Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36406Across tracked plugins
Affected Plugins
95With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| aco-product-labels-for-woocommerce | aco-product-labels-for-woocommerce |
97
|
Product Labels For Woocommerce (Sale Badges) <= 1.5.8 - Authenticated (Admin+) SQL Injection | LOW | *-1.5.8 | 1.5.9 | July 3, 2026 | |
| wpantiddos | wpantiddos | N/A | WP AntiDDOS <= 2.0 - Reflected Cross-Site Scripting | LOW | *-2.0 | July 3, 2026 | ||
| wp-nested-pages | wp-nested-pages | N/A | Nested Pages <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.2.12 | 3.2.13 | July 3, 2026 | |
| wp-discord-post | wp-discord-post | N/A | WP Discord Post <= 2.1.0 - Reflected Cross-Site Scripting | LOW | *-2.1.0 | July 3, 2026 | ||
| Melapress File Monitor | website-file-changes-monitor |
97
|
Melapress File Monitor <= 2.0.2 - Authenticated (Admin+) Authenticated SQL Injection | LOW | *-2.0.2 | 2.1.0 | July 3, 2026 | |
| Melapress File Monitor | website-file-changes-monitor |
97
|
Melapress File Monitor <= 2.1.0 - Authenticated (Admin+) Authenticated SQL Injection | LOW | *-2.1.0 | 2.1.1 | July 3, 2026 | |
| wc-pre-order | wc-pre-order | N/A | Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin <= 2.2 - Reflected Cross-Site Scripting | LOW | *-2.2 | July 3, 2026 | ||
| social-pug | social-pug | N/A | Hubbub Lite <= 1.34.3 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.34.3 | 1.34.4 | July 3, 2026 | |
| sms-alert | sms-alert | N/A | SMS Alert Order Notifications – WooCommerce <= 3.7.8 - Unauthenticated SQL Injection | LOW | *-3.7.8 | 3.7.9 | July 3, 2026 | |
| random-image-selector | random-image-selector | N/A | Random Image Selector <= 2.4 - Reflected Cross-Site Scripting | LOW | *-2.4 | July 3, 2026 | ||
| powerpress | powerpress | N/A | PowerPress Podcasting <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting | LOW | *-11.9.17 | 11.9.18 | July 3, 2026 | |
| pods | pods | N/A | Pods – Custom Content Types and Fields <= 3.2.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.2.8.1 | 3.2.8.2 | July 3, 2026 | |
| photo-gallery | photo-gallery | N/A | Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.32 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.8.32 | 1.8.33 | July 3, 2026 | |
| Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider | ml-slider |
88
|
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.94.0 | 3.95.0 | July 3, 2026 | |
| Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider | ml-slider |
88
|
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.94.0 | 3.95.0 | July 3, 2026 | |
| memberspace | memberspace |
93
|
MemberSpace <= 2.1.13 - Reflected Cross-Site Scripting | LOW | *-2.1.13 | 2.1.14 | July 3, 2026 | |
| gsheetconnector-easy-digital-downloads | gsheetconnector-easy-digital-downloads |
93
|
Easy Digital Downloads Google Sheet Connector <= 1.6.6 - Cross-Site Request Forgery to Access Code Update | LOW | *-1.6.5 | 1.6.6 | July 3, 2026 | |
| form-maker | form-maker |
93
|
Form Maker by 10Web <= 1.15.29 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.15.29 | 1.15.30 | July 3, 2026 | |
| edd-google-sheet-connector-pro | edd-google-sheet-connector-pro |
93
|
Easy Digital Downloads Google Sheet Connector <= 1.6.6 - Cross-Site Request Forgery to Access Code Update | LOW | [*, 1.4) | 1.4 | July 3, 2026 | |
| easync-booking | easync-booking |
93
|
Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.14 - Cross-Site Request Forgery | LOW | *-1.3.14 | 1.3.15 | July 3, 2026 | |
| debug-bar-extender | debug-bar-extender |
91
|
Debug-Bar-Extender <= 0.5 - Reflected Cross-Site Scripting | LOW | *-0.5 | July 3, 2026 | ||
| Calculated Fields Form | calculated-fields-form |
70
|
Calculated Fields Form <= 5.2.63 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-5.2.63 | 5.2.64 | July 3, 2026 | |
| wp-posts-carousel | wp-posts-carousel | N/A | WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play_timeout Parameter | LOW | *-1.3.7 | 1.3.8 | July 3, 2026 | |
| woo-altcoin-payment-gateway | woo-altcoin-payment-gateway | N/A | Bitcoin / AltCoin Payment Gateway for WooCommerce <= 1.7.6 - Unauthenticated SQL Injection | LOW | *-1.7.6 | July 3, 2026 | ||
