Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

93

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
vr-frases vr-frases N/A VR Frases <= 3.0.1 - Reflected Cross-Site Scripting LOW *-3.0.1 4.0 July 3, 2026
tube-video-ads-lite tube-video-ads-lite N/A Tube Video Ads Lite <= 1.5.7 - Reflected Cross-Site Scripting LOW *-1.5.7 July 3, 2026
trx_addons trx_addons N/A ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data LOW *-2.32.3 2.34.0 July 3, 2026
track-logins track-logins N/A Track Logins <= 1.0 - Authenticated (Admin+) SQL Injection LOW *-1.0 July 3, 2026
tc-ecommerce tc-ecommerce N/A Themes Coder <= 1.3.4 - Unauthenticated SQL Injection LOW *-1.3.4 1.4.0 July 3, 2026
scroll-styler scroll-styler N/A Scroll Styler <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 3, 2026
real-time-auto-find-and-replace real-time-auto-find-and-replace N/A Better Find and Replace <= 1.6.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation LOW *-1.6.7 1.6.8 July 3, 2026
post-grid-carousel-ultimate post-grid-carousel-ultimate N/A Post Grid, Slider & Carousel Ultimate <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion LOW *-1.6.10 1.7 July 3, 2026
post-carousel-slider post-carousel-slider N/A Post Carousel Slider <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.1 July 3, 2026
philantro philantro N/A Philantro – Donations and Donor Management <= 5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via donate Shortcode LOW *-5.3 5.4 July 3, 2026
oshine-modules oshine-modules
93
Oshine Modules < 3.3.8 - Unauthenticated Server-Side Request Forgery LOW [*, 3.3.8) 3.3.8 July 3, 2026
oshine-modules oshine-modules
93
Oshine Modules <= 3.3.7 - Reflected Cross-Site Scripting LOW *-3.3.7 3.3.8 July 3, 2026
morkva-ua-shipping morkva-ua-shipping
93
Morkva UA Shipping <= 1.0.18 - Unauthenticated Local File Inclusion LOW *-1.0.18 1.0.20 July 3, 2026
media-downloader media-downloader
93
Media Downloader <= 0.4.7.5 - Reflected Cross-Site Scripting LOW *-0.4.7.5 0.4.7.6 July 3, 2026
issuu-panel issuu-panel
91
Issuu Panel <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1.1 July 3, 2026
internal-link-builder internal-link-builder
89
Internal Link Builder <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 3, 2026
import-users-from-csv-with-meta import-users-from-csv-with-meta
93
Import and export users and customers <= 1.27.12 - Unauthenticated Sensitive Information Disclosure LOW *-1.27.12 1.27.13 July 3, 2026
full-circle full-circle
91
Full Circle <= 0.5.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.5.7.8 July 3, 2026
flashcounter flashcounter
91
FlashCounter <= 1.1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.8 July 3, 2026
fare-calculator fare-calculator
91
Fare Calculator <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 3, 2026
eventer eventer
89
Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees LOW *-3.9.8 3.9.9 July 3, 2026
dynamic-url-seo dynamic-url-seo
93
Dynamic URL SEO <= 1.0 - Cross-Site Request Forgery LOW *-1.0 1.2 July 3, 2026
designer designer
91
Designer <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.1 July 3, 2026
cf7-dynamics-crm cf7-dynamics-crm
93
WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.6 - Reflected Cross-Site Scripting LOW *-1.1.6 1.1.7 July 3, 2026
wc-affiliate wc-affiliate N/A WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting LOW *-2.4 2.5 July 3, 2026
VikBooking Hotel Booking Engine & PMS vikbooking
95
VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.7.2 1.7.3 July 3, 2026
survey-maker survey-maker N/A Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question LOW *-5.1.3.3 5.1.3.4 July 3, 2026
Membership Plugin – Kadence Memberships restrict-content N/A Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-3.2.13 3.2.14 July 3, 2026
Quiz Maker by AYS quiz-maker
66
Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content LOW 20.0.0-21.8.0, 7.0.0-8.8.0, 30.0.0-31.8.0 21.8.0.100 July 3, 2026
Quiz Maker by AYS quiz-maker
66
Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated SQL Injection via id LOW 20.0.0-21.8.0, 7.0.0-8.8.0, 30.0.0-31.8.0 21.8.0.100 July 3, 2026
Quiz Maker by AYS quiz-maker
66
Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Credentials Modification and Stored Cross-Site Scripting LOW 20.0.0-21.8.0, 7.0.0-8.8.0, 30.0.0-31.8.0 21.8.0.100 July 3, 2026
Quiz Maker by AYS quiz-maker
66
Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content LOW 20.0.0-21.8.0, 7.0.0-8.8.0, 30.0.0-31.8.0 21.8.0.100 July 3, 2026
multiple-pages-generator-by-porthas multiple-pages-generator-by-porthas
93
Multiple Page Generator Plugin – MPG <= 4.0.5 - Authenticated (Editor+) Server-Side Request Forgery via fileUrl LOW *-4.0.5 4.0.6 July 3, 2026
