Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

92

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
dethemekit-for-elementor dethemekit-for-elementor
89
DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure LOW *-2.1.8 2.1.9 July 3, 2026
dethemekit-for-elementor dethemekit-for-elementor
89
DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via De Gallery Widget LOW *-2.1.8 2.1.9 July 3, 2026
brizy brizy
93
Brizy – Page Builder <= 2.6.4 - Authenticated (Contributor+) Arbitrary File Upload via storeUploads LOW *-2.6.4 2.6.5 July 3, 2026
usc-e-shop usc-e-shop N/A Welcart e-Commerce <= 2.11.9 - Unauthenticated Stored Cross-Site Scripting via name Parameter LOW *-2.11.9 2.11.10 July 3, 2026
small-package-quotes-purolator-edition small-package-quotes-purolator-edition N/A Small Package Quotes – Purolator Edition <= 3.6.4 - Unauthenticated SQL Injection LOW *-3.6.4 3.6.5 July 3, 2026
ltl-freight-quotes-unishippers-edition ltl-freight-quotes-unishippers-edition
93
LTL Freight Quotes – Unishippers Edition <= 2.5.8 - Unauthenticated SQL Injection LOW *-2.5.8 2.5.9 July 3, 2026
wp-abstracts-manuscripts-manager wp-abstracts-manuscripts-manager N/A WP Abstracts <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion LOW *-2.7.3 2.7.4 July 3, 2026
book-a-room book-a-room
91
Book a Room <= 2.9 - Cross-Site Request Forgery to Settings Update LOW *-2.9 July 3, 2026
shipengine-shipping-quotes shipengine-shipping-quotes N/A ShipEngine Shipping Quotes <= 1.0.7 - Unauthenticated SQL Injection LOW *-1.0.7 1.0.8 July 3, 2026
ebook-downloader ebook-downloader
87
Ebook Downloader <= 1.0 - Unauthenticated SQL Injection LOW *-1.0 July 3, 2026
rise-blocks rise-blocks N/A Rise Blocks – A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter LOW *-3.6 3.7 July 3, 2026
fusedesk fusedesk
91
FuseDesk <= 6.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.6.1 6.7 July 3, 2026
ltl-freight-quotes-worldwide-express-edition ltl-freight-quotes-worldwide-express-edition
93
LTL Freight Quotes - Worldwide Express Edition <= 5.0.20 - Unauthenticated SQL Injection LOW *-5.0.20 5.0.21 July 3, 2026
Security Plugin, Firewall & Malware Scanner with Auto Removal security-malware-firewall
70
Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload LOW *-2.149 2.150 July 3, 2026
WP Extended – The Ultimate WordPress Toolkit wpextended N/A The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation LOW *-3.0.13 3.0.14 July 3, 2026
wpsyncsheets-wpforms wpsyncsheets-wpforms N/A WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset LOW *-1.6 1.6.1 July 3, 2026
wp-ultimate-exporter wp-ultimate-exporter N/A Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory LOW *-2.9.3 2.10 July 3, 2026
wp-table-manager wp-table-manager N/A WP Table Manager <= 4.1.3 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name Disclosure LOW *-4.1.3 4.1.4 July 3, 2026
wp-job-board-pro wp-job-board-pro N/A WP Job Board Pro < 1.2.85 - Unauthenticated Privilege Escalation via process_register LOW [*, 1.2.85) 1.2.85 July 3, 2026
woo-pricing-table woo-pricing-table N/A WooCommerce Pricing – Product Pricing <= 1.0.9 - Unauthenticated Stored Cross-Site Scripting LOW *-1.0.9 1.1.0 July 3, 2026
widget-options widget-options N/A Widget Options <= 4.1.0 - Authenticated (Contributor+) Remote Code Execution LOW *-4.1.0 4.1.1 July 3, 2026
stklcode-liveticker stklcode-liveticker N/A Liveticker (by stklcode) <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2 1.2.3 July 3, 2026
stafflist stafflist N/A StaffList <= 3.2.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-3.2.3 3.2.4 July 3, 2026
