Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

88

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wedevs-project-manager wedevs-project-manager N/A WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter LOW *-2.6.17 2.6.18 July 3, 2026
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor elementskit-lite
95
ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget LOW *-3.4.0 3.4.1 July 3, 2026
wedevs-project-manager wedevs-project-manager N/A WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update LOW *-2.6.17 2.6.18 July 3, 2026
media-library-plus media-library-plus
93
Media Library Folders <= 8.3.0 - Missing Authorization to Plugin Settings Change LOW *-8.3.0 8.3.1 July 3, 2026
front-end-only-users front-end-only-users
89
Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode LOW *-3.2.30 3.2.31 July 3, 2026
emails-verification-for-woocommerce emails-verification-for-woocommerce
93
Customer Email Verification for WooCommerce <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure LOW *-2.9.4 2.9.5 July 3, 2026
oliver-pos oliver-pos
93
Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation LOW *-2.4.2.3 2.4.2.4 July 3, 2026
wp-analytify wp-analytify N/A Analytify <= 5.5.0 - Missing Authorization LOW *-5.5.0 5.5.1 July 3, 2026
wp-airbnb-review-slider wp-airbnb-review-slider N/A WP Airbnb Review Slider <= 3.9 - Authenticated (Administrator+) SQL Injection LOW *-3.9 4.0 July 3, 2026
woo-bulk-editor woo-bulk-editor N/A BEAR <= 1.1.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.4.4 1.1.4.5 July 3, 2026
waymark waymark N/A Waymark <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.0 1.5.1 July 3, 2026
vitepos-lite vitepos-lite N/A Vitepos – Point of sale (POS) <= 3.1.3 - Missing Authorization LOW *-3.1.3 3.1.4 July 3, 2026
videowhisper-live-streaming-integration videowhisper-live-streaming-integration N/A Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP <= 6.1.10 - Unauthenticated Arbitrary File Deletion LOW *-6.1.10 6.2.1 July 3, 2026
videowhisper-live-streaming-integration videowhisper-live-streaming-integration N/A Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP <= 6.1.10 - Unauthenticated Arbitrary File Read LOW *-6.1.10 6.2.1 July 3, 2026
ttt-crop ttt-crop N/A TTT Crop <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
tlp-team tlp-team N/A Team – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-4.4.9 5.0.0 July 3, 2026
timeline-block-block timeline-block-block N/A Timeline Block <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 1.1.3 July 3, 2026
stream stream N/A Stream <= 4.0.2 - Authenticated (Admin+) Server-Side Request Forgery LOW *-4.0.2 4.1.0 July 3, 2026
spotlight-social-photo-feeds spotlight-social-photo-feeds N/A Spotlight Social Media Feeds <= 1.7.1 - Unauthenticated Sensitive Information Disclosure LOW *-1.7.1 1.7.2 July 3, 2026
skt-blocks skt-blocks N/A SKT Blocks <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7 1.8 July 3, 2026
sidebartabs sidebartabs N/A sidebarTabs <= 3.1 - Reflected Cross-Site Scripting LOW *-3.1 July 3, 2026
s2member-pro s2member-pro N/A s2Member Pro <= 241216 - Unauthenticated PHP Object Injection LOW *-241216 250214 July 3, 2026
rometheme-for-elementor rometheme-for-elementor N/A RTMKit <= 1.6.7 - Authenticated (Contributor+) Insecure Direct Object Reference LOW *-1.6.7 1.6.8 July 3, 2026
responsive-add-ons responsive-add-ons N/A Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme <= 3.1.4 - Authenticated (Contributor+) Blind Server-Side Request Forgery via remote_request LOW *-3.1.4 3.1.5 July 3, 2026
qubely qubely N/A Qubely <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.12 1.8.13 July 3, 2026
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider ml-slider