wow-carousel-for-divi-lite wow-carousel-for-divi-lite N/A Divi Carousel Lite <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets LOW *-2.0.4 2.1.0 July 3, 2026
bit-form bit-form
93
Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery LOW *-2.17.4 2.17.5 July 3, 2026
brid-video-easy-publish brid-video-easy-publish
91
Target Video Easy Publish <= 3.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.8.3 3.8.4 July 3, 2026
learnpress learnpress
93
LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name LOW *-4.2.7.5 4.2.7.5.1 July 3, 2026
masy-gallery masy-gallery
91
Masy Gallery <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7 July 3, 2026
youzify youzify N/A Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) LOW *-1.3.3 1.3.4 July 3, 2026
youzify youzify N/A Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update LOW *-1.3.4 1.3.5 July 3, 2026
youzify youzify N/A Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion LOW *-1.3.2 1.3.3 July 3, 2026
abc-notation abc-notation
93
ABC Notation <= 6.1.3 - Authenticated (Contributor+) Arbitrary File Read LOW *-6.1.3 July 3, 2026
power-ups-for-elementor power-ups-for-elementor N/A Power Ups for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2 July 3, 2026
brodos-net-onlineshop brodos-net-onlineshop
91
brodos.net Onlineshop Plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.2 July 3, 2026
ask-me-anything-anonymously ask-me-anything-anonymously
95
Ask Me Anything (Anonymously) <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6 July 3, 2026
connections connections
91
Connections Business Directory <= 10.4.66 - Authenticated (Admin+) Arbitrary Directory Deletion LOW *-10.4.66 July 3, 2026
personalize-woocommerce-cart-page personalize-woocommerce-cart-page N/A GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update LOW *-3.5 4.0 July 3, 2026
broadstreet broadstreet
93
Broadstreet <= 1.51.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via zone Parameter LOW *-1.51.0 1.51.1 July 3, 2026
etsy-importer etsy-importer
91
Etsy Importer <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.2 July 3, 2026
bilingual-linker bilingual-linker
93
Bilingual Linker <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4 2.4.1 July 3, 2026
wp-contact-form7-email-spam-blocker wp-contact-form7-email-spam-blocker N/A WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 3, 2026
notice-faq notice-faq
91
WordPress SEO Friendly Accordion FAQ with AI assisted content generation <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.1 July 3, 2026
notice-board-by-towkir notice-board-by-towkir
91
NOTICE BOARD BY TOWKIR <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1 July 3, 2026
flexmls-idx flexmls-idx
93
Flexmls® IDX Plugin <= 3.14.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via API parameters LOW *-3.14.26 3.14.27 July 3, 2026
Plethora Plugins Tabs + Accordions plethora-tabs-accordions
98
Plethora Plugins Tabs + Accordions <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor LOW *-1.1.8 1.2 July 3, 2026
linear linear
93
Linear <= 2.8.1 - Cross-Site Request Forgery to Cache Reset LOW *-2.8.1 2.8.2 July 3, 2026
Xagio SEO – AI Powered SEO xagio-seo
64
Xagio SEO <= 7.0.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.0.0.20 7.0.0.21 July 3, 2026
wt-woocommerce-wishlist wt-woocommerce-wishlist N/A Wishlist for WooCommerce <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.2 2.1.3 July 3, 2026
wpvr wpvr N/A WP VR <= 8.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-8.5.14 8.5.15 July 3, 2026
wpdm-premium-packages wpdm-premium-packages N/A Premium Packages <= 5.9.6 - Authenticated (Administrator+) SQL Injection LOW *-5.9.6 5.9.7 July 3, 2026
wpbookit wpbookit N/A WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload LOW *-1.6.9 1.6.10 July 3, 2026
wp-ultimate-exporter wp-ultimate-exporter N/A WP Ultimate Exporter <= 2.9 - Authenticated (Admin+) Arbitrary File Read LOW *-2.9 2.9.1 July 3, 2026
wp-stats-manager wp-stats-manager N/A WP Visitor Statistics (Real Time Traffic) <= 7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-7.2 7.3 July 3, 2026
wp-nested-pages wp-nested-pages N/A Nested Pages <= 3.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.2.9 3.2.10 July 3, 2026
WP Go Maps (formerly WP Google Maps) wp-google-maps
66
WP Go Maps <= 9.0.40 - Cross-Site Request Forgery LOW *-9.0.40 9.0.41 July 3, 2026
woocommerce-product-addon woocommerce-product-addon N/A PPOM for WooCommerce <= 33.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-33.0.8 33.0.9 July 3, 2026
Custom Product Tabs Lite for WooCommerce woocommerce-custom-product-tabs-lite
97
Custom Product Tabs Lite for WooCommerce <= 1.9.0 - Authenticated (Shop Manager+) PHP Object Injection LOW *-1.9.0 1.9.1 July 3, 2026
