Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
jeg-elementor-kit jeg-elementor-kit
93
Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas LOW *-2.6.11 2.6.12 July 3, 2026
Events Manager – Calendar, Bookings, Tickets, and more! events-manager
78
Events Manager – Calendar, Bookings, Tickets, and more! <= 6.6.4.1 - Missing Authorization LOW *-6.6.4.1 6.6.4.2 July 3, 2026
download-html-tinymce-button download-html-tinymce-button
91
Download HTML TinyMCE Button <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 3, 2026
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty chaty
88
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty <= 3.3.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting LOW *-3.3.5 3.3.6 July 3, 2026
buddyboss-platform buddyboss-platform
93
BuddyBoss Platform <= 2.7.70 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'link_title' LOW *-2.7.70 2.8.00 July 3, 2026
boldgrid-backup boldgrid-backup
93
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.8 - Authenticated (Administrator+) Server-Side Request Forgery LOW *-1.16.8 1.16.9 July 3, 2026
admin-menu-manager admin-menu-manager
95
Admin Menu Manager <= 1.0.3 - Cross-Site Request Forgery LOW *-1.0.3 July 3, 2026
quiz-organizer quiz-organizer N/A Quiz Organizer <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.9.1 July 3, 2026
subscriptions-memberships-for-paypal subscriptions-memberships-for-paypal N/A Subscriptions & Memberships for PayPal <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion LOW *-1.1.6 1.1.7 July 3, 2026
sina-extension-for-elementor sina-extension-for-elementor N/A Sina Extension for Elementor <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes LOW *-3.6.0 3.6.1 July 3, 2026
suremembers suremembers N/A SureMembers <= 1.10.6 - Sensitive Information Exposure LOW *-1.10.6 1.10.7 July 3, 2026
social-share-and-social-locker-arsocial social-share-and-social-locker-arsocial N/A Social Share And Social Locker – ARSocial <= 1.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.4.1 1.4.2 July 3, 2026
instagram-slider-widget instagram-slider-widget
93
Social Slider Feed <= 2.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.2.8 2.2.9 July 3, 2026
essential-blocks essential-blocks
93
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.2.3 5.3.0 July 3, 2026
yawave yawave N/A Yawave <= 2.9.1 - Unauthenticated SQL Injection LOW *-2.9.1 July 3, 2026
wumii-related-posts wumii-related-posts N/A 无觅相关文章插件 <= 1.0.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.5.7 July 3, 2026
wp-video-posts wp-video-posts N/A WP Video Posts <= 3.5.1 - Cross-Site Request Forgery to Remote Code Execution LOW *-3.5.1 July 3, 2026
wp-tarteaucitron-js-self-hosted wp-tarteaucitron-js-self-hosted N/A WP tarteaucitron.js Self Hosted <= 1.2.4 - Running a Vulnerable Dependency LOW *-1.2.4 July 3, 2026
wp-social-seo-booster wp-social-seo-booster N/A WP Social SEO Booster – Knowledge Graph Social Signals SEO <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.0 July 3, 2026
wp-sitemap wp-sitemap N/A WP Sitemap <= 1.0 - Authenticated (Contributor+) SQL Injection LOW *-1.0 July 3, 2026
wp-postratings-cheater wp-postratings-cheater N/A WP-PostRatings Cheater <= 1.5 - Cross-Site Request Forgery LOW *-1.5 July 3, 2026
wp-image-compression wp-image-compression N/A JPG, PNG Compression and Optimization <= 1.7.35 - Cross-Site Request Forgery LOW *-1.7.35 July 3, 2026
Iptanus File Upload wp-file-upload
76
WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details LOW *-4.25.2 4.25.3 July 3, 2026
wp-asambleas wp-asambleas N/A WP-Asambleas <= 2.85.0 - Unauthenticated Arbitrary Shortcode Execution LOW *-2.85.0 July 3, 2026
wp-about-author wp-about-author N/A WP About Author <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5 1.6 July 3, 2026
woocommerce-display-products-by-tags woocommerce-display-products-by-tags N/A WooCommerce Display Products by Tags <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 3, 2026
woo-recargo-de-equivalencia woo-recargo-de-equivalencia N/A WooCommerce Recargo de Equivalencia <= 1.6.24 - Cross-Site Request Forgery LOW *-1.6.24 July 3, 2026
woo-direct-checkout-button woo-direct-checkout-button N/A Direct Checkout Button for WooCommerce <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
viperbar viperbar N/A ViperBar <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 3, 2026
videojs-hls-player videojs-hls-player N/A Video.js HLS Player <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 3, 2026
vg-postcarousel vg-postcarousel N/A VG PostCarousel <= 1.1 - Authenticated (Contributor+) Local File Inclusion LOW *-1.1 July 3, 2026
