Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

90

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
radius-blocks radius-blocks N/A Radius Blocks <= 2.1.2 - Cross-Site Request Forgery LOW *-2.1.2 2.2.0 July 3, 2026
print-invoices-packing-slip-labels-for-woocommerce print-invoices-packing-slip-labels-for-woocommerce N/A WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.7.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting LOW *-4.7.1 4.7.2 July 3, 2026
post-duplicator post-duplicator N/A Post Duplicator <= 2.35 - Missing Authorization LOW *-2.35 2.36 July 3, 2026
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder popup-maker N/A Popup Maker <= 1.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.20.2 1.20.3 July 3, 2026
popup-box popup-box N/A Popup Box <= 3.2.4 - Cross-Site Request Forgery LOW *-3.2.4 3.2.5 July 3, 2026
Plethora Plugins Tabs + Accordions plethora-tabs-accordions
98
Plethora Plugins Tabs + Accordions <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.5 1.2.1 July 3, 2026
people-lists people-lists N/A People Lists <= 1.3.10 - Missing Authorization LOW *-1.3.10 2.0.0 July 3, 2026
pdf-for-woocommerce pdf-for-woocommerce N/A PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.6.0 4.7.0 July 3, 2026
paytium paytium N/A Paytium <= 4.4.11 - Unauthenticated Full Path Disclosure LOW *-4.4.11 4.4.12 July 3, 2026
patreon-connect patreon-connect N/A Patreon WordPress <= 1.9.1 - Missing Authorization LOW *-1.9.1 1.9.2 July 3, 2026
pagelayer pagelayer
93
PageLayer <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.4 1.9.5 July 3, 2026
orbisius-simple-notice orbisius-simple-notice
93
Orbisius Simple Notice <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.3 1.1.4 July 3, 2026
ninja-gdpr-compliance ninja-gdpr-compliance
93
GDPR CCPA Compliance Support <= 2.7.1 - Missing Authorization LOW *-2.7.1 2.7.2 July 3, 2026
mwp-herd-effect mwp-herd-effect
93
Herd Effects <= 6.2.1 - Cross-Site Request Forgery to Settings Update LOW *-6.2.1 6.2.2 July 3, 2026
modal-window modal-window
93
Modal Window <= 6.1.4 - Cross-Site Request Forgery to Settings Ipdate LOW *-6.1.4 6.1.5 July 3, 2026
magic-the-gathering-card-tooltips magic-the-gathering-card-tooltips
93
Magic the Gathering Card Tooltips <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.0 3.5.0 July 3, 2026
machform-shortcode machform-shortcode
93
MachForm Shortcode <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.1 1.5.0 July 3, 2026
local-sync local-sync
93
WP Duplicate – WordPress Migration Plugin <= 1.1.6 - Missing Authorization LOW *-1.1.6 1.1.7 July 3, 2026
listamester listamester
93
Listamester <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.4 2.3.5 July 3, 2026
linet-erp-woocommerce-integration linet-erp-woocommerce-integration
93
Linet ERP-Woocommerce Integration <= 3.5.7 - Cross-Site Request Forgery LOW *-3.5.7 3.5.8 July 3, 2026
learnpress learnpress
93
LearnPress <= 4.2.7.1 - Authenticated (Subscriber+) Open Redirect LOW *-4.2.7.1 4.2.7.2 July 3, 2026
ketchup-shortcodes-pack ketchup-shortcodes-pack
93
Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1.2 0.2.1 July 3, 2026
kbucket kbucket
93
KBucket <= 4.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.1.6 4.2.2 July 3, 2026
kb-support kb-support
91
KB Support <= 1.6.7 - Unauthenticated Open Redirect LOW *-1.6.7 1.6.8 July 3, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor kadence-blocks
91
Gutenberg Blocks by Kadence Blocks <= 3.3.1 - Missing Authorization LOW *-3.3.1 3.3.2 July 3, 2026
jsm-show-post-meta jsm-show-post-meta
93
JSM Show Post Metadata <= 4.6.0 - Missing Authorization LOW *-4.6.0 4.6.1 July 3, 2026
job-board-manager job-board-manager
83
Job Board Manager <= 2.1.59 - Cross-Site Request Forgery LOW *-2.1.59 2.1.60 July 3, 2026
jc-importer jc-importer
93
Import WP – Export and Import CSV and XML files to WordPress <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory LOW *-2.14.5 2.14.6 July 3, 2026
ip2location-country-blocker ip2location-country-blocker
93
Download IP2Location Country Blocker <= 2.38.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.38.3 2.38.4 July 3, 2026
icegram icegram
93
Icegram <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.31 3.1.32 July 3, 2026
Hyve Lite – AI Chatbot, ChatGPT-Powered Conversational Support hyve-lite
98
AI Chatbot for WordPress – Hyve Lite <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.2 1.2.3 July 3, 2026
ht-contactform ht-contactform
93
HT Conctact Form 7 <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.1 1.2.2 July 3, 2026
helloasso helloasso
93
HelloAsso <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.11 1.1.12 July 3, 2026
google-analytics-dashboard-for-wp google-analytics-dashboard-for-wp
93
ExactMetrics <= 8.1.0 - Missing Authorization LOW *-8.1.0 8.2.0 July 3, 2026