woocommerce-cloak-affiliate-links woocommerce-cloak-affiliate-links N/A WooCommerce Cloak Affiliate Links <= 1.0.35 - Cross-Site Request Forgery LOW *-1.0.35 1.0.36 July 3, 2026
woo-quick-view woo-quick-view N/A WooCommerce Quick View <= 1.1.1 - Unauthenticated Information Disclosure LOW *-1.1.1 1.1.3 July 3, 2026
woo-product-carousel-slider-and-grid-ultimate woo-product-carousel-slider-and-grid-ultimate N/A Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.10.0 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.10.0 1.10.1 July 3, 2026
woo-advanced-product-size-chart woo-advanced-product-size-chart N/A Product Size Charts Plugin for WooCommerce <= 2.4.5 - Missing Authorization LOW *-2.4.5 2.4.6 July 3, 2026
widget-countdown widget-countdown N/A Widget Countdown <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.1 2.7.2 July 3, 2026
Product Table & List Builder for WooCommerce Lite wc-product-table-lite N/A WooCommerce Product Table Lite <= 3.8.7 - Missing Authorization LOW *-3.8.7 3.9.0 July 3, 2026
v-form v-form N/A VForm <= 3.0.5 - Missing Authorization LOW *-3.0.5 3.0.7 July 3, 2026
ultimate-coming-soon ultimate-coming-soon N/A Ultimate Coming Soon & Maintenance <= 1.0.9 - Cross-Site Request Forgery LOW *-1.0.9 1.1.0 July 3, 2026
trx_addons trx_addons N/A ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode LOW *-2.33.0 2.34.0 July 3, 2026
tourfic tourfic N/A Tourfic <= 2.15.3 - Authenticated (Admin+) Arbitrary File Upload LOW *-2.15.3 2.15.4 July 3, 2026
thoughtful-comments thoughtful-comments N/A FV Thoughtful Comments <= 0.3.5 - Missing Authorization LOW *-0.3.5 0.3.6 July 3, 2026
thim-elementor-kit thim-elementor-kit N/A Thim Elementor Kit <= 1.2.8 - Missing Authorization LOW *-1.2.8 1.2.9 July 3, 2026
taxonomy-discounts-woocommerce taxonomy-discounts-woocommerce N/A Taxonomy/Term and Role based Discounts for WooCommerce <= 5.1 - Cross-Site Request Forgery to Settings Update LOW *-5.1 5.2 July 3, 2026
Super block slider – Image & content slider super-block-slider N/A Super Block Slider <= 2.7.9 - Missing Authorization LOW *-2.7.9 2.8 July 3, 2026
subscriptiondna subscriptiondna N/A Subscription DNA <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1 2.2 July 3, 2026
sticky-buttons sticky-buttons N/A Sticky Buttons <= 4.1.1 - Cross-Site Request Forgery to Settings Update LOW *-4.1.1 4.1.2 July 3, 2026
simple-video-management-system simple-video-management-system N/A Simple Video Management System <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0.4 July 3, 2026
simple-download-monitor simple-download-monitor N/A Simple Download Monitor <= 3.9.25 - Authenticated (Administrator+) SQL Injection LOW *-3.9.25 3.9.26 July 3, 2026
simple-comment-editing simple-comment-editing N/A Comment Edit Core – Simple Comment Editing <= 3.0.33 - Authenticated (Admin+) Server-Side Request Forgery LOW *-3.0.33 3.1.0 July 3, 2026
side-menu-lite side-menu-lite N/A Side Menu Lite <= 5.3.1 - Cross-Site Request Forgery to Settings Update LOW *-5.3.1 5.3.2 July 3, 2026
showhide-shortcode showhide-shortcode N/A Show/Hide Shortcode <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 1.0.1 July 3, 2026
shmapper-by-teplitsa shmapper-by-teplitsa N/A ShMapper by Teplitsa <= 1.5.0 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.5.0 1.5.1 July 3, 2026
sfwd-lms sfwd-lms N/A LearnDash LMS <= 4.20.0.1 - Missing Authorization LOW *-4.20.0.1 4.20.0.3 July 3, 2026
serped-net serped-net N/A SERPed.net <= 4.4 - Authenticated (Contributor+) SQL Injection LOW *-4.4 4.6 July 3, 2026
seo-automated-link-building seo-automated-link-building N/A Internal Links Manager <= 2.5.2 - Missing Authorization LOW *-2.5.2 2.5.3 July 3, 2026
sensly-online-presence sensly-online-presence N/A Sensly Online Presence <= 0.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.6 July 3, 2026
rsvpmaker rsvpmaker N/A RSVPMarker <= 11.4.5 - Missing Authorization LOW *-11.4.5 11.4.6 July 3, 2026
rsvp rsvp N/A RSVP and Event Management Plugin <= 2.7.14 - Authenticated (Administrator+) SQL Injection LOW *-2.7.14 2.7.15 July 3, 2026
rometheme-for-elementor rometheme-for-elementor N/A RomethemeKit For Elementor <= 1.5.2 - Missing Authorization LOW *-1.5.2 1.5.3 July 3, 2026
roi-calculator roi-calculator N/A Roi Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 1.1 July 3, 2026
reviewstap reviewstap N/A ReviewsTap <= 1.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.2 1.1.3 July 3, 2026
restrict-anonymous-access restrict-anonymous-access N/A Restrict Anonymous Access <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2 1.2.1 July 3, 2026
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) really-simple-ssl
84
Really Simple SSL <= 9.1.4 - Cross-Site Request Forgery LOW *-9.1.4 9.2.0 July 3, 2026
LOW

