Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

90

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wc-place-order-without-payment wc-place-order-without-payment N/A WC Place Order Without Payment <= 2.6.7 - Unauthenticated Local File Inclusion LOW *-2.6.7 2.6.8 July 3, 2026
wc-order-limit-lite wc-order-limit-lite N/A Order Limit for WooCommerce <= 3.0.2 - Missing Authorization LOW *-3.0.2 3.0.3 July 3, 2026
variable-inspector variable-inspector N/A Variable Inspector <= 2.6.2 - Reflected Cross-Site Scripting LOW *-2.6.2 2.6.3 July 3, 2026
team-section team-section N/A Team Section Block <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.9 1.1.0 July 3, 2026
system-dashboard system-dashboard N/A System Dashboard <= 2.8.18 - Authenticated (Subscriber+) Sensitive Information Exposure LOW *-2.8.18 2.8.19 July 3, 2026
strong-testimonials strong-testimonials N/A Strong Testimonials <= 3.2.3 - Missing Authorization LOW *-3.2.3 3.2.4 July 3, 2026
sms-alert sms-alert N/A SMS Alert Order Notifications – WooCommerce <= 3.7.8 - Reflected Cross-Site Scripting LOW *-3.7.8 3.7.9 July 3, 2026
small-package-quotes-unishippers-edition small-package-quotes-unishippers-edition N/A Small Package Quotes – Unishippers Edition <= 2.4.9 - Reflected Cross-Site Scripting LOW *-2.4.9 2.4.10 July 3, 2026
small-package-quotes-unishippers-edition small-package-quotes-unishippers-edition N/A Small Package Quotes – Unishippers Edition <= 2.4.9 - Missing Authorization LOW *-2.4.9 2.4.10 July 3, 2026
services-section services-section N/A Services Section block <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.4 1.3.5 July 3, 2026
recipe-card-blocks-by-wpzoom recipe-card-blocks-by-wpzoom N/A Recipe Card Blocks for Gutenberg & Elementor <= 3.4.3 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Disclosure LOW *-3.4.3 3.4.4 July 3, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid <= 5.9.4.3 - Authenticated (Subscriber+) PHP Object Injection LOW *-5.9.4.3 5.9.4.4 July 3, 2026
poll-maker poll-maker N/A Poll Maker <= 5.6.5 - Authenticated (Administrator+) SQL Injection LOW *-5.6.5 5.6.6 July 3, 2026
poll-maker poll-maker N/A Poll Maker <= 5.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.5.3 5.5.4 July 3, 2026
market-exporter market-exporter
93
Market Exporter <= 2.0.21 - Missing Authorization LOW *-2.0.21 2.0.22 July 3, 2026
majestic-support majestic-support
93
Majestic Support <= 1.0.6 - Unauthenticated Local File Inclusion LOW *-1.0.6 1.0.7 July 3, 2026
info-cards info-cards
93
Info Cards – Gutenberg block for creating Beautiful Cards <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.5 1.0.6 July 3, 2026
icon-list-block icon-list-block
93
Icon List Block <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.3 1.1.4 July 3, 2026
gdpr-cookie-compliance gdpr-cookie-compliance
93
GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.15.6 4.15.7 July 3, 2026
gdpr-cookie-compliance gdpr-cookie-compliance
93
GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.15.6 4.15.7 July 3, 2026
gdpr-cookie-compliance gdpr-cookie-compliance
93
GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.15.6 4.15.7 July 3, 2026
gdpr-cookie-compliance gdpr-cookie-compliance
93
GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.15.6 4.15.7 July 3, 2026
gdpr-cookie-compliance gdpr-cookie-compliance
93
GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.15.6 4.15.7 July 3, 2026
gdpr-cookie-compliance gdpr-cookie-compliance
93
GDPR Cookie Compliance <= 4.15.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.15.8 4.15.9 July 3, 2026
