Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

90

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
seo-blogger-to-wordpress-301-redirector seo-blogger-to-wordpress-301-redirector N/A SEO Blogger to WordPress Migration using 301 Redirection <= 0.4.8 - Reflected Cross-Site Scripting LOW *-0.4.8 July 4, 2026
The Events Calendar the-events-calendar N/A The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.9.0 6.9.1 July 4, 2026
cliptakes cliptakes
93
Cliptakes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.4 1.3.5 July 4, 2026
wp-meta-data-filter-and-taxonomy-filter wp-meta-data-filter-and-taxonomy-filter N/A MDTF – Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.3.6 1.3.3.7 July 4, 2026
th-variation-swatches th-variation-swatches N/A Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset LOW 1.0.8-1.3.2 1.3.3 July 4, 2026
fusion-builder fusion-builder
93
Avada Builder <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets LOW *-3.11.11 3.11.12 July 4, 2026
wp-panoramio wp-panoramio N/A WP Panoramio <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5.0 July 4, 2026
woo-product-tables woo-product-tables N/A Product Table by WBW <= 2.1.2 - Unuthenticated SQL Injection LOW *-2.1.2 2.1.3 July 4, 2026
videowhisper-live-streaming-integration videowhisper-live-streaming-integration N/A Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.1.9 6.1.10 July 4, 2026
toocheke-companion toocheke-companion N/A Toocheke Companion <= 1.166 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.166 1.167 July 4, 2026
tainacan tainacan N/A Tainacan <= 0.21.12 - Authenticated (Subscriber+) SQL Injection LOW *-0.21.12 0.21.13 July 4, 2026
bmlt-meeting-map bmlt-meeting-map
91
BMLT Meeting Map <= 2.6.0 - Authenticated (Contributor+) Local File Inclusion LOW *-2.6.0 2.6.1 July 4, 2026
Prime Slider Addons for Elementor bdthemes-prime-slider-lite
88
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.16.5 3.16.6 July 4, 2026
gamipress gamipress
93
GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function LOW *-7.2.1 7.2.2 July 4, 2026
gamipress gamipress
93
GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function LOW *-7.2.1 7.2.2 July 4, 2026
gamipress gamipress
93
GamiPress <= 7.3.1 - Unauthenticated SQL Injection via orderby Parameter LOW *-7.3.1 7.3.2 July 4, 2026
WP Hotel Booking wp-hotel-booking N/A WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval LOW *-2.1.6 2.1.7 July 4, 2026
ketchup-shortcodes-pack ketchup-shortcodes-pack
93
Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1.2 0.2.1 July 4, 2026
wp-polls wp-polls N/A WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting LOW *-2.77.2 2.77.3 July 4, 2026
zarinpal-paid-downloads zarinpal-paid-downloads N/A Zarinpal Paid Downloads <= 2.3 - Authenticated (Admin+) Arbitrary File Upload LOW *-2.3 July 4, 2026
zarinpal-paid-downloads zarinpal-paid-downloads N/A Zarinpal Paid Downloads <= 2.3 - Reflected Cross-Site Scripting LOW *-2.3 July 4, 2026
xml-for-google-merchant-center xml-for-google-merchant-center N/A XML for Google Merchant Center <= 3.0.11 - Reflected Cross-Site Scripting LOW *-3.0.11 3.0.12 July 4, 2026
wpbot-pro wpbot-pro N/A WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload LOW *-13.5.4 13.5.6 July 4, 2026
wpbot-pro wpbot-pro N/A WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation LOW *-13.5.5 13.5.6 July 4, 2026
themify-builder themify-builder N/A Themify Builder <= 7.6.5 - Reflected Cross-Site Scripting LOW *-7.6.5 7.6.6 July 4, 2026
term-taxonomy-converter term-taxonomy-converter N/A Term Taxonomy Converter <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 1.2.1 July 4, 2026