small-package-quotes-ups-edition small-package-quotes-ups-edition N/A Small Package Quotes – UPS Edition <= 4.5.16 - Unauthenticated SQL Injection LOW *-4.5.16 4.5.17 July 3, 2026
simple-google-icalendar-widget simple-google-icalendar-widget N/A Simple Google Calendar Outlook Events Block Widget <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.0 2.6.0 July 3, 2026
rocket-wp-mobile rocket-wp-mobile N/A Mobile Plugin <= 1.3.3 - Reflected Cross-Site Scripting LOW *-1.3.3 July 3, 2026
notif-bell notif-bell
93
Notif Bell <= 0.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.9.8 0.9.9 July 3, 2026
ngg-smart-image-search ngg-smart-image-search
91
NGG Smart Image Search <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.1 3.3.2 July 3, 2026
n-media-wp-simple-quiz n-media-wp-simple-quiz
91
Easy Quiz Maker <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 July 3, 2026
marketing-automation marketing-automation
93
Marketing Automation <= 1.2.6.8 - Reflected Cross-Site Scripting LOW *-1.2.6.8 1.2.6.9 July 3, 2026
majestic-support majestic-support
93
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-1.0.5 1.0.6 July 3, 2026
majestic-support majestic-support
93
Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference LOW *-1.0.5 1.0.6 July 3, 2026
ltl-freight-quotes-xpo-edition ltl-freight-quotes-xpo-edition
93
LTL Freight Quotes – XPO Edition <= 4.3.7 - Unauthenticated SQL Injection LOW *-4.3.7 4.3.8 July 3, 2026
ltl-freight-quotes-fedex-freight-edition ltl-freight-quotes-fedex-freight-edition
93
LTL Freight Quotes – For Customers of FedEx Freight <= 3.4.1 - Unauthenticated SQL Injection LOW *-3.4.1 3.4.2 July 3, 2026
inet-webkit inet-webkit
91
iNET Webkit <= 1.2.2 - Missing Authorization LOW *-1.2.2 1.2.3 July 3, 2026
houzez-property-feed houzez-property-feed
93
Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion LOW *-2.4.21 2.4.22 July 3, 2026
WP Ghost (Hide My WP Ghost) – Security & Firewall hide-my-wp
79
Hide My WP Ghost – Security & Firewall <= 5.3.02 - Unauthenticated Login Page Disclosure LOW *-5.3.02 5.4.01 July 3, 2026
gs-woo-brands gs-woo-brands
93
Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.2 1.3.3 July 3, 2026
global-gallery global-gallery
91
Global Gallery - WordPress Responsive Gallery <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution LOW *-9.1.5 9.1.6 July 3, 2026
filled-in filled-in
93
Filled In <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.9.2 1.9.3 July 3, 2026
emails-verification-for-woocommerce emails-verification-for-woocommerce
93
Customer Email Verification for WooCommerce <= 2.9.5 - Authentication Bypass via Shortcode LOW *-2.9.5 2.9.6 July 3, 2026
easy-booked easy-booked
93
Easy Booked – Appointment Booking and Scheduling Management System for WordPress <= 2.4.5 - Cross-Site Request Forgery LOW *-2.4.5 2.4.6 July 3, 2026
convertplug convertplug
93
Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update LOW *-3.5.30 3.5.31 July 3, 2026
cm-map-locations cm-map-locations
93
CM Map Locations <= 2.0.8 - Reflected Cross-Site Scripting LOW *-2.0.8 2.0.9 July 3, 2026
Booking Calendar booking
71
WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation LOW *-10.10 10.10.1 July 3, 2026
apus-framework apus-framework
97
Apus Framework <= 2.4 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options LOW *-2.4 2.5 July 3, 2026
all-images-ai all-images-ai
97
All-Images.ai – IA Image Bank and Custom Image creation <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.0.4 1.0.5 July 3, 2026
aforms-eats aforms-eats
97
AForms Eats <= 1.3.1 - Unauthenticated Full Path Disclosure LOW *-1.3.1 1.3.2 July 3, 2026
