Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

91

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
breaking-news-ticker breaking-news-ticker
91
Breaking News Ticker <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.4 July 3, 2026
boombox-theme-extensions boombox-theme-extensions
93
BoomBox Theme Extensions <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode LOW *-1.8.0 1.8.1 July 3, 2026
book-press book-press
89
BookPress – For Book Authors <= 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.7 July 3, 2026
blog-posts-and-category-for-elementor blog-posts-and-category-for-elementor
93
Blog, Posts and Category Filter for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.1 2.1.0 July 3, 2026
b-slider b-slider
93
B Slider- Gutenberg Slider Block for WP <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode LOW *-1.1.23 1.1.24 July 3, 2026
awesome-event-booking awesome-event-booking
93
Awesome Event Booking <= 2.7.2 - Missing Authorization LOW *-2.7.2 2.7.5 July 3, 2026
awesome-event-booking awesome-event-booking
93
Awesome Event Booking <= 2.7.5 - Cross-Site Request Forgery LOW *-2.7.5 2.8.0 July 3, 2026
auto-seo auto-seo
93
Auto SEO <= 2.5.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.5.6 2.6.6 July 3, 2026
athemes-addons-for-elementor-lite athemes-addons-for-elementor-lite
93
aThemes Addons for Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.8 1.0.9 July 3, 2026
appten-image-rotator appten-image-rotator
95
Image Rotator <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 3, 2026
appointment-buddy-online-appointment-booking-by-accrete appointment-buddy-online-appointment-booking-by-accrete
95
Appointment Buddy Widget <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 3, 2026
all-push-notification all-push-notification
92
All push notification for WP <= 1.5.3 - Unauthenticated Stored Cross-Site Scripting LOW *-1.5.3 July 3, 2026
all-in-one-performance-accelerator all-in-one-performance-accelerator
95
AIO Performance Profiler, Monitor, Optimize, Compress & Debug <= 1.2 - Missing Authorization LOW *-1.2 1.3 July 3, 2026
alert-box-block alert-box-block
97
Alert Box Block – Display notice/alerts in the front end <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 1.1.1 July 3, 2026
admin-site-enhancements-pro admin-site-enhancements-pro
97
Admin and Site Enhancements (ASE) Pro <= 7.6.2.1 - Authenticated (Subscriber+) Privilege Escalation LOW *-7.6.2.1 7.6.3 July 3, 2026
admin-site-enhancements admin-site-enhancements
97
Admin and Site Enhancements (ASE) Pro <= 7.6.2.1 - Authenticated (Subscriber+) Privilege Escalation LOW *-7.6.2.1 7.6.3 July 3, 2026
ad-inserter-pro ad-inserter-pro
97
Ad Inserter Pro <= 2.7.39 - Reflected Cross-Site Scripting LOW *-2.7.39 2.8.0 July 3, 2026
yahoo-boss yahoo-boss N/A Yahoo BOSS <= 0.7 - Reflected Cross-Site Scripting LOW *-0.7 July 3, 2026
wpoptin wpoptin N/A Top Bar – PopUps – by WPOptin <= 2.0.8 - Unauthenticated Stored Cross-Site Scripting LOW *-2.0.8 July 3, 2026
wp-less-compiler wp-less-compiler N/A WP Less Compiler <= 1.3.0 - Unauthenticated Stored Cross-Site Scripting LOW *-1.3.0 July 3, 2026
wp-frontend-submit wp-frontend-submit N/A WP Frontend Submit <= 1.1.0 - Reflected Cross-Site Scripting LOW *-1.1.0 July 3, 2026
wp-find-your-nearest wp-find-your-nearest N/A WP Find Your Nearest <= 0.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.3.1 July 3, 2026
wp-church-center wp-church-center N/A WP Church Center <= 1.3.3 - Reflected Cross-Site Scripting LOW *-1.3.3 July 3, 2026
