Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

99

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
popliup popliup
91
Popliup – WordPress Popup Plugin <= 1.1.1 - Authenticated (Subscriber+) Local File Inclusion LOW *-1.1.1 July 5, 2026
pootle-button pootle-button
91
Pootle button <= 1.2.0 - Reflected Cross-Site Scripting LOW *-1.2.0 July 5, 2026
podclankova-inzerce podclankova-inzerce
91
Podčlánková inzerce <= 2.4.0 - Reflected Cross-Site Scripting LOW *-2.4.0 July 5, 2026
podamibe-twilio-private-call podamibe-twilio-private-call
91
Podamibe Twilio Private Call <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 5, 2026
plinks plinks
91
Powie's pLinks PagePeeker <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
plestar-directory-listing plestar-directory-listing
91
Plestar Directory Listing <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
pit-login-welcome pit-login-welcome
91
Pit Login Welcome <= 1.1.5 - Reflected Cross-Site Scripting LOW *-1.1.5 July 5, 2026
pin-locations-on-map pin-locations-on-map
91
Pin Locations on Map <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
photo-video-store photo-video-store
89
Photo Video Store <= 21.07 - Reflected Cross-Site Scripting LOW *-21.07 July 5, 2026
pdfjs-shortcode pdfjs-shortcode
91
PDF.js Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
paypal-promotions-and-insights paypal-promotions-and-insights
91
PayPal Marketing Solutions <= 1.2 - Missing Authorization LOW *-1.2 July 5, 2026
payform payform
91
PayForm <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0 July 5, 2026
pastebin-embed pastebin-embed
91
Pastebin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5 July 5, 2026
passwordless-wp passwordless-wp
91
Passwordless WP – Login with your glance or fingerprint <= 1.1.6 - Reflected Cross-Site Scripting LOW *-1.1.6 July 5, 2026
password-protect-plugin-for-wordpress password-protect-plugin-for-wordpress
91
Password Protect Plugin for WordPress <= 0.8.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.8.1.0 July 5, 2026
papercite papercite
91
PAPERCITE <= 0.5.18 - Missing Authorization LOW *-0.5.18 July 5, 2026
page-health-o-meter page-health-o-meter
91
Page Health-O-Meter <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 5, 2026
pafacile pafacile
91
PAFacile <= 2.6.1 - Reflected Cross-Site Scripting LOW *-2.6.1 July 5, 2026
orangebox orangebox
91
OrangeBox <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.0.0 July 5, 2026
online-appointment-scheduling-software online-appointment-scheduling-software
91
Swift Calendar Online Appointment Scheduling <= 1.3.3 - Reflected Cross-Site Scripting LOW *-1.3.3 July 5, 2026
one-backend-language one-backend-language
91
One Backend Language <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
nv-slider nv-slider
89
NV Slider <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6 July 5, 2026
notifikacie-sk notifikacie-sk
91
Notifikácie.sk <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
notifications-center notifications-center
91
Notifications Center <= 1.5.2 - Reflected Cross-Site Scripting LOW *-1.5.2 July 5, 2026
nofollow-free nofollow-free
91
NoFollow Free <= 1.6.3 - Reflected Cross-Site Scripting LOW *-1.6.3 July 5, 2026
nite-shortcodes nite-shortcodes
91
Nite Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
ni-woocommerce-sales-report-email ni-woocommerce-sales-report-email
91
Ni WooCommerce Sales Report Email <= 3.1.4 - Reflected Cross-Site Scripting LOW *-3.1.4 July 5, 2026
network-favorites network-favorites
91
Network-Favorites <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 5, 2026
mycbgenie-clickbank-storefront mycbgenie-clickbank-storefront
91
ClickBank Storefront WordPress Plugin <= 1.7 - Reflected Cross-Site Scripting LOW *-1.7 July 5, 2026
mybb-last-topics mybb-last-topics
91
mybb Last Topics <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
myanime-widget myanime-widget
91
MyAnime Widget <= 1.0 - Cross-Site Request Forgery to Privilege Escalation LOW *-1.0 July 5, 2026
my-related-posts my-related-posts
91
my-related-posts <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
my-favorite-cars my-favorite-cars
91
My Favorite Car <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
muzaara-adwords-optimize-dashboard muzaara-adwords-optimize-dashboard
