Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
aco-product-labels-for-woocommerce aco-product-labels-for-woocommerce
97
Product Labels For Woocommerce (Sale Badges) <= 1.5.8 - Authenticated (Admin+) SQL Injection LOW *-1.5.8 1.5.9 July 3, 2026
wpantiddos wpantiddos N/A WP AntiDDOS <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 3, 2026
wp-nested-pages wp-nested-pages N/A Nested Pages <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.12 3.2.13 July 3, 2026
wp-discord-post wp-discord-post N/A WP Discord Post <= 2.1.0 - Reflected Cross-Site Scripting LOW *-2.1.0 July 3, 2026
Melapress File Monitor website-file-changes-monitor
97
Melapress File Monitor <= 2.0.2 - Authenticated (Admin+) Authenticated SQL Injection LOW *-2.0.2 2.1.0 July 3, 2026
Melapress File Monitor website-file-changes-monitor
97
Melapress File Monitor <= 2.1.0 - Authenticated (Admin+) Authenticated SQL Injection LOW *-2.1.0 2.1.1 July 3, 2026
wc-pre-order wc-pre-order N/A Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin <= 2.2 - Reflected Cross-Site Scripting LOW *-2.2 July 3, 2026
social-pug social-pug N/A Hubbub Lite <= 1.34.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.34.3 1.34.4 July 3, 2026
sms-alert sms-alert N/A SMS Alert Order Notifications – WooCommerce <= 3.7.8 - Unauthenticated SQL Injection LOW *-3.7.8 3.7.9 July 3, 2026
random-image-selector random-image-selector N/A Random Image Selector <= 2.4 - Reflected Cross-Site Scripting LOW *-2.4 July 3, 2026
powerpress powerpress N/A PowerPress Podcasting <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-11.9.17 11.9.18 July 3, 2026
pods pods N/A Pods – Custom Content Types and Fields <= 3.2.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.2.8.1 3.2.8.2 July 3, 2026
photo-gallery photo-gallery N/A Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.32 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.8.32 1.8.33 July 3, 2026
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider ml-slider
88
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.94.0 3.95.0 July 3, 2026
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider ml-slider
88
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.94.0 3.95.0 July 3, 2026
memberspace memberspace
93
MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting LOW *-2.1.13 2.1.14 July 3, 2026
gsheetconnector-easy-digital-downloads gsheetconnector-easy-digital-downloads
93
Easy Digital Downloads Google Sheet Connector <= 1.6.6 - Cross-Site Request Forgery to Access Code Update LOW *-1.6.5 1.6.6 July 3, 2026
form-maker form-maker
93
Form Maker by 10Web <= 1.15.29 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.15.29 1.15.30 July 3, 2026
edd-google-sheet-connector-pro edd-google-sheet-connector-pro
93
Easy Digital Downloads Google Sheet Connector <= 1.6.6 - Cross-Site Request Forgery to Access Code Update LOW [*, 1.4) 1.4 July 3, 2026
easync-booking easync-booking
93
Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.14 - Cross-Site Request Forgery LOW *-1.3.14 1.3.15 July 3, 2026
debug-bar-extender debug-bar-extender
91
Debug-Bar-Extender <= 0.5 - Reflected Cross-Site Scripting LOW *-0.5 July 3, 2026
Calculated Fields Form calculated-fields-form
70
Calculated Fields Form <= 5.2.63 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-5.2.63 5.2.64 July 3, 2026
wp-posts-carousel wp-posts-carousel N/A WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play_timeout Parameter LOW *-1.3.7 1.3.8 July 3, 2026
woo-altcoin-payment-gateway woo-altcoin-payment-gateway N/A Bitcoin / AltCoin Payment Gateway for WooCommerce <= 1.7.6 - Unauthenticated SQL Injection LOW *-1.7.6 July 3, 2026
secure-copy-content-protection secure-copy-content-protection N/A Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function LOW *-4.4.7 4.4.8 July 3, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-2.6.9 2.7.0 July 3, 2026
Fluent Support – Helpdesk & Customer Support Ticket System fluent-support
79
Fluent Support – Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-1.8.5 1.8.6 July 3, 2026
templatesnext-toolkit templatesnext-toolkit N/A TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.2.9 July 3, 2026
sku-for-woocommerce sku-for-woocommerce N/A SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting LOW *-1.6.2 1.6.3 July 3, 2026
clicface-trombi clicface-trombi
91
Clicface Trombi <= 2.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via nom Parameter LOW *-2.08 July 3, 2026
currency-switcher-woocommerce currency-switcher-woocommerce
93
Currency Switcher for WooCommerce <= 2.16.2 - Reflected Cross-Site Scripting LOW *-2.16.2 2.16.3 July 3, 2026
multilevel-referral-plugin-for-woocommerce multilevel-referral-plugin-for-woocommerce
93