woo-oscommerce-sync woo-oscommerce-sync N/A Woocommerce osCommerce Sync <= 2.0.20 - Unauthenticated Stored Cross-Site Scripting LOW *-2.0.20 July 3, 2026
visitors-details visitors-details N/A Visitor Details <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting LOW *-1.0.1 July 3, 2026
user-roles user-roles N/A User Role <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
unitimetable unitimetable N/A UniTimetable <= 1.1 - Unauthenticated Stored Cross-Site Scripting LOW *-1.1 July 3, 2026
uncomplicated-seo uncomplicated-seo N/A Uncomplicated SEO <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 3, 2026
staff-directory-pro staff-directory-pro N/A Staff Directory Plugin: Company Directory <= 4.3 - Unauthenticated Stored Cross-Site Scripting LOW *-4.3 July 3, 2026
sports-rankings-lists sports-rankings-lists N/A Sports Rankings and Lists <= 1.0.2 - Unauthenticated Arbitrary File Download LOW *-1.0.2 July 3, 2026
social-links social-links N/A Social Links <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2 July 3, 2026
social-links social-links N/A Social Links <= 1.0.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.11 July 3, 2026
shalom-world-media-gallery shalom-world-media-gallery N/A SW Plus <= 2.1 - Reflected Cross-Site Scripting LOW *-2.1 July 3, 2026
seekxl-snapr seekxl-snapr N/A seekXL Snapr <= 2.0.6 - Reflected Cross-Site Scripting LOW *-2.0.6 July 3, 2026
rj-quickcharts rj-quickcharts N/A RJ Quickcharts <= 0.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-0.6.1 July 3, 2026
migrate-post migrate-post
91
Migrate Posts <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 3, 2026
meta-accelerator meta-accelerator
91
Meta Accelerator <= 1.0.4 - Reflected Cross-Site Scripting LOW *-1.0.4 July 3, 2026
like-dislike-plus-counter like-dislike-plus-counter
91
Like dislike plus counter | Like Dislike Buttons <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
js-vehicle-manager js-vehicle-manager
91
WP Vehicle Manager <= 3.1 - Unauthenticated Local File Inclusion LOW *-3.1 July 3, 2026
implied-cookie-consent implied-cookie-consent
91
Implied Cookie Consent <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 3, 2026
images-optimizer images-optimizer
91
Plugin A/B Image Optimizer <= 3.3 - Authenticated (Subscriber+) Arbitrary File Download LOW *-3.3 July 3, 2026
fami-sales-popup fami-sales-popup
91
Fami Sales Popup <= 2.0.0 - Unauthenticated Local File Inclusion LOW *-2.0.0 July 3, 2026
ep4-more-embeds ep4-more-embeds
91
EP4 More Embeds <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting LOW *-1.0.0 July 3, 2026
dreamstime-stock-photos dreamstime-stock-photos
93
Dreamstime Stock Photos <= 4.1 - Reflected Cross-Site Scripting LOW *-4.1 4.2 July 3, 2026
delete-comments-by-status delete-comments-by-status
91
Delete Comments By Status <= 2.1.1 - Unauthenticated Local File Inclusion LOW *-2.1.1 July 3, 2026
contact-us-by-lord-linus contact-us-by-lord-linus
89
Contact Us By Lord Linus <= 2.6 - Reflected Cross-Site Scripting LOW *-2.6 July 3, 2026
callback-request callback-request
91
Callback Request <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 July 3, 2026
book-press book-press
89
BookPress – For Book Authors <= 1.2.7 - Missing Authorization LOW *-1.2.7 July 3, 2026
authors-autocomplete-meta-box authors-autocomplete-meta-box
91
Authors Autocomplete Meta Box <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 3, 2026
albumreviewer albumreviewer
95
Album Reviewer <= 2.0.2 - Unauthenticated Stored Cross-Site Scripting LOW *-2.0.2 July 3, 2026
