Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36406Across tracked plugins
Affected Plugins
83With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| podlove-podcasting-plugin-for-wordpress | podlove-podcasting-plugin-for-wordpress | N/A | Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function | LOW | *-4.2.2 | 4.2.3 | July 3, 2026 | |
| notibar | notibar |
93
|
Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-2.1.5 | 2.1.6 | July 3, 2026 | |
| moving-media-library | moving-media-library |
93
|
Moving Media Library <= 1.22 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Deletion | LOW | *-1.22 | 1.23 | July 3, 2026 | |
| wp-svg-upload | wp-svg-upload | N/A | WP SVG Upload <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG | LOW | *-1.0.0 | July 3, 2026 | ||
| Greek Multi Tool – Greeklish Slugs, Permalinks & Transliteration | greek-multi-tool |
90
|
Greek Multi Tool <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting | LOW | *-2.3.1 | 2.3.2 | July 3, 2026 | |
| cookiebot | cookiebot |
93
|
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission | LOW | *-4.4.1 | 4.4.2 | July 3, 2026 | |
| booknetic | booknetic |
91
|
Booknetic 4.0 - 4.1.4 - Cross-Site Request Forgery | LOW | 4.0-4.1.4 | 4.1.5 | July 3, 2026 | |
| ad-inserter | ad-inserter |
97
|
Ad Inserter - Ad Manager and AdSense Ads <= 2.8.0 - Reflected Cross-Site Scripting | LOW | *-2.8.0 | 2.8.1 | July 3, 2026 | |
| wpgsi | wpgsi | N/A | Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish | LOW | *-3.8.2 | 3.8.3 | July 3, 2026 | |
| Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | ultimate-member | N/A | Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter | LOW | *-2.10.0 | 2.10.1 | July 3, 2026 | |
| designthemes-core-features | designthemes-core-features |
89
|
DesignThemes Core Features <= 4.7 - Missing Authorization to Unauthenticated Arbitrary File Read via dt_process_imported_file | LOW | *-4.7 | 4.8 | July 3, 2026 | |
| content-control | content-control |
93
|
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | LOW | *-2.5.0 | 2.6.0 | July 3, 2026 | |
| homey-login-register | homey-login-register |
89
|
Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation in homey_register | LOW | *-2.4.0 | July 3, 2026 | ||
| staff-directory-pro | staff-directory-pro | N/A | Company Directory <= 4.3 - Reflected Cross-Site Scripting via add_query_arg Function | LOW | *-4.3 | July 3, 2026 | ||
| Master Slider – Responsive Touch Slider | master-slider |
86
|
Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode | LOW | *-3.10.6 | 3.10.7 | July 3, 2026 | |
| Master Slider – Responsive Touch Slider | master-slider |
86
|
Master Slider – Responsive Touch Slider <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_slider Shortcode | LOW | *-3.10.7 | 3.10.8 | July 3, 2026 | |
| wp-realestate-manager | wp-realestate-manager | N/A | WP Real Estate Manager <= 2.8 - Authentication Bypass via Account Takeover | LOW | *-2.8 | July 3, 2026 | ||
| onlinecontract | onlinecontract |
91
|
WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import | LOW | *-5.1.4 | July 3, 2026 | ||
| dzs-zoomsounds | dzs-zoomsounds |
83
|
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection | LOW | *-6.91 | July 3, 2026 | ||
| rac | rac | N/A | WooCommerce Recover Abandoned Cart <= 24.4.0 - Unauthenticated PHP Object Injection | LOW | *-24.4.0 | 24.5.0 | July 3, 2026 | |
| point-maker | point-maker | N/A | Point Maker <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-0.1.6 | July 3, 2026 | ||
| wp-awesome-import-export | wp-awesome-import-export | N/A | WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Execution/Privilege Escalation | LOW | *-4.1.1 | July 3, 2026 | ||
| simple-notification | simple-notification | N/A | Simple Notification <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.3 | July 3, 2026 | ||
| gloria-assistant-by-webtronic-labs | gloria-assistant-by-webtronic-labs |
91
|
I Am Gloria <= 1.1.4 - Cross-Site Request Forgery | LOW | *-1.1.4 | July 3, 2026 | ||
| recently-purchased-products-for-woo | recently-purchased-products-for-woo | N/A | Recently Purchased Products For Woo <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via view Parameter | LOW | *-1.1.3 | 1.1.4 | July 3, 2026 | |