admire-extra admire-extra
97
Admire Extra <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6 1.7 July 3, 2026
admin-site-enhancements admin-site-enhancements
97
Admin and Site Enhancements (ASE) <= 7.6.9 - IP Spoofing to Limit Login Attempt Bypass LOW *-7.6.9 7.6.10 July 3, 2026
adirectory adirectory
97
aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion LOW *-2.3 2.3.5 July 3, 2026
360-product-rotation 360-product-rotation
95
360 Product Rotation <= 1.5.8 - Reflected Cross-Site Scripting LOW *-1.5.8 July 3, 2026
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory geodirectory
66
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.97 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display_name Parameter LOW *-2.8.97 2.8.98 July 3, 2026
supersaas-appointment-scheduling supersaas-appointment-scheduling N/A SuperSaaS – online appointment scheduling <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via after Parameter LOW *-2.1.12 2.1.13 July 3, 2026
wp-foodbakery wp-foodbakery N/A WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload LOW *-4.7 4.8 July 3, 2026
wp-foodbakery wp-foodbakery N/A WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation LOW *-4.7 4.8 July 3, 2026
wp-foodbakery wp-foodbakery N/A WP Foodbakery <= 4.8 - Authentication Bypass in foodbakery_parse_request LOW *-4.8 July 3, 2026
wp-foodbakery wp-foodbakery N/A WP Foodbakery <= 4.8 - Reflected Cross-Site Scripting LOW *-4.8 July 3, 2026
ht-mega-for-elementor ht-mega-for-elementor
93
HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget LOW *-2.8.1 2.8.2 July 3, 2026
simple-add-pages-or-posts simple-add-pages-or-posts N/A Simple add pages or posts <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0.0 July 3, 2026
wp-directorybox-manager wp-directorybox-manager N/A WP Directorybox Manager <= 2.5 - Authentication Bypass LOW *-2.5 July 3, 2026
superstorefinder-wp superstorefinder-wp N/A Super Store Finder <= 7.0 - Unauthenticated SQL Injection to Stored Cross-Site Scripting LOW *-7.0 7.1 July 3, 2026
wp-all-export-pro wp-all-export-pro N/A WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update LOW *-1.9.1 1.9.2 July 3, 2026
wp-all-export-pro wp-all-export-pro N/A WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields LOW *-1.9.1 1.9.2 July 3, 2026
wp-all-import-pro wp-all-import-pro N/A WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion LOW *-4.9.7 4.9.8 July 3, 2026
wp-all-import-pro wp-all-import-pro N/A WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) PHP Object Injection via Import File LOW *-4.9.7 4.9.8 July 3, 2026
form-maker form-maker
93
Form Maker by 10Web <= 1.15.32 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.15.32 1.15.33 July 3, 2026
builder-shortcode-extras builder-shortcode-extras
91
Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticated (Contributor+) Post Disclosure LOW *-1.0.0 July 3, 2026
nextend-social-login-pro nextend-social-login-pro
93
Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider LOW *-3.1.16 3.1.17 July 3, 2026
post-and-page-builder post-and-page-builder N/A Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function LOW *-1.27.6 1.27.7 July 3, 2026
woo-multi-currency woo-multi-currency N/A CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function LOW *-2.2.5 2.2.6 July 3, 2026
wp-base-booking-of-appointments-services-and-events wp-base-booking-of-appointments-services-and-events N/A WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Reflected Cross-Site Scripting LOW *-4.9.2 5.0.0 July 3, 2026
