Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

83

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
podlove-podcasting-plugin-for-wordpress podlove-podcasting-plugin-for-wordpress N/A Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function LOW *-4.2.2 4.2.3 July 3, 2026
notibar notibar
93
Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.5 2.1.6 July 3, 2026
moving-media-library moving-media-library
93
Moving Media Library <= 1.22 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Deletion LOW *-1.22 1.23 July 3, 2026
wp-svg-upload wp-svg-upload N/A WP SVG Upload <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG LOW *-1.0.0 July 3, 2026
Greek Multi Tool – Greeklish Slugs, Permalinks & Transliteration greek-multi-tool
90
Greek Multi Tool <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting LOW *-2.3.1 2.3.2 July 3, 2026
cookiebot cookiebot
93
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission LOW *-4.4.1 4.4.2 July 3, 2026
booknetic booknetic
91
Booknetic 4.0 - 4.1.4 - Cross-Site Request Forgery LOW 4.0-4.1.4 4.1.5 July 3, 2026
ad-inserter ad-inserter
97
Ad Inserter - Ad Manager and AdSense Ads <= 2.8.0 - Reflected Cross-Site Scripting LOW *-2.8.0 2.8.1 July 3, 2026
wpgsi wpgsi N/A Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish LOW *-3.8.2 3.8.3 July 3, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter LOW *-2.10.0 2.10.1 July 3, 2026
designthemes-core-features designthemes-core-features
89
DesignThemes Core Features <= 4.7 - Missing Authorization to Unauthenticated Arbitrary File Read via dt_process_imported_file LOW *-4.7 4.8 July 3, 2026
content-control content-control
93
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-2.5.0 2.6.0 July 3, 2026
homey-login-register homey-login-register
89
Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation in homey_register LOW *-2.4.0 July 3, 2026
staff-directory-pro staff-directory-pro N/A Company Directory <= 4.3 - Reflected Cross-Site Scripting via add_query_arg Function LOW *-4.3 July 3, 2026
Master Slider – Responsive Touch Slider master-slider
86
Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode LOW *-3.10.6 3.10.7 July 3, 2026
Master Slider – Responsive Touch Slider master-slider
86
Master Slider – Responsive Touch Slider <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_slider Shortcode LOW *-3.10.7 3.10.8 July 3, 2026
wp-realestate-manager wp-realestate-manager N/A WP Real Estate Manager <= 2.8 - Authentication Bypass via Account Takeover LOW *-2.8 July 3, 2026
onlinecontract onlinecontract
91
WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import LOW *-5.1.4 July 3, 2026
dzs-zoomsounds dzs-zoomsounds
83
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection LOW *-6.91 July 3, 2026
rac rac N/A WooCommerce Recover Abandoned Cart <= 24.4.0 - Unauthenticated PHP Object Injection LOW *-24.4.0 24.5.0 July 3, 2026
point-maker point-maker N/A Point Maker <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1.6 July 3, 2026
wp-awesome-import-export wp-awesome-import-export N/A WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Execution/Privilege Escalation LOW *-4.1.1 July 3, 2026
simple-notification simple-notification N/A Simple Notification <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.3 July 3, 2026
gloria-assistant-by-webtronic-labs gloria-assistant-by-webtronic-labs
91
I Am Gloria <= 1.1.4 - Cross-Site Request Forgery LOW *-1.1.4 July 3, 2026
recently-purchased-products-for-woo recently-purchased-products-for-woo N/A Recently Purchased Products For Woo <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via view Parameter LOW *-1.1.3 1.1.4 July 3, 2026
razorpay-subscription-button-elementor razorpay-subscription-button-elementor N/A Razorpay Subscription Button Elementor Plugin <= 1.0.3 - Reflected Cross-Site Scripting via add_query_arg and remove_query_arg Functions LOW *-1.0.3 1.0.4 July 3, 2026
searchiq searchiq N/A SearchIQ – The Search Solution <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.7 4.8 July 3, 2026
wp-featherlight wp-featherlight N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library LOW *-1.3.4 July 3, 2026
stylish-google-sheet-reader stylish-google-sheet-reader N/A Stylish Google Sheet Reader <= 4.0 - Reflected Cross-Site Scripting LOW *-4.0 4.1 July 3, 2026
responsive-lightbox responsive-lightbox N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library LOW *-2.4.7 2.4.8 July 3, 2026
hslide hslide
91
Hero Slider - WordPress Slider Plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection LOW *-1.3.5 July 3, 2026
hmenu hmenu
83
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion LOW *-1.16.5 July 3, 2026
hmenu hmenu
83
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Reflected Cross-Site Scripting LOW *-1.16.5 July 3, 2026
hmenu hmenu
83
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection LOW *-1.16.5 July 3, 2026
favorites favorites