| razorpay-subscription-button-elementor | razorpay-subscription-button-elementor | N/A | Razorpay Subscription Button Elementor Plugin <= 1.0.3 - Reflected Cross-Site Scripting via add_query_arg and remove_query_arg Functions | LOW | *-1.0.3 | 1.0.4 | July 3, 2026 | |
| searchiq | searchiq | N/A | SearchIQ – The Search Solution <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.7 | 4.8 | July 3, 2026 | |
| wp-featherlight | wp-featherlight | N/A | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library | LOW | *-1.3.4 | July 3, 2026 | ||
| stylish-google-sheet-reader | stylish-google-sheet-reader | N/A | Stylish Google Sheet Reader <= 4.0 - Reflected Cross-Site Scripting | LOW | *-4.0 | 4.1 | July 3, 2026 | |
| responsive-lightbox | responsive-lightbox | N/A | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library | LOW | *-2.4.7 | 2.4.8 | July 3, 2026 | |
| hslide | hslide |
91
|
Hero Slider - WordPress Slider Plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection | LOW | *-1.3.5 | July 3, 2026 | ||
| hmenu | hmenu |
83
|
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion | LOW | *-1.16.5 | July 3, 2026 | ||
| hmenu | hmenu |
83
|
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Reflected Cross-Site Scripting | LOW | *-1.16.5 | July 3, 2026 | ||
| hmenu | hmenu |
83
|
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection | LOW | *-1.16.5 | July 3, 2026 | ||
| favorites | favorites |
91
|
Favorites <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.3.4 | 2.3.5 | July 3, 2026 | |
| email-customizer-for-woocommerce-with-drag-drop-builder | email-customizer-for-woocommerce-with-drag-drop-builder |
91
|
WooMail - WooCommerce Email Customizer <= 3.0.34 - Authenticated (Subscriber+) Missing Authorization to SQL Injection | LOW | *-3.0.34 | July 3, 2026 | ||
| bbpress | bbpress |
93
|
bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation | LOW | *-2.6.11 | 2.6.12 | July 3, 2026 | |
| aoa-downloadable | aoa-downloadable |
95
|
Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Arbitrary File Download | LOW | *-0.1.0 | July 3, 2026 | ||
| aoa-downloadable | aoa-downloadable |
95
|
Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Server-Side Request Forgery | LOW | *-0.1.0 | July 3, 2026 | ||
| ultimate-auction | ultimate-auction | N/A | Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion | LOW | *-4.2.9 | 4.3.0 | July 3, 2026 | |
| shortcodes-ultimate | shortcodes-ultimate | N/A | WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter | LOW | *-7.3.3 | 7.3.4 | July 3, 2026 | |
| wallet-system-for-woocommerce | wallet-system-for-woocommerce | N/A | Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site Request Forgery | LOW | *-2.6.2 | 2.6.3 | July 3, 2026 | |
| wallet-system-for-woocommerce | wallet-system-for-woocommerce | N/A | Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing Authorization | LOW | *-2.6.2 | 2.6.3 | July 3, 2026 | |
| master-addons | master-addons |
93
|
Master Addons <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | LOW | *-2.0.7.2 | 2.0.7.3 | July 3, 2026 | |
| master-addons | master-addons |
93
|
Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | LOW | *-2.0.7.1 | 2.0.7.2 | July 3, 2026 | |
| structured-content | structured-content | N/A | Structured Content (JSON-LD) #wpsc <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode | LOW | *-1.6.3 | 1.6.4 | July 3, 2026 | |
| zigaform-form-builder-lite | zigaform-form-builder-lite | N/A | Zigaform – Form Builder Lite <= 7.4.2 - Unauthenticated Stored Cross-Site Scripting | LOW | *-7.4.2 | 7.4.3 | July 3, 2026 | |
| wp-recall | wp-recall | N/A | WP-Recall – Registration, Profile, Commerce & More <= 16.26.11 - Authenticated (Admin+) SQL Injection | LOW | *-16.26.11 | 16.26.12 | July 3, 2026 | |
| WP Google Review Slider | wp-google-places-review-slider |
70
|
WP Google Review Slider <= 15.5 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-15.5 | 15.6 | July 3, 2026 | |