| secure-copy-content-protection | secure-copy-content-protection | N/A | Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function | LOW | *-4.4.7 | 4.4.8 | July 3, 2026 | |
| Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | bp-better-messages |
75
|
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | LOW | *-2.6.9 | 2.7.0 | July 3, 2026 | |
| Fluent Support – Helpdesk & Customer Support Ticket System | fluent-support |
79
|
Fluent Support – Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | LOW | *-1.8.5 | 1.8.6 | July 3, 2026 | |
| templatesnext-toolkit | templatesnext-toolkit | N/A | TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.2.9 | July 3, 2026 | ||
| sku-for-woocommerce | sku-for-woocommerce | N/A | SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting | LOW | *-1.6.2 | 1.6.3 | July 3, 2026 | |
| clicface-trombi | clicface-trombi |
91
|
Clicface Trombi <= 2.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via nom Parameter | LOW | *-2.08 | July 3, 2026 | ||
| currency-switcher-woocommerce | currency-switcher-woocommerce |
93
|
Currency Switcher for WooCommerce <= 2.16.2 - Reflected Cross-Site Scripting | LOW | *-2.16.2 | 2.16.3 | July 3, 2026 | |
| multilevel-referral-plugin-for-woocommerce | multilevel-referral-plugin-for-woocommerce |
93
|
Multilevel Referral Affiliate Plugin for WooCommerce <= 2.28 - Authenticated (Subscriber+) SQL Injection | LOW | *-2.28 | 2.28.1 | July 3, 2026 | |
| simplepress | simplepress | N/A | Simple:Press <= 6.10.12 - Cross-Site Request Forgery to Unauthorized Post Editing | LOW | *-6.10.12 | 6.10.13 | July 3, 2026 | |
| booking-calendar-and-notification | booking-calendar-and-notification |
87
|
Booking Calendar and Notification <= 4.0.3 - Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions | LOW | *-4.0.3 | July 3, 2026 | ||
| wc4bp | wc4bp | N/A | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update | LOW | *-3.4.24 | 3.4.25 | July 3, 2026 | |
| wc4bp | wc4bp | N/A | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update | LOW | *-3.4.25 | 3.4.26 | July 3, 2026 | |
| surveyjs | surveyjs | N/A | SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile | LOW | *-1.12.17 | 1.12.18 | July 3, 2026 | |
| Page Builder by SiteOrigin | siteorigin-panels |
86
|
Page Builder by SiteOrigin <= 2.31.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.31.4 | 2.31.5 | July 3, 2026 | |
| simple-download-counter | simple-download-counter | N/A | Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read | LOW | *-2.0 | 2.1 | July 3, 2026 | |
| setsail-membership | setsail-membership | N/A | SetSail Membership <= 1.0.3 - Authentication Bypass via Account Takeover | LOW | *-1.0.3 | 1.1 | July 3, 2026 | |
| pixelyoursite | pixelyoursite | N/A | PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 10.1.1.1 - Unauthenticated PHP Object Injection | LOW | 10.1.1.1 | 10.1.1.2 | July 3, 2026 | |
| new-album-gallery | new-album-gallery |
93
|
Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta | LOW | *-1.6.3 | 1.6.4 | July 3, 2026 | |
| Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | kadence-blocks |
91
|
Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' | LOW | *-3.4.9 | 3.4.10 | July 3, 2026 | |
| ip2location-redirection | ip2location-redirection |
93
|
IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export | LOW | *-1.33.3 | 1.33.4 | July 3, 2026 | |
| generateblocks | generateblocks |
93
|
GenerateBlocks <= 1.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via 'get_image_description' | LOW | *-1.9.1 | 2.0.0 | July 3, 2026 | |
| exertio-framework | exertio-framework |
91
|
Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update | LOW | *-1.3.1 | 1.3.2 | July 3, 2026 | |
| database-backup | database-backup |
93
|
Database Backup and check Tables Automated With Scheduler 2024 <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure | LOW | *-2.35 | 2.36 | July 3, 2026 | |
| database-backup | database-backup |
93
|