89
Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Unauthenticated PHP Object Injection LOW *-3.1 July 5, 2026
music-let-loose-mp3-audio-player music-let-loose-mp3-audio-player
91
MLL Audio Player MP3 Ajax <= 0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-0.7 July 5, 2026
mtphr-widgets mtphr-widgets
91
Metaphor Widgets <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4 July 5, 2026
msstiger msstiger
91
WP VTiger Synchronization <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.1 July 5, 2026
more-link-modifier more-link-modifier
91
More Link Modifier <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.3 July 5, 2026
mojo-under-construction mojo-under-construction
91
Mojo Under Construction <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 July 5, 2026
mobigatevn mobigatevn
91
Mobigate <= 1.0.3 - Reflected Cross-Site Scripting LOW *-1.0.3 July 5, 2026
mj-contact-us mj-contact-us
91
MJ Contact us <= 5.2.3 - Reflected Cross-Site Scripting LOW *-5.2.3 July 5, 2026
minterpress minterpress
89
Minterpress <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion LOW *-1.0.5 July 5, 2026
mindmeister-shortcode mindmeister-shortcode
91
Mindmeister Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
mind3dom-ryebread-widgets mind3dom-ryebread-widgets
91
Mind3doM RyeBread Widgets <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
mhr-custom-anti-copy mhr-custom-anti-copy
91
MHR-Custom-Anti-Copy <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0 July 5, 2026
mfplugin mfplugin
91
MFPlugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 5, 2026
mercadolibre-integration mercadolibre-integration
91
MercadoLibre Integration <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
menus-plus menus-plus
91
Menus Plus+ <= 1.9.6 - Authenticated (Subscriber+) SQL Injection LOW *-1.9.6 July 5, 2026
memeone memeone
91
MemeOne <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.5 July 5, 2026
melascrivi melascrivi
91
melascrivi-plugin <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 July 5, 2026
meinturnierplande-widget-viewer meinturnierplande-widget-viewer
91
MeinTurnierplan.de Widget Viewer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
mdc-youtube-downloader mdc-youtube-downloader
95
MDC YouTube Downloader <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.0.0 July 5, 2026
md-custom-content md-custom-content
91
MD Custom content after or before of post <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
mass-messaging-in-buddypress mass-messaging-in-buddypress
91
Mass Messaging in BuddyPress <= 2.2.1 - Reflected Cross-Site Scripting LOW *-2.2.1 July 5, 2026
mass-custom-fields-manager mass-custom-fields-manager
91
Mass Custom Fields Manager <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5 July 5, 2026
marquee-style-rss-news-ticker marquee-style-rss-news-ticker
91
Marquee Style RSS News Ticker <= 3.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.2.0 July 5, 2026
marmoset-viewer marmoset-viewer
91
Marmoset Viewer <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.3 July 5, 2026
mark-posts mark-posts
93
Mark Posts <= 2.2.4 - Missing Authorization LOW *-2.2.4 2.2.5 July 5, 2026
maniac-seo maniac-seo
91
Maniac SEO <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 5, 2026
mancx-askme-widget mancx-askme-widget
91
Mancx AskMe Widget <= 0.3 - Reflected Cross-Site Scripting LOW *-0.3 July 5, 2026
mailclient mailclient
91
Free MailClient FMC <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
magic-google-maps magic-google-maps
91
Magic Google Maps <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 July 5, 2026
macme macme
91
MACME <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 5, 2026
lsd-google-maps-embedder lsd-google-maps-embedder
91
LSD Google Maps Embedder <= 1.1 - Cross-Site Request Forgery Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
loginplus loginplus
89
Loginplus <= 1.2 - Missing Authorization LOW *-1.2 July 5, 2026
login-watchdog login-watchdog
91
Login Watchdog <= 1.0.4 - Reflected Cross-Site Scripting LOW *-1.0.4 July 5, 2026
lockets lockets
91
Lockets <= 0.999 - Reflected Cross-Site Scripting LOW *-0.999 July 5, 2026
location-piker location-piker
91