stray-quotes stray-quotes N/A Stray Random Quotes <= 1.9.9 - Reflected Cross-Site Scripting LOW *-1.9.9 July 4, 2026
stackable-ultimate-gutenberg-blocks stackable-ultimate-gutenberg-blocks N/A Stackable – Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.13.11 3.13.12 July 4, 2026
save-as-pdf-by-pdfcrowd save-as-pdf-by-pdfcrowd N/A Save as PDF Plugin by Pdfcrowd <= 4.4.0 - Unauthenticated PHP Object Injection LOW *-4.4.0 4.4.1 July 4, 2026
picture-gallery picture-gallery
93
Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.19 1.5.20 July 4, 2026
AI Puffer – Chat. Create. Automate. (formerly AI Power) gpt3-ai-content-generator
92
AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution LOW *-1.8.96 1.8.97 July 4, 2026
AI Puffer – Chat. Create. Automate. (formerly AI Power) gpt3-ai-content-generator
92
AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery LOW *-1.8.96 1.8.97 July 4, 2026
AI Puffer – Chat. Create. Automate. (formerly AI Power) gpt3-ai-content-generator
92
AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts LOW *-1.8.96 1.8.97 July 4, 2026
AI Puffer – Chat. Create. Automate. (formerly AI Power) gpt3-ai-content-generator
92
AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms LOW *-1.8.96 1.8.97 July 4, 2026
facebook-like-send-button facebook-like-send-button
93
FireCask Like & Share Button <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter LOW *-1.2 1.3 July 4, 2026
super-socializer super-socializer N/A Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.14 - Unauthenticated Limited SQL Injection via 'SuperSocializerKey' LOW *-7.14 7.14.1 July 4, 2026
wp-greet wp-greet N/A wp-greet <= 6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-6.2 6.3 July 4, 2026
wp-bibtex wp-bibtex N/A WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting LOW *-3.0.1 3.0.2 July 4, 2026
jet-elements jet-elements
93
Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets LOW *-2.7.2.1 2.7.3 July 4, 2026
1003-mortgage-application 1003-mortgage-application
93
1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure LOW *-1.87 July 4, 2026
uix-page-builder uix-page-builder N/A Uix Page Builder <= 1.7.4 - Reflected Cross-Site Scripting LOW *-1.7.4 1.7.5 July 4, 2026
tamara-checkout tamara-checkout N/A Tamara Checkout <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.9 1.9.9.1 July 4, 2026
string-locator string-locator N/A String Locator <= 2.6.6 - Unauthenticated PHP Object Injection LOW *-2.6.6 2.6.7 July 4, 2026
ppo-call-to-actions ppo-call-to-actions N/A PPO Call To Actions <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1.3 July 4, 2026
postpage-import-export-with-custom-fields-taxonomies postpage-import-export-with-custom-fields-taxonomies N/A Post/Page Copying Tool to Export and Import post/page for Cross site Migration <= 2.0.3 - Authenticated (Contributor+) Arbitrary File Upload LOW *-2.0.3 2.0.4 July 4, 2026
link-library link-library
93
Link Library <= 7.7.2 - Reflected Cross-Site Scripting LOW *-7.7.2 7.7.3 July 4, 2026
gf-excel-import gf-excel-import
93
Import Excel to Gravity Forms <= 1.18 - Reflected Cross-Site Scripting LOW *-1.18 1.18.1 July 4, 2026
fundpress fundpress
93
FundPress <= 2.0.6 - Unauthenticated PHP Object Injection LOW *-2.0.6 2.0.7 July 4, 2026
estatebud-properties-listings estatebud-properties-listings
89
Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-5.5.0 July 4, 2026
empty-tags-remover empty-tags-remover
93
Empty Tags Remover <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 1.1.0 July 4, 2026
ecab-taxi-booking-manager ecab-taxi-booking-manager
