Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

99

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
hss-embed-streaming-video hss-embed-streaming-video
91
HSS Embed Streaming Video <= 3.23 - Reflected Cross-Site Scripting LOW *-3.23 July 5, 2026
hotspots hotspots
91
Hotspots Analytics <= 4.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.0.12 July 5, 2026
horizontal-line-shortcode horizontal-line-shortcode
91
Horizontal Line Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
hm-portfolio hm-portfolio
91
HM Portfolio <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 July 5, 2026
heartland-management-terminal heartland-management-terminal
93
Heartland Management Terminal <= 1.3. 0 - Reflected Cross-Site Scripting LOW *-1.3.0 1.4.0 July 5, 2026
header-images-rotator header-images-rotator
91
ntp-header-images <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 5, 2026
hack-me-if-you-can hack-me-if-you-can
91
Hack me if you can <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
gwebpro-store-locator gwebpro-store-locator
89
G Web Pro Store Locator <= 2.0.1 - Reflected Cross-Site Scripting LOW *-2.0.1 July 5, 2026
guten-free-options guten-free-options
89
Guten Free Options <= 0.9.5 - Reflected Cross-Site Scripting LOW *-0.9.5 July 5, 2026
group-category-creator group-category-creator
91
Group category creator <= 1.3.0.3 - Reflected Cross-Site Scripting LOW *-1.3.0.3 July 5, 2026
greek-namedays-widget greek-namedays-widget
91
Greek Namedays Widget From Eortologio.Net <= 20191113 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-20191113 July 5, 2026
gravityforms gravityforms
93
GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter LOW *-2.9.1.3 2.9.2 July 5, 2026
gravityforms gravityforms
93
GravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter LOW 2.9.0.1-2.9.1.3 2.9.2 July 5, 2026
gravatarlocalcache gravatarlocalcache
91
GravatarLocalCache <= 1.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.2 July 5, 2026
graph-lite graph-lite
91
WordPress Graphs & Charts <= 2.0.8 - Missing Authorization LOW *-2.0.8 July 5, 2026
googlemapper-2 googlemapper-2
91
GoogleMapper <= 2.0.3 - Reflected Cross-Site Scripting LOW *-2.0.3 July 5, 2026
google-transliteration google-transliteration
91
Google Transliteration <= 1.7.2 - Reflected Cross-Site Scripting LOW *-1.7.2 July 5, 2026
google-org-chart google-org-chart
91
Google Org Chart <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 5, 2026
google-map-professional google-map-professional
89
WordPress Google Map Professional <= 1.0 - Authenticated (Contributor+) SQL Injection LOW *-1.0 July 5, 2026
google-map-on-postpage google-map-on-postpage
91
Google Map on Post/Page <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 5, 2026
googl-url-shorter googl-url-shorter
91
Goo.gl Url Shorter <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 5, 2026
goodlayers-blocks goodlayers-blocks
93
Goodlayers Blocks <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 1.0.3 July 5, 2026
good-old-gallery good-old-gallery
91
Good Old Gallery <= 2.1.2 - Reflected Cross-Site Scripting LOW *-2.1.2 July 5, 2026
goldstar goldstar
91
Goldstar <= 2.1.1 - Missing Authorization LOW *-2.1.1 July 5, 2026
go-sphinx go-sphinx
91
Gigaom Sphinx <= 0.1 - Reflected Cross-Site Scripting LOW *-0.1 July 5, 2026
go-social go-social
91
go Social <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
gmaps-for-visual-composer-free gmaps-for-visual-composer-free
91
GMAPS for WPBakery Page Builder Free <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
gmap-shortcode gmap-shortcode
91
GMap Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 July 5, 2026
glasses-for-woocommerce glasses-for-woocommerce
91
ChatGPT Open AI Images & Content for WooCommerce <= 2.2.0 - Reflected Cross-Site Scipting LOW *-2.2.0 July 5, 2026
giveaways-contests-by-promosimple giveaways-contests-by-promosimple
91
Giveaways and Contests by PromoSimple <= 1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.24 July 5, 2026
gf-multi-uploader gf-multi-uploader
93
Multi Uploader for Gravity Forms <= 1.1.3 - Unauthenticated Arbitrary File Upload LOW *-1.1.3 1.1.5 July 5, 2026
geotagged-media geotagged-media
89
Geotagged Media <= 0.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.3.0 July 5, 2026