vr-frases

vr-frases

Score: N/A VR Frases <= 3.0.1 - Reflected Cross-Site Scripting Affected: *-3.0.1 Patched: 4.0 Updated: July 3, 2026
LOW

tube-video-ads-lite

tube-video-ads-lite

Score: N/A Tube Video Ads Lite <= 1.5.7 - Reflected Cross-Site Scripting Affected: *-1.5.7 Patched: Updated: July 3, 2026
LOW

trx_addons

trx_addons

Score: N/A ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data Affected: *-2.32.3 Patched: 2.34.0 Updated: July 3, 2026
LOW

track-logins

track-logins

Score: N/A Track Logins <= 1.0 - Authenticated (Admin+) SQL Injection Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

tc-ecommerce

tc-ecommerce

Score: N/A Themes Coder <= 1.3.4 - Unauthenticated SQL Injection Affected: *-1.3.4 Patched: 1.4.0 Updated: July 3, 2026
LOW

scroll-styler

scroll-styler

Score: N/A Scroll Styler <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

real-time-auto-find-and-replace

real-time-auto-find-and-replace

Score: N/A Better Find and Replace <= 1.6.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-1.6.7 Patched: 1.6.8 Updated: July 3, 2026
LOW

post-grid-carousel-ultimate

post-grid-carousel-ultimate

Score: N/A Post Grid, Slider & Carousel Ultimate <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.6.10 Patched: 1.7 Updated: July 3, 2026
LOW

