Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

91

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
auxin-elements auxin-elements
89
Shortcodes and extra features for Phlox theme <= 2.17.4 - Missing Authorization LOW *-2.17.4 2.17.5 July 3, 2026
athemes-addons-for-elementor-lite athemes-addons-for-elementor-lite
93
aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.12 1.0.13 July 3, 2026
ajax-search-lite ajax-search-lite
97
Ajax Search Lite <= 4.12.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.12.4 4.12.5 July 3, 2026
activitytime activitytime
97
WP Sessions Time Monitoring Full Automatic <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 1.1.2 July 3, 2026
Drag and Drop Multiple File Upload for Contact Form 7 drag-and-drop-multiple-file-upload-contact-form-7
93
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion LOW *-1.3.8.5 1.3.8.6 July 3, 2026
infographic-and-list-builder-ilist infographic-and-list-builder-ilist
93
AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution LOW *-4.9.0 5.0.0 July 3, 2026
Product Table & List Builder for WooCommerce Lite wc-product-table-lite N/A WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting LOW *-3.9.4 3.9.5 July 3, 2026
wp-datatable wp-datatable N/A WP DataTable <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter LOW *-0.2.6 0.2.7 July 3, 2026
mp3-music-player-by-sonaar mp3-music-player-by-sonaar
93
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Podcast RSS Feed LOW *-5.9.3 5.9.4 July 3, 2026
Shared Files – Frontend File Upload Form & Secure File Sharing shared-files
78
Shared Files – Frontend File Upload Form & Secure File Sharing <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload LOW *-1.7.42 1.7.43 July 3, 2026
lead-capturing-call-to-actions-by-vcita lead-capturing-call-to-actions-by-vcita
89
Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle LOW *-2.7.1 July 3, 2026
lead-capturing-call-to-actions-by-vcita lead-capturing-call-to-actions-by-vcita
89
Contact Form and Calls To Action by vcita <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.1 July 3, 2026
ni-woo-sales-commission ni-woo-sales-commission
91
Ni Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission Update LOW *-1.2.4 July 3, 2026
permalink-finder permalink-finder N/A Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting LOW *-3.4 July 3, 2026
ht-event ht-event
93
HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor LOW *-1.4.7 1.4.8 July 3, 2026
borderless borderless
93
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload LOW *-1.6.2 1.6.3 July 3, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
92
Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter LOW *-1.38.2 1.38.3 July 3, 2026
seatreg seatreg N/A SeatReg <= 1.56.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.56.0 1.56.1 July 3, 2026
live-2d live-2d
93
Live2DWebCanvas <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-1.9.11 1.9.12 July 3, 2026
wpradio wpradio N/A WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 1.0.5 July 3, 2026
frictionless frictionless
91
Frictionless <= 0.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.0.23 July 3, 2026
gosign-posts-slider-block gosign-posts-slider-block
89
Gosign – Posts Slider Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 3, 2026
borderless borderless
93
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.0 - Authenticated (Administrator+) Remote Code Execution LOW *-1.6.0 1.6.1 July 3, 2026
borderless borderless
93
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion LOW *-1.5.9 1.6.0 July 3, 2026
royal-core royal-core N/A Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update LOW *-2.9.2 July 3, 2026
ecpay-ecommerce-for-woocommerce ecpay-ecommerce-for-woocommerce
93
ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion LOW *-1.1.2411060 1.1.2502030 July 3, 2026
kona-instagram-feed-for-gutenberg kona-instagram-feed-for-gutenberg
89
Kona Gallery Block <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7 July 3, 2026
ai-image-alt-text-generator-for-wp ai-image-alt-text-generator-for-wp
95
Ai Image Alt Text Generator for WP <= 1.0.6 - Reflected Cross-Site Scripting LOW *-1.0.6 1.0.7 July 3, 2026
userpro-mediamanager userpro-mediamanager N/A Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update LOW *-3.11.0 July 3, 2026
userpro-mediamanager userpro-mediamanager N/A Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-3.12.0 July 3, 2026
wp-survey-and-poll wp-survey-and-poll N/A WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) SQL Injection LOW *-1.7.5 July 3, 2026
we-testimonial-slider we-testimonial-slider N/A WE – Testimonial Slider <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5 July 3, 2026