gdpr-cookie-compliance gdpr-cookie-compliance
93
GDPR Cookie Compliance <= 4.15.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.15.8 4.15.9 July 3, 2026
gallery-voting gallery-voting
93
Tribulant Gallery Voting <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.1 1.3 July 3, 2026
funnel-builder funnel-builder
93
Funnel Builder by FunnelKit <= 3.9.0 - Unauthenticated Local File Inclusion LOW *-3.9.0 3.9.1 July 3, 2026
FileBird – WordPress Media Library Folders & File Manager filebird
80
Filebird <= 6.4.2.1 - Authenticated (Author+) Insecure Direct Object Reference LOW *-6.4.2.1 6.4.6 July 3, 2026
events-for-geodirectory events-for-geodirectory
93
Events Calendar for GeoDirectory <= 2.3.14 - Authenticated (Contributor+) PHP Object Injection LOW *-2.3.14 2.3.15 July 3, 2026
estatik-mortgage-calculator estatik-mortgage-calculator
86
Estatik Mortgage Calculator <= 2.0.12 - Authenticated (Contributor+) Local File Inclusion LOW *-2.0.12 July 3, 2026
estatik estatik
89
Estatik <= 4.3.1 - Authenticated (Contributor+) Local File Inclusion LOW *-4.3.1 4.3.2 July 3, 2026
easy-quotes easy-quotes
93
Easy Quotes <= 1.2.2 - Unauthenticated SQL Injection LOW *-1.2.2 1.2.3 July 3, 2026
easy-elementor-addons easy-elementor-addons
93
Easy Elementor Addons <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.6 2.1.7 July 3, 2026
counters-block counters-block
93
Counters Block <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.2 1.1.3 July 3, 2026
countdown-time countdown-time
93
Countdown Timer <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.6 1.2.7 July 3, 2026
contact-form-lite contact-form-lite
93
Contact Form Plugin <= 1.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.25 1.1.27 July 3, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services chatbot
66
ChatBot <= 6.3.5 - Authenticated (Contributor+) Local File Inclusion LOW *-6.3.5 6.3.6 July 3, 2026
business-card-block business-card-block
93
Business Card Block <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.5 1.0.6 July 3, 2026
booking-and-rental-manager-for-woocommerce booking-and-rental-manager-for-woocommerce
93
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment <= 2.2.6 - Authenticated (Contributor+) PHP Object Injection LOW *-2.2.6 2.2.7 July 3, 2026
atarim-visual-collaboration atarim-visual-collaboration
93
Atarim <= 4.1.0 - Reflected Cross-Site Scripting LOW *-4.1.0 4.1.1 July 3, 2026
ar-for-wordpress ar-for-wordpress
95
AR For WordPress <= 7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.7 7.8 July 3, 2026
Booking for Appointments and Events Calendar – Amelia ameliabooking
97
Amelia <= 1.2.16 - Unauthenticated Insecure Direct Object Reference LOW *-1.2.16 1.2.17 July 3, 2026
affiliate-coupons affiliate-coupons
97
Affiliate Coupons <= 1.7.3 - Authenticated (Contributor+) Local File Inclusion LOW *-1.7.3 1.7.4 July 3, 2026
acf-frontend-form-element acf-frontend-form-element
97
Frontend Admin by DynamiApps <= 3.25.17 - Reflected Cross-Site Scripting LOW *-3.25.17 3.25.18 July 3, 2026
accessibe accessibe
97
Web Accessibility By accessiBe <= 2.5 - Reflected Cross-Site Scripting LOW *-2.5 2.6 July 3, 2026
easy-paypal-donation easy-paypal-donation
93
Accept Donations with PayPal & Stripe <= 1.4.4 - Reflected Cross-Site Scripting LOW *-1.4.4 1.4.5 July 3, 2026
sticky-menu-block sticky-menu-block N/A Sticky Content <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 1.0.2 July 3, 2026
smtp-sendinblue smtp-sendinblue N/A SMTP for Sendinblue – YaySMTP <= 1.2 - Unauthenticated Stored Cross-Site Scripting via Email Logs LOW *-1.2 1.3 July 3, 2026
