Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36406Across tracked plugins
Affected Plugins
91With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| auxin-elements | auxin-elements |
89
|
Shortcodes and extra features for Phlox theme <= 2.17.4 - Missing Authorization | LOW | *-2.17.4 | 2.17.5 | July 3, 2026 | |
| athemes-addons-for-elementor-lite | athemes-addons-for-elementor-lite |
93
|
aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.12 | 1.0.13 | July 3, 2026 | |
| ajax-search-lite | ajax-search-lite |
97
|
Ajax Search Lite <= 4.12.4 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-4.12.4 | 4.12.5 | July 3, 2026 | |
| activitytime | activitytime |
97
|
WP Sessions Time Monitoring Full Automatic <= 1.1.1 - Reflected Cross-Site Scripting | LOW | *-1.1.1 | 1.1.2 | July 3, 2026 | |
| Drag and Drop Multiple File Upload for Contact Form 7 | drag-and-drop-multiple-file-upload-contact-form-7 |
93
|
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion | LOW | *-1.3.8.5 | 1.3.8.6 | July 3, 2026 | |
| infographic-and-list-builder-ilist | infographic-and-list-builder-ilist |
93
|
AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution | LOW | *-4.9.0 | 5.0.0 | July 3, 2026 | |
| Product Table & List Builder for WooCommerce Lite | wc-product-table-lite | N/A | WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting | LOW | *-3.9.4 | 3.9.5 | July 3, 2026 | |
| wp-datatable | wp-datatable | N/A | WP DataTable <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | LOW | *-0.2.6 | 0.2.7 | July 3, 2026 | |
| mp3-music-player-by-sonaar | mp3-music-player-by-sonaar |
93
|
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Podcast RSS Feed | LOW | *-5.9.3 | 5.9.4 | July 3, 2026 | |
| Shared Files – Frontend File Upload Form & Secure File Sharing | shared-files |
78
|
Shared Files – Frontend File Upload Form & Secure File Sharing <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload | LOW | *-1.7.42 | 1.7.43 | July 3, 2026 | |
| lead-capturing-call-to-actions-by-vcita | lead-capturing-call-to-actions-by-vcita |
89
|
Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle | LOW | *-2.7.1 | July 3, 2026 | ||
| lead-capturing-call-to-actions-by-vcita | lead-capturing-call-to-actions-by-vcita |
89
|
Contact Form and Calls To Action by vcita <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.7.1 | July 3, 2026 | ||
| ni-woo-sales-commission | ni-woo-sales-commission |
91
|
Ni Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission Update | LOW | *-1.2.4 | July 3, 2026 | ||
| permalink-finder | permalink-finder | N/A | Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting | LOW | *-3.4 | July 3, 2026 | ||
| ht-event | ht-event |
93
|
HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor | LOW | *-1.4.7 | 1.4.8 | July 3, 2026 | |
| borderless | borderless |
93
|
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | LOW | *-1.6.2 | 1.6.3 | July 3, 2026 | |
| Forminator Forms – Contact Form, Payment Form & Custom Form Builder | forminator |
92
|
Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter | LOW | *-1.38.2 | 1.38.3 | July 3, 2026 | |
| seatreg | seatreg | N/A | SeatReg <= 1.56.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.56.0 | 1.56.1 | July 3, 2026 | |
| live-2d | live-2d |
93
|
Live2DWebCanvas <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion | LOW | *-1.9.11 | 1.9.12 | July 3, 2026 | |
| wpradio | wpradio | N/A | WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.4 | 1.0.5 | July 3, 2026 | |
| frictionless | frictionless |
91
|
Frictionless <= 0.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-0.0.23 | July 3, 2026 | ||
| gosign-posts-slider-block | gosign-posts-slider-block |
89
|
Gosign – Posts Slider Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1.0 | July 3, 2026 | ||
| borderless | borderless |
93
|
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.0 - Authenticated (Administrator+) Remote Code Execution | LOW | *-1.6.0 | 1.6.1 | July 3, 2026 | |
| borderless | borderless |
93
|
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion | LOW | *-1.5.9 | 1.6.0 | July 3, 2026 | |