woo-cart-count-shortcode woo-cart-count-shortcode N/A WooCommerce Cart Count Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 1.1.0 July 3, 2026
tripetto tripetto N/A WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure LOW *-8.0.8 8.0.9 July 3, 2026
wpmovielibrary wpmovielibrary N/A WPMovieLibrary <= 2.1.4.8 - Reflected Cross-Site Scripting LOW *-2.1.4.8 July 3, 2026
wp-pricing-table wp-pricing-table N/A WP Pricing Table <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 3, 2026
wp-extra-fields wp-extra-fields N/A WP Extra Fields <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 3, 2026
wordpress-activity-o-meter wordpress-activity-o-meter N/A WordPress Activity-o-meter <= 1 - Reflected Cross-Site Scripting LOW *-1 July 3, 2026
winterlock winterlock N/A Cross-Site Request Forgery <= 1.2.4 - Cross-Site Request Forgery LOW *-1.2.4 1.2.5 July 3, 2026
spiritual-gifts-survey spiritual-gifts-survey N/A Spiritual Gifts Survey <= 0.9.10 - Reflected Cross-Site Scripting LOW *-0.9.10 July 3, 2026
spiritual-gifts-survey spiritual-gifts-survey N/A Spiritual Gifts Survey <= 0.9.10 - Reflected Cross-Site Scripting LOW *-0.9.10 July 3, 2026
simple-certain-time-to-show-content simple-certain-time-to-show-content N/A Simple Certain Time to Show Content <= 1.2.2 - Reflected Cross-Site Scripting LOW *-1.2.2 1.3.1 July 3, 2026
simple-catalogue simple-catalogue N/A Simple catalogue <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 3, 2026
r3w-instafeed r3w-instafeed N/A R3W InstaFeed <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
pushbiz pushbiz N/A pushBIZ – Push Notification <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
post-sync post-sync N/A Post Sync <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 3, 2026
om-stripe om-stripe
91
Om Stripe <= 02.00.00 - Reflected Cross-Site Scripting LOW *-02.00.00 July 3, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery nextgen-gallery
66
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.59.8 3.59.9 July 3, 2026
news-list news-list
91
NewsTicker <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
Custom Block Builder – Lazy Blocks lazy-blocks
96
Custom Block Builder – Lazy Blocks <= 3.8.2 - Reflected Cross-Site Scripting LOW *-3.8.2 3.8.3 July 3, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets essential-addons-for-elementor-lite
85
Essential Addons for Elementor <= 6.0.14 - Reflected Cross-Site Scripting LOW *-6.0.14 6.0.15 July 3, 2026
contact-manager contact-manager
91
Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload LOW *-8.6.4 8.6.5 July 3, 2026
calendapp calendapp
91
CalendApp <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 3, 2026
shopsite-plugin shopsite-plugin N/A ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5.10 1.5.11 July 3, 2026
skt-blocks skt-blocks N/A SKT Blocks – Gutenberg based Page Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7 1.8 July 3, 2026
dsgvo-all-in-one-for-wp dsgvo-all-in-one-for-wp
93
DSGVO All in one for WP <= 4.6 - Cross-Site Request Forgery to Account Deletion LOW *-4.6 4.7 July 3, 2026
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More wpforms-lite
70
WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter LOW *-1.9.3.1 1.9.3.2 July 3, 2026
zmseo zmseo N/A ZMSEO <= 1.14.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.14.1 July 3, 2026
wpsyncsheets-woocommerce wpsyncsheets-woocommerce N/A Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets <= 1.8.2 - Missing Authorization LOW *-1.8.2 1.9 July 3, 2026
wpdoodlez wpdoodlez N/A WP doodlez <= 1.0.10 - Unauthenticated Stored Cross-Site Scripting LOW *-1.0.10 July 3, 2026
LOW