Database Backup and check Tables Automated With Scheduler 2024 <= 2.36 - Authenticated (Administrator+) Arbitrary File Deletion | LOW | *-2.36 | 2.37 | July 3, 2026 | |
| counter-box | counter-box |
93
|
Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting | LOW | *-2.0.6 | 2.0.7 | July 3, 2026 | |
| Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | bp-better-messages |
75
|
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links | LOW | *-2.7.4 | 2.7.5 | July 3, 2026 | |
| authors-list | authors-list |
91
|
Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution | LOW | *-2.0.6 | 2.0.6.1 | July 3, 2026 | |
| alloggio-membership | alloggio-membership |
97
|
Alloggio Membership <= 1.1 - Authentication Bypass via Social Login Account Takeover | LOW | *-1.1 | 1.2 | July 3, 2026 | |
| academist-membership | academist-membership |
97
|
Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover | LOW | *-1.1.6 | 1.2 | July 3, 2026 | |
| site-mailer | site-mailer | N/A | Site Mailer <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting | LOW | *-1.2.3 | 1.2.4 | July 3, 2026 | |
| secupress | secupress | N/A | SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode | LOW | *-2.2.5.3 | 2.3 | July 3, 2026 | |
| order-attachments-for-woocommerce | order-attachments-for-woocommerce |
91
|
Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | LOW | *-2.5.1 | July 3, 2026 | ||
| modal-portfolio | modal-portfolio |
91
|
Modal Portfolio <= 1.7.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.7.4.2 | July 3, 2026 | ||
| wc-tabs | wc-tabs | N/A | Tabs for WooCommerce <= 1.0.0 - Authentiated (Shop Manager+) PHP Object Injection in product_has_custom_tabs | LOW | *-1.0.0 | July 3, 2026 | ||
| url-media-uploader | url-media-uploader | N/A | URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding | LOW | *-1.0.0 | 1.0.1 | July 3, 2026 | |
| tablesearch | tablesearch | N/A | BuddyHolis TableSearch <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1.0 | July 3, 2026 | ||
| wow-entrance-effects-wee | wow-entrance-effects-wee | N/A | WOW Entrance Effects (WEE!) <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-0.1 | July 3, 2026 | ||
| pricingtable | pricingtable | N/A | Pricing Table by PickPlugins <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.12.10 | July 3, 2026 | ||
| fx-calculators | fx-calculators |
93
|
Forex Calculators <= 1.3.7 - Missing Authorization to Authenticated (Subscriber+) Settings Update | LOW | *-1.3.7 | 1.3.8 | July 3, 2026 | |
| whmpress | whmpress | N/A | WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update | LOW | * - 6.3-revision-0 | 6.3-revision-1 | July 3, 2026 | |
| ut-elementor-addons-lite | ut-elementor-addons-lite | N/A | Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure | LOW | *-1.1.8 | 1.1.9 | July 3, 2026 | |
| woocommerce-ultimate-gift-card | woocommerce-ultimate-gift-card | N/A | WooCommerce Ultimate Gift Card <= 2.9.2 - Unauthenticated Arbitrary File Upload | LOW | *-2.9.2 | 2.9.3 | July 3, 2026 | |
| kivicare-clinic-management-system | kivicare-clinic-management-system |
93
|
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated (Doctor+) SQL Injection via 'u_id' Parameter | LOW | *-3.6.7 | 3.6.8 | July 3, 2026 | |
| exclusive-addons-for-elementor | exclusive-addons-for-elementor |
93
|
Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets | LOW | *-2.7.6 | 2.7.7 | July 3, 2026 | |
| post-type-x | post-type-x | N/A | Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode | LOW | *-1.7.11 | 1.8.0 | July 3, 2026 | |
| User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | user-registration | N/A | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting | LOW | *-4.0.4 | 4.1.0 | July 3, 2026 | |
| google-distance-calculator | google-distance-calculator |
91
|
MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.1 | 3.1.1 | July 3, 2026 | |
| contest-gallery | contest-gallery |
93
|
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting | LOW | *-26.0.0.1 | 26.0.1 | July 3, 2026 | |
| wp-social | wp-social | N/A | Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update | LOW | *-3.1.0 | 3.1.1 | July 3, 2026 | |