gmap-embed gmap-embed
93
Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Markers LOW *-1.9.3 1.9.4 July 3, 2026
gmap-embed gmap-embed
93
Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.9.3 1.9.4 July 3, 2026
fulltext-search fulltext-search
93
WP Fast Total Search <= 1.78.258 - Missing Authorization LOW *-1.78.258 1.79.262 July 3, 2026
fulltext-search fulltext-search
93
WP Fast Total Search <= 1.78.258 - Cross-Site Request Forgery LOW *-1.78.258 1.79.262 July 3, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
92
Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.38.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.38.2 1.38.3 July 3, 2026
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider fluent-smtp
85
FluentSMTP <= 2.2.80 - Cross-Site Request Forgery LOW *-2.2.80 2.2.81 July 3, 2026
faq-builder-ays faq-builder-ays
93
FAQ Builder AYS <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.7.3 1.7.4 July 3, 2026
extensions-for-cf7 extensions-for-cf7
93
Extensions For CF7 <= 3.2.0 - Authenticated (Admin+) Sever-Side Request Forgery LOW *-3.2.0 3.2.1 July 3, 2026
event-post event-post
91
Event post <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.9.7 5.9.8 July 3, 2026
essential-real-estate essential-real-estate
87
Essential Real Estate <= 5.1.8 - Cross-Site Request Forgery LOW *-5.1.8 5.1.9 July 3, 2026
email-subscribe email-subscribe
93
Email Subscription Popup <= 1.2.23 - Authenticated (Administrator+) SQL Injection LOW *-1.2.23 1.2.24 July 3, 2026
elementinvader-addons-for-elementor elementinvader-addons-for-elementor
93
ElementInvader Addons for Elementor <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.3 1.3.4 July 3, 2026
elementinvader-addons-for-elementor elementinvader-addons-for-elementor
93
ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization LOW *-1.3.1 1.3.2 July 3, 2026
elementinvader-addons-for-elementor elementinvader-addons-for-elementor
93
ElementInvader Addons for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.0 1.3.1 July 3, 2026
easy-youtube-gallery easy-youtube-gallery
93
Easy YouTube Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 1.0.5 July 3, 2026
dc-woocommerce-multi-vendor dc-woocommerce-multi-vendor
93
WC Marketplace <= 4.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.2.13 4.2.14 July 3, 2026
create-with-code create-with-code
93
Create with Code <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4 1.5 July 3, 2026
cp-easy-form-builder cp-easy-form-builder
93
Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection LOW *-1.2.41 1.2.42 July 3, 2026
counter-box counter-box
93
Counter Box <= 2.0.5 - Cross-Site Request Forgery LOW *-2.0.5 2.0.6 July 3, 2026
contact-form-to-email contact-form-to-email
93
Contact Form Email <= 1.3.52 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.3.52 1.3.53 July 3, 2026
coblocks coblocks
93
CoBlocks <= 3.1.13 - Missing Authorization LOW *-3.1.13 3.1.14 July 3, 2026
chained-quiz chained-quiz
93
Chained Quiz <= 1.3.2.9 - Authenticated (Admin+) Server-Side Request Forgery LOW *-1.3.2.9 1.3.3 July 3, 2026
call-now-button call-now-button
93
Call Now Button <= 1.4.13 - Cross-Site Request Forgery LOW *-1.4.13 1.4.14 July 3, 2026
caching-compatible-cookie-optin-and-javascript caching-compatible-cookie-optin-and-javascript
93
Caching Compatible Cookie Opt-In and JavaScript <= 0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.0.10 0.0.11 July 3, 2026
button-generation button-generation
93
Button Generator – easily Button Builder <= 3.1.1 - Cross-Site Request Forgery LOW *-3.1.1 3.1.2 July 3, 2026
build-private-store-for-woocommerce build-private-store-for-woocommerce
93
Build Private Store For Woocommerce <= 1.0 - Missing Authorization LOW *-1.0 1.1 July 3, 2026
bug-library bug-library
93
Bug Library <= 2.1.4 - Authenticated (Contributor+) SQL Injection LOW *-2.1.4 2.1.5 July 3, 2026
bubble-menu bubble-menu
93
Bubble Menu – circle floating menu <= 4.0.2 - Cross-Site Request Forgery LOW *-4.0.2 4.0.3 July 3, 2026
bridge-core bridge-core
93
Bridge Core <= 3.3 - Missing Authorization LOW *-3.3 3.3.1 July 3, 2026
boom-fest boom-fest
93
Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update LOW *-2.2.1 2.2.2 July 3, 2026
bookingpress-appointment-booking bookingpress-appointment-booking
93
BookingPress <= 1.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.25 1.1.26 July 3, 2026
booking-calendar-contact-form booking-calendar-contact-form
93
Booking Calendar Contact Form <= 1.2.55 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.55 1.2.56 July 3, 2026
blur-text blur-text
93
Blur Text <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 2.0.0 July 3, 2026
auction-nudge auction-nudge
93
Auction Nudge – Your eBay on Your Site <= 7.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-7.2.0 7.2.1 July 3, 2026
