Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
taqnix	taqnix	N/A	Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action	LOW	*-1.0.3	1.0.4	June 29, 2026
wp-books-gallery	wp-books-gallery	N/A	WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter	LOW	*-4.8.0	4.8.1	June 29, 2026
drag-and-drop-file-upload-for-contact-form-7	drag-and-drop-file-upload-for-contact-form-7	93	Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass	LOW	*-1.1.3	1.1.4	June 29, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor	royal-elementor-addons	N/A	Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field	LOW	*-1.7.1056	1.7.1057	June 29, 2026
booking-calendar-contact-form	booking-calendar-contact-form	93	Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover	LOW	*-1.2.63	1.2.64	June 29, 2026
google-analytics-dashboard-for-wp	google-analytics-dashboard-for-wp	93	ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token'	LOW	*-9.1.2	9.1.3	June 29, 2026
betterdocs	betterdocs	93	BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage	LOW	*-4.3.11	4.3.12	June 29, 2026
maxi-blocks	maxi-blocks	93	Maxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' Parameter	LOW	*-2.1.8	2.1.9	June 29, 2026
wp-user-avatar	wp-user-avatar	N/A	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-4.16.13	4.16.14	June 29, 2026
wp-time-slots-booking-form	wp-time-slots-booking-form	N/A	WP Time Slots Booking Form <= 1.2.46 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.2.46	1.2.47	June 29, 2026
wp-sms	wp-sms	N/A	WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce <= 7.2.1 - Authenticated (Subscriber+) Information Exposure	LOW	*-7.2.1	7.2.2	June 29, 2026
rescue-shortcodes	rescue-shortcodes	N/A	Rescue Shortcodes <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.3	3.4	June 29, 2026
quiz-master-next	quiz-master-next	N/A	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker <= 11.0.0 - Unauthenticated Stored Cross-Site Scripting	LOW	*-11.0.0	11.1.0	June 29, 2026
masterstudy-lms-learning-management-system-pro	masterstudy-lms-learning-management-system-pro	93	MasterStudy LMS Pro < 4.7.16 - Missing Authorization	LOW	[*, 4.7.16)	4.7.16	June 29, 2026
kivicare-clinic-management-system	kivicare-clinic-management-system	93	KiviCare – Clinic & Patient Management System (EHR) <= 4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-4.2.1	4.3.0	June 29, 2026
ecab-taxi-booking-manager	ecab-taxi-booking-manager	93	E-cab Taxi Booking Manager for Woocommerce <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.0	2.0.1	June 29, 2026
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	chatbot	66	WPBot – AI ChatBot for Live Support, Lead Generation, AI Services <= 7.9.7 - Missing Authorization	LOW	*-7.9.7	7.9.9	June 29, 2026
bookify	bookify	93	Bookify – Appointment Booking & Scheduling for WordPress <= 1.1.1 - Missing Authorization	LOW	*-1.1.1	1.1.2	June 29, 2026
bBlocks – Essential Gutenberg Blocks & Patterns Collection	b-blocks	90	bBlocks – Essential Gutenberg Blocks & Patterns Collection < 2.0.30 - Missing Authorization	LOW	[*, 2.0.30)	2.0.30	June 29, 2026
automatorwp	automatorwp	93	AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.6.7 - Missing Authorization	LOW	*-5.6.7	5.6.8	June 29, 2026
Booking for Appointments and Events Calendar – Amelia	ameliabooking	97	Booking for Appointments and Events Calendar – Amelia <= 2.2 - Unauthenticated Information Exposure	LOW	*-2.2	2.2.1	June 29, 2026
acf-galerie-4	acf-galerie-4	97	ACF Galerie 4 <= 1.4.2 - Missing Authorization	LOW	*-1.4.2	1.4.3	June 29, 2026
google-analytics-dashboard-for-wp	google-analytics-dashboard-for-wp	93	ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process	LOW	*-9.1.2	9.1.3	June 29, 2026
wp-store-locator	wp-store-locator	N/A	WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta	LOW	*-2.2.261	2.3.0	June 29, 2026