93
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab <= 1.1.8 - Authenticated (Contributor+) PHP Object Injection LOW *-1.1.8 1.1.9 July 4, 2026
easy-real-estate easy-real-estate
93
Easy Real Estate <= 2.2.9- Unauthenticated Privilege Escalation LOW *-2.2.9 2.3.0 July 4, 2026
bp-email-assign-templates bp-email-assign-templates
93
BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting LOW *-1.5 1.6 July 4, 2026
atarim-visual-collaboration atarim-visual-collaboration
93
Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion LOW *-4.0.9 4.1.0 July 4, 2026
anyguide anyguide
95
AnyRoad <= 1.3.2 - Cross-Site Request Forgery LOW *-1.3.2 July 4, 2026
adirectory adirectory
97
aDirectory – WordPress Directory Listing Plugin <= 1.6.5 - Unauthenticated PHP Object Injection LOW *-1.6.5 1.9 July 4, 2026
wp-all-import-pro wp-all-import-pro N/A WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload LOW *-4.9.7 4.9.8 July 4, 2026
wp-query-creator wp-query-creator N/A WP Query Creator <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
weaver-themes-shortcode-compatibility weaver-themes-shortcode-compatibility N/A Weaver Themes Shortcode Compatibility <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 July 4, 2026
sponsered-link sponsered-link N/A Sponsered Link <= 4.0 - Reflected Cross-Site Scripting LOW *-4.0 6.0 July 4, 2026
small-package-quotes-wwe-edition small-package-quotes-wwe-edition N/A Small Package Quotes – Worldwide Express Edition <= 5.2.17 - Unauthenticated SQL Injection LOW *-5.2.17 5.2.18 July 4, 2026
small-package-quotes-unishippers-edition small-package-quotes-unishippers-edition N/A Small Package Quotes – Unishippers Edition <= 2.4.8 - Unauthenticated SQL Injection LOW *-2.4.8 2.4.9 July 4, 2026
Simple Membership Custom Messages simple-membership-custom-messages N/A Simple Membership Custom Messages <= 2.4 - Reflected Cross-Site Scripting LOW *-2.4 2.5 July 4, 2026
related-post-shortcode related-post-shortcode N/A Related Post Shortcode <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2 July 4, 2026
ltl-freight-quotes-worldwide-express-edition ltl-freight-quotes-worldwide-express-edition
93
LTL Freight Quotes – Worldwide Express Edition <= 5.0.20 - Unauthenticated SQL Injection LOW *-5.0.20 5.0.21 July 4, 2026
emi-calculator emi-calculator
91
EMI Calculator <= 1.1 - Missing Authorization to Unauthenticated Settings Change LOW *-1.1 July 4, 2026
bonjour-bar bonjour-bar
91
Bonjour Bar <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.0 July 4, 2026
agecheckernet agecheckernet
95
Age Verification for your checkout page. Verify your customer's identity <= 1.20.0 - Reflected Cross-Site Scripting LOW 1.20.0 July 4, 2026
WP Extended – The Ultimate WordPress Toolkit wpextended N/A The Ultimate WordPress Toolkit – WP Extended <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module LOW *-3.0.12 3.0.13 July 4, 2026
utilities-for-mtg utilities-for-mtg N/A Utilities for MTG <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.1 July 4, 2026
webcamconsult webcamconsult N/A Webcamconsult <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5.0 1.6.0 July 4, 2026
jet-engine jet-engine
93
Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter LOW *-3.6.2 3.6.3 July 4, 2026
picture-gallery picture-gallery
93
Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode LOW *-1.5.22 1.5.23 July 4, 2026
wp-abstracts-manuscripts-manager wp-abstracts-manuscripts-manager N/A WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-2.7.2 2.7.3 July 4, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure LOW *-2.9.1 2.9.2 July 4, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member N/A Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection LOW *-2.9.1 2.9.2 July 4, 2026
