Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36406Across tracked plugins
Affected Plugins
94With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| buybox-widget | buybox-widget |
91
|
Widget BUY.BOX <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.1.5 | July 3, 2026 | ||
| categorized-gallery | categorized-gallery |
91
|
Categorized Gallery Plugin <= 2.0 - Authenticated (Contributor+) SQL Injection | LOW | *-2.0 | July 3, 2026 | ||
| embedded-cdn | embedded-cdn |
93
|
CanadaHelps Embedded Donation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.1 | 1.0.2 | July 3, 2026 | |
| cosmic-blocks | cosmic-blocks |
91
|
Cosmic Blocks (40+) Content Editor Blocks Collection <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.3.0 | July 3, 2026 | ||
| wp-wiki-tooltip | wp-wiki-tooltip | N/A | WP Wiki Tooltip <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.0.2 | 2.1.0 | July 3, 2026 | |
| pure-chat | pure-chat | N/A | Pure Chat – Live Chat & More! <= 2.4 - Reflected Cross-Site Scripting via purechatWidgetName Parameter | LOW | *-2.4 | 2.41 | July 3, 2026 | |
| subscribe2 | subscribe2 | N/A | Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter | LOW | *-10.43 | 10.44 | July 3, 2026 | |
| easypromos | easypromos |
93
|
Easypromos Plugin <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-1.3.8 | 1.3.9 | July 3, 2026 | |
| Booking Package | booking-package |
85
|
Booking Package <= 1.6.72 - Reflected Cross-Site Scripting via Locale Parameter | LOW | *-1.6.72 | 1.6.73 | July 3, 2026 | |
| wonderplugin-video-embed | wonderplugin-video-embed | N/A | Wonder Video Embed <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.2 | 2.3 | July 3, 2026 | |
| xv-random-quotes | xv-random-quotes | N/A | XV Random Quotes <= 1.40 - Cross-Site Request Forgery to Settings Reset | LOW | *-1.40 | July 3, 2026 | ||
| xv-random-quotes | xv-random-quotes | N/A | XV Random Quotes <= 1.40 - Reflected Cross-Site Scripting | LOW | *-1.40 | July 3, 2026 | ||
| wp-login-control | wp-login-control | N/A | WP Login Control <= 2.0.0 - Reflected Cross-Site Scripting | LOW | *-2.0.0 | July 3, 2026 | ||
| visualizer | visualizer | N/A | Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File | LOW | *-3.11.8 | 3.11.9 | July 3, 2026 | |
| File Sharing & Download Manager – User Private Files | user-private-files |
96
|
User Private Files – File Upload & Download Manager with Secure File Sharing <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting | LOW | *-2.1.3 | 2.1.4 | July 3, 2026 | |
| timer-countdown | timer-countdown | N/A | Countdown Timer <= 1.0 - Reflected Cross-Site Scripting | LOW | *-1.0 | July 3, 2026 | ||
| socialsnap | socialsnap | N/A | Social Media Plugin by Social Snap <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.3.6 | 1.4 | July 3, 2026 | |
| small-package-quotes-usps-edition | small-package-quotes-usps-edition | N/A | Small Package Quotes – USPS Edition <= 1.3.5 - Unauthenticated SQL Injection | LOW | *-1.3.5 | 1.3.6 | July 3, 2026 | |
| small-package-quotes-fedex-edition | small-package-quotes-fedex-edition | N/A | Small Package Quotes – For Customers of FedEx <= 4.3.1 - Unauthenticated SQL Injection | LOW | *-4.3.1 | 4.3.2 | July 3, 2026 | |
| simple-photo-feed | simple-photo-feed | N/A | Simple Photo Feed <= 1.4.0 - Missing Authorization | LOW | *-1.4.0 | 1.4.1 | July 3, 2026 | |
| seo-automatic-seo-tools | seo-automatic-seo-tools | N/A | SEO Tools <= 4.0.7 - Reflected Cross-Site Scripting | LOW | *-4.0.7 | July 3, 2026 | ||