88
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Editor+) PHP Object Injection LOW *-3.94.0 3.95.0 July 3, 2026
magic-the-gathering-card-tooltips magic-the-gathering-card-tooltips
93
Magic the Gathering Card Tooltips <= 3.5.0 - Unauthenticated Stored Cross-Site Scripting LOW *-3.5.0 3.6.0 July 3, 2026
ltl-freight-quotes-estes-edition ltl-freight-quotes-estes-edition
93
LTL Freight Quotes – Estes Edition <= 3.3.7 - Unauthenticated SQL Injection LOW *-3.3.7 3.3.8 July 3, 2026
leyka leyka
89
Leyka <= 3.31.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.31.8 3.31.9 July 3, 2026
keep-backup-daily keep-backup-daily
93
Keep Backup Daily <= 2.1.0 - Authenticated (Admin+) Arbitrary File Download LOW *-2.1.0 2.1.1 July 3, 2026
ie-css3-support ie-css3-support
91
IE CSS3 Support <= 2.0.1 - Reflected Cross-Site Scripting LOW *-2.0.1 July 3, 2026
gallery gallery
93
Gallery <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-2.2.1 2.2.2 July 3, 2026
events-planner events-planner
91
Events Planner <= 1.3.10 - Reflected Cross-Site Scripting LOW *-1.3.10 July 3, 2026
eventer eventer
89
Eventer <= 3.9.8 - Reflected Cross-Site Scripting LOW *-3.9.8 3.9.9 July 3, 2026
email-keep email-keep
89
Email Keep <= 1.1 - Cross-Site Request Forgery to Email Deletion LOW *-1.1 July 3, 2026
email-keep email-keep
89
Email Keep <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 3, 2026
easy-popups easy-popups
93
Responsive Modal Builder for High Conversion – Easy Popups <= 1.5.0 - Reflected Cross-Site Scripting LOW *-1.5.0 1.5.1 July 3, 2026
easy-elementor-addons easy-elementor-addons
93
Easy Elementor Addons <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.5 2.1.6 July 3, 2026
dl-leadback dl-leadback
91
DL Leadback <= 1.2.1 - Reflected Cross-Site Scripting LOW *-1.2.1 July 3, 2026
distance-based-shipping-calculator distance-based-shipping-calculator
93
Distance Based Shipping Calculator <= 2.0.22 - Missing Authorization to Unauthenticated Settings Update LOW *-2.0.22 2.0.23 July 3, 2026
distance-based-shipping-calculator distance-based-shipping-calculator
93
Distance Based Shipping Calculator <= 2.0.22 - Missing Authorization LOW *-2.0.22 2.0.23 July 3, 2026
directorypress-frontend directorypress-frontend
93
DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update LOW *-2.7.9 2.8.0 July 3, 2026
dethemekit-for-elementor dethemekit-for-elementor
89
DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.8 2.1.9 July 3, 2026
content-snippet-manager content-snippet-manager
93
Content Snippet Manager <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.5 1.1.6 July 3, 2026
codebard-help-desk codebard-help-desk
89
CodeBard Help Desk <= 1.1.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.1.2 July 3, 2026
chaty-pro chaty-pro
93
Chaty Pro <= 3.3.3 - Unauthenticated Arbitrary File Upload LOW *-3.3.3 3.3.4 July 3, 2026
calculator-builder calculator-builder
93
Calculator Builder – Create an Online Calculator <= 1.6.2 - Unauthenticated Local File Inclusion LOW *-1.6.2 1.6.3 July 3, 2026
badgearoo badgearoo
89
Badgearoo <= 1.0.14 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.14 July 3, 2026
badgearoo badgearoo
89
Badgearoo <= 1.0.14 - Reflected Cross-Site Scripting LOW *-1.0.14 July 3, 2026
alphabetic-pagination alphabetic-pagination
97
Alphabetic Pagination <= 3.2.1 - Reflected Cross-Site Scripting LOW *-3.2.1 3.2.2 July 3, 2026
addons-for-elementor-builder addons-for-elementor-builder
97
Vertex Addons for Elementor <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.0 1.3.0 July 3, 2026
3-word-address-validation-field 3-word-address-validation-field
97
what3words Address Field <= 4.0.15 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.0.15 4.0.16 July 3, 2026
