Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

94

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
buybox-widget buybox-widget
91
Widget BUY.BOX <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.5 July 3, 2026
categorized-gallery categorized-gallery
91
Categorized Gallery Plugin <= 2.0 - Authenticated (Contributor+) SQL Injection LOW *-2.0 July 3, 2026
embedded-cdn embedded-cdn
93
CanadaHelps Embedded Donation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 1.0.2 July 3, 2026
cosmic-blocks cosmic-blocks
91
Cosmic Blocks (40+) Content Editor Blocks Collection <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.0 July 3, 2026
wp-wiki-tooltip wp-wiki-tooltip N/A WP Wiki Tooltip <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.2 2.1.0 July 3, 2026
pure-chat pure-chat N/A Pure Chat – Live Chat & More! <= 2.4 - Reflected Cross-Site Scripting via purechatWidgetName Parameter LOW *-2.4 2.41 July 3, 2026
subscribe2 subscribe2 N/A Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter LOW *-10.43 10.44 July 3, 2026
easypromos easypromos
93
Easypromos Plugin <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.8 1.3.9 July 3, 2026
Booking Package booking-package
85
Booking Package <= 1.6.72 - Reflected Cross-Site Scripting via Locale Parameter LOW *-1.6.72 1.6.73 July 3, 2026
wonderplugin-video-embed wonderplugin-video-embed N/A Wonder Video Embed <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.2 2.3 July 3, 2026
xv-random-quotes xv-random-quotes N/A XV Random Quotes <= 1.40 - Cross-Site Request Forgery to Settings Reset LOW *-1.40 July 3, 2026
xv-random-quotes xv-random-quotes N/A XV Random Quotes <= 1.40 - Reflected Cross-Site Scripting LOW *-1.40 July 3, 2026
wp-login-control wp-login-control N/A WP Login Control <= 2.0.0 - Reflected Cross-Site Scripting LOW *-2.0.0 July 3, 2026
visualizer visualizer N/A Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File LOW *-3.11.8 3.11.9 July 3, 2026
File Sharing & Download Manager – User Private Files user-private-files
96
User Private Files – File Upload & Download Manager with Secure File Sharing <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.1.3 2.1.4 July 3, 2026
timer-countdown timer-countdown N/A Countdown Timer <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
socialsnap socialsnap N/A Social Media Plugin by Social Snap <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.3.6 1.4 July 3, 2026
small-package-quotes-usps-edition small-package-quotes-usps-edition N/A Small Package Quotes – USPS Edition <= 1.3.5 - Unauthenticated SQL Injection LOW *-1.3.5 1.3.6 July 3, 2026
small-package-quotes-fedex-edition small-package-quotes-fedex-edition N/A Small Package Quotes – For Customers of FedEx <= 4.3.1 - Unauthenticated SQL Injection LOW *-4.3.1 4.3.2 July 3, 2026
simple-photo-feed simple-photo-feed N/A Simple Photo Feed <= 1.4.0 - Missing Authorization LOW *-1.4.0 1.4.1 July 3, 2026
seo-automatic-seo-tools seo-automatic-seo-tools N/A SEO Tools <= 4.0.7 - Reflected Cross-Site Scripting LOW *-4.0.7 July 3, 2026
s3bubble-amazon-web-services-oembed-media-streaming-support s3bubble-amazon-web-services-oembed-media-streaming-support N/A S3Bubble Media Streaming <= 8.0 - Reflected Cross-Site Scripting LOW *-8.0 July 3, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-1.7.1007 1.7.1008 July 3, 2026
pollin pollin N/A Pollin <= 1.01.1 - Authenticated (Admin+) SQL Injection LOW *-1.01.1 July 3, 2026
ltl-freight-quotes-ups-edition ltl-freight-quotes-ups-edition
93
LTL Freight Quotes – TForce Edition <= 3.6.4 - Unauthenticated SQL Injection LOW *-3.6.4 3.6.5 July 3, 2026
ltl-freight-quotes-saia-edition ltl-freight-quotes-saia-edition
93
LTL Freight Quotes – SAIA Edition <= 2.2.10 - Unauthenticated SQL Injection LOW *-2.2.10 2.2.11 July 3, 2026
ltl-freight-quotes-rl-edition ltl-freight-quotes-rl-edition
93
LTL Freight Quotes – R+L Carriers Edition <= 3.3.4 - Unauthenticated SQL Injection LOW *-3.3.4 3.3.5 July 3, 2026
ltl-freight-quotes-odfl-edition ltl-freight-quotes-odfl-edition
93
LTL Freight Quotes – Old Dominion Edition <= 4.2.10 - Unauthenticated SQL Injection LOW *-4.2.10 4.2.11 July 3, 2026
ltl-freight-quotes-abf-freight-edition ltl-freight-quotes-abf-freight-edition
93
LTL Freight Quotes – ABF Freight Edition <= 3.3.7 - Unauthenticated SQL Injection LOW *-3.3.7 3.3.8 July 3, 2026
drivr-google-drive-file-picker drivr-google-drive-file-picker
91
Drivr Lite – Google Drive Plugin plugin for WordPress <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.1 July 3, 2026
coronavirus-covid-19-notice-message coronavirus-covid-19-notice-message
91
Coronavirus (COVID-19) Notice Message <= 1.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.1.2 July 3, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App post-smtp
87
Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting LOW *-3.0.2 3.1.0 July 3, 2026
tourmaster tourmaster N/A Tour Master - Tour Booking, Travel, Hotel <= 5.3.7 - Authenticated (Subscriber+) SQL Injection via review_id Parameter LOW *-5.3.7 5.3.8 July 3, 2026
profit-products-tables-for-woocommerce profit-products-tables-for-woocommerce N/A Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.6 - Reflected Cross-Site Scripting LOW *-1.0.6.6 1.0.6.7 July 3, 2026
memorialday memorialday
93
MemorialDay <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.4 1.1.0 July 3, 2026
magayo-lottery-results magayo-lottery-results
91
magayo Lottery Results <= 2.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.12 July 3, 2026
bigbuy-wc-dropshipping-connector bigbuy-wc-dropshipping-connector
91
BigBuy Dropshipping Connector for WooCommerce <= 2.0.0 - Unauthenticated Full Path Disclosute LOW *-2.0.0 2.0.1 July 3, 2026
wp-asambleas wp-asambleas N/A WP-Asambleas <= 2.85.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.85.0 July 3, 2026
wp-bibtex wp-bibtex N/A WP-BibTeX <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.1 July 3, 2026
byconsole-woo-order-delivery-time byconsole-woo-order-delivery-time
91
WooODT Lite – Delivery & pickup date time location for WooCommerce <= 2.5.1 - Unauthenticated Full Path Dsiclosure LOW *-2.5.1 2.5.2 July 3, 2026
reset reset N/A Reset <= 1.6 - Cross-Site Request Forgery to Database Reset LOW *-1.6 1.7 July 3, 2026
option-editor option-editor
91
Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update LOW *-1.0 July 3, 2026
reaction-buttons reaction-buttons N/A Reaction Buttons <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.6 July 3, 2026
gumlet-video gumlet-video
93
Gumlet Video <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.3 1.0.4 July 3, 2026
simplebooklet simplebooklet N/A Simplebooklet PDF Viewer and Embedder <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.2 1.1.3 July 3, 2026
simple-signup-form simple-signup-form N/A Simple Signup Form <= 1.6.5 - Authenticated (Contributor+) SQL Injection LOW *-1.6.5 July 3, 2026
simple-pricing-tables-vc-extension simple-pricing-tables-vc-extension N/A Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
woo-addon-uploads woo-addon-uploads N/A File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-1.7.1 1.7.2 July 3, 2026
simple-map-no-api simple-map-no-api N/A Simple Map No Api <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter LOW *-1.9 July 3, 2026
get-bookings-wp get-bookings-wp
89
GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover LOW *-1.1.27 July 3, 2026
infusionsoft-official-opt-in-forms infusionsoft-official-opt-in-forms
89
Keap Official Opt-in Forms <= 2.0.1 - Unauthenticated Limited Local File Inclusion LOW *-2.0.1 2.0.2 July 3, 2026
simple-charts simple-charts N/A Simple Charts <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
cats-job-listings cats-job-listings
91
CATS Job Listings <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.9 July 3, 2026
wprequal wprequal N/A Mortgage Lead Capture System <= 8.2.11 - Cross-Site Request Forgery to Settings Reset LOW *-8.2.11 8.3.1 July 3, 2026
mortgage-loan-calculator mortgage-loan-calculator
91
Mortgage Calculator / Loan Calculator <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.20 July 3, 2026
open-hours open-hours
91
Open Hours – Easy Opening Hours <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.9 July 3, 2026
library-bookshelves library-bookshelves
91
Library Bookshelves <= 5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.10 5.11 July 3, 2026
zigaform-calculator-cost-estimation-form-builder-lite zigaform-calculator-cost-estimation-form-builder-lite N/A Zigaform – Price Calculator & Cost Estimation Form Builder Lite <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.4.7 7.4.8 July 3, 2026
zigaform-form-builder-lite zigaform-form-builder-lite N/A Zigaform – Form Builder Lite <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.4.7 7.4.8 July 3, 2026
rapid-cache rapid-cache N/A Rapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning LOW *-1.2.3 July 3, 2026
formassembly-web-forms formassembly-web-forms
93
WP-FormAssembly <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.0.11 3.0.0 July 3, 2026
easy-mls-listings-import easy-mls-listings-import
93
Easy MLS Listings Import <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.1 2.1.0 July 3, 2026
1-click-migration 1-click-migration
95
1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process Cancellation LOW *-2.2 2.3 July 3, 2026
1-click-migration 1-click-migration
95
1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php LOW *-2.2 2.3 July 3, 2026
actionwear-products-sync actionwear-products-sync
95
Actionwear products sync <= 2.3.2 - Unauthenticated Full Patch Disclosure LOW *-2.3.2 2.3.3 July 3, 2026
