Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

99

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
tube-video-curator tube-video-curator N/A .TUBE Video Curator <= 1.1.9 - Reflected Cross-Site Scripting LOW *-1.1.9 July 5, 2026
translation-pro translation-pro N/A Translation.Pro <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
top-flash-embed top-flash-embed N/A Top Flash Embed <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.3.4 July 5, 2026
tinymce-extended-config tinymce-extended-config N/A TinyMCE Extended Config <= 0.1.0 - Reflected Cross-Site Scripting LOW *-0.1.0 July 5, 2026
tidyro tidyro N/A Tidy.ro <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 5, 2026
theme-my-ontraport-smartform theme-my-ontraport-smartform N/A Theme My Ontraport Smartform <= 1.2.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.11 July 5, 2026
the-loops the-loops N/A The Loops <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 5, 2026
texteller texteller N/A Texteller <= 1.3.0 - Reflected Cross-Site Scripting LOW *-1.3.0 July 5, 2026
team-118group-agent team-118group-agent N/A Team 118GROUP Agent <= 1.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion LOW *-1.6.0 July 5, 2026
tax-report-for-woocommerce tax-report-for-woocommerce N/A Tax Report for WooCommerce <= 2.2 - Reflected Cross-Site Scripting LOW *-2.2 July 5, 2026
taobaoke taobaoke N/A WordPress 淘宝客插件 <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 July 5, 2026
tagesteller tagesteller N/A Tagesteller / Mittagsmenü <= 1.1 - Reflected Cross-Site Scripting LOW * - v.1.1 July 5, 2026
tab-my-content tab-my-content N/A Tab My Content <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
surly surly N/A Sur.ly <= 3.0.3 - Missing Authorization LOW *-3.0.3 July 5, 2026
style-admin style-admin N/A Style Admin <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.3 July 5, 2026
strx-magic-floating-sidebar-maker strx-magic-floating-sidebar-maker N/A Strx Magic Floating Sidebar Maker <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.1 July 5, 2026
stray-quotes stray-quotes N/A Stray Random Quotes <= 1.9.9 - Reflected Cross-Site Scripting LOW *-1.9.9 July 5, 2026
store-locator store-locator N/A Store Locator for WordPress with Google Maps – LotsOfLocales <= 3.98.10 - Unauthenticated Local File Inclusion LOW *-3.98.10 July 5, 2026
Stop Comment Spam stop-comment-spam N/A Stop Comment Spam <= 0.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.5.3 0.5.4 July 5, 2026
sticky-chat-button sticky-chat-button N/A Sticky Button – Click to Chat <= 1.0 - Unauthenticated Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
statpresscn statpresscn N/A StatPressCN <= 1.9.1 - Reflected Cross-Site Scripting LOW *-1.9.1 July 5, 2026
stars-smtp-mailer stars-smtp-mailer N/A Stars SMTP Mailer <= 1.7 - Reflected Cross-Site Scripting LOW *-1.7 2.1.6 July 5, 2026
staging-cdn staging-cdn N/A Staging CDN <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
sr-partner sr-partner N/A SEOReseller Partner <= 1.3.15 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3.15 July 5, 2026
spiderpowa-embed-pdf spiderpowa-embed-pdf N/A Spiderpowa Embed PDF <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
spiderdisplay spiderdisplay N/A SpiderDisplay <= 1.9.1 - Reflected Cross-Site Scripting LOW *-1.9.1 July 5, 2026
solidres solidres N/A Solidres – Hotel booking plugin <= 0.9.4 - Authenticated (Contributor+) SQL Injection LOW *-0.9.4 July 5, 2026
social2blog social2blog N/A Social2Blog <= 0.2.990 - Reflected Cross-Site Scripting LOW *-0.2.990 July 5, 2026
social-analytics social-analytics N/A Social Analytics <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.2 July 5, 2026
snippy snippy N/A Snippy <= 1.4.1 - Reflected Cross-Site Scripting LOW *-1.4.1 July 5, 2026
snipe-nginx-cache snipe-nginx-cache N/A Cache Sniper for Nginx <= 1.0.4.2 - Missing Authorization LOW *-1.0.4.2 July 5, 2026
smooth-dynamic-slider smooth-dynamic-slider N/A Smooth Dynamic Slider <= 1.0 - Reflected Cross-Site Scriptign LOW *-1.0 July 5, 2026
smallerik-file-browser smallerik-file-browser N/A Smallerik File Browser <= 1.1 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.1 July 5, 2026