bit-assist bit-assist
93
Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function LOW *-1.5.2 1.5.3 July 3, 2026
bit-assist bit-assist
93
Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter LOW *-1.5.2 1.5.3 July 3, 2026
hurrytimer hurrytimer
93
HurryTimer <= 2.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Name LOW *-2.11.2 2.12.0 July 3, 2026
qubely qubely N/A Qubely – Advanced Gutenberg Blocks <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' LOW *-1.8.12 1.8.13 July 3, 2026
woo-refund-and-exchange-lite woo-refund-and-exchange-lite N/A Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference LOW *-4.4.5 4.4.6 July 3, 2026
woo-refund-and-exchange-lite woo-refund-and-exchange-lite N/A Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-4.4.5 4.4.6 July 3, 2026
yottie-lite yottie-lite N/A Elfsight Yottie Lite <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.3.3 July 3, 2026
wp-html-page-sitemap wp-html-page-sitemap N/A WP Html Page Sitemap <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.2 July 3, 2026
wibiya wibiya N/A Wibiya Toolbar <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0 July 3, 2026
tinymce-advanced-qtranslate-fix-editor-problems tinymce-advanced-qtranslate-fix-editor-problems N/A TinyMCE Advanced qTranslate fix editor problems <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 3, 2026
simple-responsive-menu simple-responsive-menu N/A Simple Responsive Menu <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1 July 3, 2026
rss-filter rss-filter N/A RSS Filter <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 3, 2026
related-posts-line-up-exactry-by-milliard related-posts-line-up-exactry-by-milliard N/A Related Posts Line-up-Exactly by Milliard <= 0.0.22 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.0.22 July 3, 2026
prezi-embedder prezi-embedder N/A Prezi Embedder <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1 July 3, 2026
post-thumbs post-thumbs N/A Post Thumbs <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5 July 3, 2026
phplist-form-integration phplist-form-integration N/A WP PHPList <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7 July 3, 2026
pagepost-specific-social-share-buttons pagepost-specific-social-share-buttons
91
Page/Post Specific Social Share Buttons <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1 July 3, 2026
my-loginlogout my-loginlogout
91
My Login Logout Plugin <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.4 July 3, 2026
google-drive-wp-media google-drive-wp-media
91
Google Drive WP Media <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.4 July 3, 2026
global-meta-keyword-and-description global-meta-keyword-and-description
91
Global Meta Keyword & Description <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.3 July 3, 2026
glance-that glance-that
91
Glance That <= 4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.9 July 3, 2026
font-awesome-wp font-awesome-wp
91
Font Awesome WP <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
Event Tickets and Registration event-tickets
86
Event Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket Deletion LOW *-5.19.1.1 5.19.1.2 July 3, 2026
embed-google-map embed-google-map
91
Embed Google Map <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2 July 3, 2026
easy-broken-link-checker easy-broken-link-checker
86
URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Reflected Cross-Site Scripting LOW *-9.0.2 July 3, 2026
easy-amazon-product-information easy-amazon-product-information
91
Easy Amazon Product Information <= 4.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.0.1 July 3, 2026
dx-auto-publish dx-auto-publish