post-carousel-slider

post-carousel-slider

Score: N/A Post Carousel Slider <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 3, 2026
LOW

philantro

philantro

Score: N/A Philantro – Donations and Donor Management <= 5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via donate Shortcode Affected: *-5.3 Patched: 5.4 Updated: July 3, 2026
LOW

oshine-modules

oshine-modules

Score: 93/100 Oshine Modules < 3.3.8 - Unauthenticated Server-Side Request Forgery Affected: [*, 3.3.8) Patched: 3.3.8 Updated: July 3, 2026
LOW

oshine-modules

oshine-modules

Score: 93/100 Oshine Modules <= 3.3.7 - Reflected Cross-Site Scripting Affected: *-3.3.7 Patched: 3.3.8 Updated: July 3, 2026
LOW

morkva-ua-shipping

morkva-ua-shipping

Score: 93/100 Morkva UA Shipping <= 1.0.18 - Unauthenticated Local File Inclusion Affected: *-1.0.18 Patched: 1.0.20 Updated: July 3, 2026
LOW

media-downloader

media-downloader

Score: 93/100 Media Downloader <= 0.4.7.5 - Reflected Cross-Site Scripting Affected: *-0.4.7.5 Patched: 0.4.7.6 Updated: July 3, 2026
LOW

issuu-panel

issuu-panel

Score: 91/100 Issuu Panel <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.1 Patched: Updated: July 3, 2026
LOW

internal-link-builder

internal-link-builder

Score: 89/100 Internal Link Builder <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 3, 2026
LOW

import-users-from-csv-with-meta

import-users-from-csv-with-meta

Score: 93/100 Import and export users and customers <= 1.27.12 - Unauthenticated Sensitive Information Disclosure Affected: *-1.27.12 Patched: 1.27.13 Updated: July 3, 2026
LOW

full-circle

full-circle

Score: 91/100 Full Circle <= 0.5.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.5.7.8 Patched: Updated: July 3, 2026
LOW

flashcounter

flashcounter

Score: 91/100 FlashCounter <= 1.1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.8 Patched: Updated: July 3, 2026
LOW

fare-calculator

fare-calculator

Score: 91/100 Fare Calculator <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 3, 2026
LOW

eventer

eventer

Score: 89/100 Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees Affected: *-3.9.8 Patched: 3.9.9 Updated: July 3, 2026
LOW

dynamic-url-seo

dynamic-url-seo

Score: 93/100 Dynamic URL SEO <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: 1.2 Updated: July 3, 2026
LOW

designer

designer

Score: 91/100 Designer <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.1 Patched: Updated: July 3, 2026
LOW

cf7-dynamics-crm

cf7-dynamics-crm

Score: 93/100 WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.6 - Reflected Cross-Site Scripting Affected: *-1.1.6 Patched: 1.1.7 Updated: July 3, 2026
LOW

wc-affiliate

wc-affiliate

Score: N/A WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting Affected: *-2.4 Patched: 2.5 Updated: July 3, 2026
LOW

VikBooking Hotel Booking Engine & PMS

vikbooking

Score: 95/100 VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.7.2 Patched: 1.7.3 Updated: July 3, 2026
LOW

survey-maker

survey-maker

Score: N/A Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question Affected: *-5.1.3.3 Patched: 5.1.3.4 Updated: July 3, 2026
LOW

Membership Plugin – Kadence Memberships

restrict-content

Score: N/A Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-3.2.13 Patched: 3.2.14 Updated: July 3, 2026
LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content Affected: 20.0.0-21.8.0, 7.0.0-8.8.0, 30.0.0-31.8.0 Patched: 21.8.0.100 Updated: July 3, 2026
LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated SQL Injection via id Affected: 20.0.0-21.8.0, 7.0.0-8.8.0, 30.0.0-31.8.0 Patched: 21.8.0.100 Updated: July 3, 2026
LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Credentials Modification and Stored Cross-Site Scripting Affected: 20.0.0-21.8.0, 7.0.0-8.8.0, 30.0.0-31.8.0 Patched: 21.8.0.100 Updated: July 3, 2026
LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content Affected: 20.0.0-21.8.0, 7.0.0-8.8.0, 30.0.0-31.8.0 Patched: 21.8.0.100 Updated: July 3, 2026
LOW

