Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

96

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
wp-spell-check wp-spell-check N/A WP Spell Check <= 9.21 - Cross-Site Request Forgery LOW *-9.21 9.22 July 3, 2026
wp-social-stream wp-social-stream N/A WP Social Stream <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 3, 2026
wp-simpleweather wp-simpleweather N/A WP SimpleWeather <= 0.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.2.5 July 3, 2026
wp-keyword-monitor wp-keyword-monitor N/A WP Keyword Monitor <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.5 July 3, 2026
wp-custom-post-rss-feed wp-custom-post-rss-feed N/A WP Custom Post RSS Feed <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 3, 2026
wp-admin-custom-page wp-admin-custom-page N/A WP Admin Custom Page <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5.0 July 3, 2026
wizshop wizshop N/A WizShop <= 3.0.2 - Unauthenticated Local File Inclusion LOW *-3.0.2 July 3, 2026
wedevs-project-manager wedevs-project-manager N/A WP Project Manager <= 2.6.22 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.6.22 2.6.23 July 3, 2026
vr-frases vr-frases N/A VR-Frases <= 4.0.1 - Reflected Cross-Site Scripting LOW *-4.0.1 4.0.2 July 3, 2026
VikBooking Hotel Booking Engine & PMS vikbooking
95
VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Settings Update LOW *-1.7.2 1.7.3 July 3, 2026
vignete-ads vignete-ads N/A Vignette Ads <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.2 July 3, 2026
vayu-blocks vayu-blocks N/A Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.7 July 3, 2026
upcasted-s3-offload upcasted-s3-offload N/A Upcasted S3 Offload – AWS S3, Digital Ocean Spaces, Backblaze, Minio and more <= 3.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-3.0.3 3.0.4 July 3, 2026
unusedcss unusedcss N/A RapidLoad <= 2.4.4 - Missing Authorization LOW *-2.4.4 2.4.5 July 3, 2026
ulisting ulisting N/A uListing <= 2.1.6 - Unauthenticated SQL Injection LOW *-2.1.6 2.1.7 July 3, 2026
ulisting ulisting N/A uListing <= 2.1.6 - Authenticated (Contributor+) SQL Injection LOW *-2.1.6 2.1.7 July 3, 2026
uix-shortcodes uix-shortcodes N/A Uix Shortcodes <= 2.0.3 - Unauthenticated Arbitrary Shortcode Execution LOW *-2.0.3 2.0.4 July 3, 2026
totalcontest-lite totalcontest-lite N/A Total Contest Lite <= 2.8.1 - Reflected Cross-Site Scripting LOW *-2.8.1 2.9.0 July 3, 2026
themeisle-companion themeisle-companion N/A Orbit Fox by ThemeIsle <= 2.10.44 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.10.44 2.10.45 July 3, 2026
theme-options-z theme-options-z N/A Theme Options Z <= 1.4 - Cross-Site Request Forgery LOW *-1.4 July 3, 2026
theasys theasys N/A Theasys <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.1 July 3, 2026
survey-maker survey-maker N/A Survey Maker <= 5.1.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.1.3.5 5.1.3.6 July 3, 2026
stylish-google-sheet-reader stylish-google-sheet-reader N/A Stylish Google Sheet Reader <= 4.0 - Reflected Cross-Site Scripting LOW *-4.0 4.1 July 3, 2026
style-tweaker style-tweaker N/A Style Tweaker <= 0.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.11 July 3, 2026
starter-templates starter-templates N/A Starter Templates by FancyWP <= 2.0.0 - Cross-Site Request Forgery to Arbitrary Plugin Installation LOW *-2.0.0 July 3, 2026
songkick-concerts-and-festivals songkick-concerts-and-festivals N/A Songkick Concerts and Festivals <= 0.9.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.9.7 0.10.0 July 3, 2026
smartarget-contact-us smartarget-contact-us N/A Smartarget – Get 40% more sales, improve user engagement with 25+ free apps. <= 1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.4 July 3, 2026
smart-dofollow smart-dofollow N/A Smart DoFollow <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.2 July 3, 2026
smart-countdown-fx smart-countdown-fx N/A Smart Countdown FX <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.5 July 3, 2026
slide-banners slide-banners N/A Slide Banners <= 1.3 - Missing Authorization LOW *-1.3 July 3, 2026
simple-user-profile simple-user-profile N/A Simple User Profile <= 1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.9 July 3, 2026
simple-select-all-text-box simple-select-all-text-box N/A Simple Select All Text Box <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2 July 3, 2026
simple-auto-tag simple-auto-tag N/A Simple Auto Tag <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 3, 2026
show-notice-or-message-on-admin-area show-notice-or-message-on-admin-area N/A Show notice or message on admin area <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0 July 3, 2026