| s3bubble-amazon-web-services-oembed-media-streaming-support | s3bubble-amazon-web-services-oembed-media-streaming-support | N/A | S3Bubble Media Streaming <= 8.0 - Reflected Cross-Site Scripting | LOW | *-8.0 | July 3, 2026 | ||
| Royal Addons for Elementor – Addons and Templates Kit for Elementor | royal-elementor-addons | N/A | Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | LOW | *-1.7.1007 | 1.7.1008 | July 3, 2026 | |
| pollin | pollin | N/A | Pollin <= 1.01.1 - Authenticated (Admin+) SQL Injection | LOW | *-1.01.1 | July 3, 2026 | ||
| ltl-freight-quotes-ups-edition | ltl-freight-quotes-ups-edition |
93
|
LTL Freight Quotes – TForce Edition <= 3.6.4 - Unauthenticated SQL Injection | LOW | *-3.6.4 | 3.6.5 | July 3, 2026 | |
| ltl-freight-quotes-saia-edition | ltl-freight-quotes-saia-edition |
93
|
LTL Freight Quotes – SAIA Edition <= 2.2.10 - Unauthenticated SQL Injection | LOW | *-2.2.10 | 2.2.11 | July 3, 2026 | |
| ltl-freight-quotes-rl-edition | ltl-freight-quotes-rl-edition |
93
|
LTL Freight Quotes – R+L Carriers Edition <= 3.3.4 - Unauthenticated SQL Injection | LOW | *-3.3.4 | 3.3.5 | July 3, 2026 | |
| ltl-freight-quotes-odfl-edition | ltl-freight-quotes-odfl-edition |
93
|
LTL Freight Quotes – Old Dominion Edition <= 4.2.10 - Unauthenticated SQL Injection | LOW | *-4.2.10 | 4.2.11 | July 3, 2026 | |
| ltl-freight-quotes-abf-freight-edition | ltl-freight-quotes-abf-freight-edition |
93
|
LTL Freight Quotes – ABF Freight Edition <= 3.3.7 - Unauthenticated SQL Injection | LOW | *-3.3.7 | 3.3.8 | July 3, 2026 | |
| drivr-google-drive-file-picker | drivr-google-drive-file-picker |
91
|
Drivr Lite – Google Drive Plugin plugin for WordPress <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | LOW | *-1.0.1 | July 3, 2026 | ||
| coronavirus-covid-19-notice-message | coronavirus-covid-19-notice-message |
91
|
Coronavirus (COVID-19) Notice Message <= 1.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.1.2 | July 3, 2026 | ||
| Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | post-smtp |
87
|
Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting | LOW | *-3.0.2 | 3.1.0 | July 3, 2026 | |
| tourmaster | tourmaster | N/A | Tour Master - Tour Booking, Travel, Hotel <= 5.3.7 - Authenticated (Subscriber+) SQL Injection via review_id Parameter | LOW | *-5.3.7 | 5.3.8 | July 3, 2026 | |
| profit-products-tables-for-woocommerce | profit-products-tables-for-woocommerce | N/A | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.6 - Reflected Cross-Site Scripting | LOW | *-1.0.6.6 | 1.0.6.7 | July 3, 2026 | |
| memorialday | memorialday |
93
|
MemorialDay <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-1.0.4 | 1.1.0 | July 3, 2026 | |
| magayo-lottery-results | magayo-lottery-results |
91
|
magayo Lottery Results <= 2.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-2.0.12 | July 3, 2026 | ||
| bigbuy-wc-dropshipping-connector | bigbuy-wc-dropshipping-connector |
91
|
BigBuy Dropshipping Connector for WooCommerce <= 2.0.0 - Unauthenticated Full Path Disclosute | LOW | *-2.0.0 | 2.0.1 | July 3, 2026 | |
| wp-asambleas | wp-asambleas | N/A | WP-Asambleas <= 2.85.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.85.0 | July 3, 2026 | ||
| wp-bibtex | wp-bibtex | N/A | WP-BibTeX <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.0.1 | July 3, 2026 | ||
| byconsole-woo-order-delivery-time | byconsole-woo-order-delivery-time |
91
|