smtp-sendgrid smtp-sendgrid N/A SMTP for SendGrid – YaySMTP <= 1.4 - Unauthenticated Stored Cross-Site Scripting via Email Logs LOW *-1.4 1.5 July 3, 2026
smtp-amazon-ses smtp-amazon-ses N/A Vulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs LOW *-1.8 1.9 July 3, 2026
search-with-typesense search-with-typesense N/A Search with Typesense <= 2.0.8 - Authenticated (Admin+) Path Traversal LOW *-2.0.8 2.0.9 July 3, 2026
s2member s2member N/A s2Member Pro <= 241216 - Reflected Cross-Site Scripting LOW *-241216 250214 July 3, 2026
helloprint helloprint
91
Helloprint <= 2.0.7 - Unauthenticated Arbitrary File Deletion LOW *-2.0.7 2.1.0 July 3, 2026
helloprint helloprint
91
Helloprint <= 2.0.7 - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-2.0.7 2.1.0 July 3, 2026
greenshift-animation-and-page-builder-blocks greenshift-animation-and-page-builder-blocks
93
Greenshift <= 10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-10.8 10.9 July 3, 2026
front-end-only-users front-end-only-users
89
Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.30 3.2.31 July 3, 2026
flexmls-idx flexmls-idx
93
Flexmls® IDX <= 3.14.27 - Unauthenticated PHP Object Injection LOW *-3.14.27 3.14.28 July 3, 2026
fast-flow-dashboard fast-flow-dashboard
93
Fast Flow <= 1.2.16 - Reflected Cross-Site Scripting LOW *-1.2.16 1.2.18 July 3, 2026
essential-blocks essential-blocks
93
Essential Blocks for Gutenberg <= 4.8.3 - Missing Authorization LOW *-4.8.3 4.8.4 July 3, 2026
elisqlreports elisqlreports
93
EZ SQL Reports Shortcode Widget and DB Backup <= 5.21.35 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.21.35 5.25.08 July 3, 2026
easy-notify-lite easy-notify-lite
93
Popup Builder <= 1.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.33 1.1.35 July 3, 2026
easy-charts easy-charts
93
Easy Charts <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.3 1.2.4 July 3, 2026
autoship-cloud autoship-cloud
91
Autoship Cloud for WooCommerce Subscription Products <= 2.8.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.8.0.1 2.8.1 July 3, 2026
assistant assistant
97
Assistant <= 1.5.1 - Authenticated (Editor+) PHP Object Injection LOW *-1.5.1 1.5.1.1 July 3, 2026
ip2location-country-blocker ip2location-country-blocker
93
IP2Location Country Blocker <= 2.38.8 - Missing Authorization to Unauthenticated Information Exposure via admin_init Function LOW *-2.38.8 2.38.9 July 3, 2026
rife-elementor-extensions rife-elementor-extensions N/A Rife Elementor Extensions & Templates <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Shortcode LOW *-1.2.5 1.2.6 July 3, 2026
ltl-freight-quotes-purolator-freight-edition ltl-freight-quotes-purolator-freight-edition
93
LTL Freight Quotes – Purolator Edition <= 2.2.3 - Unauthenticated SQL Injection LOW *-2.2.3 2.2.4 July 3, 2026
pago-redsys-tpv-grafreak pago-redsys-tpv-grafreak N/A Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting LOW *-1.0.12 1.0.13 July 3, 2026
post-grid post-grid N/A Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation LOW *-2.3.5 2.3.6 July 3, 2026
custom-post-type-date-archives custom-post-type-date-archives
91
Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution LOW *-2.7.1 July 3, 2026
mambo-joomla-importer mambo-joomla-importer
91
Mambo Importer <= 1.0 - Authenticated (Administrator+) PHP Object Injection LOW *-1.0 July 3, 2026
show-me-the-cookies show-me-the-cookies N/A Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution LOW *-1.0 July 3, 2026
svg-support svg-support N/A SVG Support <= 2.5.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-2.5.10 2.5.11 July 3, 2026
