Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

100

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
glofox-shortcodes glofox-shortcodes
91
Glofox Shortcodes <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6 July 4, 2026
rss-icon-widget rss-icon-widget N/A RSS Icon Widget <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-5.2 July 4, 2026
mybookprogress mybookprogress
87
MyBookProgress by Stormhill Media <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via book Parameter LOW *-1.0.8 July 4, 2026
quote-post-type-plugin quote-post-type-plugin N/A quote-posttype-plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2 July 4, 2026
moving-users moving-users
93
Moving Users <= 1.05 - Unauthenticated Sensitive Information Exposure LOW *-1.05 1.10 July 4, 2026
youmax-channel-embeds-for-youtube-businesses youmax-channel-embeds-for-youtube-businesses N/A Youtube Video Grid | Youmax <= 1.9 - Reflected Cross-Site Scripting LOW *-1.9 July 4, 2026
ydn-download ydn-download N/A Download, Downloads – WordPress Download plugin By Edmon <= 1.4.2 - Reflected Cross-Site Scripting LOW *-1.4.2 July 4, 2026
ycyclista ycyclista N/A yCyclista <= 1.2.3 - Reflected Cross-Site Scripting LOW *-1.2.3 July 4, 2026
yacp yacp N/A Yet Another Countdown <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 4, 2026
xtra-settings xtra-settings N/A XTRA Settings <= 2.1.8 - Reflected Cross-Site Scripting LOW *-2.1.8 July 4, 2026
xola-bookings-for-tours-activities xola-bookings-for-tours-activities N/A Xola <= 1.6 - Missing Authorization LOW *-1.6 July 4, 2026
xlsx-viewer xlsx-viewer N/A XLSXviewer <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-2.1.1 July 4, 2026
wplyrics wplyrics N/A WP Lyrics <= 0.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.4.1 July 4, 2026
wplingo wplingo N/A WPLingo – Forum Plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion LOW *-1.1.2 July 4, 2026
wpjournal wpjournal N/A WP Journal <= 1.1 - Missing Authorization LOW *-1.1 July 4, 2026
wpfilesearch wpfilesearch N/A WordPress File Search <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 4, 2026
wpf-ultimate-carousel wpf-ultimate-carousel N/A WpF Ultimate Carousel <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.11 July 4, 2026
wpdevtool wpdevtool N/A WpDevTool <= 0.1.1 - Reflected Cross-Site Scripting LOW *-0.1.1 July 4, 2026
wpdb-to-sql wpdb-to-sql N/A WPDB to Sql <= 1.2 - Unauthenticated Sensitive Information Exposure LOW *-1.2 July 4, 2026
wp2appir wp2appir N/A WP2APP <= 2.6.2 - Reflected Cross-Site Scripting LOW *-2.6.2 July 4, 2026
wp-xintaoke wp-xintaoke N/A 新淘客WordPress插件 <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 July 4, 2026
wp-ultimate-reviews-free wp-ultimate-reviews-free N/A WP Ultimate Reviews FREE <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 4, 2026
wp-spacecontent wp-spacecontent N/A WP SpaceContent <= 0.4.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.4.5 July 4, 2026
wp-social-broadcast wp-social-broadcast N/A WP Social Broadcast <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 4, 2026
wp-smart-tool-tip wp-smart-tool-tip N/A WP Smart Tooltip <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.0 July 4, 2026
wp-service-payment-form-with-authorizenet wp-service-payment-form-with-authorizenet N/A WP Service Payment Form With Authorize.net <= 2.6.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-2.6.0 July 4, 2026
wp-sendgrid-mailer wp-sendgrid-mailer N/A SendGrid for WordPress <= 1.4 - Missing Authorization LOW *-1.4 July 4, 2026
wp-scribd-list wp-scribd-list N/A Wp-Scribd-List <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 4, 2026
wp-revive-adserver wp-revive-adserver N/A WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.1 July 4, 2026
wp-ptviewer wp-ptviewer N/A WP PT-Viewer <= 2.0.2 - Reflected Cross-Site Scripting LOW *-2.0.2 July 4, 2026
wp-post-category-notifications wp-post-category-notifications N/A WP Post Category Notifications <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
wp-player wp-player N/A WP-Player <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.1 July 4, 2026
wp-photo-sphere wp-photo-sphere N/A WP Photo Sphere <= 3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.8 July 4, 2026