geodigs geodigs
91
GeoDigs <= 3.4.1 - Reflected Cross-Site Scripting LOW *-3.4.1 July 5, 2026
genki-announcement genki-announcement
91
Genki Announcement <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.1 July 5, 2026
gdreseller gdreseller
89
GDReseller <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6 July 5, 2026
gdpr-personal-data-reports gdpr-personal-data-reports
91
GDPR Personal Data Reports <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.5 July 5, 2026
gallerio gallerio
89
Gallerio <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 5, 2026
fwd-slider fwd-slider
91
FWD Slider <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
fp-rss-category-excluder fp-rss-category-excluder
91
FP RSS Category Excluder <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
formatted-post formatted-post
91
Formatted post <= 1.01 - Reflected Cross-Site Scripting LOW *-1.01 July 5, 2026
form-to-json form-to-json
91
Form To JSON <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
foogallery-captions foogallery-captions
91
FooGallery Captions <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 5, 2026
fontawesomeio-shortcodes fontawesomeio-shortcodes
91
FontAwesome.io ShortCodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
flying-twitter-birds flying-twitter-birds
91
Flying Twitter Birds <= 1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.8 July 5, 2026
flx-dashboard-groups flx-dashboard-groups
91
FLX Dashboard Groups <= 0.0.7 - Reflected Cross-Site Scripting LOW *-0.0.7 July 5, 2026
floatbox-plus floatbox-plus
91
Floatbox Plus <= 1.4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.4 July 5, 2026
flexo-slider flexo-slider
91
Flexo Slider <= 1.0013 - Reflected Cross-Site Scripting LOW *-1.0013 July 5, 2026
flexible-blogtitle flexible-blogtitle
91
Flexible Blogtitle <= 0.1 - Reflected Cross-Site Scripting LOW *-0.1 July 5, 2026
first-comment-redirect first-comment-redirect
91
First Comment Redirect <= 1.0.3 - Reflected Cross-Site Scripting LOW *-1.0.3 July 5, 2026
find-your-reps find-your-reps
91
Find Your Reps <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
find-content-ids find-content-ids
91
Find Content IDs <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution file-manager-advanced
66
Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload LOW 5.2.12-5.2.13 5.2.14 July 5, 2026
feedburner-optin-form feedburner-optin-form
91
Feedburner Optin Form <= 0.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.2.8 July 5, 2026
fat-event-lite fat-event-lite
87
FAT Event Lite <= 1.1 - Authenticated (Contributor+) Local File Inclusion LOW *-1.1 July 5, 2026
fast-tube fast-tube
89
Fast Tube <= 2.3.1 - Reflected Cross-Site Scripting LOW *-2.3.1 July 5, 2026
ezplayer ezplayer
91
EZPlayer <= 1.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.10 July 5, 2026
extra-options-favicons extra-options-favicons
91
Extra Options – Favicons <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.0 July 5, 2026
explore-pages explore-pages
91
Explore pages <= 1.01 - Reflected Cross-Site Scripting LOW *-1.01 July 5, 2026
explara-membership explara-membership
91
Explara Membership <= 0.0.7 - Reflected Cross-Site Scripting LOW *-0.0.7 July 5, 2026
eventer eventer
89
Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read LOW *-3.9.7 3.9.8 July 5, 2026
event-countdown-timer event-countdown-timer
91
Event Countdown Timer Plugin by TechMix <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 July 5, 2026
essential-wp-real-estate essential-wp-real-estate
87
Essential WP Real Estate <= 1.1.3 - Reflected Cross-Site Scripting LOW *-1.1.3 July 5, 2026
essay-wizard-wpcres essay-wizard-wpcres
91
Essay Wizard (wpCRES) <= 1.0.6.4 - Reflected Cross-Site Scripting LOW *-1.0.6.4 July 5, 2026
error-notification error-notification
91
Error Notification <= 0.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.2.7 July 5, 2026
epermissions epermissions
91
ePermissions <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 5, 2026
envato-affiliater envato-affiliater
91
Envato Affiliater <= 1.2.4 - Reflected Cross-Site Scripting LOW *-1.2.4 July 5, 2026
enhanced-youtube-shortcode enhanced-youtube-shortcode
91
Enhanced YouTube Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.1 July 5, 2026