dethemekit-for-elementor

dethemekit-for-elementor

Score: 89/100 DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure Affected: *-2.1.8 Patched: 2.1.9 Updated: July 3, 2026
LOW

dethemekit-for-elementor

dethemekit-for-elementor

Score: 89/100 DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via De Gallery Widget Affected: *-2.1.8 Patched: 2.1.9 Updated: July 3, 2026
LOW

brizy

brizy

Score: 93/100 Brizy – Page Builder <= 2.6.4 - Authenticated (Contributor+) Arbitrary File Upload via storeUploads Affected: *-2.6.4 Patched: 2.6.5 Updated: July 3, 2026
LOW

usc-e-shop

usc-e-shop

Score: N/A Welcart e-Commerce <= 2.11.9 - Unauthenticated Stored Cross-Site Scripting via name Parameter Affected: *-2.11.9 Patched: 2.11.10 Updated: July 3, 2026
LOW

small-package-quotes-purolator-edition

small-package-quotes-purolator-edition

Score: N/A Small Package Quotes – Purolator Edition <= 3.6.4 - Unauthenticated SQL Injection Affected: *-3.6.4 Patched: 3.6.5 Updated: July 3, 2026
LOW

ltl-freight-quotes-unishippers-edition

ltl-freight-quotes-unishippers-edition

Score: 93/100 LTL Freight Quotes – Unishippers Edition <= 2.5.8 - Unauthenticated SQL Injection Affected: *-2.5.8 Patched: 2.5.9 Updated: July 3, 2026
LOW

wp-abstracts-manuscripts-manager

wp-abstracts-manuscripts-manager

Score: N/A WP Abstracts <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion Affected: *-2.7.3 Patched: 2.7.4 Updated: July 3, 2026
LOW

book-a-room

book-a-room

Score: 91/100 Book a Room <= 2.9 - Cross-Site Request Forgery to Settings Update Affected: *-2.9 Patched: Updated: July 3, 2026
LOW

shipengine-shipping-quotes

shipengine-shipping-quotes

Score: N/A ShipEngine Shipping Quotes <= 1.0.7 - Unauthenticated SQL Injection Affected: *-1.0.7 Patched: 1.0.8 Updated: July 3, 2026
LOW

ebook-downloader

ebook-downloader

Score: 87/100 Ebook Downloader <= 1.0 - Unauthenticated SQL Injection Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

rise-blocks

rise-blocks

Score: N/A Rise Blocks – A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter Affected: *-3.6 Patched: 3.7 Updated: July 3, 2026
LOW

fusedesk

fusedesk

Score: 91/100 FuseDesk <= 6.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.6.1 Patched: 6.7 Updated: July 3, 2026
LOW

ltl-freight-quotes-worldwide-express-edition

ltl-freight-quotes-worldwide-express-edition

Score: 93/100 LTL Freight Quotes - Worldwide Express Edition <= 5.0.20 - Unauthenticated SQL Injection Affected: *-5.0.20 Patched: 5.0.21 Updated: July 3, 2026
LOW

WP Extended – The Ultimate WordPress Toolkit

wpextended

Score: N/A The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation Affected: *-3.0.13 Patched: 3.0.14 Updated: July 3, 2026
LOW

wpsyncsheets-wpforms

wpsyncsheets-wpforms

Score: N/A WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset Affected: *-1.6 Patched: 1.6.1 Updated: July 3, 2026
LOW

wp-ultimate-exporter

wp-ultimate-exporter

Score: N/A Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory Affected: *-2.9.3 Patched: 2.10 Updated: July 3, 2026
LOW

wp-table-manager

wp-table-manager

Score: N/A WP Table Manager <= 4.1.3 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name Disclosure Affected: *-4.1.3 Patched: 4.1.4 Updated: July 3, 2026
LOW

wp-job-board-pro

wp-job-board-pro

Score: N/A WP Job Board Pro < 1.2.85 - Unauthenticated Privilege Escalation via process_register Affected: [*, 1.2.85) Patched: 1.2.85 Updated: July 3, 2026
LOW

woo-pricing-table

woo-pricing-table

Score: N/A WooCommerce Pricing – Product Pricing <= 1.0.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.1.0 Updated: July 3, 2026
LOW

widget-options

widget-options

Score: N/A Widget Options <= 4.1.0 - Authenticated (Contributor+) Remote Code Execution Affected: *-4.1.0 Patched: 4.1.1 Updated: July 3, 2026
LOW

stklcode-liveticker

stklcode-liveticker

Score: N/A Liveticker (by stklcode) <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: 1.2.3 Updated: July 3, 2026
LOW

stafflist

stafflist

Score: N/A StaffList <= 3.2.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-3.2.3 Patched: 3.2.4 Updated: July 3, 2026
LOW

small-package-quotes-ups-edition

small-package-quotes-ups-edition

Score: N/A Small Package Quotes – UPS Edition <= 4.5.16 - Unauthenticated SQL Injection Affected: *-4.5.16 Patched: 4.5.17 Updated: July 3, 2026
LOW

simple-google-icalendar-widget

simple-google-icalendar-widget

Score: N/A Simple Google Calendar Outlook Events Block Widget <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.0 Patched: 2.6.0 Updated: July 3, 2026
LOW

rocket-wp-mobile

rocket-wp-mobile

Score: N/A Mobile Plugin <= 1.3.3 - Reflected Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 3, 2026
LOW

notif-bell

notif-bell

Score: 93/100 Notif Bell <= 0.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.9.8 Patched: 0.9.9 Updated: July 3, 2026
LOW