Multilevel Referral Affiliate Plugin for WooCommerce <= 2.28 - Authenticated (Subscriber+) SQL Injection LOW *-2.28 2.28.1 July 3, 2026
simplepress simplepress N/A Simple:Press <= 6.10.12 - Cross-Site Request Forgery to Unauthorized Post Editing LOW *-6.10.12 6.10.13 July 3, 2026
booking-calendar-and-notification booking-calendar-and-notification
87
Booking Calendar and Notification <= 4.0.3 - Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions LOW *-4.0.3 July 3, 2026
wc4bp wc4bp N/A BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update LOW *-3.4.24 3.4.25 July 3, 2026
wc4bp wc4bp N/A BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update LOW *-3.4.25 3.4.26 July 3, 2026
surveyjs surveyjs N/A SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile LOW *-1.12.17 1.12.18 July 3, 2026
Page Builder by SiteOrigin siteorigin-panels
86
Page Builder by SiteOrigin <= 2.31.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.31.4 2.31.5 July 3, 2026
simple-download-counter simple-download-counter N/A Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read LOW *-2.0 2.1 July 3, 2026
setsail-membership setsail-membership N/A SetSail Membership <= 1.0.3 - Authentication Bypass via Account Takeover LOW *-1.0.3 1.1 July 3, 2026
pixelyoursite pixelyoursite N/A PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 10.1.1.1 - Unauthenticated PHP Object Injection LOW 10.1.1.1 10.1.1.2 July 3, 2026
new-album-gallery new-album-gallery
93
Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta LOW *-1.6.3 1.6.4 July 3, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor kadence-blocks
91
Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' LOW *-3.4.9 3.4.10 July 3, 2026
ip2location-redirection ip2location-redirection
93
IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export LOW *-1.33.3 1.33.4 July 3, 2026
generateblocks generateblocks
93
GenerateBlocks <= 1.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via 'get_image_description' LOW *-1.9.1 2.0.0 July 3, 2026
exertio-framework exertio-framework
91
Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update LOW *-1.3.1 1.3.2 July 3, 2026
database-backup database-backup
93
Database Backup and check Tables Automated With Scheduler 2024 <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure LOW *-2.35 2.36 July 3, 2026
database-backup database-backup
93
Database Backup and check Tables Automated With Scheduler 2024 <= 2.36 - Authenticated (Administrator+) Arbitrary File Deletion LOW *-2.36 2.37 July 3, 2026
counter-box counter-box
93
Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting LOW *-2.0.6 2.0.7 July 3, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links LOW *-2.7.4 2.7.5 July 3, 2026
authors-list authors-list
91
Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution LOW *-2.0.6 2.0.6.1 July 3, 2026
alloggio-membership alloggio-membership
97
Alloggio Membership <= 1.1 - Authentication Bypass via Social Login Account Takeover LOW *-1.1 1.2 July 3, 2026
academist-membership academist-membership
97
Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover LOW *-1.1.6 1.2 July 3, 2026
site-mailer site-mailer N/A Site Mailer <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting LOW *-1.2.3 1.2.4 July 3, 2026
secupress secupress N/A SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode LOW *-2.2.5.3 2.3 July 3, 2026
order-attachments-for-woocommerce order-attachments-for-woocommerce
91
Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-2.5.1 July 3, 2026
modal-portfolio modal-portfolio
91
Modal Portfolio <= 1.7.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.7.4.2 July 3, 2026
wc-tabs wc-tabs N/A Tabs for WooCommerce <= 1.0.0 - Authentiated (Shop Manager+) PHP Object Injection in product_has_custom_tabs LOW *-1.0.0 July 3, 2026
url-media-uploader url-media-uploader N/A URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding LOW *-1.0.0 1.0.1 July 3, 2026
tablesearch tablesearch N/A BuddyHolis TableSearch <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 3, 2026
wow-entrance-effects-wee wow-entrance-effects-wee N/A WOW Entrance Effects (WEE!) <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1 July 3, 2026
pricingtable pricingtable N/A Pricing Table by PickPlugins <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.12.10 July 3, 2026
fx-calculators fx-calculators
93
Forex Calculators <= 1.3.7 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-1.3.7 1.3.8 July 3, 2026
whmpress whmpress N/A WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update LOW * - 6.3-revision-0 6.3-revision-1 July 3, 2026
ut-elementor-addons-lite ut-elementor-addons-lite N/A Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure LOW *-1.1.8 1.1.9 July 3, 2026