slider-for-writers slider-for-writers N/A Slider for Writers <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 5, 2026
slide slide N/A Slides & Presentations <= 0.0.39 - Missing Authorization to Content Injection LOW *-0.0.39 July 5, 2026
site-launcher site-launcher N/A Site Launcher <= 0.9.4 - Reflected Cross-Site Scripting LOW *-0.9.4 July 5, 2026
simple-vertical-timeline simple-vertical-timeline N/A Simple Vertical Timeline <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1 July 5, 2026
simple-shortcode-buttons simple-shortcode-buttons N/A Simple shortcode buttons <= 1.3.2 - Reflected Cross-Site Scripting LOW *-1.3.2 July 5, 2026
simple-project-managment simple-project-managment N/A Simple Project Manager <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.2 July 5, 2026
simple-content-construction-kit simple-content-construction-kit N/A Simple Custom post type custom field <= 1.0.3 - Reflected Cross-Site Scripting LOW *-1.0.3 July 5, 2026
sidebar-content-from-shortcode sidebar-content-from-shortcode N/A Sidebar-Content from Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 July 5, 2026
shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com N/A Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com <= 3.3 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-3.3 July 5, 2026
shortcode-in-comment shortcode-in-comment N/A Shortcode in Comment <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.1 July 5, 2026
shopp-arrange shopp-arrange N/A CGD Arrange Terms <= 1.1.3 - Reflected Cross-Site Scripting LOW *-1.1.3 July 5, 2026
shockingly-big-ie6-warning shockingly-big-ie6-warning N/A Shockingly Big IE6 Warning <= 1.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6.3 July 5, 2026
shipdeo-woo shipdeo-woo N/A Shipdeo <= 1.2.8 - Reflected Cross-Site Scripting LOW *-1.2.8 July 5, 2026
shabbos-and-yom-tov shabbos-and-yom-tov N/A Shabbos and Yom Tov <= 1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.9 July 5, 2026
sexbundle sexbundle N/A SexBundle <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 July 5, 2026
seo-meta seo-meta N/A SOCIAL.NINJA <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.2 July 5, 2026
sensitive-chinese-words-scanner sensitive-chinese-words-scanner N/A The Great Firewords of China <= 1.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
send-to-twitter send-to-twitter N/A Send to Twitter <= 1.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7.2 July 5, 2026
send-booking-invites-to-friends send-booking-invites-to-friends N/A Send to a Friend Addon <= 1.4.1 - Reflected Cross-Site Scripting LOW *-1.4.1 July 5, 2026
sell-with-razorpay sell-with-razorpay N/A Sale with Razorpay <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
seguro-viagem seguro-viagem N/A Real Seguro Viagem <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.5 3.0.0 July 5, 2026
secure-captcha secure-captcha N/A Secure CAPTCHA <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
scroll-top-advanced scroll-top-advanced N/A Scroll Top Advanced <= 2.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.5 July 5, 2026
scroll-to-top-builder scroll-to-top-builder N/A Scroll Top – WordPress Scroll to Top <= 1.3.3 - Reflected Cross-Site Scripting LOW *-1.3.3 July 5, 2026
sc-simple-zazzle sc-simple-zazzle N/A SC Simple Zazzle <= 1.1.6 - Reflected Cross-Site Scripting LOW *-1.1.6 2.0.0 July 5, 2026
save-import-image-from-url save-import-image-from-url N/A Save & Import Image from URL <= 0.7 - Reflected Cross-Site Scripting LOW *-0.7 July 5, 2026
sandbox sandbox N/A Sandbox <= 0.4 - Reflected Cross-Site Scripting LOW *-0.4 July 5, 2026
salvador-ai-image-generator salvador-ai-image-generator N/A Salvador – AI Image Generator <= 1.0.11 - Missing Authorization LOW *-1.0.11 July 5, 2026
salesforce-wordpress-to-candidate salesforce-wordpress-to-candidate N/A WordPress-to-candidate for Salesforce CRM <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 5, 2026
rsvpmaker-volunteer-roles rsvpmaker-volunteer-roles N/A RSVPMaker Volunteer Roles <= 1.5.1 - Reflected Cross-Site Scripting LOW *-1.5.1 July 5, 2026
rsvp-me rsvp-me N/A RSVP ME <= 1.9.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.9.9 July 5, 2026
rsv-google-maps rsv-google-maps N/A RSV GMaps <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5 July 5, 2026