91
Favorites <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.3.4 2.3.5 July 3, 2026
email-customizer-for-woocommerce-with-drag-drop-builder email-customizer-for-woocommerce-with-drag-drop-builder
91
WooMail - WooCommerce Email Customizer <= 3.0.34 - Authenticated (Subscriber+) Missing Authorization to SQL Injection LOW *-3.0.34 July 3, 2026
bbpress bbpress
93
bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation LOW *-2.6.11 2.6.12 July 3, 2026
aoa-downloadable aoa-downloadable
95
Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Arbitrary File Download LOW *-0.1.0 July 3, 2026
aoa-downloadable aoa-downloadable
95
Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Server-Side Request Forgery LOW *-0.1.0 July 3, 2026
ultimate-auction ultimate-auction N/A Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion LOW *-4.2.9 4.3.0 July 3, 2026
shortcodes-ultimate shortcodes-ultimate N/A WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter LOW *-7.3.3 7.3.4 July 3, 2026
wallet-system-for-woocommerce wallet-system-for-woocommerce N/A Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site Request Forgery LOW *-2.6.2 2.6.3 July 3, 2026
wallet-system-for-woocommerce wallet-system-for-woocommerce N/A Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing Authorization LOW *-2.6.2 2.6.3 July 3, 2026
master-addons master-addons
93
Master Addons <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets LOW *-2.0.7.2 2.0.7.3 July 3, 2026
master-addons master-addons
93
Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter LOW *-2.0.7.1 2.0.7.2 July 3, 2026
structured-content structured-content N/A Structured Content (JSON-LD) #wpsc <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode LOW *-1.6.3 1.6.4 July 3, 2026
zigaform-form-builder-lite zigaform-form-builder-lite N/A Zigaform – Form Builder Lite <= 7.4.2 - Unauthenticated Stored Cross-Site Scripting LOW *-7.4.2 7.4.3 July 3, 2026
wp-recall wp-recall N/A WP-Recall – Registration, Profile, Commerce & More <= 16.26.11 - Authenticated (Admin+) SQL Injection LOW *-16.26.11 16.26.12 July 3, 2026
WP Google Review Slider wp-google-places-review-slider
70
WP Google Review Slider <= 15.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-15.5 15.6 July 3, 2026
wp-advanced-search wp-advanced-search N/A WordPress WP-Advanced-Search <= 3.3.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.3.9.2 3.3.9.3 July 3, 2026
VikBooking Hotel Booking Engine & PMS vikbooking
95
VikBooking Hotel Booking Engine & PMS <= 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.7.1 1.7.2 July 3, 2026
teachpress teachpress N/A teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection LOW *-9.0.7 9.0.8 July 3, 2026
taskbuilder taskbuilder N/A Taskbuilder <= 3.0.8 - Authenticated (Admin+) SQL Injection LOW *-3.0.8 3.0.9 July 3, 2026
tarteaucitron-wp tarteaucitron-wp N/A tarteaucitron.js for WordPress < 0.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW [*, 0.3.0) 0.3.0 July 3, 2026
tarteaucitron-wp tarteaucitron-wp N/A tarteaucitron.js for WordPress < 0.3.0 - Authenticated (Author+) Stored Cross-Site Scripting LOW [*, 0.3.0) 0.3.0 July 3, 2026
stylish-price-list stylish-price-list N/A Stylish Price List <= 7.1.11 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-7.1.11 7.1.12 July 3, 2026
GEO Plugin by Squirrly SEO squirrly-seo N/A SEO Plugin by Squirrly SEO <= 12.4.07 - Missing Authorization LOW *-12.4.07 12.4.08 July 3, 2026
smart-maintenance-mode smart-maintenance-mode N/A Smart Maintenance Mode <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.5.1 1.5.2 July 3, 2026
smart-maintenance-mode smart-maintenance-mode N/A Smart Maintenance Mode <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.5.1 1.5.2 July 3, 2026
slider-wd slider-wd N/A Slider by 10Web <= 1.2.61 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget LOW *-1.2.61 1.2.62 July 3, 2026
slider-wd slider-wd N/A Slider by 10Web <= 1.2.61 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.61 1.2.62 July 3, 2026
simple-basic-contact-form simple-basic-contact-form N/A Simple Basic Contact Form <= 20240511 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-20240511 20250114 July 3, 2026
simple-banner simple-banner N/A Simple Banner <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.0.3 3.0.4 July 3, 2026
Robo Gallery – Photo & Image Slider robo-gallery N/A Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.23 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.2.23 3.2.24 July 3, 2026
registrations-for-the-events-calendar registrations-for-the-events-calendar N/A Registrations for the Events Calendar <= 2.13.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.13.3 2.13.4 July 3, 2026
recapture-for-woocommerce recapture-for-woocommerce N/A Recapture for WooCommerce <= 1.0.43 - Cross-Site Request Forgery to Settings Update LOW *-1.0.43 1.0.44 July 3, 2026