table-of-contents table-of-contents N/A Table of Contents Block <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 3, 2026
svg-support svg-support N/A SVG Support <= 2.5.8 - Stored Cross-Site Scripting via Vulnerability Dependency LOW *-2.5.8 2.5.9 July 3, 2026
sticky-header-on-scroll sticky-header-on-scroll N/A Sticky Header On Scroll <= 1.0 - Missing Authorization LOW *-1.0 July 3, 2026
srs-player srs-player N/A Live Streaming Video Player – by SRS Player <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.18 July 3, 2026
smart-maintenance-countdown smart-maintenance-countdown N/A Smart Maintenance & Countdown <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 3, 2026
simple-google-sitemap simple-google-sitemap N/A Simple Google Sitemap <= 1.6 - Cross-Site Request Forgery LOW *-1.6 July 3, 2026
revenueflex-easy-ads revenueflex-easy-ads N/A Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue <= 1.5 - Missing Authorization to Authenticated (Editor+) Settings Update LOW *-1.5 1.5.1 July 3, 2026
reactive-mortgage-calculator reactive-mortgage-calculator N/A Reactive Mortgage Calculator <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 3, 2026
rays-grid rays-grid N/A RAYS Grid <= 1.3.1 - Cross-Site Request Forgery LOW *-1.3.1 July 3, 2026
quotes-llama quotes-llama N/A Quotes llama <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.1 3.0.2 July 3, 2026
profile-widget-ninja profile-widget-ninja N/A Profile Widget Ninja <= 4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.3 July 3, 2026
private-content private-content N/A Private Content <= 8.11.5 - Unauthenticated Privilege Escalation via Account Takeover LOW *-8.11.5 July 3, 2026
private-content private-content N/A Private Content <= 8.11.5 - Authenticated (Subscriber+) SQL Injection LOW *-8.11.5 July 3, 2026
private-content private-content N/A Private Content <= 8.11.5 - Missing Authorization LOW *-8.11.5 July 3, 2026
private-content private-content N/A Private Content <= 8.11.5 - Reflected Cross-Site Scripting LOW *-8.11.5 July 3, 2026
playerjs playerjs N/A PlayerJS <= 2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.23 2.24 July 3, 2026
piwigopress piwigopress N/A PiwigoPress <= 2.33 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.33 2.34 July 3, 2026
pie-register-premium pie-register-premium N/A Pie Register Premium <= 3.8.3.2 - Authenticated (Subscriber+) Limited File Deletion LOW *-3.8.3.2 3.8.3.3 July 3, 2026
pie-register-premium pie-register-premium N/A Pie Register Premium <= 3.8.3.2 - Missing Authorization LOW *-3.8.3.2 3.8.3.3 July 3, 2026
photo-gallery-pearlbells photo-gallery-pearlbells N/A Photo Gallery ( Responsive ) <= 4.0 - Cross-Site Request Forgery to Privilege Escalation LOW *-4.0 July 3, 2026
pathomation pathomation N/A Pathomation <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.1 July 3, 2026
onceki-yazi-linki onceki-yazi-linki
91
Önceki Yazı Link <= 1.3 - Cross-Site Request Forgery LOW *-1.3 July 3, 2026
ohio-extra ohio-extra
91
Ohio Extra <= 3.4.7 - Unauthenticated Arbitrary Shortcode Execution LOW *-3.4.7 July 3, 2026
nurelm-get-posts nurelm-get-posts
91
Get Posts <= 0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.6 July 3, 2026
nhrrob-options-table-manager nhrrob-options-table-manager
93
NHR Options Table Manager <= 1.1.2 - Authenticated (Admin+) PHP Object Injection LOW *-1.1.2 1.1.3 July 3, 2026
namaste-lms namaste-lms
91
Namaste! LMS <= 2.6.5 - Cross-Site Request Forgery LOW *-2.6.5 July 3, 2026
minimum-password-strength minimum-password-strength
91
Minimum Password Strength <= 1.2.0 - Cross-Site Request Forgery LOW *-1.2.0 July 3, 2026
loi-hamon loi-hamon
91
Woocommerce – Loi Hamon <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.0 July 3, 2026
local-search-seo-contact-page local-search-seo-contact-page
91
Local Search SEO Contact Page <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.0.1 July 3, 2026
list-related-attachments-widget list-related-attachments-widget
91
List Related Attachments <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.6 July 3, 2026
linkpreview linkpreview
91
Phee's LinkPreview <= 1.6.7 - Cross-Site Request Forgery LOW *-1.6.7 July 3, 2026
just-wp-variables just-wp-variables
91
Just Variables <= 1.2.3 - Cross-Site Request Forgery LOW *-1.2.3 July 3, 2026
inlinkz-scripter inlinkz-scripter
91
EZ InLinkz linkup <= 0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.18 July 3, 2026
ibtana-visual-editor ibtana-visual-editor
91
Ibtana <= 1.2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.4.9 July 3, 2026
hover-image-button hover-image-button
91
Hover Image Button <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.2 July 3, 2026
google-maps-for-wordpress google-maps-for-wordpress
91