starter-templates starter-templates N/A Starter Templates by FancyWP <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery LOW *-2.0.0 July 3, 2026
wonder-fontawesome wonder-fontawesome N/A Wonder FontAwesome <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.8 July 3, 2026
single-user-chat single-user-chat N/A Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update LOW *-0.5 July 3, 2026
music-sheet-viewer music-sheet-viewer
89
Music Sheet Viewer <= 4.1 - Unauthenticated Arbitrary File Read LOW *-4.1 July 3, 2026
music-sheet-viewer music-sheet-viewer
89
Music Sheet Viewer <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.1 July 3, 2026
typer-core typer-core N/A Typer Core <= 1.9.6 - Authenticated (Contributor+) Post Disclosure LOW *-1.9.6 July 3, 2026
wp-dispensary wp-dispensary N/A WP Dispensary <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.5.0 July 3, 2026
makewebbetter-hubspot-for-woocommerce makewebbetter-hubspot-for-woocommerce
93
MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update LOW *-1.5.9 1.6.0 July 3, 2026
system-dashboard system-dashboard N/A System Dashboard <= 2.8.17 - Reflected Cross-Site Scripting via Filename Parameter LOW *-2.8.17 2.8.18 July 3, 2026
stockdio-historical-chart stockdio-historical-chart N/A Stockdio Historical Chart <= 2.8.18 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.8.18 2.8.19 July 3, 2026
stageshow stageshow N/A StageShow <= 9.8.6 - Reflected Cross-Site Scripting LOW *-9.8.6 10.0 July 3, 2026
worpit-admin-dashboard-plugin worpit-admin-dashboard-plugin N/A iControlWP – Multiple WordPress Site Manager <= 4.4.5 - Unauthenticated PHP Object Injection LOW *-4.4.5 4.5.0 July 3, 2026
team-rosters team-rosters N/A Team Rosters <= 4.7 - Reflected Cross-Site Scripting via 'tab' LOW *-4.7 4.8 July 3, 2026
html5-chat html5-chat
93
HTML5 chat <= 1.07 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.07 1.08 July 3, 2026
zstore-manager-basic zstore-manager-basic N/A zStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing LOW *-3.311 July 3, 2026
safe-ai-malware-protection-for-wp safe-ai-malware-protection-for-wp N/A Safe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database Export LOW *-1.0.17 1.0.18 July 3, 2026
wp-table-editor wp-table-editor N/A Table Editor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.1 1.6.0 July 3, 2026
automatically-hierarchic-categories-in-menu automatically-hierarchic-categories-in-menu
93
Automatically Hierarchic Categories in Menu <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.7 2.0.8 July 3, 2026
tlp-food-menu tlp-food-menu N/A Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-5.1.4 5.2.0 July 3, 2026
ploxel ploxel N/A Ticketmeo – Sell Tickets – Event Ticketing <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.3.6 2.4.0 July 3, 2026
order-export-and-more-for-woocommerce order-export-and-more-for-woocommerce
93
Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-3.24 3.25 July 3, 2026
login-page-styler login-page-styler
93
Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session Termination LOW *-7.1.1 7.1.2 July 3, 2026
ehive-objects-image-grid ehive-objects-image-grid
93
eHive Objects Image Grid <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.1 2.4.2 July 3, 2026
dc-woocommerce-multi-vendor dc-woocommerce-multi-vendor
93
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion LOW *-4.2.14 4.2.15 July 3, 2026
buddyforms buddyforms
89
Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.8.13 2.8.14 July 3, 2026
awesome-responsive-photo-gallery awesome-responsive-photo-gallery
93
Image Gallery – Responsive Photo Gallery <= 1.0.5 - Missing Authorization LOW *-1.0.5 1.2 July 3, 2026
wp-image-uploader wp-image-uploader N/A WP Image Uploader <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 3, 2026
clinked-client-portal clinked-client-portal
91
Clinked Client Portal <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9 1.10 July 3, 2026
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory geodirectory
66
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.97 - Unauthenticated SQL Injection LOW *-2.8.97 2.8.98 July 3, 2026
pirate-forms pirate-forms N/A Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution LOW *-2.6.0 2.6.1 July 3, 2026
vr-frases vr-frases N/A VR-Frases (collect & share quotes) <= 3.0.1 - Reflected Cross-Site Scripting LOW *-3.0.1 4.0 July 3, 2026
vr-frases vr-frases N/A VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection LOW *-3.0.1 4.0 July 3, 2026
smart-wishlist-for-more-convert smart-wishlist-for-more-convert N/A WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function LOW *-1.8.7 1.8.8 July 3, 2026