multiple-pages-generator-by-porthas

multiple-pages-generator-by-porthas

Score: 93/100 Multiple Page Generator Plugin – MPG <= 4.0.5 - Authenticated (Editor+) Server-Side Request Forgery via fileUrl Affected: *-4.0.5 Patched: 4.0.6 Updated: July 3, 2026
LOW

wow-carousel-for-divi-lite

wow-carousel-for-divi-lite

Score: N/A Divi Carousel Lite <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets Affected: *-2.0.4 Patched: 2.1.0 Updated: July 3, 2026
LOW

bit-form

bit-form

Score: 93/100 Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery Affected: *-2.17.4 Patched: 2.17.5 Updated: July 3, 2026
LOW

brid-video-easy-publish

brid-video-easy-publish

Score: 91/100 Target Video Easy Publish <= 3.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.8.3 Patched: 3.8.4 Updated: July 3, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name Affected: *-4.2.7.5 Patched: 4.2.7.5.1 Updated: July 3, 2026
LOW

masy-gallery

masy-gallery

Score: 91/100 Masy Gallery <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 3, 2026
LOW

youzify

youzify

Score: N/A Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) Affected: *-1.3.3 Patched: 1.3.4 Updated: July 3, 2026
LOW

youzify

youzify

Score: N/A Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update Affected: *-1.3.4 Patched: 1.3.5 Updated: July 3, 2026
LOW

youzify

youzify

Score: N/A Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion Affected: *-1.3.2 Patched: 1.3.3 Updated: July 3, 2026
LOW

abc-notation

abc-notation

Score: 93/100 ABC Notation <= 6.1.3 - Authenticated (Contributor+) Arbitrary File Read Affected: *-6.1.3 Patched: Updated: July 3, 2026
LOW

power-ups-for-elementor

power-ups-for-elementor

Score: N/A Power Ups for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 3, 2026
LOW

brodos-net-onlineshop

brodos-net-onlineshop

Score: 91/100 brodos.net Onlineshop Plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: July 3, 2026
LOW

ask-me-anything-anonymously

ask-me-anything-anonymously

Score: 95/100 Ask Me Anything (Anonymously) <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 3, 2026
LOW

connections

connections

Score: 91/100 Connections Business Directory <= 10.4.66 - Authenticated (Admin+) Arbitrary Directory Deletion Affected: *-10.4.66 Patched: Updated: July 3, 2026
LOW

personalize-woocommerce-cart-page

personalize-woocommerce-cart-page

Score: N/A GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update Affected: *-3.5 Patched: 4.0 Updated: July 3, 2026
LOW

broadstreet

broadstreet

Score: 93/100 Broadstreet <= 1.51.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via zone Parameter Affected: *-1.51.0 Patched: 1.51.1 Updated: July 3, 2026
LOW

etsy-importer

etsy-importer

Score: 91/100 Etsy Importer <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.2 Patched: Updated: July 3, 2026
LOW

bilingual-linker

bilingual-linker

Score: 93/100 Bilingual Linker <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4 Patched: 2.4.1 Updated: July 3, 2026
LOW

wp-contact-form7-email-spam-blocker

wp-contact-form7-email-spam-blocker

Score: N/A WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 3, 2026
LOW

notice-faq

notice-faq

Score: 91/100 WordPress SEO Friendly Accordion FAQ with AI assisted content generation <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: July 3, 2026
LOW

notice-board-by-towkir

notice-board-by-towkir

Score: 91/100 NOTICE BOARD BY TOWKIR <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1 Patched: Updated: July 3, 2026
LOW

flexmls-idx

flexmls-idx

Score: 93/100 Flexmls® IDX Plugin <= 3.14.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via API parameters Affected: *-3.14.26 Patched: 3.14.27 Updated: July 3, 2026
LOW

Plethora Plugins Tabs + Accordions

plethora-tabs-accordions

Score: 98/100 Plethora Plugins Tabs + Accordions <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor Affected: *-1.1.8 Patched: 1.2 Updated: July 3, 2026
LOW

linear

linear

Score: 93/100 Linear <= 2.8.1 - Cross-Site Request Forgery to Cache Reset Affected: *-2.8.1 Patched: 2.8.2 Updated: July 3, 2026
LOW