publishpress-authors publishpress-authors N/A PublishPress Authors <= 4.7.3 - Authenticated (Administrator+) SQL Injection LOW *-4.7.3 4.7.4 July 3, 2026
podlove-podcasting-plugin-for-wordpress podlove-podcasting-plugin-for-wordpress N/A Podlove Podcast Publisher <= 4.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.2.0 4.2.1 July 3, 2026
podlove-podcasting-plugin-for-wordpress podlove-podcasting-plugin-for-wordpress N/A Podlove Podcast Publisher <= 4.1.23 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.1.23 4.1.24 July 3, 2026
pirate-forms pirate-forms N/A Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.5.2 2.6.0 July 3, 2026
pirate-forms pirate-forms N/A Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.5.2 2.6.0 July 3, 2026
my-wp-tabs my-wp-tabs
93
WP Tabs <= 2.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.2.6 2.2.7 July 3, 2026
mobile-contact-bar mobile-contact-bar
93
Mobile Contact Bar <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.0.4 3.0.5 July 3, 2026
mb-custom-post-type mb-custom-post-type
93
MB Custom Post Types & Custom Taxonomies <= 2.7.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.7.6 2.7.7 July 3, 2026
m1downloadlist m1downloadlist
91
m1.DownloadList <= 0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.19 0.20 July 3, 2026
lifterlms lifterlms
93
LifterLMS <= 8.0.0 - Reflected Cross-Site Scripting LOW *-8.0.0 8.0.1 July 3, 2026
lead-form-builder lead-form-builder
93
Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.9.7 1.9.8 July 3, 2026
jsfiddle-shortcode jsfiddle-shortcode
93
JSFiddle Shortcode <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.1.1 1.1.2 July 3, 2026
job-postings job-postings
91
Job Postings <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.10 2.7.11 July 3, 2026
instagram-slider-widget instagram-slider-widget
93
Social Slider Feed <= 2.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.2.8 2.2.9 July 3, 2026
icegram icegram
93
Icegram Engage <= 3.1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.1.31 3.1.32 July 3, 2026
icegram icegram
93
Icegram Engage <= 3.1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.1.31 3.1.32 July 3, 2026
hd-quiz hd-quiz
93
HD Quiz <= 1.8.14 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.8.14 2.0.0 July 3, 2026
google-website-translator google-website-translator
93
Prisna GWT – Google Website Translator <= 1.4.13 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.4.13 1.4.14 July 3, 2026
google-website-translator google-website-translator
93
Prisna GWT – Google Website Translator <= 1.4.13 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.4.13 1.4.14 July 3, 2026
give give
93
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection LOW *-3.19.4 3.20.0 July 3, 2026
gdpr-framework gdpr-framework
93
The GDPR Framework By Data443 <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.1.0 2.2.0 July 3, 2026
form-maker form-maker
93
Form Maker by 10Web <= 1.15.29 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.15.29 1.15.30 July 3, 2026
erp erp
93
WP ERP <= 1.13.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.13.3 1.13.4 July 3, 2026
erp erp
93
WP ERP <= 1.13.3 - Authenticated (Employee+) Insecure Direct Object Reference LOW *-1.13.3 1.13.4 July 3, 2026
different-shipping-and-billing-address-for-woocommerce different-shipping-and-billing-address-for-woocommerce
93
Multiple Shipping And Billing Address For Woocommerce <= 1.3 - Unauthenticated SQL Injection LOW *-1.3 1.5 July 3, 2026
cyan-backup cyan-backup
93
CYAN Backup <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.5.2 2.5.3 July 3, 2026
cyan-backup cyan-backup
93
CYAN Backup <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.5.2 2.5.3 July 3, 2026
custom-registration-form-builder-with-submission-manager custom-registration-form-builder-with-submission-manager
93
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-6.0.2 6.0.2.1 July 3, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services chatbot
66
AI ChatBot for WordPress – WPBot <= 6.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-6.2.3 6.2.4 July 3, 2026
auto-prune-posts auto-prune-posts
93
Auto Prune Posts <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0.0 3.0.0 July 3, 2026
animation-addons-for-elementor-pro animation-addons-for-elementor-pro
97
Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation LOW *-1.6 1.7 July 3, 2026
advanced-form-integration advanced-form-integration
97
AFI – The Easiest Integration Plugin <= 1.99.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.99.0 1.100.0 July 3, 2026
advanced-form-integration advanced-form-integration
97
AFI – The Easiest Integration Plugin <= 1.99.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.99.0 1.100.0 July 3, 2026
aco-product-labels-for-woocommerce aco-product-labels-for-woocommerce
97
Product Labels For Woocommerce (Sale Badges) <= 1.5.10 - Authenticated (Admin+) SQL Injection LOW *-1.5.10 1.5.11 July 3, 2026
LOW

