Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36406Across tracked plugins
Affected Plugins
90With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| seo-blogger-to-wordpress-301-redirector | seo-blogger-to-wordpress-301-redirector | N/A | SEO Blogger to WordPress Migration using 301 Redirection <= 0.4.8 - Reflected Cross-Site Scripting | LOW | *-0.4.8 | July 4, 2026 | ||
| The Events Calendar | the-events-calendar | N/A | The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-6.9.0 | 6.9.1 | July 4, 2026 | |
| cliptakes | cliptakes |
93
|
Cliptakes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.3.4 | 1.3.5 | July 4, 2026 | |
| wp-meta-data-filter-and-taxonomy-filter | wp-meta-data-filter-and-taxonomy-filter | N/A | MDTF – Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.3.3.6 | 1.3.3.7 | July 4, 2026 | |
| th-variation-swatches | th-variation-swatches | N/A | Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset | LOW | 1.0.8-1.3.2 | 1.3.3 | July 4, 2026 | |
| fusion-builder | fusion-builder |
93
|
Avada Builder <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets | LOW | *-3.11.11 | 3.11.12 | July 4, 2026 | |
| wp-panoramio | wp-panoramio | N/A | WP Panoramio <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-1.5.0 | July 4, 2026 | ||
| woo-product-tables | woo-product-tables | N/A | Product Table by WBW <= 2.1.2 - Unuthenticated SQL Injection | LOW | *-2.1.2 | 2.1.3 | July 4, 2026 | |
| videowhisper-live-streaming-integration | videowhisper-live-streaming-integration | N/A | Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-6.1.9 | 6.1.10 | July 4, 2026 | |
| toocheke-companion | toocheke-companion | N/A | Toocheke Companion <= 1.166 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.166 | 1.167 | July 4, 2026 | |
| tainacan | tainacan | N/A | Tainacan <= 0.21.12 - Authenticated (Subscriber+) SQL Injection | LOW | *-0.21.12 | 0.21.13 | July 4, 2026 | |
| bmlt-meeting-map | bmlt-meeting-map |
91
|
BMLT Meeting Map <= 2.6.0 - Authenticated (Contributor+) Local File Inclusion | LOW | *-2.6.0 | 2.6.1 | July 4, 2026 | |
| Prime Slider Addons for Elementor | bdthemes-prime-slider-lite |
88
|
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.16.5 | 3.16.6 | July 4, 2026 | |
| gamipress | gamipress |
93
|
GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function | LOW | *-7.2.1 | 7.2.2 | July 4, 2026 | |
| gamipress | gamipress |
93
|
GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function | LOW | *-7.2.1 | 7.2.2 | July 4, 2026 | |
| gamipress | gamipress |
93
|
GamiPress <= 7.3.1 - Unauthenticated SQL Injection via orderby Parameter | LOW | *-7.3.1 | 7.3.2 | July 4, 2026 | |
| WP Hotel Booking | wp-hotel-booking | N/A | WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval | LOW | *-2.1.6 | 2.1.7 | July 4, 2026 | |
| ketchup-shortcodes-pack | ketchup-shortcodes-pack |
93
|
Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-0.1.2 | 0.2.1 | July 4, 2026 | |
| wp-polls | wp-polls | N/A | WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting | LOW | *-2.77.2 | 2.77.3 | July 4, 2026 | |
| zarinpal-paid-downloads | zarinpal-paid-downloads | N/A | Zarinpal Paid Downloads <= 2.3 - Authenticated (Admin+) Arbitrary File Upload | LOW | *-2.3 | July 4, 2026 | ||
| zarinpal-paid-downloads | zarinpal-paid-downloads | N/A | Zarinpal Paid Downloads <= 2.3 - Reflected Cross-Site Scripting | LOW | *-2.3 | July 4, 2026 | ||