wpyog-documents wpyog-documents N/A WPYog Documents <= 1.3.5 - Reflected Cross-Site Scripting LOW *-1.3.5 1.3.6 July 3, 2026
WPvivid — Backup, Migration & Staging wpvivid-backuprestore
63
Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file LOW *-0.9.112 0.9.113 July 3, 2026
wp-video-posts wp-video-posts N/A WP Video Posts <= 3.5.1 - Reflected Cross-Site Scripting LOW *-3.5.1 July 3, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection LOW *-2.2.8 2.2.9 July 3, 2026
woocommerce-html5-video woocommerce-html5-video N/A WooCommerce HTML5 Video <= 1.7.10 - Reflected Cross-Site Scripting LOW *-1.7.10 July 3, 2026
woo-codice-fiscale woo-codice-fiscale N/A WOO Codice Fiscale <= 1.6.3 - Reflected Cross-Site Scripting LOW *-1.6.3 July 3, 2026
woo-better-customer-list woo-better-customer-list N/A Better Customer List for WooCommerce <= 1.2.3 - Reflected Cross-Site Scripting LOW *-1.2.3 July 3, 2026
webparex webparex N/A Shipmozo Courier Tracking <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
wc-qr-codes wc-qr-codes N/A QR Code for WooCommerce <= 1.2.0 - Reflected Cross-Site Scripting LOW *-1.2.0 July 3, 2026
user-list user-list N/A User List <= 1.5.1 - Reflected Cross-Site Scripting LOW *-1.5.1 July 3, 2026
theme-file-duplicator theme-file-duplicator N/A Theme File Duplicator <= 1.3 - Authenticated (Subscriber+) Arbitrary File Download LOW *-1.3 July 3, 2026
theme-file-duplicator theme-file-duplicator N/A Theme File Duplicator <= 1.3 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.3 July 3, 2026
terms-dictionary terms-dictionary N/A Terms Dictionary <= 1.5.1 - Reflected Cross-Site Scripting LOW *-1.5.1 July 3, 2026
ssquiz ssquiz N/A SS Quiz <= 2.0.5 - Unauthenticated PHP Object Injection LOW *-2.0.5 July 3, 2026
small-package-quotes-wwe-edition small-package-quotes-wwe-edition N/A Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection LOW *-5.2.18 5.2.19 July 3, 2026
simple-email-subscriber simple-email-subscriber N/A Simple Email Subscriber <= 2.3 - Reflected Cross-Site Scripting LOW *-2.3 July 3, 2026
saoshyant-slider saoshyant-slider N/A Saoshyant Slider <= 3.0 - Unauthenticated PHP Object Injection LOW *-3.0 July 3, 2026
restrict-taxonomies restrict-taxonomies N/A Restrict Taxonomies <= 1.3.3 - Reflected Cross-Site Scripting LOW *-1.3.3 July 3, 2026
residential-address-detection residential-address-detection N/A Residential Address Detection <= 2.5.4 - Unauthenticated Arbitrary Options Update LOW *-2.5.4 2.5.5 July 3, 2026
rebuild-permalinks rebuild-permalinks N/A Rebuild Permalinks <= 1.6 - Reflected Cross-Site Scripting LOW *-1.6 July 3, 2026
protected-wp-login protected-wp-login N/A Protected wp-login <= 2.1 - Reflected Cross-Site Scripting LOW *-2.1 July 3, 2026
photo-image-gallery photo-image-gallery N/A WordPress Photo Gallery – Image Gallery <= 2.0.4 - Reflected Cross-Site Scripting LOW *-2.0.4 July 3, 2026
page-and-post-lister page-and-post-lister
91
Page and Post Lister <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion LOW *-1.2.1 July 3, 2026
myticket-events myticket-events
91
MyTicket Events <= 1.2.4 - Unauthenticated Limited File Read LOW *-1.2.4 July 3, 2026
mapfig-premium-leaflet-map-maker mapfig-premium-leaflet-map-maker
91
AcuGIS Leaflet Maps <= 5.1.1.0 - Unauthenticated Stored Cross-Site Scripting LOW *-5.1.1.0 July 3, 2026
list-urls list-urls
91
List Urls <= 0.2 - Reflected Cross-Site Scripting LOW *-0.2 July 3, 2026
kush-micro-news kush-micro-news
91
Kush Micro News <= 1.6.7 - Unauthenticated Stored Cross-Site Scripting LOW *-1.6.7 July 3, 2026
LOW