Google Maps for WordPress <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.3 July 3, 2026
fs-poster fs-poster
93
FS Poster <= 6.5.8 - Authenticated (Subscriber+) SQL Injection LOW *-6.5.8 6.5.9 July 3, 2026
fresh-framework fresh-framework
89
Fresh Framework <= 1.70.0 - Missing Authorization LOW *-1.70.0 July 3, 2026
fresh-framework fresh-framework
89
Fresh Framework <= 1.70.0 - Unauthenticated Remote Code Execution LOW *-1.70.0 July 3, 2026
f12-profiler f12-profiler
93
F12-Profiler <= 1.3.9 - Cross-Site Request Forgery LOW *-1.3.9 1.4.0 July 3, 2026
erima-zarinpal-donate erima-zarinpal-donate
91
Erima Zarinpal Donate <= 1.0 - Cross-Site Request Forgery LOW *-1.0 July 3, 2026
Elementor Website Builder – more than just a page builder elementor
79
Elementor Website Builder <= 3.25.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.25.10 3.25.11 July 3, 2026
defend-wp-firewall defend-wp-firewall
93
DefendWP Firewall <= 1.1.0 - Missing Authorization LOW *-1.1.0 1.1.1 July 3, 2026
contact-form-7-star-rating-with-font-awersome contact-form-7-star-rating-with-font-awersome
91
Contact Form 7 Star Rating with font Awesome <= 1.3 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.3 July 3, 2026
contact-form-7-star-rating contact-form-7-star-rating
91
Contact Form 7 Star Rating <= 1.10 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.10 July 3, 2026
classified-listing classified-listing
93
Classified Listing – Classified ads & Business Directory Plugin <= 4.0.4 - Unauthenticated Settings Exposure LOW *-4.0.4 4.0.5 July 3, 2026
bulk-content-creator bulk-content-creator
91
Bulk Content Creator <= 1.2.1 - Cross-Site Request Forgery LOW *-1.2.1 July 3, 2026
bravo-search-and-replace bravo-search-and-replace
91
Bravo Search & Replace <= 1.0 - Authenticated (Administrator+) SQL Injection LOW *-1.0 July 3, 2026
booknetic booknetic
91
Booknetic <= 4.0.9 - Cross-Site Request Forgery LOW *-4.0.9 July 3, 2026
blighty-explorer blighty-explorer
91
Blightly Explorer <= 2.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.3.0 July 3, 2026
auto-tag-links auto-tag-links
91
Auto Tag Links <= 1.0.13 - Cross-Site Request Forgery LOW *-1.0.13 July 3, 2026
ark-core ark-core
97
Ark Theme Core <= 1.70.0 - Unauthenticated Remote Code Execution LOW *-1.70.0 1.71.0 July 3, 2026
archive-page archive-page
97
Archive Page <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 1.0.3 July 3, 2026
animated-text-block animated-text-block
97
Animated Text Block <= 1.0.7 - Missing Authorization LOW *-1.0.7 1.0.8 July 3, 2026
all-in-one-cufon all-in-one-cufon
95
All-In-One Cufon <= 1.3.0 - Cross-Site Request Forgery LOW *-1.3.0 July 3, 2026
Advanced Google reCAPTCHA advanced-google-recaptcha
89
Advanced Google reCaptcha <= 1.27 - Built-in Math CAPTCHA Bypass LOW *-1.27 1.28 July 3, 2026
admin-form admin-form
95
ADFO – Custom data in admin dashboard <= 1.9.1 - Authenticated (Admin+) PHP Object Injection LOW *-1.9.1 July 3, 2026
add-linked-images-to-gallery-v01 add-linked-images-to-gallery-v01
95
Add Linked Images To Gallery <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4 July 3, 2026
wpo365-msgraphmailer wpo365-msgraphmailer N/A WPO365 | MICROSOFT 365 GRAPH MAILER <= 3.2 - Open Redirect via 'redirect_to' Parameter LOW *-3.2 3.3 July 3, 2026
zigaform-calculator-cost-estimation-form-builder-lite zigaform-calculator-cost-estimation-form-builder-lite N/A Zigaform – Price Calculator & Cost Estimation Form Builder Lite <= 7.4.2 - Unauthenticated Stored Cross-Site Scripting LOW *-7.4.2 7.4.3 July 3, 2026
wptemplata wptemplata N/A WP Templata <= 1.0.7 - Reflected Cross-Site Scripting LOW *-1.0.7 1.0.8 July 3, 2026
wppizza wppizza N/A WPPizza <= 3.19.4 - Reflected Cross-Site Scripting LOW *-3.19.4 3.19.5 July 3, 2026
wp-yelp-review-slider wp-yelp-review-slider N/A WP Yelp Review Slider <= 8.1 - Authenticated (Administrator+) SQL Injection LOW *-8.1 8.2 July 3, 2026
wp-responsive-slab-text wp-responsive-slab-text N/A WP Responsive Auto Fit Text <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.2 0.3 July 3, 2026
wp-multi-store-locator wp-multi-store-locator N/A WP Multistore Locator <= 2.5.1 - Unauthenticated SQL Injection LOW *-2.5.1 2.5.2 July 3, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion LOW *-2.2.8 2.2.9 July 3, 2026
wp-event-solution wp-event-solution N/A Eventin <= 4.0.20 - Authenticated (Contributor+) Local File Inclusion LOW *-4.0.20 4.0.21 July 3, 2026
wishlist wishlist N/A Wishlist <= 1.0.41 - Authenticated (Contributor+) SQL Injection LOW *-1.0.41 1.0.42 July 3, 2026
wired-impact-volunteer-management wired-impact-volunteer-management N/A Wired Impact Volunteer Management <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5 2.5.1 July 3, 2026
LOW