Breeze Cache	breeze	79	Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote	LOW	*-2.4.4	2.4.5	June 29, 2026
gutentor	gutentor	91	Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML	LOW	*-3.5.5	3.5.6	June 29, 2026
social-rocket	social-rocket	N/A	Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id	LOW	*-1.3.4.2	1.3.5	June 29, 2026
wpadverts	wpadverts	N/A	WPAdverts – Classifieds Plugin <= 2.3.0 - Missing Authorization	LOW	*-2.3.0	2.3.1	June 29, 2026
wp-marketing-automations	wp-marketing-automations	N/A	FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.7.3 - Missing Authorization	LOW	*-3.7.3	3.8.0	June 29, 2026
reviewx	reviewx	N/A	ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema <= 2.3.6 - Missing Authorization	LOW	*-2.3.6	2.3.7	June 29, 2026
link-library	link-library	93	Link Library <= 7.8.8 - Authenticated (Contributor+) Arbitrary File Deletion	LOW	*-7.8.8	7.8.9	June 29, 2026
feed-kuantokusta-for-woocommerce	feed-kuantokusta-for-woocommerce	93	Feed KuantoKusta for WooCommerce – Free <= 5.3 - Unauthenticated SQL Injection	LOW	*-5.3	5.3.1	June 29, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets	essential-addons-for-elementor-lite	85	Essential Addons for Elementor – Popular Elementor Templates & Widgets < 6.6.0 - Missing Authorization	LOW	[*, 6.6.0)	6.6.0	June 29, 2026
contact-form-to-any-api	contact-form-to-any-api	91	Contact Form to Any API <= 3.0.3 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.0.3		June 29, 2026
bookit	bookit	93	Bookit — Booking & Appointment Calendar <= 2.5.1 - Missing Authorization	LOW	*-2.5.1	2.5.4.1	June 29, 2026
blocksy-companion-pro	blocksy-companion-pro	93	Blocksy Companion Pro <= 2.1.37 - Authenticated (Contributor+) Remote Code Execution	LOW	*-2.1.37	2.1.38	June 29, 2026
gutentools	gutentools	93	Gutentools <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Slider Block Attributes	LOW	*-1.1.3	1.1.4	June 29, 2026
gallagher-website-design	gallagher-website-design	93	Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute	LOW	*-2.6.4	2.6.5	June 29, 2026
emailchef	emailchef	93	Emailchef <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion	LOW	*-3.5.1	3.5.2	June 29, 2026
short-comment-filter	short-comment-filter	N/A	Short Comment Filter <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Minimum Count' Setting	LOW	*-2.2		June 29, 2026
private-wp-suite	private-wp-suite	N/A	Private WP suite <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Exceptions' Setting	LOW	*-0.4.1		June 29, 2026
re-pro	re-pro	N/A	Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings	LOW	*-1.0.9		June 29, 2026
http-headers	http-headers	87	HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or Path to RCE via 'hh_htpasswd_path' and 'hh_www_authenticate_user' Parameters	LOW	*-1.19.2		June 29, 2026
http-headers	http-headers	87	HTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header Values	LOW	*-1.19.2		June 29, 2026
http-headers	http-headers	87	HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting	LOW	*-1.19.2		June 29, 2026
table-manager	table-manager	N/A	Table Manager <= 1.0.0 - Authenticated (Contributor+) Sensitive Information Exposure via 'table' Shortcode Attribute	LOW	*-1.0.0		June 29, 2026
create-db-tables	create-db-tables	91	Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php	LOW	*-1.2.1		June 29, 2026
calj	calj	91	CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action	LOW	*-1.5		June 29, 2026
tp-restore-categories-and-taxonomies	tp-restore-categories-and-taxonomies	N/A	TP Restore Categories And Taxonomies <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Taxonomy Deletion via 'tpmcattt_delete_term' AJAX Action	LOW	*-1.0.1		June 29, 2026
inquiry-cart	inquiry-cart	89	Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form	LOW	*-3.4.2		June 29, 2026