embed-ispring embed-ispring
91
iSpring Embedder <= 1.0 - Cross-Site Request Forgery to Arbitrary File Upload LOW *-1.0 July 5, 2026
emarksheet emarksheet
93
Online Marksheet Creator : eMarksheet <= 5.4.3 - Reflected Cross-Site Scripting LOW *-5.4.3 5.4.4 July 5, 2026
emailshroud emailshroud
91
EmailShroud <= 2.2.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-2.2.1 July 5, 2026
emailpress emailpress
91
EmailPress <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
email-to-download email-to-download
91
Email to Download <= 3.1.0 - Reflected Cross-Site Scripting LOW *-3.1.0 July 5, 2026
email-on-publish email-on-publish
91
Email on Publish <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5 July 5, 2026
email-capture-lead-generation email-capture-lead-generation
91
Email Capture & Lead Generation <= 1.0.2 - Missing Authorization LOW *-1.0.2 July 5, 2026
eelv-newsletter eelv-newsletter
89
EELV Newsletter <= 4.8.2 - Reflected Cross-Site Scripting LOW *-4.8.2 July 5, 2026
editionguard-for-woocommerce-ebook-sales-with-drm editionguard-for-woocommerce-ebook-sales-with-drm
89
EditionGuard for WooCommerce – eBook Sales with DRM <= 3.4.2 - Reflected Cross-Site Scripting LOW *-3.4.2 July 5, 2026
ect-add-to-cart-button ect-add-to-cart-button
91
ECT Add to Cart Button <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4 July 5, 2026
easy-tynt easy-tynt
91
Easy Tynt <= 0.2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.2.5.1 July 5, 2026
easy-tweet-embed easy-tweet-embed
91
Easy Tweet Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7 July 5, 2026
easy-shortcode-buttons easy-shortcode-buttons
91
Easy Shortcode Buttons <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
easy-school-registration easy-school-registration
91
Easy School Registration <= 3.9.8 - Reflected Cross-Site Scripting LOW *-3.9.8 July 5, 2026
easy-post-to-post-links easy-post-to-post-links
91
Post-to-Post Links <= 4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.2 July 5, 2026
easy-portfolio easy-portfolio
91
Easy Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 July 5, 2026
easy-filtering easy-filtering
91
Easy Filtering <= 2.5.0 - Reflected Cross-Site Scripting LOW *-2.5.0 July 5, 2026
easy-filter easy-filter
91
Easy Filter <= 1.10 - Reflected Cross-Site Scripting LOW *-1.10 July 5, 2026
easy-faqs easy-faqs
91
Easy FAQs <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.1 July 5, 2026
easy-eu-cookie-law easy-eu-cookie-law
91
Easy EU Cookie law <= 1.3.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.3.3.1 July 5, 2026
easy-code-snippets easy-code-snippets
89
Easy Code Snippets <= 1.0.2 - Authenticated (Administrator+) SQL Injection LOW *-1.0.2 July 5, 2026
easy-code-placement easy-code-placement
91
Easy Code Placement <= 18.11 - Reflected Cross-Site Scripting LOW *-18.11 July 5, 2026
easy-broken-link-checker easy-broken-link-checker
86
URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Reflected Cross-Site Scripting LOW *-9.0.2 July 5, 2026
easy-bet easy-bet
89
Easy Bet <= 1.0.7 - Reflected Cross-Site Scripting LOW *-1.0.7 July 5, 2026
easy-automatic-newsletter easy-automatic-newsletter
91
Easy Automatic Newsletter Lite <= 3.2.0 - Reflected Cross-Site Scripting LOW *-3.2.0 July 5, 2026
dzs-ajaxer-lite-dynamic-page-load dzs-ajaxer-lite-dynamic-page-load
91
DZS Ajaxer Lite – Ajaxify Your WordPress Site and Comment <= 1.04 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.04 July 5, 2026
dx-sales-crm dx-sales-crm
91
DX Sales CRM <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 5, 2026
dsgvo dsgvo
91
EU DSGVO Helper <= 1.0.6.1 - Reflected Cross-Site Scripting LOW *-1.0.6.1 July 5, 2026
dsgnwrks-twitter-importer dsgnwrks-twitter-importer
91
DsgnWrks Twitter Importer <= 1.1.4 - Reflected Cross-Site Scripting LOW *-1.1.4 July 5, 2026
drag-and-drop-custom-sidebar drag-and-drop-custom-sidebar
91
REAL WordPress Sidebar <= 0.1 - Unauthenticated Stored Cross-Site Scripting LOW *-0.1 July 5, 2026
donate-visa donate-visa
91
Donate visa <= 1.0.0 - Missing Authorization LOW *-1.0.0 July 5, 2026
dn-sitemap-control dn-sitemap-control
91
DN Sitemap Control <= 1.0.6 - Reflected Cross-Site Scripting LOW *-1.0.6 July 5, 2026
dforms dforms
91
dForms <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
LOW