rss-news-scroller rss-news-scroller N/A RSS News Scroller <= 2.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.0 July 5, 2026
rs-survey rs-survey N/A RS Survey <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
root-cookie root-cookie N/A root Cookie <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6 July 5, 2026
romancart-on-wordpress romancart-on-wordpress N/A RomanCart On WordPress <= 0.0.2 - Reflected Cross-Site Scripting LOW *-0.0.2 July 5, 2026
rollover-tab rollover-tab N/A Rollover Tab <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.2 July 5, 2026
rng-refresh rng-refresh N/A rng-refresh <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
rio-photo-gallery rio-photo-gallery N/A Rio Photo Gallery <= 0.1 - Reflected Cross-Site Scripting LOW *-0.1 July 5, 2026
responsivity responsivity N/A Responsivity <= 0.0.6 - Reflected Cross-Site Scripting LOW *-0.0.6 July 5, 2026
resads resads N/A ResAds <= 2.0.5 - Authenticated (Administrator+) SQL Injection LOW *-2.0.5 July 5, 2026
report-broken-links report-broken-links N/A Links/Problem Reporter <= 2.6.0 - Reflected Cross-Site Scripting LOW *-2.6.0 July 5, 2026
report-broken-links report-broken-links N/A Links/Problem Reporter <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.0 July 5, 2026
rename-author-slug rename-author-slug N/A Rename Author Slug <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.0 July 5, 2026
reloaded-rezdy reloaded-rezdy N/A Rezdy Reloaded <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting LOW *-1.0.1 July 5, 2026
registered-user-sync-activecampaign registered-user-sync-activecampaign N/A User Sync ActiveCampaign <= 1.3.2 - Missing Authorization LOW *-1.3.2 July 5, 2026
redux-converter redux-converter N/A Redux Converter <= 1.1.3.1 - Reflected Cross-Site Scripting LOW *-1.1.3.1 July 5, 2026
redirection-plus redirection-plus N/A REDIRECTION PLUS <= 2.0.0 - Reflected Cross-Site Scripting LOW *-2.0.0 July 5, 2026
reciply reciply N/A Recip.ly Plugin <= 1.1.8 - Reflected Cross-Site Scripting LOW *-1.1.8 July 5, 2026
rebrand-fluent-forms rebrand-fluent-forms N/A Rebrand Fluent Forms <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
realty-workstation realty-workstation N/A Realty Workstation <= 1.0.45 - Missing Authorization LOW *-1.0.45 July 5, 2026
readme-creator readme-creator N/A ReadMe Creator <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
random-posts-mp3-player-sharebutton random-posts-mp3-player-sharebutton N/A Random Posts, Mp3 Player + ShareButton <= 1.4.1 - Reflected Cross-Site Scripting LOW *-1.4.1 July 5, 2026
radslide radslide N/A radSLIDE <= 2.1 - Missing Authorization LOW *-2.1 July 5, 2026
quotemedia-tools quotemedia-tools N/A QuoteMedia Tools <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
quote-me quote-me N/A Quote me <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
quick-count quick-count N/A Quick Count <= 3.00 - Unauthenticated PHP Object Injection LOW *-3.00 July 5, 2026
qrcode-wprhe qrcode-wprhe N/A QR Code Generator <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.6 July 5, 2026
qmean qmean N/A QMean – WordPress Did You Mean and Search Suggestion Like Google <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 5, 2026
push-notification-for-post-and-buddypress push-notification-for-post-and-buddypress N/A Push Notification for Post and BuddyPress <= 2.11 - Missing Authorization to Unauthenticated Settings Update LOW *-2.11 2.12 July 5, 2026
push-envoy push-envoy N/A Push Envoy Notifications <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
ps-ads-pro ps-ads-pro N/A Ps Ads Pro <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
progress-tracker progress-tracker N/A Progress Tracker <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.9.3 July 5, 2026
preloader-quotes preloader-quotes N/A Preloader Quotes <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
predict-when predict-when N/A Predict When <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 5, 2026
post-page-notes post-page-notes N/A Post & Page Notes <= 0.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1.1 July 5, 2026
post-meta post-meta N/A Post Meta <= 1.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.9 1.1.0 July 5, 2026
LOW