Google Map With Fancybox <= 2.1.0 - Reflected Cross-Site Scripting LOW *-2.1.0 July 5, 2026
localgrid localgrid
91
LocalGrid <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 5, 2026
local-shipping-labels-for-woocommerce local-shipping-labels-for-woocommerce
91
Local Shipping Labels for WooCommerce <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
lj-custom-menu-links lj-custom-menu-links
91
LJ Custom Menu Links <= 2.5 - Reflected Cross-Site Scripting LOW *-2.5 July 5, 2026
live-dashboard live-dashboard
91
Live Dashboard <= 0.3.3 - Reflected Cross-Site Scripting LOW *-0.3.3 July 5, 2026
lime-developer-login lime-developer-login
91
Lime Developer Login <= 1.4.0 - Reflected Cross-Site Scripting LOW *-1.4.0 July 5, 2026
library-instruction-recorder library-instruction-recorder
91
Library Instruction Recorder <= 1.1.4 - Reflected Cross-Site Scripting LOW *-1.1.4 July 5, 2026
lh-login-page lh-login-page
91
LH Login Page <= 2.14 - Reflected Cross-Site Scripting LOW *-2.14 July 5, 2026
lh-email lh-email
91
LH Email <= 1.12 - Reflected Cross-Site Scripting LOW *-1.12 July 5, 2026
len-slider len-slider
91
Len Slider <= 2.0.11 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-2.0.11 July 5, 2026
legal-plus legal-plus
91
Legal + <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
lawpress lawpress
89
LawPress – Law Firm Website Management <= 1.4.5 - Reflected Cross-Site Scripting LOW *-1.4.5 July 5, 2026
kv-send-email-from-admin kv-send-email-from-admin
91
Kv Compose Email From Dashboard <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 5, 2026
kumihimo kumihimo
91
Kumihimo <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 5, 2026
kopa-nictitate-toolkit kopa-nictitate-toolkit
91
Kopa Nictitate Toolkit <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
killer-theme-options killer-theme-options
91
Killer Theme Options <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 5, 2026
kapost-byline kapost-byline
93
Kapost <= 2.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.2.9 2.3.0 July 5, 2026
jet-skinner-for-buddypress jet-skinner-for-buddypress
95
Jet Skinner for BuddyPress <= 1.2.5 - Reflected Cross-Site Scripting LOW *-1.2.5 July 5, 2026
jb-horizontal-scroller-news-ticker jb-horizontal-scroller-news-ticker
91
JB Horizontal Scroller News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
internal-links-generator internal-links-generator
91
Internal Links Generator <= 3.51 - Reflected Cross-Site Scripting LOW *-3.51 July 5, 2026
interactive-page-hierarchy interactive-page-hierarchy
91
Interactive Page Hierarchy <= 1.0.1 - Missing Authorization LOW *-1.0.1 July 5, 2026
instant-appointment instant-appointment
87
Instant Appointment <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 5, 2026
incredible-font-awesome incredible-font-awesome
91
Incredible Font Awesome <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
improved-sale-badges-free-version improved-sale-badges-free-version
91
Improved Sale Badges – Free Version <= 1.0.1 - Authenticated (Subscriber+) Local File Inclusion LOW *-1.0.1 July 5, 2026
import-users-to-mailchimp import-users-to-mailchimp
91
Import Users to MailChimp <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
imagenius imagenius
91
imaGenius <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7 July 5, 2026
imagemeta imagemeta
91
ImageMeta <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 July 5, 2026
image-switcher image-switcher
89
Image Switcher <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
image-switcher image-switcher
89
Image Switcher <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1.1 July 5, 2026
image-gallery-box-by-crudlab image-gallery-box-by-crudlab
91
Image Gallery Box by CRUDLab <= 1.0.3 - Authenticated (Subscriber+) Local File Inclusion LOW *-1.0.3 July 5, 2026
hyp3rl0cal-city-search hyp3rl0cal-city-search
91
CtyGrid Hyp3rL0cal Search WordPress Plugin <= 0.1.1.1 - Reflected Cross-Site Scripting LOW *-0.1.1.1 July 5, 2026
hybrid-gallery hybrid-gallery
91
Gallery: Hybrid – Advanced Visual Gallery <= 1.4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.0.2 July 5, 2026
https-links-in-content https-links-in-content
91
HTTP to HTTPS link changer by Eyga.net <= 0.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.2.4 July 5, 2026
LOW