| woocommerce-ajax-filters | woocommerce-ajax-filters | N/A | Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting | LOW | *-1.6.8.1 | 1.6.8.2 | July 3, 2026 | |
| ratemyagent-official | ratemyagent-official | N/A | RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update | LOW | *-1.4.0 | 1.5.0 | July 3, 2026 | |
| wpforo | wpforo | N/A | wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update | LOW | *-2.4.1 | 2.4.2 | July 3, 2026 | |
| WP Activity Log | wp-security-audit-log | N/A | WP Activity Log <= 5.3.2 - Authenticated (Admin+) PHP Object Injection | LOW | *-5.3.2 | 5.3.3 | July 3, 2026 | |
| woo-thank-you-page-nextmove-lite | woo-thank-you-page-nextmove-lite | N/A | NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission | LOW | *-2.19.0 | 2.20.0 | July 3, 2026 | |
| whmpress_client_area_api | whmpress_client_area_api | N/A | WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update | LOW | * - 4.3-revision-3 | July 3, 2026 | ||
| post-grid | post-grid | N/A | Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.6 - Unauthenticated User Information Exposure | LOW | *-2.3.6 | 2.3.7 | July 3, 2026 | |
| Gallery by FooGallery | foogallery |
82
|
FooGallery <= 2.4.29 - Reflected Cross-Site Scripting | LOW | *-2.4.29 | 2.4.30 | July 3, 2026 | |
| directorist | directorist |
93
|
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP | LOW | *-8.1 | 8.2 | July 3, 2026 | |
| dhvc-form | dhvc-form |
93
|
DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation | LOW | *-2.4.7 | 2.4.8 | July 3, 2026 | |
| card-elements-for-elementor | card-elements-for-elementor |
93
|
Card Elements for Elementor <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Profile Card Widget | LOW | *-1.2.6 | 1.2.7 | July 3, 2026 | |
| final-tiles-grid-gallery-lite | final-tiles-grid-gallery-lite |
93
|
Image Photo Gallery Final Tiles Grid <= 3.6.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | LOW | *-3.6.0 | 3.6.1 | July 3, 2026 | |
| Forminator Forms – Contact Form, Payment Form & Custom Form Builder | forminator |
92
|
Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | 1.39.2 | 1.39.3 | July 3, 2026 | |
| onestore-sites | onestore-sites |
89
|
OneStore Sites <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery | LOW | *-0.1.1 | July 3, 2026 | ||
| sakolawp-lite | sakolawp-lite | N/A | School Management System – SakolaWP <= 1.0.8 - Cross-Site Request Forgery to Exam Setting Manipulation | LOW | *-1.0.8 | July 3, 2026 | ||
| wp-programmmanager | wp-programmmanager | N/A | WP-PManager <= 1.2 - Reflected Cross-Site Scripting | LOW | *-1.2 | July 3, 2026 | ||
| tmm_stripe_checkout | tmm_stripe_checkout | N/A | ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.0.1 | 1.0.2 | July 3, 2026 | |
| tmm_paypal_checkout | tmm_paypal_checkout | N/A | ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.1.9 | 1.2.0 | July 3, 2026 | |
| templines-helper-core | templines-helper-core | N/A | Templines Elementor Helper Core <= 2.7 - Authenticated (Subscriber+) Privilege Escalation | LOW | *-2.7 | 2.8 | July 3, 2026 | |
| spotbot | spotbot | N/A | SpotBot <= 0.1.8 - Reflected Cross-Site Scripting | LOW | *-0.1.8 | July 3, 2026 | ||
| Site Reviews | site-reviews | N/A | Site Reviews <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting | LOW | *-7.2.4 | 7.2.5 | July 3, 2026 | |
| passbeemedia-web-push-notifications | passbeemedia-web-push-notifications | N/A | Passbeemedia Web Push Notification <= 1.0.0 - Reflected Cross-Site Scripting | LOW | *-1.0.0 | July 3, 2026 | ||
| ninja-page-categories-and-tags | ninja-page-categories-and-tags |
91
|
Ninja Pages <= 1.4.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.4.2 | July 3, 2026 | ||
| my-quota | my-quota |
91
|
My Quota <= 1.0.8 - Reflected Cross-Site Scripting | LOW | *-1.0.8 | July 3, 2026 | ||
| meintopf | meintopf |
91
|
mEintopf <= 0.2.1 - Reflected Cross-Site Scripting | LOW | *-0.2.1 | July 3, 2026 | ||
| login-me-now | login-me-now |
93
|
Login Me Now <= 1.7.2 - Authentication Bypass | LOW | *-1.7.2 | 1.7.3 | July 3, 2026 | |
| linkmyposts | linkmyposts |
91
|
Link My Posts <= 1.0 - Reflected Cross-Site Scripting | LOW | *-1.0 | July 3, 2026 |