tube-video-curator

tube-video-curator

Score: N/A .TUBE Video Curator <= 1.1.9 - Reflected Cross-Site Scripting Affected: *-1.1.9 Patched: Updated: July 5, 2026
LOW

translation-pro

translation-pro

Score: N/A Translation.Pro <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

top-flash-embed

top-flash-embed

Score: N/A Top Flash Embed <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.3.4 Patched: Updated: July 5, 2026
LOW

tinymce-extended-config

tinymce-extended-config

Score: N/A TinyMCE Extended Config <= 0.1.0 - Reflected Cross-Site Scripting Affected: *-0.1.0 Patched: Updated: July 5, 2026
LOW

tidyro

tidyro

Score: N/A Tidy.ro <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

theme-my-ontraport-smartform

theme-my-ontraport-smartform

Score: N/A Theme My Ontraport Smartform <= 1.2.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.11 Patched: Updated: July 5, 2026
LOW

the-loops

the-loops

Score: N/A The Loops <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

texteller

texteller

Score: N/A Texteller <= 1.3.0 - Reflected Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: July 5, 2026
LOW

team-118group-agent

team-118group-agent

Score: N/A Team 118GROUP Agent <= 1.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion Affected: *-1.6.0 Patched: Updated: July 5, 2026
LOW

tax-report-for-woocommerce

tax-report-for-woocommerce

Score: N/A Tax Report for WooCommerce <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 5, 2026
LOW

taobaoke

taobaoke

Score: N/A WordPress 淘宝客插件 <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 5, 2026
LOW

tagesteller

tagesteller

Score: N/A Tagesteller / Mittagsmenü <= 1.1 - Reflected Cross-Site Scripting Affected: * - v.1.1 Patched: Updated: July 5, 2026
LOW

tab-my-content

tab-my-content

Score: N/A Tab My Content <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

surly

surly

Score: N/A Sur.ly <= 3.0.3 - Missing Authorization Affected: *-3.0.3 Patched: Updated: July 5, 2026
LOW

style-admin

style-admin

Score: N/A Style Admin <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.3 Patched: Updated: July 5, 2026
LOW

strx-magic-floating-sidebar-maker

strx-magic-floating-sidebar-maker

Score: N/A Strx Magic Floating Sidebar Maker <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 5, 2026
LOW

stray-quotes

stray-quotes

Score: N/A Stray Random Quotes <= 1.9.9 - Reflected Cross-Site Scripting Affected: *-1.9.9 Patched: Updated: July 5, 2026
LOW

store-locator

store-locator

Score: N/A Store Locator for WordPress with Google Maps – LotsOfLocales <= 3.98.10 - Unauthenticated Local File Inclusion Affected: *-3.98.10 Patched: Updated: July 5, 2026
LOW