91
DX-auto-publish <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 3, 2026
client-documentation client-documentation
91
Simple Documentation <= 1.2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.8 July 3, 2026
clickwhale clickwhale
93
ClickWhale <= 2.4.3 - Cross-Site Request Forgery LOW *-2.4.3 2.4.4 July 3, 2026
bootstrap-collapse bootstrap-collapse
91
Bootstrap collapse <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.4 July 3, 2026
badr-naver-syndication badr-naver-syndication
91
Naver Syndication V2 <= 0.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.8.3 July 3, 2026
aparat-responsive aparat-responsive
95
Aparat Responsive <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 July 3, 2026
expand-maker expand-maker
89
Read More & Accordion <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Read More' Post Deletion LOW *-3.4.2 3.4.3 July 3, 2026
WP Activity Log wp-security-audit-log N/A WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting LOW *-5.2.2 5.3.0 July 3, 2026
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings seo-by-rank-math
85
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API LOW *-1.0.235 1.0.236 July 3, 2026
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings seo-by-rank-math
85
Rank Math SEO <= 1.0.235 - Missing Authorization to Authenticated (Contributor+) Arbitrary Schema Deletion LOW *-1.0.235 1.0.236 July 3, 2026
brizy brizy
93
Brizy – Page Builder <= 2.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-2.6.8 2.6.9 July 3, 2026
wp-directorybox-manager wp-directorybox-manager N/A WP Directorybox Manager <= 2.5 - Authentication Bypass LOW *-2.5 July 3, 2026
pallet-packaging-for-woocommerce pallet-packaging-for-woocommerce N/A Pallet Packaging for WooCommerce <= 1.1.15 - Missing Authorization LOW *-1.1.15 1.1.16 July 3, 2026
ltl-freight-quotes-worldwide-express-edition ltl-freight-quotes-worldwide-express-edition
93
LTL Freight Quotes – Worldwide Express Edition <= 5.0.21 - Reflected Cross-Site Scripting LOW *-5.0.21 5.0.22 July 3, 2026
ltl-freight-quotes-worldwide-express-edition ltl-freight-quotes-worldwide-express-edition
93
LTL Freight Quotes – Worldwide Express Edition <= 5.0.20 - Missing Authorization to Unauthenticated Arbitrary Content Deletion LOW *-5.0.20 5.0.21 July 3, 2026
ltl-freight-quotes-unishippers-edition ltl-freight-quotes-unishippers-edition
93
LTL Freight Quotes – Unishippers Edition <= 2.5.8 - Reflected Cross-Site Scripting LOW *-2.5.8 2.5.9 July 3, 2026
ltl-freight-quotes-unishippers-edition ltl-freight-quotes-unishippers-edition
93
LTL Freight Quotes – Unishippers Edition <= 2.5.8 - Missing Authorization LOW *-2.5.8 2.5.9 July 3, 2026
ltl-freight-quotes-freightquote-edition ltl-freight-quotes-freightquote-edition
93
LTL Freight Quotes – FreightQuote Edition <= 2.3.11 - Unauthenticated SQL Injection LOW *-2.3.11 2.3.12 July 3, 2026
ltl-freight-quotes-freightquote-edition ltl-freight-quotes-freightquote-edition
93
LTL Freight Quotes – FreightQuote Edition <= 2.3.11 - Missing Authorization LOW *-2.3.11 2.3.12 July 3, 2026
js-support-ticket js-support-ticket
93
JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-2.8.8 2.8.9 July 3, 2026
give-donation-modules-for-divi give-donation-modules-for-divi
93
Give – Divi Donation Modules <= 2.0.0 - Sensitive Information Dislcosure LOW *-2.0.0 2.0.1 July 3, 2026
fusion-builder fusion-builder
93
Avada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution LOW *-3.11.13 3.11.14 July 3, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter Affected: *-2.6.17 Patched: 2.6.18 Updated: July 3, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update Affected: *-2.6.17 Patched: 2.6.18 Updated: July 3, 2026
LOW