jeg-elementor-kit

jeg-elementor-kit

Score: 93/100 Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas Affected: *-2.6.11 Patched: 2.6.12 Updated: July 3, 2026
LOW

download-html-tinymce-button

download-html-tinymce-button

Score: 91/100 Download HTML TinyMCE Button <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

buddyboss-platform

buddyboss-platform

Score: 93/100 BuddyBoss Platform <= 2.7.70 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'link_title' Affected: *-2.7.70 Patched: 2.8.00 Updated: July 3, 2026
LOW

boldgrid-backup

boldgrid-backup

Score: 93/100 Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.8 - Authenticated (Administrator+) Server-Side Request Forgery Affected: *-1.16.8 Patched: 1.16.9 Updated: July 3, 2026
LOW

admin-menu-manager

admin-menu-manager

Score: 95/100 Admin Menu Manager <= 1.0.3 - Cross-Site Request Forgery Affected: *-1.0.3 Patched: Updated: July 3, 2026
LOW

quiz-organizer

quiz-organizer

Score: N/A Quiz Organizer <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.9.1 Patched: Updated: July 3, 2026
LOW

subscriptions-memberships-for-paypal

subscriptions-memberships-for-paypal

Score: N/A Subscriptions & Memberships for PayPal <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion Affected: *-1.1.6 Patched: 1.1.7 Updated: July 3, 2026
LOW