| xml-for-google-merchant-center | xml-for-google-merchant-center | N/A | XML for Google Merchant Center <= 3.0.11 - Reflected Cross-Site Scripting | LOW | *-3.0.11 | 3.0.12 | July 4, 2026 | |
| wpbot-pro | wpbot-pro | N/A | WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload | LOW | *-13.5.4 | 13.5.6 | July 4, 2026 | |
| wpbot-pro | wpbot-pro | N/A | WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation | LOW | *-13.5.5 | 13.5.6 | July 4, 2026 | |
| themify-builder | themify-builder | N/A | Themify Builder <= 7.6.5 - Reflected Cross-Site Scripting | LOW | *-7.6.5 | 7.6.6 | July 4, 2026 | |
| term-taxonomy-converter | term-taxonomy-converter | N/A | Term Taxonomy Converter <= 1.2 - Reflected Cross-Site Scripting | LOW | *-1.2 | 1.2.1 | July 4, 2026 | |
| stray-quotes | stray-quotes | N/A | Stray Random Quotes <= 1.9.9 - Reflected Cross-Site Scripting | LOW | *-1.9.9 | July 4, 2026 | ||
| stackable-ultimate-gutenberg-blocks | stackable-ultimate-gutenberg-blocks | N/A | Stackable – Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.13.11 | 3.13.12 | July 4, 2026 | |
| save-as-pdf-by-pdfcrowd | save-as-pdf-by-pdfcrowd | N/A | Save as PDF Plugin by Pdfcrowd <= 4.4.0 - Unauthenticated PHP Object Injection | LOW | *-4.4.0 | 4.4.1 | July 4, 2026 | |
| picture-gallery | picture-gallery |
93
|
Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.5.19 | 1.5.20 | July 4, 2026 | |
| AI Puffer – Chat. Create. Automate. (formerly AI Power) | gpt3-ai-content-generator |
92
|
AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution | LOW | *-1.8.96 | 1.8.97 | July 4, 2026 | |
| AI Puffer – Chat. Create. Automate. (formerly AI Power) | gpt3-ai-content-generator |
92
|
AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery | LOW | *-1.8.96 | 1.8.97 | July 4, 2026 | |
| AI Puffer – Chat. Create. Automate. (formerly AI Power) | gpt3-ai-content-generator |
92
|
AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts | LOW | *-1.8.96 | 1.8.97 | July 4, 2026 | |
| AI Puffer – Chat. Create. Automate. (formerly AI Power) | gpt3-ai-content-generator |
92
|
AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms | LOW | *-1.8.96 | 1.8.97 | July 4, 2026 | |
| facebook-like-send-button | facebook-like-send-button |
93
|
FireCask Like & Share Button <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter | LOW | *-1.2 | 1.3 | July 4, 2026 | |
| super-socializer | super-socializer | N/A | Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.14 - Unauthenticated Limited SQL Injection via 'SuperSocializerKey' | LOW | *-7.14 | 7.14.1 | July 4, 2026 | |
| wp-greet | wp-greet | N/A | wp-greet <= 6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-6.2 | 6.3 | July 4, 2026 | |
| wp-bibtex | wp-bibtex | N/A | WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting | LOW | *-3.0.1 | 3.0.2 | July 4, 2026 | |
| jet-elements | jet-elements |
93
|
Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | LOW | *-2.7.2.1 | 2.7.3 | July 4, 2026 | |
| 1003-mortgage-application | 1003-mortgage-application |
93
|
1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure | LOW | *-1.87 | July 4, 2026 | ||
| uix-page-builder | uix-page-builder | N/A | Uix Page Builder <= 1.7.4 - Reflected Cross-Site Scripting | LOW | *-1.7.4 | 1.7.5 | July 4, 2026 | |
| tamara-checkout | tamara-checkout | N/A | Tamara Checkout <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.9.9 | 1.9.9.1 | July 4, 2026 | |
| string-locator | string-locator | N/A | String Locator <= 2.6.6 - Unauthenticated PHP Object Injection | LOW | *-2.6.6 | 2.6.7 | July 4, 2026 | |