| royal-core | royal-core | N/A | Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update | LOW | *-2.9.2 | July 3, 2026 | ||
| ecpay-ecommerce-for-woocommerce | ecpay-ecommerce-for-woocommerce |
93
|
ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion | LOW | *-1.1.2411060 | 1.1.2502030 | July 3, 2026 | |
| kona-instagram-feed-for-gutenberg | kona-instagram-feed-for-gutenberg |
89
|
Kona Gallery Block <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.7 | July 3, 2026 | ||
| ai-image-alt-text-generator-for-wp | ai-image-alt-text-generator-for-wp |
95
|
Ai Image Alt Text Generator for WP <= 1.0.6 - Reflected Cross-Site Scripting | LOW | *-1.0.6 | 1.0.7 | July 3, 2026 | |
| userpro-mediamanager | userpro-mediamanager | N/A | Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update | LOW | *-3.11.0 | July 3, 2026 | ||
| userpro-mediamanager | userpro-mediamanager | N/A | Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update | LOW | *-3.12.0 | July 3, 2026 | ||
| wp-survey-and-poll | wp-survey-and-poll | N/A | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) SQL Injection | LOW | *-1.7.5 | July 3, 2026 | ||
| we-testimonial-slider | we-testimonial-slider | N/A | WE – Testimonial Slider <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.5 | July 3, 2026 | ||
| starter-templates | starter-templates | N/A | Starter Templates by FancyWP <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery | LOW | *-2.0.0 | July 3, 2026 | ||
| wonder-fontawesome | wonder-fontawesome | N/A | Wonder FontAwesome <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-0.8 | July 3, 2026 | ||
| single-user-chat | single-user-chat | N/A | Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update | LOW | *-0.5 | July 3, 2026 | ||
| music-sheet-viewer | music-sheet-viewer |
89
|
Music Sheet Viewer <= 4.1 - Unauthenticated Arbitrary File Read | LOW | *-4.1 | July 3, 2026 | ||
| music-sheet-viewer | music-sheet-viewer |
89
|
Music Sheet Viewer <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.1 | July 3, 2026 | ||
| typer-core | typer-core | N/A | Typer Core <= 1.9.6 - Authenticated (Contributor+) Post Disclosure | LOW | *-1.9.6 | July 3, 2026 | ||
| wp-dispensary | wp-dispensary | N/A | WP Dispensary <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.5.0 | July 3, 2026 | ||
| makewebbetter-hubspot-for-woocommerce | makewebbetter-hubspot-for-woocommerce |
93
|
MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update | LOW | *-1.5.9 | 1.6.0 | July 3, 2026 | |
| system-dashboard | system-dashboard | N/A | System Dashboard <= 2.8.17 - Reflected Cross-Site Scripting via Filename Parameter | LOW | *-2.8.17 | 2.8.18 | July 3, 2026 | |
| stockdio-historical-chart | stockdio-historical-chart | N/A | Stockdio Historical Chart <= 2.8.18 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.8.18 | 2.8.19 | July 3, 2026 | |
| stageshow | stageshow | N/A | StageShow <= 9.8.6 - Reflected Cross-Site Scripting | LOW | *-9.8.6 | 10.0 | July 3, 2026 | |
| worpit-admin-dashboard-plugin | worpit-admin-dashboard-plugin | N/A | iControlWP – Multiple WordPress Site Manager <= 4.4.5 - Unauthenticated PHP Object Injection | LOW | *-4.4.5 | 4.5.0 | July 3, 2026 | |
| team-rosters | team-rosters | N/A | Team Rosters <= 4.7 - Reflected Cross-Site Scripting via 'tab' | LOW | *-4.7 | 4.8 | July 3, 2026 | |
| html5-chat | html5-chat |
93
|
HTML5 chat <= 1.07 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.07 | 1.08 | July 3, 2026 | |
| zstore-manager-basic | zstore-manager-basic | N/A | zStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing | LOW | *-3.311 | July 3, 2026 | ||
| safe-ai-malware-protection-for-wp | safe-ai-malware-protection-for-wp | N/A | Safe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database Export | LOW | *-1.0.17 | 1.0.18 | July 3, 2026 | |
| wp-table-editor | wp-table-editor | N/A | Table Editor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.5.1 | 1.6.0 | July 3, 2026 | |
| automatically-hierarchic-categories-in-menu | automatically-hierarchic-categories-in-menu |
93
|