woocommerce-ultimate-gift-card woocommerce-ultimate-gift-card N/A WooCommerce Ultimate Gift Card <= 2.9.2 - Unauthenticated Arbitrary File Upload LOW *-2.9.2 2.9.3 July 3, 2026
kivicare-clinic-management-system kivicare-clinic-management-system
93
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated (Doctor+) SQL Injection via 'u_id' Parameter LOW *-3.6.7 3.6.8 July 3, 2026
exclusive-addons-for-elementor exclusive-addons-for-elementor
93
Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets LOW *-2.7.6 2.7.7 July 3, 2026
post-type-x post-type-x N/A Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode LOW *-1.7.11 1.8.0 July 3, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder user-registration N/A User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting LOW *-4.0.4 4.1.0 July 3, 2026
google-distance-calculator google-distance-calculator
91
MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1 3.1.1 July 3, 2026
contest-gallery contest-gallery
93
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting LOW *-26.0.0.1 26.0.1 July 3, 2026
wp-social wp-social N/A Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update LOW *-3.1.0 3.1.1 July 3, 2026
woocommerce-ajax-filters woocommerce-ajax-filters N/A Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting LOW *-1.6.8.1 1.6.8.2 July 3, 2026
ratemyagent-official ratemyagent-official N/A RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update LOW *-1.4.0 1.5.0 July 3, 2026
wpforo wpforo N/A wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update LOW *-2.4.1 2.4.2 July 3, 2026
WP Activity Log wp-security-audit-log N/A WP Activity Log <= 5.3.2 - Authenticated (Admin+) PHP Object Injection LOW *-5.3.2 5.3.3 July 3, 2026
woo-thank-you-page-nextmove-lite woo-thank-you-page-nextmove-lite N/A NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission LOW *-2.19.0 2.20.0 July 3, 2026
whmpress_client_area_api whmpress_client_area_api N/A WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update LOW * - 4.3-revision-3 July 3, 2026
post-grid post-grid N/A Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure LOW *-2.3.6 2.3.7 July 3, 2026
Gallery by FooGallery foogallery
82
FooGallery <= 2.4.29 - Reflected Cross-Site Scripting LOW *-2.4.29 2.4.30 July 3, 2026
directorist directorist
93
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP LOW *-8.1 8.2 July 3, 2026
dhvc-form dhvc-form
93
DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation LOW *-2.4.7 2.4.8 July 3, 2026
card-elements-for-elementor card-elements-for-elementor
93
Card Elements for Elementor <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Profile Card Widget LOW *-1.2.6 1.2.7 July 3, 2026
final-tiles-grid-gallery-lite final-tiles-grid-gallery-lite
93
Image Photo Gallery Final Tiles Grid <= 3.6.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting LOW *-3.6.0 3.6.1 July 3, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
92
Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW 1.39.2 1.39.3 July 3, 2026
onestore-sites onestore-sites
89
OneStore Sites <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery LOW *-0.1.1 July 3, 2026
sakolawp-lite sakolawp-lite N/A School Management System – SakolaWP <= 1.0.8 - Cross-Site Request Forgery to Exam Setting Manipulation LOW *-1.0.8 July 3, 2026
wp-programmmanager wp-programmmanager N/A WP-PManager <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 3, 2026
tmm_stripe_checkout tmm_stripe_checkout N/A ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0.1 1.0.2 July 3, 2026
tmm_paypal_checkout tmm_paypal_checkout N/A ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.1.9 1.2.0 July 3, 2026
templines-helper-core templines-helper-core N/A Templines Elementor Helper Core <= 2.7 - Authenticated (Subscriber+) Privilege Escalation LOW *-2.7 2.8 July 3, 2026
spotbot spotbot N/A SpotBot <= 0.1.8 - Reflected Cross-Site Scripting LOW *-0.1.8 July 3, 2026
Site Reviews site-reviews N/A Site Reviews <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting LOW *-7.2.4 7.2.5 July 3, 2026
passbeemedia-web-push-notifications passbeemedia-web-push-notifications N/A Passbeemedia Web Push Notification <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 3, 2026
ninja-page-categories-and-tags ninja-page-categories-and-tags
91
Ninja Pages <= 1.4.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.4.2 July 3, 2026
my-quota my-quota
91
My Quota <= 1.0.8 - Reflected Cross-Site Scripting LOW *-1.0.8 July 3, 2026
meintopf meintopf
91
mEintopf <= 0.2.1 - Reflected Cross-Site Scripting LOW *-0.2.1 July 3, 2026
login-me-now login-me-now
93
Login Me Now <= 1.7.2 - Authentication Bypass LOW *-1.7.2 1.7.3 July 3, 2026
linkmyposts linkmyposts
91
Link My Posts <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
LOW