WooODT Lite – Delivery & pickup date time location for WooCommerce <= 2.5.1 - Unauthenticated Full Path Dsiclosure | LOW | *-2.5.1 | 2.5.2 | July 3, 2026 | |
| reset | reset | N/A | Reset <= 1.6 - Cross-Site Request Forgery to Database Reset | LOW | *-1.6 | 1.7 | July 3, 2026 | |
| option-editor | option-editor |
91
|
Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update | LOW | *-1.0 | July 3, 2026 | ||
| reaction-buttons | reaction-buttons | N/A | Reaction Buttons <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-2.1.6 | July 3, 2026 | ||
| gumlet-video | gumlet-video |
93
|
Gumlet Video <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.3 | 1.0.4 | July 3, 2026 | |
| simplebooklet | simplebooklet | N/A | Simplebooklet PDF Viewer and Embedder <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1.2 | 1.1.3 | July 3, 2026 | |
| simple-signup-form | simple-signup-form | N/A | Simple Signup Form <= 1.6.5 - Authenticated (Contributor+) SQL Injection | LOW | *-1.6.5 | July 3, 2026 | ||
| simple-pricing-tables-vc-extension | simple-pricing-tables-vc-extension | N/A | Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0 | July 3, 2026 | ||
| woo-addon-uploads | woo-addon-uploads | N/A | File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | LOW | *-1.7.1 | 1.7.2 | July 3, 2026 | |
| simple-map-no-api | simple-map-no-api | N/A | Simple Map No Api <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter | LOW | *-1.9 | July 3, 2026 | ||
| get-bookings-wp | get-bookings-wp |
89
|
GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover | LOW | *-1.1.27 | July 3, 2026 | ||
| infusionsoft-official-opt-in-forms | infusionsoft-official-opt-in-forms |
89
|
Keap Official Opt-in Forms <= 2.0.1 - Unauthenticated Limited Local File Inclusion | LOW | *-2.0.1 | 2.0.2 | July 3, 2026 | |
| simple-charts | simple-charts | N/A | Simple Charts <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0 | July 3, 2026 | ||
| cats-job-listings | cats-job-listings |
91
|
CATS Job Listings <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.0.9 | July 3, 2026 | ||
| wprequal | wprequal | N/A | Mortgage Lead Capture System <= 8.2.11 - Cross-Site Request Forgery to Settings Reset | LOW | *-8.2.11 | 8.3.1 | July 3, 2026 | |
| mortgage-loan-calculator | mortgage-loan-calculator |
91
|
Mortgage Calculator / Loan Calculator <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.5.20 | July 3, 2026 | ||
| open-hours | open-hours |
91
|
Open Hours – Easy Opening Hours <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.9 | July 3, 2026 | ||
| library-bookshelves | library-bookshelves |
91
|
Library Bookshelves <= 5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-5.10 | 5.11 | July 3, 2026 | |
| zigaform-calculator-cost-estimation-form-builder-lite | zigaform-calculator-cost-estimation-form-builder-lite | N/A | Zigaform – Price Calculator & Cost Estimation Form Builder Lite <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-7.4.7 | 7.4.8 | July 3, 2026 | |
| zigaform-form-builder-lite | zigaform-form-builder-lite | N/A | Zigaform – Form Builder Lite <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-7.4.7 | 7.4.8 | July 3, 2026 | |
| rapid-cache | rapid-cache | N/A | Rapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning | LOW | *-1.2.3 | July 3, 2026 | ||
| formassembly-web-forms | formassembly-web-forms |
93
|
WP-FormAssembly <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.0.11 | 3.0.0 | July 3, 2026 | |
| easy-mls-listings-import | easy-mls-listings-import |