Automatically Hierarchic Categories in Menu <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.0.7 | 2.0.8 | July 3, 2026 | |
| tlp-food-menu | tlp-food-menu | N/A | Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update | LOW | *-5.1.4 | 5.2.0 | July 3, 2026 | |
| ploxel | ploxel | N/A | Ticketmeo – Sell Tickets – Event Ticketing <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.3.6 | 2.4.0 | July 3, 2026 | |
| order-export-and-more-for-woocommerce | order-export-and-more-for-woocommerce |
93
|
Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | LOW | *-3.24 | 3.25 | July 3, 2026 | |
| login-page-styler | login-page-styler |
93
|
Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session Termination | LOW | *-7.1.1 | 7.1.2 | July 3, 2026 | |
| ehive-objects-image-grid | ehive-objects-image-grid |
93
|
eHive Objects Image Grid <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.4.1 | 2.4.2 | July 3, 2026 | |
| dc-woocommerce-multi-vendor | dc-woocommerce-multi-vendor |
93
|
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion | LOW | *-4.2.14 | 4.2.15 | July 3, 2026 | |
| buddyforms | buddyforms |
89
|
Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.8.13 | 2.8.14 | July 3, 2026 | |
| awesome-responsive-photo-gallery | awesome-responsive-photo-gallery |
93
|
Image Gallery – Responsive Photo Gallery <= 1.0.5 - Missing Authorization | LOW | *-1.0.5 | 1.2 | July 3, 2026 | |
| wp-image-uploader | wp-image-uploader | N/A | WP Image Uploader <= 1.0.1 - Reflected Cross-Site Scripting | LOW | *-1.0.1 | July 3, 2026 | ||
| clinked-client-portal | clinked-client-portal |
91
|
Clinked Client Portal <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.9 | 1.10 | July 3, 2026 | |
| GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | geodirectory |
66
|
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.97 - Unauthenticated SQL Injection | LOW | *-2.8.97 | 2.8.98 | July 3, 2026 | |
| pirate-forms | pirate-forms | N/A | Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution | LOW | *-2.6.0 | 2.6.1 | July 3, 2026 | |
| vr-frases | vr-frases | N/A | VR-Frases (collect & share quotes) <= 3.0.1 - Reflected Cross-Site Scripting | LOW | *-3.0.1 | 4.0 | July 3, 2026 | |
| vr-frases | vr-frases | N/A | VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection | LOW | *-3.0.1 | 4.0 | July 3, 2026 | |
| smart-wishlist-for-more-convert | smart-wishlist-for-more-convert | N/A | WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function | LOW | *-1.8.7 | 1.8.8 | July 3, 2026 | |
| responsive-block-editor-addons | responsive-block-editor-addons | N/A | Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via section_tag Parameter | LOW | *-1.9.9 | 2.0.0 | July 3, 2026 | |
| cp-contact-form-with-paypal | cp-contact-form-with-paypal |
93
|
CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery | LOW | *-1.3.52 | 1.3.53 | July 3, 2026 | |
| Ninja Forms – The Contact Form Builder That Grows With You | ninja-forms |
69
|
Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-3.8.24 | 3.8.25 | July 3, 2026 | |
| Event Tickets and Registration | event-tickets |
86
|
Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure | LOW | *-5.18.1 | 5.18.1.1 | July 3, 2026 | |
| wp-post-list-table | wp-post-list-table | N/A | WP Post List Table <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.3 | 1.0.4 | July 3, 2026 | |
| wp-image-uploader | wp-image-uploader | N/A | WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion | LOW | *-1.0.1 | July 3, 2026 | ||
| wp-image-uploader | wp-image-uploader | N/A | WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion | LOW | *-1.0.1 | July 3, 2026 | ||
| w2s-migrate-woo-to-shopify | w2s-migrate-woo-to-shopify | N/A | W2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read | LOW | *-1.2.1 | 1.3.0 | July 3, 2026 | |
| stratum | stratum | N/A | Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget | LOW | *-1.4.7 | 1.5.0 | July 3, 2026 | |
| simplepress | simplepress | N/A | Simple:Press Forum <= 6.10.11 - Reflected Cross-Site Scripting | LOW | *-6.10.11 | 6.10.12 | July 3, 2026 | |