podlove-podcasting-plugin-for-wordpress

podlove-podcasting-plugin-for-wordpress

Score: N/A Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function Affected: *-4.2.2 Patched: 4.2.3 Updated: July 3, 2026
LOW

notibar

notibar

Score: 93/100 Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.5 Patched: 2.1.6 Updated: July 3, 2026
LOW

moving-media-library

moving-media-library

Score: 93/100 Moving Media Library <= 1.22 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Deletion Affected: *-1.22 Patched: 1.23 Updated: July 3, 2026
LOW

wp-svg-upload

wp-svg-upload

Score: N/A WP SVG Upload <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

cookiebot

cookiebot

Score: 93/100 Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission Affected: *-4.4.1 Patched: 4.4.2 Updated: July 3, 2026
LOW

booknetic

booknetic

Score: 91/100 Booknetic 4.0 - 4.1.4 - Cross-Site Request Forgery Affected: 4.0-4.1.4 Patched: 4.1.5 Updated: July 3, 2026
LOW

ad-inserter

ad-inserter

Score: 97/100 Ad Inserter - Ad Manager and AdSense Ads <= 2.8.0 - Reflected Cross-Site Scripting Affected: *-2.8.0 Patched: 2.8.1 Updated: July 3, 2026
LOW

wpgsi

wpgsi

Score: N/A Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish Affected: *-3.8.2 Patched: 3.8.3 Updated: July 3, 2026
LOW

designthemes-core-features

designthemes-core-features

Score: 89/100 DesignThemes Core Features <= 4.7 - Missing Authorization to Unauthenticated Arbitrary File Read via dt_process_imported_file Affected: *-4.7 Patched: 4.8 Updated: July 3, 2026
LOW

content-control

content-control

Score: 93/100 Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-2.5.0 Patched: 2.6.0 Updated: July 3, 2026
LOW

homey-login-register

homey-login-register

Score: 89/100 Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation in homey_register Affected: *-2.4.0 Patched: Updated: July 3, 2026
LOW

staff-directory-pro

staff-directory-pro

Score: N/A Company Directory <= 4.3 - Reflected Cross-Site Scripting via add_query_arg Function Affected: *-4.3 Patched: Updated: July 3, 2026
LOW