sina-extension-for-elementor

sina-extension-for-elementor

Score: N/A Sina Extension for Elementor <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes Affected: *-3.6.0 Patched: 3.6.1 Updated: July 3, 2026
LOW

suremembers

suremembers

Score: N/A SureMembers <= 1.10.6 - Sensitive Information Exposure Affected: *-1.10.6 Patched: 1.10.7 Updated: July 3, 2026
LOW

social-share-and-social-locker-arsocial

social-share-and-social-locker-arsocial

Score: N/A Social Share And Social Locker – ARSocial <= 1.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: 1.4.2 Updated: July 3, 2026
LOW

instagram-slider-widget

instagram-slider-widget

Score: 93/100 Social Slider Feed <= 2.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.8 Patched: 2.2.9 Updated: July 3, 2026
LOW

essential-blocks

essential-blocks

Score: 93/100 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.2.3 Patched: 5.3.0 Updated: July 3, 2026
LOW

yawave

yawave

Score: N/A Yawave <= 2.9.1 - Unauthenticated SQL Injection Affected: *-2.9.1 Patched: Updated: July 3, 2026
LOW

wumii-related-posts

wumii-related-posts

Score: N/A 无觅相关文章插件 <= 1.0.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.5.7 Patched: Updated: July 3, 2026
LOW

wp-video-posts

wp-video-posts

Score: N/A WP Video Posts <= 3.5.1 - Cross-Site Request Forgery to Remote Code Execution Affected: *-3.5.1 Patched: Updated: July 3, 2026
LOW

wp-tarteaucitron-js-self-hosted

wp-tarteaucitron-js-self-hosted

Score: N/A WP tarteaucitron.js Self Hosted <= 1.2.4 - Running a Vulnerable Dependency Affected: *-1.2.4 Patched: Updated: July 3, 2026
LOW

wp-social-seo-booster

wp-social-seo-booster

Score: N/A WP Social SEO Booster – Knowledge Graph Social Signals SEO <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 3, 2026
LOW

wp-sitemap

wp-sitemap

Score: N/A WP Sitemap <= 1.0 - Authenticated (Contributor+) SQL Injection Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

wp-postratings-cheater

wp-postratings-cheater

Score: N/A WP-PostRatings Cheater <= 1.5 - Cross-Site Request Forgery Affected: *-1.5 Patched: Updated: July 3, 2026
LOW

wp-image-compression

wp-image-compression

Score: N/A JPG, PNG Compression and Optimization <= 1.7.35 - Cross-Site Request Forgery Affected: *-1.7.35 Patched: Updated: July 3, 2026
LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details Affected: *-4.25.2 Patched: 4.25.3 Updated: July 3, 2026
LOW

wp-asambleas

wp-asambleas

Score: N/A WP-Asambleas <= 2.85.0 - Unauthenticated Arbitrary Shortcode Execution Affected: *-2.85.0 Patched: Updated: July 3, 2026
LOW

wp-about-author

wp-about-author

Score: N/A WP About Author <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5 Patched: 1.6 Updated: July 3, 2026
LOW

woocommerce-display-products-by-tags

woocommerce-display-products-by-tags

Score: N/A WooCommerce Display Products by Tags <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

woo-recargo-de-equivalencia

woo-recargo-de-equivalencia

Score: N/A WooCommerce Recargo de Equivalencia <= 1.6.24 - Cross-Site Request Forgery Affected: *-1.6.24 Patched: Updated: July 3, 2026
LOW

woo-direct-checkout-button

woo-direct-checkout-button

Score: N/A Direct Checkout Button for WooCommerce <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

viperbar

viperbar

Score: N/A ViperBar <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 3, 2026
LOW

videojs-hls-player

videojs-hls-player

Score: N/A Video.js HLS Player <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

vg-postcarousel

vg-postcarousel

Score: N/A VG PostCarousel <= 1.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

table-of-contents

table-of-contents

Score: N/A Table of Contents Block <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

svg-support

svg-support

Score: N/A SVG Support <= 2.5.8 - Stored Cross-Site Scripting via Vulnerability Dependency Affected: *-2.5.8 Patched: 2.5.9 Updated: July 3, 2026
LOW