attire-blocks attire-blocks
93
Attire Blocks <= 1.9.6 - Cross-Site Request Forgery LOW *-1.9.6 1.9.7 July 3, 2026
atarim-visual-collaboration atarim-visual-collaboration
93
Atarim <= 4.0.8 - Unauthenticated Stored Cross-Site Scripting LOW *-4.0.8 4.0.9 July 3, 2026
astra-sites astra-sites
93
Starter Templates <= 4.4.9 - Cross-Site Request Forgery LOW *-4.4.9 4.4.10 July 3, 2026
All Embed – Multi-Source Embed Widgets for Elementor all-embed-addons-for-elementor
91
All Embed – Elementor Addons <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.3 1.1.4 July 3, 2026
ajax-filter-posts ajax-filter-posts
95
Post Grid Master <= 3.4.12 - Authenticated (Contributor+) Local File Inclusion LOW *-3.4.12 3.4.13 July 3, 2026
advanced-notifications advanced-notifications
97
Advanced Notifications <= 1.2.7 - Missing Authorization LOW *-1.2.7 1.2.8 July 3, 2026
admin-site-enhancements-pro admin-site-enhancements-pro
97
Admin and Site Enhancements (ASE) Pro <= 7.6.1.1 - Missing Authorization LOW *-7.6.1.1 7.6.3 July 3, 2026
admin-site-enhancements admin-site-enhancements
97
Admin and Site Enhancements (ASE) <= 7.6.2 - Missing Authorization LOW *-7.6.2 7.6.3 July 3, 2026
abc-notation abc-notation
93
ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.1.3 July 3, 2026
a4-barcode-generator a4-barcode-generator
97
Print Barcode Labels for your WooCommerce products/orders <= 3.4.10 - Missing Authorization LOW *-3.4.10 3.4.11 July 3, 2026
12-step-meeting-list 12-step-meeting-list
97
12 Step Meeting List <= 3.16.5 - Unauthenticated Sensitive Information Exposure LOW *-3.16.5 3.16.6 July 3, 2026
12-step-meeting-list 12-step-meeting-list
97
12 Step Meeting List <= 3.16.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion LOW *-3.16.5 3.16.6 July 3, 2026
post-grid-carousel-ultimate post-grid-carousel-ultimate N/A Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() LOW *-1.6.10 1.7 July 3, 2026
affiliate-toolkit-starter affiliate-toolkit-starter
95
affiliate-toolkit – WP Affiliate Plugin with Amazon <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.7.0 3.7.1 July 3, 2026
bmlt-meeting-map bmlt-meeting-map
91
BMLT Meeting Map <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.1 July 3, 2026
automate-hub-free-by-sperse-io automate-hub-free-by-sperse-io
89
Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status Update LOW *-1.7.0 July 3, 2026
wp-user-avatar wp-user-avatar N/A Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.19 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.15.19 4.15.20 July 3, 2026
wp-user-avatar wp-user-avatar N/A Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.19 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.15.19 4.15.20 July 3, 2026
wp-user-avatar wp-user-avatar N/A Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.19 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-4.15.19 4.15.20 July 3, 2026
wp-ulike wp-ulike N/A WP ULike <= 4.7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.7.5 4.7.6 July 3, 2026
wp-google-street-view wp-google-street-view N/A WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.3 1.1.4 July 3, 2026
simple-gallery-with-filter simple-gallery-with-filter N/A Simple Gallery with Filter <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 2.1 July 3, 2026
simple-downloads-list simple-downloads-list N/A Simple Downloads List <= 1.4.2 - Authenticated (Contributor+) SQL Injection LOW *-1.4.2 1.4.3 July 3, 2026
sastra-essential-addons-for-elementor sastra-essential-addons-for-elementor N/A Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spexo Theme Install LOW *-1.0.14 1.0.15 July 3, 2026
rometheme-for-elementor rometheme-for-elementor N/A RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates LOW *-1.5.2 1.5.3 July 3, 2026
Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates responsive-addons-for-elementor N/A Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.4 1.6.5 July 3, 2026
precious-metals-chart-and-widgets precious-metals-chart-and-widgets N/A Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cross-site Scripting LOW *-1.2.8 1.2.9 July 3, 2026
post-grid-carousel-ultimate post-grid-carousel-ultimate N/A Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion LOW *-1.6.10 1.7 July 3, 2026
listamester listamester
93
Listamester <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.4 2.3.5 July 3, 2026
cp-easy-form-builder cp-easy-form-builder
93
Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection LOW *-1.2.41 1.2.42 July 3, 2026
chalet-montagne-com-tools chalet-montagne-com-tools
91
Chalet-Montagne.com Tools <= 2.7.8 - Reflected Cross-Site Scripting LOW *-2.7.8 July 3, 2026
bp-activity-plus-reloaded bp-activity-plus-reloaded
89
Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery LOW *-1.1.1 1.1.2 July 3, 2026
LOW