Master Slider – Responsive Touch Slider

master-slider

Score: 86/100 Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode Affected: *-3.10.6 Patched: 3.10.7 Updated: July 3, 2026
LOW

Master Slider – Responsive Touch Slider

master-slider

Score: 86/100 Master Slider – Responsive Touch Slider <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_slider Shortcode Affected: *-3.10.7 Patched: 3.10.8 Updated: July 3, 2026
LOW

wp-realestate-manager

wp-realestate-manager

Score: N/A WP Real Estate Manager <= 2.8 - Authentication Bypass via Account Takeover Affected: *-2.8 Patched: Updated: July 3, 2026
LOW

onlinecontract

onlinecontract

Score: 91/100 WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import Affected: *-5.1.4 Patched: Updated: July 3, 2026
LOW

dzs-zoomsounds

dzs-zoomsounds

Score: 83/100 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection Affected: *-6.91 Patched: Updated: July 3, 2026
LOW

rac

rac

Score: N/A WooCommerce Recover Abandoned Cart <= 24.4.0 - Unauthenticated PHP Object Injection Affected: *-24.4.0 Patched: 24.5.0 Updated: July 3, 2026
LOW

point-maker

point-maker

Score: N/A Point Maker <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.6 Patched: Updated: July 3, 2026
LOW

wp-awesome-import-export

wp-awesome-import-export

Score: N/A WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Execution/Privilege Escalation Affected: *-4.1.1 Patched: Updated: July 3, 2026
LOW

simple-notification

simple-notification

Score: N/A Simple Notification <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

gloria-assistant-by-webtronic-labs

gloria-assistant-by-webtronic-labs

Score: 91/100 I Am Gloria <= 1.1.4 - Cross-Site Request Forgery Affected: *-1.1.4 Patched: Updated: July 3, 2026
LOW

recently-purchased-products-for-woo

recently-purchased-products-for-woo

Score: N/A Recently Purchased Products For Woo <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via view Parameter Affected: *-1.1.3 Patched: 1.1.4 Updated: July 3, 2026
LOW

razorpay-subscription-button-elementor

razorpay-subscription-button-elementor

Score: N/A Razorpay Subscription Button Elementor Plugin <= 1.0.3 - Reflected Cross-Site Scripting via add_query_arg and remove_query_arg Functions Affected: *-1.0.3 Patched: 1.0.4 Updated: July 3, 2026
LOW

searchiq

searchiq

Score: N/A SearchIQ – The Search Solution <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.7 Patched: 4.8 Updated: July 3, 2026
LOW

wp-featherlight

wp-featherlight

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library Affected: *-1.3.4 Patched: Updated: July 3, 2026
LOW

stylish-google-sheet-reader

stylish-google-sheet-reader

Score: N/A Stylish Google Sheet Reader <= 4.0 - Reflected Cross-Site Scripting Affected: *-4.0 Patched: 4.1 Updated: July 3, 2026
LOW

responsive-lightbox

responsive-lightbox

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library Affected: *-2.4.7 Patched: 2.4.8 Updated: July 3, 2026
LOW

hslide

hslide

Score: 91/100 Hero Slider - WordPress Slider Plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection Affected: *-1.3.5 Patched: Updated: July 3, 2026
LOW

hmenu

hmenu

Score: 83/100 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion Affected: *-1.16.5 Patched: Updated: July 3, 2026
LOW

hmenu

hmenu

Score: 83/100 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Reflected Cross-Site Scripting Affected: *-1.16.5 Patched: Updated: July 3, 2026
LOW

hmenu

hmenu

Score: 83/100 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection Affected: *-1.16.5 Patched: Updated: July 3, 2026
LOW

