Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
html5-audio-player	html5-audio-player	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.2.27	2.5.1	June 29, 2026
gs-testimonial	gs-testimonial	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.2.8	3.2.9	June 29, 2026
gs-team-members	gs-team-members	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.5.8	2.6.1	June 29, 2026
AI Puffer – Chat. Create. Automate. (formerly AI Power)	gpt3-ai-content-generator	92	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.8.99	2.3.17	June 29, 2026
goal-tracker-ga	goal-tracker-ga	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.1.5	1.1.6	June 29, 2026
go-fetch-jobs-wp-job-manager	go-fetch-jobs-wp-job-manager	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.8.4.8.1	1.8.4.9.1	June 29, 2026
glossary-by-codeat	glossary-by-codeat	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.2.38	2.2.39	June 29, 2026
geo-mashup	geo-mashup	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.13.15	1.13.16	June 29, 2026
ga-for-wp	ga-for-wp	89	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.6.0	2.10.0	June 29, 2026
fullworks-anti-spam	fullworks-anti-spam	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.3.7	2.3.12	June 29, 2026
fullscreen-background	fullscreen-background	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.0.2	2.0.3	June 29, 2026
Gallery by FooGallery	foogallery	82	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.4.27	2.4.29	June 29, 2026
foobox-image-lightbox	foobox-image-lightbox	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.7.33	2.7.34	June 29, 2026
foobar-notifications-lite	foobar-notifications-lite	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.1.34	2.1.35	June 29, 2026
five-star-ratings-shortcode	five-star-ratings-shortcode	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.2.56	1.2.57	June 29, 2026
featured-images-for-rss-feeds	featured-images-for-rss-feeds	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.6.3	1.6.4	June 29, 2026
events-addon-for-elementor	events-addon-for-elementor	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.2.2	2.2.5	June 29, 2026
embedder-for-google-reviews	embedder-for-google-reviews	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.6.6	1.7.5	June 29, 2026
elespare	elespare	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.3.2	3.3.4	June 29, 2026
eazydocs	eazydocs	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.5.7	2.5.9	June 29, 2026
easy-marijuana-age-verify	easy-marijuana-age-verify	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.5.5	1.6	June 29, 2026
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress	easy-facebook-likebox	72	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-6.6.5	6.6.6	June 29, 2026
easy-age-verify	easy-age-verify	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.8.5	1.9	June 29, 2026
dynamic-copyright-year	dynamic-copyright-year	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.0.4	1.1	June 29, 2026
dracula-dark-mode	dracula-dark-mode	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.2.7	1.2.8	June 29, 2026
display-a-meta-field-as-block	display-a-meta-field-as-block	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.3.3	1.3.4	June 29, 2026
delete-old-posts-programmatically	delete-old-posts-programmatically	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.9.6	3.9.7	June 29, 2026
custom-php-settings	custom-php-settings	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.3.1	2.3.2	June 29, 2026
custom-page-templates-by-vegacorp	custom-page-templates-by-vegacorp	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.1.16	1.1.17	June 29, 2026
Contact Form 7 Multi-Step Forms	contact-form-7-multi-step-module	97	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-4.4.1	4.4.2	June 29, 2026
code-manager	code-manager	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.0.40	1.0.41	June 29, 2026
cf7-styler	cf7-styler	91	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.7.0	1.7.1	June 29, 2026
Message Filter for Contact Form 7	cf7-message-filter	89	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.6.3.2	1.6.3.3	June 29, 2026
bulletin-announcements	bulletin-announcements	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.12.1	3.13.1	June 29, 2026
bulk-image-alt-text-with-yoast	bulk-image-alt-text-with-yoast	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.1.0	2.2.0	June 29, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages	bp-better-messages	75	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.6.7	2.7.0	June 29, 2026
blog-designer-pack	blog-designer-pack	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.4.9	3.4.11	June 29, 2026