responsive-block-editor-addons responsive-block-editor-addons N/A Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via section_tag Parameter LOW *-1.9.9 2.0.0 July 3, 2026
cp-contact-form-with-paypal cp-contact-form-with-paypal
93
CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery LOW *-1.3.52 1.3.53 July 3, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-3.8.24 3.8.25 July 3, 2026
Event Tickets and Registration event-tickets
86
Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure LOW *-5.18.1 5.18.1.1 July 3, 2026
wp-post-list-table wp-post-list-table N/A WP Post List Table <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.3 1.0.4 July 3, 2026
wp-image-uploader wp-image-uploader N/A WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion LOW *-1.0.1 July 3, 2026
wp-image-uploader wp-image-uploader N/A WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion LOW *-1.0.1 July 3, 2026
w2s-migrate-woo-to-shopify w2s-migrate-woo-to-shopify N/A W2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read LOW *-1.2.1 1.3.0 July 3, 2026
stratum stratum N/A Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget LOW *-1.4.7 1.5.0 July 3, 2026
simplepress simplepress N/A Simple:Press Forum <= 6.10.11 - Reflected Cross-Site Scripting LOW *-6.10.11 6.10.12 July 3, 2026
monetag-official monetag-official
89
Monetag Official Plugin <= 1.1.3 - Missing Authorization LOW *-1.1.3 July 3, 2026
Master Slider – Responsive Touch Slider master-slider
86
Master Slider <= 3.10.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.10.0 3.10.5 July 3, 2026
learnpress learnpress
93
LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.2.7.5 4.2.7.5.1 July 3, 2026
learnpress learnpress
93
LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.2.7.5 4.2.7.5.1 July 3, 2026
ethereumico ethereumico
93
EthereumICO <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ethereum-ico Shortcode LOW *-2.4.6 2.4.7 July 3, 2026
embed-swagger-ui embed-swagger-ui
91
Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 3, 2026
elementor-pro elementor-pro
93
Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode LOW *-3.25.10 3.25.11 July 3, 2026
bulk-menu-edit bulk-menu-edit
93
Bulk Menu Edit <= 1.3.0 - Missing Authorization LOW *-1.3 1.3.1 July 3, 2026
all-bootstrap-blocks all-bootstrap-blocks
97
All Bootstrap Blocks <= 1.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.26 1.3.27 July 3, 2026
alex-reservations alex-reservations
97
Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.0.5 2.0.6 July 3, 2026
brid-video-easy-publish brid-video-easy-publish
91
Target Video Easy Publish <= 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via brid_override_yt Shortcode LOW *-3.8.3 3.8.4 July 3, 2026
DiviTorque Lite – Divi Theme, Divi Builder & Extra Theme addons-for-divi
93
Divi Torque Lite <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets LOW *-4.1.0 4.1.1 July 3, 2026
flexible-wishlist flexible-wishlist
93
Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter LOW *-1.2.25 1.2.26 July 3, 2026
wp-mailster wp-mailster N/A WP Mailster <= 1.8.20.0 - Reflected Cross-Site Scripting LOW *-1.8.20.0 1.8.21.0 July 3, 2026
simple-image-sizes simple-image-sizes N/A Simple Image Sizes <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.2.2 3.2.3 July 3, 2026
custom-registration-form-builder-with-submission-manager custom-registration-form-builder-with-submission-manager
93
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.3.3 - Reflected Cross-Site Scripting LOW *-6.0.3.3 6.0.3.4 July 3, 2026
clickwhale clickwhale
93
ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.1 2.4.2 July 3, 2026
elementskit elementskit
93
ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter LOW *-3.7.8 3.7.9 July 3, 2026
mailup-auto-subscribtion mailup-auto-subscribtion
93
MailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.0 1.2.0 July 3, 2026
ws-form-pro ws-form-pro N/A WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting LOW *-1.10.13 1.10.14 July 3, 2026
WS Form LITE – Drag & Drop Contact Form Builder ws-form N/A WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting LOW *-1.10.13 1.10.14 July 3, 2026
wpjobboard wpjobboard N/A WPJobBoard <= 5.10.1 - Reflected Cross-Site Scripting LOW *-5.10.1 5.11.1 July 3, 2026
wp-touch-slider wp-touch-slider N/A WP Touch Slider <= 2.2 - Reflected Cross-Site Scripting LOW *-2.2 July 3, 2026
wp-multi-store-locator wp-multi-store-locator N/A WP Multistore Locator — WP Store Locator Plugin: Effortless Integration With Snazzy Maps <= 2.5.0 - Reflected Cross-Site Scripting LOW *-2.5.0 2.5.1 July 3, 2026
wise-forms wise-forms N/A Wise Forms <= 1.2.0 - Unauthenticated Stored Cross-Site Scripting LOW *-1.2.0 July 3, 2026
LOW