wp-paypal wp-paypal N/A Payment Button for PayPal <= 1.2.3.35 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.3.35 1.2.3.36 July 4, 2026
wp-options-editor wp-options-editor N/A WP Options Editor <= 1.1 - Cross-Site Request Forgery to Privilege Escalation LOW *-1.1 July 4, 2026
wp-opensearch wp-opensearch N/A WP OpenSearch <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
wp-notcaptcha wp-notcaptcha N/A WP-NOTCAPTCHA <= 1.3.1 - Reflected Cross-Site Scripting LOW *-1.3.1 July 4, 2026
wp-meetup wp-meetup N/A WP Meetup <= 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-2.3.0 July 4, 2026
wp-login-attempt-log wp-login-attempt-log N/A WP Login Attempt Log <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 4, 2026
wp-load-gallery wp-load-gallery N/A WP Load Gallery <= 2.1.6 - Authenticated (Author+) Arbitrary File Upload LOW *-2.1.6 July 4, 2026
wp-krpano wp-krpano N/A WP krpano <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.1 July 4, 2026
wp-inventory-manager wp-inventory-manager N/A WP Inventory Manager <= 2.3.2 - Reflected Cross-Site Scripting LOW *-2.3.2 2.3.3 July 4, 2026
wp-intro-js-tours wp-intro-js-tours N/A WP Intro.JS Plugin <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 4, 2026
wp-imap-authentication wp-imap-authentication N/A WP IMAP Auth <= 4.0.1 - Reflected Cross-Site Scripting LOW *-4.0.1 July 4, 2026
wp-hr-manager wp-hr-manager N/A WP-HR Manager: The Human Resources Plugin for WordPress <= 3.1.0 - Reflected Cross-Site Scripting LOW *-3.1.0 3.2.0 July 4, 2026
wp-front-end-login-and-register wp-front-end-login-and-register N/A WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting LOW *-2.1.0 July 4, 2026
wp-fpo wp-fpo N/A WP FPO <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
wp-flickr-press wp-flickr-press N/A wp-flickr-press <= 2.6.4 - Reflected Cross-Site Scripting LOW *-2.6.4 July 4, 2026
wp-fixtag wp-fixtag N/A WP FixTag <= v2.0.2 - Reflected Cross-Site Scripting LOW * - v2.0.2 July 4, 2026
wp-download-codes wp-download-codes N/A WP Download Codes <= 2.5.4 - Reflected Cross-Site Scripting LOW *-2.5.4 July 4, 2026
wp-custom-google-search wp-custom-google-search N/A WP Custom Google Search <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
wp-cookies-alert wp-cookies-alert N/A WP Cookies Alert <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.1 July 4, 2026
wp-contest wp-contest N/A WP Contest <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 4, 2026
wp-clap wp-clap N/A WP-Clap <= 1.5 - Reflected Cross-Site Scripting LOW *-1.5 July 4, 2026
wp-block-pack wp-block-pack N/A Block Collection for You – WP Block Pack <= 1.1.6 - Reflected Cross-Site Scripting LOW *-1.1.6 July 4, 2026
wp-blackcheck wp-blackcheck N/A WP-BlackCheck <= 2.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.7.2 July 4, 2026
wp-background-tile wp-background-tile N/A WP Background Tile <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
wp-announcements wp-announcements N/A WP-Announcements <= 1.8 - Reflected Cross-Site Scripting LOW *-1.8 July 4, 2026
wp-amaps wp-amaps N/A wp_amaps <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7 July 4, 2026
wp-additional-logins wp-additional-logins N/A WordPress Additional Logins <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 4, 2026
wordpress-logging-service wordpress-logging-service N/A WordPress Logging Service <= 1.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5.4 July 4, 2026
wordpress-gallery-plugin wordpress-gallery-plugin N/A WordPress Gallery Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4 July 4, 2026
wordpress-data-guards wordpress-data-guards N/A WordPress Data Guard <= 8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-8 July 4, 2026
wordpress-dashboard-twitter wordpress-dashboard-twitter N/A WordPress Dashboard Tweeter <= 1.3.2 - Missing Authorization LOW *-1.3.2 July 4, 2026
wordpress-custom-sidebar wordpress-custom-sidebar N/A WordPress Custom Sidebar <= 2.3 - Authenticated (Contributor+) SQL Injection LOW *-2.3 July 4, 2026
word-freshener word-freshener N/A Word Freshener <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 4, 2026
wooexim wooexim N/A WOOEXIM – WooCommerce Export Import Plugin <= 5.0.0 - Unauthenticated PHP Object Injection LOW *-5.0.0 July 4, 2026