aco-product-labels-for-woocommerce

aco-product-labels-for-woocommerce

Score: 97/100 Product Labels For Woocommerce (Sale Badges) <= 1.5.8 - Authenticated (Admin+) SQL Injection Affected: *-1.5.8 Patched: 1.5.9 Updated: July 3, 2026
LOW

wpantiddos

wpantiddos

Score: N/A WP AntiDDOS <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 3, 2026
LOW

wp-nested-pages

wp-nested-pages

Score: N/A Nested Pages <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.12 Patched: 3.2.13 Updated: July 3, 2026
LOW

wp-discord-post

wp-discord-post

Score: N/A WP Discord Post <= 2.1.0 - Reflected Cross-Site Scripting Affected: *-2.1.0 Patched: Updated: July 3, 2026
LOW

Melapress File Monitor

website-file-changes-monitor

Score: 97/100 Melapress File Monitor <= 2.0.2 - Authenticated (Admin+) Authenticated SQL Injection Affected: *-2.0.2 Patched: 2.1.0 Updated: July 3, 2026
LOW

Melapress File Monitor

website-file-changes-monitor

Score: 97/100 Melapress File Monitor <= 2.1.0 - Authenticated (Admin+) Authenticated SQL Injection Affected: *-2.1.0 Patched: 2.1.1 Updated: July 3, 2026
LOW

wc-pre-order

wc-pre-order

Score: N/A Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 3, 2026
LOW

social-pug

social-pug

Score: N/A Hubbub Lite <= 1.34.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.34.3 Patched: 1.34.4 Updated: July 3, 2026
LOW