| monetag-official | monetag-official |
89
|
Monetag Official Plugin <= 1.1.3 - Missing Authorization | LOW | *-1.1.3 | July 3, 2026 | ||
| Master Slider – Responsive Touch Slider | master-slider |
86
|
Master Slider <= 3.10.0 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.10.0 | 3.10.5 | July 3, 2026 | |
| learnpress | learnpress |
93
|
LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-4.2.7.5 | 4.2.7.5.1 | July 3, 2026 | |
| learnpress | learnpress |
93
|
LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-4.2.7.5 | 4.2.7.5.1 | July 3, 2026 | |
| ethereumico | ethereumico |
93
|
EthereumICO <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ethereum-ico Shortcode | LOW | *-2.4.6 | 2.4.7 | July 3, 2026 | |
| embed-swagger-ui | embed-swagger-ui |
91
|
Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.0 | July 3, 2026 | ||
| elementor-pro | elementor-pro |
93
|
Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode | LOW | *-3.25.10 | 3.25.11 | July 3, 2026 | |
| bulk-menu-edit | bulk-menu-edit |
93
|
Bulk Menu Edit <= 1.3.0 - Missing Authorization | LOW | *-1.3 | 1.3.1 | July 3, 2026 | |
| all-bootstrap-blocks | all-bootstrap-blocks |
97
|
All Bootstrap Blocks <= 1.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.3.26 | 1.3.27 | July 3, 2026 | |
| alex-reservations | alex-reservations |
97
|
Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.0.5 | 2.0.6 | July 3, 2026 | |
| brid-video-easy-publish | brid-video-easy-publish |
91
|
Target Video Easy Publish <= 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via brid_override_yt Shortcode | LOW | *-3.8.3 | 3.8.4 | July 3, 2026 | |
| DiviTorque Lite – Divi Theme, Divi Builder & Extra Theme | addons-for-divi |
93
|
Divi Torque Lite <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | LOW | *-4.1.0 | 4.1.1 | July 3, 2026 | |
| flexible-wishlist | flexible-wishlist |
93
|
Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter | LOW | *-1.2.25 | 1.2.26 | July 3, 2026 | |
| wp-mailster | wp-mailster | N/A | WP Mailster <= 1.8.20.0 - Reflected Cross-Site Scripting | LOW | *-1.8.20.0 | 1.8.21.0 | July 3, 2026 | |
| simple-image-sizes | simple-image-sizes | N/A | Simple Image Sizes <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.2.2 | 3.2.3 | July 3, 2026 | |
| custom-registration-form-builder-with-submission-manager | custom-registration-form-builder-with-submission-manager |
93
|
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.3.3 - Reflected Cross-Site Scripting | LOW | *-6.0.3.3 | 6.0.3.4 | July 3, 2026 | |
| clickwhale | clickwhale |
93
|
ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.4.1 | 2.4.2 | July 3, 2026 | |
| elementskit | elementskit |
93
|
ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter | LOW | *-3.7.8 | 3.7.9 | July 3, 2026 | |
| mailup-auto-subscribtion | mailup-auto-subscribtion |
93
|
MailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-1.1.0 | 1.2.0 | July 3, 2026 | |
| ws-form-pro | ws-form-pro | N/A | WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting | LOW | *-1.10.13 | 1.10.14 | July 3, 2026 | |
| WS Form LITE – Drag & Drop Contact Form Builder | ws-form | N/A | WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting | LOW | *-1.10.13 | 1.10.14 | July 3, 2026 | |
| wpjobboard | wpjobboard | N/A | WPJobBoard <= 5.10.1 - Reflected Cross-Site Scripting | LOW | *-5.10.1 | 5.11.1 | July 3, 2026 | |
| wp-touch-slider | wp-touch-slider | N/A | WP Touch Slider <= 2.2 - Reflected Cross-Site Scripting | LOW | *-2.2 | July 3, 2026 | ||
| wp-multi-store-locator | wp-multi-store-locator | N/A | WP Multistore Locator — WP Store Locator Plugin: Effortless Integration With Snazzy Maps <= 2.5.0 - Reflected Cross-Site Scripting | LOW | *-2.5.0 | 2.5.1 | July 3, 2026 | |
| wise-forms | wise-forms | N/A | Wise Forms <= 1.2.0 - Unauthenticated Stored Cross-Site Scripting | LOW | *-1.2.0 | July 3, 2026 |
auxin-elements
auxin-elements
athemes-addons-for-elementor-lite
athemes-addons-for-elementor-lite
ajax-search-lite
ajax-search-lite
activitytime
activitytime
Drag and Drop Multiple File Upload for Contact Form 7