media-library-plus

media-library-plus

Score: 93/100 Media Library Folders <= 8.3.0 - Missing Authorization to Plugin Settings Change Affected: *-8.3.0 Patched: 8.3.1 Updated: July 3, 2026
LOW

front-end-only-users

front-end-only-users

Score: 89/100 Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode Affected: *-3.2.30 Patched: 3.2.31 Updated: July 3, 2026
LOW

emails-verification-for-woocommerce

emails-verification-for-woocommerce

Score: 93/100 Customer Email Verification for WooCommerce <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure Affected: *-2.9.4 Patched: 2.9.5 Updated: July 3, 2026
LOW

oliver-pos

oliver-pos

Score: 93/100 Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation Affected: *-2.4.2.3 Patched: 2.4.2.4 Updated: July 3, 2026
LOW

wp-analytify

wp-analytify

Score: N/A Analytify <= 5.5.0 - Missing Authorization Affected: *-5.5.0 Patched: 5.5.1 Updated: July 3, 2026
LOW

wp-airbnb-review-slider

wp-airbnb-review-slider

Score: N/A WP Airbnb Review Slider <= 3.9 - Authenticated (Administrator+) SQL Injection Affected: *-3.9 Patched: 4.0 Updated: July 3, 2026
LOW

woo-bulk-editor

woo-bulk-editor

Score: N/A BEAR <= 1.1.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.4.4 Patched: 1.1.4.5 Updated: July 3, 2026
LOW

waymark

waymark

Score: N/A Waymark <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.0 Patched: 1.5.1 Updated: July 3, 2026
LOW

vitepos-lite

vitepos-lite

Score: N/A Vitepos – Point of sale (POS) <= 3.1.3 - Missing Authorization Affected: *-3.1.3 Patched: 3.1.4 Updated: July 3, 2026
LOW

videowhisper-live-streaming-integration

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP <= 6.1.10 - Unauthenticated Arbitrary File Deletion Affected: *-6.1.10 Patched: 6.2.1 Updated: July 3, 2026
LOW

videowhisper-live-streaming-integration

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP <= 6.1.10 - Unauthenticated Arbitrary File Read Affected: *-6.1.10 Patched: 6.2.1 Updated: July 3, 2026
LOW

ttt-crop

ttt-crop

Score: N/A TTT Crop <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

tlp-team

tlp-team

Score: N/A Team – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-4.4.9 Patched: 5.0.0 Updated: July 3, 2026
LOW

timeline-block-block

timeline-block-block

Score: N/A Timeline Block <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.3 Updated: July 3, 2026
LOW

stream

stream

Score: N/A Stream <= 4.0.2 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-4.0.2 Patched: 4.1.0 Updated: July 3, 2026
LOW

spotlight-social-photo-feeds

spotlight-social-photo-feeds

Score: N/A Spotlight Social Media Feeds <= 1.7.1 - Unauthenticated Sensitive Information Disclosure Affected: *-1.7.1 Patched: 1.7.2 Updated: July 3, 2026
LOW

skt-blocks

skt-blocks

Score: N/A SKT Blocks <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: 1.8 Updated: July 3, 2026
LOW

sidebartabs

sidebartabs

Score: N/A sidebarTabs <= 3.1 - Reflected Cross-Site Scripting Affected: *-3.1 Patched: Updated: July 3, 2026
LOW

s2member-pro

s2member-pro

Score: N/A s2Member Pro <= 241216 - Unauthenticated PHP Object Injection Affected: *-241216 Patched: 250214 Updated: July 3, 2026
LOW

rometheme-for-elementor

rometheme-for-elementor

Score: N/A RTMKit <= 1.6.7 - Authenticated (Contributor+) Insecure Direct Object Reference Affected: *-1.6.7 Patched: 1.6.8 Updated: July 3, 2026
LOW

responsive-add-ons

responsive-add-ons

Score: N/A Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme <= 3.1.4 - Authenticated (Contributor+) Blind Server-Side Request Forgery via remote_request Affected: *-3.1.4 Patched: 3.1.5 Updated: July 3, 2026
LOW

qubely

qubely

Score: N/A Qubely <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.12 Patched: 1.8.13 Updated: July 3, 2026
LOW

magic-the-gathering-card-tooltips

magic-the-gathering-card-tooltips

Score: 93/100 Magic the Gathering Card Tooltips <= 3.5.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.5.0 Patched: 3.6.0 Updated: July 3, 2026
LOW

ltl-freight-quotes-estes-edition

ltl-freight-quotes-estes-edition

Score: 93/100 LTL Freight Quotes – Estes Edition <= 3.3.7 - Unauthenticated SQL Injection Affected: *-3.3.7 Patched: 3.3.8 Updated: July 3, 2026
LOW

leyka

leyka

Score: 89/100 Leyka <= 3.31.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.31.8 Patched: 3.31.9 Updated: July 3, 2026
LOW

keep-backup-daily

keep-backup-daily

Score: 93/100 Keep Backup Daily <= 2.1.0 - Authenticated (Admin+) Arbitrary File Download Affected: *-2.1.0 Patched: 2.1.1 Updated: July 3, 2026
LOW

ie-css3-support

ie-css3-support

Score: 91/100 IE CSS3 Support <= 2.0.1 - Reflected Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 3, 2026
LOW