sms-alert

sms-alert

Score: N/A SMS Alert Order Notifications – WooCommerce <= 3.7.8 - Unauthenticated SQL Injection Affected: *-3.7.8 Patched: 3.7.9 Updated: July 3, 2026
LOW

random-image-selector

random-image-selector

Score: N/A Random Image Selector <= 2.4 - Reflected Cross-Site Scripting Affected: *-2.4 Patched: Updated: July 3, 2026
LOW

powerpress

powerpress

Score: N/A PowerPress Podcasting <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-11.9.17 Patched: 11.9.18 Updated: July 3, 2026
LOW

pods

pods

Score: N/A Pods – Custom Content Types and Fields <= 3.2.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.2.8.1 Patched: 3.2.8.2 Updated: July 3, 2026
LOW

photo-gallery

photo-gallery

Score: N/A Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.32 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.8.32 Patched: 1.8.33 Updated: July 3, 2026
LOW

memberspace

memberspace

Score: 93/100 MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting Affected: *-2.1.13 Patched: 2.1.14 Updated: July 3, 2026
LOW

gsheetconnector-easy-digital-downloads

gsheetconnector-easy-digital-downloads

Score: 93/100 Easy Digital Downloads Google Sheet Connector <= 1.6.6 - Cross-Site Request Forgery to Access Code Update Affected: *-1.6.5 Patched: 1.6.6 Updated: July 3, 2026
LOW

form-maker

form-maker

Score: 93/100 Form Maker by 10Web <= 1.15.29 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.15.29 Patched: 1.15.30 Updated: July 3, 2026
LOW

edd-google-sheet-connector-pro

edd-google-sheet-connector-pro

Score: 93/100 Easy Digital Downloads Google Sheet Connector <= 1.6.6 - Cross-Site Request Forgery to Access Code Update Affected: [*, 1.4) Patched: 1.4 Updated: July 3, 2026
LOW

easync-booking

easync-booking

Score: 93/100 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.14 - Cross-Site Request Forgery Affected: *-1.3.14 Patched: 1.3.15 Updated: July 3, 2026
LOW

debug-bar-extender

debug-bar-extender

Score: 91/100 Debug-Bar-Extender <= 0.5 - Reflected Cross-Site Scripting Affected: *-0.5 Patched: Updated: July 3, 2026
LOW

Calculated Fields Form

calculated-fields-form

Score: 70/100 Calculated Fields Form <= 5.2.63 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.2.63 Patched: 5.2.64 Updated: July 3, 2026
LOW

wp-posts-carousel

wp-posts-carousel

Score: N/A WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play_timeout Parameter Affected: *-1.3.7 Patched: 1.3.8 Updated: July 3, 2026
LOW

woo-altcoin-payment-gateway

woo-altcoin-payment-gateway

Score: N/A Bitcoin / AltCoin Payment Gateway for WooCommerce <= 1.7.6 - Unauthenticated SQL Injection Affected: *-1.7.6 Patched: Updated: July 3, 2026
LOW

secure-copy-content-protection

secure-copy-content-protection

Score: N/A Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function Affected: *-4.4.7 Patched: 4.4.8 Updated: July 3, 2026
LOW

templatesnext-toolkit

templatesnext-toolkit

Score: N/A TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.2.9 Patched: Updated: July 3, 2026
LOW

sku-for-woocommerce

sku-for-woocommerce

Score: N/A SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting Affected: *-1.6.2 Patched: 1.6.3 Updated: July 3, 2026
LOW

clicface-trombi

clicface-trombi

Score: 91/100 Clicface Trombi <= 2.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via nom Parameter Affected: *-2.08 Patched: Updated: July 3, 2026
LOW

currency-switcher-woocommerce

currency-switcher-woocommerce

Score: 93/100 Currency Switcher for WooCommerce <= 2.16.2 - Reflected Cross-Site Scripting Affected: *-2.16.2 Patched: 2.16.3 Updated: July 3, 2026
LOW