sticky-header-on-scroll

sticky-header-on-scroll

Score: N/A Sticky Header On Scroll <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

srs-player

srs-player

Score: N/A Live Streaming Video Player – by SRS Player <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.18 Patched: Updated: July 3, 2026
LOW

smart-maintenance-countdown

smart-maintenance-countdown

Score: N/A Smart Maintenance & Countdown <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

simple-google-sitemap

simple-google-sitemap

Score: N/A Simple Google Sitemap <= 1.6 - Cross-Site Request Forgery Affected: *-1.6 Patched: Updated: July 3, 2026
LOW

revenueflex-easy-ads

revenueflex-easy-ads

Score: N/A Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue <= 1.5 - Missing Authorization to Authenticated (Editor+) Settings Update Affected: *-1.5 Patched: 1.5.1 Updated: July 3, 2026
LOW

reactive-mortgage-calculator

reactive-mortgage-calculator

Score: N/A Reactive Mortgage Calculator <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

rays-grid

rays-grid

Score: N/A RAYS Grid <= 1.3.1 - Cross-Site Request Forgery Affected: *-1.3.1 Patched: Updated: July 3, 2026
LOW

quotes-llama

quotes-llama

Score: N/A Quotes llama <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.1 Patched: 3.0.2 Updated: July 3, 2026
LOW

profile-widget-ninja

profile-widget-ninja

Score: N/A Profile Widget Ninja <= 4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.3 Patched: Updated: July 3, 2026
LOW

private-content

private-content

Score: N/A Private Content <= 8.11.5 - Unauthenticated Privilege Escalation via Account Takeover Affected: *-8.11.5 Patched: Updated: July 3, 2026
LOW

private-content

private-content

Score: N/A Private Content <= 8.11.5 - Authenticated (Subscriber+) SQL Injection Affected: *-8.11.5 Patched: Updated: July 3, 2026
LOW

private-content

private-content

Score: N/A Private Content <= 8.11.5 - Missing Authorization Affected: *-8.11.5 Patched: Updated: July 3, 2026
LOW

private-content

private-content

Score: N/A Private Content <= 8.11.5 - Reflected Cross-Site Scripting Affected: *-8.11.5 Patched: Updated: July 3, 2026
LOW

playerjs

playerjs

Score: N/A PlayerJS <= 2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.23 Patched: 2.24 Updated: July 3, 2026
LOW

piwigopress

piwigopress

Score: N/A PiwigoPress <= 2.33 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.33 Patched: 2.34 Updated: July 3, 2026
LOW

pie-register-premium

pie-register-premium

Score: N/A Pie Register Premium <= 3.8.3.2 - Authenticated (Subscriber+) Limited File Deletion Affected: *-3.8.3.2 Patched: 3.8.3.3 Updated: July 3, 2026
LOW

pie-register-premium

pie-register-premium

Score: N/A Pie Register Premium <= 3.8.3.2 - Missing Authorization Affected: *-3.8.3.2 Patched: 3.8.3.3 Updated: July 3, 2026
LOW

photo-gallery-pearlbells

photo-gallery-pearlbells

Score: N/A Photo Gallery ( Responsive ) <= 4.0 - Cross-Site Request Forgery to Privilege Escalation Affected: *-4.0 Patched: Updated: July 3, 2026
LOW

pathomation

pathomation

Score: N/A Pathomation <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.1 Patched: Updated: July 3, 2026
LOW

onceki-yazi-linki

onceki-yazi-linki

Score: 91/100 Önceki Yazı Link <= 1.3 - Cross-Site Request Forgery Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

ohio-extra

ohio-extra

Score: 91/100 Ohio Extra <= 3.4.7 - Unauthenticated Arbitrary Shortcode Execution Affected: *-3.4.7 Patched: Updated: July 3, 2026
LOW

nurelm-get-posts

nurelm-get-posts

Score: 91/100 Get Posts <= 0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.6 Patched: Updated: July 3, 2026
LOW

nhrrob-options-table-manager

nhrrob-options-table-manager

Score: 93/100 NHR Options Table Manager <= 1.1.2 - Authenticated (Admin+) PHP Object Injection Affected: *-1.1.2 Patched: 1.1.3 Updated: July 3, 2026
LOW