radius-blocks

radius-blocks

Score: N/A Radius Blocks <= 2.1.2 - Cross-Site Request Forgery Affected: *-2.1.2 Patched: 2.2.0 Updated: July 3, 2026
LOW

print-invoices-packing-slip-labels-for-woocommerce

print-invoices-packing-slip-labels-for-woocommerce

Score: N/A WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.7.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting Affected: *-4.7.1 Patched: 4.7.2 Updated: July 3, 2026
LOW

post-duplicator

post-duplicator

Score: N/A Post Duplicator <= 2.35 - Missing Authorization Affected: *-2.35 Patched: 2.36 Updated: July 3, 2026
LOW

popup-box

popup-box

Score: N/A Popup Box <= 3.2.4 - Cross-Site Request Forgery Affected: *-3.2.4 Patched: 3.2.5 Updated: July 3, 2026
LOW

Plethora Plugins Tabs + Accordions

plethora-tabs-accordions

Score: 98/100 Plethora Plugins Tabs + Accordions <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.5 Patched: 1.2.1 Updated: July 3, 2026
LOW

people-lists

people-lists

Score: N/A People Lists <= 1.3.10 - Missing Authorization Affected: *-1.3.10 Patched: 2.0.0 Updated: July 3, 2026
LOW

pdf-for-woocommerce

pdf-for-woocommerce

Score: N/A PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.6.0 Patched: 4.7.0 Updated: July 3, 2026
LOW

paytium

paytium

Score: N/A Paytium <= 4.4.11 - Unauthenticated Full Path Disclosure Affected: *-4.4.11 Patched: 4.4.12 Updated: July 3, 2026
LOW