hss-embed-streaming-video

hss-embed-streaming-video

Score: 91/100 HSS Embed Streaming Video <= 3.23 - Reflected Cross-Site Scripting Affected: *-3.23 Patched: Updated: July 5, 2026
LOW

hotspots

hotspots

Score: 91/100 Hotspots Analytics <= 4.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.0.12 Patched: Updated: July 5, 2026
LOW

horizontal-line-shortcode

horizontal-line-shortcode

Score: 91/100 Horizontal Line Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

hm-portfolio

hm-portfolio

Score: 91/100 HM Portfolio <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

heartland-management-terminal

heartland-management-terminal

Score: 93/100 Heartland Management Terminal <= 1.3. 0 - Reflected Cross-Site Scripting Affected: *-1.3.0 Patched: 1.4.0 Updated: July 5, 2026
LOW

header-images-rotator

header-images-rotator

Score: 91/100 ntp-header-images <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

hack-me-if-you-can

hack-me-if-you-can

Score: 91/100 Hack me if you can <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

gwebpro-store-locator

gwebpro-store-locator

Score: 89/100 G Web Pro Store Locator <= 2.0.1 - Reflected Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 5, 2026
LOW

guten-free-options

guten-free-options

Score: 89/100 Guten Free Options <= 0.9.5 - Reflected Cross-Site Scripting Affected: *-0.9.5 Patched: Updated: July 5, 2026
LOW

group-category-creator

group-category-creator

Score: 91/100 Group category creator <= 1.3.0.3 - Reflected Cross-Site Scripting Affected: *-1.3.0.3 Patched: Updated: July 5, 2026
LOW

greek-namedays-widget

greek-namedays-widget

Score: 91/100 Greek Namedays Widget From Eortologio.Net <= 20191113 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-20191113 Patched: Updated: July 5, 2026
LOW

gravityforms

gravityforms

Score: 93/100 GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter Affected: *-2.9.1.3 Patched: 2.9.2 Updated: July 5, 2026
LOW

gravityforms

gravityforms

Score: 93/100 GravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter Affected: 2.9.0.1-2.9.1.3 Patched: 2.9.2 Updated: July 5, 2026
LOW

gravatarlocalcache

gravatarlocalcache

Score: 91/100 GravatarLocalCache <= 1.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 5, 2026
LOW

graph-lite

graph-lite

Score: 91/100 WordPress Graphs & Charts <= 2.0.8 - Missing Authorization Affected: *-2.0.8 Patched: Updated: July 5, 2026
LOW

googlemapper-2

googlemapper-2

Score: 91/100 GoogleMapper <= 2.0.3 - Reflected Cross-Site Scripting Affected: *-2.0.3 Patched: Updated: July 5, 2026
LOW

google-transliteration

google-transliteration

Score: 91/100 Google Transliteration <= 1.7.2 - Reflected Cross-Site Scripting Affected: *-1.7.2 Patched: Updated: July 5, 2026
LOW

google-org-chart

google-org-chart

Score: 91/100 Google Org Chart <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

google-map-professional

google-map-professional

Score: 89/100 WordPress Google Map Professional <= 1.0 - Authenticated (Contributor+) SQL Injection Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

google-map-on-postpage

google-map-on-postpage

Score: 91/100 Google Map on Post/Page <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