popliup

popliup

Score: 91/100 Popliup – WordPress Popup Plugin <= 1.1.1 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

pootle-button

pootle-button

Score: 91/100 Pootle button <= 1.2.0 - Reflected Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 5, 2026
LOW

podclankova-inzerce

podclankova-inzerce

Score: 91/100 Podčlánková inzerce <= 2.4.0 - Reflected Cross-Site Scripting Affected: *-2.4.0 Patched: Updated: July 5, 2026
LOW

podamibe-twilio-private-call

podamibe-twilio-private-call

Score: 91/100 Podamibe Twilio Private Call <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

plinks

plinks

Score: 91/100 Powie's pLinks PagePeeker <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

plestar-directory-listing

plestar-directory-listing

Score: 91/100 Plestar Directory Listing <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

pit-login-welcome

pit-login-welcome

Score: 91/100 Pit Login Welcome <= 1.1.5 - Reflected Cross-Site Scripting Affected: *-1.1.5 Patched: Updated: July 5, 2026
LOW

pin-locations-on-map

pin-locations-on-map

Score: 91/100 Pin Locations on Map <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

photo-video-store

photo-video-store

Score: 89/100 Photo Video Store <= 21.07 - Reflected Cross-Site Scripting Affected: *-21.07 Patched: Updated: July 5, 2026
LOW

pdfjs-shortcode

pdfjs-shortcode

Score: 91/100 PDF.js Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

paypal-promotions-and-insights

paypal-promotions-and-insights

Score: 91/100 PayPal Marketing Solutions <= 1.2 - Missing Authorization Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

payform

payform

Score: 91/100 PayForm <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

pastebin-embed

pastebin-embed

Score: 91/100 Pastebin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 5, 2026
LOW

passwordless-wp

passwordless-wp

Score: 91/100 Passwordless WP – Login with your glance or fingerprint <= 1.1.6 - Reflected Cross-Site Scripting Affected: *-1.1.6 Patched: Updated: July 5, 2026
LOW

password-protect-plugin-for-wordpress

password-protect-plugin-for-wordpress

Score: 91/100 Password Protect Plugin for WordPress <= 0.8.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.8.1.0 Patched: Updated: July 5, 2026
LOW

papercite

papercite

Score: 91/100 PAPERCITE <= 0.5.18 - Missing Authorization Affected: *-0.5.18 Patched: Updated: July 5, 2026
LOW

page-health-o-meter

page-health-o-meter

Score: 91/100 Page Health-O-Meter <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

pafacile

pafacile

Score: 91/100 PAFacile <= 2.6.1 - Reflected Cross-Site Scripting Affected: *-2.6.1 Patched: Updated: July 5, 2026
LOW

orangebox

orangebox

Score: 91/100 OrangeBox <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0.0 Patched: Updated: July 5, 2026
LOW

online-appointment-scheduling-software

online-appointment-scheduling-software

Score: 91/100 Swift Calendar Online Appointment Scheduling <= 1.3.3 - Reflected Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 5, 2026
LOW