blockspare	blockspare	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.2.6	3.2.8	June 29, 2026
bbp-core	bbp-core	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.2.7	1.2.9	June 29, 2026
basepress	basepress	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.16.3.3	2.16.3.6	June 29, 2026
bBlocks – Essential Gutenberg Blocks & Patterns Collection	b-blocks	90	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.9.8	2.0.19	June 29, 2026
automatic-youtube-gallery	automatic-youtube-gallery	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.5.5	2.5.6	June 29, 2026
automatic-internal-links-for-seo	automatic-internal-links-for-seo	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.0.0	2.0.1	June 29, 2026
auto-install-free-ssl	auto-install-free-ssl	93	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-4.5.0	4.5.1	June 29, 2026
alt-manager	alt-manager	97	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.6.3	1.6.6	June 29, 2026
aibuddy-openai-chatgpt	aibuddy-openai-chatgpt	95	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.7.2	1.8.5	June 29, 2026
advanced-scrollbar	advanced-scrollbar	97	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.1.3	1.1.10	June 29, 2026
advanced-classifieds-and-directory-pro	advanced-classifieds-and-directory-pro	97	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.2.4	3.2.5	June 29, 2026
advance-wc-analytics	advance-wc-analytics	97	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-3.12.0	3.16.0	June 29, 2026
add-search-to-menu	add-search-to-menu	97	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-5.5.8	5.5.9	June 29, 2026
add-fields-to-checkout-page-woocommerce	add-fields-to-checkout-page-woocommerce	95	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-1.3.4		June 29, 2026
add-expires-headers	add-expires-headers	97	Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter	LOW	*-2.9.2	2.10.0	June 29, 2026
wp-editor	wp-editor	N/A	WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor	LOW	*-1.2.9.2	1.2.9.3	June 29, 2026
ultimate-dashboard	ultimate-dashboard	N/A	Ultimate Dashboard <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation	LOW	*-3.8.14	3.8.15	June 29, 2026
jet-engine	jet-engine	93	JetEngine <= 3.8.8.1 - Unauthenticated SQL Injection	LOW	*-3.8.8.1	3.8.8.2	June 29, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API	LOW	*-4.0.4	4.0.5	June 29, 2026
boldgrid-backup	boldgrid-backup	93	Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation	LOW	*-1.17.1	1.17.2	June 29, 2026
Five Star Restaurant Reservations – WordPress Booking Plugin	restaurant-reservations	N/A	Five Star Restaurant Reservations <= 2.7.16 - Unauthenticated Payment Bypass via PHP Type Juggling in 'payment_id' Parameter	LOW	*-2.7.16	2.7.17	June 29, 2026
wppizza	wppizza	N/A	WPPizza – A Restaurant Plugin <= 3.19.9 - Authenticated (Subscriber+) Information Exposure	LOW	*-3.19.9	3.20	June 29, 2026
wp-payment-form	wp-payment-form	N/A	Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management <= 4.6.19 - Missing Authorization	LOW	*-4.6.19	4.6.20	June 29, 2026
wp-event-solution	wp-event-solution	N/A	Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) <= 4.1.8 - Missing Authorization	LOW	*-4.1.8	4.1.9	June 29, 2026
wallet-system-for-woocommerce	wallet-system-for-woocommerce	N/A	Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments <= 2.7.5 - Missing Authorization	LOW	*-2.7.5	2.7.6	June 29, 2026
powerpack-elements	powerpack-elements	N/A	PowerPack Pro for Elementor < v2.13.0 - Missing Authorization	LOW	[*, v2.13.0)	2.13.0	June 29, 2026
otter-blocks	otter-blocks	N/A	Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie	LOW	*-3.1.4	3.1.5	June 29, 2026
joomsport-sports-league-results-management	joomsport-sports-league-results-management	93	JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.7.7 - Unauthenticated SQL Injection	LOW	*-5.7.7	5.7.8	June 29, 2026
gd-rating-system	gd-rating-system	93	GD Rating System <= 3.6.2 - Unauthenticated SQL Injection	LOW	*-3.6.2	3.7	June 29, 2026
favicon-rotator	favicon-rotator	93	Favicon Rotator <= 1.2.11 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.2.11	1.2.12	June 29, 2026
contest-gallery	contest-gallery	93	Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.7 - Missing Authorization	LOW	*-28.1.7	29.0.0	June 29, 2026
contest-gallery	contest-gallery	93	Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-28.1.6	29.0.0	June 29, 2026
contest-gallery	contest-gallery	93	Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.7 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-28.1.7	29.0.0	June 29, 2026
classified-listing	classified-listing	93	Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.3.9 - Missing Authorization	LOW	*-5.3.9	5.3.10	June 29, 2026