Stop Comment Spam

stop-comment-spam

Score: N/A Stop Comment Spam <= 0.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.5.3 Patched: 0.5.4 Updated: July 5, 2026
LOW

sticky-chat-button

sticky-chat-button

Score: N/A Sticky Button – Click to Chat <= 1.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

statpresscn

statpresscn

Score: N/A StatPressCN <= 1.9.1 - Reflected Cross-Site Scripting Affected: *-1.9.1 Patched: Updated: July 5, 2026
LOW

stars-smtp-mailer

stars-smtp-mailer

Score: N/A Stars SMTP Mailer <= 1.7 - Reflected Cross-Site Scripting Affected: *-1.7 Patched: 2.1.6 Updated: July 5, 2026
LOW

staging-cdn

staging-cdn

Score: N/A Staging CDN <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

sr-partner

sr-partner

Score: N/A SEOReseller Partner <= 1.3.15 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3.15 Patched: Updated: July 5, 2026
LOW

spiderpowa-embed-pdf

spiderpowa-embed-pdf

Score: N/A Spiderpowa Embed PDF <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

spiderdisplay

spiderdisplay

Score: N/A SpiderDisplay <= 1.9.1 - Reflected Cross-Site Scripting Affected: *-1.9.1 Patched: Updated: July 5, 2026
LOW

solidres

solidres

Score: N/A Solidres – Hotel booking plugin <= 0.9.4 - Authenticated (Contributor+) SQL Injection Affected: *-0.9.4 Patched: Updated: July 5, 2026
LOW

social2blog

social2blog

Score: N/A Social2Blog <= 0.2.990 - Reflected Cross-Site Scripting Affected: *-0.2.990 Patched: Updated: July 5, 2026
LOW

social-analytics

social-analytics

Score: N/A Social Analytics <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.2 Patched: Updated: July 5, 2026
LOW

snippy

snippy

Score: N/A Snippy <= 1.4.1 - Reflected Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 5, 2026
LOW

snipe-nginx-cache

snipe-nginx-cache

Score: N/A Cache Sniper for Nginx <= 1.0.4.2 - Missing Authorization Affected: *-1.0.4.2 Patched: Updated: July 5, 2026
LOW

smooth-dynamic-slider

smooth-dynamic-slider

Score: N/A Smooth Dynamic Slider <= 1.0 - Reflected Cross-Site Scriptign Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

smallerik-file-browser

smallerik-file-browser

Score: N/A Smallerik File Browser <= 1.1 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

slider-for-writers

slider-for-writers

Score: N/A Slider for Writers <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

slide

slide

Score: N/A Slides & Presentations <= 0.0.39 - Missing Authorization to Content Injection Affected: *-0.0.39 Patched: Updated: July 5, 2026
LOW

site-launcher

site-launcher

Score: N/A Site Launcher <= 0.9.4 - Reflected Cross-Site Scripting Affected: *-0.9.4 Patched: Updated: July 5, 2026
LOW

simple-vertical-timeline

simple-vertical-timeline

Score: N/A Simple Vertical Timeline <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 5, 2026
LOW

simple-shortcode-buttons

simple-shortcode-buttons

Score: N/A Simple shortcode buttons <= 1.3.2 - Reflected Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: July 5, 2026
LOW

simple-project-managment

simple-project-managment

Score: N/A Simple Project Manager <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 5, 2026
LOW

simple-content-construction-kit

simple-content-construction-kit

Score: N/A Simple Custom post type custom field <= 1.0.3 - Reflected Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 5, 2026
LOW

sidebar-content-from-shortcode

sidebar-content-from-shortcode

Score: N/A Sidebar-Content from Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

shortcode-in-comment

shortcode-in-comment

Score: N/A Shortcode in Comment <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

shopp-arrange

shopp-arrange

Score: N/A CGD Arrange Terms <= 1.1.3 - Reflected Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: July 5, 2026
LOW

shockingly-big-ie6-warning

shockingly-big-ie6-warning

Score: N/A Shockingly Big IE6 Warning <= 1.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6.3 Patched: Updated: July 5, 2026
LOW

shipdeo-woo

shipdeo-woo

Score: N/A Shipdeo <= 1.2.8 - Reflected Cross-Site Scripting Affected: *-1.2.8 Patched: Updated: July 5, 2026
LOW