patreon-connect

patreon-connect

Score: N/A Patreon WordPress <= 1.9.1 - Missing Authorization Affected: *-1.9.1 Patched: 1.9.2 Updated: July 3, 2026
LOW

pagelayer

pagelayer

Score: 93/100 PageLayer <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.4 Patched: 1.9.5 Updated: July 3, 2026
LOW

orbisius-simple-notice

orbisius-simple-notice

Score: 93/100 Orbisius Simple Notice <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: 1.1.4 Updated: July 3, 2026
LOW

ninja-gdpr-compliance

ninja-gdpr-compliance

Score: 93/100 GDPR CCPA Compliance Support <= 2.7.1 - Missing Authorization Affected: *-2.7.1 Patched: 2.7.2 Updated: July 3, 2026
LOW

mwp-herd-effect

mwp-herd-effect

Score: 93/100 Herd Effects <= 6.2.1 - Cross-Site Request Forgery to Settings Update Affected: *-6.2.1 Patched: 6.2.2 Updated: July 3, 2026
LOW

modal-window

modal-window

Score: 93/100 Modal Window <= 6.1.4 - Cross-Site Request Forgery to Settings Ipdate Affected: *-6.1.4 Patched: 6.1.5 Updated: July 3, 2026
LOW

magic-the-gathering-card-tooltips

magic-the-gathering-card-tooltips

Score: 93/100 Magic the Gathering Card Tooltips <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.0 Patched: 3.5.0 Updated: July 3, 2026
LOW

machform-shortcode

machform-shortcode

Score: 93/100 MachForm Shortcode <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.1 Patched: 1.5.0 Updated: July 3, 2026
LOW

local-sync

local-sync

Score: 93/100 WP Duplicate – WordPress Migration Plugin <= 1.1.6 - Missing Authorization Affected: *-1.1.6 Patched: 1.1.7 Updated: July 3, 2026
LOW

listamester

listamester

Score: 93/100 Listamester <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.4 Patched: 2.3.5 Updated: July 3, 2026
LOW

linet-erp-woocommerce-integration

linet-erp-woocommerce-integration

Score: 93/100 Linet ERP-Woocommerce Integration <= 3.5.7 - Cross-Site Request Forgery Affected: *-3.5.7 Patched: 3.5.8 Updated: July 3, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress <= 4.2.7.1 - Authenticated (Subscriber+) Open Redirect Affected: *-4.2.7.1 Patched: 4.2.7.2 Updated: July 3, 2026
LOW

ketchup-shortcodes-pack

ketchup-shortcodes-pack

Score: 93/100 Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.2 Patched: 0.2.1 Updated: July 3, 2026
LOW

kbucket

kbucket

Score: 93/100 KBucket <= 4.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.1.6 Patched: 4.2.2 Updated: July 3, 2026
LOW

kb-support

kb-support

Score: 91/100 KB Support <= 1.6.7 - Unauthenticated Open Redirect Affected: *-1.6.7 Patched: 1.6.8 Updated: July 3, 2026
LOW

jsm-show-post-meta

jsm-show-post-meta

Score: 93/100 JSM Show Post Metadata <= 4.6.0 - Missing Authorization Affected: *-4.6.0 Patched: 4.6.1 Updated: July 3, 2026
LOW

job-board-manager

job-board-manager

Score: 83/100 Job Board Manager <= 2.1.59 - Cross-Site Request Forgery Affected: *-2.1.59 Patched: 2.1.60 Updated: July 3, 2026
LOW

jc-importer

jc-importer

Score: 93/100 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Affected: *-2.14.5 Patched: 2.14.6 Updated: July 3, 2026
LOW

ip2location-country-blocker

ip2location-country-blocker

Score: 93/100 Download IP2Location Country Blocker <= 2.38.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.38.3 Patched: 2.38.4 Updated: July 3, 2026
LOW

icegram

icegram

Score: 93/100 Icegram <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.31 Patched: 3.1.32 Updated: July 3, 2026
LOW

ht-contactform

ht-contactform

Score: 93/100 HT Conctact Form 7 <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: July 3, 2026
LOW

helloasso

helloasso

Score: 93/100 HelloAsso <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.11 Patched: 1.1.12 Updated: July 3, 2026
LOW