93
|
Easy MLS Listings Import <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.0.1 | 2.1.0 | July 3, 2026 | |
| 1-click-migration | 1-click-migration |
95
|
1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process Cancellation | LOW | *-2.2 | 2.3 | July 3, 2026 | |
| 1-click-migration | 1-click-migration |
95
|
1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php | LOW | *-2.2 | 2.3 | July 3, 2026 | |
| actionwear-products-sync | actionwear-products-sync |
95
|
Actionwear products sync <= 2.3.2 - Unauthenticated Full Patch Disclosure | LOW | *-2.3.2 | 2.3.3 | July 3, 2026 | |
| team-display | team-display | N/A | Team Builder – Meet the Team <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update | LOW | *-1.3 | July 3, 2026 | ||
| profilegrid-user-profiles-groups-and-communities | profilegrid-user-profiles-groups-and-communities | N/A | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure | LOW | *-5.9.4.2 | 5.9.4.3 | July 3, 2026 | |
| profilegrid-user-profiles-groups-and-communities | profilegrid-user-profiles-groups-and-communities | N/A | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery | LOW | *-5.9.4.2 | 5.9.4.3 | July 3, 2026 | |
| web-stories-enhancer | web-stories-enhancer | N/A | Web Stories Enhancer – Level Up Your Web Stories <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.3 | 1.4 | July 3, 2026 | |
| uncode-core | uncode-core | N/A | Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias | LOW | *-2.9.1.6 | 2.9.1.7 | July 3, 2026 | |
| threepress | threepress | N/A | Threepress <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.7.1 | 1.7.2 | July 3, 2026 | |
| super-testimonial | super-testimonial | N/A | Super Testimonials <= 4.0.1 - Unauthenticated Stored Cross-Site Scripting | LOW | *-4.0.1 | 4.0.2 | July 3, 2026 | |
| speedsize-ai-image-optimizer | speedsize-ai-image-optimizer | N/A | SpeedSize Image & Video AI-Optimizer <= 1.5.1 - Cross-Site Request Forgery to Clear Cache | LOW | *-1.5.1 | 1.5.2 | July 3, 2026 | |
| shopwarden | shopwarden | N/A | Shopwarden – Automated WooCommerce monitoring & testing <= 1.0.11 - Cross-Site Request Forgery to Arbitrary Options Update | LOW | *-1.0.11 | 1.0.12 | July 3, 2026 | |
| scratch-win-giveaways-for-website-facebook | scratch-win-giveaways-for-website-facebook | N/A | Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation | LOW | *-2.8.0 | 2.9.0 | July 3, 2026 | |
| s2member | s2member | N/A | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241216 - Reflected Cross-Site Scripting | LOW | *-241216 | 250214 | July 3, 2026 | |
| paypal-payment-button-by-vcita | paypal-payment-button-by-vcita | N/A | Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.20.0 | 3.30.0 | July 3, 2026 | |
| k-elements | k-elements |
93
|
K Elements <= 5.3.9 - Authentication Bypass | LOW | *-5.3.9 | 5.4.0 | July 3, 2026 | |
| gtbabel | gtbabel |
93
|
Gtbabel <= 6.6.8 - Unauthenticated Cookie Stealing | LOW | *-6.6.8 | 6.6.9 | July 3, 2026 | |
| formcraft3 | formcraft3 |
93
|
FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload | LOW | *-3.9.11 | 3.9.12 | July 3, 2026 | |
| formcraft3 | formcraft3 |
93
|
FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php | LOW | *-3.9.11 | 3.9.12 | July 3, 2026 | |
| flexible-wishlist | flexible-wishlist |
93
|
Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later <= 1.2.26 - Cross-Site Request Forgery to Wishlist Creation/Modification | LOW | *-1.2.26 | 1.2.27 | July 3, 2026 | |
| Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | everest-forms |
68
|
Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion | LOW | *-3.0.9.4 | 3.0.9.5 | July 3, 2026 | |
| ecwid-shopping-cart | ecwid-shopping-cart |
93
|
Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message | LOW | *-6.12.27 | 6.12.28 | July 3, 2026 | |
| contact-us-by-lord-linus | contact-us-by-lord-linus |
89
|
Contact Us By Lord Linus <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-2.6 | July 3, 2026 | ||
| affiliate-links | affiliate-links |
97
|
Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection | LOW | *-3.0.1 | 3.1.0 | July 3, 2026 | |
| ablocks | ablocks |
95
|
aBlocks – WordPress Gutenberg Blocks <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.6.1 | 1.6.2 | July 3, 2026 | |
| wp-social-links | wp-social-links | N/A | WP Social Links <= 0.3.1 - Reflected Cross-Site Scripting | LOW | *-0.3.1 | July 3, 2026 | ||
| wp-programmmanager | wp-programmmanager | N/A | WP-PManager <= 1.2 - Authenticated (Admin+) SQL Injection | LOW | *-1.2 | July 3, 2026 | ||
| wp-programmmanager | wp-programmmanager | N/A | WP-PManager <= 1.2 - Cross-Site Request Forgery to Category Deletion | LOW | *-1.2 | July 3, 2026 | ||
| wp-mailer | wp-mailer | N/A | WP Easy Post Mailer <= 0.64 - Reflected Cross-Site Scripting | LOW | *-0.64 | July 3, 2026 | ||
| ts-tree | ts-tree | N/A | ts-tree <= 0.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion | LOW | *-0.1.1 | July 3, 2026 | ||
| track-page-scroll | track-page-scroll | N/A | Track Page Scroll <= 1.0.2 - Reflected Cross-Site Scripting | LOW | *-1.0.2 | July 3, 2026 | ||
| simple-gallery-odihost | simple-gallery-odihost | N/A | Easy Gallery <= 1.4 - Reflected Cross-Site Scripting | LOW | *-1.4 | July 3, 2026 | ||
| quizzin | quizzin | N/A | Quizzin <= 1.01.4 - Reflected Cross-Site Scripting | LOW | *-1.01.4 | July 3, 2026 | ||
| marekkis-watermark | marekkis-watermark |
89
|
Marekkis Watermark-Plugin <= 0.9.4 - Reflected Cross-Site Scripting | LOW | *-0.9.4 | July 3, 2026 | ||
| easy-broken-link-checker | easy-broken-link-checker |
86
|
URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Cross-Site Request Forgery | LOW | *-9.0.2 | July 3, 2026 | ||
| easy-broken-link-checker | easy-broken-link-checker |
86
|
URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-9.0.2 | July 3, 2026 | ||
| 4-author-cheer-up-donate | 4-author-cheer-up-donate |
95
|
4 author cheer up donate <= 1.3 - Reflected Cross-Site Scripting | LOW | *-1.3 | July 3, 2026 | ||
| bit-assist | bit-assist |
93
|
Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter | LOW | *-1.5.2 | 1.5.3 | July 3, 2026 |
buybox-widget
buybox-widget
categorized-gallery
categorized-gallery
embedded-cdn
embedded-cdn
cosmic-blocks
cosmic-blocks
wp-wiki-tooltip
wp-wiki-tooltip
pure-chat
pure-chat
subscribe2
subscribe2
easypromos
easypromos
Booking Package
booking-package
wonderplugin-video-embed
wonderplugin-video-embed
xv-random-quotes
xv-random-quotes
xv-random-quotes
xv-random-quotes
wp-login-control
wp-login-control
visualizer
visualizer
File Sharing & Download Manager – User Private Files
user-private-files
timer-countdown
timer-countdown
socialsnap
socialsnap
small-package-quotes-usps-edition
small-package-quotes-usps-edition
small-package-quotes-fedex-edition
small-package-quotes-fedex-edition
simple-photo-feed
simple-photo-feed
seo-automatic-seo-tools
seo-automatic-seo-tools
s3bubble-amazon-web-services-oembed-media-streaming-support