namaste-lms

namaste-lms

Score: 91/100 Namaste! LMS <= 2.6.5 - Cross-Site Request Forgery Affected: *-2.6.5 Patched: Updated: July 3, 2026
LOW

minimum-password-strength

minimum-password-strength

Score: 91/100 Minimum Password Strength <= 1.2.0 - Cross-Site Request Forgery Affected: *-1.2.0 Patched: Updated: July 3, 2026
LOW

loi-hamon

loi-hamon

Score: 91/100 Woocommerce – Loi Hamon <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 3, 2026
LOW

local-search-seo-contact-page

local-search-seo-contact-page

Score: 91/100 Local Search SEO Contact Page <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.1 Patched: Updated: July 3, 2026
LOW

list-related-attachments-widget

list-related-attachments-widget

Score: 91/100 List Related Attachments <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: Updated: July 3, 2026
LOW

linkpreview

linkpreview

Score: 91/100 Phee's LinkPreview <= 1.6.7 - Cross-Site Request Forgery Affected: *-1.6.7 Patched: Updated: July 3, 2026
LOW

just-wp-variables

just-wp-variables

Score: 91/100 Just Variables <= 1.2.3 - Cross-Site Request Forgery Affected: *-1.2.3 Patched: Updated: July 3, 2026
LOW

inlinkz-scripter

inlinkz-scripter

Score: 91/100 EZ InLinkz linkup <= 0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.18 Patched: Updated: July 3, 2026
LOW

ibtana-visual-editor

ibtana-visual-editor

Score: 91/100 Ibtana <= 1.2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.4.9 Patched: Updated: July 3, 2026
LOW

hover-image-button

hover-image-button

Score: 91/100 Hover Image Button <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 3, 2026
LOW

google-maps-for-wordpress

google-maps-for-wordpress

Score: 91/100 Google Maps for WordPress <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 3, 2026
LOW

fs-poster

fs-poster

Score: 93/100 FS Poster <= 6.5.8 - Authenticated (Subscriber+) SQL Injection Affected: *-6.5.8 Patched: 6.5.9 Updated: July 3, 2026
LOW

fresh-framework

fresh-framework

Score: 89/100 Fresh Framework <= 1.70.0 - Missing Authorization Affected: *-1.70.0 Patched: Updated: July 3, 2026
LOW

fresh-framework

fresh-framework

Score: 89/100 Fresh Framework <= 1.70.0 - Unauthenticated Remote Code Execution Affected: *-1.70.0 Patched: Updated: July 3, 2026
LOW

f12-profiler

f12-profiler

Score: 93/100 F12-Profiler <= 1.3.9 - Cross-Site Request Forgery Affected: *-1.3.9 Patched: 1.4.0 Updated: July 3, 2026
LOW

erima-zarinpal-donate

erima-zarinpal-donate

Score: 91/100 Erima Zarinpal Donate <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

defend-wp-firewall

defend-wp-firewall

Score: 93/100 DefendWP Firewall <= 1.1.0 - Missing Authorization Affected: *-1.1.0 Patched: 1.1.1 Updated: July 3, 2026
LOW

contact-form-7-star-rating-with-font-awersome

contact-form-7-star-rating-with-font-awersome

Score: 91/100 Contact Form 7 Star Rating with font Awesome <= 1.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

contact-form-7-star-rating

contact-form-7-star-rating

Score: 91/100 Contact Form 7 Star Rating <= 1.10 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.10 Patched: Updated: July 3, 2026
LOW

classified-listing

classified-listing

Score: 93/100 Classified Listing – Classified ads & Business Directory Plugin <= 4.0.4 - Unauthenticated Settings Exposure Affected: *-4.0.4 Patched: 4.0.5 Updated: July 3, 2026
LOW

bulk-content-creator

bulk-content-creator

Score: 91/100 Bulk Content Creator <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: Updated: July 3, 2026
LOW

bravo-search-and-replace

bravo-search-and-replace

Score: 91/100 Bravo Search & Replace <= 1.0 - Authenticated (Administrator+) SQL Injection Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

booknetic

booknetic

Score: 91/100 Booknetic <= 4.0.9 - Cross-Site Request Forgery Affected: *-4.0.9 Patched: Updated: July 3, 2026
LOW