| wp-advanced-search | wp-advanced-search | N/A | WordPress WP-Advanced-Search <= 3.3.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.3.9.2 | 3.3.9.3 | July 3, 2026 | |
| VikBooking Hotel Booking Engine & PMS | vikbooking |
95
|
VikBooking Hotel Booking Engine & PMS <= 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.7.1 | 1.7.2 | July 3, 2026 | |
| teachpress | teachpress | N/A | teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection | LOW | *-9.0.7 | 9.0.8 | July 3, 2026 | |
| taskbuilder | taskbuilder | N/A | Taskbuilder <= 3.0.8 - Authenticated (Admin+) SQL Injection | LOW | *-3.0.8 | 3.0.9 | July 3, 2026 | |
| tarteaucitron-wp | tarteaucitron-wp | N/A | tarteaucitron.js for WordPress < 0.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | [*, 0.3.0) | 0.3.0 | July 3, 2026 | |
| tarteaucitron-wp | tarteaucitron-wp | N/A | tarteaucitron.js for WordPress < 0.3.0 - Authenticated (Author+) Stored Cross-Site Scripting | LOW | [*, 0.3.0) | 0.3.0 | July 3, 2026 | |
| stylish-price-list | stylish-price-list | N/A | Stylish Price List <= 7.1.11 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-7.1.11 | 7.1.12 | July 3, 2026 | |
| GEO Plugin by Squirrly SEO | squirrly-seo | N/A | SEO Plugin by Squirrly SEO <= 12.4.07 - Missing Authorization | LOW | *-12.4.07 | 12.4.08 | July 3, 2026 | |
| smart-maintenance-mode | smart-maintenance-mode | N/A | Smart Maintenance Mode <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.5.1 | 1.5.2 | July 3, 2026 | |
| smart-maintenance-mode | smart-maintenance-mode | N/A | Smart Maintenance Mode <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.5.1 | 1.5.2 | July 3, 2026 | |
| slider-wd | slider-wd | N/A | Slider by 10Web <= 1.2.61 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget | LOW | *-1.2.61 | 1.2.62 | July 3, 2026 | |
| slider-wd | slider-wd | N/A | Slider by 10Web <= 1.2.61 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.2.61 | 1.2.62 | July 3, 2026 | |
| simple-basic-contact-form | simple-basic-contact-form | N/A | Simple Basic Contact Form <= 20240511 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-20240511 | 20250114 | July 3, 2026 | |
| simple-banner | simple-banner | N/A | Simple Banner <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-3.0.3 | 3.0.4 | July 3, 2026 | |
| Robo Gallery – Photo & Image Slider | robo-gallery | N/A | Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.23 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.2.23 | 3.2.24 | July 3, 2026 | |
| registrations-for-the-events-calendar | registrations-for-the-events-calendar | N/A | Registrations for the Events Calendar <= 2.13.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.13.3 | 2.13.4 | July 3, 2026 | |
| recapture-for-woocommerce | recapture-for-woocommerce | N/A | Recapture for WooCommerce <= 1.0.43 - Cross-Site Request Forgery to Settings Update | LOW | *-1.0.43 | 1.0.44 | July 3, 2026 | |
| publishpress-authors | publishpress-authors | N/A | PublishPress Authors <= 4.7.3 - Authenticated (Administrator+) SQL Injection | LOW | *-4.7.3 | 4.7.4 | July 3, 2026 | |
| podlove-podcasting-plugin-for-wordpress | podlove-podcasting-plugin-for-wordpress | N/A | Podlove Podcast Publisher <= 4.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-4.2.0 | 4.2.1 | July 3, 2026 | |
| podlove-podcasting-plugin-for-wordpress | podlove-podcasting-plugin-for-wordpress | N/A | Podlove Podcast Publisher <= 4.1.23 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-4.1.23 | 4.1.24 | July 3, 2026 | |
| pirate-forms | pirate-forms | N/A | Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.5.2 | 2.6.0 | July 3, 2026 | |
| pirate-forms | pirate-forms | N/A | Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.5.2 | 2.6.0 | July 3, 2026 | |
| my-wp-tabs | my-wp-tabs |
93
|
WP Tabs <= 2.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.2.6 | 2.2.7 | July 3, 2026 | |
| mobile-contact-bar | mobile-contact-bar |
93
|
Mobile Contact Bar <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.0.4 | 3.0.5 | July 3, 2026 | |
| mb-custom-post-type | mb-custom-post-type |
93
|
MB Custom Post Types & Custom Taxonomies <= 2.7.6 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.7.6 | 2.7.7 | July 3, 2026 | |
| m1downloadlist | m1downloadlist |