one-backend-language

one-backend-language

Score: 91/100 One Backend Language <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

nv-slider

nv-slider

Score: 89/100 NV Slider <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 5, 2026
LOW

notifikacie-sk

notifikacie-sk

Score: 91/100 Notifikácie.sk <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

notifications-center

notifications-center

Score: 91/100 Notifications Center <= 1.5.2 - Reflected Cross-Site Scripting Affected: *-1.5.2 Patched: Updated: July 5, 2026
LOW

nofollow-free

nofollow-free

Score: 91/100 NoFollow Free <= 1.6.3 - Reflected Cross-Site Scripting Affected: *-1.6.3 Patched: Updated: July 5, 2026
LOW

nite-shortcodes

nite-shortcodes

Score: 91/100 Nite Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

ni-woocommerce-sales-report-email

ni-woocommerce-sales-report-email

Score: 91/100 Ni WooCommerce Sales Report Email <= 3.1.4 - Reflected Cross-Site Scripting Affected: *-3.1.4 Patched: Updated: July 5, 2026
LOW

network-favorites

network-favorites

Score: 91/100 Network-Favorites <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

mycbgenie-clickbank-storefront

mycbgenie-clickbank-storefront

Score: 91/100 ClickBank Storefront WordPress Plugin <= 1.7 - Reflected Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 5, 2026
LOW

mybb-last-topics

mybb-last-topics

Score: 91/100 mybb Last Topics <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

myanime-widget

myanime-widget

Score: 91/100 MyAnime Widget <= 1.0 - Cross-Site Request Forgery to Privilege Escalation Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

my-related-posts

my-related-posts

Score: 91/100 my-related-posts <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

my-favorite-cars

my-favorite-cars

Score: 91/100 My Favorite Car <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

muzaara-adwords-optimize-dashboard

muzaara-adwords-optimize-dashboard

Score: 89/100 Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Unauthenticated PHP Object Injection Affected: *-3.1 Patched: Updated: July 5, 2026
LOW

music-let-loose-mp3-audio-player

music-let-loose-mp3-audio-player

Score: 91/100 MLL Audio Player MP3 Ajax <= 0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-0.7 Patched: Updated: July 5, 2026
LOW

mtphr-widgets

mtphr-widgets

Score: 91/100 Metaphor Widgets <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4 Patched: Updated: July 5, 2026
LOW

msstiger

msstiger

Score: 91/100 WP VTiger Synchronization <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

more-link-modifier

more-link-modifier

Score: 91/100 More Link Modifier <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 5, 2026
LOW

mojo-under-construction

mojo-under-construction

Score: 91/100 Mojo Under Construction <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 5, 2026
LOW

mobigatevn

mobigatevn

Score: 91/100 Mobigate <= 1.0.3 - Reflected Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 5, 2026
LOW

mj-contact-us

mj-contact-us

Score: 91/100 MJ Contact us <= 5.2.3 - Reflected Cross-Site Scripting Affected: *-5.2.3 Patched: Updated: July 5, 2026
LOW

minterpress

minterpress

Score: 89/100 Minterpress <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-1.0.5 Patched: Updated: July 5, 2026
LOW

mindmeister-shortcode

mindmeister-shortcode

Score: 91/100 Mindmeister Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

mind3dom-ryebread-widgets

mind3dom-ryebread-widgets

Score: 91/100 Mind3doM RyeBread Widgets <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

mhr-custom-anti-copy

mhr-custom-anti-copy

Score: 91/100 MHR-Custom-Anti-Copy <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

mfplugin

mfplugin

Score: 91/100 MFPlugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

mercadolibre-integration

mercadolibre-integration

Score: 91/100 MercadoLibre Integration <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

menus-plus

menus-plus

Score: 91/100 Menus Plus+ <= 1.9.6 - Authenticated (Subscriber+) SQL Injection Affected: *-1.9.6 Patched: Updated: July 5, 2026
LOW