blighty-explorer

blighty-explorer

Score: 91/100 Blightly Explorer <= 2.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.3.0 Patched: Updated: July 3, 2026
LOW

auto-tag-links

auto-tag-links

Score: 91/100 Auto Tag Links <= 1.0.13 - Cross-Site Request Forgery Affected: *-1.0.13 Patched: Updated: July 3, 2026
LOW

ark-core

ark-core

Score: 97/100 Ark Theme Core <= 1.70.0 - Unauthenticated Remote Code Execution Affected: *-1.70.0 Patched: 1.71.0 Updated: July 3, 2026
LOW

archive-page

archive-page

Score: 97/100 Archive Page <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: 1.0.3 Updated: July 3, 2026
LOW

animated-text-block

animated-text-block

Score: 97/100 Animated Text Block <= 1.0.7 - Missing Authorization Affected: *-1.0.7 Patched: 1.0.8 Updated: July 3, 2026
LOW

all-in-one-cufon

all-in-one-cufon

Score: 95/100 All-In-One Cufon <= 1.3.0 - Cross-Site Request Forgery Affected: *-1.3.0 Patched: Updated: July 3, 2026
LOW

Advanced Google reCAPTCHA

advanced-google-recaptcha

Score: 89/100 Advanced Google reCaptcha <= 1.27 - Built-in Math CAPTCHA Bypass Affected: *-1.27 Patched: 1.28 Updated: July 3, 2026
LOW

admin-form

admin-form

Score: 95/100 ADFO – Custom data in admin dashboard <= 1.9.1 - Authenticated (Admin+) PHP Object Injection Affected: *-1.9.1 Patched: Updated: July 3, 2026
LOW

add-linked-images-to-gallery-v01

add-linked-images-to-gallery-v01

Score: 95/100 Add Linked Images To Gallery <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 3, 2026
LOW

wpo365-msgraphmailer

wpo365-msgraphmailer

Score: N/A WPO365 | MICROSOFT 365 GRAPH MAILER <= 3.2 - Open Redirect via 'redirect_to' Parameter Affected: *-3.2 Patched: 3.3 Updated: July 3, 2026
LOW

zigaform-calculator-cost-estimation-form-builder-lite

zigaform-calculator-cost-estimation-form-builder-lite

Score: N/A Zigaform – Price Calculator & Cost Estimation Form Builder Lite <= 7.4.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-7.4.2 Patched: 7.4.3 Updated: July 3, 2026
LOW

wptemplata

wptemplata

Score: N/A WP Templata <= 1.0.7 - Reflected Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: July 3, 2026
LOW

wppizza

wppizza

Score: N/A WPPizza <= 3.19.4 - Reflected Cross-Site Scripting Affected: *-3.19.4 Patched: 3.19.5 Updated: July 3, 2026
LOW

wp-yelp-review-slider

wp-yelp-review-slider

Score: N/A WP Yelp Review Slider <= 8.1 - Authenticated (Administrator+) SQL Injection Affected: *-8.1 Patched: 8.2 Updated: July 3, 2026
LOW

wp-responsive-slab-text

wp-responsive-slab-text

Score: N/A WP Responsive Auto Fit Text <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2 Patched: 0.3 Updated: July 3, 2026
LOW

wp-multi-store-locator

wp-multi-store-locator

Score: N/A WP Multistore Locator <= 2.5.1 - Unauthenticated SQL Injection Affected: *-2.5.1 Patched: 2.5.2 Updated: July 3, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.8 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.2.8 Patched: 2.2.9 Updated: July 3, 2026
LOW

wp-event-solution

wp-event-solution

Score: N/A Eventin <= 4.0.20 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.0.20 Patched: 4.0.21 Updated: July 3, 2026
LOW

wishlist

wishlist

Score: N/A Wishlist <= 1.0.41 - Authenticated (Contributor+) SQL Injection Affected: *-1.0.41 Patched: 1.0.42 Updated: July 3, 2026
LOW

wired-impact-volunteer-management

wired-impact-volunteer-management

Score: N/A Wired Impact Volunteer Management <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5 Patched: 2.5.1 Updated: July 3, 2026

Showing 11701 to 11800 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 09:17 UTC.