wpsyncsheets-elementor wpsyncsheets-elementor N/A WPSyncSheets Lite For Elementor – Elementor Pro Form Google Spreadsheet Addon <= 1.4 - Running Vulnerable Dependencies LOW *-1.4 1.4.1 July 4, 2026
video-share-vod video-share-vod N/A Video Share VOD – Turnkey Video Site Builder Script <= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.31 2.6.32 July 4, 2026
simplepress simplepress N/A Simple:Press Forum <= 6.10.10 - Reflected Cross-Site Scripting via msearch LOW *-6.10.10 6.10.11 July 4, 2026
shipworks-e-commerce-bridge shipworks-e-commerce-bridge N/A ShipWorks Connector for Woocommerce <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update LOW *-5.2.5 5.2.6 July 4, 2026
screenshot-machine-shortcode screenshot-machine-shortcode N/A JSM Screenshot Machine Shortcode <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.0 3.0.0 July 4, 2026
rate-star-review rate-star-review N/A Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.3 1.6.4 July 4, 2026
podlove-podcasting-plugin-for-wordpress podlove-podcasting-plugin-for-wordpress
93
Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name LOW *-4.1.25 4.2.0 July 4, 2026
paid-membership paid-membership
93
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.29 2.9.30 July 4, 2026
marketking-multivendor-marketplace-for-woocommerce marketking-multivendor-marketplace-for-woocommerce
93
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 1.9.80 - Authenticated (Shop Manager+) Stored Cross-Site Scripting LOW *-1.9.80 2.0.0 July 4, 2026
legull legull
91
Legull <= 1.2.2 - Reflected Cross-Site Scripting LOW *-1.2.2 July 4, 2026
kubio kubio
93
Kubio AI Page Builder <= 2.3.5 - Reflected Cross-Site Scripting LOW *-2.3.5 2.4.0 July 4, 2026
infunding infunding
91
InFunding – Plugin for Charity & Crowdfunding Website <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
Image Source Control Lite – Show Image Credits and Captions image-source-control-isc
89
Image Source Control Lite – Show Image Credits and Captions <= 2.28.0 - Reflected Cross-Site Scripting LOW *-2.28.0 2.28.1 July 4, 2026
history-timeline history-timeline
91
History timeline <= 0.7.2 - Reflected Cross-Site Scripting LOW *-0.7.2 July 4, 2026
guten-free-options guten-free-options
89
Guten Free Options <= 0.9.5 - Reflected Cross-Site Scripting LOW *-0.9.5 July 4, 2026
evergreen-content-poster evergreen-content-poster
93
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion LOW *-1.4.4 1.4.5 July 4, 2026
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder everest-forms
68
Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.0.8 3.0.8.1 July 4, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title LOW *-3.3.2 3.3.3 July 4, 2026
Download Manager download-manager
63
Download Manager <= 3.3.06 - Unauthenticated Information Disclosure via Unprotected Directory LOW *-3.3.06 3.3.07 July 4, 2026
dh-local-seo dh-local-seo
91
WordPress Local SEO <= 2.3 - Unauthenticated SQL Injection LOW *-2.3 July 4, 2026
az-content-finder az-content-finder
91
AZ Content Finder <= 0.1 - Reflected Cross-Site Scripting LOW *-0.1 July 4, 2026
WP Hotel Booking wp-hotel-booking N/A WP Hotel Booking <= 2.1.5 - Missing Authorization LOW *-2.1.5 2.1.6 July 4, 2026
proofreading proofreading N/A Proofreading <= 1.2.1.1 - Reflected Cross-Site Scripting LOW *-1.2.1.1 1.2.2 July 4, 2026
sandbox sandbox N/A Sandbox <= 0.4 - Missing Authorization to Authenticated (Subscriber+) Sandbox Download LOW *-0.4 July 4, 2026
LOW