gallery

gallery

Score: 93/100 Gallery <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: 2.2.2 Updated: July 3, 2026
LOW

events-planner

events-planner

Score: 91/100 Events Planner <= 1.3.10 - Reflected Cross-Site Scripting Affected: *-1.3.10 Patched: Updated: July 3, 2026
LOW

eventer

eventer

Score: 89/100 Eventer <= 3.9.8 - Reflected Cross-Site Scripting Affected: *-3.9.8 Patched: 3.9.9 Updated: July 3, 2026
LOW

email-keep

email-keep

Score: 89/100 Email Keep <= 1.1 - Cross-Site Request Forgery to Email Deletion Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

email-keep

email-keep

Score: 89/100 Email Keep <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

easy-popups

easy-popups

Score: 93/100 Responsive Modal Builder for High Conversion – Easy Popups <= 1.5.0 - Reflected Cross-Site Scripting Affected: *-1.5.0 Patched: 1.5.1 Updated: July 3, 2026
LOW

easy-elementor-addons

easy-elementor-addons

Score: 93/100 Easy Elementor Addons <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.5 Patched: 2.1.6 Updated: July 3, 2026
LOW

dl-leadback

dl-leadback

Score: 91/100 DL Leadback <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 3, 2026
LOW

distance-based-shipping-calculator

distance-based-shipping-calculator

Score: 93/100 Distance Based Shipping Calculator <= 2.0.22 - Missing Authorization to Unauthenticated Settings Update Affected: *-2.0.22 Patched: 2.0.23 Updated: July 3, 2026
LOW

distance-based-shipping-calculator

distance-based-shipping-calculator

Score: 93/100 Distance Based Shipping Calculator <= 2.0.22 - Missing Authorization Affected: *-2.0.22 Patched: 2.0.23 Updated: July 3, 2026
LOW

directorypress-frontend

directorypress-frontend

Score: 93/100 DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update Affected: *-2.7.9 Patched: 2.8.0 Updated: July 3, 2026
LOW

dethemekit-for-elementor

dethemekit-for-elementor

Score: 89/100 DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.8 Patched: 2.1.9 Updated: July 3, 2026
LOW

content-snippet-manager

content-snippet-manager

Score: 93/100 Content Snippet Manager <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.6 Updated: July 3, 2026
LOW

codebard-help-desk

codebard-help-desk

Score: 89/100 CodeBard Help Desk <= 1.1.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 3, 2026
LOW

chaty-pro

chaty-pro

Score: 93/100 Chaty Pro <= 3.3.3 - Unauthenticated Arbitrary File Upload Affected: *-3.3.3 Patched: 3.3.4 Updated: July 3, 2026
LOW

calculator-builder

calculator-builder

Score: 93/100 Calculator Builder – Create an Online Calculator <= 1.6.2 - Unauthenticated Local File Inclusion Affected: *-1.6.2 Patched: 1.6.3 Updated: July 3, 2026
LOW

badgearoo

badgearoo

Score: 89/100 Badgearoo <= 1.0.14 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.14 Patched: Updated: July 3, 2026
LOW

badgearoo

badgearoo

Score: 89/100 Badgearoo <= 1.0.14 - Reflected Cross-Site Scripting Affected: *-1.0.14 Patched: Updated: July 3, 2026
LOW

alphabetic-pagination

alphabetic-pagination

Score: 97/100 Alphabetic Pagination <= 3.2.1 - Reflected Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2 Updated: July 3, 2026
LOW

addons-for-elementor-builder

addons-for-elementor-builder

Score: 97/100 Vertex Addons for Elementor <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.3.0 Updated: July 3, 2026
LOW