wp-popup-optin	wp-popup-optin	N/A	WP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' Parameter	LOW	*-1.4		June 29, 2026
ci-hub-connector	ci-hub-connector	91	CI HUB Connector <= 1.2.106 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	LOW	*-1.2.106		June 29, 2026
textp2p-texting-widget	textp2p-texting-widget	N/A	TextP2P Texting Widget <= 1.7 - Cross-Site Request Forgery to Settings Update	LOW	*-1.7		June 29, 2026
kcaptcha	kcaptcha	91	Kcaptcha <= 1.0.1 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.1		June 29, 2026
call-to-action-plugin	call-to-action-plugin	91	Call To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update	LOW	*-3.1.3		June 29, 2026
twittee-text-tweet	twittee-text-tweet	N/A	Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	LOW	*-1.0.8		June 29, 2026
bread-butter	bread-butter	91	Bread & Butter: Content Gating for Verified Leads <= 8.2.0.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-8.2.0.25		June 29, 2026
switch-cta-box	switch-cta-box	N/A	Switch CTA Box <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1		June 29, 2026
my-instagram-feed	my-instagram-feed	N/A	Easy Social Photos Gallery <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrapper_class' Shortcode Attribute	LOW	*-3.1.2		June 29, 2026
slider-bootstrap-carousel	slider-bootstrap-carousel	N/A	Slider Bootstrap Carousel <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.7		June 29, 2026
er-swiffy-insert	er-swiffy-insert	91	ER Swiffy Insert <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.0		June 29, 2026
quran-live	quran-live	N/A	Quran Live Multilanguage <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.3		June 29, 2026
mcatfilter	mcatfilter	91	mCatFilter <= 0.5.2 - Cross-Site Request Forgery via compute_post() Function	LOW	*-0.5.2		June 29, 2026
dx-unanswered-comments	dx-unanswered-comments	91	DX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings Update	LOW	*-1.7		June 29, 2026
sentence-to-seo	sentence-to-seo	N/A	Sentence To SEO (keywords, description and tags) <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Permanent keywords' Field	LOW	*-1.0		June 29, 2026
ni-woocommerce-order-export	ni-woocommerce-order-export	N/A	Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action	LOW	*-3.1.6		June 29, 2026
wpmk-block	wpmk-block	N/A	WPMK Block <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.1		June 29, 2026
breaking-news-wp	breaking-news-wp	87	Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read	LOW	*-1.3		June 29, 2026
posts-map	posts-map	N/A	Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute	LOW	*-0.1.3		June 29, 2026
zypento-blocks	zypento-blocks	N/A	Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block	LOW	*-1.06		June 29, 2026
buzz-comments	buzz-comments	91	Buzz Comments <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Buzz Avatar' Setting	LOW	*-0.9.4		June 29, 2026
fast-fancy-filter-3f	fast-fancy-filter-3f	91	Fast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX Action	LOW	*-1.2.2		June 29, 2026
text-snippet	text-snippet	N/A	Text Snippets <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w' Shortcode Attribute	LOW	*-0.0.1		June 29, 2026
google-pagerank-display	google-pagerank-display	91	Google PageRank Display <= 1.4 - Cross-Site Request Forgery to Settings Update via Settings Page	LOW	*-1.4		June 29, 2026
slideshowpro-shortcode	slideshowpro-shortcode	N/A	SlideShowPro SC <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'album' Shortcode Attribute	LOW	*-1.0.2		June 29, 2026
simple-random-posts-shortcode	simple-random-posts-shortcode	N/A	Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute	LOW	*-0.3		June 29, 2026
Sendmachine for WordPress	sendmachine	93	Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests	LOW	*-1.0.20		June 29, 2026