classified-listing	classified-listing	93	Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.3.8 - Missing Authorization	LOW	*-5.3.8	5.3.9	June 29, 2026
classified-listing	classified-listing	93	Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.3.8 - Unauthenticated Stored Cross-Site Scripting	LOW	*-5.3.8	5.3.9	June 29, 2026
automatorwp	automatorwp	93	AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.6.7 - Unauthenticated Stored Cross-Site Scripting	LOW	*-5.6.7	5.6.8	June 29, 2026
advanced-form-integration	advanced-form-integration	97	AFI – The Easiest Integration Plugin <= 1.126.12 - Missing Authorization	LOW	*-1.126.12	1.127.0	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint	LOW	*-7.4.5	7.4.6	June 29, 2026
WP Meteor Website Speed Optimization Addon	wp-meteor	95	WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting via Comment	LOW	*-3.4.16	3.4.17	June 29, 2026
Check & Log Email – Easy Email Testing & Mail logging	check-email	84	Check & Log Email – Easy Email Testing & Mail logging < 2.0.13 - Unauthenticated Stored Cross-Site Scripting	LOW	[*, 2.0.13)	2.0.13	June 29, 2026
Booking for Appointments and Events Calendar – Amelia	ameliabooking	97	Booking for Appointments and Events Calendar – Amelia <= 2.2 - Missing Authorization	LOW	*-2.2	2.2.1	June 29, 2026
Booking Package	booking-package	85	Booking Package <= 1.7.06 - Unauthenticated Price Manipulation via 'amount' Parameter	LOW	*-1.7.06	1.7.07	June 29, 2026
timeline-blocks	timeline-blocks	N/A	Timeline Blocks for Gutenberg <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' Block Attribute	LOW	*-1.1.10	1.1.11	June 29, 2026
social-post-embed	social-post-embed	N/A	Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed	LOW	*-2.0.1	2.0.2	June 29, 2026
WPC Smart Messages for WooCommerce	wpc-smart-messages	N/A	WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute	LOW	*-4.2.8	4.2.9	June 29, 2026
LatePoint – Calendar Booking Plugin for Appointments and Events	latepoint	83	LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability	LOW	*-5.4.1	5.4.2	June 29, 2026
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration	wp-user-frontend	N/A	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Missing Authorization	LOW	*-4.3.1	4.3.2	June 29, 2026
thegem-elements-elementor	thegem-elements-elementor	N/A	TheGem Theme Elements < 5.12.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 5.12.1.1)	5.12.1.1	June 29, 2026
templately	templately	N/A	Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! <= 3.6.1 - Authenticated (Contributor+) Information Exposure	LOW	*-3.6.1	3.6.2	June 29, 2026
sureforms-pro	sureforms-pro	N/A	SureForms Pro <= 2.8.0 - Missing Authorization	LOW	*-2.8.0	2.8.1	June 29, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin	simply-schedule-appointments	N/A	Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.11.2 - Unauthenticated Sensitive Information Exposure	LOW	[*, 1.6.11.2)	1.6.11.2	June 29, 2026
profile-builder-pro	profile-builder-pro	N/A	Profile Builder Pro <= 3.15.0 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.15.0	3.15.1	June 29, 2026
order-delivery-date-for-woocommerce	order-delivery-date-for-woocommerce	N/A	Order Delivery Date for WooCommerce <= 4.5.1 - Unauthenticated SQL Injection	LOW	*-4.5.1	4.5.2	June 29, 2026
funnel-builder	funnel-builder	93	FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.15.0.1 - Unauthenticated SQL Injection	LOW	*-3.15.0.1	3.15.0.2	June 29, 2026
highland-software-custom-role-manager	highland-software-custom-role-manager	93	Highland Software Custom Role Manager <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.0.0	1.0.1	June 29, 2026
webdesignby-recaptcha	webdesignby-recaptcha	N/A	reCaptcha by WebDesignBy < 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 2.0)	2.0	June 29, 2026
mycred	mycred	N/A	Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred <= 3.0.3 - Missing Authorization	LOW	*-3.0.3	3.0.4	June 29, 2026
ht-mega-for-elementor	ht-mega-for-elementor	93	HT Mega Addons for Elementor – Elementor Widgets & Template Builder < 3.0.7 - Unauthenticated Information Exposure	LOW	[*, 3.0.7)	3.0.7	June 29, 2026
groundhogg	groundhogg	93	Groundhogg — CRM, Newsletters, and Marketing Automation < 4.4.1 - Missing Authorization	LOW	[*, 4.4.1)	4.4.1	June 29, 2026
iteras	iteras	93	ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.8.2	1.8.3	June 29, 2026
leadin	leadin	93	HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure	LOW	*-11.3.32	11.3.33	June 29, 2026
liaison-site-prober	liaison-site-prober	93	Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint	LOW	*-1.2.1	1.2.2	June 29, 2026