wc-place-order-without-payment

wc-place-order-without-payment

Score: N/A WC Place Order Without Payment <= 2.6.7 - Unauthenticated Local File Inclusion Affected: *-2.6.7 Patched: 2.6.8 Updated: July 3, 2026
LOW

wc-order-limit-lite

wc-order-limit-lite

Score: N/A Order Limit for WooCommerce <= 3.0.2 - Missing Authorization Affected: *-3.0.2 Patched: 3.0.3 Updated: July 3, 2026
LOW

variable-inspector

variable-inspector

Score: N/A Variable Inspector <= 2.6.2 - Reflected Cross-Site Scripting Affected: *-2.6.2 Patched: 2.6.3 Updated: July 3, 2026
LOW

team-section

team-section

Score: N/A Team Section Block <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.1.0 Updated: July 3, 2026
LOW

system-dashboard

system-dashboard

Score: N/A System Dashboard <= 2.8.18 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-2.8.18 Patched: 2.8.19 Updated: July 3, 2026
LOW

strong-testimonials

strong-testimonials

Score: N/A Strong Testimonials <= 3.2.3 - Missing Authorization Affected: *-3.2.3 Patched: 3.2.4 Updated: July 3, 2026
LOW

sms-alert

sms-alert

Score: N/A SMS Alert Order Notifications – WooCommerce <= 3.7.8 - Reflected Cross-Site Scripting Affected: *-3.7.8 Patched: 3.7.9 Updated: July 3, 2026
LOW

small-package-quotes-unishippers-edition

small-package-quotes-unishippers-edition

Score: N/A Small Package Quotes – Unishippers Edition <= 2.4.9 - Reflected Cross-Site Scripting Affected: *-2.4.9 Patched: 2.4.10 Updated: July 3, 2026
LOW

small-package-quotes-unishippers-edition

small-package-quotes-unishippers-edition

Score: N/A Small Package Quotes – Unishippers Edition <= 2.4.9 - Missing Authorization Affected: *-2.4.9 Patched: 2.4.10 Updated: July 3, 2026
LOW

services-section

services-section

Score: N/A Services Section block <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.4 Patched: 1.3.5 Updated: July 3, 2026
LOW

recipe-card-blocks-by-wpzoom

recipe-card-blocks-by-wpzoom

Score: N/A Recipe Card Blocks for Gutenberg & Elementor <= 3.4.3 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Disclosure Affected: *-3.4.3 Patched: 3.4.4 Updated: July 3, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.9.4.3 - Authenticated (Subscriber+) PHP Object Injection Affected: *-5.9.4.3 Patched: 5.9.4.4 Updated: July 3, 2026
LOW

poll-maker

poll-maker

Score: N/A Poll Maker <= 5.6.5 - Authenticated (Administrator+) SQL Injection Affected: *-5.6.5 Patched: 5.6.6 Updated: July 3, 2026
LOW

poll-maker

poll-maker

Score: N/A Poll Maker <= 5.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.5.3 Patched: 5.5.4 Updated: July 3, 2026
LOW

market-exporter

market-exporter

Score: 93/100 Market Exporter <= 2.0.21 - Missing Authorization Affected: *-2.0.21 Patched: 2.0.22 Updated: July 3, 2026
LOW

majestic-support

majestic-support

Score: 93/100 Majestic Support <= 1.0.6 - Unauthenticated Local File Inclusion Affected: *-1.0.6 Patched: 1.0.7 Updated: July 3, 2026
LOW

info-cards

info-cards

Score: 93/100 Info Cards – Gutenberg block for creating Beautiful Cards <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: 1.0.6 Updated: July 3, 2026
LOW

icon-list-block

icon-list-block

Score: 93/100 Icon List Block <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: 1.1.4 Updated: July 3, 2026
LOW

gdpr-cookie-compliance

gdpr-cookie-compliance

Score: 93/100 GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.15.6 Patched: 4.15.7 Updated: July 3, 2026
LOW

gdpr-cookie-compliance

gdpr-cookie-compliance

Score: 93/100 GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.15.6 Patched: 4.15.7 Updated: July 3, 2026
LOW

gdpr-cookie-compliance

gdpr-cookie-compliance

Score: 93/100 GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.15.6 Patched: 4.15.7 Updated: July 3, 2026
LOW

gdpr-cookie-compliance

gdpr-cookie-compliance

Score: 93/100 GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.15.6 Patched: 4.15.7 Updated: July 3, 2026
LOW

gdpr-cookie-compliance

gdpr-cookie-compliance

Score: 93/100 GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.15.6 Patched: 4.15.7 Updated: July 3, 2026
LOW

gdpr-cookie-compliance

gdpr-cookie-compliance

Score: 93/100 GDPR Cookie Compliance <= 4.15.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.15.8 Patched: 4.15.9 Updated: July 3, 2026
LOW

gdpr-cookie-compliance

gdpr-cookie-compliance

Score: 93/100 GDPR Cookie Compliance <= 4.15.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.15.8 Patched: 4.15.9 Updated: July 3, 2026
LOW

gallery-voting

gallery-voting

Score: 93/100 Tribulant Gallery Voting <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.3 Updated: July 3, 2026
LOW

funnel-builder

funnel-builder

Score: 93/100 Funnel Builder by FunnelKit <= 3.9.0 - Unauthenticated Local File Inclusion Affected: *-3.9.0 Patched: 3.9.1 Updated: July 3, 2026
LOW