team-display team-display N/A Team Builder – Meet the Team <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-1.3 July 3, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure LOW *-5.9.4.2 5.9.4.3 July 3, 2026
profilegrid-user-profiles-groups-and-communities profilegrid-user-profiles-groups-and-communities N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery LOW *-5.9.4.2 5.9.4.3 July 3, 2026
web-stories-enhancer web-stories-enhancer N/A Web Stories Enhancer – Level Up Your Web Stories <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 1.4 July 3, 2026
uncode-core uncode-core N/A Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias LOW *-2.9.1.6 2.9.1.7 July 3, 2026
threepress threepress N/A Threepress <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.1 1.7.2 July 3, 2026
super-testimonial super-testimonial N/A Super Testimonials <= 4.0.1 - Unauthenticated Stored Cross-Site Scripting LOW *-4.0.1 4.0.2 July 3, 2026
speedsize-ai-image-optimizer speedsize-ai-image-optimizer N/A SpeedSize Image & Video AI-Optimizer <= 1.5.1 - Cross-Site Request Forgery to Clear Cache LOW *-1.5.1 1.5.2 July 3, 2026
shopwarden shopwarden N/A Shopwarden – Automated WooCommerce monitoring & testing <= 1.0.11 - Cross-Site Request Forgery to Arbitrary Options Update LOW *-1.0.11 1.0.12 July 3, 2026
scratch-win-giveaways-for-website-facebook scratch-win-giveaways-for-website-facebook N/A Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation LOW *-2.8.0 2.9.0 July 3, 2026
s2member s2member N/A s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241216 - Reflected Cross-Site Scripting LOW *-241216 250214 July 3, 2026
paypal-payment-button-by-vcita paypal-payment-button-by-vcita N/A Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.20.0 3.30.0 July 3, 2026
k-elements k-elements
93
K Elements <= 5.3.9 - Authentication Bypass LOW *-5.3.9 5.4.0 July 3, 2026
gtbabel gtbabel
93
Gtbabel <= 6.6.8 - Unauthenticated Cookie Stealing LOW *-6.6.8 6.6.9 July 3, 2026
formcraft3 formcraft3
93
FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload LOW *-3.9.11 3.9.12 July 3, 2026
formcraft3 formcraft3
93
FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php LOW *-3.9.11 3.9.12 July 3, 2026
flexible-wishlist flexible-wishlist
93
Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later <= 1.2.26 - Cross-Site Request Forgery to Wishlist Creation/Modification LOW *-1.2.26 1.2.27 July 3, 2026
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder everest-forms
68
Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion LOW *-3.0.9.4 3.0.9.5 July 3, 2026
ecwid-shopping-cart ecwid-shopping-cart
93
Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message LOW *-6.12.27 6.12.28 July 3, 2026
contact-us-by-lord-linus contact-us-by-lord-linus
89
Contact Us By Lord Linus <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.6 July 3, 2026
affiliate-links affiliate-links
97
Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection LOW *-3.0.1 3.1.0 July 3, 2026
ablocks ablocks
95
aBlocks – WordPress Gutenberg Blocks <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.1 1.6.2 July 3, 2026
wp-social-links wp-social-links N/A WP Social Links <= 0.3.1 - Reflected Cross-Site Scripting LOW *-0.3.1 July 3, 2026
wp-programmmanager wp-programmmanager N/A WP-PManager <= 1.2 - Authenticated (Admin+) SQL Injection LOW *-1.2 July 3, 2026
wp-programmmanager wp-programmmanager N/A WP-PManager <= 1.2 - Cross-Site Request Forgery to Category Deletion LOW *-1.2 July 3, 2026
wp-mailer wp-mailer N/A WP Easy Post Mailer <= 0.64 - Reflected Cross-Site Scripting LOW *-0.64 July 3, 2026
ts-tree ts-tree N/A ts-tree <= 0.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion LOW *-0.1.1 July 3, 2026
track-page-scroll track-page-scroll N/A Track Page Scroll <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 3, 2026
simple-gallery-odihost simple-gallery-odihost N/A Easy Gallery <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 July 3, 2026
quizzin quizzin N/A Quizzin <= 1.01.4 - Reflected Cross-Site Scripting LOW *-1.01.4 July 3, 2026
marekkis-watermark marekkis-watermark
89
Marekkis Watermark-Plugin <= 0.9.4 - Reflected Cross-Site Scripting LOW *-0.9.4 July 3, 2026
easy-broken-link-checker easy-broken-link-checker
86
URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Cross-Site Request Forgery LOW *-9.0.2 July 3, 2026
easy-broken-link-checker easy-broken-link-checker
86
URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-9.0.2 July 3, 2026
4-author-cheer-up-donate 4-author-cheer-up-donate
95
4 author cheer up donate <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 3, 2026
bit-assist bit-assist
93
Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter LOW *-1.5.2 1.5.3 July 3, 2026
LOW