sendpulse-email-marketing-newsletter sendpulse-email-marketing-newsletter N/A SendPulse Email Marketing Newsletter <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.5 2.1.6 July 3, 2026
rss-in-page rss-in-page N/A RSS in Page <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.1 July 3, 2026
reverbnation-widgets reverbnation-widgets N/A ReverbNation Widgets <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1 July 3, 2026
real-estate-manager real-estate-manager N/A Real Estate Manager – Property Listing and Agent Management <= 7.3 - CAPTCHA Bypass LOW *-7.3 July 3, 2026
read-more-copy-link read-more-copy-link N/A Read More Copy Link <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.2 July 3, 2026
quote-comments quote-comments N/A Quote Comments <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.0.0 July 3, 2026
qi-addons-for-elementor qi-addons-for-elementor N/A Qi Addons For Elementor <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.7 1.8.8 July 3, 2026
product-table-for-woocommerce product-table-for-woocommerce N/A Product Table For WooCommerce <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.3 1.2.4 July 3, 2026
product-blocks-for-woocommerce product-blocks-for-woocommerce N/A Product Blocks for WooCommerce <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.1 2.0 July 3, 2026
ppv-live-webcams ppv-live-webcams N/A Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.2.16 - Unauthenticated Arbitrary File Deletion LOW *-7.2.16 7.3.1 July 3, 2026
popup-seo-optimized popup-seo-optimized N/A Pop Up <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-0.1 July 3, 2026
paytm-donation paytm-donation N/A Paytm Payment Donation <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.3.3 July 3, 2026
payment-forms-for-paystack payment-forms-for-paystack N/A Payment Forms for Paystack <= 4.0.1 - Authenticated (Administrator+) SQL Injection LOW *-4.0.1 4.0.2 July 3, 2026
optimate-ads optimate-ads
89
Optimate Ads – Advance Ad Inserter AdSense & Ad Manager <= 1.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.3 July 3, 2026
optimate-ads optimate-ads
89
Optimate Ads <= 1.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.3 July 3, 2026
ops-robots-txt ops-robots-txt
93
On Page SEO + Whatsapp Chat Button <= 2.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.0 2.0.1 July 3, 2026
onestore-sites onestore-sites
89
OneStore Sites <= 0.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation LOW *-0.1.1 July 3, 2026
nopeamedia nopeamedia
93
Print PDF Generator and Publisher <= 1.2.0 - Cross-Site Request Forgery LOW *-1.2.0 1.2.1 July 3, 2026
nextgen-cooliris-gallery nextgen-cooliris-gallery
91
NextGen Cooliris Gallery <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.7 July 3, 2026
music-press-pro music-press-pro
89
Music Press Pro <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.6 July 3, 2026
munk-sites munk-sites
91
Munk Sites <= 1.0.7 - Cross-Site Request Forgery to Arbitrary Plugin Installation LOW *-1.0.7 July 3, 2026
medical-addon-for-elementor medical-addon-for-elementor
91
Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode LOW *-1.6.2 1.6.3 July 3, 2026
logo-slider-wp logo-slider-wp
89
Logo Slider <= 4.5.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.5.0 4.6.0 July 3, 2026
login-box login-box
91
Login-box <= 2.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.4 July 3, 2026
listings-for-appfolio listings-for-appfolio
93
Listings for Appfolio <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.0 1.2.1 July 3, 2026
links-in-captions links-in-captions
91
Links in Captions <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2 July 3, 2026
link-to-url-post link-to-url-post
91
Link to URL / Post <= 1.3 - Authenticated (Administrator+) SQL Injection LOW *-1.3 July 3, 2026
kona-instagram-feed-for-gutenberg kona-instagram-feed-for-gutenberg
89
Kona Gallery Block <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7 July 3, 2026
kikfyre-events-calendar-tickets kikfyre-events-calendar-tickets
91
Event Kikfyre <= 2.1.8 - Missing Authorization LOW *-2.1.8 July 3, 2026
js-support-ticket js-support-ticket
93
JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference LOW *-2.8.8 2.8.9 July 3, 2026
job-board-manager job-board-manager
83
Job Board Manager <= 2.1.60 - Reflected Cross-Site Scripting LOW *-2.1.60 July 3, 2026
inlocation inlocation
91
InLocation <= 1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.8 July 3, 2026
infusionsoft-web-tracker infusionsoft-web-tracker
91