wpforo	wpforo	N/A	wpForo Forum < 3.0.2 - Missing Authorization	LOW	[*, 3.0.2)	3.0.2	June 29, 2026
wp-graphql	wp-graphql	N/A	WPGraphQL < 2.11.1 - Unauthenticated SQL Injection	LOW	[*, 2.11.1)	2.11.1	June 29, 2026
woo-coupon-usage	woo-coupon-usage	N/A	Coupon Affiliates – Affiliate Plugin for WooCommerce <= 7.5.3 - Unauthenticated Stored Cross-Site Scripting	LOW	*-7.5.3	7.6.0	June 29, 2026
salon-booking-system	salon-booking-system	N/A	Salon Booking System – Free Version <= 10.30.24 - Unauthenticated Insecure Direct Object Reference	LOW	*-10.30.24	10.30.25	June 29, 2026
Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini	royal-mcp	96	Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini <= 1.4.2 - Missing Authorization	LOW	*-1.4.2	1.4.3	June 29, 2026
product-quantity-for-woocommerce	product-quantity-for-woocommerce	N/A	Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 - Reflected Cross-Site Scripting	LOW	*-5.2.2	5.2.3	June 29, 2026
motors-car-dealership-classified-listings	motors-car-dealership-classified-listings	N/A	Motors – Car Dealership & Classified Listings Plugin < 1.4.107 - Missing Authorization	LOW	[*, 1.4.107)	1.4.107	June 29, 2026
masterstudy-lms-learning-management-system	masterstudy-lms-learning-management-system	93	MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.25 - Authenticated (Subscriber+) SQL Injection	LOW	*-3.7.25	3.7.26	June 29, 2026
listingpro-plugin	listingpro-plugin	87	ListingPro Plugin <= 2.9.10 - Unauthenticated SQL Injection	LOW	*-2.9.10	2.9.11	June 29, 2026
give	give	93	GiveWP – Donation Plugin and Fundraising Platform <= 4.14.2 - Reflected Cross-Site Scripting	LOW	*-4.14.2	4.14.3	June 29, 2026
geeky-bot	geeky-bot	93	GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content <= 1.2.2 - Unauthenticated Arbitrary File Upload	LOW	*-1.2.2	1.2.3	June 29, 2026
funnelforms-pro	funnelforms-pro	91	FunnelFormsPro <= 3.8.1 - Authenticated (Subscriber+) Remote Code Execution	LOW	*-3.8.1		June 29, 2026
Email Encoder – Protect Email Addresses and Phone Numbers	email-encoder-bundle	91	Email Encoder – Protect Email Addresses and Phone Numbers < 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 2.3.4)	2.3.4	June 29, 2026
contest-gallery	contest-gallery	93	Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.6 - Unauthenticated SQL Injection	LOW	*-28.1.6	28.1.7	June 29, 2026
contact-form-extender-for-divi-builder	contact-form-extender-for-divi-builder	93	Contact Form Extender for Divi – Submissions DB & Extra Fields <= 1.0.6 - Unauthenticated Arbitrary File Deletion	LOW	*-1.0.6	1.0.7	June 29, 2026
collectchat	collectchat	93	Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.9 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.4.9	2.5.0	June 29, 2026
buddypress-media	buddypress-media	93	rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 - Missing Authorization	LOW	*-4.7.9	4.7.10	June 29, 2026
Booking Package	booking-package	85	Booking Package <= 1.7.06 - Missing Authorization	LOW	*-1.7.06	1.7.07	June 29, 2026
Website LLMs.txt	website-llms-txt	94	Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-8.2.6	8.2.7	June 29, 2026
responsive-block-editor-addons	responsive-block-editor-addons	N/A	Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions	LOW	2.0.9-2.2.1	2.2.2	June 29, 2026
responsive-block-editor-addons	responsive-block-editor-addons	N/A	Responsive Blocks <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter	LOW	*-2.2.0	2.2.1	June 29, 2026
cms-fuer-motorrad-werkstaetten	cms-fuer-motorrad-werkstaetten	89	Plugin: CMS für Motorrad Werkstätten <= 1.0.0 - Authenticated (Subscriber+) SQL Injection via 'arttype' Parameter	LOW	*-1.0.0		June 29, 2026
wpdatatables	wpdatatables	N/A	wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import	LOW	*-6.5.0.4	6.5.0.5	June 29, 2026