woocommerce-order-searching woocommerce-order-searching N/A WooCommerce Order Search <= 1.1.0 - Reflected Cross-Site Scripting LOW *-1.1.0 July 4, 2026
woo-ups-pickup woo-ups-pickup N/A OPSI Israel Domestic Shipments <= 2.6.8 - Missing Authorization LOW *-2.6.8 July 4, 2026
woo-update-variations-in-cart woo-update-variations-in-cart N/A Woo Update Variations In Cart <= 0.0.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-0.0.9 July 4, 2026
woo-tuner woo-tuner N/A Woo Tuner <= 0.1.2 - Missing Authorization LOW *-0.1.2 July 4, 2026
woo-store-mode woo-store-mode N/A Woo Store Mode <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 4, 2026
wm-options-import-export wm-options-import-export N/A WM Options Import Export <= 1.0.1 - Unauthenticated Information Exposure LOW *-1.0.1 July 4, 2026
winning-portfolio winning-portfolio N/A Winning Portfolio <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 4, 2026
wibstats-statistics-for-wordpress-mu wibstats-statistics-for-wordpress-mu N/A Wibstats <= 0.5.5 - Reflected Cross-Site Scripting LOW *-0.5.5 July 4, 2026
wh-cache-and-security wh-cache-and-security N/A WH Cache & Security <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 July 4, 2026
web-testimonials web-testimonials N/A Web Testimonials <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 4, 2026
web-push web-push N/A Web Push <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.0 July 4, 2026
wcs-qr-code-generator wcs-qr-code-generator N/A WCS QR Code Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
wc-wallet wc-wallet N/A WC Wallet <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion LOW *-2.2.0 July 4, 2026
wah-forms wah-forms N/A WAH Forms <= 1.0 - Missing Authorization LOW *-1.0 July 4, 2026
w3speedster-wp w3speedster-wp N/A W3SPEEDSTER <= 7.33 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-7.33 July 4, 2026
vstemplate-creator vstemplate-creator N/A VSTEMPLATE Creator <= 2.0.2 - Reflected Cross-Site Scripting LOW *-2.0.2 July 4, 2026
visual-slider visual-slider N/A visualslider Sldier <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 1.4 July 4, 2026
visit-site-link-enhanced visit-site-link-enhanced N/A Visit Site Link enhanced <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 4, 2026
vertical-diamond-flipbook-flash vertical-diamond-flipbook-flash N/A Nature FlipBook WordPress Plugin <= 1.7 - Reflected Cross-Site Scripting LOW *-1.7 July 4, 2026
vcos vcos N/A vcOS <= 1.4.0 - Reflected Cross-Site Scripting LOW *-1.4.0 July 4, 2026
vampire-character vampire-character N/A Vampire Character Manager <= 2.13 - Reflected Cross-Site Scripting LOW *-2.13 2.14 July 4, 2026
userbase-access-control userbase-access-control N/A Userbase Access Control <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 4, 2026
user-files user-files N/A user files <= 2.4.2 - Unauthenticated Arbitrary File Upload LOW *-2.4.2 July 4, 2026
updownupdown-postcomment-voting updownupdown-postcomment-voting N/A UpDownUpDown <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 4, 2026
university-quizzes-online university-quizzes-online N/A University quizzes online <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 July 4, 2026
universal-analytics-injector universal-analytics-injector N/A Universal Analytics Injector <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.3 July 4, 2026
unique-ux unique-ux N/A Unique UX <= 0.9.2 - Reflected Cross-Site Scripting LOW *-0.9.2 July 4, 2026
ultimate-subscribe ultimate-subscribe N/A Ultimate Subscribe <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 4, 2026
ultimate-events ultimate-events N/A Ultimate Events <= 1.3.3 - Reflected Cross-Site Scripting LOW *-1.3.3 July 4, 2026
ui-slider-filter-by-price ui-slider-filter-by-price N/A Ui Slider Filter By Price <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 4, 2026
twitterpost twitterpost N/A Twitter Post <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1 July 4, 2026
twitter-shortcode twitter-shortcode N/A Twitter Shortcode <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.9 July 4, 2026
twitter-news-feed twitter-news-feed N/A Twitter News Feed <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 July 4, 2026
LOW