Infusionsoft Analytics <= 2.0 - Cross-Site Request Forgery LOW *-2.0 July 3, 2026
indeed-api indeed-api
91
Indeed API <= 0.5 - Cross-Site Request Forgery to Settings Update LOW *-0.5 July 3, 2026
include-mastodon-feed include-mastodon-feed
93
Include Mastodon Feed <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.9 1.9.10 July 3, 2026
ht-mega-for-elementor ht-mega-for-elementor
93
HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css LOW *-2.7.6 2.7.7 July 3, 2026
graceful-email-obfuscation graceful-email-obfuscation
91
Graceful Email Obfuscation <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.2.2 July 3, 2026
google-earth-tours google-earth-tours
91
Google Earth Embed <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
good-url-preview-box good-url-preview-box
91
URL-Preview-Box <= 1.20 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.20 July 3, 2026
globalquran globalquran
91
GlobalQuran <= 1.0 - Cross-Site Request Forgery to Settings Update LOW *-1.0 July 3, 2026
gallery-for-ultimate-member gallery-for-ultimate-member
91
Video & Photo Gallery for Ultimate Member <= 1.1.2 - Authenticated (Subscriber+) Server-Side Request Forgery LOW *-1.1.2 1.1.3 July 3, 2026
fyrebox-shortcode fyrebox-shortcode
89
Fyrebox Quizzes <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.0 July 3, 2026
form-maker form-maker
93
Form Maker by 10Web <= 1.15.32 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.15.32 1.15.33 July 3, 2026
fm-notification-bar fm-notification-bar
91
FM Notification Bar <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.2 July 3, 2026
flexidx-home-search flexidx-home-search
91
FlexIDX Home Search <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.2 July 3, 2026
fb-status-updater fb-status-updater
91
Status Updater <= 1.9.2 - Reflected Cross-Site Scripting LOW *-1.9.2 July 3, 2026
facilita-form-tracker facilita-form-tracker
91
Facilita Form Tracker <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
external-video-for-everybody external-video-for-everybody
91
External Video For Everybody <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.1 July 3, 2026
eventer eventer
89
Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download LOW *-3.9.9.5 3.9.9.5.1 July 3, 2026
eventer eventer
89
Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.9.9.4 3.9.9.5 July 3, 2026
eventer eventer
89
Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export LOW *-3.9.9 3.9.9.1 July 3, 2026
embed-rss embed-rss
91
Embed RSS <= 3.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution LOW *-3.1 July 3, 2026
easy-wp-tiles easy-wp-tiles
91
Easy WP Tiles <= 1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1 July 3, 2026
easy-related-posts easy-related-posts
91
Easy Related Posts <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.2 July 3, 2026
easy-chart-builder easy-chart-builder
91
Easy Chart Builder for WordPress <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 July 3, 2026
ean-for-woocommerce ean-for-woocommerce
93
EAN for WooCommerce <= 5.3.5 - Missing Authorization LOW *-5.3.5 5.4.0 July 3, 2026
dynamicconditions dynamicconditions
93
Dynamic Conditions <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.4 1.7.5 July 3, 2026
dynamic-url-seo dynamic-url-seo
93
Dynamic URL SEO <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 1.2 July 3, 2026
distance-rate-shipping-for-woocommerce distance-rate-shipping-for-woocommerce
91
Distance Rate Shipping For WooCommerce <= 1.3.4 - Authenticated (Subscriber+) SQL Injection LOW *-1.3.4 July 3, 2026
disable-elementor-editor-translation disable-elementor-editor-translation
93
Disable Elementor Editor Translation <= 1.0.2 - Missing Authorization LOW *-1.0.2 1.0.3 July 3, 2026
cwd-stealth-links cwd-stealth-links
91
CWD – Stealth Links <= 1.3 - Unauthenticated SQL Injection LOW *-1.3 July 3, 2026
customize-wpadmin customize-wpadmin
91
Custom Links On Admin Dashboard Toolbar <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.3 July 3, 2026
custom-comment-notifications custom-comment-notifications
91
Custom Comment Notifications <= 1.0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.8 July 3, 2026
cookie-monster cookie-monster
91
Cookie Monster <= 1.2.2 - Unauthenticated Local File Inclusion LOW *-1.2.2 July 3, 2026
cm-email-blacklist cm-email-blacklist
93
CM E-Mail Blacklist – Simple email filtering for safer registration <= 1.5.5 - Reflected Cross-Site Scripting LOW *-1.5.5 1.5.6 July 3, 2026
child-themes-helper child-themes-helper
91
Child Themes Helper <= 2.2.7 - Cross-Site Request Forgery to Arbitrary File Deletion LOW *-2.2.7 July 3, 2026
LOW