Xagio SEO – AI Powered SEO

xagio-seo

Score: 64/100 Xagio SEO <= 7.0.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.0.0.20 Patched: 7.0.0.21 Updated: July 3, 2026
LOW

wt-woocommerce-wishlist

wt-woocommerce-wishlist

Score: N/A Wishlist for WooCommerce <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.2 Patched: 2.1.3 Updated: July 3, 2026
LOW

wpvr

wpvr

Score: N/A WP VR <= 8.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.5.14 Patched: 8.5.15 Updated: July 3, 2026
LOW

wpdm-premium-packages

wpdm-premium-packages

Score: N/A Premium Packages <= 5.9.6 - Authenticated (Administrator+) SQL Injection Affected: *-5.9.6 Patched: 5.9.7 Updated: July 3, 2026
LOW

wpbookit

wpbookit

Score: N/A WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload Affected: *-1.6.9 Patched: 1.6.10 Updated: July 3, 2026
LOW

wp-ultimate-exporter

wp-ultimate-exporter

Score: N/A WP Ultimate Exporter <= 2.9 - Authenticated (Admin+) Arbitrary File Read Affected: *-2.9 Patched: 2.9.1 Updated: July 3, 2026
LOW

wp-stats-manager

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-7.2 Patched: 7.3 Updated: July 3, 2026
LOW

wp-nested-pages

wp-nested-pages

Score: N/A Nested Pages <= 3.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.9 Patched: 3.2.10 Updated: July 3, 2026
LOW

woocommerce-product-addon

woocommerce-product-addon

Score: N/A PPOM for WooCommerce <= 33.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-33.0.8 Patched: 33.0.9 Updated: July 3, 2026
LOW

Custom Product Tabs Lite for WooCommerce

woocommerce-custom-product-tabs-lite

Score: 97/100 Custom Product Tabs Lite for WooCommerce <= 1.9.0 - Authenticated (Shop Manager+) PHP Object Injection Affected: *-1.9.0 Patched: 1.9.1 Updated: July 3, 2026
LOW

woocommerce-cloak-affiliate-links

woocommerce-cloak-affiliate-links

Score: N/A WooCommerce Cloak Affiliate Links <= 1.0.35 - Cross-Site Request Forgery Affected: *-1.0.35 Patched: 1.0.36 Updated: July 3, 2026
LOW

woo-quick-view

woo-quick-view

Score: N/A WooCommerce Quick View <= 1.1.1 - Unauthenticated Information Disclosure Affected: *-1.1.1 Patched: 1.1.3 Updated: July 3, 2026
LOW

woo-product-carousel-slider-and-grid-ultimate

woo-product-carousel-slider-and-grid-ultimate

Score: N/A Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.10.0 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.10.0 Patched: 1.10.1 Updated: July 3, 2026
LOW

woo-advanced-product-size-chart

woo-advanced-product-size-chart

Score: N/A Product Size Charts Plugin for WooCommerce <= 2.4.5 - Missing Authorization Affected: *-2.4.5 Patched: 2.4.6 Updated: July 3, 2026
LOW

widget-countdown

widget-countdown

Score: N/A Widget Countdown <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.1 Patched: 2.7.2 Updated: July 3, 2026
LOW

v-form

v-form

Score: N/A VForm <= 3.0.5 - Missing Authorization Affected: *-3.0.5 Patched: 3.0.7 Updated: July 3, 2026
LOW

ultimate-coming-soon

ultimate-coming-soon

Score: N/A Ultimate Coming Soon & Maintenance <= 1.0.9 - Cross-Site Request Forgery Affected: *-1.0.9 Patched: 1.1.0 Updated: July 3, 2026
LOW

trx_addons

trx_addons

Score: N/A ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode Affected: *-2.33.0 Patched: 2.34.0 Updated: July 3, 2026
LOW

tourfic

tourfic

Score: N/A Tourfic <= 2.15.3 - Authenticated (Admin+) Arbitrary File Upload Affected: *-2.15.3 Patched: 2.15.4 Updated: July 3, 2026
LOW