memeone

memeone

Score: 91/100 MemeOne <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.5 Patched: Updated: July 5, 2026
LOW

melascrivi

melascrivi

Score: 91/100 melascrivi-plugin <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

meinturnierplande-widget-viewer

meinturnierplande-widget-viewer

Score: 91/100 MeinTurnierplan.de Widget Viewer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

mdc-youtube-downloader

mdc-youtube-downloader

Score: 95/100 MDC YouTube Downloader <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0.0 Patched: Updated: July 5, 2026
LOW

md-custom-content

md-custom-content

Score: 91/100 MD Custom content after or before of post <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

mass-messaging-in-buddypress

mass-messaging-in-buddypress

Score: 91/100 Mass Messaging in BuddyPress <= 2.2.1 - Reflected Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: July 5, 2026
LOW

mass-custom-fields-manager

mass-custom-fields-manager

Score: 91/100 Mass Custom Fields Manager <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 5, 2026
LOW

marquee-style-rss-news-ticker

marquee-style-rss-news-ticker

Score: 91/100 Marquee Style RSS News Ticker <= 3.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.2.0 Patched: Updated: July 5, 2026
LOW

marmoset-viewer

marmoset-viewer

Score: 91/100 Marmoset Viewer <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.3 Patched: Updated: July 5, 2026
LOW

mark-posts

mark-posts

Score: 93/100 Mark Posts <= 2.2.4 - Missing Authorization Affected: *-2.2.4 Patched: 2.2.5 Updated: July 5, 2026
LOW

maniac-seo

maniac-seo

Score: 91/100 Maniac SEO <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

mancx-askme-widget

mancx-askme-widget

Score: 91/100 Mancx AskMe Widget <= 0.3 - Reflected Cross-Site Scripting Affected: *-0.3 Patched: Updated: July 5, 2026
LOW

mailclient

mailclient

Score: 91/100 Free MailClient FMC <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

magic-google-maps

magic-google-maps

Score: 91/100 Magic Google Maps <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 5, 2026
LOW

macme

macme

Score: 91/100 MACME <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

lsd-google-maps-embedder

lsd-google-maps-embedder

Score: 91/100 LSD Google Maps Embedder <= 1.1 - Cross-Site Request Forgery Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

loginplus

loginplus

Score: 89/100 Loginplus <= 1.2 - Missing Authorization Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

login-watchdog

login-watchdog

Score: 91/100 Login Watchdog <= 1.0.4 - Reflected Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 5, 2026
LOW

lockets

lockets

Score: 91/100 Lockets <= 0.999 - Reflected Cross-Site Scripting Affected: *-0.999 Patched: Updated: July 5, 2026
LOW

location-piker

location-piker

Score: 91/100 Google Map With Fancybox <= 2.1.0 - Reflected Cross-Site Scripting Affected: *-2.1.0 Patched: Updated: July 5, 2026
LOW

localgrid

localgrid

Score: 91/100 LocalGrid <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

local-shipping-labels-for-woocommerce

local-shipping-labels-for-woocommerce

Score: 91/100 Local Shipping Labels for WooCommerce <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

lj-custom-menu-links

lj-custom-menu-links

Score: 91/100 LJ Custom Menu Links <= 2.5 - Reflected Cross-Site Scripting Affected: *-2.5 Patched: Updated: July 5, 2026
LOW

live-dashboard

live-dashboard

Score: 91/100 Live Dashboard <= 0.3.3 - Reflected Cross-Site Scripting Affected: *-0.3.3 Patched: Updated: July 5, 2026
LOW

lime-developer-login

lime-developer-login

Score: 91/100 Lime Developer Login <= 1.4.0 - Reflected Cross-Site Scripting Affected: *-1.4.0 Patched: Updated: July 5, 2026
LOW

library-instruction-recorder

library-instruction-recorder

Score: 91/100 Library Instruction Recorder <= 1.1.4 - Reflected Cross-Site Scripting Affected: *-1.1.4 Patched: Updated: July 5, 2026
LOW