events-for-geodirectory

events-for-geodirectory

Score: 93/100 Events Calendar for GeoDirectory <= 2.3.14 - Authenticated (Contributor+) PHP Object Injection Affected: *-2.3.14 Patched: 2.3.15 Updated: July 3, 2026
LOW

estatik-mortgage-calculator

estatik-mortgage-calculator

Score: 86/100 Estatik Mortgage Calculator <= 2.0.12 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.0.12 Patched: Updated: July 3, 2026
LOW

estatik

estatik

Score: 89/100 Estatik <= 4.3.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.3.1 Patched: 4.3.2 Updated: July 3, 2026
LOW

easy-quotes

easy-quotes

Score: 93/100 Easy Quotes <= 1.2.2 - Unauthenticated SQL Injection Affected: *-1.2.2 Patched: 1.2.3 Updated: July 3, 2026
LOW

easy-elementor-addons

easy-elementor-addons

Score: 93/100 Easy Elementor Addons <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: July 3, 2026
LOW

counters-block

counters-block

Score: 93/100 Counters Block <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: July 3, 2026
LOW

countdown-time

countdown-time

Score: 93/100 Countdown Timer <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.6 Patched: 1.2.7 Updated: July 3, 2026
LOW

contact-form-lite

contact-form-lite

Score: 93/100 Contact Form Plugin <= 1.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.25 Patched: 1.1.27 Updated: July 3, 2026
LOW

business-card-block

business-card-block

Score: 93/100 Business Card Block <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: 1.0.6 Updated: July 3, 2026
LOW

booking-and-rental-manager-for-woocommerce

booking-and-rental-manager-for-woocommerce

Score: 93/100 Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment <= 2.2.6 - Authenticated (Contributor+) PHP Object Injection Affected: *-2.2.6 Patched: 2.2.7 Updated: July 3, 2026
LOW

atarim-visual-collaboration

atarim-visual-collaboration

Score: 93/100 Atarim <= 4.1.0 - Reflected Cross-Site Scripting Affected: *-4.1.0 Patched: 4.1.1 Updated: July 3, 2026
LOW

ar-for-wordpress

ar-for-wordpress

Score: 95/100 AR For WordPress <= 7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.7 Patched: 7.8 Updated: July 3, 2026
LOW

affiliate-coupons

affiliate-coupons

Score: 97/100 Affiliate Coupons <= 1.7.3 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.7.3 Patched: 1.7.4 Updated: July 3, 2026
LOW

acf-frontend-form-element

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.25.17 - Reflected Cross-Site Scripting Affected: *-3.25.17 Patched: 3.25.18 Updated: July 3, 2026
LOW

accessibe

accessibe

Score: 97/100 Web Accessibility By accessiBe <= 2.5 - Reflected Cross-Site Scripting Affected: *-2.5 Patched: 2.6 Updated: July 3, 2026
LOW

easy-paypal-donation

easy-paypal-donation

Score: 93/100 Accept Donations with PayPal & Stripe <= 1.4.4 - Reflected Cross-Site Scripting Affected: *-1.4.4 Patched: 1.4.5 Updated: July 3, 2026
LOW

sticky-menu-block

sticky-menu-block

Score: N/A Sticky Content <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: July 3, 2026
LOW

smtp-sendinblue

smtp-sendinblue

Score: N/A SMTP for Sendinblue – YaySMTP <= 1.2 - Unauthenticated Stored Cross-Site Scripting via Email Logs Affected: *-1.2 Patched: 1.3 Updated: July 3, 2026
LOW

smtp-sendgrid

smtp-sendgrid

Score: N/A SMTP for SendGrid – YaySMTP <= 1.4 - Unauthenticated Stored Cross-Site Scripting via Email Logs Affected: *-1.4 Patched: 1.5 Updated: July 3, 2026
LOW

smtp-amazon-ses

smtp-amazon-ses

Score: N/A Vulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs Affected: *-1.8 Patched: 1.9 Updated: July 3, 2026
LOW

search-with-typesense

search-with-typesense

Score: N/A Search with Typesense <= 2.0.8 - Authenticated (Admin+) Path Traversal Affected: *-2.0.8 Patched: 2.0.9 Updated: July 3, 2026
LOW

s2member

s2member

Score: N/A s2Member Pro <= 241216 - Reflected Cross-Site Scripting Affected: *-241216 Patched: 250214 Updated: July 3, 2026
LOW

helloprint

helloprint

Score: 91/100 Helloprint <= 2.0.7 - Unauthenticated Arbitrary File Deletion Affected: *-2.0.7 Patched: 2.1.0 Updated: July 3, 2026
LOW