seo-blogger-to-wordpress-301-redirector

seo-blogger-to-wordpress-301-redirector

Score: N/A SEO Blogger to WordPress Migration using 301 Redirection <= 0.4.8 - Reflected Cross-Site Scripting Affected: *-0.4.8 Patched: Updated: July 4, 2026
LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.9.0 Patched: 6.9.1 Updated: July 4, 2026
LOW

cliptakes

cliptakes

Score: 93/100 Cliptakes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.4 Patched: 1.3.5 Updated: July 4, 2026
LOW

wp-meta-data-filter-and-taxonomy-filter

wp-meta-data-filter-and-taxonomy-filter

Score: N/A MDTF – Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.3.6 Patched: 1.3.3.7 Updated: July 4, 2026
LOW

th-variation-swatches

th-variation-swatches

Score: N/A Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset Affected: 1.0.8-1.3.2 Patched: 1.3.3 Updated: July 4, 2026
LOW

fusion-builder

fusion-builder

Score: 93/100 Avada Builder <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets Affected: *-3.11.11 Patched: 3.11.12 Updated: July 4, 2026
LOW

wp-panoramio

wp-panoramio

Score: N/A WP Panoramio <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5.0 Patched: Updated: July 4, 2026
LOW

woo-product-tables

woo-product-tables

Score: N/A Product Table by WBW <= 2.1.2 - Unuthenticated SQL Injection Affected: *-2.1.2 Patched: 2.1.3 Updated: July 4, 2026
LOW

videowhisper-live-streaming-integration

videowhisper-live-streaming-integration

Score: N/A Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.1.9 Patched: 6.1.10 Updated: July 4, 2026
LOW

toocheke-companion

toocheke-companion

Score: N/A Toocheke Companion <= 1.166 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.166 Patched: 1.167 Updated: July 4, 2026
LOW

tainacan

tainacan

Score: N/A Tainacan <= 0.21.12 - Authenticated (Subscriber+) SQL Injection Affected: *-0.21.12 Patched: 0.21.13 Updated: July 4, 2026
LOW

bmlt-meeting-map

bmlt-meeting-map

Score: 91/100 BMLT Meeting Map <= 2.6.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.6.0 Patched: 2.6.1 Updated: July 4, 2026
LOW

Prime Slider Addons for Elementor

bdthemes-prime-slider-lite

Score: 88/100 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.16.5 Patched: 3.16.6 Updated: July 4, 2026
LOW

gamipress

gamipress

Score: 93/100 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function Affected: *-7.2.1 Patched: 7.2.2 Updated: July 4, 2026
LOW

gamipress

gamipress

Score: 93/100 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function Affected: *-7.2.1 Patched: 7.2.2 Updated: July 4, 2026
LOW

gamipress

gamipress

Score: 93/100 GamiPress <= 7.3.1 - Unauthenticated SQL Injection via orderby Parameter Affected: *-7.3.1 Patched: 7.3.2 Updated: July 4, 2026
LOW

WP Hotel Booking

wp-hotel-booking

Score: N/A WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval Affected: *-2.1.6 Patched: 2.1.7 Updated: July 4, 2026
LOW

ketchup-shortcodes-pack

ketchup-shortcodes-pack

Score: 93/100 Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.2 Patched: 0.2.1 Updated: July 4, 2026
LOW

wp-polls

wp-polls

Score: N/A WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting Affected: *-2.77.2 Patched: 2.77.3 Updated: July 4, 2026
LOW

zarinpal-paid-downloads

zarinpal-paid-downloads

Score: N/A Zarinpal Paid Downloads <= 2.3 - Authenticated (Admin+) Arbitrary File Upload Affected: *-2.3 Patched: Updated: July 4, 2026
LOW

zarinpal-paid-downloads

zarinpal-paid-downloads

Score: N/A Zarinpal Paid Downloads <= 2.3 - Reflected Cross-Site Scripting Affected: *-2.3 Patched: Updated: July 4, 2026
LOW

xml-for-google-merchant-center

xml-for-google-merchant-center

Score: N/A XML for Google Merchant Center <= 3.0.11 - Reflected Cross-Site Scripting Affected: *-3.0.11 Patched: 3.0.12 Updated: July 4, 2026
LOW

wpbot-pro

wpbot-pro

Score: N/A WPBot Pro Wordpress Chatbot <= 13.5.4 - Unauthenticated Arbitrary File Upload Affected: *-13.5.4 Patched: 13.5.6 Updated: July 4, 2026
LOW

wpbot-pro

wpbot-pro

Score: N/A WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation Affected: *-13.5.5 Patched: 13.5.6 Updated: July 4, 2026
LOW

themify-builder

themify-builder

Score: N/A Themify Builder <= 7.6.5 - Reflected Cross-Site Scripting Affected: *-7.6.5 Patched: 7.6.6 Updated: July 4, 2026
LOW

term-taxonomy-converter

term-taxonomy-converter

Score: N/A Term Taxonomy Converter <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: 1.2.1 Updated: July 4, 2026
LOW

stray-quotes

stray-quotes

Score: N/A Stray Random Quotes <= 1.9.9 - Reflected Cross-Site Scripting Affected: *-1.9.9 Patched: Updated: July 4, 2026
LOW

stackable-ultimate-gutenberg-blocks

stackable-ultimate-gutenberg-blocks

Score: N/A Stackable – Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.13.11 Patched: 3.13.12 Updated: July 4, 2026
LOW

