
97
|
Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-1.3.2 | 1.3.3 | July 3, 2026 | |
| pagelayer | pagelayer |
93
|
Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification | LOW | *-1.9.8 | 1.9.9 | July 3, 2026 | |
| wpbookit | wpbookit | N/A | WPBookit <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-1.0.1 | 1.0.2 | July 3, 2026 | |
| xpro-elementor-addons | xpro-elementor-addons | N/A | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.4.6.7 | 1.4.6.8 | July 3, 2026 | |
| slingblocks | slingblocks | N/A | SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.5.0 | 1.6.0 | July 3, 2026 | |
| wp-recall | wp-recall | N/A | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Unauthenticated SQL Injection | LOW | *-16.26.10 | 16.26.12 | July 3, 2026 | |
| wp-recall | wp-recall | N/A | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuction | LOW | *-16.26.10 | 16.26.12 | July 3, 2026 | |
| bws-smtp | bws-smtp |
93
|
SMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload | LOW | *-1.1.9 | 1.2.0 | July 3, 2026 | |
| Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | post-smtp |
87
|
Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter | LOW | *-3.1.2 | 3.1.3 | July 3, 2026 | |
| Gallery by FooGallery | foogallery |
82
|
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size | LOW | *-2.4.29 | 2.4.30 | July 3, 2026 | |
| Gallery by FooGallery | foogallery |
82
|
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates | LOW | *-2.4.29 | 2.4.30 | July 3, 2026 | |
| shortcode-cleaner-lite | shortcode-cleaner-lite | N/A | Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export | LOW | *-1.0.9 | July 3, 2026 | ||
| allow-php-execute | allow-php-execute |
95
|
Allow PHP Execute <= 1.0 - Authenticated (Editor+) PHP Code Injection | LOW | *-1.0 | July 3, 2026 | ||
| post-meta-data-manager | post-meta-data-manager | N/A | Post Meta Data Manager <= 1.4.4 - Authentciated (Admin+) Multisite Privilege Escalation | LOW | *-1.4.4 | July 3, 2026 | ||
| years-since | years-since | N/A | Years Since – Timeless <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.4.1 | July 3, 2026 | ||
| code-snippets-cpt | code-snippets-cpt |
91
|
Code Snippets CPT <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | LOW | *-2.1.0 | July 3, 2026 | ||
| wish-list-for-woocommerce | wish-list-for-woocommerce | N/A | Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name | LOW | *-3.1.7 | 3.1.8 | July 3, 2026 | |
| wp-recall | wp-recall | N/A | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-16.26.10 | 16.26.12 | July 3, 2026 | |
| wp-recall | wp-recall | N/A | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure | LOW | *-16.26.10 | 16.26.12 | July 3, 2026 | |
| woocommerce-delivery-notes | woocommerce-delivery-notes | N/A | Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | LOW | *-5.4.1 | 5.5.0 | July 3, 2026 | |
| widgetkit-for-elementor | widgetkit-for-elementor | N/A | All-in-One Addons for Elementor – WidgetKit <= 2.5.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | LOW | *-2.5.5 | July 3, 2026 | ||
| wc-checkout-getnet | wc-checkout-getnet | N/A | Plugin Oficial – Getnet para WooCommerce <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.8.0 | 1.8.1 | July 3, 2026 | |
| wc-checkout-getnet | wc-checkout-getnet | N/A | Plugin Oficial – Getnet para WooCommerce <= 1.8.0 - Reflected Cross-Site Scripting | LOW | *-1.8.0 | 1.8.1 | July 3, 2026 | |
| vikrentcar | vikrentcar | N/A | VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload | LOW | *-1.4.2 | 1.4.3 | July 3, 2026 | |
| the-plus-addons-for-elementor-page-builder | the-plus-addons-for-elementor-page-builder | N/A | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | LOW | *-6.2.2 | 6.2.3 | July 3, 2026 | |
| product-input-fields-for-woocommerce | product-input-fields-for-woocommerce | N/A | Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload | LOW | *-1.12.0 | 1.12.1 | July 3, 2026 | |
| post-lockdown | post-lockdown | N/A | Post Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure | LOW | *-4.0.2 | 4.0.3 | July 3, 2026 | |
| miniorange-login-openid | miniorange-login-openid |
91
|
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass | LOW | *-200.3.9 | 200.3.10 | July 3, 2026 | |
| javo-core | javo-core |
86
|
Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup | LOW | *-3.0.0.080 | 3.0.0.266 | July 3, 2026 | |
| ht-mega-for-elementor | ht-mega-for-elementor |
93
|
HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget | LOW | *-2.8.2 | 2.8.3 | July 3, 2026 | |
| gallery-styles | gallery-styles |
93
|
Gallery Styles <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.3.4 | 1.3.5 | July 3, 2026 | |