| ppo-call-to-actions | ppo-call-to-actions | N/A | PPO Call To Actions <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-0.1.3 | July 4, 2026 | ||
| postpage-import-export-with-custom-fields-taxonomies | postpage-import-export-with-custom-fields-taxonomies | N/A | Post/Page Copying Tool to Export and Import post/page for Cross site Migration <= 2.0.3 - Authenticated (Contributor+) Arbitrary File Upload | LOW | *-2.0.3 | 2.0.4 | July 4, 2026 | |
| link-library | link-library |
93
|
Link Library <= 7.7.2 - Reflected Cross-Site Scripting | LOW | *-7.7.2 | 7.7.3 | July 4, 2026 | |
| gf-excel-import | gf-excel-import |
93
|
Import Excel to Gravity Forms <= 1.18 - Reflected Cross-Site Scripting | LOW | *-1.18 | 1.18.1 | July 4, 2026 | |
| fundpress | fundpress |
93
|
FundPress <= 2.0.6 - Unauthenticated PHP Object Injection | LOW | *-2.0.6 | 2.0.7 | July 4, 2026 | |
| estatebud-properties-listings | estatebud-properties-listings |
89
|
Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-5.5.0 | July 4, 2026 | ||
| empty-tags-remover | empty-tags-remover |
93
|
Empty Tags Remover <= 1.0 - Reflected Cross-Site Scripting | LOW | *-1.0 | 1.1.0 | July 4, 2026 | |
| ecab-taxi-booking-manager | ecab-taxi-booking-manager |
93
|
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab <= 1.1.8 - Authenticated (Contributor+) PHP Object Injection | LOW | *-1.1.8 | 1.1.9 | July 4, 2026 | |
| easy-real-estate | easy-real-estate |
93
|
Easy Real Estate <= 2.2.9- Unauthenticated Privilege Escalation | LOW | *-2.2.9 | 2.3.0 | July 4, 2026 | |
| bp-email-assign-templates | bp-email-assign-templates |
93
|
BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting | LOW | *-1.5 | 1.6 | July 4, 2026 | |
| atarim-visual-collaboration | atarim-visual-collaboration |
93
|
Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion | LOW | *-4.0.9 | 4.1.0 | July 4, 2026 | |
| anyguide | anyguide |
95
|
AnyRoad <= 1.3.2 - Cross-Site Request Forgery | LOW | *-1.3.2 | July 4, 2026 | ||
| adirectory | adirectory |
97
|
aDirectory – WordPress Directory Listing Plugin <= 1.6.5 - Unauthenticated PHP Object Injection | LOW | *-1.6.5 | 1.9 | July 4, 2026 | |
| wp-all-import-pro | wp-all-import-pro | N/A | WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload | LOW | *-4.9.7 | 4.9.8 | July 4, 2026 | |
| wp-query-creator | wp-query-creator | N/A | WP Query Creator <= 1.0 - Reflected Cross-Site Scripting | LOW | *-1.0 | July 4, 2026 | ||
| weaver-themes-shortcode-compatibility | weaver-themes-shortcode-compatibility | N/A | Weaver Themes Shortcode Compatibility <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.4 | July 4, 2026 | ||
| sponsered-link | sponsered-link | N/A | Sponsered Link <= 4.0 - Reflected Cross-Site Scripting | LOW | *-4.0 | 6.0 | July 4, 2026 | |
| small-package-quotes-wwe-edition | small-package-quotes-wwe-edition | N/A | Small Package Quotes – Worldwide Express Edition <= 5.2.17 - Unauthenticated SQL Injection | LOW | *-5.2.17 | 5.2.18 | July 4, 2026 | |
| small-package-quotes-unishippers-edition | small-package-quotes-unishippers-edition | N/A | Small Package Quotes – Unishippers Edition <= 2.4.8 - Unauthenticated SQL Injection | LOW | *-2.4.8 | 2.4.9 | July 4, 2026 | |
| Simple Membership Custom Messages | simple-membership-custom-messages | N/A | Simple Membership Custom Messages <= 2.4 - Reflected Cross-Site Scripting | LOW | *-2.4 | 2.5 | July 4, 2026 | |
| related-post-shortcode | related-post-shortcode | N/A | Related Post Shortcode <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.2 | July 4, 2026 | ||