auxin-elements

auxin-elements

Score: 89/100 Shortcodes and extra features for Phlox theme <= 2.17.4 - Missing Authorization Affected: *-2.17.4 Patched: 2.17.5 Updated: July 3, 2026
LOW

athemes-addons-for-elementor-lite

athemes-addons-for-elementor-lite

Score: 93/100 aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.12 Patched: 1.0.13 Updated: July 3, 2026
LOW

ajax-search-lite

ajax-search-lite

Score: 97/100 Ajax Search Lite <= 4.12.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.12.4 Patched: 4.12.5 Updated: July 3, 2026
LOW

activitytime

activitytime

Score: 97/100 WP Sessions Time Monitoring Full Automatic <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.2 Updated: July 3, 2026
LOW

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

Score: 93/100 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion Affected: *-1.3.8.5 Patched: 1.3.8.6 Updated: July 3, 2026
LOW

infographic-and-list-builder-ilist

infographic-and-list-builder-ilist

Score: 93/100 AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution Affected: *-4.9.0 Patched: 5.0.0 Updated: July 3, 2026
LOW

Product Table & List Builder for WooCommerce Lite

wc-product-table-lite

Score: N/A WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting Affected: *-3.9.4 Patched: 3.9.5 Updated: July 3, 2026
LOW

wp-datatable

wp-datatable

Score: N/A WP DataTable <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-0.2.6 Patched: 0.2.7 Updated: July 3, 2026
LOW

mp3-music-player-by-sonaar

mp3-music-player-by-sonaar

Score: 93/100 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Podcast RSS Feed Affected: *-5.9.3 Patched: 5.9.4 Updated: July 3, 2026
LOW

lead-capturing-call-to-actions-by-vcita

lead-capturing-call-to-actions-by-vcita

Score: 89/100 Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle Affected: *-2.7.1 Patched: Updated: July 3, 2026
LOW

lead-capturing-call-to-actions-by-vcita

lead-capturing-call-to-actions-by-vcita

Score: 89/100 Contact Form and Calls To Action by vcita <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.1 Patched: Updated: July 3, 2026
LOW

ni-woo-sales-commission

ni-woo-sales-commission

Score: 91/100 Ni Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission Update Affected: *-1.2.4 Patched: Updated: July 3, 2026
LOW

permalink-finder

permalink-finder

Score: N/A Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.4 Patched: Updated: July 3, 2026
LOW

ht-event

ht-event

Score: 93/100 HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor Affected: *-1.4.7 Patched: 1.4.8 Updated: July 3, 2026
LOW

borderless

borderless

Score: 93/100 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload Affected: *-1.6.2 Patched: 1.6.3 Updated: July 3, 2026
LOW

seatreg

seatreg

Score: N/A SeatReg <= 1.56.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.56.0 Patched: 1.56.1 Updated: July 3, 2026
LOW

live-2d

live-2d

Score: 93/100 Live2DWebCanvas <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-1.9.11 Patched: 1.9.12 Updated: July 3, 2026
LOW

wpradio

wpradio

Score: N/A WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: 1.0.5 Updated: July 3, 2026
LOW

frictionless

frictionless

Score: 91/100 Frictionless <= 0.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.0.23 Patched: Updated: July 3, 2026
LOW

gosign-posts-slider-block

gosign-posts-slider-block

Score: 89/100 Gosign – Posts Slider Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 3, 2026
LOW

borderless

borderless

Score: 93/100 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.0 - Authenticated (Administrator+) Remote Code Execution Affected: *-1.6.0 Patched: 1.6.1 Updated: July 3, 2026
LOW