save-as-pdf-by-pdfcrowd

save-as-pdf-by-pdfcrowd

Score: N/A Save as PDF Plugin by Pdfcrowd <= 4.4.0 - Unauthenticated PHP Object Injection Affected: *-4.4.0 Patched: 4.4.1 Updated: July 4, 2026
LOW

picture-gallery

picture-gallery

Score: 93/100 Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.19 Patched: 1.5.20 Updated: July 4, 2026
LOW

facebook-like-send-button

facebook-like-send-button

Score: 93/100 FireCask Like & Share Button <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter Affected: *-1.2 Patched: 1.3 Updated: July 4, 2026
LOW

super-socializer

super-socializer

Score: N/A Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.14 - Unauthenticated Limited SQL Injection via 'SuperSocializerKey' Affected: *-7.14 Patched: 7.14.1 Updated: July 4, 2026
LOW

wp-greet

wp-greet

Score: N/A wp-greet <= 6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-6.2 Patched: 6.3 Updated: July 4, 2026
LOW

wp-bibtex

wp-bibtex

Score: N/A WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting Affected: *-3.0.1 Patched: 3.0.2 Updated: July 4, 2026
LOW

jet-elements

jet-elements

Score: 93/100 Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-2.7.2.1 Patched: 2.7.3 Updated: July 4, 2026
LOW

1003-mortgage-application

1003-mortgage-application

Score: 93/100 1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure Affected: *-1.87 Patched: Updated: July 4, 2026
LOW

uix-page-builder

uix-page-builder

Score: N/A Uix Page Builder <= 1.7.4 - Reflected Cross-Site Scripting Affected: *-1.7.4 Patched: 1.7.5 Updated: July 4, 2026
LOW

tamara-checkout

tamara-checkout

Score: N/A Tamara Checkout <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.9 Patched: 1.9.9.1 Updated: July 4, 2026
LOW

string-locator

string-locator

Score: N/A String Locator <= 2.6.6 - Unauthenticated PHP Object Injection Affected: *-2.6.6 Patched: 2.6.7 Updated: July 4, 2026
LOW

ppo-call-to-actions

ppo-call-to-actions

Score: N/A PPO Call To Actions <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1.3 Patched: Updated: July 4, 2026
LOW

postpage-import-export-with-custom-fields-taxonomies

postpage-import-export-with-custom-fields-taxonomies

Score: N/A Post/Page Copying Tool to Export and Import post/page for Cross site Migration <= 2.0.3 - Authenticated (Contributor+) Arbitrary File Upload Affected: *-2.0.3 Patched: 2.0.4 Updated: July 4, 2026
LOW

link-library

link-library

Score: 93/100 Link Library <= 7.7.2 - Reflected Cross-Site Scripting Affected: *-7.7.2 Patched: 7.7.3 Updated: July 4, 2026
LOW

gf-excel-import

gf-excel-import

Score: 93/100 Import Excel to Gravity Forms <= 1.18 - Reflected Cross-Site Scripting Affected: *-1.18 Patched: 1.18.1 Updated: July 4, 2026
LOW

fundpress

fundpress

Score: 93/100 FundPress <= 2.0.6 - Unauthenticated PHP Object Injection Affected: *-2.0.6 Patched: 2.0.7 Updated: July 4, 2026
LOW

estatebud-properties-listings

estatebud-properties-listings

Score: 89/100 Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-5.5.0 Patched: Updated: July 4, 2026
LOW

empty-tags-remover

empty-tags-remover

Score: 93/100 Empty Tags Remover <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: 1.1.0 Updated: July 4, 2026
LOW

ecab-taxi-booking-manager

ecab-taxi-booking-manager

Score: 93/100 Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab <= 1.1.8 - Authenticated (Contributor+) PHP Object Injection Affected: *-1.1.8 Patched: 1.1.9 Updated: July 4, 2026
LOW

easy-real-estate

easy-real-estate

Score: 93/100 Easy Real Estate <= 2.2.9- Unauthenticated Privilege Escalation Affected: *-2.2.9 Patched: 2.3.0 Updated: July 4, 2026
LOW

bp-email-assign-templates

bp-email-assign-templates

Score: 93/100 BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: 1.6 Updated: July 4, 2026
LOW