ngg-smart-image-search

ngg-smart-image-search

Score: 91/100 NGG Smart Image Search <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.1 Patched: 3.3.2 Updated: July 3, 2026
LOW

n-media-wp-simple-quiz

n-media-wp-simple-quiz

Score: 91/100 Easy Quiz Maker <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 3, 2026
LOW

marketing-automation

marketing-automation

Score: 93/100 Marketing Automation <= 1.2.6.8 - Reflected Cross-Site Scripting Affected: *-1.2.6.8 Patched: 1.2.6.9 Updated: July 3, 2026
LOW

majestic-support

majestic-support

Score: 93/100 Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-1.0.5 Patched: 1.0.6 Updated: July 3, 2026
LOW

majestic-support

majestic-support

Score: 93/100 Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-1.0.5 Patched: 1.0.6 Updated: July 3, 2026
LOW

ltl-freight-quotes-xpo-edition

ltl-freight-quotes-xpo-edition

Score: 93/100 LTL Freight Quotes – XPO Edition <= 4.3.7 - Unauthenticated SQL Injection Affected: *-4.3.7 Patched: 4.3.8 Updated: July 3, 2026
LOW

ltl-freight-quotes-fedex-freight-edition

ltl-freight-quotes-fedex-freight-edition

Score: 93/100 LTL Freight Quotes – For Customers of FedEx Freight <= 3.4.1 - Unauthenticated SQL Injection Affected: *-3.4.1 Patched: 3.4.2 Updated: July 3, 2026
LOW

inet-webkit

inet-webkit

Score: 91/100 iNET Webkit <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: 1.2.3 Updated: July 3, 2026
LOW

houzez-property-feed

houzez-property-feed

Score: 93/100 Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion Affected: *-2.4.21 Patched: 2.4.22 Updated: July 3, 2026
LOW

gs-woo-brands

gs-woo-brands

Score: 93/100 Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.3.3 Updated: July 3, 2026
LOW

global-gallery

global-gallery

Score: 91/100 Global Gallery - WordPress Responsive Gallery <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-9.1.5 Patched: 9.1.6 Updated: July 3, 2026
LOW

filled-in

filled-in

Score: 93/100 Filled In <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.9.2 Patched: 1.9.3 Updated: July 3, 2026
LOW

emails-verification-for-woocommerce

emails-verification-for-woocommerce

Score: 93/100 Customer Email Verification for WooCommerce <= 2.9.5 - Authentication Bypass via Shortcode Affected: *-2.9.5 Patched: 2.9.6 Updated: July 3, 2026
LOW

easy-booked

easy-booked

Score: 93/100 Easy Booked – Appointment Booking and Scheduling Management System for WordPress <= 2.4.5 - Cross-Site Request Forgery Affected: *-2.4.5 Patched: 2.4.6 Updated: July 3, 2026
LOW

convertplug

convertplug

Score: 93/100 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update Affected: *-3.5.30 Patched: 3.5.31 Updated: July 3, 2026
LOW

cm-map-locations

cm-map-locations

Score: 93/100 CM Map Locations <= 2.0.8 - Reflected Cross-Site Scripting Affected: *-2.0.8 Patched: 2.0.9 Updated: July 3, 2026
LOW

Booking Calendar

booking

Score: 71/100 WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation Affected: *-10.10 Patched: 10.10.1 Updated: July 3, 2026
LOW

apus-framework

apus-framework

Score: 97/100 Apus Framework <= 2.4 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options Affected: *-2.4 Patched: 2.5 Updated: July 3, 2026
LOW

all-images-ai

all-images-ai

Score: 97/100 All-Images.ai – IA Image Bank and Custom Image creation <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.0.4 Patched: 1.0.5 Updated: July 3, 2026
LOW

aforms-eats

aforms-eats

Score: 97/100 AForms Eats <= 1.3.1 - Unauthenticated Full Path Disclosure Affected: *-1.3.1 Patched: 1.3.2 Updated: July 3, 2026
LOW

admire-extra

admire-extra

Score: 97/100 Admire Extra <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: 1.7 Updated: July 3, 2026
LOW

admin-site-enhancements

admin-site-enhancements

Score: 97/100 Admin and Site Enhancements (ASE) <= 7.6.9 - IP Spoofing to Limit Login Attempt Bypass Affected: *-7.6.9 Patched: 7.6.10 Updated: July 3, 2026
LOW

adirectory

adirectory

Score: 97/100 aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion Affected: *-2.3 Patched: 2.3.5 Updated: July 3, 2026
LOW