glofox-shortcodes

glofox-shortcodes

Score: 91/100 Glofox Shortcodes <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6 Patched: Updated: July 4, 2026
LOW

rss-icon-widget

rss-icon-widget

Score: N/A RSS Icon Widget <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.2 Patched: Updated: July 4, 2026
LOW

mybookprogress

mybookprogress

Score: 87/100 MyBookProgress by Stormhill Media <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via book Parameter Affected: *-1.0.8 Patched: Updated: July 4, 2026
LOW

quote-post-type-plugin

quote-post-type-plugin

Score: N/A quote-posttype-plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 4, 2026
LOW

moving-users

moving-users

Score: 93/100 Moving Users <= 1.05 - Unauthenticated Sensitive Information Exposure Affected: *-1.05 Patched: 1.10 Updated: July 4, 2026
LOW

youmax-channel-embeds-for-youtube-businesses

youmax-channel-embeds-for-youtube-businesses

Score: N/A Youtube Video Grid | Youmax <= 1.9 - Reflected Cross-Site Scripting Affected: *-1.9 Patched: Updated: July 4, 2026
LOW

ydn-download

ydn-download

Score: N/A Download, Downloads – WordPress Download plugin By Edmon <= 1.4.2 - Reflected Cross-Site Scripting Affected: *-1.4.2 Patched: Updated: July 4, 2026
LOW

ycyclista

ycyclista

Score: N/A yCyclista <= 1.2.3 - Reflected Cross-Site Scripting Affected: *-1.2.3 Patched: Updated: July 4, 2026
LOW

yacp

yacp

Score: N/A Yet Another Countdown <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

xtra-settings

xtra-settings

Score: N/A XTRA Settings <= 2.1.8 - Reflected Cross-Site Scripting Affected: *-2.1.8 Patched: Updated: July 4, 2026
LOW

xlsx-viewer

xlsx-viewer

Score: N/A XLSXviewer <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-2.1.1 Patched: Updated: July 4, 2026
LOW

wplyrics

wplyrics

Score: N/A WP Lyrics <= 0.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.4.1 Patched: Updated: July 4, 2026
LOW

wplingo

wplingo

Score: N/A WPLingo – Forum Plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-1.1.2 Patched: Updated: July 4, 2026
LOW

wpjournal

wpjournal

Score: N/A WP Journal <= 1.1 - Missing Authorization Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

wpfilesearch

wpfilesearch

Score: N/A WordPress File Search <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

wpf-ultimate-carousel

wpf-ultimate-carousel

Score: N/A WpF Ultimate Carousel <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.11 Patched: Updated: July 4, 2026
LOW

wpdevtool

wpdevtool

Score: N/A WpDevTool <= 0.1.1 - Reflected Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: July 4, 2026
LOW

wpdb-to-sql

wpdb-to-sql

Score: N/A WPDB to Sql <= 1.2 - Unauthenticated Sensitive Information Exposure Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

wp2appir

wp2appir

Score: N/A WP2APP <= 2.6.2 - Reflected Cross-Site Scripting Affected: *-2.6.2 Patched: Updated: July 4, 2026
LOW