91
|
m1.DownloadList <= 0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-0.19 | 0.20 | July 3, 2026 | |
| lifterlms | lifterlms |
93
|
LifterLMS <= 8.0.0 - Reflected Cross-Site Scripting | LOW | *-8.0.0 | 8.0.1 | July 3, 2026 | |
| lead-form-builder | lead-form-builder |
93
|
Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.9.7 | 1.9.8 | July 3, 2026 | |
| jsfiddle-shortcode | jsfiddle-shortcode |
93
|
JSFiddle Shortcode <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.1.1 | 1.1.2 | July 3, 2026 | |
| job-postings | job-postings |
91
|
Job Postings <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.7.10 | 2.7.11 | July 3, 2026 | |
| instagram-slider-widget | instagram-slider-widget |
93
|
Social Slider Feed <= 2.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-2.2.8 | 2.2.9 | July 3, 2026 | |
| icegram | icegram |
93
|
Icegram Engage <= 3.1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-3.1.31 | 3.1.32 | July 3, 2026 | |
| icegram | icegram |
93
|
Icegram Engage <= 3.1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-3.1.31 | 3.1.32 | July 3, 2026 | |
| hd-quiz | hd-quiz |
93
|
HD Quiz <= 1.8.14 - Authenticated (Editor+) Stored Cross-Site Scripting | LOW | *-1.8.14 | 2.0.0 | July 3, 2026 | |
| google-website-translator | google-website-translator |
93
|
Prisna GWT – Google Website Translator <= 1.4.13 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.4.13 | 1.4.14 | July 3, 2026 | |
| google-website-translator | google-website-translator |
93
|
Prisna GWT – Google Website Translator <= 1.4.13 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.4.13 | 1.4.14 | July 3, 2026 | |
| give | give |
93
|
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection | LOW | *-3.19.4 | 3.20.0 | July 3, 2026 | |
| gdpr-framework | gdpr-framework |
93
|
The GDPR Framework By Data443 <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.1.0 | 2.2.0 | July 3, 2026 | |
| form-maker | form-maker |
93
|
Form Maker by 10Web <= 1.15.29 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.15.29 | 1.15.30 | July 3, 2026 | |
| erp | erp |
93
|
WP ERP <= 1.13.3 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.13.3 | 1.13.4 | July 3, 2026 | |
| erp | erp |
93
|
WP ERP <= 1.13.3 - Authenticated (Employee+) Insecure Direct Object Reference | LOW | *-1.13.3 | 1.13.4 | July 3, 2026 | |
| different-shipping-and-billing-address-for-woocommerce | different-shipping-and-billing-address-for-woocommerce |
93
|
Multiple Shipping And Billing Address For Woocommerce <= 1.3 - Unauthenticated SQL Injection | LOW | *-1.3 | 1.5 | July 3, 2026 | |
| cyan-backup | cyan-backup |
93
|
CYAN Backup <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.5.2 | 2.5.3 | July 3, 2026 | |
| cyan-backup | cyan-backup |
93
|
CYAN Backup <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.5.2 | 2.5.3 | July 3, 2026 | |
| custom-registration-form-builder-with-submission-manager | custom-registration-form-builder-with-submission-manager |
93
|
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-6.0.2 | 6.0.2.1 | July 3, 2026 | |
| WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | chatbot |
66
|
AI ChatBot for WordPress – WPBot <= 6.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-6.2.3 | 6.2.4 | July 3, 2026 | |
| auto-prune-posts | auto-prune-posts |
93
|
Auto Prune Posts <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-2.0.0 | 3.0.0 | July 3, 2026 | |
| animation-addons-for-elementor-pro | animation-addons-for-elementor-pro |
97
|
Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation | LOW | *-1.6 | 1.7 | July 3, 2026 | |
| advanced-form-integration | advanced-form-integration |
97
|
AFI – The Easiest Integration Plugin <= 1.99.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.99.0 | 1.100.0 | July 3, 2026 | |
| advanced-form-integration | advanced-form-integration |
97
|
AFI – The Easiest Integration Plugin <= 1.99.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.99.0 | 1.100.0 | July 3, 2026 | |
| aco-product-labels-for-woocommerce | aco-product-labels-for-woocommerce |
97
|
Product Labels For Woocommerce (Sale Badges) <= 1.5.10 - Authenticated (Admin+) SQL Injection | LOW | *-1.5.10 | 1.5.11 | July 3, 2026 |