wp-spell-check

wp-spell-check

Score: N/A WP Spell Check <= 9.21 - Cross-Site Request Forgery Affected: *-9.21 Patched: 9.22 Updated: July 3, 2026
LOW

wp-social-stream

wp-social-stream

Score: N/A WP Social Stream <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

wp-simpleweather

wp-simpleweather

Score: N/A WP SimpleWeather <= 0.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2.5 Patched: Updated: July 3, 2026
LOW

wp-keyword-monitor

wp-keyword-monitor

Score: N/A WP Keyword Monitor <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 3, 2026
LOW

wp-custom-post-rss-feed

wp-custom-post-rss-feed

Score: N/A WP Custom Post RSS Feed <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

wp-admin-custom-page

wp-admin-custom-page

Score: N/A WP Admin Custom Page <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5.0 Patched: Updated: July 3, 2026
LOW

wizshop

wizshop

Score: N/A WizShop <= 3.0.2 - Unauthenticated Local File Inclusion Affected: *-3.0.2 Patched: Updated: July 3, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.22 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.6.22 Patched: 2.6.23 Updated: July 3, 2026
LOW

vr-frases

vr-frases

Score: N/A VR-Frases <= 4.0.1 - Reflected Cross-Site Scripting Affected: *-4.0.1 Patched: 4.0.2 Updated: July 3, 2026
LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.7.2 Patched: 1.7.3 Updated: July 3, 2026
LOW

vignete-ads

vignete-ads

Score: N/A Vignette Ads <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.2 Patched: Updated: July 3, 2026
LOW

vayu-blocks

vayu-blocks

Score: N/A Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.7 Patched: Updated: July 3, 2026
LOW

upcasted-s3-offload

upcasted-s3-offload

Score: N/A Upcasted S3 Offload – AWS S3, Digital Ocean Spaces, Backblaze, Minio and more <= 3.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.0.3 Patched: 3.0.4 Updated: July 3, 2026
LOW

unusedcss

unusedcss

Score: N/A RapidLoad <= 2.4.4 - Missing Authorization Affected: *-2.4.4 Patched: 2.4.5 Updated: July 3, 2026
LOW

ulisting

ulisting

Score: N/A uListing <= 2.1.6 - Unauthenticated SQL Injection Affected: *-2.1.6 Patched: 2.1.7 Updated: July 3, 2026
LOW

ulisting

ulisting

Score: N/A uListing <= 2.1.6 - Authenticated (Contributor+) SQL Injection Affected: *-2.1.6 Patched: 2.1.7 Updated: July 3, 2026
LOW

uix-shortcodes

uix-shortcodes

Score: N/A Uix Shortcodes <= 2.0.3 - Unauthenticated Arbitrary Shortcode Execution Affected: *-2.0.3 Patched: 2.0.4 Updated: July 3, 2026
LOW

totalcontest-lite

totalcontest-lite

Score: N/A Total Contest Lite <= 2.8.1 - Reflected Cross-Site Scripting Affected: *-2.8.1 Patched: 2.9.0 Updated: July 3, 2026
LOW

themeisle-companion

themeisle-companion

Score: N/A Orbit Fox by ThemeIsle <= 2.10.44 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.10.44 Patched: 2.10.45 Updated: July 3, 2026
LOW

theme-options-z

theme-options-z

Score: N/A Theme Options Z <= 1.4 - Cross-Site Request Forgery Affected: *-1.4 Patched: Updated: July 3, 2026
LOW

theasys

theasys

Score: N/A Theasys <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

survey-maker

survey-maker

Score: N/A Survey Maker <= 5.1.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.1.3.5 Patched: 5.1.3.6 Updated: July 3, 2026
LOW