atarim-visual-collaboration

atarim-visual-collaboration

Score: 93/100 Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion Affected: *-4.0.9 Patched: 4.1.0 Updated: July 4, 2026
LOW

anyguide

anyguide

Score: 95/100 AnyRoad <= 1.3.2 - Cross-Site Request Forgery Affected: *-1.3.2 Patched: Updated: July 4, 2026
LOW

adirectory

adirectory

Score: 97/100 aDirectory – WordPress Directory Listing Plugin <= 1.6.5 - Unauthenticated PHP Object Injection Affected: *-1.6.5 Patched: 1.9 Updated: July 4, 2026
LOW

wp-all-import-pro

wp-all-import-pro

Score: N/A WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload Affected: *-4.9.7 Patched: 4.9.8 Updated: July 4, 2026
LOW

wp-query-creator

wp-query-creator

Score: N/A WP Query Creator <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

weaver-themes-shortcode-compatibility

weaver-themes-shortcode-compatibility

Score: N/A Weaver Themes Shortcode Compatibility <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 4, 2026
LOW

sponsered-link

sponsered-link

Score: N/A Sponsered Link <= 4.0 - Reflected Cross-Site Scripting Affected: *-4.0 Patched: 6.0 Updated: July 4, 2026
LOW

small-package-quotes-wwe-edition

small-package-quotes-wwe-edition

Score: N/A Small Package Quotes – Worldwide Express Edition <= 5.2.17 - Unauthenticated SQL Injection Affected: *-5.2.17 Patched: 5.2.18 Updated: July 4, 2026
LOW

small-package-quotes-unishippers-edition

small-package-quotes-unishippers-edition

Score: N/A Small Package Quotes – Unishippers Edition <= 2.4.8 - Unauthenticated SQL Injection Affected: *-2.4.8 Patched: 2.4.9 Updated: July 4, 2026
LOW

Simple Membership Custom Messages

simple-membership-custom-messages

Score: N/A Simple Membership Custom Messages <= 2.4 - Reflected Cross-Site Scripting Affected: *-2.4 Patched: 2.5 Updated: July 4, 2026
LOW

related-post-shortcode

related-post-shortcode

Score: N/A Related Post Shortcode <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

ltl-freight-quotes-worldwide-express-edition

ltl-freight-quotes-worldwide-express-edition

Score: 93/100 LTL Freight Quotes – Worldwide Express Edition <= 5.0.20 - Unauthenticated SQL Injection Affected: *-5.0.20 Patched: 5.0.21 Updated: July 4, 2026
LOW

emi-calculator

emi-calculator

Score: 91/100 EMI Calculator <= 1.1 - Missing Authorization to Unauthenticated Settings Change Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

bonjour-bar

bonjour-bar

Score: 91/100 Bonjour Bar <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

agecheckernet

agecheckernet

Score: 95/100 Age Verification for your checkout page. Verify your customer's identity <= 1.20.0 - Reflected Cross-Site Scripting Affected: 1.20.0 Patched: Updated: July 4, 2026
LOW

WP Extended – The Ultimate WordPress Toolkit

wpextended

Score: N/A The Ultimate WordPress Toolkit – WP Extended <= 3.0.12 - Unauthenticated SQL Injection via Login Attempts Module Affected: *-3.0.12 Patched: 3.0.13 Updated: July 4, 2026
LOW

utilities-for-mtg

utilities-for-mtg

Score: N/A Utilities for MTG <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 4, 2026
LOW

webcamconsult

webcamconsult

Score: N/A Webcamconsult <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5.0 Patched: 1.6.0 Updated: July 4, 2026
LOW

jet-engine

jet-engine

Score: 93/100 Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter Affected: *-3.6.2 Patched: 3.6.3 Updated: July 4, 2026
LOW

picture-gallery

picture-gallery

Score: 93/100 Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode Affected: *-1.5.22 Patched: 1.5.23 Updated: July 4, 2026
LOW

wp-abstracts-manuscripts-manager

wp-abstracts-manuscripts-manager

Score: N/A WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-2.7.2 Patched: 2.7.3 Updated: July 4, 2026
LOW