wp-event-aggregator wp-event-aggregator N/A WP Event Aggregator <= 1.8.2 - Reflected Cross-Site Scripting LOW *-1.8.2 1.8.3 July 3, 2026
magicform magicform
89
MagicForm - WordPress Form Builder <= 1.6.2 - Missing Authorization LOW *-1.6.2 July 3, 2026
animategl animategl
95
AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update LOW *-1.4.23 July 3, 2026
wp-travel wp-travel N/A WP Travel <= 10.1.3 - Authenticated (Author+) SQL Injection LOW *-10.1.3 10.1.4 July 3, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion LOW *-2.2.6 2.2.7 July 3, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion LOW *-2.2.6 2.2.7 July 3, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion LOW *-2.2.6 2.2.7 July 3, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending LOW *-2.2.6 2.2.7 July 3, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download LOW *-2.2.6 2.2.7 July 3, 2026
wp-coder wp-coder N/A WP Coder – Code Snippets + HTML, CSS, JS and PHP Injection <= 3.6.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.6 3.6.1 July 3, 2026
Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel wp-carousel-free N/A Carousel, Slider, Gallery by WP Carousel <= 2.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.7.3 2.7.4 July 3, 2026
wp-base-booking-of-appointments-services-and-events wp-base-booking-of-appointments-services-and-events N/A WP BASE Booking <= 5.0.0 - Unauthenticated Stored Cross-Site Scripting LOW *-5.0.0 5.1.0 July 3, 2026
wordpress-signature wordpress-signature N/A WordPress Signature <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1 July 3, 2026
woocommerce-support-ticket-system woocommerce-support-ticket-system N/A WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure LOW *-17.8 17.9 July 3, 2026
woocommerce-multi-locations-inventory-management woocommerce-multi-locations-inventory-management N/A MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.1.11 - Authenticated (Subscriber+) SQL Injection LOW *-4.1.11 4.1.12 July 3, 2026
woocommerce-customers-manager woocommerce-customers-manager N/A WooCommerce Customers Manager <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation LOW *-31.3 31.4 July 3, 2026
unusedcss unusedcss N/A RapidLoad – Optimize Web Vitals Automatically <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Limited Setting Reset LOW *-2.4.4 2.4.5 July 3, 2026
unlimited-page-sidebars unlimited-page-sidebars N/A Unlimited Page Sidebars <= 0.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.2.6 0.2.7 July 3, 2026
traveler-layout-essential-for-elementor traveler-layout-essential-for-elementor N/A Traveler Layout Essential For Elementor < 1.4 - Unauthenticated Server-Side Request Forgery LOW [*, 1.4) 1.4 July 3, 2026
traveler-code traveler-code N/A Traveler Code <= 3.1.1 - Authenticated (Subscriber+) SQL Injection LOW *-3.1.1 3.1.2 July 3, 2026
traveler-code traveler-code N/A Traveler Code <= 3.1.1 - Unauthenticated Arbitrary SQL Injection LOW *-3.1.1 3.1.2 July 3, 2026
the-plus-addons-for-elementor-page-builder the-plus-addons-for-elementor-page-builder N/A The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.1.8 6.2.0 July 3, 2026
tags-to-meta-keywords tags-to-meta-keywords N/A Tags to Keywords <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-site Scripting LOW *-1.0.1 1.0.2 July 3, 2026
super-seo-content-cloner super-seo-content-cloner N/A Content Cloner <= 1.0.1 - Missing Authorization LOW *-1.0.1 1.0.2 July 3, 2026
site-search-360 site-search-360 N/A Site Search 360 <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.6 2.1.7 July 3, 2026