wp-xintaoke

wp-xintaoke

Score: N/A 新淘客WordPress插件 <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 4, 2026
LOW

wp-ultimate-reviews-free

wp-ultimate-reviews-free

Score: N/A WP Ultimate Reviews FREE <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 4, 2026
LOW

wp-spacecontent

wp-spacecontent

Score: N/A WP SpaceContent <= 0.4.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.4.5 Patched: Updated: July 4, 2026
LOW

wp-social-broadcast

wp-social-broadcast

Score: N/A WP Social Broadcast <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

wp-smart-tool-tip

wp-smart-tool-tip

Score: N/A WP Smart Tooltip <= 1.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

wp-service-payment-form-with-authorizenet

wp-service-payment-form-with-authorizenet

Score: N/A WP Service Payment Form With Authorize.net <= 2.6.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-2.6.0 Patched: Updated: July 4, 2026
LOW

wp-sendgrid-mailer

wp-sendgrid-mailer

Score: N/A SendGrid for WordPress <= 1.4 - Missing Authorization Affected: *-1.4 Patched: Updated: July 4, 2026
LOW

wp-scribd-list

wp-scribd-list

Score: N/A Wp-Scribd-List <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

wp-revive-adserver

wp-revive-adserver

Score: N/A WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: July 4, 2026
LOW

wp-ptviewer

wp-ptviewer

Score: N/A WP PT-Viewer <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: July 4, 2026
LOW

wp-post-category-notifications

wp-post-category-notifications

Score: N/A WP Post Category Notifications <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

wp-player

wp-player

Score: N/A WP-Player <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.1 Patched: Updated: July 4, 2026
LOW

wp-photo-sphere

wp-photo-sphere

Score: N/A WP Photo Sphere <= 3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.8 Patched: Updated: July 4, 2026
LOW

wp-paypal

wp-paypal

Score: N/A Payment Button for PayPal <= 1.2.3.35 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.3.35 Patched: 1.2.3.36 Updated: July 4, 2026
LOW

wp-options-editor

wp-options-editor

Score: N/A WP Options Editor <= 1.1 - Cross-Site Request Forgery to Privilege Escalation Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

wp-opensearch

wp-opensearch

Score: N/A WP OpenSearch <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

wp-notcaptcha

wp-notcaptcha

Score: N/A WP-NOTCAPTCHA <= 1.3.1 - Reflected Cross-Site Scripting Affected: *-1.3.1 Patched: Updated: July 4, 2026
LOW

wp-meetup

wp-meetup

Score: N/A WP Meetup <= 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-2.3.0 Patched: Updated: July 4, 2026
LOW

wp-login-attempt-log

wp-login-attempt-log

Score: N/A WP Login Attempt Log <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 4, 2026
LOW

wp-load-gallery

wp-load-gallery

Score: N/A WP Load Gallery <= 2.1.6 - Authenticated (Author+) Arbitrary File Upload Affected: *-2.1.6 Patched: Updated: July 4, 2026
LOW

wp-krpano

wp-krpano

Score: N/A WP krpano <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 4, 2026
LOW

wp-inventory-manager

wp-inventory-manager

Score: N/A WP Inventory Manager <= 2.3.2 - Reflected Cross-Site Scripting Affected: *-2.3.2 Patched: 2.3.3 Updated: July 4, 2026
LOW

wp-intro-js-tours

wp-intro-js-tours

Score: N/A WP Intro.JS Plugin <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

wp-imap-authentication

wp-imap-authentication

Score: N/A WP IMAP Auth <= 4.0.1 - Reflected Cross-Site Scripting Affected: *-4.0.1 Patched: Updated: July 4, 2026
LOW

wp-hr-manager

wp-hr-manager

Score: N/A WP-HR Manager: The Human Resources Plugin for WordPress <= 3.1.0 - Reflected Cross-Site Scripting Affected: *-3.1.0 Patched: 3.2.0 Updated: July 4, 2026
LOW

wp-front-end-login-and-register

wp-front-end-login-and-register

Score: N/A WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting Affected: *-2.1.0 Patched: Updated: July 4, 2026
LOW