3-word-address-validation-field

3-word-address-validation-field

Score: 97/100 what3words Address Field <= 4.0.15 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.0.15 Patched: 4.0.16 Updated: July 3, 2026
LOW

bit-assist

bit-assist

Score: 93/100 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function Affected: *-1.5.2 Patched: 1.5.3 Updated: July 3, 2026
LOW

bit-assist

bit-assist

Score: 93/100 Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter Affected: *-1.5.2 Patched: 1.5.3 Updated: July 3, 2026
LOW

hurrytimer

hurrytimer

Score: 93/100 HurryTimer <= 2.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Name Affected: *-2.11.2 Patched: 2.12.0 Updated: July 3, 2026
LOW

qubely

qubely

Score: N/A Qubely – Advanced Gutenberg Blocks <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' Affected: *-1.8.12 Patched: 1.8.13 Updated: July 3, 2026
LOW

woo-refund-and-exchange-lite

woo-refund-and-exchange-lite

Score: N/A Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-4.4.5 Patched: 4.4.6 Updated: July 3, 2026
LOW

woo-refund-and-exchange-lite

woo-refund-and-exchange-lite

Score: N/A Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-4.4.5 Patched: 4.4.6 Updated: July 3, 2026
LOW

yottie-lite

yottie-lite

Score: N/A Elfsight Yottie Lite <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 3, 2026
LOW

wp-html-page-sitemap

wp-html-page-sitemap

Score: N/A WP Html Page Sitemap <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 3, 2026
LOW

wibiya

wibiya

Score: N/A Wibiya Toolbar <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 3, 2026
LOW

tinymce-advanced-qtranslate-fix-editor-problems

tinymce-advanced-qtranslate-fix-editor-problems

Score: N/A TinyMCE Advanced qTranslate fix editor problems <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

simple-responsive-menu

simple-responsive-menu

Score: N/A Simple Responsive Menu <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 3, 2026
LOW

rss-filter

rss-filter

Score: N/A RSS Filter <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

related-posts-line-up-exactry-by-milliard

related-posts-line-up-exactry-by-milliard

Score: N/A Related Posts Line-up-Exactly by Milliard <= 0.0.22 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.0.22 Patched: Updated: July 3, 2026
LOW

prezi-embedder

prezi-embedder

Score: N/A Prezi Embedder <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 3, 2026
LOW

post-thumbs

post-thumbs

Score: N/A Post Thumbs <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 3, 2026
LOW

phplist-form-integration

phplist-form-integration

Score: N/A WP PHPList <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 3, 2026
LOW

pagepost-specific-social-share-buttons

pagepost-specific-social-share-buttons

Score: 91/100 Page/Post Specific Social Share Buttons <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 3, 2026
LOW

my-loginlogout

my-loginlogout

Score: 91/100 My Login Logout Plugin <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.4 Patched: Updated: July 3, 2026
LOW

google-drive-wp-media

google-drive-wp-media

Score: 91/100 Google Drive WP Media <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.4 Patched: Updated: July 3, 2026
LOW

global-meta-keyword-and-description

global-meta-keyword-and-description

Score: 91/100 Global Meta Keyword & Description <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: July 3, 2026
LOW

glance-that

glance-that

Score: 91/100 Glance That <= 4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.9 Patched: Updated: July 3, 2026
LOW

font-awesome-wp

font-awesome-wp

Score: 91/100 Font Awesome WP <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

Event Tickets and Registration

event-tickets

Score: 86/100 Event Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket Deletion Affected: *-5.19.1.1 Patched: 5.19.1.2 Updated: July 3, 2026
LOW

embed-google-map

embed-google-map

Score: 91/100 Embed Google Map <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2 Patched: Updated: July 3, 2026
LOW

easy-broken-link-checker

easy-broken-link-checker

Score: 86/100 URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Reflected Cross-Site Scripting Affected: *-9.0.2 Patched: Updated: July 3, 2026
LOW

easy-amazon-product-information

easy-amazon-product-information

Score: 91/100 Easy Amazon Product Information <= 4.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.0.1 Patched: Updated: July 3, 2026
LOW

dx-auto-publish

dx-auto-publish

Score: 91/100 DX-auto-publish <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

client-documentation

client-documentation

Score: 91/100 Simple Documentation <= 1.2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.8 Patched: Updated: July 3, 2026
LOW

clickwhale

clickwhale

Score: 93/100 ClickWhale <= 2.4.3 - Cross-Site Request Forgery Affected: *-2.4.3 Patched: 2.4.4 Updated: July 3, 2026
LOW