| ltl-freight-quotes-worldwide-express-edition | ltl-freight-quotes-worldwide-express-edition |
93
|
LTL Freight Quotes – Worldwide Express Edition <= 5.0.20 - Unauthenticated SQL Injection | LOW | *-5.0.20 | 5.0.21 | July 4, 2026 | |
| emi-calculator | emi-calculator |
91
|
EMI Calculator <= 1.1 - Missing Authorization to Unauthenticated Settings Change | LOW | *-1.1 | July 4, 2026 | ||
| bonjour-bar | bonjour-bar |
91
|
Bonjour Bar <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.0.0 | July 4, 2026 | ||
| agecheckernet | agecheckernet |
95
|
Age Verification for your checkout page. Verify your customer's identity <= 1.20.0 - Reflected Cross-Site Scripting | LOW | 1.20.0 | July 4, 2026 | ||
| WP Extended – The Ultimate WordPress Toolkit | wpextended | N/A | The Ultimate WordPress Toolkit – WP Extended <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module | LOW | *-3.0.12 | 3.0.13 | July 4, 2026 | |
| utilities-for-mtg | utilities-for-mtg | N/A | Utilities for MTG <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.4.1 | July 4, 2026 | ||
| webcamconsult | webcamconsult | N/A | Webcamconsult <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-1.5.0 | 1.6.0 | July 4, 2026 | |
| jet-engine | jet-engine |
93
|
Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter | LOW | *-3.6.2 | 3.6.3 | July 4, 2026 | |
| picture-gallery | picture-gallery |
93
|
Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode | LOW | *-1.5.22 | 1.5.23 | July 4, 2026 | |
| wp-abstracts-manuscripts-manager | wp-abstracts-manuscripts-manager | N/A | WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | LOW | *-2.7.2 | 2.7.3 | July 4, 2026 | |
| Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | ultimate-member | N/A | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure | LOW | *-2.9.1 | 2.9.2 | July 4, 2026 | |
| Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | ultimate-member | N/A | Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection | LOW | *-2.9.1 | 2.9.2 | July 4, 2026 | |
| wpsyncsheets-elementor | wpsyncsheets-elementor | N/A | WPSyncSheets Lite For Elementor – Elementor Pro Form Google Spreadsheet Addon <= 1.4 - Running Vulnerable Dependencies | LOW | *-1.4 | 1.4.1 | July 4, 2026 | |
| video-share-vod | video-share-vod | N/A | Video Share VOD – Turnkey Video Site Builder Script <= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.6.31 | 2.6.32 | July 4, 2026 | |
| simplepress | simplepress | N/A | Simple:Press Forum <= 6.10.10 - Reflected Cross-Site Scripting via msearch | LOW | *-6.10.10 | 6.10.11 | July 4, 2026 | |
| shipworks-e-commerce-bridge | shipworks-e-commerce-bridge | N/A | ShipWorks Connector for Woocommerce <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update | LOW | *-5.2.5 | 5.2.6 | July 4, 2026 | |
| screenshot-machine-shortcode | screenshot-machine-shortcode | N/A | JSM Screenshot Machine Shortcode <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.3.0 | 3.0.0 | July 4, 2026 | |
| rate-star-review | rate-star-review | N/A | Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.6.3 | 1.6.4 | July 4, 2026 | |
| podlove-podcasting-plugin-for-wordpress | podlove-podcasting-plugin-for-wordpress |
93
|
Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name | LOW | *-4.1.25 | 4.2.0 | July 4, 2026 | |
| paid-membership | paid-membership |
93
|
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.9.29 | 2.9.30 | July 4, 2026 | |
| marketking-multivendor-marketplace-for-woocommerce | marketking-multivendor-marketplace-for-woocommerce |