buybox-widget

buybox-widget

Score: 91/100 Widget BUY.BOX <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.5 Patched: Updated: July 3, 2026
LOW

categorized-gallery

categorized-gallery

Score: 91/100 Categorized Gallery Plugin <= 2.0 - Authenticated (Contributor+) SQL Injection Affected: *-2.0 Patched: Updated: July 3, 2026
LOW

embedded-cdn

embedded-cdn

Score: 93/100 CanadaHelps Embedded Donation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: July 3, 2026
LOW

cosmic-blocks

cosmic-blocks

Score: 91/100 Cosmic Blocks (40+) Content Editor Blocks Collection <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: July 3, 2026
LOW

wp-wiki-tooltip

wp-wiki-tooltip

Score: N/A WP Wiki Tooltip <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: 2.1.0 Updated: July 3, 2026
LOW

pure-chat

pure-chat

Score: N/A Pure Chat – Live Chat & More! <= 2.4 - Reflected Cross-Site Scripting via purechatWidgetName Parameter Affected: *-2.4 Patched: 2.41 Updated: July 3, 2026
LOW

subscribe2

subscribe2

Score: N/A Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter Affected: *-10.43 Patched: 10.44 Updated: July 3, 2026
LOW

easypromos

easypromos

Score: 93/100 Easypromos Plugin <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.8 Patched: 1.3.9 Updated: July 3, 2026
LOW