favorites

favorites

Score: 91/100 Favorites <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.3.4 Patched: 2.3.5 Updated: July 3, 2026
LOW

email-customizer-for-woocommerce-with-drag-drop-builder

email-customizer-for-woocommerce-with-drag-drop-builder

Score: 91/100 WooMail - WooCommerce Email Customizer <= 3.0.34 - Authenticated (Subscriber+) Missing Authorization to SQL Injection Affected: *-3.0.34 Patched: Updated: July 3, 2026
LOW

bbpress

bbpress

Score: 93/100 bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation Affected: *-2.6.11 Patched: 2.6.12 Updated: July 3, 2026
LOW

aoa-downloadable

aoa-downloadable

Score: 95/100 Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Arbitrary File Download Affected: *-0.1.0 Patched: Updated: July 3, 2026
LOW

aoa-downloadable

aoa-downloadable

Score: 95/100 Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Server-Side Request Forgery Affected: *-0.1.0 Patched: Updated: July 3, 2026
LOW

ultimate-auction

ultimate-auction

Score: N/A Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion Affected: *-4.2.9 Patched: 4.3.0 Updated: July 3, 2026
LOW

shortcodes-ultimate

shortcodes-ultimate

Score: N/A WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter Affected: *-7.3.3 Patched: 7.3.4 Updated: July 3, 2026
LOW

wallet-system-for-woocommerce

wallet-system-for-woocommerce

Score: N/A Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site Request Forgery Affected: *-2.6.2 Patched: 2.6.3 Updated: July 3, 2026
LOW

wallet-system-for-woocommerce

wallet-system-for-woocommerce

Score: N/A Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing Authorization Affected: *-2.6.2 Patched: 2.6.3 Updated: July 3, 2026
LOW

master-addons

master-addons

Score: 93/100 Master Addons <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-2.0.7.2 Patched: 2.0.7.3 Updated: July 3, 2026
LOW

master-addons

master-addons

Score: 93/100 Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-2.0.7.1 Patched: 2.0.7.2 Updated: July 3, 2026
LOW

structured-content

structured-content

Score: N/A Structured Content (JSON-LD) #wpsc <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode Affected: *-1.6.3 Patched: 1.6.4 Updated: July 3, 2026
LOW

zigaform-form-builder-lite

zigaform-form-builder-lite

Score: N/A Zigaform – Form Builder Lite <= 7.4.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-7.4.2 Patched: 7.4.3 Updated: July 3, 2026
LOW

wp-recall

wp-recall

Score: N/A WP-Recall – Registration, Profile, Commerce & More <= 16.26.11 - Authenticated (Admin+) SQL Injection Affected: *-16.26.11 Patched: 16.26.12 Updated: July 3, 2026
LOW

WP Google Review Slider

wp-google-places-review-slider

Score: 70/100 WP Google Review Slider <= 15.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-15.5 Patched: 15.6 Updated: July 3, 2026
LOW

wp-advanced-search

wp-advanced-search

Score: N/A WordPress WP-Advanced-Search <= 3.3.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.3.9.2 Patched: 3.3.9.3 Updated: July 3, 2026
LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.7.1 Patched: 1.7.2 Updated: July 3, 2026
LOW

teachpress

teachpress

Score: N/A teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection Affected: *-9.0.7 Patched: 9.0.8 Updated: July 3, 2026
LOW

taskbuilder

taskbuilder

Score: N/A Taskbuilder <= 3.0.8 - Authenticated (Admin+) SQL Injection Affected: *-3.0.8 Patched: 3.0.9 Updated: July 3, 2026
LOW

tarteaucitron-wp

tarteaucitron-wp

Score: N/A tarteaucitron.js for WordPress < 0.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: [*, 0.3.0) Patched: 0.3.0 Updated: July 3, 2026
LOW

tarteaucitron-wp

tarteaucitron-wp

Score: N/A tarteaucitron.js for WordPress < 0.3.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: [*, 0.3.0) Patched: 0.3.0 Updated: July 3, 2026
LOW

stylish-price-list

stylish-price-list

Score: N/A Stylish Price List <= 7.1.11 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-7.1.11 Patched: 7.1.12 Updated: July 3, 2026
LOW