responsive-block-editor-addons responsive-block-editor-addons N/A Responsive Blocks <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.9 2.0.0 July 3, 2026
online-accessibility online-accessibility
91
Accessibility Suite by Ability, Inc <= 4.18 - Missing Authorization LOW *-4.18 4.19 July 3, 2026
notificationx notificationx
93
NotificationX <= 2.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.5 3.0.0 July 3, 2026
nirweb-support nirweb-support
91
Nirweb support <= 3.0.3 - Missing Authorization LOW *-3.0.3 July 3, 2026
meta-tag-manager meta-tag-manager
93
Meta Tag Manager <= 3.1 - Missing Authorization LOW *-3.1 3.2 July 3, 2026
likebot likebot
91
LikeBot – Decentralized like-system <= 0.85 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.85 July 3, 2026
jupiterx-core jupiterx-core
93
Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution) LOW *-4.8.7 4.8.8 July 3, 2026
jupiterx-core jupiterx-core
93
Jupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read LOW *-4.8.7 4.8.8 July 3, 2026
hide-shipping-method-for-woocommerce hide-shipping-method-for-woocommerce
93
Hide Shipping Method For WooCommerce <= 1.5.1 - Missing Authorization LOW *-1.5.1 1.5.2 July 3, 2026
hesabfa-accounting hesabfa-accounting
89
Hesabfa Accounting <= 2.1.2 - Reflected Cross-Site Scripting LOW *-2.1.2 2.1.3 July 3, 2026
gwolle-gb gwolle-gb
93
Gwolle Guestbook <= 4.7.1 - Reflected Cross-Site Scripting LOW *-4.7.1 4.7.2 July 3, 2026
gt3-photo-video-gallery gt3-photo-video-gallery
93
Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.24 - Reflected Cross-Site Scripting LOW *-2.7.7.24 2.7.7.25 July 3, 2026
fx-calculators fx-calculators
93
Forex Calculators <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.3.6 1.3.7 July 3, 2026
forge forge
91
Forge – Front-End Page Builder <= 1.4.6 - Cross-Site Request Forgery to Stored Cross-site Scripting LOW *-1.4.6 July 3, 2026
ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system
79
ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation LOW *-3.2.6 3.2.7 July 3, 2026
document document
91
Document Block – Upload & Embed Docs <= 1.1.0 - Missing Authorization LOW *-1.1.0 July 3, 2026
disqus-popular-posts disqus-popular-posts
91
Disqus Popular Posts <= 2.1.1 - Reflected Cross-Site Scripting LOW *-2.1.1 July 3, 2026
directorist directorist
93
Directorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings <= 8.0.12 - Unauthenticated User Information Exposure LOW *-8.0.12 8.1 July 3, 2026
digitimber-cpanel-integration digitimber-cpanel-integration
93
DigiTimber cPanel Integration <= 1.4.6 - Cross-Site Request Forgery to Stored Cross-site Scripting LOW *-1.4.6 1.4.8 July 3, 2026
custom-related-posts custom-related-posts
93
Custom Related Posts <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates LOW *-1.7.3 1.7.4 July 3, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 25.1.0 - Authenticated (Author+) SQL Injection LOW *-25.1.0 25.1.2 July 3, 2026
contact-forms contact-forms
93
WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download LOW *-1.9.4 1.9.5 July 3, 2026
cf7-google-sheets-connector cf7-google-sheets-connector
93
CF7 Google Sheets Connector <= 5.0.17 - Missing Authorization LOW *-5.0.17 5.0.18 July 3, 2026
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages bp-better-messages
75
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.6.9 2.7.0 July 3, 2026
botnet-attack-blocker botnet-attack-blocker
89
Botnet Attack Blocker <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.0.0 July 3, 2026
LOW

