Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
alt-report alt-report
95
AlT Report <= 1.12.0 - Reflected Cross-Site Scripting LOW *-1.12.0 July 5, 2026
all-in-one-login all-in-one-login
95
all-in-one-box-login <= 2.0.1 - Reflected Cross-Site Scripting LOW *-2.0.1 July 5, 2026
ajax-wp-query-search-filter ajax-wp-query-search-filter
95
Ajax WP Query Search Filter <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.7 July 5, 2026
ai-responsive-gallery-album ai-responsive-gallery-album
95
AI Responsive Gallery Album <= 1.4 - Missing Authorization LOW *-1.4 July 5, 2026
affiliate-tools-viet-nam affiliate-tools-viet-nam
95
Affiliate Tools Việt Nam <= 0.3.17 - Reflected Cross-Site Scripting LOW *-0.3.17 July 5, 2026
advanced-angular-contact-form advanced-angular-contact-form
95
Advanced Angular Contact Form <= 1.1.0 - Reflected Cross-Site Scripting LOW *-1.1.0 July 5, 2026
adsmiddle adsmiddle
95
AdsMiddle <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
admin-options-pages admin-options-pages
97
Admin Options Pages <= 0.9.7 - Reflected Cross-Site Scripting LOW *-0.9.7 0.9.8 July 5, 2026
admin-menu-organizer admin-menu-organizer
95
Admin Menu Organizer <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 5, 2026
admin-cleanup admin-cleanup
95
Admin Cleanup <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
add-rss add-rss
95
Add RSS <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5 July 5, 2026
add-custom-google-tag-manager add-custom-google-tag-manager
95
add custom google tag manager <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.3 July 5, 2026
add-custom-content-after-post add-custom-content-after-post
95
Add custom content after post <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
accessibility-task-manager accessibility-task-manager
95
Accessibility Task Manager <= 1.2.1 - Reflected Cross-Site Scripting LOW *-1.2.1 July 5, 2026
a-gateway-for-pasargad-bank-on-woocommerce a-gateway-for-pasargad-bank-on-woocommerce
95
Gateway for Pasargad Bank <= 2.5.2 - Reflected Cross-Site Scripting LOW *-2.5.2 July 5, 2026
multi-step-form multi-step-form
93
Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload LOW *-1.7.23 1.7.24 July 5, 2026
passwords-manager passwords-manager
93
Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection LOW *-1.4.8 1.5.1 July 5, 2026
wp-user-profile-avatar wp-user-profile-avatar N/A WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update LOW *-1.0.5 1.0.6 July 5, 2026
motors-car-dealership-classified-listings motors-car-dealership-classified-listings
93
Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title LOW *-1.4.43 1.4.44 July 5, 2026
UpdraftPlus: WP Backup & Migration Plugin updraftplus
69
UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting LOW *-1.24.12 1.25.1 July 5, 2026
wp-responsive-tabs wp-responsive-tabs N/A WP Responsive Tabs <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.9 1.3.0 July 5, 2026
wishlist wishlist N/A Wishlist <= 1.0.39 - Reflected Cross-Site Scripting LOW *-1.0.39 1.0.40 July 5, 2026
widget-options widget-options N/A Widget Options <= 4.0.8 - Missing Authorization to Notice Dismissal LOW *-4.0.8 4.0.9 July 5, 2026
vikappointments vikappointments N/A VikAppointments Services Booking Calendar <= 1.2.16 - Cross-Site Request Forgery LOW *-1.2.16 1.2.17 July 5, 2026
verge3d verge3d N/A Verge3D <= 4.8.0 - Reflected Cross-Site Scripting LOW *-4.8.0 4.8.1 July 5, 2026
taskbuilder taskbuilder N/A Taskbuilder <= 3.0.6 - Authenticated (Subscriber+) SQL Injection LOW *-3.0.6 3.0.7 July 5, 2026
social-pug-author-box social-pug-author-box N/A Social Pug: Author Box <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
smart-manager-for-wp-e-commerce smart-manager-for-wp-e-commerce N/A Smart Manager <= 8.52.0 - Authenticated (Administrator+) SQL Injection LOW *-8.52.0 8.53.0 July 5, 2026
realtyna-provisioning realtyna-provisioning N/A Realtyna Provisioning <= 1.2.2 - Reflected Cross-Site Scripting LOW *-1.2.2 1.2.3 July 5, 2026
paypal-payment-button-by-vcita paypal-payment-button-by-vcita
93
Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.20.0 3.30.0 July 5, 2026
passwords-manager passwords-manager
93
Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key LOW *-1.4.8 1.5.1 July 5, 2026
passwords-manager passwords-manager
93
Passwords Manager <= 1.4.8 - Authenticated (Subscriber+) SQL Injection LOW *-1.4.8 1.5.1 July 5, 2026
my-tickets my-tickets
93
My Tickets <= 2.0.9 - Missing Authorization LOW *-2.0.9 2.0.10 July 5, 2026
my-auctions-allegro-free-edition my-auctions-allegro-free-edition
89