google-analytics-dashboard-for-wp

google-analytics-dashboard-for-wp

Score: 93/100 ExactMetrics <= 8.1.0 - Missing Authorization Affected: *-8.1.0 Patched: 8.2.0 Updated: July 3, 2026
LOW

gmap-embed

gmap-embed

Score: 93/100 Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Markers Affected: *-1.9.3 Patched: 1.9.4 Updated: July 3, 2026
LOW

gmap-embed

gmap-embed

Score: 93/100 Maps Plugin using Google Maps for WordPress – WP Google Map <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.9.3 Patched: 1.9.4 Updated: July 3, 2026
LOW

fulltext-search

fulltext-search

Score: 93/100 WP Fast Total Search <= 1.78.258 - Missing Authorization Affected: *-1.78.258 Patched: 1.79.262 Updated: July 3, 2026
LOW

fulltext-search

fulltext-search

Score: 93/100 WP Fast Total Search <= 1.78.258 - Cross-Site Request Forgery Affected: *-1.78.258 Patched: 1.79.262 Updated: July 3, 2026
LOW

faq-builder-ays

faq-builder-ays

Score: 93/100 FAQ Builder AYS <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.3 Patched: 1.7.4 Updated: July 3, 2026
LOW

extensions-for-cf7

extensions-for-cf7

Score: 93/100 Extensions For CF7 <= 3.2.0 - Authenticated (Admin+) Sever-Side Request Forgery Affected: *-3.2.0 Patched: 3.2.1 Updated: July 3, 2026
LOW

event-post

event-post

Score: 91/100 Event post <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.9.7 Patched: 5.9.8 Updated: July 3, 2026
LOW

essential-real-estate

essential-real-estate

Score: 87/100 Essential Real Estate <= 5.1.8 - Cross-Site Request Forgery Affected: *-5.1.8 Patched: 5.1.9 Updated: July 3, 2026
LOW

email-subscribe

email-subscribe

Score: 93/100 Email Subscription Popup <= 1.2.23 - Authenticated (Administrator+) SQL Injection Affected: *-1.2.23 Patched: 1.2.24 Updated: July 3, 2026
LOW

elementinvader-addons-for-elementor

elementinvader-addons-for-elementor

Score: 93/100 ElementInvader Addons for Elementor <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: 1.3.4 Updated: July 3, 2026
LOW

elementinvader-addons-for-elementor

elementinvader-addons-for-elementor

Score: 93/100 ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization Affected: *-1.3.1 Patched: 1.3.2 Updated: July 3, 2026
LOW

elementinvader-addons-for-elementor

elementinvader-addons-for-elementor

Score: 93/100 ElementInvader Addons for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: July 3, 2026
LOW

easy-youtube-gallery

easy-youtube-gallery

Score: 93/100 Easy YouTube Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: 1.0.5 Updated: July 3, 2026
LOW

dc-woocommerce-multi-vendor

dc-woocommerce-multi-vendor

Score: 93/100 WC Marketplace <= 4.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.13 Patched: 4.2.14 Updated: July 3, 2026
LOW

create-with-code

create-with-code

Score: 93/100 Create with Code <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: July 3, 2026
LOW

cp-easy-form-builder

cp-easy-form-builder

Score: 93/100 Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection Affected: *-1.2.41 Patched: 1.2.42 Updated: July 3, 2026
LOW

counter-box

counter-box

Score: 93/100 Counter Box <= 2.0.5 - Cross-Site Request Forgery Affected: *-2.0.5 Patched: 2.0.6 Updated: July 3, 2026
LOW

contact-form-to-email

contact-form-to-email

Score: 93/100 Contact Form Email <= 1.3.52 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.52 Patched: 1.3.53 Updated: July 3, 2026
LOW

coblocks

coblocks

Score: 93/100 CoBlocks <= 3.1.13 - Missing Authorization Affected: *-3.1.13 Patched: 3.1.14 Updated: July 3, 2026
LOW

chained-quiz

chained-quiz

Score: 93/100 Chained Quiz <= 1.3.2.9 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-1.3.2.9 Patched: 1.3.3 Updated: July 3, 2026
LOW