breaking-news-ticker

breaking-news-ticker

Score: 91/100 Breaking News Ticker <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.4 Patched: Updated: July 3, 2026
LOW

boombox-theme-extensions

boombox-theme-extensions

Score: 93/100 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode Affected: *-1.8.0 Patched: 1.8.1 Updated: July 3, 2026
LOW

book-press

book-press

Score: 89/100 BookPress – For Book Authors <= 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.7 Patched: Updated: July 3, 2026
LOW

blog-posts-and-category-for-elementor

blog-posts-and-category-for-elementor

Score: 93/100 Blog, Posts and Category Filter for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: 2.1.0 Updated: July 3, 2026
LOW

b-slider

b-slider

Score: 93/100 B Slider- Gutenberg Slider Block for WP <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode Affected: *-1.1.23 Patched: 1.1.24 Updated: July 3, 2026
LOW

awesome-event-booking

awesome-event-booking

Score: 93/100 Awesome Event Booking <= 2.7.2 - Missing Authorization Affected: *-2.7.2 Patched: 2.7.5 Updated: July 3, 2026
LOW

awesome-event-booking

awesome-event-booking

Score: 93/100 Awesome Event Booking <= 2.7.5 - Cross-Site Request Forgery Affected: *-2.7.5 Patched: 2.8.0 Updated: July 3, 2026
LOW

auto-seo

auto-seo

Score: 93/100 Auto SEO <= 2.5.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.5.6 Patched: 2.6.6 Updated: July 3, 2026
LOW

athemes-addons-for-elementor-lite

athemes-addons-for-elementor-lite

Score: 93/100 aThemes Addons for Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.8 Patched: 1.0.9 Updated: July 3, 2026
LOW

appten-image-rotator

appten-image-rotator

Score: 95/100 Image Rotator <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 3, 2026
LOW

all-push-notification

all-push-notification

Score: 92/100 All push notification for WP <= 1.5.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.5.3 Patched: Updated: July 3, 2026
LOW

all-in-one-performance-accelerator

all-in-one-performance-accelerator

Score: 95/100 AIO Performance Profiler, Monitor, Optimize, Compress & Debug <= 1.2 - Missing Authorization Affected: *-1.2 Patched: 1.3 Updated: July 3, 2026
LOW

alert-box-block

alert-box-block

Score: 97/100 Alert Box Block – Display notice/alerts in the front end <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: July 3, 2026
LOW

admin-site-enhancements-pro

admin-site-enhancements-pro

Score: 97/100 Admin and Site Enhancements (ASE) Pro <= 7.6.2.1 - Authenticated (Subscriber+) Privilege Escalation Affected: *-7.6.2.1 Patched: 7.6.3 Updated: July 3, 2026
LOW

admin-site-enhancements

admin-site-enhancements

Score: 97/100 Admin and Site Enhancements (ASE) Pro <= 7.6.2.1 - Authenticated (Subscriber+) Privilege Escalation Affected: *-7.6.2.1 Patched: 7.6.3 Updated: July 3, 2026
LOW

ad-inserter-pro

ad-inserter-pro

Score: 97/100 Ad Inserter Pro <= 2.7.39 - Reflected Cross-Site Scripting Affected: *-2.7.39 Patched: 2.8.0 Updated: July 3, 2026
LOW

yahoo-boss

yahoo-boss

Score: N/A Yahoo BOSS <= 0.7 - Reflected Cross-Site Scripting Affected: *-0.7 Patched: Updated: July 3, 2026
LOW

wpoptin

wpoptin

Score: N/A Top Bar – PopUps – by WPOptin <= 2.0.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0.8 Patched: Updated: July 3, 2026
LOW

wp-less-compiler

wp-less-compiler

Score: N/A WP Less Compiler <= 1.3.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: July 3, 2026
LOW

wp-frontend-submit

wp-frontend-submit

Score: N/A WP Frontend Submit <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 3, 2026
LOW

wp-find-your-nearest

wp-find-your-nearest

Score: N/A WP Find Your Nearest <= 0.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.3.1 Patched: Updated: July 3, 2026
LOW

wp-church-center

wp-church-center

Score: N/A WP Church Center <= 1.3.3 - Reflected Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 3, 2026
LOW

woo-oscommerce-sync

woo-oscommerce-sync

Score: N/A Woocommerce osCommerce Sync <= 2.0.20 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0.20 Patched: Updated: July 3, 2026
LOW

visitors-details

visitors-details

Score: N/A Visitor Details <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

user-roles

user-roles

Score: N/A User Role <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

unitimetable

unitimetable

Score: N/A UniTimetable <= 1.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

uncomplicated-seo

uncomplicated-seo

Score: N/A Uncomplicated SEO <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

staff-directory-pro

staff-directory-pro

Score: N/A Staff Directory Plugin: Company Directory <= 4.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.3 Patched: Updated: July 3, 2026
LOW

sports-rankings-lists

sports-rankings-lists

Score: N/A Sports Rankings and Lists <= 1.0.2 - Unauthenticated Arbitrary File Download Affected: *-1.0.2 Patched: Updated: July 3, 2026
LOW