GEO Plugin by Squirrly SEO

squirrly-seo

Score: N/A SEO Plugin by Squirrly SEO <= 12.4.07 - Missing Authorization Affected: *-12.4.07 Patched: 12.4.08 Updated: July 3, 2026
LOW

smart-maintenance-mode

smart-maintenance-mode

Score: N/A Smart Maintenance Mode <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.2 Updated: July 3, 2026
LOW

smart-maintenance-mode

smart-maintenance-mode

Score: N/A Smart Maintenance Mode <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.2 Updated: July 3, 2026
LOW

slider-wd

slider-wd

Score: N/A Slider by 10Web <= 1.2.61 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget Affected: *-1.2.61 Patched: 1.2.62 Updated: July 3, 2026
LOW

slider-wd

slider-wd

Score: N/A Slider by 10Web <= 1.2.61 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.61 Patched: 1.2.62 Updated: July 3, 2026
LOW

simple-basic-contact-form

simple-basic-contact-form

Score: N/A Simple Basic Contact Form <= 20240511 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-20240511 Patched: 20250114 Updated: July 3, 2026
LOW

simple-banner

simple-banner

Score: N/A Simple Banner <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.3 Patched: 3.0.4 Updated: July 3, 2026
LOW

Robo Gallery – Photo & Image Slider

robo-gallery

Score: N/A Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.23 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.2.23 Patched: 3.2.24 Updated: July 3, 2026
LOW

registrations-for-the-events-calendar

registrations-for-the-events-calendar

Score: N/A Registrations for the Events Calendar <= 2.13.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.13.3 Patched: 2.13.4 Updated: July 3, 2026
LOW

recapture-for-woocommerce

recapture-for-woocommerce

Score: N/A Recapture for WooCommerce <= 1.0.43 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.43 Patched: 1.0.44 Updated: July 3, 2026
LOW

publishpress-authors

publishpress-authors

Score: N/A PublishPress Authors <= 4.7.3 - Authenticated (Administrator+) SQL Injection Affected: *-4.7.3 Patched: 4.7.4 Updated: July 3, 2026
LOW

podlove-podcasting-plugin-for-wordpress

podlove-podcasting-plugin-for-wordpress

Score: N/A Podlove Podcast Publisher <= 4.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.2.0 Patched: 4.2.1 Updated: July 3, 2026
LOW

podlove-podcasting-plugin-for-wordpress

podlove-podcasting-plugin-for-wordpress

Score: N/A Podlove Podcast Publisher <= 4.1.23 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.1.23 Patched: 4.1.24 Updated: July 3, 2026
LOW

pirate-forms

pirate-forms

Score: N/A Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.5.2 Patched: 2.6.0 Updated: July 3, 2026
LOW

pirate-forms

pirate-forms

Score: N/A Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.5.2 Patched: 2.6.0 Updated: July 3, 2026
LOW

my-wp-tabs

my-wp-tabs

Score: 93/100 WP Tabs <= 2.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.2.6 Patched: 2.2.7 Updated: July 3, 2026
LOW

mobile-contact-bar

mobile-contact-bar

Score: 93/100 Mobile Contact Bar <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.0.4 Patched: 3.0.5 Updated: July 3, 2026
LOW

mb-custom-post-type

mb-custom-post-type

Score: 93/100 MB Custom Post Types & Custom Taxonomies <= 2.7.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.7.6 Patched: 2.7.7 Updated: July 3, 2026
LOW

m1downloadlist

m1downloadlist

Score: 91/100 m1.DownloadList <= 0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.19 Patched: 0.20 Updated: July 3, 2026
LOW

lifterlms

lifterlms

Score: 93/100 LifterLMS <= 8.0.0 - Reflected Cross-Site Scripting Affected: *-8.0.0 Patched: 8.0.1 Updated: July 3, 2026
LOW

lead-form-builder

lead-form-builder

Score: 93/100 Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.9.7 Patched: 1.9.8 Updated: July 3, 2026
LOW