| essential-blocks | essential-blocks |
93
|
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-5.3.1 | 5.3.2 | July 3, 2026 | |
| aiomatic-automatic-ai-content-writer | aiomatic-automatic-ai-content-writer |
97
|
Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions | LOW | *-2.3.6 | 2.3.7 | July 3, 2026 | |
| GEO Plugin by Squirrly SEO | squirrly-seo | N/A | SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter | LOW | *-12.4.05 | 12.4.06 | July 3, 2026 | |
| related-post | related-post | N/A | Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | 2.0.59 | 2.0.60 | July 3, 2026 | |
| vk-blocks | vk-blocks | N/A | VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure | LOW | *-1.94.2.2 | 1.95.0.3 | July 3, 2026 | |
| wpgetapi | wpgetapi | N/A | WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery | LOW | *-2.2.10 | 2.25.1 | July 3, 2026 | |
| supportcandy | supportcandy | N/A | SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference | LOW | *-3.3.0 | 3.3.1 | July 3, 2026 | |
| Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | simply-schedule-appointments | N/A | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting | LOW | *-1.6.8.3 | 1.6.8.5 | July 3, 2026 | |
| fwduvp | fwduvp |
89
|
Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download | LOW | *-10.0 | 10.1 | July 3, 2026 | |
| eventer | eventer |
89
|
Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id | LOW | *-3.9.9.2 | 3.9.9.3 | July 3, 2026 | |
| hmapsprem | hmapsprem |
91
|
Hero Maps Premium - Customizable Google Maps Plugin <= 2.3.9 - Authenticated (Subscriber+) SQL Injection | LOW | *-2.3.9 | July 3, 2026 | ||
| iwjob | iwjob |
89
|
InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset | LOW | *-3.5.1 | July 3, 2026 | ||
| EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
74
|
EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export | LOW | *-4.0.7.3 | 4.0.7.4 | July 3, 2026 | |
| wpcom-member | wpcom-member | N/A | WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone' | LOW | *-1.7.5 | 1.7.6 | July 3, 2026 | |
| woocommerce-multi-currency | woocommerce-multi-currency | N/A | CURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL Injection | LOW | *-2.3.6 | 2.3.7 | July 3, 2026 | |
| wishlist | wishlist | N/A | Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.43 | 1.0.44 | July 3, 2026 | |
| uipress-lite | uipress-lite | N/A | UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update | LOW | *-3.5.04 | 3.5.05 | July 3, 2026 | |
| solace-extra | solace-extra | N/A | Solace Extra <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Upload | LOW | *-1.3.0 | 1.3.1 | July 3, 2026 | |
| school-management | school-management | N/A | School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task' | LOW | *-92.0.0 | 93.0.0 | July 3, 2026 | |
| school-management | school-management | N/A | School Management System for Wordpress <= 92.0.0 - Authenticated (Student+) SQL Injection via 'view-attendance' | LOW | *-92.0.0 | 93.0.0 | July 3, 2026 | |
| school-management | school-management | N/A | School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting | LOW | *-93.0.0 | July 3, 2026 | ||
| school-management | school-management | N/A | School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion | LOW | *-93.0.0 | July 3, 2026 | ||
| school-management | school-management | N/A | School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation | LOW | *-93.0.0 | July 3, 2026 | ||
| platformly-for-woocommerce | platformly-for-woocommerce | N/A | Platform.ly for WooCommerce <= 1.1.6 - Unauthenticated Blind Server-Side Request Forgery | LOW | *-1.1.6 | 1.1.7 | July 3, 2026 | |
| MailPoet – Newsletters, Email Marketing, and Automation | mailpoet |
91
|
MailPoet <= 5.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-5.5.1 | 5.5.2 | July 3, 2026 | |
| ip-based-login | ip-based-login |
93
|
IP Based Login <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.4.0 | 2.4.1 | July 3, 2026 | |
| ip-based-login | ip-based-login |
93
|
IP Based Login <= 2.4.0 - Cross-Site Request forgery to Log Deletion | LOW | *-2.4.0 | 2.4.1 | July 3, 2026 | |
| gallery-plugin | gallery-plugin |
93
|
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection | LOW | *-4.7.3 | 4.7.4 | July 3, 2026 | |
| flexmls-idx | flexmls-idx |
93
|
Flexmls® IDX <= 3.14.27 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.14.28 | 3.14.29 | July 3, 2026 | |
| Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution | file-manager-advanced |
66
|
Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload | LOW | *-5.2.14 | 5.3.0 | July 3, 2026 | |
| event-tickets-with-ticket-scanner | event-tickets-with-ticket-scanner |