LOW

taqnix

Score: N/A Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action Affected: *-1.0.3 Patched: 1.0.4 Updated: June 29, 2026

LOW

wp-books-gallery

Score: N/A WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter Affected: *-4.8.0 Patched: 4.8.1 Updated: June 29, 2026

LOW

drag-and-drop-file-upload-for-contact-form-7

Score: 93/100 Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass Affected: *-1.1.3 Patched: 1.1.4 Updated: June 29, 2026

LOW

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Score: N/A Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field Affected: *-1.7.1056 Patched: 1.7.1057 Updated: June 29, 2026

LOW

booking-calendar-contact-form

Score: 93/100 Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover Affected: *-1.2.63 Patched: 1.2.64 Updated: June 29, 2026

LOW

google-analytics-dashboard-for-wp

Score: 93/100 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' Affected: *-9.1.2 Patched: 9.1.3 Updated: June 29, 2026

LOW

betterdocs

Score: 93/100 BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage Affected: *-4.3.11 Patched: 4.3.12 Updated: June 29, 2026

LOW

maxi-blocks

Score: 93/100 Maxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' Parameter Affected: *-2.1.8 Patched: 2.1.9 Updated: June 29, 2026

LOW

wp-user-avatar

Score: N/A Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-4.16.13 Patched: 4.16.14 Updated: June 29, 2026

LOW

wp-time-slots-booking-form

Score: N/A WP Time Slots Booking Form <= 1.2.46 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.2.46 Patched: 1.2.47 Updated: June 29, 2026

LOW

wp-sms

Score: N/A WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce <= 7.2.1 - Authenticated (Subscriber+) Information Exposure Affected: *-7.2.1 Patched: 7.2.2 Updated: June 29, 2026

LOW

rescue-shortcodes

Score: N/A Rescue Shortcodes <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3 Patched: 3.4 Updated: June 29, 2026

LOW

quiz-master-next

Score: N/A Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker <= 11.0.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-11.0.0 Patched: 11.1.0 Updated: June 29, 2026

LOW

masterstudy-lms-learning-management-system-pro

Score: 93/100 MasterStudy LMS Pro < 4.7.16 - Missing Authorization Affected: [*, 4.7.16) Patched: 4.7.16 Updated: June 29, 2026

LOW

kivicare-clinic-management-system

Score: 93/100 KiviCare – Clinic & Patient Management System (EHR) <= 4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-4.2.1 Patched: 4.3.0 Updated: June 29, 2026

LOW

ecab-taxi-booking-manager

Score: 93/100 E-cab Taxi Booking Manager for Woocommerce <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.0.1 Updated: June 29, 2026

LOW

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

Score: 66/100 WPBot – AI ChatBot for Live Support, Lead Generation, AI Services <= 7.9.7 - Missing Authorization Affected: *-7.9.7 Patched: 7.9.9 Updated: June 29, 2026

LOW

bookify

Score: 93/100 Bookify – Appointment Booking & Scheduling for WordPress <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: 1.1.2 Updated: June 29, 2026

LOW

bBlocks – Essential Gutenberg Blocks & Patterns Collection

b-blocks

Score: 90/100 bBlocks – Essential Gutenberg Blocks & Patterns Collection < 2.0.30 - Missing Authorization Affected: [*, 2.0.30) Patched: 2.0.30 Updated: June 29, 2026

LOW

automatorwp

Score: 93/100 AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.6.7 - Missing Authorization Affected: *-5.6.7 Patched: 5.6.8 Updated: June 29, 2026

LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Booking for Appointments and Events Calendar – Amelia <= 2.2 - Unauthenticated Information Exposure Affected: *-2.2 Patched: 2.2.1 Updated: June 29, 2026

LOW

acf-galerie-4

Score: 97/100 ACF Galerie 4 <= 1.4.2 - Missing Authorization Affected: *-1.4.2 Patched: 1.4.3 Updated: June 29, 2026

LOW

google-analytics-dashboard-for-wp

Score: 93/100 ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process Affected: *-9.1.2 Patched: 9.1.3 Updated: June 29, 2026

LOW

wp-store-locator

Score: N/A WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta Affected: *-2.2.261 Patched: 2.3.0 Updated: June 29, 2026

LOW

Breeze Cache

breeze

Score: 79/100 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote Affected: *-2.4.4 Patched: 2.4.5 Updated: June 29, 2026

LOW

gutentor

Score: 91/100 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML Affected: *-3.5.5 Patched: 3.5.6 Updated: June 29, 2026