multilevel-referral-plugin-for-woocommerce

multilevel-referral-plugin-for-woocommerce

Score: 93/100 Multilevel Referral Affiliate Plugin for WooCommerce <= 2.28 - Authenticated (Subscriber+) SQL Injection Affected: *-2.28 Patched: 2.28.1 Updated: July 3, 2026
LOW

simplepress

simplepress

Score: N/A Simple:Press <= 6.10.12 - Cross-Site Request Forgery to Unauthorized Post Editing Affected: *-6.10.12 Patched: 6.10.13 Updated: July 3, 2026
LOW

booking-calendar-and-notification

booking-calendar-and-notification

Score: 87/100 Booking Calendar and Notification <= 4.0.3 - Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions Affected: *-4.0.3 Patched: Updated: July 3, 2026
LOW

wc4bp

wc4bp

Score: N/A BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update Affected: *-3.4.24 Patched: 3.4.25 Updated: July 3, 2026
LOW

wc4bp

wc4bp

Score: N/A BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update Affected: *-3.4.25 Patched: 3.4.26 Updated: July 3, 2026
LOW

surveyjs

surveyjs

Score: N/A SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile Affected: *-1.12.17 Patched: 1.12.18 Updated: July 3, 2026
LOW

Page Builder by SiteOrigin

siteorigin-panels

Score: 86/100 Page Builder by SiteOrigin <= 2.31.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.31.4 Patched: 2.31.5 Updated: July 3, 2026
LOW

simple-download-counter

simple-download-counter

Score: N/A Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read Affected: *-2.0 Patched: 2.1 Updated: July 3, 2026
LOW

setsail-membership

setsail-membership

Score: N/A SetSail Membership <= 1.0.3 - Authentication Bypass via Account Takeover Affected: *-1.0.3 Patched: 1.1 Updated: July 3, 2026
LOW

pixelyoursite

pixelyoursite

Score: N/A PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 10.1.1.1 - Unauthenticated PHP Object Injection Affected: 10.1.1.1 Patched: 10.1.1.2 Updated: July 3, 2026
LOW

new-album-gallery

new-album-gallery

Score: 93/100 Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta Affected: *-1.6.3 Patched: 1.6.4 Updated: July 3, 2026
LOW

ip2location-redirection

ip2location-redirection

Score: 93/100 IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export Affected: *-1.33.3 Patched: 1.33.4 Updated: July 3, 2026
LOW

generateblocks

generateblocks

Score: 93/100 GenerateBlocks <= 1.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via 'get_image_description' Affected: *-1.9.1 Patched: 2.0.0 Updated: July 3, 2026
LOW

exertio-framework

exertio-framework

Score: 91/100 Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update Affected: *-1.3.1 Patched: 1.3.2 Updated: July 3, 2026
LOW

database-backup

database-backup

Score: 93/100 Database Backup and check Tables Automated With Scheduler 2024 <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure Affected: *-2.35 Patched: 2.36 Updated: July 3, 2026
LOW

database-backup

database-backup

Score: 93/100 Database Backup and check Tables Automated With Scheduler 2024 <= 2.36 - Authenticated (Administrator+) Arbitrary File Deletion Affected: *-2.36 Patched: 2.37 Updated: July 3, 2026
LOW

counter-box

counter-box

Score: 93/100 Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting Affected: *-2.0.6 Patched: 2.0.7 Updated: July 3, 2026
LOW

authors-list

authors-list

Score: 91/100 Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution Affected: *-2.0.6 Patched: 2.0.6.1 Updated: July 3, 2026
LOW

alloggio-membership

alloggio-membership

Score: 97/100 Alloggio Membership <= 1.1 - Authentication Bypass via Social Login Account Takeover Affected: *-1.1 Patched: 1.2 Updated: July 3, 2026
LOW

academist-membership

academist-membership

Score: 97/100 Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover Affected: *-1.1.6 Patched: 1.2 Updated: July 3, 2026
LOW

site-mailer

site-mailer

Score: N/A Site Mailer <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: July 3, 2026
LOW