Booking Package

booking-package

Score: 85/100 Booking Package <= 1.6.72 - Reflected Cross-Site Scripting via Locale Parameter Affected: *-1.6.72 Patched: 1.6.73 Updated: July 3, 2026
LOW

wonderplugin-video-embed

wonderplugin-video-embed

Score: N/A Wonder Video Embed <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.2 Patched: 2.3 Updated: July 3, 2026
LOW

xv-random-quotes

xv-random-quotes

Score: N/A XV Random Quotes <= 1.40 - Cross-Site Request Forgery to Settings Reset Affected: *-1.40 Patched: Updated: July 3, 2026
LOW

xv-random-quotes

xv-random-quotes

Score: N/A XV Random Quotes <= 1.40 - Reflected Cross-Site Scripting Affected: *-1.40 Patched: Updated: July 3, 2026
LOW

wp-login-control

wp-login-control

Score: N/A WP Login Control <= 2.0.0 - Reflected Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 3, 2026
LOW

visualizer

visualizer

Score: N/A Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File Affected: *-3.11.8 Patched: 3.11.9 Updated: July 3, 2026
LOW

File Sharing & Download Manager – User Private Files

user-private-files

Score: 96/100 User Private Files – File Upload & Download Manager with Secure File Sharing <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.1.3 Patched: 2.1.4 Updated: July 3, 2026
LOW

timer-countdown

timer-countdown

Score: N/A Countdown Timer <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

socialsnap

socialsnap

Score: N/A Social Media Plugin by Social Snap <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: 1.4 Updated: July 3, 2026
LOW

small-package-quotes-usps-edition

small-package-quotes-usps-edition

Score: N/A Small Package Quotes – USPS Edition <= 1.3.5 - Unauthenticated SQL Injection Affected: *-1.3.5 Patched: 1.3.6 Updated: July 3, 2026
LOW

small-package-quotes-fedex-edition

small-package-quotes-fedex-edition

Score: N/A Small Package Quotes – For Customers of FedEx <= 4.3.1 - Unauthenticated SQL Injection Affected: *-4.3.1 Patched: 4.3.2 Updated: July 3, 2026
LOW

simple-photo-feed

simple-photo-feed

Score: N/A Simple Photo Feed <= 1.4.0 - Missing Authorization Affected: *-1.4.0 Patched: 1.4.1 Updated: July 3, 2026
LOW

seo-automatic-seo-tools

seo-automatic-seo-tools

Score: N/A SEO Tools <= 4.0.7 - Reflected Cross-Site Scripting Affected: *-4.0.7 Patched: Updated: July 3, 2026
LOW

pollin

pollin

Score: N/A Pollin <= 1.01.1 - Authenticated (Admin+) SQL Injection Affected: *-1.01.1 Patched: Updated: July 3, 2026
LOW

ltl-freight-quotes-ups-edition

ltl-freight-quotes-ups-edition

Score: 93/100 LTL Freight Quotes – TForce Edition <= 3.6.4 - Unauthenticated SQL Injection Affected: *-3.6.4 Patched: 3.6.5 Updated: July 3, 2026
LOW

ltl-freight-quotes-saia-edition

ltl-freight-quotes-saia-edition

Score: 93/100 LTL Freight Quotes – SAIA Edition <= 2.2.10 - Unauthenticated SQL Injection Affected: *-2.2.10 Patched: 2.2.11 Updated: July 3, 2026
LOW

ltl-freight-quotes-rl-edition

ltl-freight-quotes-rl-edition

Score: 93/100 LTL Freight Quotes – R+L Carriers Edition <= 3.3.4 - Unauthenticated SQL Injection Affected: *-3.3.4 Patched: 3.3.5 Updated: July 3, 2026
LOW

ltl-freight-quotes-odfl-edition

ltl-freight-quotes-odfl-edition

Score: 93/100 LTL Freight Quotes – Old Dominion Edition <= 4.2.10 - Unauthenticated SQL Injection Affected: *-4.2.10 Patched: 4.2.11 Updated: July 3, 2026
LOW

ltl-freight-quotes-abf-freight-edition

ltl-freight-quotes-abf-freight-edition

Score: 93/100 LTL Freight Quotes – ABF Freight Edition <= 3.3.7 - Unauthenticated SQL Injection Affected: *-3.3.7 Patched: 3.3.8 Updated: July 3, 2026
LOW