93
|
Event Tickets with Ticket Scanner <= 2.5.3 - Cross-Site Request Forgery to Arbitrary Ticket Deletion | LOW | *-2.5.3 | 2.5.4 | July 3, 2026 | |
| ditty-news-ticker | ditty-news-ticker |
93
|
Ditty <= 3.1.51 - Authenticated (Author+) Stored Cross-Site Scripting | LOW | *-3.1.51 | 3.1.52 | July 3, 2026 | |
| cs-framework | cs-framework |
91
|
CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion | LOW | *-7.0 | 7.1 | July 3, 2026 | |
| cs-framework | cs-framework |
91
|
CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read | LOW | *-7.1 | July 3, 2026 | ||
| aweber-web-form-widget | aweber-web-form-widget |
93
|
AWeber <= 7.3.20 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-7.3.20 | 7.3.21 | July 3, 2026 |
go-to-top
go-to-top
gnupress
gnupress
gnucommerce
gnucommerce
ftp-sync
ftp-sync
frontpage-category-filter
frontpage-category-filter
finale-woocommerce-sales-countdown-timer-discount
finale-woocommerce-sales-countdown-timer-discount
featured-posts-grid
featured-posts-grid
event-post
event-post
easy-image-display
easy-image-display
dp-alterminator-missing-alt-manager
dp-alterminator-missing-alt-manager
domain-theme
domain-theme
display-template-name
display-template-name
delete-original-image
delete-original-image
custom-top-bar
custom-top-bar
custom-dashboard-page
custom-dashboard-page
contact-form-7-select-box-editor-button
contact-form-7-select-box-editor-button
cf7-builder
cf7-builder
bp-email-assign-templates
bp-email-assign-templates
bp-email-assign-templates
bp-email-assign-templates
blog-stats-by-w3counter
blog-stats-by-w3counter
block-spam-by-math-reloaded
block-spam-by-math-reloaded
block-spam-by-math-reloaded
block-spam-by-math-reloaded
bee-layer-slider
bee-layer-slider
backtotop
backtotop
awesome-surveys
awesome-surveys
as-english-admin
as-english-admin
another-events-calendar
another-events-calendar
amocrm-webform
amocrm-webform
accounting-for-woocommerce
accounting-for-woocommerce
productdyno
productdyno
woocommerce-products-filter
woocommerce-products-filter
qubely
qubely
photo-gallery
photo-gallery
currency-switcher
currency-switcher
appsero-helper
appsero-helper
pagelayer
pagelayer
wpbookit
wpbookit
xpro-elementor-addons
xpro-elementor-addons
slingblocks
slingblocks
wp-recall
wp-recall
wp-recall
wp-recall
bws-smtp
bws-smtp
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App
post-smtp
Gallery by FooGallery
foogallery
Gallery by FooGallery
foogallery
shortcode-cleaner-lite
shortcode-cleaner-lite
allow-php-execute
allow-php-execute
post-meta-data-manager
post-meta-data-manager
years-since
years-since
code-snippets-cpt
code-snippets-cpt
wish-list-for-woocommerce
wish-list-for-woocommerce
wp-recall
wp-recall
wp-recall
wp-recall
woocommerce-delivery-notes
woocommerce-delivery-notes
widgetkit-for-elementor
widgetkit-for-elementor
wc-checkout-getnet
wc-checkout-getnet
wc-checkout-getnet
wc-checkout-getnet
vikrentcar
vikrentcar
the-plus-addons-for-elementor-page-builder
the-plus-addons-for-elementor-page-builder
product-input-fields-for-woocommerce
product-input-fields-for-woocommerce
post-lockdown
post-lockdown
miniorange-login-openid
miniorange-login-openid
javo-core
javo-core
ht-mega-for-elementor
ht-mega-for-elementor
gallery-styles
gallery-styles
essential-blocks
essential-blocks
aiomatic-automatic-ai-content-writer
aiomatic-automatic-ai-content-writer
GEO Plugin by Squirrly SEO
squirrly-seo
related-post
related-post
vk-blocks
vk-blocks
wpgetapi
wpgetapi
supportcandy
supportcandy
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
simply-schedule-appointments
fwduvp
fwduvp
eventer
eventer
hmapsprem
hmapsprem
iwjob
iwjob
EventPrime – Events Calendar, Bookings and Tickets
eventprime-event-calendar-management
wpcom-member
wpcom-member
woocommerce-multi-currency
woocommerce-multi-currency
wishlist
wishlist
uipress-lite
uipress-lite
solace-extra
solace-extra
school-management
school-management
school-management
school-management
school-management
school-management
school-management
school-management
school-management
school-management
platformly-for-woocommerce
platformly-for-woocommerce
MailPoet – Newsletters, Email Marketing, and Automation
mailpoet
ip-based-login
ip-based-login
ip-based-login
ip-based-login
gallery-plugin
gallery-plugin
flexmls-idx
flexmls-idx
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution
file-manager-advanced
event-tickets-with-ticket-scanner
event-tickets-with-ticket-scanner
ditty-news-ticker
ditty-news-ticker
cs-framework
cs-framework
cs-framework
cs-framework
aweber-web-form-widget
aweber-web-form-widget
Showing 11401 to 11500 of 36406 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 3, 2026 at 06:01 UTC.