podlove-podcasting-plugin-for-wordpress
podlove-podcasting-plugin-for-wordpress
notibar
notibar
moving-media-library
moving-media-library
wp-svg-upload
wp-svg-upload
Greek Multi Tool – Greeklish Slugs, Permalinks & Transliteration
greek-multi-tool
cookiebot
cookiebot
booknetic
booknetic
ad-inserter
ad-inserter
wpgsi
wpgsi
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
ultimate-member
designthemes-core-features
designthemes-core-features
content-control
content-control
homey-login-register
homey-login-register
staff-directory-pro
staff-directory-pro
Master Slider – Responsive Touch Slider
master-slider
Master Slider – Responsive Touch Slider
master-slider
wp-realestate-manager
wp-realestate-manager
onlinecontract
onlinecontract
dzs-zoomsounds
dzs-zoomsounds
rac
rac
point-maker
point-maker
wp-awesome-import-export
wp-awesome-import-export
simple-notification
simple-notification
gloria-assistant-by-webtronic-labs
gloria-assistant-by-webtronic-labs
recently-purchased-products-for-woo
recently-purchased-products-for-woo
razorpay-subscription-button-elementor
razorpay-subscription-button-elementor
searchiq
searchiq
wp-featherlight
wp-featherlight
stylish-google-sheet-reader
stylish-google-sheet-reader
responsive-lightbox
responsive-lightbox
hslide
hslide
hmenu
hmenu
hmenu
hmenu
hmenu
hmenu
favorites
favorites
email-customizer-for-woocommerce-with-drag-drop-builder
email-customizer-for-woocommerce-with-drag-drop-builder
bbpress
bbpress
aoa-downloadable
aoa-downloadable
aoa-downloadable
aoa-downloadable
ultimate-auction
ultimate-auction
shortcodes-ultimate
shortcodes-ultimate
wallet-system-for-woocommerce
wallet-system-for-woocommerce
wallet-system-for-woocommerce
wallet-system-for-woocommerce
master-addons
master-addons
master-addons
master-addons
structured-content
structured-content
zigaform-form-builder-lite
zigaform-form-builder-lite
wp-recall
wp-recall
WP Google Review Slider
wp-google-places-review-slider
wp-advanced-search
wp-advanced-search
VikBooking Hotel Booking Engine & PMS
vikbooking
teachpress
teachpress
taskbuilder
taskbuilder
tarteaucitron-wp
tarteaucitron-wp
tarteaucitron-wp
tarteaucitron-wp
stylish-price-list
stylish-price-list
GEO Plugin by Squirrly SEO
squirrly-seo
smart-maintenance-mode
smart-maintenance-mode
smart-maintenance-mode
smart-maintenance-mode
slider-wd
slider-wd
slider-wd
slider-wd
simple-basic-contact-form
simple-basic-contact-form
simple-banner
simple-banner
Robo Gallery – Photo & Image Slider
robo-gallery
registrations-for-the-events-calendar
registrations-for-the-events-calendar
recapture-for-woocommerce
recapture-for-woocommerce
publishpress-authors
publishpress-authors
podlove-podcasting-plugin-for-wordpress
podlove-podcasting-plugin-for-wordpress
podlove-podcasting-plugin-for-wordpress
podlove-podcasting-plugin-for-wordpress
pirate-forms
pirate-forms
pirate-forms
pirate-forms
my-wp-tabs
my-wp-tabs
mobile-contact-bar
mobile-contact-bar
mb-custom-post-type
mb-custom-post-type
m1downloadlist
m1downloadlist
lifterlms
lifterlms
lead-form-builder
lead-form-builder
jsfiddle-shortcode
jsfiddle-shortcode
job-postings
job-postings
instagram-slider-widget
instagram-slider-widget
icegram
icegram
icegram
icegram
hd-quiz
hd-quiz
google-website-translator
google-website-translator
google-website-translator
google-website-translator
give
give
gdpr-framework
gdpr-framework
form-maker
form-maker
erp
erp
erp
erp
different-shipping-and-billing-address-for-woocommerce
different-shipping-and-billing-address-for-woocommerce
cyan-backup
cyan-backup
cyan-backup
cyan-backup
custom-registration-form-builder-with-submission-manager
custom-registration-form-builder-with-submission-manager
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services
chatbot
auto-prune-posts
auto-prune-posts
animation-addons-for-elementor-pro
animation-addons-for-elementor-pro
advanced-form-integration
advanced-form-integration
advanced-form-integration
advanced-form-integration
aco-product-labels-for-woocommerce
aco-product-labels-for-woocommerce
Showing 11501 to 11600 of 36406 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 3, 2026 at 07:14 UTC.