drivr-google-drive-file-picker

drivr-google-drive-file-picker

Score: 91/100 Drivr Lite – Google Drive Plugin plugin for WordPress <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

coronavirus-covid-19-notice-message

coronavirus-covid-19-notice-message

Score: 91/100 Coronavirus (COVID-19) Notice Message <= 1.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 3, 2026
LOW

tourmaster

tourmaster

Score: N/A Tour Master - Tour Booking, Travel, Hotel <= 5.3.7 - Authenticated (Subscriber+) SQL Injection via review_id Parameter Affected: *-5.3.7 Patched: 5.3.8 Updated: July 3, 2026
LOW

profit-products-tables-for-woocommerce

profit-products-tables-for-woocommerce

Score: N/A Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.6 - Reflected Cross-Site Scripting Affected: *-1.0.6.6 Patched: 1.0.6.7 Updated: July 3, 2026
LOW

memorialday

memorialday

Score: 93/100 MemorialDay <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.4 Patched: 1.1.0 Updated: July 3, 2026
LOW

magayo-lottery-results

magayo-lottery-results

Score: 91/100 magayo Lottery Results <= 2.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.12 Patched: Updated: July 3, 2026
LOW

bigbuy-wc-dropshipping-connector

bigbuy-wc-dropshipping-connector

Score: 91/100 BigBuy Dropshipping Connector for WooCommerce <= 2.0.0 - Unauthenticated Full Path Disclosute Affected: *-2.0.0 Patched: 2.0.1 Updated: July 3, 2026
LOW

wp-asambleas

wp-asambleas

Score: N/A WP-Asambleas <= 2.85.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.85.0 Patched: Updated: July 3, 2026
LOW

wp-bibtex

wp-bibtex

Score: N/A WP-BibTeX <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.1 Patched: Updated: July 3, 2026
LOW

byconsole-woo-order-delivery-time

byconsole-woo-order-delivery-time

Score: 91/100 WooODT Lite – Delivery & pickup date time location for WooCommerce <= 2.5.1 - Unauthenticated Full Path Dsiclosure Affected: *-2.5.1 Patched: 2.5.2 Updated: July 3, 2026
LOW

reset

reset

Score: N/A Reset <= 1.6 - Cross-Site Request Forgery to Database Reset Affected: *-1.6 Patched: 1.7 Updated: July 3, 2026
LOW

option-editor

option-editor

Score: 91/100 Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

reaction-buttons

reaction-buttons

Score: N/A Reaction Buttons <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: Updated: July 3, 2026
LOW

gumlet-video

gumlet-video

Score: 93/100 Gumlet Video <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: July 3, 2026
LOW

simplebooklet

simplebooklet

Score: N/A Simplebooklet PDF Viewer and Embedder <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: July 3, 2026
LOW

simple-signup-form

simple-signup-form

Score: N/A Simple Signup Form <= 1.6.5 - Authenticated (Contributor+) SQL Injection Affected: *-1.6.5 Patched: Updated: July 3, 2026
LOW

simple-pricing-tables-vc-extension

simple-pricing-tables-vc-extension

Score: N/A Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

woo-addon-uploads

woo-addon-uploads

Score: N/A File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-1.7.1 Patched: 1.7.2 Updated: July 3, 2026
LOW

simple-map-no-api

simple-map-no-api

Score: N/A Simple Map No Api <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter Affected: *-1.9 Patched: Updated: July 3, 2026
LOW

get-bookings-wp

get-bookings-wp

Score: 89/100 GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover Affected: *-1.1.27 Patched: Updated: July 3, 2026
LOW

infusionsoft-official-opt-in-forms

infusionsoft-official-opt-in-forms

Score: 89/100 Keap Official Opt-in Forms <= 2.0.1 - Unauthenticated Limited Local File Inclusion Affected: *-2.0.1 Patched: 2.0.2 Updated: July 3, 2026
LOW

simple-charts

simple-charts

Score: N/A Simple Charts <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

cats-job-listings

cats-job-listings

Score: 91/100 CATS Job Listings <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.9 Patched: Updated: July 3, 2026
LOW