wp-fpo

wp-fpo

Score: N/A WP FPO <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

wp-flickr-press

wp-flickr-press

Score: N/A wp-flickr-press <= 2.6.4 - Reflected Cross-Site Scripting Affected: *-2.6.4 Patched: Updated: July 4, 2026
LOW

wp-fixtag

wp-fixtag

Score: N/A WP FixTag <= v2.0.2 - Reflected Cross-Site Scripting Affected: * - v2.0.2 Patched: Updated: July 4, 2026
LOW

wp-download-codes

wp-download-codes

Score: N/A WP Download Codes <= 2.5.4 - Reflected Cross-Site Scripting Affected: *-2.5.4 Patched: Updated: July 4, 2026
LOW

wp-custom-google-search

wp-custom-google-search

Score: N/A WP Custom Google Search <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

wp-cookies-alert

wp-cookies-alert

Score: N/A WP Cookies Alert <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 4, 2026
LOW

wp-contest

wp-contest

Score: N/A WP Contest <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

wp-clap

wp-clap

Score: N/A WP-Clap <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 4, 2026
LOW

wp-block-pack

wp-block-pack

Score: N/A Block Collection for You – WP Block Pack <= 1.1.6 - Reflected Cross-Site Scripting Affected: *-1.1.6 Patched: Updated: July 4, 2026
LOW

wp-blackcheck

wp-blackcheck

Score: N/A WP-BlackCheck <= 2.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.7.2 Patched: Updated: July 4, 2026
LOW

wp-background-tile

wp-background-tile

Score: N/A WP Background Tile <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

wp-announcements

wp-announcements

Score: N/A WP-Announcements <= 1.8 - Reflected Cross-Site Scripting Affected: *-1.8 Patched: Updated: July 4, 2026
LOW

wp-amaps

wp-amaps

Score: N/A wp_amaps <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 4, 2026
LOW

wp-additional-logins

wp-additional-logins

Score: N/A WordPress Additional Logins <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 4, 2026
LOW

wordpress-logging-service

wordpress-logging-service

Score: N/A WordPress Logging Service <= 1.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5.4 Patched: Updated: July 4, 2026
LOW

wordpress-gallery-plugin

wordpress-gallery-plugin

Score: N/A WordPress Gallery Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 4, 2026
LOW

wordpress-data-guards

wordpress-data-guards

Score: N/A WordPress Data Guard <= 8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-8 Patched: Updated: July 4, 2026
LOW

wordpress-dashboard-twitter

wordpress-dashboard-twitter

Score: N/A WordPress Dashboard Tweeter <= 1.3.2 - Missing Authorization Affected: *-1.3.2 Patched: Updated: July 4, 2026
LOW

wordpress-custom-sidebar

wordpress-custom-sidebar

Score: N/A WordPress Custom Sidebar <= 2.3 - Authenticated (Contributor+) SQL Injection Affected: *-2.3 Patched: Updated: July 4, 2026
LOW

word-freshener

word-freshener

Score: N/A Word Freshener <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 4, 2026
LOW

wooexim

wooexim

Score: N/A WOOEXIM – WooCommerce Export Import Plugin <= 5.0.0 - Unauthenticated PHP Object Injection Affected: *-5.0.0 Patched: Updated: July 4, 2026
LOW

woocommerce-order-searching

woocommerce-order-searching

Score: N/A WooCommerce Order Search <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 4, 2026
LOW

woo-ups-pickup

woo-ups-pickup

Score: N/A OPSI Israel Domestic Shipments <= 2.6.8 - Missing Authorization Affected: *-2.6.8 Patched: Updated: July 4, 2026
LOW

woo-update-variations-in-cart

woo-update-variations-in-cart

Score: N/A Woo Update Variations In Cart <= 0.0.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-0.0.9 Patched: Updated: July 4, 2026
LOW

woo-tuner

woo-tuner

Score: N/A Woo Tuner <= 0.1.2 - Missing Authorization Affected: *-0.1.2 Patched: Updated: July 4, 2026
LOW