360-product-rotation

360-product-rotation

Score: 95/100 360 Product Rotation <= 1.5.8 - Reflected Cross-Site Scripting Affected: *-1.5.8 Patched: Updated: July 3, 2026
LOW

supersaas-appointment-scheduling

supersaas-appointment-scheduling

Score: N/A SuperSaaS – online appointment scheduling <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via after Parameter Affected: *-2.1.12 Patched: 2.1.13 Updated: July 3, 2026
LOW

wp-foodbakery

wp-foodbakery

Score: N/A WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload Affected: *-4.7 Patched: 4.8 Updated: July 3, 2026
LOW

wp-foodbakery

wp-foodbakery

Score: N/A WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation Affected: *-4.7 Patched: 4.8 Updated: July 3, 2026
LOW

wp-foodbakery

wp-foodbakery

Score: N/A WP Foodbakery <= 4.8 - Authentication Bypass in foodbakery_parse_request Affected: *-4.8 Patched: Updated: July 3, 2026
LOW

wp-foodbakery

wp-foodbakery

Score: N/A WP Foodbakery <= 4.8 - Reflected Cross-Site Scripting Affected: *-4.8 Patched: Updated: July 3, 2026
LOW

ht-mega-for-elementor

ht-mega-for-elementor

Score: 93/100 HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Affected: *-2.8.1 Patched: 2.8.2 Updated: July 3, 2026
LOW

simple-add-pages-or-posts

simple-add-pages-or-posts

Score: N/A Simple add pages or posts <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 3, 2026
LOW

wp-directorybox-manager

wp-directorybox-manager

Score: N/A WP Directorybox Manager <= 2.5 - Authentication Bypass Affected: *-2.5 Patched: Updated: July 3, 2026
LOW

superstorefinder-wp

superstorefinder-wp

Score: N/A Super Store Finder <= 7.0 - Unauthenticated SQL Injection to Stored Cross-Site Scripting Affected: *-7.0 Patched: 7.1 Updated: July 3, 2026
LOW

wp-all-export-pro

wp-all-export-pro

Score: N/A WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update Affected: *-1.9.1 Patched: 1.9.2 Updated: July 3, 2026
LOW

wp-all-export-pro

wp-all-export-pro

Score: N/A WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields Affected: *-1.9.1 Patched: 1.9.2 Updated: July 3, 2026
LOW

wp-all-import-pro

wp-all-import-pro

Score: N/A WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion Affected: *-4.9.7 Patched: 4.9.8 Updated: July 3, 2026
LOW

wp-all-import-pro

wp-all-import-pro

Score: N/A WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) PHP Object Injection via Import File Affected: *-4.9.7 Patched: 4.9.8 Updated: July 3, 2026
LOW

form-maker

form-maker

Score: 93/100 Form Maker by 10Web <= 1.15.32 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.15.32 Patched: 1.15.33 Updated: July 3, 2026
LOW

builder-shortcode-extras

builder-shortcode-extras

Score: 91/100 Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticated (Contributor+) Post Disclosure Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

nextend-social-login-pro

nextend-social-login-pro

Score: 93/100 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider Affected: *-3.1.16 Patched: 3.1.17 Updated: July 3, 2026
LOW

post-and-page-builder

post-and-page-builder

Score: N/A Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function Affected: *-1.27.6 Patched: 1.27.7 Updated: July 3, 2026
LOW

woo-multi-currency

woo-multi-currency

Score: N/A CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function Affected: *-2.2.5 Patched: 2.2.6 Updated: July 3, 2026
LOW

wp-base-booking-of-appointments-services-and-events

wp-base-booking-of-appointments-services-and-events

Score: N/A WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Reflected Cross-Site Scripting Affected: *-4.9.2 Patched: 5.0.0 Updated: July 3, 2026
LOW