My auctions allegro <= 3.6.18 - Reflected Cross-Site Scripting LOW *-3.6.18 3.6.19 July 5, 2026
mobile-dj-manager mobile-dj-manager
91
MDJM Event Management <= 1.7.5.6 - Reflected Cross-Site Scripting LOW *-1.7.5.6 1.7.6 July 5, 2026
mailchimp-subscribe-sm mailchimp-subscribe-sm
93
MailChimp Subscribe Forms <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.1 4.2 July 5, 2026
ksher-payment ksher-payment
93
Ksher <= 1.1.2 - Missing Authorization LOW *-1.1.2 1.1.3 July 5, 2026
Image Source Control Lite – Show Image Credits and Captions image-source-control-isc
89
Image Source Control <= 2.29.0 - Reflected Cross-Site Scripting LOW *-2.29.0 2.29.1 July 5, 2026
flexible-coupons flexible-coupons
93
Flexible PDF Coupons <= 1.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.10.2 1.10.3 July 5, 2026
fat-event-lite fat-event-lite
87
FAT Event Lite <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
contact-form-with-shortcode contact-form-with-shortcode
93
Contact Form With Shortcode <= 4.2.5 - Reflected Cross-Site Scripting LOW *-4.2.5 4.2.6 July 5, 2026
chamber-dashboard-business-directory chamber-dashboard-business-directory
89
Chamber Dashboard Business Directory <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.3.8 3.3.10 July 5, 2026
booking-and-rental-manager-for-woocommerce booking-and-rental-manager-for-woocommerce
93
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment plugin for WordPress <= 2.2.1 - Missing Authorization LOW *-2.2.1 2.2.2 July 5, 2026
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
93
Barcode Scanner with Inventory & Order Manager <= 1.6.7 - Authenticated (Admin+) Arbitrary File Upload LOW *-1.6.7 1.7.0 July 5, 2026
apply-online apply-online
97
ApplyOnline – Application Form Builder and Manager <= 2.6.7.1 - Missing Authorization LOW *-2.6.7.1 2.6.7.2 July 5, 2026
admin-and-client-message-after-order-for-woocommerce admin-and-client-message-after-order-for-woocommerce
97
Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting LOW *-13.2 13.3 July 5, 2026
ad-blocking-detector ad-blocking-detector
95
Ad Blocking Detector <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.6.0 July 5, 2026
pdf-for-wpforms pdf-for-wpforms
93
PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode LOW *-4.6.0 4.8.0 July 5, 2026
post-grid post-grid
89
Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation LOW 2.2.85-2.3.3 2.3.4 July 5, 2026
social-testimonials-and-reviews-widget social-testimonials-and-reviews-widget N/A Social proof testimonials and reviews by Repuso <= 5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.20 5.21 July 5, 2026
piotnet-addons-for-elementor piotnet-addons-for-elementor
89
Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure LOW *-2.4.32 2.4.33 July 5, 2026
event-registration-calendar-by-vcita event-registration-calendar-by-vcita
89
Event Registration Calendar By vcita <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.0 July 5, 2026
viewmedica viewmedica N/A ViewMedica 9 <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.18 1.4.19 July 5, 2026
car-demon car-demon
91
Car Demon <= 1.8.1 - Reflected Cross-Site Scripting LOW *-1.8.1 July 5, 2026
zartis-job-plugin zartis-job-plugin N/A HireHive Job Plugin <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.0 July 5, 2026
zarinpal-paid-downloads zarinpal-paid-downloads N/A Zarinpal Paid Download <= 2.3 - Reflected Cross-Site Scripting LOW *-2.3 July 5, 2026
wp-viewstl wp-viewstl N/A WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
wp-ulike wp-ulike N/A WP ULike <= 4.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-4.7.6 4.7.7 July 5, 2026
wp-smart-tv wp-smart-tv N/A WP Smart TV <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.8 2.1.9 July 5, 2026
wp-projects-portfolio wp-projects-portfolio N/A WP Projects Portfolio with Client Testimonials <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.0 July 5, 2026
wp-projects-portfolio wp-projects-portfolio N/A WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected Cross-Site Scripting LOW *-3.0 July 5, 2026
wp-post-corrector wp-post-corrector N/A WP Post Corrector <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 5, 2026
wp-pano wp-pano N/A wp-pano <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.17 July 5, 2026
wp-order-by wp-order-by N/A WP Order By <= 1.4.2 - Reflected Cross-Site Scripting LOW *-1.4.2 July 5, 2026
wp-news-sliders wp-news-sliders N/A WP News Sliders <= 1.0 - Missing Authorization LOW *-1.0 July 5, 2026
wp-lijit-wijit wp-lijit-wijit N/A Lijit Search <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 5, 2026