social-links

social-links

Score: N/A Social Links <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

social-links

social-links

Score: N/A Social Links <= 1.0.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.11 Patched: Updated: July 3, 2026
LOW

shalom-world-media-gallery

shalom-world-media-gallery

Score: N/A SW Plus <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 3, 2026
LOW

seekxl-snapr

seekxl-snapr

Score: N/A seekXL Snapr <= 2.0.6 - Reflected Cross-Site Scripting Affected: *-2.0.6 Patched: Updated: July 3, 2026
LOW

rj-quickcharts

rj-quickcharts

Score: N/A RJ Quickcharts <= 0.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-0.6.1 Patched: Updated: July 3, 2026
LOW

migrate-post

migrate-post

Score: 91/100 Migrate Posts <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

meta-accelerator

meta-accelerator

Score: 91/100 Meta Accelerator <= 1.0.4 - Reflected Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 3, 2026
LOW

like-dislike-plus-counter

like-dislike-plus-counter

Score: 91/100 Like dislike plus counter | Like Dislike Buttons <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

js-vehicle-manager

js-vehicle-manager

Score: 91/100 WP Vehicle Manager <= 3.1 - Unauthenticated Local File Inclusion Affected: *-3.1 Patched: Updated: July 3, 2026
LOW

implied-cookie-consent

implied-cookie-consent

Score: 91/100 Implied Cookie Consent <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 3, 2026
LOW

images-optimizer

images-optimizer

Score: 91/100 Plugin A/B Image Optimizer <= 3.3 - Authenticated (Subscriber+) Arbitrary File Download Affected: *-3.3 Patched: Updated: July 3, 2026
LOW

fami-sales-popup

fami-sales-popup

Score: 91/100 Fami Sales Popup <= 2.0.0 - Unauthenticated Local File Inclusion Affected: *-2.0.0 Patched: Updated: July 3, 2026
LOW

ep4-more-embeds

ep4-more-embeds

Score: 91/100 EP4 More Embeds <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

dreamstime-stock-photos

dreamstime-stock-photos

Score: 93/100 Dreamstime Stock Photos <= 4.1 - Reflected Cross-Site Scripting Affected: *-4.1 Patched: 4.2 Updated: July 3, 2026
LOW

delete-comments-by-status

delete-comments-by-status

Score: 91/100 Delete Comments By Status <= 2.1.1 - Unauthenticated Local File Inclusion Affected: *-2.1.1 Patched: Updated: July 3, 2026
LOW

contact-us-by-lord-linus

contact-us-by-lord-linus

Score: 89/100 Contact Us By Lord Linus <= 2.6 - Reflected Cross-Site Scripting Affected: *-2.6 Patched: Updated: July 3, 2026
LOW

callback-request

callback-request

Score: 91/100 Callback Request <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 3, 2026
LOW

book-press

book-press

Score: 89/100 BookPress – For Book Authors <= 1.2.7 - Missing Authorization Affected: *-1.2.7 Patched: Updated: July 3, 2026
LOW

authors-autocomplete-meta-box

authors-autocomplete-meta-box

Score: 91/100 Authors Autocomplete Meta Box <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 3, 2026
LOW

albumreviewer

albumreviewer

Score: 95/100 Album Reviewer <= 2.0.2 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: July 3, 2026
LOW

wp-event-aggregator

wp-event-aggregator

Score: N/A WP Event Aggregator <= 1.8.2 - Reflected Cross-Site Scripting Affected: *-1.8.2 Patched: 1.8.3 Updated: July 3, 2026
LOW

magicform

magicform

Score: 89/100 MagicForm - WordPress Form Builder <= 1.6.2 - Missing Authorization Affected: *-1.6.2 Patched: Updated: July 3, 2026
LOW

animategl

animategl

Score: 95/100 AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.4.23 Patched: Updated: July 3, 2026
LOW