secupress

secupress

Score: N/A SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode Affected: *-2.2.5.3 Patched: 2.3 Updated: July 3, 2026
LOW

order-attachments-for-woocommerce

order-attachments-for-woocommerce

Score: 91/100 Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-2.5.1 Patched: Updated: July 3, 2026
LOW

modal-portfolio

modal-portfolio

Score: 91/100 Modal Portfolio <= 1.7.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.4.2 Patched: Updated: July 3, 2026
LOW

wc-tabs

wc-tabs

Score: N/A Tabs for WooCommerce <= 1.0.0 - Authentiated (Shop Manager+) PHP Object Injection in product_has_custom_tabs Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

url-media-uploader

url-media-uploader

Score: N/A URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding Affected: *-1.0.0 Patched: 1.0.1 Updated: July 3, 2026
LOW

tablesearch

tablesearch

Score: N/A BuddyHolis TableSearch <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 3, 2026
LOW

wow-entrance-effects-wee

wow-entrance-effects-wee

Score: N/A WOW Entrance Effects (WEE!) <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 3, 2026
LOW

pricingtable

pricingtable

Score: N/A Pricing Table by PickPlugins <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.12.10 Patched: Updated: July 3, 2026
LOW

fx-calculators

fx-calculators

Score: 93/100 Forex Calculators <= 1.3.7 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-1.3.7 Patched: 1.3.8 Updated: July 3, 2026
LOW

whmpress

whmpress

Score: N/A WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update Affected: * - 6.3-revision-0 Patched: 6.3-revision-1 Updated: July 3, 2026
LOW

ut-elementor-addons-lite

ut-elementor-addons-lite

Score: N/A Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure Affected: *-1.1.8 Patched: 1.1.9 Updated: July 3, 2026
LOW

woocommerce-ultimate-gift-card

woocommerce-ultimate-gift-card

Score: N/A WooCommerce Ultimate Gift Card <= 2.9.2 - Unauthenticated Arbitrary File Upload Affected: *-2.9.2 Patched: 2.9.3 Updated: July 3, 2026
LOW

kivicare-clinic-management-system

kivicare-clinic-management-system

Score: 93/100 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated (Doctor+) SQL Injection via 'u_id' Parameter Affected: *-3.6.7 Patched: 3.6.8 Updated: July 3, 2026
LOW

exclusive-addons-for-elementor

exclusive-addons-for-elementor

Score: 93/100 Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets Affected: *-2.7.6 Patched: 2.7.7 Updated: July 3, 2026
LOW

post-type-x

post-type-x

Score: N/A Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode Affected: *-1.7.11 Patched: 1.8.0 Updated: July 3, 2026
LOW

google-distance-calculator

google-distance-calculator

Score: 91/100 MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1 Patched: 3.1.1 Updated: July 3, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-26.0.0.1 Patched: 26.0.1 Updated: July 3, 2026
LOW

wp-social

wp-social

Score: N/A Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update Affected: *-3.1.0 Patched: 3.1.1 Updated: July 3, 2026
LOW

woocommerce-ajax-filters

woocommerce-ajax-filters

Score: N/A Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting Affected: *-1.6.8.1 Patched: 1.6.8.2 Updated: July 3, 2026
LOW

ratemyagent-official

ratemyagent-official

Score: N/A RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update Affected: *-1.4.0 Patched: 1.5.0 Updated: July 3, 2026
LOW

wpforo

wpforo

Score: N/A wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update Affected: *-2.4.1 Patched: 2.4.2 Updated: July 3, 2026
LOW