wpsyncsheets-elementor

wpsyncsheets-elementor

Score: N/A WPSyncSheets Lite For Elementor – Elementor Pro Form Google Spreadsheet Addon <= 1.4 - Running Vulnerable Dependencies Affected: *-1.4 Patched: 1.4.1 Updated: July 4, 2026
LOW

video-share-vod

video-share-vod

Score: N/A Video Share VOD – Turnkey Video Site Builder Script <= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.31 Patched: 2.6.32 Updated: July 4, 2026
LOW

simplepress

simplepress

Score: N/A Simple:Press Forum <= 6.10.10 - Reflected Cross-Site Scripting via msearch Affected: *-6.10.10 Patched: 6.10.11 Updated: July 4, 2026
LOW

shipworks-e-commerce-bridge

shipworks-e-commerce-bridge

Score: N/A ShipWorks Connector for Woocommerce <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update Affected: *-5.2.5 Patched: 5.2.6 Updated: July 4, 2026
LOW

screenshot-machine-shortcode

screenshot-machine-shortcode

Score: N/A JSM Screenshot Machine Shortcode <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.0 Patched: 3.0.0 Updated: July 4, 2026
LOW

rate-star-review

rate-star-review

Score: N/A Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.3 Patched: 1.6.4 Updated: July 4, 2026
LOW

podlove-podcasting-plugin-for-wordpress

podlove-podcasting-plugin-for-wordpress

Score: 93/100 Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name Affected: *-4.1.25 Patched: 4.2.0 Updated: July 4, 2026
LOW

paid-membership

paid-membership

Score: 93/100 MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.29 Patched: 2.9.30 Updated: July 4, 2026
LOW

marketking-multivendor-marketplace-for-woocommerce

marketking-multivendor-marketplace-for-woocommerce

Score: 93/100 MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 1.9.80 - Authenticated (Shop Manager+) Stored Cross-Site Scripting Affected: *-1.9.80 Patched: 2.0.0 Updated: July 4, 2026
LOW

legull

legull

Score: 91/100 Legull <= 1.2.2 - Reflected Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 4, 2026
LOW

kubio

kubio

Score: 93/100 Kubio AI Page Builder <= 2.3.5 - Reflected Cross-Site Scripting Affected: *-2.3.5 Patched: 2.4.0 Updated: July 4, 2026
LOW

infunding

infunding

Score: 91/100 InFunding – Plugin for Charity & Crowdfunding Website <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

history-timeline

history-timeline

Score: 91/100 History timeline <= 0.7.2 - Reflected Cross-Site Scripting Affected: *-0.7.2 Patched: Updated: July 4, 2026
LOW

guten-free-options

guten-free-options

Score: 89/100 Guten Free Options <= 0.9.5 - Reflected Cross-Site Scripting Affected: *-0.9.5 Patched: Updated: July 4, 2026
LOW

evergreen-content-poster

evergreen-content-poster

Score: 93/100 Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion Affected: *-1.4.4 Patched: 1.4.5 Updated: July 4, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.06 - Unauthenticated Information Disclosure via Unprotected Directory Affected: *-3.3.06 Patched: 3.3.07 Updated: July 4, 2026
LOW

dh-local-seo

dh-local-seo

Score: 91/100 WordPress Local SEO <= 2.3 - Unauthenticated SQL Injection Affected: *-2.3 Patched: Updated: July 4, 2026
LOW

az-content-finder

az-content-finder

Score: 91/100 AZ Content Finder <= 0.1 - Reflected Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 4, 2026
LOW

WP Hotel Booking

wp-hotel-booking

Score: N/A WP Hotel Booking <= 2.1.5 - Missing Authorization Affected: *-2.1.5 Patched: 2.1.6 Updated: July 4, 2026
LOW

proofreading

proofreading

Score: N/A Proofreading <= 1.2.1.1 - Reflected Cross-Site Scripting Affected: *-1.2.1.1 Patched: 1.2.2 Updated: July 4, 2026
LOW

sandbox

sandbox

Score: N/A Sandbox <= 0.4 - Missing Authorization to Authenticated (Subscriber+) Sandbox Download Affected: *-0.4 Patched: Updated: July 4, 2026

Showing 12801 to 12900 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 22:22 UTC.