helloprint

helloprint

Score: 91/100 Helloprint <= 2.0.7 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-2.0.7 Patched: 2.1.0 Updated: July 3, 2026
LOW

greenshift-animation-and-page-builder-blocks

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift <= 10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-10.8 Patched: 10.9 Updated: July 3, 2026
LOW

front-end-only-users

front-end-only-users

Score: 89/100 Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.30 Patched: 3.2.31 Updated: July 3, 2026
LOW

flexmls-idx

flexmls-idx

Score: 93/100 Flexmls® IDX <= 3.14.27 - Unauthenticated PHP Object Injection Affected: *-3.14.27 Patched: 3.14.28 Updated: July 3, 2026
LOW

fast-flow-dashboard

fast-flow-dashboard

Score: 93/100 Fast Flow <= 1.2.16 - Reflected Cross-Site Scripting Affected: *-1.2.16 Patched: 1.2.18 Updated: July 3, 2026
LOW

essential-blocks

essential-blocks

Score: 93/100 Essential Blocks for Gutenberg <= 4.8.3 - Missing Authorization Affected: *-4.8.3 Patched: 4.8.4 Updated: July 3, 2026
LOW

elisqlreports

elisqlreports

Score: 93/100 EZ SQL Reports Shortcode Widget and DB Backup <= 5.21.35 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.21.35 Patched: 5.25.08 Updated: July 3, 2026
LOW

easy-notify-lite

easy-notify-lite

Score: 93/100 Popup Builder <= 1.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.33 Patched: 1.1.35 Updated: July 3, 2026
LOW

easy-charts

easy-charts

Score: 93/100 Easy Charts <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: July 3, 2026
LOW

autoship-cloud

autoship-cloud

Score: 91/100 Autoship Cloud for WooCommerce Subscription Products <= 2.8.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.0.1 Patched: 2.8.1 Updated: July 3, 2026
LOW

assistant

assistant

Score: 97/100 Assistant <= 1.5.1 - Authenticated (Editor+) PHP Object Injection Affected: *-1.5.1 Patched: 1.5.1.1 Updated: July 3, 2026
LOW

ip2location-country-blocker

ip2location-country-blocker

Score: 93/100 IP2Location Country Blocker <= 2.38.8 - Missing Authorization to Unauthenticated Information Exposure via admin_init Function Affected: *-2.38.8 Patched: 2.38.9 Updated: July 3, 2026
LOW

rife-elementor-extensions

rife-elementor-extensions

Score: N/A Rife Elementor Extensions & Templates <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Shortcode Affected: *-1.2.5 Patched: 1.2.6 Updated: July 3, 2026
LOW

ltl-freight-quotes-purolator-freight-edition

ltl-freight-quotes-purolator-freight-edition

Score: 93/100 LTL Freight Quotes – Purolator Edition <= 2.2.3 - Unauthenticated SQL Injection Affected: *-2.2.3 Patched: 2.2.4 Updated: July 3, 2026
LOW

pago-redsys-tpv-grafreak

pago-redsys-tpv-grafreak

Score: N/A Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting Affected: *-1.0.12 Patched: 1.0.13 Updated: July 3, 2026
LOW

post-grid

post-grid

Score: N/A Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation Affected: *-2.3.5 Patched: 2.3.6 Updated: July 3, 2026
LOW

custom-post-type-date-archives

custom-post-type-date-archives

Score: 91/100 Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution Affected: *-2.7.1 Patched: Updated: July 3, 2026
LOW

mambo-joomla-importer

mambo-joomla-importer

Score: 91/100 Mambo Importer <= 1.0 - Authenticated (Administrator+) PHP Object Injection Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

show-me-the-cookies

show-me-the-cookies

Score: N/A Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

svg-support

svg-support

Score: N/A SVG Support <= 2.5.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-2.5.10 Patched: 2.5.11 Updated: July 3, 2026
LOW

wpyog-documents

wpyog-documents

Score: N/A WPYog Documents <= 1.3.5 - Reflected Cross-Site Scripting Affected: *-1.3.5 Patched: 1.3.6 Updated: July 3, 2026
LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file Affected: *-0.9.112 Patched: 0.9.113 Updated: July 3, 2026
LOW