wp-travel

wp-travel

Score: N/A WP Travel <= 10.1.3 - Authenticated (Author+) SQL Injection Affected: *-10.1.3 Patched: 10.1.4 Updated: July 3, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion Affected: *-2.2.6 Patched: 2.2.7 Updated: July 3, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion Affected: *-2.2.6 Patched: 2.2.7 Updated: July 3, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion Affected: *-2.2.6 Patched: 2.2.7 Updated: July 3, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending Affected: *-2.2.6 Patched: 2.2.7 Updated: July 3, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download Affected: *-2.2.6 Patched: 2.2.7 Updated: July 3, 2026
LOW

wp-coder

wp-coder

Score: N/A WP Coder – Code Snippets + HTML, CSS, JS and PHP Injection <= 3.6.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.6 Patched: 3.6.1 Updated: July 3, 2026
LOW

wordpress-signature

wordpress-signature

Score: N/A WordPress Signature <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 3, 2026
LOW

woocommerce-support-ticket-system

woocommerce-support-ticket-system

Score: N/A WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure Affected: *-17.8 Patched: 17.9 Updated: July 3, 2026
LOW

woocommerce-multi-locations-inventory-management

woocommerce-multi-locations-inventory-management

Score: N/A MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.1.11 - Authenticated (Subscriber+) SQL Injection Affected: *-4.1.11 Patched: 4.1.12 Updated: July 3, 2026
LOW

woocommerce-customers-manager

woocommerce-customers-manager

Score: N/A WooCommerce Customers Manager <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-31.3 Patched: 31.4 Updated: July 3, 2026
LOW

unusedcss

unusedcss

Score: N/A RapidLoad – Optimize Web Vitals Automatically <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Limited Setting Reset Affected: *-2.4.4 Patched: 2.4.5 Updated: July 3, 2026
LOW

unlimited-page-sidebars

unlimited-page-sidebars

Score: N/A Unlimited Page Sidebars <= 0.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.2.6 Patched: 0.2.7 Updated: July 3, 2026
LOW

traveler-layout-essential-for-elementor

traveler-layout-essential-for-elementor

Score: N/A Traveler Layout Essential For Elementor < 1.4 - Unauthenticated Server-Side Request Forgery Affected: [*, 1.4) Patched: 1.4 Updated: July 3, 2026
LOW

traveler-code

traveler-code

Score: N/A Traveler Code <= 3.1.1 - Authenticated (Subscriber+) SQL Injection Affected: *-3.1.1 Patched: 3.1.2 Updated: July 3, 2026
LOW

traveler-code

traveler-code

Score: N/A Traveler Code <= 3.1.1 - Unauthenticated Arbitrary SQL Injection Affected: *-3.1.1 Patched: 3.1.2 Updated: July 3, 2026
LOW

the-plus-addons-for-elementor-page-builder

the-plus-addons-for-elementor-page-builder

Score: N/A The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.1.8 Patched: 6.2.0 Updated: July 3, 2026
LOW

tags-to-meta-keywords

tags-to-meta-keywords

Score: N/A Tags to Keywords <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: July 3, 2026
LOW

super-seo-content-cloner

super-seo-content-cloner

Score: N/A Content Cloner <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: 1.0.2 Updated: July 3, 2026
LOW

site-search-360

site-search-360

Score: N/A Site Search 360 <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: July 3, 2026
LOW

responsive-block-editor-addons

responsive-block-editor-addons

Score: N/A Responsive Blocks <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.9 Patched: 2.0.0 Updated: July 3, 2026
LOW

online-accessibility

online-accessibility

Score: 91/100 Accessibility Suite by Ability, Inc <= 4.18 - Missing Authorization Affected: *-4.18 Patched: 4.19 Updated: July 3, 2026
LOW

notificationx

notificationx

Score: 93/100 NotificationX <= 2.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.5 Patched: 3.0.0 Updated: July 3, 2026
LOW

nirweb-support

nirweb-support

Score: 91/100 Nirweb support <= 3.0.3 - Missing Authorization Affected: *-3.0.3 Patched: Updated: July 3, 2026
LOW

meta-tag-manager

meta-tag-manager

Score: 93/100 Meta Tag Manager <= 3.1 - Missing Authorization Affected: *-3.1 Patched: 3.2 Updated: July 3, 2026
LOW