call-now-button

call-now-button

Score: 93/100 Call Now Button <= 1.4.13 - Cross-Site Request Forgery Affected: *-1.4.13 Patched: 1.4.14 Updated: July 3, 2026
LOW

caching-compatible-cookie-optin-and-javascript

caching-compatible-cookie-optin-and-javascript

Score: 93/100 Caching Compatible Cookie Opt-In and JavaScript <= 0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.0.10 Patched: 0.0.11 Updated: July 3, 2026
LOW

button-generation

button-generation

Score: 93/100 Button Generator – easily Button Builder <= 3.1.1 - Cross-Site Request Forgery Affected: *-3.1.1 Patched: 3.1.2 Updated: July 3, 2026
LOW

build-private-store-for-woocommerce

build-private-store-for-woocommerce

Score: 93/100 Build Private Store For Woocommerce <= 1.0 - Missing Authorization Affected: *-1.0 Patched: 1.1 Updated: July 3, 2026
LOW

bug-library

bug-library

Score: 93/100 Bug Library <= 2.1.4 - Authenticated (Contributor+) SQL Injection Affected: *-2.1.4 Patched: 2.1.5 Updated: July 3, 2026
LOW

bubble-menu

bubble-menu

Score: 93/100 Bubble Menu – circle floating menu <= 4.0.2 - Cross-Site Request Forgery Affected: *-4.0.2 Patched: 4.0.3 Updated: July 3, 2026
LOW

bridge-core

bridge-core

Score: 93/100 Bridge Core <= 3.3 - Missing Authorization Affected: *-3.3 Patched: 3.3.1 Updated: July 3, 2026
LOW

boom-fest

boom-fest

Score: 93/100 Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update Affected: *-2.2.1 Patched: 2.2.2 Updated: July 3, 2026
LOW

bookingpress-appointment-booking

bookingpress-appointment-booking

Score: 93/100 BookingPress <= 1.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.25 Patched: 1.1.26 Updated: July 3, 2026
LOW

booking-calendar-contact-form

booking-calendar-contact-form

Score: 93/100 Booking Calendar Contact Form <= 1.2.55 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.55 Patched: 1.2.56 Updated: July 3, 2026
LOW

blur-text

blur-text

Score: 93/100 Blur Text <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: 2.0.0 Updated: July 3, 2026
LOW

auction-nudge

auction-nudge

Score: 93/100 Auction Nudge – Your eBay on Your Site <= 7.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-7.2.0 Patched: 7.2.1 Updated: July 3, 2026
LOW

attire-blocks

attire-blocks

Score: 93/100 Attire Blocks <= 1.9.6 - Cross-Site Request Forgery Affected: *-1.9.6 Patched: 1.9.7 Updated: July 3, 2026
LOW

atarim-visual-collaboration

atarim-visual-collaboration

Score: 93/100 Atarim <= 4.0.8 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.0.8 Patched: 4.0.9 Updated: July 3, 2026
LOW

astra-sites

astra-sites

Score: 93/100 Starter Templates <= 4.4.9 - Cross-Site Request Forgery Affected: *-4.4.9 Patched: 4.4.10 Updated: July 3, 2026
LOW

ajax-filter-posts

ajax-filter-posts

Score: 95/100 Post Grid Master <= 3.4.12 - Authenticated (Contributor+) Local File Inclusion Affected: *-3.4.12 Patched: 3.4.13 Updated: July 3, 2026
LOW

advanced-notifications

advanced-notifications

Score: 97/100 Advanced Notifications <= 1.2.7 - Missing Authorization Affected: *-1.2.7 Patched: 1.2.8 Updated: July 3, 2026
LOW

admin-site-enhancements-pro

admin-site-enhancements-pro

Score: 97/100 Admin and Site Enhancements (ASE) Pro <= 7.6.1.1 - Missing Authorization Affected: *-7.6.1.1 Patched: 7.6.3 Updated: July 3, 2026
LOW

admin-site-enhancements

admin-site-enhancements

Score: 97/100 Admin and Site Enhancements (ASE) <= 7.6.2 - Missing Authorization Affected: *-7.6.2 Patched: 7.6.3 Updated: July 3, 2026
LOW

abc-notation

abc-notation

Score: 93/100 ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.1.3 Patched: Updated: July 3, 2026
LOW

a4-barcode-generator

a4-barcode-generator

Score: 97/100 Print Barcode Labels for your WooCommerce products/orders <= 3.4.10 - Missing Authorization Affected: *-3.4.10 Patched: 3.4.11 Updated: July 3, 2026
LOW