wp-headmaster wp-headmaster N/A WP Headmaster <= 0.3 - Reflected Cross-Site Scripting LOW *-0.3 July 5, 2026
wp-dream-carousel wp-dream-carousel N/A WP Dream Carousel <= 1.0.1b - Reflected Cross-Site Scripting LOW * - 1.0.1b July 5, 2026
wp-bulletin-board wp-bulletin-board N/A WP Bulletin Board <= 1.1.4 - Reflected Cross-Site Scripting LOW *-1.1.4 July 5, 2026
woorousell woorousell N/A Product Carousel For WooCommerce – WoorouSell <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 1.1.1 July 5, 2026
vod-infomaniak vod-infomaniak N/A VOD Infomaniak <= 1.5.9 - Missing Authorization LOW *-1.5.9 1.5.10 July 5, 2026
user-management user-management N/A User Management <= 1.2 - Authenticated (Subscriber+) Privilege Escalation LOW *-1.2 July 5, 2026
twitter-bootstrap-collapse-aka-accordian-shortcode twitter-bootstrap-collapse-aka-accordian-shortcode N/A Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
turbosmtp turbosmtp N/A turboSMTP <= 4.6 - Reflected Cross-Site Scripting LOW *-4.6 4.7 July 5, 2026
transfinanz transfinanz N/A TransFinanz <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
tour-booking-manager tour-booking-manager N/A WpTravelly <= 1.8.5 - Missing Authorization LOW *-1.8.5 1.8.6 July 5, 2026
Tag Groups is the Advanced Way to Display Your Taxonomy Terms tag-groups
86
Tag Groups is the Advanced Way to Display Your Taxonomy Terms <= 2.0.4 - Reflected Cross-Site Scripting LOW *-2.0.4 2.0.5 July 5, 2026
solidres solidres N/A Solidres <= 0.9.4 - Reflected Cross-Site Scripting LOW *-0.9.4 July 5, 2026
social-media-engine social-media-engine N/A Social Media Engine <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
setup-default-feature-image setup-default-feature-image N/A Setup Default Featured Image <= 1.2 - Missing Authorization LOW *-1.2 1.3 July 5, 2026
service-provider-profile-cpt service-provider-profile-cpt N/A SetMore Theme – Custom Post Types <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
sensei-lms sensei-lms N/A Sensei LMS – Online Courses, Quizzes, & Learning <= 4.24.3 - Unauthenticated Information Exposure LOW *-4.24.3 4.24.4 July 5, 2026
s-dev-seo s-dev-seo N/A S-DEV SEO <= 1.88 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.88 July 5, 2026
rometheme-for-elementor rometheme-for-elementor N/A RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets LOW *-1.5.3 1.5.4 July 5, 2026
rocket-media-library-mime-type rocket-media-library-mime-type N/A Rocket Media Library Mime Type <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1.0 July 5, 2026
post-types-carousel-slider post-types-carousel-slider N/A Post Carousel & Slider <= 1.0.4 - Reflected Cross-Site Scripting LOW *-1.0.4 July 5, 2026
post-grid post-grid
89
Post Grid and Gutenberg Blocks <= 2.2.92 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.92 2.2.93 July 5, 2026
post-and-page-builder post-and-page-builder
93
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.27.5 1.27.6 July 5, 2026
partners partners
89
Partners <= 0.2.0 - Reflected Cross-Site Scripting LOW *-0.2.0 July 5, 2026
octrace-support octrace-support
89
WordPress HelpDesk & Support Ticket System Plugin – Octrace Support <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.7 July 5, 2026
NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization nitropack
67
NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update LOW *-1.17.0 1.17.6 July 5, 2026
NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization nitropack
67
NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update LOW *-1.17.0 1.17.6 July 5, 2026
navigation-du-lapin-blanc navigation-du-lapin-blanc
91
Navigation Du Lapin Blanc <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 July 5, 2026
nativery nativery
91
Nativery <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1.6 July 5, 2026
musicbox musicbox
91
Musicbox <= 2.0.3 - Reflected Cross-Site Scripting LOW *-2.0.3 July 5, 2026
mapbox-for-wp-advanced mapbox-for-wp-advanced
91
Mapbox for WP Advanced <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
justrows-free justrows-free
91
JustRows free <= 0.2 - Reflected Cross-Site Scripting LOW *-0.2 July 5, 2026
intelly-posts-footer-manager intelly-posts-footer-manager
91
Posts Footer Manager <= 2.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.0 2.2.0 July 5, 2026
intelligent-importer intelligent-importer
91
Catalog Importer, Scraper & Crawler <= 5.1.3 - Reflected Cross-Site Scripting LOW *-5.1.3 5.1.4 July 5, 2026
ibuildapp ibuildapp
91
iBuildApp <= 0.2.0 - Reflected Cross-Site Scripting LOW *-0.2.0 July 5, 2026
LOW