jsfiddle-shortcode

jsfiddle-shortcode

Score: 93/100 JSFiddle Shortcode <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.1 Patched: 1.1.2 Updated: July 3, 2026
LOW

job-postings

job-postings

Score: 91/100 Job Postings <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.10 Patched: 2.7.11 Updated: July 3, 2026
LOW

instagram-slider-widget

instagram-slider-widget

Score: 93/100 Social Slider Feed <= 2.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.8 Patched: 2.2.9 Updated: July 3, 2026
LOW

icegram

icegram

Score: 93/100 Icegram Engage <= 3.1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.31 Patched: 3.1.32 Updated: July 3, 2026
LOW

icegram

icegram

Score: 93/100 Icegram Engage <= 3.1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.31 Patched: 3.1.32 Updated: July 3, 2026
LOW

hd-quiz

hd-quiz

Score: 93/100 HD Quiz <= 1.8.14 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.8.14 Patched: 2.0.0 Updated: July 3, 2026
LOW

google-website-translator

google-website-translator

Score: 93/100 Prisna GWT – Google Website Translator <= 1.4.13 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.4.13 Patched: 1.4.14 Updated: July 3, 2026
LOW

google-website-translator

google-website-translator

Score: 93/100 Prisna GWT – Google Website Translator <= 1.4.13 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.4.13 Patched: 1.4.14 Updated: July 3, 2026
LOW

give

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection Affected: *-3.19.4 Patched: 3.20.0 Updated: July 3, 2026
LOW

gdpr-framework

gdpr-framework

Score: 93/100 The GDPR Framework By Data443 <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.1.0 Patched: 2.2.0 Updated: July 3, 2026
LOW

form-maker

form-maker

Score: 93/100 Form Maker by 10Web <= 1.15.29 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.15.29 Patched: 1.15.30 Updated: July 3, 2026
LOW

erp

erp

Score: 93/100 WP ERP <= 1.13.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.13.3 Patched: 1.13.4 Updated: July 3, 2026
LOW

erp

erp

Score: 93/100 WP ERP <= 1.13.3 - Authenticated (Employee+) Insecure Direct Object Reference Affected: *-1.13.3 Patched: 1.13.4 Updated: July 3, 2026
LOW

different-shipping-and-billing-address-for-woocommerce

different-shipping-and-billing-address-for-woocommerce

Score: 93/100 Multiple Shipping And Billing Address For Woocommerce <= 1.3 - Unauthenticated SQL Injection Affected: *-1.3 Patched: 1.5 Updated: July 3, 2026
LOW

cyan-backup

cyan-backup

Score: 93/100 CYAN Backup <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.5.2 Patched: 2.5.3 Updated: July 3, 2026
LOW

cyan-backup

cyan-backup

Score: 93/100 CYAN Backup <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.5.2 Patched: 2.5.3 Updated: July 3, 2026
LOW

custom-registration-form-builder-with-submission-manager

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-6.0.2 Patched: 6.0.2.1 Updated: July 3, 2026
LOW

auto-prune-posts

auto-prune-posts

Score: 93/100 Auto Prune Posts <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 3.0.0 Updated: July 3, 2026
LOW

animation-addons-for-elementor-pro

animation-addons-for-elementor-pro

Score: 97/100 Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Affected: *-1.6 Patched: 1.7 Updated: July 3, 2026
LOW

advanced-form-integration

advanced-form-integration

Score: 97/100 AFI – The Easiest Integration Plugin <= 1.99.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.99.0 Patched: 1.100.0 Updated: July 3, 2026
LOW

advanced-form-integration

advanced-form-integration

Score: 97/100 AFI – The Easiest Integration Plugin <= 1.99.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.99.0 Patched: 1.100.0 Updated: July 3, 2026
LOW

aco-product-labels-for-woocommerce

aco-product-labels-for-woocommerce

Score: 97/100 Product Labels For Woocommerce (Sale Badges) <= 1.5.10 - Authenticated (Admin+) SQL Injection Affected: *-1.5.10 Patched: 1.5.11 Updated: July 3, 2026

Showing 11501 to 11600 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 07:14 UTC.