borderless

borderless

Score: 93/100 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion Affected: *-1.5.9 Patched: 1.6.0 Updated: July 3, 2026
LOW

royal-core

royal-core

Score: N/A Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update Affected: *-2.9.2 Patched: Updated: July 3, 2026
LOW

ecpay-ecommerce-for-woocommerce

ecpay-ecommerce-for-woocommerce

Score: 93/100 ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion Affected: *-1.1.2411060 Patched: 1.1.2502030 Updated: July 3, 2026
LOW

kona-instagram-feed-for-gutenberg

kona-instagram-feed-for-gutenberg

Score: 89/100 Kona Gallery Block <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 3, 2026
LOW

ai-image-alt-text-generator-for-wp

ai-image-alt-text-generator-for-wp

Score: 95/100 Ai Image Alt Text Generator for WP <= 1.0.6 - Reflected Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: July 3, 2026
LOW

userpro-mediamanager

userpro-mediamanager

Score: N/A Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update Affected: *-3.11.0 Patched: Updated: July 3, 2026
LOW

userpro-mediamanager

userpro-mediamanager

Score: N/A Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-3.12.0 Patched: Updated: July 3, 2026
LOW

wp-survey-and-poll

wp-survey-and-poll

Score: N/A WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) SQL Injection Affected: *-1.7.5 Patched: Updated: July 3, 2026
LOW

we-testimonial-slider

we-testimonial-slider

Score: N/A WE – Testimonial Slider <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 3, 2026
LOW

starter-templates

starter-templates

Score: N/A Starter Templates by FancyWP <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery Affected: *-2.0.0 Patched: Updated: July 3, 2026
LOW

wonder-fontawesome

wonder-fontawesome

Score: N/A Wonder FontAwesome <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.8 Patched: Updated: July 3, 2026
LOW

single-user-chat

single-user-chat

Score: N/A Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update Affected: *-0.5 Patched: Updated: July 3, 2026
LOW

music-sheet-viewer

music-sheet-viewer

Score: 89/100 Music Sheet Viewer <= 4.1 - Unauthenticated Arbitrary File Read Affected: *-4.1 Patched: Updated: July 3, 2026
LOW

music-sheet-viewer

music-sheet-viewer

Score: 89/100 Music Sheet Viewer <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1 Patched: Updated: July 3, 2026
LOW

typer-core

typer-core

Score: N/A Typer Core <= 1.9.6 - Authenticated (Contributor+) Post Disclosure Affected: *-1.9.6 Patched: Updated: July 3, 2026
LOW

wp-dispensary

wp-dispensary

Score: N/A WP Dispensary <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.5.0 Patched: Updated: July 3, 2026
LOW

makewebbetter-hubspot-for-woocommerce

makewebbetter-hubspot-for-woocommerce

Score: 93/100 MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update Affected: *-1.5.9 Patched: 1.6.0 Updated: July 3, 2026
LOW

system-dashboard

system-dashboard

Score: N/A System Dashboard <= 2.8.17 - Reflected Cross-Site Scripting via Filename Parameter Affected: *-2.8.17 Patched: 2.8.18 Updated: July 3, 2026
LOW

stockdio-historical-chart

stockdio-historical-chart

Score: N/A Stockdio Historical Chart <= 2.8.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.18 Patched: 2.8.19 Updated: July 3, 2026
LOW

stageshow

stageshow

Score: N/A StageShow <= 9.8.6 - Reflected Cross-Site Scripting Affected: *-9.8.6 Patched: 10.0 Updated: July 3, 2026
LOW

worpit-admin-dashboard-plugin

worpit-admin-dashboard-plugin

Score: N/A iControlWP – Multiple WordPress Site Manager <= 4.4.5 - Unauthenticated PHP Object Injection Affected: *-4.4.5 Patched: 4.5.0 Updated: July 3, 2026
LOW

team-rosters

team-rosters

Score: N/A Team Rosters <= 4.7 - Reflected Cross-Site Scripting via 'tab' Affected: *-4.7 Patched: 4.8 Updated: July 3, 2026
LOW

html5-chat

html5-chat

Score: 93/100 HTML5 chat <= 1.07 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.07 Patched: 1.08 Updated: July 3, 2026
LOW