wprequal

wprequal

Score: N/A Mortgage Lead Capture System <= 8.2.11 - Cross-Site Request Forgery to Settings Reset Affected: *-8.2.11 Patched: 8.3.1 Updated: July 3, 2026
LOW

mortgage-loan-calculator

mortgage-loan-calculator

Score: 91/100 Mortgage Calculator / Loan Calculator <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.20 Patched: Updated: July 3, 2026
LOW

open-hours

open-hours

Score: 91/100 Open Hours – Easy Opening Hours <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: Updated: July 3, 2026
LOW

library-bookshelves

library-bookshelves

Score: 91/100 Library Bookshelves <= 5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.10 Patched: 5.11 Updated: July 3, 2026
LOW

zigaform-calculator-cost-estimation-form-builder-lite

zigaform-calculator-cost-estimation-form-builder-lite

Score: N/A Zigaform – Price Calculator & Cost Estimation Form Builder Lite <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.4.7 Patched: 7.4.8 Updated: July 3, 2026
LOW

zigaform-form-builder-lite

zigaform-form-builder-lite

Score: N/A Zigaform – Form Builder Lite <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.4.7 Patched: 7.4.8 Updated: July 3, 2026
LOW

rapid-cache

rapid-cache

Score: N/A Rapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning Affected: *-1.2.3 Patched: Updated: July 3, 2026
LOW

formassembly-web-forms

formassembly-web-forms

Score: 93/100 WP-FormAssembly <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.11 Patched: 3.0.0 Updated: July 3, 2026
LOW

easy-mls-listings-import

easy-mls-listings-import

Score: 93/100 Easy MLS Listings Import <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: 2.1.0 Updated: July 3, 2026
LOW

1-click-migration

1-click-migration

Score: 95/100 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process Cancellation Affected: *-2.2 Patched: 2.3 Updated: July 3, 2026
LOW

1-click-migration

1-click-migration

Score: 95/100 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php Affected: *-2.2 Patched: 2.3 Updated: July 3, 2026
LOW

actionwear-products-sync

actionwear-products-sync

Score: 95/100 Actionwear products sync <= 2.3.2 - Unauthenticated Full Patch Disclosure Affected: *-2.3.2 Patched: 2.3.3 Updated: July 3, 2026
LOW

team-display

team-display

Score: N/A Team Builder – Meet the Team <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure Affected: *-5.9.4.2 Patched: 5.9.4.3 Updated: July 3, 2026
LOW

profilegrid-user-profiles-groups-and-communities

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery Affected: *-5.9.4.2 Patched: 5.9.4.3 Updated: July 3, 2026
LOW

web-stories-enhancer

web-stories-enhancer

Score: N/A Web Stories Enhancer – Level Up Your Web Stories <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: 1.4 Updated: July 3, 2026
LOW

uncode-core

uncode-core

Score: N/A Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias Affected: *-2.9.1.6 Patched: 2.9.1.7 Updated: July 3, 2026
LOW

threepress

threepress

Score: N/A Threepress <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.1 Patched: 1.7.2 Updated: July 3, 2026
LOW

super-testimonial

super-testimonial

Score: N/A Super Testimonials <= 4.0.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.0.1 Patched: 4.0.2 Updated: July 3, 2026
LOW

speedsize-ai-image-optimizer

speedsize-ai-image-optimizer

Score: N/A SpeedSize Image & Video AI-Optimizer <= 1.5.1 - Cross-Site Request Forgery to Clear Cache Affected: *-1.5.1 Patched: 1.5.2 Updated: July 3, 2026
LOW

shopwarden

shopwarden

Score: N/A Shopwarden – Automated WooCommerce monitoring & testing <= 1.0.11 - Cross-Site Request Forgery to Arbitrary Options Update Affected: *-1.0.11 Patched: 1.0.12 Updated: July 3, 2026
LOW

scratch-win-giveaways-for-website-facebook

scratch-win-giveaways-for-website-facebook

Score: N/A Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation Affected: *-2.8.0 Patched: 2.9.0 Updated: July 3, 2026
LOW