LOW

html5-audio-player

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.2.27 Patched: 2.5.1 Updated: June 29, 2026

LOW

gs-testimonial

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.2.8 Patched: 3.2.9 Updated: June 29, 2026

LOW

gs-team-members

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.5.8 Patched: 2.6.1 Updated: June 29, 2026

LOW

AI Puffer – Chat. Create. Automate. (formerly AI Power)

gpt3-ai-content-generator

Score: 92/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.8.99 Patched: 2.3.17 Updated: June 29, 2026

LOW

goal-tracker-ga

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.1.5 Patched: 1.1.6 Updated: June 29, 2026

LOW

go-fetch-jobs-wp-job-manager

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.8.4.8.1 Patched: 1.8.4.9.1 Updated: June 29, 2026

LOW

glossary-by-codeat

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.2.38 Patched: 2.2.39 Updated: June 29, 2026

LOW

geo-mashup

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.13.15 Patched: 1.13.16 Updated: June 29, 2026

LOW

ga-for-wp

Score: 89/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.6.0 Patched: 2.10.0 Updated: June 29, 2026

LOW

fullworks-anti-spam

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.3.7 Patched: 2.3.12 Updated: June 29, 2026

LOW

fullscreen-background

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.0.2 Patched: 2.0.3 Updated: June 29, 2026

LOW

Gallery by FooGallery

foogallery

Score: 82/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.4.27 Patched: 2.4.29 Updated: June 29, 2026

LOW

foobox-image-lightbox

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.7.33 Patched: 2.7.34 Updated: June 29, 2026

LOW

foobar-notifications-lite

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.1.34 Patched: 2.1.35 Updated: June 29, 2026

LOW

five-star-ratings-shortcode

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.2.56 Patched: 1.2.57 Updated: June 29, 2026

LOW

featured-images-for-rss-feeds

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.6.3 Patched: 1.6.4 Updated: June 29, 2026

LOW

events-addon-for-elementor

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.2.2 Patched: 2.2.5 Updated: June 29, 2026

LOW

embedder-for-google-reviews

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.6.6 Patched: 1.7.5 Updated: June 29, 2026

LOW

elespare

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.3.2 Patched: 3.3.4 Updated: June 29, 2026

LOW

eazydocs

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.5.7 Patched: 2.5.9 Updated: June 29, 2026

LOW

easy-marijuana-age-verify

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.5.5 Patched: 1.6 Updated: June 29, 2026

LOW

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

easy-facebook-likebox

Score: 72/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-6.6.5 Patched: 6.6.6 Updated: June 29, 2026