woo-cart-count-shortcode

woo-cart-count-shortcode

Score: N/A WooCommerce Cart Count Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: 1.1.0 Updated: July 3, 2026
LOW

tripetto

tripetto

Score: N/A WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure Affected: *-8.0.8 Patched: 8.0.9 Updated: July 3, 2026
LOW

wpmovielibrary

wpmovielibrary

Score: N/A WPMovieLibrary <= 2.1.4.8 - Reflected Cross-Site Scripting Affected: *-2.1.4.8 Patched: Updated: July 3, 2026
LOW

wp-pricing-table

wp-pricing-table

Score: N/A WP Pricing Table <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

wp-extra-fields

wp-extra-fields

Score: N/A WP Extra Fields <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

wordpress-activity-o-meter

wordpress-activity-o-meter

Score: N/A WordPress Activity-o-meter <= 1 - Reflected Cross-Site Scripting Affected: *-1 Patched: Updated: July 3, 2026
LOW

winterlock

winterlock

Score: N/A Cross-Site Request Forgery <= 1.2.4 - Cross-Site Request Forgery Affected: *-1.2.4 Patched: 1.2.5 Updated: July 3, 2026
LOW

spiritual-gifts-survey

spiritual-gifts-survey

Score: N/A Spiritual Gifts Survey <= 0.9.10 - Reflected Cross-Site Scripting Affected: *-0.9.10 Patched: Updated: July 3, 2026
LOW

spiritual-gifts-survey

spiritual-gifts-survey

Score: N/A Spiritual Gifts Survey <= 0.9.10 - Reflected Cross-Site Scripting Affected: *-0.9.10 Patched: Updated: July 3, 2026
LOW

simple-certain-time-to-show-content

simple-certain-time-to-show-content

Score: N/A Simple Certain Time to Show Content <= 1.2.2 - Reflected Cross-Site Scripting Affected: *-1.2.2 Patched: 1.3.1 Updated: July 3, 2026
LOW

simple-catalogue

simple-catalogue

Score: N/A Simple catalogue <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

r3w-instafeed

r3w-instafeed

Score: N/A R3W InstaFeed <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

pushbiz

pushbiz

Score: N/A pushBIZ – Push Notification <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

post-sync

post-sync

Score: N/A Post Sync <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

om-stripe

om-stripe

Score: 91/100 Om Stripe <= 02.00.00 - Reflected Cross-Site Scripting Affected: *-02.00.00 Patched: Updated: July 3, 2026
LOW

news-list

news-list

Score: 91/100 NewsTicker <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

Custom Block Builder – Lazy Blocks

lazy-blocks

Score: 96/100 Custom Block Builder – Lazy Blocks <= 3.8.2 - Reflected Cross-Site Scripting Affected: *-3.8.2 Patched: 3.8.3 Updated: July 3, 2026
LOW

contact-manager

contact-manager

Score: 91/100 Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload Affected: *-8.6.4 Patched: 8.6.5 Updated: July 3, 2026
LOW

calendapp

calendapp

Score: 91/100 CalendApp <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

shopsite-plugin

shopsite-plugin

Score: N/A ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5.10 Patched: 1.5.11 Updated: July 3, 2026
LOW

skt-blocks

skt-blocks

Score: N/A SKT Blocks – Gutenberg based Page Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: 1.8 Updated: July 3, 2026
LOW

dsgvo-all-in-one-for-wp

dsgvo-all-in-one-for-wp

Score: 93/100 DSGVO All in one for WP <= 4.6 - Cross-Site Request Forgery to Account Deletion Affected: *-4.6 Patched: 4.7 Updated: July 3, 2026
LOW

zmseo

zmseo

Score: N/A ZMSEO <= 1.14.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.14.1 Patched: Updated: July 3, 2026
LOW

wpsyncsheets-woocommerce

wpsyncsheets-woocommerce

Score: N/A Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets <= 1.8.2 - Missing Authorization Affected: *-1.8.2 Patched: 1.9 Updated: July 3, 2026
LOW

wpdoodlez

wpdoodlez

Score: N/A WP doodlez <= 1.0.10 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.10 Patched: Updated: July 3, 2026

Showing 12201 to 12300 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 14:32 UTC.