googl-url-shorter

googl-url-shorter

Score: 91/100 Goo.gl Url Shorter <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

goodlayers-blocks

goodlayers-blocks

Score: 93/100 Goodlayers Blocks <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.3 Updated: July 5, 2026
LOW

good-old-gallery

good-old-gallery

Score: 91/100 Good Old Gallery <= 2.1.2 - Reflected Cross-Site Scripting Affected: *-2.1.2 Patched: Updated: July 5, 2026
LOW

goldstar

goldstar

Score: 91/100 Goldstar <= 2.1.1 - Missing Authorization Affected: *-2.1.1 Patched: Updated: July 5, 2026
LOW

go-sphinx

go-sphinx

Score: 91/100 Gigaom Sphinx <= 0.1 - Reflected Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 5, 2026
LOW

go-social

go-social

Score: 91/100 go Social <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

gmaps-for-visual-composer-free

gmaps-for-visual-composer-free

Score: 91/100 GMAPS for WPBakery Page Builder Free <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

gmap-shortcode

gmap-shortcode

Score: 91/100 GMap Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

glasses-for-woocommerce

glasses-for-woocommerce

Score: 91/100 ChatGPT Open AI Images & Content for WooCommerce <= 2.2.0 - Reflected Cross-Site Scipting Affected: *-2.2.0 Patched: Updated: July 5, 2026
LOW

giveaways-contests-by-promosimple

giveaways-contests-by-promosimple

Score: 91/100 Giveaways and Contests by PromoSimple <= 1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.24 Patched: Updated: July 5, 2026
LOW

gf-multi-uploader

gf-multi-uploader

Score: 93/100 Multi Uploader for Gravity Forms <= 1.1.3 - Unauthenticated Arbitrary File Upload Affected: *-1.1.3 Patched: 1.1.5 Updated: July 5, 2026
LOW

geotagged-media

geotagged-media

Score: 89/100 Geotagged Media <= 0.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.3.0 Patched: Updated: July 5, 2026
LOW

geodigs

geodigs

Score: 91/100 GeoDigs <= 3.4.1 - Reflected Cross-Site Scripting Affected: *-3.4.1 Patched: Updated: July 5, 2026
LOW

genki-announcement

genki-announcement

Score: 91/100 Genki Announcement <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 5, 2026
LOW

gdreseller

gdreseller

Score: 89/100 GDReseller <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 5, 2026
LOW

gdpr-personal-data-reports

gdpr-personal-data-reports

Score: 91/100 GDPR Personal Data Reports <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 5, 2026
LOW

gallerio

gallerio

Score: 89/100 Gallerio <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

fwd-slider

fwd-slider

Score: 91/100 FWD Slider <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

fp-rss-category-excluder

fp-rss-category-excluder

Score: 91/100 FP RSS Category Excluder <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

formatted-post

formatted-post

Score: 91/100 Formatted post <= 1.01 - Reflected Cross-Site Scripting Affected: *-1.01 Patched: Updated: July 5, 2026
LOW

form-to-json

form-to-json

Score: 91/100 Form To JSON <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

foogallery-captions

foogallery-captions

Score: 91/100 FooGallery Captions <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

fontawesomeio-shortcodes

fontawesomeio-shortcodes

Score: 91/100 FontAwesome.io ShortCodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

flying-twitter-birds

flying-twitter-birds

Score: 91/100 Flying Twitter Birds <= 1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.8 Patched: Updated: July 5, 2026
LOW

flx-dashboard-groups

flx-dashboard-groups

Score: 91/100 FLX Dashboard Groups <= 0.0.7 - Reflected Cross-Site Scripting Affected: *-0.0.7 Patched: Updated: July 5, 2026
LOW

floatbox-plus

floatbox-plus

Score: 91/100 Floatbox Plus <= 1.4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.4 Patched: Updated: July 5, 2026
LOW

flexo-slider

flexo-slider

Score: 91/100 Flexo Slider <= 1.0013 - Reflected Cross-Site Scripting Affected: *-1.0013 Patched: Updated: July 5, 2026
LOW

flexible-blogtitle

flexible-blogtitle

Score: 91/100 Flexible Blogtitle <= 0.1 - Reflected Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 5, 2026
LOW