drag-and-drop-multiple-file-upload-contact-form-7
infographic-and-list-builder-ilist
infographic-and-list-builder-ilist
Product Table & List Builder for WooCommerce Lite
wc-product-table-lite
wp-datatable
wp-datatable
mp3-music-player-by-sonaar
mp3-music-player-by-sonaar
Shared Files – Frontend File Upload Form & Secure File Sharing
shared-files
lead-capturing-call-to-actions-by-vcita
lead-capturing-call-to-actions-by-vcita
lead-capturing-call-to-actions-by-vcita
lead-capturing-call-to-actions-by-vcita
ni-woo-sales-commission
ni-woo-sales-commission
permalink-finder
permalink-finder
ht-event
ht-event
borderless
borderless
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
forminator
seatreg
seatreg
live-2d
live-2d
wpradio
wpradio
frictionless
frictionless
gosign-posts-slider-block
gosign-posts-slider-block
borderless
borderless
borderless
borderless
royal-core
royal-core
ecpay-ecommerce-for-woocommerce
ecpay-ecommerce-for-woocommerce
kona-instagram-feed-for-gutenberg
kona-instagram-feed-for-gutenberg
ai-image-alt-text-generator-for-wp
ai-image-alt-text-generator-for-wp
userpro-mediamanager
userpro-mediamanager
userpro-mediamanager
userpro-mediamanager
wp-survey-and-poll
wp-survey-and-poll
we-testimonial-slider
we-testimonial-slider
starter-templates
starter-templates
wonder-fontawesome
wonder-fontawesome
single-user-chat
single-user-chat
music-sheet-viewer
music-sheet-viewer
music-sheet-viewer
music-sheet-viewer
typer-core
typer-core
wp-dispensary
wp-dispensary
makewebbetter-hubspot-for-woocommerce
makewebbetter-hubspot-for-woocommerce
system-dashboard
system-dashboard
stockdio-historical-chart
stockdio-historical-chart
stageshow
stageshow
worpit-admin-dashboard-plugin
worpit-admin-dashboard-plugin
team-rosters
team-rosters
html5-chat
html5-chat
zstore-manager-basic
zstore-manager-basic
safe-ai-malware-protection-for-wp
safe-ai-malware-protection-for-wp
wp-table-editor
wp-table-editor
automatically-hierarchic-categories-in-menu
automatically-hierarchic-categories-in-menu
tlp-food-menu
tlp-food-menu
ploxel
ploxel
order-export-and-more-for-woocommerce
order-export-and-more-for-woocommerce
login-page-styler
login-page-styler
ehive-objects-image-grid
ehive-objects-image-grid
dc-woocommerce-multi-vendor
dc-woocommerce-multi-vendor
buddyforms
buddyforms
awesome-responsive-photo-gallery
awesome-responsive-photo-gallery
wp-image-uploader
wp-image-uploader
clinked-client-portal
clinked-client-portal
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
geodirectory
pirate-forms
pirate-forms
vr-frases
vr-frases
vr-frases
vr-frases
smart-wishlist-for-more-convert
smart-wishlist-for-more-convert
responsive-block-editor-addons
responsive-block-editor-addons
cp-contact-form-with-paypal
cp-contact-form-with-paypal
Ninja Forms – The Contact Form Builder That Grows With You
ninja-forms
Event Tickets and Registration
event-tickets
wp-post-list-table
wp-post-list-table
wp-image-uploader
wp-image-uploader
wp-image-uploader
wp-image-uploader
w2s-migrate-woo-to-shopify
w2s-migrate-woo-to-shopify
stratum
stratum
simplepress
simplepress
monetag-official
monetag-official
Master Slider – Responsive Touch Slider
master-slider
learnpress
learnpress
learnpress
learnpress
ethereumico
ethereumico
embed-swagger-ui
embed-swagger-ui
elementor-pro
elementor-pro
bulk-menu-edit
bulk-menu-edit
all-bootstrap-blocks
all-bootstrap-blocks
alex-reservations
alex-reservations
brid-video-easy-publish
brid-video-easy-publish
DiviTorque Lite – Divi Theme, Divi Builder & Extra Theme
addons-for-divi
flexible-wishlist
flexible-wishlist
wp-mailster
wp-mailster
simple-image-sizes
simple-image-sizes
custom-registration-form-builder-with-submission-manager
custom-registration-form-builder-with-submission-manager
clickwhale
clickwhale
elementskit
elementskit
mailup-auto-subscribtion
mailup-auto-subscribtion
ws-form-pro
ws-form-pro
WS Form LITE – Drag & Drop Contact Form Builder
ws-form
wpjobboard
wpjobboard
wp-touch-slider
wp-touch-slider
wp-multi-store-locator
wp-multi-store-locator
wise-forms
wise-forms
Showing 12501 to 12600 of 36406 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 3, 2026 at 17:35 UTC.