alt-report

alt-report

Score: 95/100 AlT Report <= 1.12.0 - Reflected Cross-Site Scripting Affected: *-1.12.0 Patched: Updated: July 5, 2026
LOW

all-in-one-login

all-in-one-login

Score: 95/100 all-in-one-box-login <= 2.0.1 - Reflected Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 5, 2026
LOW

ajax-wp-query-search-filter

ajax-wp-query-search-filter

Score: 95/100 Ajax WP Query Search Filter <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: Updated: July 5, 2026
LOW

ai-responsive-gallery-album

ai-responsive-gallery-album

Score: 95/100 AI Responsive Gallery Album <= 1.4 - Missing Authorization Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

affiliate-tools-viet-nam

affiliate-tools-viet-nam

Score: 95/100 Affiliate Tools Việt Nam <= 0.3.17 - Reflected Cross-Site Scripting Affected: *-0.3.17 Patched: Updated: July 5, 2026
LOW

advanced-angular-contact-form

advanced-angular-contact-form

Score: 95/100 Advanced Angular Contact Form <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

adsmiddle

adsmiddle

Score: 95/100 AdsMiddle <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

admin-options-pages

admin-options-pages

Score: 97/100 Admin Options Pages <= 0.9.7 - Reflected Cross-Site Scripting Affected: *-0.9.7 Patched: 0.9.8 Updated: July 5, 2026
LOW

admin-menu-organizer

admin-menu-organizer

Score: 95/100 Admin Menu Organizer <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

admin-cleanup

admin-cleanup

Score: 95/100 Admin Cleanup <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

add-rss

add-rss

Score: 95/100 Add RSS <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 5, 2026
LOW

add-custom-google-tag-manager

add-custom-google-tag-manager

Score: 95/100 add custom google tag manager <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 5, 2026
LOW

add-custom-content-after-post

add-custom-content-after-post

Score: 95/100 Add custom content after post <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

accessibility-task-manager

accessibility-task-manager

Score: 95/100 Accessibility Task Manager <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 5, 2026
LOW

a-gateway-for-pasargad-bank-on-woocommerce

a-gateway-for-pasargad-bank-on-woocommerce

Score: 95/100 Gateway for Pasargad Bank <= 2.5.2 - Reflected Cross-Site Scripting Affected: *-2.5.2 Patched: Updated: July 5, 2026
LOW