stylish-google-sheet-reader

stylish-google-sheet-reader

Score: N/A Stylish Google Sheet Reader <= 4.0 - Reflected Cross-Site Scripting Affected: *-4.0 Patched: 4.1 Updated: July 3, 2026
LOW

style-tweaker

style-tweaker

Score: N/A Style Tweaker <= 0.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.11 Patched: Updated: July 3, 2026
LOW

starter-templates

starter-templates

Score: N/A Starter Templates by FancyWP <= 2.0.0 - Cross-Site Request Forgery to Arbitrary Plugin Installation Affected: *-2.0.0 Patched: Updated: July 3, 2026
LOW

songkick-concerts-and-festivals

songkick-concerts-and-festivals

Score: N/A Songkick Concerts and Festivals <= 0.9.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.9.7 Patched: 0.10.0 Updated: July 3, 2026
LOW

smartarget-contact-us

smartarget-contact-us

Score: N/A Smartarget – Get 40% more sales, improve user engagement with 25+ free apps. <= 1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 3, 2026
LOW

smart-dofollow

smart-dofollow

Score: N/A Smart DoFollow <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

smart-countdown-fx

smart-countdown-fx

Score: N/A Smart Countdown FX <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.5 Patched: Updated: July 3, 2026
LOW

slide-banners

slide-banners

Score: N/A Slide Banners <= 1.3 - Missing Authorization Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

simple-user-profile

simple-user-profile

Score: N/A Simple User Profile <= 1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.9 Patched: Updated: July 3, 2026
LOW

simple-select-all-text-box

simple-select-all-text-box

Score: N/A Simple Select All Text Box <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2 Patched: Updated: July 3, 2026
LOW

simple-auto-tag

simple-auto-tag

Score: N/A Simple Auto Tag <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

show-notice-or-message-on-admin-area

show-notice-or-message-on-admin-area

Score: N/A Show notice or message on admin area <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 3, 2026
LOW

sendpulse-email-marketing-newsletter

sendpulse-email-marketing-newsletter

Score: N/A SendPulse Email Marketing Newsletter <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.5 Patched: 2.1.6 Updated: July 3, 2026
LOW

rss-in-page

rss-in-page

Score: N/A RSS in Page <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.1 Patched: Updated: July 3, 2026
LOW

reverbnation-widgets

reverbnation-widgets

Score: N/A ReverbNation Widgets <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 3, 2026
LOW

real-estate-manager

real-estate-manager

Score: N/A Real Estate Manager – Property Listing and Agent Management <= 7.3 - CAPTCHA Bypass Affected: *-7.3 Patched: Updated: July 3, 2026
LOW

read-more-copy-link

read-more-copy-link

Score: N/A Read More Copy Link <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

quote-comments

quote-comments

Score: N/A Quote Comments <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0.0 Patched: Updated: July 3, 2026
LOW

qi-addons-for-elementor

qi-addons-for-elementor

Score: N/A Qi Addons For Elementor <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.7 Patched: 1.8.8 Updated: July 3, 2026
LOW

product-table-for-woocommerce

product-table-for-woocommerce

Score: N/A Product Table For WooCommerce <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: July 3, 2026
LOW

product-blocks-for-woocommerce

product-blocks-for-woocommerce

Score: N/A Product Blocks for WooCommerce <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.1 Patched: 2.0 Updated: July 3, 2026
LOW

ppv-live-webcams

ppv-live-webcams

Score: N/A Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.2.16 - Unauthenticated Arbitrary File Deletion Affected: *-7.2.16 Patched: 7.3.1 Updated: July 3, 2026
LOW

popup-seo-optimized

popup-seo-optimized

Score: N/A Pop Up <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 3, 2026
LOW

paytm-donation

paytm-donation

Score: N/A Paytm Payment Donation <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.3 Patched: Updated: July 3, 2026
LOW

payment-forms-for-paystack

payment-forms-for-paystack

Score: N/A Payment Forms for Paystack <= 4.0.1 - Authenticated (Administrator+) SQL Injection Affected: *-4.0.1 Patched: 4.0.2 Updated: July 3, 2026
LOW

optimate-ads

optimate-ads

Score: 89/100 Optimate Ads – Advance Ad Inserter AdSense & Ad Manager <= 1.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 3, 2026
LOW

optimate-ads

optimate-ads

Score: 89/100 Optimate Ads <= 1.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 3, 2026
LOW