lh-login-page

lh-login-page

Score: 91/100 LH Login Page <= 2.14 - Reflected Cross-Site Scripting Affected: *-2.14 Patched: Updated: July 5, 2026
LOW

lh-email

lh-email

Score: 91/100 LH Email <= 1.12 - Reflected Cross-Site Scripting Affected: *-1.12 Patched: Updated: July 5, 2026
LOW

len-slider

len-slider

Score: 91/100 Len Slider <= 2.0.11 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-2.0.11 Patched: Updated: July 5, 2026
LOW

legal-plus

legal-plus

Score: 91/100 Legal + <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

lawpress

lawpress

Score: 89/100 LawPress – Law Firm Website Management <= 1.4.5 - Reflected Cross-Site Scripting Affected: *-1.4.5 Patched: Updated: July 5, 2026
LOW

kv-send-email-from-admin

kv-send-email-from-admin

Score: 91/100 Kv Compose Email From Dashboard <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

kumihimo

kumihimo

Score: 91/100 Kumihimo <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

kopa-nictitate-toolkit

kopa-nictitate-toolkit

Score: 91/100 Kopa Nictitate Toolkit <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

killer-theme-options

killer-theme-options

Score: 91/100 Killer Theme Options <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

kapost-byline

kapost-byline

Score: 93/100 Kapost <= 2.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.2.9 Patched: 2.3.0 Updated: July 5, 2026
LOW

jet-skinner-for-buddypress

jet-skinner-for-buddypress

Score: 95/100 Jet Skinner for BuddyPress <= 1.2.5 - Reflected Cross-Site Scripting Affected: *-1.2.5 Patched: Updated: July 5, 2026
LOW

jb-horizontal-scroller-news-ticker

jb-horizontal-scroller-news-ticker

Score: 91/100 JB Horizontal Scroller News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

internal-links-generator

internal-links-generator

Score: 91/100 Internal Links Generator <= 3.51 - Reflected Cross-Site Scripting Affected: *-3.51 Patched: Updated: July 5, 2026
LOW

interactive-page-hierarchy

interactive-page-hierarchy

Score: 91/100 Interactive Page Hierarchy <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

instant-appointment

instant-appointment

Score: 87/100 Instant Appointment <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

incredible-font-awesome

incredible-font-awesome

Score: 91/100 Incredible Font Awesome <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

improved-sale-badges-free-version

improved-sale-badges-free-version

Score: 91/100 Improved Sale Badges – Free Version <= 1.0.1 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

import-users-to-mailchimp

import-users-to-mailchimp

Score: 91/100 Import Users to MailChimp <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

imagenius

imagenius

Score: 91/100 imaGenius <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 5, 2026
LOW

imagemeta

imagemeta

Score: 91/100 ImageMeta <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 5, 2026
LOW

image-switcher

image-switcher

Score: 89/100 Image Switcher <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

image-switcher

image-switcher

Score: 89/100 Image Switcher <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: July 5, 2026
LOW

image-gallery-box-by-crudlab

image-gallery-box-by-crudlab

Score: 91/100 Image Gallery Box by CRUDLab <= 1.0.3 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.0.3 Patched: Updated: July 5, 2026
LOW

hyp3rl0cal-city-search

hyp3rl0cal-city-search

Score: 91/100 CtyGrid Hyp3rL0cal Search WordPress Plugin <= 0.1.1.1 - Reflected Cross-Site Scripting Affected: *-0.1.1.1 Patched: Updated: July 5, 2026
LOW

hybrid-gallery

hybrid-gallery

Score: 91/100 Gallery: Hybrid – Advanced Visual Gallery <= 1.4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.0.2 Patched: Updated: July 5, 2026
LOW

https-links-in-content

https-links-in-content

Score: 91/100 HTTP to HTTPS link changer by Eyga.net <= 0.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.2.4 Patched: Updated: July 5, 2026

Showing 13101 to 13200 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 01:49 UTC.