thoughtful-comments

thoughtful-comments

Score: N/A FV Thoughtful Comments <= 0.3.5 - Missing Authorization Affected: *-0.3.5 Patched: 0.3.6 Updated: July 3, 2026
LOW

thim-elementor-kit

thim-elementor-kit

Score: N/A Thim Elementor Kit <= 1.2.8 - Missing Authorization Affected: *-1.2.8 Patched: 1.2.9 Updated: July 3, 2026
LOW

taxonomy-discounts-woocommerce

taxonomy-discounts-woocommerce

Score: N/A Taxonomy/Term and Role based Discounts for WooCommerce <= 5.1 - Cross-Site Request Forgery to Settings Update Affected: *-5.1 Patched: 5.2 Updated: July 3, 2026
LOW

subscriptiondna

subscriptiondna

Score: N/A Subscription DNA <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1 Patched: 2.2 Updated: July 3, 2026
LOW

sticky-buttons

sticky-buttons

Score: N/A Sticky Buttons <= 4.1.1 - Cross-Site Request Forgery to Settings Update Affected: *-4.1.1 Patched: 4.1.2 Updated: July 3, 2026
LOW

simple-video-management-system

simple-video-management-system

Score: N/A Simple Video Management System <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 3, 2026
LOW

simple-download-monitor

simple-download-monitor

Score: N/A Simple Download Monitor <= 3.9.25 - Authenticated (Administrator+) SQL Injection Affected: *-3.9.25 Patched: 3.9.26 Updated: July 3, 2026
LOW

simple-comment-editing

simple-comment-editing

Score: N/A Comment Edit Core – Simple Comment Editing <= 3.0.33 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-3.0.33 Patched: 3.1.0 Updated: July 3, 2026
LOW

side-menu-lite

side-menu-lite

Score: N/A Side Menu Lite <= 5.3.1 - Cross-Site Request Forgery to Settings Update Affected: *-5.3.1 Patched: 5.3.2 Updated: July 3, 2026
LOW

showhide-shortcode

showhide-shortcode

Score: N/A Show/Hide Shortcode <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: 1.0.1 Updated: July 3, 2026
LOW

shmapper-by-teplitsa

shmapper-by-teplitsa

Score: N/A ShMapper by Teplitsa <= 1.5.0 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.5.0 Patched: 1.5.1 Updated: July 3, 2026
LOW

sfwd-lms

sfwd-lms

Score: N/A LearnDash LMS <= 4.20.0.1 - Missing Authorization Affected: *-4.20.0.1 Patched: 4.20.0.3 Updated: July 3, 2026
LOW

serped-net

serped-net

Score: N/A SERPed.net <= 4.4 - Authenticated (Contributor+) SQL Injection Affected: *-4.4 Patched: 4.6 Updated: July 3, 2026
LOW

seo-automated-link-building

seo-automated-link-building

Score: N/A Internal Links Manager <= 2.5.2 - Missing Authorization Affected: *-2.5.2 Patched: 2.5.3 Updated: July 3, 2026
LOW

sensly-online-presence

sensly-online-presence

Score: N/A Sensly Online Presence <= 0.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.6 Patched: Updated: July 3, 2026
LOW

rsvpmaker

rsvpmaker

Score: N/A RSVPMarker <= 11.4.5 - Missing Authorization Affected: *-11.4.5 Patched: 11.4.6 Updated: July 3, 2026
LOW

rsvp

rsvp

Score: N/A RSVP and Event Management Plugin <= 2.7.14 - Authenticated (Administrator+) SQL Injection Affected: *-2.7.14 Patched: 2.7.15 Updated: July 3, 2026
LOW

rometheme-for-elementor

rometheme-for-elementor

Score: N/A RomethemeKit For Elementor <= 1.5.2 - Missing Authorization Affected: *-1.5.2 Patched: 1.5.3 Updated: July 3, 2026
LOW

roi-calculator

roi-calculator

Score: N/A Roi Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: 1.1 Updated: July 3, 2026
LOW

reviewstap

reviewstap

Score: N/A ReviewsTap <= 1.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: July 3, 2026
LOW

restrict-anonymous-access

restrict-anonymous-access

Score: N/A Restrict Anonymous Access <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: 1.2.1 Updated: July 3, 2026

Showing 12601 to 12700 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 18:31 UTC.