93
|
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 1.9.80 - Authenticated (Shop Manager+) Stored Cross-Site Scripting | LOW | *-1.9.80 | 2.0.0 | July 4, 2026 | |
| legull | legull |
91
|
Legull <= 1.2.2 - Reflected Cross-Site Scripting | LOW | *-1.2.2 | July 4, 2026 | ||
| kubio | kubio |
93
|
Kubio AI Page Builder <= 2.3.5 - Reflected Cross-Site Scripting | LOW | *-2.3.5 | 2.4.0 | July 4, 2026 | |
| infunding | infunding |
91
|
InFunding – Plugin for Charity & Crowdfunding Website <= 1.0 - Reflected Cross-Site Scripting | LOW | *-1.0 | July 4, 2026 | ||
| Image Source Control Lite – Show Image Credits and Captions | image-source-control-isc |
89
|
Image Source Control Lite – Show Image Credits and Captions <= 2.28.0 - Reflected Cross-Site Scripting | LOW | *-2.28.0 | 2.28.1 | July 4, 2026 | |
| history-timeline | history-timeline |
91
|
History timeline <= 0.7.2 - Reflected Cross-Site Scripting | LOW | *-0.7.2 | July 4, 2026 | ||
| guten-free-options | guten-free-options |
89
|
Guten Free Options <= 0.9.5 - Reflected Cross-Site Scripting | LOW | *-0.9.5 | July 4, 2026 | ||
| evergreen-content-poster | evergreen-content-poster |
93
|
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion | LOW | *-1.4.4 | 1.4.5 | July 4, 2026 | |
| Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | everest-forms |
68
|
Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-3.0.8 | 3.0.8.1 | July 4, 2026 | |
| Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | easy-digital-downloads |
78
|
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title | LOW | *-3.3.2 | 3.3.3 | July 4, 2026 | |
| Download Manager | download-manager |
63
|
Download Manager <= 3.3.06 - Unauthenticated Information Disclosure via Unprotected Directory | LOW | *-3.3.06 | 3.3.07 | July 4, 2026 | |
| dh-local-seo | dh-local-seo |
91
|
WordPress Local SEO <= 2.3 - Unauthenticated SQL Injection | LOW | *-2.3 | July 4, 2026 | ||
| az-content-finder | az-content-finder |
91
|
AZ Content Finder <= 0.1 - Reflected Cross-Site Scripting | LOW | *-0.1 | July 4, 2026 | ||
| WP Hotel Booking | wp-hotel-booking | N/A | WP Hotel Booking <= 2.1.5 - Missing Authorization | LOW | *-2.1.5 | 2.1.6 | July 4, 2026 | |
| proofreading | proofreading | N/A | Proofreading <= 1.2.1.1 - Reflected Cross-Site Scripting | LOW | *-1.2.1.1 | 1.2.2 | July 4, 2026 | |
| sandbox | sandbox | N/A | Sandbox <= 0.4 - Missing Authorization to Authenticated (Subscriber+) Sandbox Download | LOW | *-0.4 | July 4, 2026 |
seo-blogger-to-wordpress-301-redirector
seo-blogger-to-wordpress-301-redirector
The Events Calendar
the-events-calendar
cliptakes
cliptakes
wp-meta-data-filter-and-taxonomy-filter
wp-meta-data-filter-and-taxonomy-filter
th-variation-swatches
th-variation-swatches
fusion-builder
fusion-builder
wp-panoramio
wp-panoramio
woo-product-tables
woo-product-tables
videowhisper-live-streaming-integration
videowhisper-live-streaming-integration
toocheke-companion
toocheke-companion
tainacan
tainacan
bmlt-meeting-map
bmlt-meeting-map
Prime Slider Addons for Elementor
bdthemes-prime-slider-lite
gamipress
gamipress
gamipress
gamipress
gamipress
gamipress
WP Hotel Booking
wp-hotel-booking
ketchup-shortcodes-pack
ketchup-shortcodes-pack
wp-polls
wp-polls
zarinpal-paid-downloads
zarinpal-paid-downloads
zarinpal-paid-downloads
zarinpal-paid-downloads
xml-for-google-merchant-center
xml-for-google-merchant-center
wpbot-pro
wpbot-pro
wpbot-pro
wpbot-pro
themify-builder
themify-builder
term-taxonomy-converter