likebot

likebot

Score: 91/100 LikeBot – Decentralized like-system <= 0.85 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.85 Patched: Updated: July 3, 2026
LOW

jupiterx-core

jupiterx-core

Score: 93/100 Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution) Affected: *-4.8.7 Patched: 4.8.8 Updated: July 3, 2026
LOW

jupiterx-core

jupiterx-core

Score: 93/100 Jupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read Affected: *-4.8.7 Patched: 4.8.8 Updated: July 3, 2026
LOW

hide-shipping-method-for-woocommerce

hide-shipping-method-for-woocommerce

Score: 93/100 Hide Shipping Method For WooCommerce <= 1.5.1 - Missing Authorization Affected: *-1.5.1 Patched: 1.5.2 Updated: July 3, 2026
LOW

hesabfa-accounting

hesabfa-accounting

Score: 89/100 Hesabfa Accounting <= 2.1.2 - Reflected Cross-Site Scripting Affected: *-2.1.2 Patched: 2.1.3 Updated: July 3, 2026
LOW

gwolle-gb

gwolle-gb

Score: 93/100 Gwolle Guestbook <= 4.7.1 - Reflected Cross-Site Scripting Affected: *-4.7.1 Patched: 4.7.2 Updated: July 3, 2026
LOW

gt3-photo-video-gallery

gt3-photo-video-gallery

Score: 93/100 Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.24 - Reflected Cross-Site Scripting Affected: *-2.7.7.24 Patched: 2.7.7.25 Updated: July 3, 2026
LOW

fx-calculators

fx-calculators

Score: 93/100 Forex Calculators <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: 1.3.7 Updated: July 3, 2026
LOW

forge

forge

Score: 91/100 Forge – Front-End Page Builder <= 1.4.6 - Cross-Site Request Forgery to Stored Cross-site Scripting Affected: *-1.4.6 Patched: Updated: July 3, 2026
LOW

ELEX WordPress HelpDesk & Customer Ticketing System

elex-helpdesk-customer-support-ticket-system

Score: 79/100 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-3.2.6 Patched: 3.2.7 Updated: July 3, 2026
LOW

document

document

Score: 91/100 Document Block – Upload & Embed Docs <= 1.1.0 - Missing Authorization Affected: *-1.1.0 Patched: Updated: July 3, 2026
LOW

disqus-popular-posts

disqus-popular-posts

Score: 91/100 Disqus Popular Posts <= 2.1.1 - Reflected Cross-Site Scripting Affected: *-2.1.1 Patched: Updated: July 3, 2026
LOW

directorist

directorist

Score: 93/100 Directorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings <= 8.0.12 - Unauthenticated User Information Exposure Affected: *-8.0.12 Patched: 8.1 Updated: July 3, 2026
LOW

digitimber-cpanel-integration

digitimber-cpanel-integration

Score: 93/100 DigiTimber cPanel Integration <= 1.4.6 - Cross-Site Request Forgery to Stored Cross-site Scripting Affected: *-1.4.6 Patched: 1.4.8 Updated: July 3, 2026
LOW

custom-related-posts

custom-related-posts

Score: 93/100 Custom Related Posts <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates Affected: *-1.7.3 Patched: 1.7.4 Updated: July 3, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 25.1.0 - Authenticated (Author+) SQL Injection Affected: *-25.1.0 Patched: 25.1.2 Updated: July 3, 2026
LOW

contact-forms

contact-forms

Score: 93/100 WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download Affected: *-1.9.4 Patched: 1.9.5 Updated: July 3, 2026
LOW

cf7-google-sheets-connector

cf7-google-sheets-connector

Score: 93/100 CF7 Google Sheets Connector <= 5.0.17 - Missing Authorization Affected: *-5.0.17 Patched: 5.0.18 Updated: July 3, 2026
LOW

botnet-attack-blocker

botnet-attack-blocker

Score: 89/100 Botnet Attack Blocker <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 3, 2026

Showing 12401 to 12500 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 16:31 UTC.