bootstrap-collapse

bootstrap-collapse

Score: 91/100 Bootstrap collapse <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 3, 2026
LOW

badr-naver-syndication

badr-naver-syndication

Score: 91/100 Naver Syndication V2 <= 0.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.8.3 Patched: Updated: July 3, 2026
LOW

aparat-responsive

aparat-responsive

Score: 95/100 Aparat Responsive <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

expand-maker

expand-maker

Score: 89/100 Read More & Accordion <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Read More' Post Deletion Affected: *-3.4.2 Patched: 3.4.3 Updated: July 3, 2026
LOW

WP Activity Log

wp-security-audit-log

Score: N/A WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-5.2.2 Patched: 5.3.0 Updated: July 3, 2026
LOW

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

Score: 85/100 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API Affected: *-1.0.235 Patched: 1.0.236 Updated: July 3, 2026
LOW

brizy

brizy

Score: 93/100 Brizy – Page Builder <= 2.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-2.6.8 Patched: 2.6.9 Updated: July 3, 2026
LOW

wp-directorybox-manager

wp-directorybox-manager

Score: N/A WP Directorybox Manager <= 2.5 - Authentication Bypass Affected: *-2.5 Patched: Updated: July 3, 2026
LOW

pallet-packaging-for-woocommerce

pallet-packaging-for-woocommerce

Score: N/A Pallet Packaging for WooCommerce <= 1.1.15 - Missing Authorization Affected: *-1.1.15 Patched: 1.1.16 Updated: July 3, 2026
LOW

ltl-freight-quotes-worldwide-express-edition

ltl-freight-quotes-worldwide-express-edition

Score: 93/100 LTL Freight Quotes – Worldwide Express Edition <= 5.0.21 - Reflected Cross-Site Scripting Affected: *-5.0.21 Patched: 5.0.22 Updated: July 3, 2026
LOW

ltl-freight-quotes-worldwide-express-edition

ltl-freight-quotes-worldwide-express-edition

Score: 93/100 LTL Freight Quotes – Worldwide Express Edition <= 5.0.20 - Missing Authorization to Unauthenticated Arbitrary Content Deletion Affected: *-5.0.20 Patched: 5.0.21 Updated: July 3, 2026
LOW

ltl-freight-quotes-unishippers-edition

ltl-freight-quotes-unishippers-edition

Score: 93/100 LTL Freight Quotes – Unishippers Edition <= 2.5.8 - Reflected Cross-Site Scripting Affected: *-2.5.8 Patched: 2.5.9 Updated: July 3, 2026
LOW

ltl-freight-quotes-unishippers-edition

ltl-freight-quotes-unishippers-edition

Score: 93/100 LTL Freight Quotes – Unishippers Edition <= 2.5.8 - Missing Authorization Affected: *-2.5.8 Patched: 2.5.9 Updated: July 3, 2026
LOW

ltl-freight-quotes-freightquote-edition

ltl-freight-quotes-freightquote-edition

Score: 93/100 LTL Freight Quotes – FreightQuote Edition <= 2.3.11 - Unauthenticated SQL Injection Affected: *-2.3.11 Patched: 2.3.12 Updated: July 3, 2026
LOW

ltl-freight-quotes-freightquote-edition

ltl-freight-quotes-freightquote-edition

Score: 93/100 LTL Freight Quotes – FreightQuote Edition <= 2.3.11 - Missing Authorization Affected: *-2.3.11 Patched: 2.3.12 Updated: July 3, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-2.8.8 Patched: 2.8.9 Updated: July 3, 2026
LOW

give-donation-modules-for-divi

give-donation-modules-for-divi

Score: 93/100 Give – Divi Donation Modules <= 2.0.0 - Sensitive Information Dislcosure Affected: *-2.0.0 Patched: 2.0.1 Updated: July 3, 2026
LOW

fusion-builder

fusion-builder

Score: 93/100 Avada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution Affected: *-3.11.13 Patched: 3.11.14 Updated: July 3, 2026

Showing 12101 to 12200 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 13:23 UTC.