shabbos-and-yom-tov

shabbos-and-yom-tov

Score: N/A Shabbos and Yom Tov <= 1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.9 Patched: Updated: July 5, 2026
LOW

sexbundle

sexbundle

Score: N/A SexBundle <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

seo-meta

seo-meta

Score: N/A SOCIAL.NINJA <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2 Patched: Updated: July 5, 2026
LOW

sensitive-chinese-words-scanner

sensitive-chinese-words-scanner

Score: N/A The Great Firewords of China <= 1.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

send-to-twitter

send-to-twitter

Score: N/A Send to Twitter <= 1.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7.2 Patched: Updated: July 5, 2026
LOW

send-booking-invites-to-friends

send-booking-invites-to-friends

Score: N/A Send to a Friend Addon <= 1.4.1 - Reflected Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 5, 2026
LOW

sell-with-razorpay

sell-with-razorpay

Score: N/A Sale with Razorpay <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

seguro-viagem

seguro-viagem

Score: N/A Real Seguro Viagem <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.5 Patched: 3.0.0 Updated: July 5, 2026
LOW

secure-captcha

secure-captcha

Score: N/A Secure CAPTCHA <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

scroll-top-advanced

scroll-top-advanced

Score: N/A Scroll Top Advanced <= 2.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.5 Patched: Updated: July 5, 2026
LOW

scroll-to-top-builder

scroll-to-top-builder

Score: N/A Scroll Top – WordPress Scroll to Top <= 1.3.3 - Reflected Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 5, 2026
LOW

sc-simple-zazzle

sc-simple-zazzle

Score: N/A SC Simple Zazzle <= 1.1.6 - Reflected Cross-Site Scripting Affected: *-1.1.6 Patched: 2.0.0 Updated: July 5, 2026
LOW

save-import-image-from-url

save-import-image-from-url

Score: N/A Save & Import Image from URL <= 0.7 - Reflected Cross-Site Scripting Affected: *-0.7 Patched: Updated: July 5, 2026
LOW

sandbox

sandbox

Score: N/A Sandbox <= 0.4 - Reflected Cross-Site Scripting Affected: *-0.4 Patched: Updated: July 5, 2026
LOW

salvador-ai-image-generator

salvador-ai-image-generator

Score: N/A Salvador – AI Image Generator <= 1.0.11 - Missing Authorization Affected: *-1.0.11 Patched: Updated: July 5, 2026
LOW

salesforce-wordpress-to-candidate

salesforce-wordpress-to-candidate

Score: N/A WordPress-to-candidate for Salesforce CRM <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

rsvpmaker-volunteer-roles

rsvpmaker-volunteer-roles

Score: N/A RSVPMaker Volunteer Roles <= 1.5.1 - Reflected Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 5, 2026
LOW

rsvp-me

rsvp-me

Score: N/A RSVP ME <= 1.9.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.9.9 Patched: Updated: July 5, 2026
LOW

rsv-google-maps

rsv-google-maps

Score: N/A RSV GMaps <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 5, 2026
LOW

rss-news-scroller

rss-news-scroller

Score: N/A RSS News Scroller <= 2.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 5, 2026
LOW

rs-survey

rs-survey

Score: N/A RS Survey <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

root-cookie

root-cookie

Score: N/A root Cookie <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 5, 2026
LOW

romancart-on-wordpress

romancart-on-wordpress

Score: N/A RomanCart On WordPress <= 0.0.2 - Reflected Cross-Site Scripting Affected: *-0.0.2 Patched: Updated: July 5, 2026
LOW

rollover-tab

rollover-tab

Score: N/A Rollover Tab <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: Updated: July 5, 2026
LOW

rng-refresh

rng-refresh

Score: N/A rng-refresh <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

rio-photo-gallery

rio-photo-gallery

Score: N/A Rio Photo Gallery <= 0.1 - Reflected Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 5, 2026
LOW