LOW

social-rocket

Score: N/A Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id Affected: *-1.3.4.2 Patched: 1.3.5 Updated: June 29, 2026

LOW

wpadverts

Score: N/A WPAdverts – Classifieds Plugin <= 2.3.0 - Missing Authorization Affected: *-2.3.0 Patched: 2.3.1 Updated: June 29, 2026

LOW

wp-marketing-automations

Score: N/A FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.7.3 - Missing Authorization Affected: *-3.7.3 Patched: 3.8.0 Updated: June 29, 2026

LOW

reviewx

Score: N/A ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema <= 2.3.6 - Missing Authorization Affected: *-2.3.6 Patched: 2.3.7 Updated: June 29, 2026

LOW

link-library

Score: 93/100 Link Library <= 7.8.8 - Authenticated (Contributor+) Arbitrary File Deletion Affected: *-7.8.8 Patched: 7.8.9 Updated: June 29, 2026

LOW

feed-kuantokusta-for-woocommerce

Score: 93/100 Feed KuantoKusta for WooCommerce – Free <= 5.3 - Unauthenticated SQL Injection Affected: *-5.3 Patched: 5.3.1 Updated: June 29, 2026

LOW

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Score: 85/100 Essential Addons for Elementor – Popular Elementor Templates & Widgets < 6.6.0 - Missing Authorization Affected: [*, 6.6.0) Patched: 6.6.0 Updated: June 29, 2026

LOW

contact-form-to-any-api

Score: 91/100 Contact Form to Any API <= 3.0.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.0.3 Patched: Updated: June 29, 2026

LOW

bookit

Score: 93/100 Bookit — Booking & Appointment Calendar <= 2.5.1 - Missing Authorization Affected: *-2.5.1 Patched: 2.5.4.1 Updated: June 29, 2026

LOW

blocksy-companion-pro

Score: 93/100 Blocksy Companion Pro <= 2.1.37 - Authenticated (Contributor+) Remote Code Execution Affected: *-2.1.37 Patched: 2.1.38 Updated: June 29, 2026

LOW

gutentools

Score: 93/100 Gutentools <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Slider Block Attributes Affected: *-1.1.3 Patched: 1.1.4 Updated: June 29, 2026

LOW

gallagher-website-design

Score: 93/100 Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute Affected: *-2.6.4 Patched: 2.6.5 Updated: June 29, 2026

LOW

emailchef

Score: 93/100 Emailchef <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion Affected: *-3.5.1 Patched: 3.5.2 Updated: June 29, 2026

LOW

short-comment-filter

Score: N/A Short Comment Filter <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Minimum Count' Setting Affected: *-2.2 Patched: Updated: June 29, 2026

LOW

private-wp-suite

Score: N/A Private WP suite <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Exceptions' Setting Affected: *-0.4.1 Patched: Updated: June 29, 2026

LOW

re-pro

Score: N/A Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings Affected: *-1.0.9 Patched: Updated: June 29, 2026

LOW

http-headers

Score: 87/100 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or Path to RCE via 'hh_htpasswd_path' and 'hh_www_authenticate_user' Parameters Affected: *-1.19.2 Patched: Updated: June 29, 2026

LOW

http-headers

Score: 87/100 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header Values Affected: *-1.19.2 Patched: Updated: June 29, 2026

LOW

http-headers

Score: 87/100 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting Affected: *-1.19.2 Patched: Updated: June 29, 2026

LOW

table-manager

Score: N/A Table Manager <= 1.0.0 - Authenticated (Contributor+) Sensitive Information Exposure via 'table' Shortcode Attribute Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

create-db-tables

Score: 91/100 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php Affected: *-1.2.1 Patched: Updated: June 29, 2026

LOW

calj

Score: 91/100 CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action Affected: *-1.5 Patched: Updated: June 29, 2026

LOW

tp-restore-categories-and-taxonomies

Score: N/A TP Restore Categories And Taxonomies <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Taxonomy Deletion via 'tpmcattt_delete_term' AJAX Action Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

inquiry-cart

Score: 89/100 Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form Affected: *-3.4.2 Patched: Updated: June 29, 2026