term-taxonomy-converter
stray-quotes
stray-quotes
stackable-ultimate-gutenberg-blocks
stackable-ultimate-gutenberg-blocks
save-as-pdf-by-pdfcrowd
save-as-pdf-by-pdfcrowd
picture-gallery
picture-gallery
AI Puffer – Chat. Create. Automate. (formerly AI Power)
gpt3-ai-content-generator
AI Puffer – Chat. Create. Automate. (formerly AI Power)
gpt3-ai-content-generator
AI Puffer – Chat. Create. Automate. (formerly AI Power)
gpt3-ai-content-generator
AI Puffer – Chat. Create. Automate. (formerly AI Power)
gpt3-ai-content-generator
facebook-like-send-button
facebook-like-send-button
super-socializer
super-socializer
wp-greet
wp-greet
wp-bibtex
wp-bibtex
jet-elements
jet-elements
1003-mortgage-application
1003-mortgage-application
uix-page-builder
uix-page-builder
tamara-checkout
tamara-checkout
string-locator
string-locator
ppo-call-to-actions
ppo-call-to-actions
postpage-import-export-with-custom-fields-taxonomies
postpage-import-export-with-custom-fields-taxonomies
link-library
link-library
gf-excel-import
gf-excel-import
fundpress
fundpress
estatebud-properties-listings
estatebud-properties-listings
empty-tags-remover
empty-tags-remover
ecab-taxi-booking-manager
ecab-taxi-booking-manager
easy-real-estate
easy-real-estate
bp-email-assign-templates
bp-email-assign-templates
atarim-visual-collaboration
atarim-visual-collaboration
anyguide
anyguide
adirectory
adirectory
wp-all-import-pro
wp-all-import-pro
wp-query-creator
wp-query-creator
weaver-themes-shortcode-compatibility
weaver-themes-shortcode-compatibility
sponsered-link
sponsered-link
small-package-quotes-wwe-edition
small-package-quotes-wwe-edition
small-package-quotes-unishippers-edition
small-package-quotes-unishippers-edition
Simple Membership Custom Messages
simple-membership-custom-messages
related-post-shortcode
related-post-shortcode
ltl-freight-quotes-worldwide-express-edition
ltl-freight-quotes-worldwide-express-edition
emi-calculator
emi-calculator
bonjour-bar
bonjour-bar
agecheckernet
agecheckernet
WP Extended – The Ultimate WordPress Toolkit
wpextended
utilities-for-mtg
utilities-for-mtg
webcamconsult
webcamconsult
jet-engine
jet-engine
picture-gallery
picture-gallery
wp-abstracts-manuscripts-manager
wp-abstracts-manuscripts-manager
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
ultimate-member
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
ultimate-member
wpsyncsheets-elementor
wpsyncsheets-elementor
video-share-vod
video-share-vod
simplepress
simplepress
shipworks-e-commerce-bridge
shipworks-e-commerce-bridge
screenshot-machine-shortcode
screenshot-machine-shortcode
rate-star-review
rate-star-review
podlove-podcasting-plugin-for-wordpress
podlove-podcasting-plugin-for-wordpress
paid-membership
paid-membership
marketking-multivendor-marketplace-for-woocommerce
marketking-multivendor-marketplace-for-woocommerce
legull
legull
kubio
kubio
infunding
infunding
Image Source Control Lite – Show Image Credits and Captions
image-source-control-isc
history-timeline
history-timeline
guten-free-options
guten-free-options
evergreen-content-poster
evergreen-content-poster
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder
everest-forms
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
easy-digital-downloads
Download Manager
download-manager
dh-local-seo
dh-local-seo
az-content-finder
az-content-finder
WP Hotel Booking
wp-hotel-booking
proofreading
proofreading
sandbox
sandbox
Showing 12801 to 12900 of 36406 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 4, 2026 at 22:22 UTC.