s2member

s2member

Score: N/A s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241216 - Reflected Cross-Site Scripting Affected: *-241216 Patched: 250214 Updated: July 3, 2026
LOW

paypal-payment-button-by-vcita

paypal-payment-button-by-vcita

Score: N/A Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.20.0 Patched: 3.30.0 Updated: July 3, 2026
LOW

k-elements

k-elements

Score: 93/100 K Elements <= 5.3.9 - Authentication Bypass Affected: *-5.3.9 Patched: 5.4.0 Updated: July 3, 2026
LOW

gtbabel

gtbabel

Score: 93/100 Gtbabel <= 6.6.8 - Unauthenticated Cookie Stealing Affected: *-6.6.8 Patched: 6.6.9 Updated: July 3, 2026
LOW

formcraft3

formcraft3

Score: 93/100 FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload Affected: *-3.9.11 Patched: 3.9.12 Updated: July 3, 2026
LOW

formcraft3

formcraft3

Score: 93/100 FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php Affected: *-3.9.11 Patched: 3.9.12 Updated: July 3, 2026
LOW

flexible-wishlist

flexible-wishlist

Score: 93/100 Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later <= 1.2.26 - Cross-Site Request Forgery to Wishlist Creation/Modification Affected: *-1.2.26 Patched: 1.2.27 Updated: July 3, 2026
LOW

ecwid-shopping-cart

ecwid-shopping-cart

Score: 93/100 Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message Affected: *-6.12.27 Patched: 6.12.28 Updated: July 3, 2026
LOW

contact-us-by-lord-linus

contact-us-by-lord-linus

Score: 89/100 Contact Us By Lord Linus <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.6 Patched: Updated: July 3, 2026
LOW

affiliate-links

affiliate-links

Score: 97/100 Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection Affected: *-3.0.1 Patched: 3.1.0 Updated: July 3, 2026
LOW

ablocks

ablocks

Score: 95/100 aBlocks – WordPress Gutenberg Blocks <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: 1.6.2 Updated: July 3, 2026
LOW

wp-social-links

wp-social-links

Score: N/A WP Social Links <= 0.3.1 - Reflected Cross-Site Scripting Affected: *-0.3.1 Patched: Updated: July 3, 2026
LOW

wp-programmmanager

wp-programmmanager

Score: N/A WP-PManager <= 1.2 - Authenticated (Admin+) SQL Injection Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

wp-programmmanager

wp-programmmanager

Score: N/A WP-PManager <= 1.2 - Cross-Site Request Forgery to Category Deletion Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

wp-mailer

wp-mailer

Score: N/A WP Easy Post Mailer <= 0.64 - Reflected Cross-Site Scripting Affected: *-0.64 Patched: Updated: July 3, 2026
LOW

ts-tree

ts-tree

Score: N/A ts-tree <= 0.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-0.1.1 Patched: Updated: July 3, 2026
LOW

track-page-scroll

track-page-scroll

Score: N/A Track Page Scroll <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

simple-gallery-odihost

simple-gallery-odihost

Score: N/A Easy Gallery <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 3, 2026
LOW

quizzin

quizzin

Score: N/A Quizzin <= 1.01.4 - Reflected Cross-Site Scripting Affected: *-1.01.4 Patched: Updated: July 3, 2026
LOW

marekkis-watermark

marekkis-watermark

Score: 89/100 Marekkis Watermark-Plugin <= 0.9.4 - Reflected Cross-Site Scripting Affected: *-0.9.4 Patched: Updated: July 3, 2026
LOW

easy-broken-link-checker

easy-broken-link-checker

Score: 86/100 URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Cross-Site Request Forgery Affected: *-9.0.2 Patched: Updated: July 3, 2026
LOW

easy-broken-link-checker

easy-broken-link-checker

Score: 86/100 URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-9.0.2 Patched: Updated: July 3, 2026
LOW

4-author-cheer-up-donate

4-author-cheer-up-donate

Score: 95/100 4 author cheer up donate <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

bit-assist

bit-assist

Score: 93/100 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter Affected: *-1.5.2 Patched: 1.5.3 Updated: July 3, 2026

Showing 12001 to 12100 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 12:17 UTC.