LOW

wp-popup-optin

Score: N/A WP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' Parameter Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

ci-hub-connector

Score: 91/100 CI HUB Connector <= 1.2.106 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute Affected: *-1.2.106 Patched: Updated: June 29, 2026

LOW

textp2p-texting-widget

Score: N/A TextP2P Texting Widget <= 1.7 - Cross-Site Request Forgery to Settings Update Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

kcaptcha

Score: 91/100 Kcaptcha <= 1.0.1 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

call-to-action-plugin

Score: 91/100 Call To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update Affected: *-3.1.3 Patched: Updated: June 29, 2026

LOW

twittee-text-tweet

Score: N/A Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute Affected: *-1.0.8 Patched: Updated: June 29, 2026

LOW

bread-butter

Score: 91/100 Bread & Butter: Content Gating for Verified Leads <= 8.2.0.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-8.2.0.25 Patched: Updated: June 29, 2026

LOW

switch-cta-box

Score: N/A Switch CTA Box <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

my-instagram-feed

Score: N/A Easy Social Photos Gallery <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrapper_class' Shortcode Attribute Affected: *-3.1.2 Patched: Updated: June 29, 2026

LOW

slider-bootstrap-carousel

Score: N/A Slider Bootstrap Carousel <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.7 Patched: Updated: June 29, 2026

LOW

er-swiffy-insert

Score: 91/100 ER Swiffy Insert <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

quran-live

Score: N/A Quran Live Multilanguage <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.3 Patched: Updated: June 29, 2026

LOW

mcatfilter

Score: 91/100 mCatFilter <= 0.5.2 - Cross-Site Request Forgery via compute_post() Function Affected: *-0.5.2 Patched: Updated: June 29, 2026

LOW

dx-unanswered-comments

Score: 91/100 DX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings Update Affected: *-1.7 Patched: Updated: June 29, 2026

LOW

sentence-to-seo

Score: N/A Sentence To SEO (keywords, description and tags) <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Permanent keywords' Field Affected: *-1.0 Patched: Updated: June 29, 2026

LOW

ni-woocommerce-order-export

Score: N/A Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action Affected: *-3.1.6 Patched: Updated: June 29, 2026

LOW

wpmk-block

Score: N/A WPMK Block <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.1 Patched: Updated: June 29, 2026

LOW

breaking-news-wp

Score: 87/100 Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

posts-map

Score: N/A Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute Affected: *-0.1.3 Patched: Updated: June 29, 2026

LOW

zypento-blocks

Score: N/A Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block Affected: *-1.06 Patched: Updated: June 29, 2026

LOW

buzz-comments

Score: 91/100 Buzz Comments <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Buzz Avatar' Setting Affected: *-0.9.4 Patched: Updated: June 29, 2026

LOW

fast-fancy-filter-3f

Score: 91/100 Fast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX Action Affected: *-1.2.2 Patched: Updated: June 29, 2026

LOW

text-snippet

Score: N/A Text Snippets <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w' Shortcode Attribute Affected: *-0.0.1 Patched: Updated: June 29, 2026

LOW

google-pagerank-display

Score: 91/100 Google PageRank Display <= 1.4 - Cross-Site Request Forgery to Settings Update via Settings Page Affected: *-1.4 Patched: Updated: June 29, 2026

LOW

slideshowpro-shortcode

Score: N/A SlideShowPro SC <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'album' Shortcode Attribute Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

simple-random-posts-shortcode

Score: N/A Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute Affected: *-0.3 Patched: Updated: June 29, 2026

LOW

Sendmachine for WordPress

sendmachine

Score: 93/100 Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests Affected: *-1.0.20 Patched: Updated: June 29, 2026

LOW

wpforo

Score: N/A wpForo Forum < 3.0.2 - Missing Authorization Affected: [*, 3.0.2) Patched: 3.0.2 Updated: June 29, 2026

LOW

wp-graphql

Score: N/A WPGraphQL < 2.11.1 - Unauthenticated SQL Injection Affected: [*, 2.11.1) Patched: 2.11.1 Updated: June 29, 2026