zstore-manager-basic

zstore-manager-basic

Score: N/A zStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing Affected: *-3.311 Patched: Updated: July 3, 2026
LOW

safe-ai-malware-protection-for-wp

safe-ai-malware-protection-for-wp

Score: N/A Safe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database Export Affected: *-1.0.17 Patched: 1.0.18 Updated: July 3, 2026
LOW

wp-table-editor

wp-table-editor

Score: N/A Table Editor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: 1.6.0 Updated: July 3, 2026
LOW

automatically-hierarchic-categories-in-menu

automatically-hierarchic-categories-in-menu

Score: 93/100 Automatically Hierarchic Categories in Menu <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.7 Patched: 2.0.8 Updated: July 3, 2026
LOW

tlp-food-menu

tlp-food-menu

Score: N/A Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-5.1.4 Patched: 5.2.0 Updated: July 3, 2026
LOW

ploxel

ploxel

Score: N/A Ticketmeo – Sell Tickets – Event Ticketing <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3.6 Patched: 2.4.0 Updated: July 3, 2026
LOW

order-export-and-more-for-woocommerce

order-export-and-more-for-woocommerce

Score: 93/100 Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-3.24 Patched: 3.25 Updated: July 3, 2026
LOW

login-page-styler

login-page-styler

Score: 93/100 Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session Termination Affected: *-7.1.1 Patched: 7.1.2 Updated: July 3, 2026
LOW

ehive-objects-image-grid

ehive-objects-image-grid

Score: 93/100 eHive Objects Image Grid <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.1 Patched: 2.4.2 Updated: July 3, 2026
LOW

dc-woocommerce-multi-vendor

dc-woocommerce-multi-vendor

Score: 93/100 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion Affected: *-4.2.14 Patched: 4.2.15 Updated: July 3, 2026
LOW

buddyforms

buddyforms

Score: 89/100 Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.13 Patched: 2.8.14 Updated: July 3, 2026
LOW

awesome-responsive-photo-gallery

awesome-responsive-photo-gallery

Score: 93/100 Image Gallery – Responsive Photo Gallery <= 1.0.5 - Missing Authorization Affected: *-1.0.5 Patched: 1.2 Updated: July 3, 2026
LOW

wp-image-uploader

wp-image-uploader

Score: N/A WP Image Uploader <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

clinked-client-portal

clinked-client-portal

Score: 91/100 Clinked Client Portal <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9 Patched: 1.10 Updated: July 3, 2026
LOW

pirate-forms

pirate-forms

Score: N/A Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution Affected: *-2.6.0 Patched: 2.6.1 Updated: July 3, 2026
LOW

vr-frases

vr-frases

Score: N/A VR-Frases (collect & share quotes) <= 3.0.1 - Reflected Cross-Site Scripting Affected: *-3.0.1 Patched: 4.0 Updated: July 3, 2026
LOW

vr-frases

vr-frases

Score: N/A VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection Affected: *-3.0.1 Patched: 4.0 Updated: July 3, 2026
LOW

smart-wishlist-for-more-convert

smart-wishlist-for-more-convert

Score: N/A WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function Affected: *-1.8.7 Patched: 1.8.8 Updated: July 3, 2026
LOW

responsive-block-editor-addons

responsive-block-editor-addons

Score: N/A Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via section_tag Parameter Affected: *-1.9.9 Patched: 2.0.0 Updated: July 3, 2026
LOW

cp-contact-form-with-paypal

cp-contact-form-with-paypal

Score: 93/100 CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery Affected: *-1.3.52 Patched: 1.3.53 Updated: July 3, 2026
LOW

Event Tickets and Registration

event-tickets

Score: 86/100 Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure Affected: *-5.18.1 Patched: 5.18.1.1 Updated: July 3, 2026
LOW

wp-post-list-table

wp-post-list-table

Score: N/A WP Post List Table <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: July 3, 2026
LOW

wp-image-uploader

wp-image-uploader

Score: N/A WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

wp-image-uploader

wp-image-uploader

Score: N/A WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion Affected: *-1.0.1 Patched: Updated: July 3, 2026
LOW

w2s-migrate-woo-to-shopify

w2s-migrate-woo-to-shopify

Score: N/A W2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read Affected: *-1.2.1 Patched: 1.3.0 Updated: July 3, 2026
LOW

stratum

stratum

Score: N/A Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget Affected: *-1.4.7 Patched: 1.5.0 Updated: July 3, 2026
LOW

simplepress

simplepress

Score: N/A Simple:Press Forum <= 6.10.11 - Reflected Cross-Site Scripting Affected: *-6.10.11 Patched: 6.10.12 Updated: July 3, 2026
LOW

monetag-official

monetag-official

Score: 89/100 Monetag Official Plugin <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: Updated: July 3, 2026
LOW