wp-video-posts

wp-video-posts

Score: N/A WP Video Posts <= 3.5.1 - Reflected Cross-Site Scripting Affected: *-3.5.1 Patched: Updated: July 3, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection Affected: *-2.2.8 Patched: 2.2.9 Updated: July 3, 2026
LOW

woocommerce-html5-video

woocommerce-html5-video

Score: N/A WooCommerce HTML5 Video <= 1.7.10 - Reflected Cross-Site Scripting Affected: *-1.7.10 Patched: Updated: July 3, 2026
LOW

woo-codice-fiscale

woo-codice-fiscale

Score: N/A WOO Codice Fiscale <= 1.6.3 - Reflected Cross-Site Scripting Affected: *-1.6.3 Patched: Updated: July 3, 2026
LOW

woo-better-customer-list

woo-better-customer-list

Score: N/A Better Customer List for WooCommerce <= 1.2.3 - Reflected Cross-Site Scripting Affected: *-1.2.3 Patched: Updated: July 3, 2026
LOW

webparex

webparex

Score: N/A Shipmozo Courier Tracking <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

wc-qr-codes

wc-qr-codes

Score: N/A QR Code for WooCommerce <= 1.2.0 - Reflected Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 3, 2026
LOW

user-list

user-list

Score: N/A User List <= 1.5.1 - Reflected Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 3, 2026
LOW

theme-file-duplicator

theme-file-duplicator

Score: N/A Theme File Duplicator <= 1.3 - Authenticated (Subscriber+) Arbitrary File Download Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

theme-file-duplicator

theme-file-duplicator

Score: N/A Theme File Duplicator <= 1.3 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

terms-dictionary

terms-dictionary

Score: N/A Terms Dictionary <= 1.5.1 - Reflected Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 3, 2026
LOW

ssquiz

ssquiz

Score: N/A SS Quiz <= 2.0.5 - Unauthenticated PHP Object Injection Affected: *-2.0.5 Patched: Updated: July 3, 2026
LOW

small-package-quotes-wwe-edition

small-package-quotes-wwe-edition

Score: N/A Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection Affected: *-5.2.18 Patched: 5.2.19 Updated: July 3, 2026
LOW

simple-email-subscriber

simple-email-subscriber

Score: N/A Simple Email Subscriber <= 2.3 - Reflected Cross-Site Scripting Affected: *-2.3 Patched: Updated: July 3, 2026
LOW

saoshyant-slider

saoshyant-slider

Score: N/A Saoshyant Slider <= 3.0 - Unauthenticated PHP Object Injection Affected: *-3.0 Patched: Updated: July 3, 2026
LOW

restrict-taxonomies

restrict-taxonomies

Score: N/A Restrict Taxonomies <= 1.3.3 - Reflected Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 3, 2026
LOW

residential-address-detection

residential-address-detection

Score: N/A Residential Address Detection <= 2.5.4 - Unauthenticated Arbitrary Options Update Affected: *-2.5.4 Patched: 2.5.5 Updated: July 3, 2026
LOW

rebuild-permalinks

rebuild-permalinks

Score: N/A Rebuild Permalinks <= 1.6 - Reflected Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 3, 2026
LOW

protected-wp-login

protected-wp-login

Score: N/A Protected wp-login <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 3, 2026
LOW

photo-image-gallery

photo-image-gallery

Score: N/A WordPress Photo Gallery – Image Gallery <= 2.0.4 - Reflected Cross-Site Scripting Affected: *-2.0.4 Patched: Updated: July 3, 2026
LOW

page-and-post-lister

page-and-post-lister

Score: 91/100 Page and Post Lister <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion Affected: *-1.2.1 Patched: Updated: July 3, 2026
LOW

myticket-events

myticket-events

Score: 91/100 MyTicket Events <= 1.2.4 - Unauthenticated Limited File Read Affected: *-1.2.4 Patched: Updated: July 3, 2026
LOW

mapfig-premium-leaflet-map-maker

mapfig-premium-leaflet-map-maker

Score: 91/100 AcuGIS Leaflet Maps <= 5.1.1.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.1.1.0 Patched: Updated: July 3, 2026
LOW

list-urls

list-urls

Score: 91/100 List Urls <= 0.2 - Reflected Cross-Site Scripting Affected: *-0.2 Patched: Updated: July 3, 2026
LOW

kush-micro-news

kush-micro-news

Score: 91/100 Kush Micro News <= 1.6.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.6.7 Patched: Updated: July 3, 2026

Showing 11801 to 11900 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 10:17 UTC.