ops-robots-txt

ops-robots-txt

Score: 93/100 On Page SEO + Whatsapp Chat Button <= 2.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.0.1 Updated: July 3, 2026
LOW

onestore-sites

onestore-sites

Score: 89/100 OneStore Sites <= 0.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation Affected: *-0.1.1 Patched: Updated: July 3, 2026
LOW

nopeamedia

nopeamedia

Score: 93/100 Print PDF Generator and Publisher <= 1.2.0 - Cross-Site Request Forgery Affected: *-1.2.0 Patched: 1.2.1 Updated: July 3, 2026
LOW

nextgen-cooliris-gallery

nextgen-cooliris-gallery

Score: 91/100 NextGen Cooliris Gallery <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.7 Patched: Updated: July 3, 2026
LOW

music-press-pro

music-press-pro

Score: 89/100 Music Press Pro <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.6 Patched: Updated: July 3, 2026
LOW

munk-sites

munk-sites

Score: 91/100 Munk Sites <= 1.0.7 - Cross-Site Request Forgery to Arbitrary Plugin Installation Affected: *-1.0.7 Patched: Updated: July 3, 2026
LOW

medical-addon-for-elementor

medical-addon-for-elementor

Score: 91/100 Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode Affected: *-1.6.2 Patched: 1.6.3 Updated: July 3, 2026
LOW

logo-slider-wp

logo-slider-wp

Score: 89/100 Logo Slider <= 4.5.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.5.0 Patched: 4.6.0 Updated: July 3, 2026
LOW

login-box

login-box

Score: 91/100 Login-box <= 2.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.4 Patched: Updated: July 3, 2026
LOW

listings-for-appfolio

listings-for-appfolio

Score: 93/100 Listings for Appfolio <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.1 Updated: July 3, 2026
LOW

links-in-captions

links-in-captions

Score: 91/100 Links in Captions <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

link-to-url-post

link-to-url-post

Score: 91/100 Link to URL / Post <= 1.3 - Authenticated (Administrator+) SQL Injection Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

kona-instagram-feed-for-gutenberg

kona-instagram-feed-for-gutenberg

Score: 89/100 Kona Gallery Block <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 3, 2026
LOW

kikfyre-events-calendar-tickets

kikfyre-events-calendar-tickets

Score: 91/100 Event Kikfyre <= 2.1.8 - Missing Authorization Affected: *-2.1.8 Patched: Updated: July 3, 2026
LOW

js-support-ticket

js-support-ticket

Score: 93/100 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-2.8.8 Patched: 2.8.9 Updated: July 3, 2026
LOW

job-board-manager

job-board-manager

Score: 83/100 Job Board Manager <= 2.1.60 - Reflected Cross-Site Scripting Affected: *-2.1.60 Patched: Updated: July 3, 2026
LOW

inlocation

inlocation

Score: 91/100 InLocation <= 1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.8 Patched: Updated: July 3, 2026
LOW

infusionsoft-web-tracker

infusionsoft-web-tracker

Score: 91/100 Infusionsoft Analytics <= 2.0 - Cross-Site Request Forgery Affected: *-2.0 Patched: Updated: July 3, 2026
LOW

indeed-api

indeed-api

Score: 91/100 Indeed API <= 0.5 - Cross-Site Request Forgery to Settings Update Affected: *-0.5 Patched: Updated: July 3, 2026
LOW

include-mastodon-feed

include-mastodon-feed

Score: 93/100 Include Mastodon Feed <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.9 Patched: 1.9.10 Updated: July 3, 2026
LOW

ht-mega-for-elementor

ht-mega-for-elementor

Score: 93/100 HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css Affected: *-2.7.6 Patched: 2.7.7 Updated: July 3, 2026
LOW

graceful-email-obfuscation

graceful-email-obfuscation

Score: 91/100 Graceful Email Obfuscation <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2.2 Patched: Updated: July 3, 2026
LOW

google-earth-tours

google-earth-tours

Score: 91/100 Google Earth Embed <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

good-url-preview-box

good-url-preview-box

Score: 91/100 URL-Preview-Box <= 1.20 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.20 Patched: Updated: July 3, 2026
LOW

globalquran

globalquran

Score: 91/100 GlobalQuran <= 1.0 - Cross-Site Request Forgery to Settings Update Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

gallery-for-ultimate-member

gallery-for-ultimate-member

Score: 91/100 Video & Photo Gallery for Ultimate Member <= 1.1.2 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-1.1.2 Patched: 1.1.3 Updated: July 3, 2026
LOW