aco-product-labels-for-woocommerce
aco-product-labels-for-woocommerce
wpantiddos
wpantiddos
wp-nested-pages
wp-nested-pages
wp-discord-post
wp-discord-post
Melapress File Monitor
website-file-changes-monitor
Melapress File Monitor
website-file-changes-monitor
wc-pre-order
wc-pre-order
social-pug
social-pug
sms-alert
sms-alert
random-image-selector
random-image-selector
powerpress
powerpress
pods
pods
photo-gallery
photo-gallery
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
ml-slider
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
ml-slider
memberspace
memberspace
gsheetconnector-easy-digital-downloads
gsheetconnector-easy-digital-downloads
form-maker
form-maker
edd-google-sheet-connector-pro
edd-google-sheet-connector-pro
easync-booking
easync-booking
debug-bar-extender
debug-bar-extender
Calculated Fields Form
calculated-fields-form
wp-posts-carousel
wp-posts-carousel
woo-altcoin-payment-gateway
woo-altcoin-payment-gateway
secure-copy-content-protection
secure-copy-content-protection
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages
bp-better-messages
Fluent Support – Helpdesk & Customer Support Ticket System
fluent-support
templatesnext-toolkit
templatesnext-toolkit
sku-for-woocommerce
sku-for-woocommerce
clicface-trombi
clicface-trombi
currency-switcher-woocommerce
currency-switcher-woocommerce
multilevel-referral-plugin-for-woocommerce
multilevel-referral-plugin-for-woocommerce
simplepress
simplepress
booking-calendar-and-notification
booking-calendar-and-notification
wc4bp
wc4bp
wc4bp
wc4bp
surveyjs
surveyjs
Page Builder by SiteOrigin
siteorigin-panels
simple-download-counter
simple-download-counter
setsail-membership
setsail-membership
pixelyoursite
pixelyoursite
new-album-gallery
new-album-gallery
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
kadence-blocks
ip2location-redirection
ip2location-redirection
generateblocks
generateblocks
exertio-framework
exertio-framework
database-backup
database-backup
database-backup
database-backup
counter-box
counter-box
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages
bp-better-messages
authors-list
authors-list
alloggio-membership
alloggio-membership
academist-membership
academist-membership
site-mailer
site-mailer
secupress
secupress
order-attachments-for-woocommerce
order-attachments-for-woocommerce
modal-portfolio
modal-portfolio
wc-tabs
wc-tabs
url-media-uploader
url-media-uploader
tablesearch
tablesearch
wow-entrance-effects-wee
wow-entrance-effects-wee
pricingtable
pricingtable
fx-calculators
fx-calculators
whmpress
whmpress
ut-elementor-addons-lite
ut-elementor-addons-lite
woocommerce-ultimate-gift-card
woocommerce-ultimate-gift-card
kivicare-clinic-management-system
kivicare-clinic-management-system
exclusive-addons-for-elementor
exclusive-addons-for-elementor
post-type-x
post-type-x
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
user-registration
google-distance-calculator
google-distance-calculator
contest-gallery
contest-gallery
wp-social
wp-social
woocommerce-ajax-filters
woocommerce-ajax-filters
ratemyagent-official
ratemyagent-official
wpforo
wpforo
WP Activity Log
wp-security-audit-log
woo-thank-you-page-nextmove-lite
woo-thank-you-page-nextmove-lite
whmpress_client_area_api
whmpress_client_area_api
post-grid
post-grid
Gallery by FooGallery
foogallery
directorist
directorist
dhvc-form
dhvc-form
card-elements-for-elementor
card-elements-for-elementor
final-tiles-grid-gallery-lite
final-tiles-grid-gallery-lite
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
forminator
onestore-sites
onestore-sites
sakolawp-lite
sakolawp-lite
wp-programmmanager
wp-programmmanager
tmm_stripe_checkout
tmm_stripe_checkout
tmm_paypal_checkout
tmm_paypal_checkout
templines-helper-core
templines-helper-core
spotbot
spotbot
Site Reviews
site-reviews
passbeemedia-web-push-notifications
passbeemedia-web-push-notifications
ninja-page-categories-and-tags
ninja-page-categories-and-tags
my-quota
my-quota
meintopf
meintopf
login-me-now
login-me-now
linkmyposts
linkmyposts
Showing 11601 to 11700 of 36406 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 3, 2026 at 08:11 UTC.