woo-store-mode

woo-store-mode

Score: N/A Woo Store Mode <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

wm-options-import-export

wm-options-import-export

Score: N/A WM Options Import Export <= 1.0.1 - Unauthenticated Information Exposure Affected: *-1.0.1 Patched: Updated: July 4, 2026
LOW

winning-portfolio

winning-portfolio

Score: N/A Winning Portfolio <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

wibstats-statistics-for-wordpress-mu

wibstats-statistics-for-wordpress-mu

Score: N/A Wibstats <= 0.5.5 - Reflected Cross-Site Scripting Affected: *-0.5.5 Patched: Updated: July 4, 2026
LOW

wh-cache-and-security

wh-cache-and-security

Score: N/A WH Cache & Security <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 4, 2026
LOW

web-testimonials

web-testimonials

Score: N/A Web Testimonials <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 4, 2026
LOW

web-push

web-push

Score: N/A Web Push <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.0 Patched: Updated: July 4, 2026
LOW

wcs-qr-code-generator

wcs-qr-code-generator

Score: N/A WCS QR Code Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

wc-wallet

wc-wallet

Score: N/A WC Wallet <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-2.2.0 Patched: Updated: July 4, 2026
LOW

wah-forms

wah-forms

Score: N/A WAH Forms <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

w3speedster-wp

w3speedster-wp

Score: N/A W3SPEEDSTER <= 7.33 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-7.33 Patched: Updated: July 4, 2026
LOW

vstemplate-creator

vstemplate-creator

Score: N/A VSTEMPLATE Creator <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: July 4, 2026
LOW

visual-slider

visual-slider

Score: N/A visualslider Sldier <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: 1.4 Updated: July 4, 2026
LOW

visit-site-link-enhanced

visit-site-link-enhanced

Score: N/A Visit Site Link enhanced <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

vertical-diamond-flipbook-flash

vertical-diamond-flipbook-flash

Score: N/A Nature FlipBook WordPress Plugin <= 1.7 - Reflected Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 4, 2026
LOW

vcos

vcos

Score: N/A vcOS <= 1.4.0 - Reflected Cross-Site Scripting Affected: *-1.4.0 Patched: Updated: July 4, 2026
LOW

vampire-character

vampire-character

Score: N/A Vampire Character Manager <= 2.13 - Reflected Cross-Site Scripting Affected: *-2.13 Patched: 2.14 Updated: July 4, 2026
LOW

userbase-access-control

userbase-access-control

Score: N/A Userbase Access Control <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 4, 2026
LOW

user-files

user-files

Score: N/A user files <= 2.4.2 - Unauthenticated Arbitrary File Upload Affected: *-2.4.2 Patched: Updated: July 4, 2026
LOW

updownupdown-postcomment-voting

updownupdown-postcomment-voting

Score: N/A UpDownUpDown <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

university-quizzes-online

university-quizzes-online

Score: N/A University quizzes online <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 4, 2026
LOW

universal-analytics-injector

universal-analytics-injector

Score: N/A Universal Analytics Injector <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 4, 2026
LOW

unique-ux

unique-ux

Score: N/A Unique UX <= 0.9.2 - Reflected Cross-Site Scripting Affected: *-0.9.2 Patched: Updated: July 4, 2026
LOW

ultimate-subscribe

ultimate-subscribe

Score: N/A Ultimate Subscribe <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 4, 2026
LOW

ultimate-events

ultimate-events

Score: N/A Ultimate Events <= 1.3.3 - Reflected Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 4, 2026
LOW

ui-slider-filter-by-price

ui-slider-filter-by-price

Score: N/A Ui Slider Filter By Price <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 4, 2026
LOW

twitterpost

twitterpost

Score: N/A Twitter Post <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 4, 2026
LOW

twitter-shortcode

twitter-shortcode

Score: N/A Twitter Shortcode <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.9 Patched: Updated: July 4, 2026
LOW

twitter-news-feed

twitter-news-feed

Score: N/A Twitter News Feed <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 4, 2026

Showing 12901 to 13000 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 4, 2026 at 23:34 UTC.