first-comment-redirect

first-comment-redirect

Score: 91/100 First Comment Redirect <= 1.0.3 - Reflected Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 5, 2026
LOW

find-your-reps

find-your-reps

Score: 91/100 Find Your Reps <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

find-content-ids

find-content-ids

Score: 91/100 Find Content IDs <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

feedburner-optin-form

feedburner-optin-form

Score: 91/100 Feedburner Optin Form <= 0.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2.8 Patched: Updated: July 5, 2026
LOW

fat-event-lite

fat-event-lite

Score: 87/100 FAT Event Lite <= 1.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

fast-tube

fast-tube

Score: 89/100 Fast Tube <= 2.3.1 - Reflected Cross-Site Scripting Affected: *-2.3.1 Patched: Updated: July 5, 2026
LOW

ezplayer

ezplayer

Score: 91/100 EZPlayer <= 1.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.10 Patched: Updated: July 5, 2026
LOW

extra-options-favicons

extra-options-favicons

Score: 91/100 Extra Options – Favicons <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

explore-pages

explore-pages

Score: 91/100 Explore pages <= 1.01 - Reflected Cross-Site Scripting Affected: *-1.01 Patched: Updated: July 5, 2026
LOW

explara-membership

explara-membership

Score: 91/100 Explara Membership <= 0.0.7 - Reflected Cross-Site Scripting Affected: *-0.0.7 Patched: Updated: July 5, 2026
LOW

eventer

eventer

Score: 89/100 Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read Affected: *-3.9.7 Patched: 3.9.8 Updated: July 5, 2026
LOW

event-countdown-timer

event-countdown-timer

Score: 91/100 Event Countdown Timer Plugin by TechMix <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

essential-wp-real-estate

essential-wp-real-estate

Score: 87/100 Essential WP Real Estate <= 1.1.3 - Reflected Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: July 5, 2026
LOW

essay-wizard-wpcres

essay-wizard-wpcres

Score: 91/100 Essay Wizard (wpCRES) <= 1.0.6.4 - Reflected Cross-Site Scripting Affected: *-1.0.6.4 Patched: Updated: July 5, 2026
LOW

error-notification

error-notification

Score: 91/100 Error Notification <= 0.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.2.7 Patched: Updated: July 5, 2026
LOW

epermissions

epermissions

Score: 91/100 ePermissions <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

envato-affiliater

envato-affiliater

Score: 91/100 Envato Affiliater <= 1.2.4 - Reflected Cross-Site Scripting Affected: *-1.2.4 Patched: Updated: July 5, 2026
LOW

enhanced-youtube-shortcode

enhanced-youtube-shortcode

Score: 91/100 Enhanced YouTube Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 5, 2026
LOW

embed-ispring

embed-ispring

Score: 91/100 iSpring Embedder <= 1.0 - Cross-Site Request Forgery to Arbitrary File Upload Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

emarksheet

emarksheet

Score: 93/100 Online Marksheet Creator : eMarksheet <= 5.4.3 - Reflected Cross-Site Scripting Affected: *-5.4.3 Patched: 5.4.4 Updated: July 5, 2026
LOW

emailshroud

emailshroud

Score: 91/100 EmailShroud <= 2.2.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: July 5, 2026
LOW

emailpress

emailpress

Score: 91/100 EmailPress <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

email-to-download

email-to-download

Score: 91/100 Email to Download <= 3.1.0 - Reflected Cross-Site Scripting Affected: *-3.1.0 Patched: Updated: July 5, 2026
LOW

email-on-publish

email-on-publish

Score: 91/100 Email on Publish <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 5, 2026
LOW

email-capture-lead-generation

email-capture-lead-generation

Score: 91/100 Email Capture & Lead Generation <= 1.0.2 - Missing Authorization Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

eelv-newsletter

eelv-newsletter

Score: 89/100 EELV Newsletter <= 4.8.2 - Reflected Cross-Site Scripting Affected: *-4.8.2 Patched: Updated: July 5, 2026
LOW

editionguard-for-woocommerce-ebook-sales-with-drm

editionguard-for-woocommerce-ebook-sales-with-drm

Score: 89/100 EditionGuard for WooCommerce – eBook Sales with DRM <= 3.4.2 - Reflected Cross-Site Scripting Affected: *-3.4.2 Patched: Updated: July 5, 2026
LOW