12-step-meeting-list

12-step-meeting-list

Score: 97/100 12 Step Meeting List <= 3.16.5 - Unauthenticated Sensitive Information Exposure Affected: *-3.16.5 Patched: 3.16.6 Updated: July 3, 2026
LOW

12-step-meeting-list

12-step-meeting-list

Score: 97/100 12 Step Meeting List <= 3.16.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion Affected: *-3.16.5 Patched: 3.16.6 Updated: July 3, 2026
LOW

post-grid-carousel-ultimate

post-grid-carousel-ultimate

Score: N/A Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() Affected: *-1.6.10 Patched: 1.7 Updated: July 3, 2026
LOW

affiliate-toolkit-starter

affiliate-toolkit-starter

Score: 95/100 affiliate-toolkit – WP Affiliate Plugin with Amazon <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.7.0 Patched: 3.7.1 Updated: July 3, 2026
LOW

bmlt-meeting-map

bmlt-meeting-map

Score: 91/100 BMLT Meeting Map <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.1 Patched: Updated: July 3, 2026
LOW

automate-hub-free-by-sperse-io

automate-hub-free-by-sperse-io

Score: 89/100 Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status Update Affected: *-1.7.0 Patched: Updated: July 3, 2026
LOW

wp-user-avatar

wp-user-avatar

Score: N/A Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.19 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.15.19 Patched: 4.15.20 Updated: July 3, 2026
LOW

wp-user-avatar

wp-user-avatar

Score: N/A Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.19 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.15.19 Patched: 4.15.20 Updated: July 3, 2026
LOW

wp-user-avatar

wp-user-avatar

Score: N/A Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.19 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.15.19 Patched: 4.15.20 Updated: July 3, 2026
LOW

wp-ulike

wp-ulike

Score: N/A WP ULike <= 4.7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.7.5 Patched: 4.7.6 Updated: July 3, 2026
LOW

wp-google-street-view

wp-google-street-view

Score: N/A WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: 1.1.4 Updated: July 3, 2026
LOW

simple-gallery-with-filter

simple-gallery-with-filter

Score: N/A Simple Gallery with Filter <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.1 Updated: July 3, 2026
LOW

simple-downloads-list

simple-downloads-list

Score: N/A Simple Downloads List <= 1.4.2 - Authenticated (Contributor+) SQL Injection Affected: *-1.4.2 Patched: 1.4.3 Updated: July 3, 2026
LOW

sastra-essential-addons-for-elementor

sastra-essential-addons-for-elementor

Score: N/A Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spexo Theme Install Affected: *-1.0.14 Patched: 1.0.15 Updated: July 3, 2026
LOW

rometheme-for-elementor

rometheme-for-elementor

Score: N/A RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates Affected: *-1.5.2 Patched: 1.5.3 Updated: July 3, 2026
LOW

precious-metals-chart-and-widgets

precious-metals-chart-and-widgets

Score: N/A Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cross-site Scripting Affected: *-1.2.8 Patched: 1.2.9 Updated: July 3, 2026
LOW

post-grid-carousel-ultimate

post-grid-carousel-ultimate

Score: N/A Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.6.10 Patched: 1.7 Updated: July 3, 2026
LOW

listamester

listamester

Score: 93/100 Listamester <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.4 Patched: 2.3.5 Updated: July 3, 2026
LOW

cp-easy-form-builder

cp-easy-form-builder

Score: 93/100 Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection Affected: *-1.2.41 Patched: 1.2.42 Updated: July 3, 2026
LOW

chalet-montagne-com-tools

chalet-montagne-com-tools

Score: 91/100 Chalet-Montagne.com Tools <= 2.7.8 - Reflected Cross-Site Scripting Affected: *-2.7.8 Patched: Updated: July 3, 2026
LOW

bp-activity-plus-reloaded

bp-activity-plus-reloaded

Score: 89/100 Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery Affected: *-1.1.1 Patched: 1.1.2 Updated: July 3, 2026

Showing 12701 to 12800 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 3, 2026 at 19:38 UTC.