LOW

easy-age-verify

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.8.5 Patched: 1.9 Updated: June 29, 2026

LOW

dynamic-copyright-year

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.0.4 Patched: 1.1 Updated: June 29, 2026

LOW

dracula-dark-mode

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.2.7 Patched: 1.2.8 Updated: June 29, 2026

LOW

display-a-meta-field-as-block

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.3.3 Patched: 1.3.4 Updated: June 29, 2026

LOW

delete-old-posts-programmatically

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.9.6 Patched: 3.9.7 Updated: June 29, 2026

LOW

custom-php-settings

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.3.1 Patched: 2.3.2 Updated: June 29, 2026

LOW

custom-page-templates-by-vegacorp

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.1.16 Patched: 1.1.17 Updated: June 29, 2026

LOW

Contact Form 7 Multi-Step Forms

contact-form-7-multi-step-module

Score: 97/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-4.4.1 Patched: 4.4.2 Updated: June 29, 2026

LOW

code-manager

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.0.40 Patched: 1.0.41 Updated: June 29, 2026

LOW

cf7-styler

Score: 91/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.7.0 Patched: 1.7.1 Updated: June 29, 2026

LOW

Message Filter for Contact Form 7

cf7-message-filter

Score: 89/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.6.3.2 Patched: 1.6.3.3 Updated: June 29, 2026

LOW

bulletin-announcements

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.12.1 Patched: 3.13.1 Updated: June 29, 2026

LOW

bulk-image-alt-text-with-yoast

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.1.0 Patched: 2.2.0 Updated: June 29, 2026

LOW

Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages

bp-better-messages

Score: 75/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.6.7 Patched: 2.7.0 Updated: June 29, 2026

LOW

blog-designer-pack

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.4.9 Patched: 3.4.11 Updated: June 29, 2026

LOW

blockspare

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.2.6 Patched: 3.2.8 Updated: June 29, 2026

LOW

bbp-core

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.2.7 Patched: 1.2.9 Updated: June 29, 2026

LOW

basepress

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.16.3.3 Patched: 2.16.3.6 Updated: June 29, 2026

LOW

bBlocks – Essential Gutenberg Blocks & Patterns Collection

b-blocks

Score: 90/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.9.8 Patched: 2.0.19 Updated: June 29, 2026

LOW

automatic-youtube-gallery

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.5.5 Patched: 2.5.6 Updated: June 29, 2026

LOW

automatic-internal-links-for-seo

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.0.0 Patched: 2.0.1 Updated: June 29, 2026

LOW

auto-install-free-ssl

Score: 93/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-4.5.0 Patched: 4.5.1 Updated: June 29, 2026

LOW

alt-manager

Score: 97/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.6.3 Patched: 1.6.6 Updated: June 29, 2026

LOW

aibuddy-openai-chatgpt

Score: 95/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.7.2 Patched: 1.8.5 Updated: June 29, 2026

LOW

advanced-scrollbar

Score: 97/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.1.3 Patched: 1.1.10 Updated: June 29, 2026

LOW

advanced-classifieds-and-directory-pro

Score: 97/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.2.4 Patched: 3.2.5 Updated: June 29, 2026

LOW

advance-wc-analytics

Score: 97/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-3.12.0 Patched: 3.16.0 Updated: June 29, 2026

LOW

add-search-to-menu

Score: 97/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-5.5.8 Patched: 5.5.9 Updated: June 29, 2026

LOW

add-fields-to-checkout-page-woocommerce

Score: 95/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-1.3.4 Patched: Updated: June 29, 2026

LOW

add-expires-headers

Score: 97/100 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Affected: *-2.9.2 Patched: 2.10.0 Updated: June 29, 2026

LOW

wp-editor

Score: N/A WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor Affected: *-1.2.9.2 Patched: 1.2.9.3 Updated: June 29, 2026