ect-add-to-cart-button

ect-add-to-cart-button

Score: 91/100 ECT Add to Cart Button <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

easy-tynt

easy-tynt

Score: 91/100 Easy Tynt <= 0.2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.2.5.1 Patched: Updated: July 5, 2026
LOW

easy-tweet-embed

easy-tweet-embed

Score: 91/100 Easy Tweet Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 5, 2026
LOW

easy-shortcode-buttons

easy-shortcode-buttons

Score: 91/100 Easy Shortcode Buttons <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

easy-school-registration

easy-school-registration

Score: 91/100 Easy School Registration <= 3.9.8 - Reflected Cross-Site Scripting Affected: *-3.9.8 Patched: Updated: July 5, 2026
LOW

easy-post-to-post-links

easy-post-to-post-links

Score: 91/100 Post-to-Post Links <= 4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.2 Patched: Updated: July 5, 2026
LOW

easy-portfolio

easy-portfolio

Score: 91/100 Easy Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

easy-filtering

easy-filtering

Score: 91/100 Easy Filtering <= 2.5.0 - Reflected Cross-Site Scripting Affected: *-2.5.0 Patched: Updated: July 5, 2026
LOW

easy-filter

easy-filter

Score: 91/100 Easy Filter <= 1.10 - Reflected Cross-Site Scripting Affected: *-1.10 Patched: Updated: July 5, 2026
LOW

easy-faqs

easy-faqs

Score: 91/100 Easy FAQs <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.1 Patched: Updated: July 5, 2026
LOW

easy-eu-cookie-law

easy-eu-cookie-law

Score: 91/100 Easy EU Cookie law <= 1.3.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.3.3.1 Patched: Updated: July 5, 2026
LOW

easy-code-snippets

easy-code-snippets

Score: 89/100 Easy Code Snippets <= 1.0.2 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

easy-code-placement

easy-code-placement

Score: 91/100 Easy Code Placement <= 18.11 - Reflected Cross-Site Scripting Affected: *-18.11 Patched: Updated: July 5, 2026
LOW

easy-broken-link-checker

easy-broken-link-checker

Score: 86/100 URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Reflected Cross-Site Scripting Affected: *-9.0.2 Patched: Updated: July 5, 2026
LOW

easy-bet

easy-bet

Score: 89/100 Easy Bet <= 1.0.7 - Reflected Cross-Site Scripting Affected: *-1.0.7 Patched: Updated: July 5, 2026
LOW

easy-automatic-newsletter

easy-automatic-newsletter

Score: 91/100 Easy Automatic Newsletter Lite <= 3.2.0 - Reflected Cross-Site Scripting Affected: *-3.2.0 Patched: Updated: July 5, 2026
LOW

dzs-ajaxer-lite-dynamic-page-load

dzs-ajaxer-lite-dynamic-page-load

Score: 91/100 DZS Ajaxer Lite – Ajaxify Your WordPress Site and Comment <= 1.04 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.04 Patched: Updated: July 5, 2026
LOW

dx-sales-crm

dx-sales-crm

Score: 91/100 DX Sales CRM <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

dsgvo

dsgvo

Score: 91/100 EU DSGVO Helper <= 1.0.6.1 - Reflected Cross-Site Scripting Affected: *-1.0.6.1 Patched: Updated: July 5, 2026
LOW

dsgnwrks-twitter-importer

dsgnwrks-twitter-importer

Score: 91/100 DsgnWrks Twitter Importer <= 1.1.4 - Reflected Cross-Site Scripting Affected: *-1.1.4 Patched: Updated: July 5, 2026
LOW

drag-and-drop-custom-sidebar

drag-and-drop-custom-sidebar

Score: 91/100 REAL WordPress Sidebar <= 0.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 5, 2026
LOW

donate-visa

donate-visa

Score: 91/100 Donate visa <= 1.0.0 - Missing Authorization Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

dn-sitemap-control

dn-sitemap-control

Score: 91/100 DN Sitemap Control <= 1.0.6 - Reflected Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: July 5, 2026
LOW

dforms

dforms

Score: 91/100 dForms <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026

Showing 13201 to 13300 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 02:49 UTC.