LOW

woo-coupon-usage

Score: N/A Coupon Affiliates – Affiliate Plugin for WooCommerce <= 7.5.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-7.5.3 Patched: 7.6.0 Updated: June 29, 2026

LOW

salon-booking-system

Score: N/A Salon Booking System – Free Version <= 10.30.24 - Unauthenticated Insecure Direct Object Reference Affected: *-10.30.24 Patched: 10.30.25 Updated: June 29, 2026

LOW

Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini

royal-mcp

Score: 96/100 Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini <= 1.4.2 - Missing Authorization Affected: *-1.4.2 Patched: 1.4.3 Updated: June 29, 2026

LOW

product-quantity-for-woocommerce

Score: N/A Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 - Reflected Cross-Site Scripting Affected: *-5.2.2 Patched: 5.2.3 Updated: June 29, 2026

LOW

motors-car-dealership-classified-listings

Score: N/A Motors – Car Dealership & Classified Listings Plugin < 1.4.107 - Missing Authorization Affected: [*, 1.4.107) Patched: 1.4.107 Updated: June 29, 2026

LOW

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.25 - Authenticated (Subscriber+) SQL Injection Affected: *-3.7.25 Patched: 3.7.26 Updated: June 29, 2026

LOW

listingpro-plugin

Score: 87/100 ListingPro Plugin <= 2.9.10 - Unauthenticated SQL Injection Affected: *-2.9.10 Patched: 2.9.11 Updated: June 29, 2026

LOW

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 4.14.2 - Reflected Cross-Site Scripting Affected: *-4.14.2 Patched: 4.14.3 Updated: June 29, 2026

LOW

geeky-bot

Score: 93/100 GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content <= 1.2.2 - Unauthenticated Arbitrary File Upload Affected: *-1.2.2 Patched: 1.2.3 Updated: June 29, 2026

LOW

funnelforms-pro

Score: 91/100 FunnelFormsPro <= 3.8.1 - Authenticated (Subscriber+) Remote Code Execution Affected: *-3.8.1 Patched: Updated: June 29, 2026

LOW

Email Encoder – Protect Email Addresses and Phone Numbers

email-encoder-bundle

Score: 91/100 Email Encoder – Protect Email Addresses and Phone Numbers < 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 2.3.4) Patched: 2.3.4 Updated: June 29, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.6 - Unauthenticated SQL Injection Affected: *-28.1.6 Patched: 28.1.7 Updated: June 29, 2026

LOW

contact-form-extender-for-divi-builder

Score: 93/100 Contact Form Extender for Divi – Submissions DB & Extra Fields <= 1.0.6 - Unauthenticated Arbitrary File Deletion Affected: *-1.0.6 Patched: 1.0.7 Updated: June 29, 2026

LOW

collectchat

Score: 93/100 Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.4.9 Patched: 2.5.0 Updated: June 29, 2026

LOW

buddypress-media

Score: 93/100 rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 - Missing Authorization Affected: *-4.7.9 Patched: 4.7.10 Updated: June 29, 2026

LOW

Booking Package

booking-package

Score: 85/100 Booking Package <= 1.7.06 - Missing Authorization Affected: *-1.7.06 Patched: 1.7.07 Updated: June 29, 2026

LOW

Website LLMs.txt

website-llms-txt

Score: 94/100 Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-8.2.6 Patched: 8.2.7 Updated: June 29, 2026

LOW

responsive-block-editor-addons

Score: N/A Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions Affected: 2.0.9-2.2.1 Patched: 2.2.2 Updated: June 29, 2026

LOW

responsive-block-editor-addons

Score: N/A Responsive Blocks <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter Affected: *-2.2.0 Patched: 2.2.1 Updated: June 29, 2026

LOW

cms-fuer-motorrad-werkstaetten

Score: 89/100 Plugin: CMS für Motorrad Werkstätten <= 1.0.0 - Authenticated (Subscriber+) SQL Injection via 'arttype' Parameter Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

wpdatatables

Score: N/A wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import Affected: *-6.5.0.4 Patched: 6.5.0.5 Updated: June 29, 2026

Showing 1201 to 1300 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 08:52 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List