LOW

ultimate-dashboard

Score: N/A Ultimate Dashboard <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation Affected: *-3.8.14 Patched: 3.8.15 Updated: June 29, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.8.8.1 - Unauthenticated SQL Injection Affected: *-3.8.8.1 Patched: 3.8.8.2 Updated: June 29, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Affected: *-4.0.4 Patched: 4.0.5 Updated: June 29, 2026

LOW

boldgrid-backup

Score: 93/100 Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation Affected: *-1.17.1 Patched: 1.17.2 Updated: June 29, 2026

LOW

Five Star Restaurant Reservations – WordPress Booking Plugin

restaurant-reservations

Score: N/A Five Star Restaurant Reservations <= 2.7.16 - Unauthenticated Payment Bypass via PHP Type Juggling in 'payment_id' Parameter Affected: *-2.7.16 Patched: 2.7.17 Updated: June 29, 2026

LOW

wppizza

Score: N/A WPPizza – A Restaurant Plugin <= 3.19.9 - Authenticated (Subscriber+) Information Exposure Affected: *-3.19.9 Patched: 3.20 Updated: June 29, 2026

LOW

Score: N/A Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management <= 4.6.19 - Missing Authorization Affected: *-4.6.19 Patched: 4.6.20 Updated: June 29, 2026

LOW

wp-event-solution

Score: N/A Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) <= 4.1.8 - Missing Authorization Affected: *-4.1.8 Patched: 4.1.9 Updated: June 29, 2026

LOW

wallet-system-for-woocommerce

Score: N/A Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments <= 2.7.5 - Missing Authorization Affected: *-2.7.5 Patched: 2.7.6 Updated: June 29, 2026

LOW

powerpack-elements

Score: N/A PowerPack Pro for Elementor < v2.13.0 - Missing Authorization Affected: [*, v2.13.0) Patched: 2.13.0 Updated: June 29, 2026

LOW

otter-blocks

Score: N/A Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie Affected: *-3.1.4 Patched: 3.1.5 Updated: June 29, 2026

LOW

joomsport-sports-league-results-management

Score: 93/100 JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.7.7 - Unauthenticated SQL Injection Affected: *-5.7.7 Patched: 5.7.8 Updated: June 29, 2026

LOW

gd-rating-system

Score: 93/100 GD Rating System <= 3.6.2 - Unauthenticated SQL Injection Affected: *-3.6.2 Patched: 3.7 Updated: June 29, 2026

LOW

favicon-rotator

Score: 93/100 Favicon Rotator <= 1.2.11 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.2.11 Patched: 1.2.12 Updated: June 29, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.7 - Missing Authorization Affected: *-28.1.7 Patched: 29.0.0 Updated: June 29, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-28.1.6 Patched: 29.0.0 Updated: June 29, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.7 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-28.1.7 Patched: 29.0.0 Updated: June 29, 2026

LOW

classified-listing

Score: 93/100 Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.3.9 - Missing Authorization Affected: *-5.3.9 Patched: 5.3.10 Updated: June 29, 2026

LOW

classified-listing

Score: 93/100 Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.3.8 - Missing Authorization Affected: *-5.3.8 Patched: 5.3.9 Updated: June 29, 2026

LOW

classified-listing

Score: 93/100 Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.3.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.3.8 Patched: 5.3.9 Updated: June 29, 2026

LOW

automatorwp

Score: 93/100 AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.6.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.6.7 Patched: 5.6.8 Updated: June 29, 2026

LOW

advanced-form-integration

Score: 97/100 AFI – The Easiest Integration Plugin <= 1.126.12 - Missing Authorization Affected: *-1.126.12 Patched: 1.127.0 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint Affected: *-7.4.5 Patched: 7.4.6 Updated: June 29, 2026

LOW

WP Meteor Website Speed Optimization Addon

wp-meteor

Score: 95/100 WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting via Comment Affected: *-3.4.16 Patched: 3.4.17 Updated: June 29, 2026

LOW

Check & Log Email – Easy Email Testing & Mail logging

check-email

Score: 84/100 Check & Log Email – Easy Email Testing & Mail logging < 2.0.13 - Unauthenticated Stored Cross-Site Scripting Affected: [*, 2.0.13) Patched: 2.0.13 Updated: June 29, 2026

LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Booking for Appointments and Events Calendar – Amelia <= 2.2 - Missing Authorization Affected: *-2.2 Patched: 2.2.1 Updated: June 29, 2026

LOW

Booking Package

booking-package

Score: 85/100 Booking Package <= 1.7.06 - Unauthenticated Price Manipulation via 'amount' Parameter Affected: *-1.7.06 Patched: 1.7.07 Updated: June 29, 2026

LOW

timeline-blocks

Score: N/A Timeline Blocks for Gutenberg <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' Block Attribute Affected: *-1.1.10 Patched: 1.1.11 Updated: June 29, 2026

LOW

social-post-embed

Score: N/A Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026

LOW

WPC Smart Messages for WooCommerce

wpc-smart-messages

Score: N/A WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute Affected: *-4.2.8 Patched: 4.2.9 Updated: June 29, 2026

LOW

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Score: 83/100 LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability Affected: *-5.4.1 Patched: 5.4.2 Updated: June 29, 2026

LOW

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration

wp-user-frontend

Score: N/A User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Missing Authorization Affected: *-4.3.1 Patched: 4.3.2 Updated: June 29, 2026

LOW

thegem-elements-elementor

Score: N/A TheGem Theme Elements < 5.12.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 5.12.1.1) Patched: 5.12.1.1 Updated: June 29, 2026

LOW

templately

Score: N/A Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! <= 3.6.1 - Authenticated (Contributor+) Information Exposure Affected: *-3.6.1 Patched: 3.6.2 Updated: June 29, 2026

LOW

sureforms-pro

Score: N/A SureForms Pro <= 2.8.0 - Missing Authorization Affected: *-2.8.0 Patched: 2.8.1 Updated: June 29, 2026

LOW

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

Score: N/A Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.11.2 - Unauthenticated Sensitive Information Exposure Affected: [*, 1.6.11.2) Patched: 1.6.11.2 Updated: June 29, 2026

LOW

profile-builder-pro

Score: N/A Profile Builder Pro <= 3.15.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.15.0 Patched: 3.15.1 Updated: June 29, 2026

LOW

order-delivery-date-for-woocommerce

Score: N/A Order Delivery Date for WooCommerce <= 4.5.1 - Unauthenticated SQL Injection Affected: *-4.5.1 Patched: 4.5.2 Updated: June 29, 2026

LOW

funnel-builder

Score: 93/100 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.15.0.1 - Unauthenticated SQL Injection Affected: *-3.15.0.1 Patched: 3.15.0.2 Updated: June 29, 2026

LOW

highland-software-custom-role-manager

Score: 93/100 Highland Software Custom Role Manager <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.0.0 Patched: 1.0.1 Updated: June 29, 2026

LOW

webdesignby-recaptcha

Score: N/A reCaptcha by WebDesignBy < 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 2.0) Patched: 2.0 Updated: June 29, 2026

LOW

mycred

Score: N/A Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred <= 3.0.3 - Missing Authorization Affected: *-3.0.3 Patched: 3.0.4 Updated: June 29, 2026

LOW

ht-mega-for-elementor

Score: 93/100 HT Mega Addons for Elementor – Elementor Widgets & Template Builder < 3.0.7 - Unauthenticated Information Exposure Affected: [*, 3.0.7) Patched: 3.0.7 Updated: June 29, 2026

LOW

groundhogg

Score: 93/100 Groundhogg — CRM, Newsletters, and Marketing Automation < 4.4.1 - Missing Authorization Affected: [*, 4.4.1) Patched: 4.4.1 Updated: June 29, 2026

LOW

iteras

Score: 93/100 ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.8.2 Patched: 1.8.3 Updated: June 29, 2026

LOW

leadin

Score: 93/100 HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure Affected: *-11.3.32 Patched: 11.3.33 Updated: June 29, 2026

LOW

liaison-site-prober

Score: 93/100 Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

Showing 1101 to 1200 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 07:20 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List