s3bubble-amazon-web-services-oembed-media-streaming-support
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons
pollin
pollin
ltl-freight-quotes-ups-edition
ltl-freight-quotes-ups-edition
ltl-freight-quotes-saia-edition
ltl-freight-quotes-saia-edition
ltl-freight-quotes-rl-edition
ltl-freight-quotes-rl-edition
ltl-freight-quotes-odfl-edition
ltl-freight-quotes-odfl-edition
ltl-freight-quotes-abf-freight-edition
ltl-freight-quotes-abf-freight-edition
drivr-google-drive-file-picker
drivr-google-drive-file-picker
coronavirus-covid-19-notice-message
coronavirus-covid-19-notice-message
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App
post-smtp
tourmaster
tourmaster
profit-products-tables-for-woocommerce
profit-products-tables-for-woocommerce
memorialday
memorialday
magayo-lottery-results
magayo-lottery-results
bigbuy-wc-dropshipping-connector
bigbuy-wc-dropshipping-connector
wp-asambleas
wp-asambleas
wp-bibtex
wp-bibtex
byconsole-woo-order-delivery-time
byconsole-woo-order-delivery-time
reset
reset
option-editor
option-editor
reaction-buttons
reaction-buttons
gumlet-video
gumlet-video
simplebooklet
simplebooklet
simple-signup-form
simple-signup-form
simple-pricing-tables-vc-extension
simple-pricing-tables-vc-extension
woo-addon-uploads
woo-addon-uploads
simple-map-no-api
simple-map-no-api
get-bookings-wp
get-bookings-wp
infusionsoft-official-opt-in-forms
infusionsoft-official-opt-in-forms
simple-charts
simple-charts
cats-job-listings
cats-job-listings
wprequal
wprequal
mortgage-loan-calculator
mortgage-loan-calculator
open-hours
open-hours
library-bookshelves
library-bookshelves
zigaform-calculator-cost-estimation-form-builder-lite
zigaform-calculator-cost-estimation-form-builder-lite
zigaform-form-builder-lite
zigaform-form-builder-lite
rapid-cache
rapid-cache
formassembly-web-forms
formassembly-web-forms
easy-mls-listings-import
easy-mls-listings-import
1-click-migration
1-click-migration
1-click-migration
1-click-migration
actionwear-products-sync
actionwear-products-sync
team-display
team-display
profilegrid-user-profiles-groups-and-communities
profilegrid-user-profiles-groups-and-communities
profilegrid-user-profiles-groups-and-communities
profilegrid-user-profiles-groups-and-communities
web-stories-enhancer
web-stories-enhancer
uncode-core
uncode-core
threepress
threepress
super-testimonial
super-testimonial
speedsize-ai-image-optimizer
speedsize-ai-image-optimizer
shopwarden
shopwarden
scratch-win-giveaways-for-website-facebook
scratch-win-giveaways-for-website-facebook
s2member
s2member
paypal-payment-button-by-vcita
paypal-payment-button-by-vcita
k-elements
k-elements
gtbabel
gtbabel
formcraft3
formcraft3
formcraft3
formcraft3
flexible-wishlist
flexible-wishlist
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder
everest-forms
ecwid-shopping-cart
ecwid-shopping-cart
contact-us-by-lord-linus
contact-us-by-lord-linus
affiliate-links
affiliate-links
ablocks
ablocks
wp-social-links
wp-social-links
wp-programmmanager
wp-programmmanager
wp-programmmanager
wp-programmmanager
wp-mailer
wp-mailer
ts-tree
ts-tree
track-page-scroll
track-page-scroll
simple-gallery-odihost
simple-gallery-odihost
quizzin
quizzin
marekkis-watermark
marekkis-watermark
easy-broken-link-checker
easy-broken-link-checker
easy-broken-link-checker
easy-broken-link-checker
4-author-cheer-up-donate
4-author-cheer-up-donate
bit-assist
bit-assist
Showing 12001 to 12100 of 36406 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 3, 2026 at 12:17 UTC.