WP Activity Log

wp-security-audit-log

Score: N/A WP Activity Log <= 5.3.2 - Authenticated (Admin+) PHP Object Injection Affected: *-5.3.2 Patched: 5.3.3 Updated: July 3, 2026
LOW

woo-thank-you-page-nextmove-lite

woo-thank-you-page-nextmove-lite

Score: N/A NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission Affected: *-2.19.0 Patched: 2.20.0 Updated: July 3, 2026
LOW

whmpress_client_area_api

whmpress_client_area_api

Score: N/A WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update Affected: * - 4.3-revision-3 Patched: Updated: July 3, 2026
LOW

post-grid

post-grid

Score: N/A Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure Affected: *-2.3.6 Patched: 2.3.7 Updated: July 3, 2026
LOW

Gallery by FooGallery

foogallery

Score: 82/100 FooGallery <= 2.4.29 - Reflected Cross-Site Scripting Affected: *-2.4.29 Patched: 2.4.30 Updated: July 3, 2026
LOW

directorist

directorist

Score: 93/100 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP Affected: *-8.1 Patched: 8.2 Updated: July 3, 2026
LOW

dhvc-form

dhvc-form

Score: 93/100 DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation Affected: *-2.4.7 Patched: 2.4.8 Updated: July 3, 2026
LOW

card-elements-for-elementor

card-elements-for-elementor

Score: 93/100 Card Elements for Elementor <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Profile Card Widget Affected: *-1.2.6 Patched: 1.2.7 Updated: July 3, 2026
LOW

final-tiles-grid-gallery-lite

final-tiles-grid-gallery-lite

Score: 93/100 Image Photo Gallery Final Tiles Grid <= 3.6.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting Affected: *-3.6.0 Patched: 3.6.1 Updated: July 3, 2026
LOW

onestore-sites

onestore-sites

Score: 89/100 OneStore Sites <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery Affected: *-0.1.1 Patched: Updated: July 3, 2026
LOW

sakolawp-lite

sakolawp-lite

Score: N/A School Management System – SakolaWP <= 1.0.8 - Cross-Site Request Forgery to Exam Setting Manipulation Affected: *-1.0.8 Patched: Updated: July 3, 2026
LOW

wp-programmmanager

wp-programmmanager

Score: N/A WP-PManager <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

tmm_stripe_checkout

tmm_stripe_checkout

Score: N/A ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0.1 Patched: 1.0.2 Updated: July 3, 2026
LOW

tmm_paypal_checkout

tmm_paypal_checkout

Score: N/A ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1.9 Patched: 1.2.0 Updated: July 3, 2026
LOW

templines-helper-core

templines-helper-core

Score: N/A Templines Elementor Helper Core <= 2.7 - Authenticated (Subscriber+) Privilege Escalation Affected: *-2.7 Patched: 2.8 Updated: July 3, 2026
LOW

spotbot

spotbot

Score: N/A SpotBot <= 0.1.8 - Reflected Cross-Site Scripting Affected: *-0.1.8 Patched: Updated: July 3, 2026
LOW

Site Reviews

site-reviews

Score: N/A Site Reviews <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting Affected: *-7.2.4 Patched: 7.2.5 Updated: July 3, 2026
LOW

passbeemedia-web-push-notifications

passbeemedia-web-push-notifications

Score: N/A Passbeemedia Web Push Notification <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

ninja-page-categories-and-tags

ninja-page-categories-and-tags

Score: 91/100 Ninja Pages <= 1.4.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.4.2 Patched: Updated: July 3, 2026
LOW

my-quota

my-quota

Score: 91/100 My Quota <= 1.0.8 - Reflected Cross-Site Scripting Affected: *-1.0.8 Patched: Updated: July 3, 2026
LOW

meintopf

meintopf

Score: 91/100 mEintopf <= 0.2.1 - Reflected Cross-Site Scripting Affected: *-0.2.1 Patched: Updated: July 3, 2026
LOW

login-me-now

login-me-now

Score: 93/100 Login Me Now <= 1.7.2 - Authentication Bypass Affected: *-1.7.2 Patched: 1.7.3 Updated: July 3, 2026
LOW

linkmyposts

linkmyposts

Score: 91/100 Link My Posts <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026

Showing 11601 to 11700 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 08:11 UTC.