responsivity

responsivity

Score: N/A Responsivity <= 0.0.6 - Reflected Cross-Site Scripting Affected: *-0.0.6 Patched: Updated: July 5, 2026
LOW

resads

resads

Score: N/A ResAds <= 2.0.5 - Authenticated (Administrator+) SQL Injection Affected: *-2.0.5 Patched: Updated: July 5, 2026
LOW

report-broken-links

report-broken-links

Score: N/A Links/Problem Reporter <= 2.6.0 - Reflected Cross-Site Scripting Affected: *-2.6.0 Patched: Updated: July 5, 2026
LOW

report-broken-links

report-broken-links

Score: N/A Links/Problem Reporter <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.0 Patched: Updated: July 5, 2026
LOW

rename-author-slug

rename-author-slug

Score: N/A Rename Author Slug <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 5, 2026
LOW

reloaded-rezdy

reloaded-rezdy

Score: N/A Rezdy Reloaded <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

registered-user-sync-activecampaign

registered-user-sync-activecampaign

Score: N/A User Sync ActiveCampaign <= 1.3.2 - Missing Authorization Affected: *-1.3.2 Patched: Updated: July 5, 2026
LOW

redux-converter

redux-converter

Score: N/A Redux Converter <= 1.1.3.1 - Reflected Cross-Site Scripting Affected: *-1.1.3.1 Patched: Updated: July 5, 2026
LOW

redirection-plus

redirection-plus

Score: N/A REDIRECTION PLUS <= 2.0.0 - Reflected Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 5, 2026
LOW

reciply

reciply

Score: N/A Recip.ly Plugin <= 1.1.8 - Reflected Cross-Site Scripting Affected: *-1.1.8 Patched: Updated: July 5, 2026
LOW

rebrand-fluent-forms

rebrand-fluent-forms

Score: N/A Rebrand Fluent Forms <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

realty-workstation

realty-workstation

Score: N/A Realty Workstation <= 1.0.45 - Missing Authorization Affected: *-1.0.45 Patched: Updated: July 5, 2026
LOW

readme-creator

readme-creator

Score: N/A ReadMe Creator <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

random-posts-mp3-player-sharebutton

random-posts-mp3-player-sharebutton

Score: N/A Random Posts, Mp3 Player + ShareButton <= 1.4.1 - Reflected Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 5, 2026
LOW

radslide

radslide

Score: N/A radSLIDE <= 2.1 - Missing Authorization Affected: *-2.1 Patched: Updated: July 5, 2026
LOW

quotemedia-tools

quotemedia-tools

Score: N/A QuoteMedia Tools <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

quote-me

quote-me

Score: N/A Quote me <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

quick-count

quick-count

Score: N/A Quick Count <= 3.00 - Unauthenticated PHP Object Injection Affected: *-3.00 Patched: Updated: July 5, 2026
LOW

qrcode-wprhe

qrcode-wprhe

Score: N/A QR Code Generator <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.6 Patched: Updated: July 5, 2026
LOW

qmean

qmean

Score: N/A QMean – WordPress Did You Mean and Search Suggestion Like Google <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

push-notification-for-post-and-buddypress

push-notification-for-post-and-buddypress

Score: N/A Push Notification for Post and BuddyPress <= 2.11 - Missing Authorization to Unauthenticated Settings Update Affected: *-2.11 Patched: 2.12 Updated: July 5, 2026
LOW

push-envoy

push-envoy

Score: N/A Push Envoy Notifications <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

ps-ads-pro

ps-ads-pro

Score: N/A Ps Ads Pro <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

progress-tracker

progress-tracker

Score: N/A Progress Tracker <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.9.3 Patched: Updated: July 5, 2026
LOW

preloader-quotes

preloader-quotes

Score: N/A Preloader Quotes <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

predict-when

predict-when

Score: N/A Predict When <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

post-page-notes

post-page-notes

Score: N/A Post & Page Notes <= 0.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: July 5, 2026
LOW

post-meta

post-meta

Score: N/A Post Meta <= 1.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.1.0 Updated: July 5, 2026

Showing 13001 to 13100 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 00:38 UTC.