Master Slider – Responsive Touch Slider

master-slider

Score: 86/100 Master Slider <= 3.10.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.10.0 Patched: 3.10.5 Updated: July 3, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.2.7.5 Patched: 4.2.7.5.1 Updated: July 3, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.2.7.5 Patched: 4.2.7.5.1 Updated: July 3, 2026
LOW

ethereumico

ethereumico

Score: 93/100 EthereumICO <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ethereum-ico Shortcode Affected: *-2.4.6 Patched: 2.4.7 Updated: July 3, 2026
LOW

embed-swagger-ui

embed-swagger-ui

Score: 91/100 Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

elementor-pro

elementor-pro

Score: 93/100 Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode Affected: *-3.25.10 Patched: 3.25.11 Updated: July 3, 2026
LOW

bulk-menu-edit

bulk-menu-edit

Score: 93/100 Bulk Menu Edit <= 1.3.0 - Missing Authorization Affected: *-1.3 Patched: 1.3.1 Updated: July 3, 2026
LOW

all-bootstrap-blocks

all-bootstrap-blocks

Score: 97/100 All Bootstrap Blocks <= 1.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.26 Patched: 1.3.27 Updated: July 3, 2026
LOW

alex-reservations

alex-reservations

Score: 97/100 Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.5 Patched: 2.0.6 Updated: July 3, 2026
LOW

brid-video-easy-publish

brid-video-easy-publish

Score: 91/100 Target Video Easy Publish <= 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via brid_override_yt Shortcode Affected: *-3.8.3 Patched: 3.8.4 Updated: July 3, 2026
LOW

flexible-wishlist

flexible-wishlist

Score: 93/100 Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter Affected: *-1.2.25 Patched: 1.2.26 Updated: July 3, 2026
LOW

wp-mailster

wp-mailster

Score: N/A WP Mailster <= 1.8.20.0 - Reflected Cross-Site Scripting Affected: *-1.8.20.0 Patched: 1.8.21.0 Updated: July 3, 2026
LOW

simple-image-sizes

simple-image-sizes

Score: N/A Simple Image Sizes <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.2.2 Patched: 3.2.3 Updated: July 3, 2026
LOW

custom-registration-form-builder-with-submission-manager

custom-registration-form-builder-with-submission-manager

Score: 93/100 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.3.3 - Reflected Cross-Site Scripting Affected: *-6.0.3.3 Patched: 6.0.3.4 Updated: July 3, 2026
LOW

clickwhale

clickwhale

Score: 93/100 ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.1 Patched: 2.4.2 Updated: July 3, 2026
LOW

elementskit

elementskit

Score: 93/100 ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter Affected: *-3.7.8 Patched: 3.7.9 Updated: July 3, 2026
LOW

mailup-auto-subscribtion

mailup-auto-subscribtion

Score: 93/100 MailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.2.0 Updated: July 3, 2026
LOW

ws-form-pro

ws-form-pro

Score: N/A WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.10.13 Patched: 1.10.14 Updated: July 3, 2026
LOW

wpjobboard

wpjobboard

Score: N/A WPJobBoard <= 5.10.1 - Reflected Cross-Site Scripting Affected: *-5.10.1 Patched: 5.11.1 Updated: July 3, 2026
LOW

wp-touch-slider

wp-touch-slider

Score: N/A WP Touch Slider <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 3, 2026
LOW

wp-multi-store-locator

wp-multi-store-locator

Score: N/A WP Multistore Locator — WP Store Locator Plugin: Effortless Integration With Snazzy Maps <= 2.5.0 - Reflected Cross-Site Scripting Affected: *-2.5.0 Patched: 2.5.1 Updated: July 3, 2026
LOW

wise-forms

wise-forms

Score: N/A Wise Forms <= 1.2.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 3, 2026

Showing 12501 to 12600 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 17:35 UTC.