fyrebox-shortcode

fyrebox-shortcode

Score: 89/100 Fyrebox Quizzes <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 3, 2026
LOW

form-maker

form-maker

Score: 93/100 Form Maker by 10Web <= 1.15.32 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.15.32 Patched: 1.15.33 Updated: July 3, 2026
LOW

fm-notification-bar

fm-notification-bar

Score: 91/100 FM Notification Bar <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

flexidx-home-search

flexidx-home-search

Score: 91/100 FlexIDX Home Search <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.2 Patched: Updated: July 3, 2026
LOW

fb-status-updater

fb-status-updater

Score: 91/100 Status Updater <= 1.9.2 - Reflected Cross-Site Scripting Affected: *-1.9.2 Patched: Updated: July 3, 2026
LOW

facilita-form-tracker

facilita-form-tracker

Score: 91/100 Facilita Form Tracker <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

external-video-for-everybody

external-video-for-everybody

Score: 91/100 External Video For Everybody <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.1 Patched: Updated: July 3, 2026
LOW

eventer

eventer

Score: 89/100 Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download Affected: *-3.9.9.5 Patched: 3.9.9.5.1 Updated: July 3, 2026
LOW

eventer

eventer

Score: 89/100 Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.9.9.4 Patched: 3.9.9.5 Updated: July 3, 2026
LOW

eventer

eventer

Score: 89/100 Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export Affected: *-3.9.9 Patched: 3.9.9.1 Updated: July 3, 2026
LOW

embed-rss

embed-rss

Score: 91/100 Embed RSS <= 3.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-3.1 Patched: Updated: July 3, 2026
LOW

easy-wp-tiles

easy-wp-tiles

Score: 91/100 Easy WP Tiles <= 1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1 Patched: Updated: July 3, 2026
LOW

easy-related-posts

easy-related-posts

Score: 91/100 Easy Related Posts <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: July 3, 2026
LOW

easy-chart-builder

easy-chart-builder

Score: 91/100 Easy Chart Builder for WordPress <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

ean-for-woocommerce

ean-for-woocommerce

Score: 93/100 EAN for WooCommerce <= 5.3.5 - Missing Authorization Affected: *-5.3.5 Patched: 5.4.0 Updated: July 3, 2026
LOW

dynamicconditions

dynamicconditions

Score: 93/100 Dynamic Conditions <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.4 Patched: 1.7.5 Updated: July 3, 2026
LOW

dynamic-url-seo

dynamic-url-seo

Score: 93/100 Dynamic URL SEO <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: 1.2 Updated: July 3, 2026
LOW

distance-rate-shipping-for-woocommerce

distance-rate-shipping-for-woocommerce

Score: 91/100 Distance Rate Shipping For WooCommerce <= 1.3.4 - Authenticated (Subscriber+) SQL Injection Affected: *-1.3.4 Patched: Updated: July 3, 2026
LOW

disable-elementor-editor-translation

disable-elementor-editor-translation

Score: 93/100 Disable Elementor Editor Translation <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: 1.0.3 Updated: July 3, 2026
LOW

cwd-stealth-links

cwd-stealth-links

Score: 91/100 CWD – Stealth Links <= 1.3 - Unauthenticated SQL Injection Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

customize-wpadmin

customize-wpadmin

Score: 91/100 Custom Links On Admin Dashboard Toolbar <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.3 Patched: Updated: July 3, 2026
LOW

custom-comment-notifications

custom-comment-notifications

Score: 91/100 Custom Comment Notifications <= 1.0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.8 Patched: Updated: July 3, 2026
LOW

cookie-monster

cookie-monster

Score: 91/100 Cookie Monster <= 1.2.2 - Unauthenticated Local File Inclusion Affected: *-1.2.2 Patched: Updated: July 3, 2026
LOW

cm-email-blacklist

cm-email-blacklist

Score: 93/100 CM E-Mail Blacklist – Simple email filtering for safer registration <= 1.5.5 - Reflected Cross-Site Scripting Affected: *-1.5.5 Patched: 1.5.6 Updated: July 3, 2026
LOW

child-themes-helper

child-themes-helper

Score: 91/100 Child Themes Helper <= 2.2.7 - Cross-Site Request Forgery to Arbitrary File Deletion Affected: *-2.2.7 Patched: Updated: July 3, 2026

Showing 12301 to 12400 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 15:33 UTC.