multi-step-form

multi-step-form

Score: 93/100 Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload Affected: *-1.7.23 Patched: 1.7.24 Updated: July 5, 2026
LOW

passwords-manager

passwords-manager

Score: 93/100 Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection Affected: *-1.4.8 Patched: 1.5.1 Updated: July 5, 2026
LOW

wp-user-profile-avatar

wp-user-profile-avatar

Score: N/A WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.5 Patched: 1.0.6 Updated: July 5, 2026
LOW

motors-car-dealership-classified-listings

motors-car-dealership-classified-listings

Score: 93/100 Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title Affected: *-1.4.43 Patched: 1.4.44 Updated: July 5, 2026
LOW

wp-responsive-tabs

wp-responsive-tabs

Score: N/A WP Responsive Tabs <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.9 Patched: 1.3.0 Updated: July 5, 2026
LOW

wishlist

wishlist

Score: N/A Wishlist <= 1.0.39 - Reflected Cross-Site Scripting Affected: *-1.0.39 Patched: 1.0.40 Updated: July 5, 2026
LOW

widget-options

widget-options

Score: N/A Widget Options <= 4.0.8 - Missing Authorization to Notice Dismissal Affected: *-4.0.8 Patched: 4.0.9 Updated: July 5, 2026
LOW

vikappointments

vikappointments

Score: N/A VikAppointments Services Booking Calendar <= 1.2.16 - Cross-Site Request Forgery Affected: *-1.2.16 Patched: 1.2.17 Updated: July 5, 2026
LOW

verge3d

verge3d

Score: N/A Verge3D <= 4.8.0 - Reflected Cross-Site Scripting Affected: *-4.8.0 Patched: 4.8.1 Updated: July 5, 2026
LOW

taskbuilder

taskbuilder

Score: N/A Taskbuilder <= 3.0.6 - Authenticated (Subscriber+) SQL Injection Affected: *-3.0.6 Patched: 3.0.7 Updated: July 5, 2026
LOW

social-pug-author-box

social-pug-author-box

Score: N/A Social Pug: Author Box <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

smart-manager-for-wp-e-commerce

smart-manager-for-wp-e-commerce

Score: N/A Smart Manager <= 8.52.0 - Authenticated (Administrator+) SQL Injection Affected: *-8.52.0 Patched: 8.53.0 Updated: July 5, 2026
LOW

realtyna-provisioning

realtyna-provisioning

Score: N/A Realtyna Provisioning <= 1.2.2 - Reflected Cross-Site Scripting Affected: *-1.2.2 Patched: 1.2.3 Updated: July 5, 2026
LOW

paypal-payment-button-by-vcita

paypal-payment-button-by-vcita

Score: 93/100 Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.20.0 Patched: 3.30.0 Updated: July 5, 2026
LOW

passwords-manager

passwords-manager

Score: 93/100 Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key Affected: *-1.4.8 Patched: 1.5.1 Updated: July 5, 2026
LOW

passwords-manager

passwords-manager

Score: 93/100 Passwords Manager <= 1.4.8 - Authenticated (Subscriber+) SQL Injection Affected: *-1.4.8 Patched: 1.5.1 Updated: July 5, 2026
LOW

my-tickets

my-tickets

Score: 93/100 My Tickets <= 2.0.9 - Missing Authorization Affected: *-2.0.9 Patched: 2.0.10 Updated: July 5, 2026
LOW

my-auctions-allegro-free-edition

my-auctions-allegro-free-edition

Score: 89/100 My auctions allegro <= 3.6.18 - Reflected Cross-Site Scripting Affected: *-3.6.18 Patched: 3.6.19 Updated: July 5, 2026
LOW

mobile-dj-manager

mobile-dj-manager

Score: 91/100 MDJM Event Management <= 1.7.5.6 - Reflected Cross-Site Scripting Affected: *-1.7.5.6 Patched: 1.7.6 Updated: July 5, 2026
LOW

mailchimp-subscribe-sm

mailchimp-subscribe-sm

Score: 93/100 MailChimp Subscribe Forms <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1 Patched: 4.2 Updated: July 5, 2026
LOW

ksher-payment

ksher-payment

Score: 93/100 Ksher <= 1.1.2 - Missing Authorization Affected: *-1.1.2 Patched: 1.1.3 Updated: July 5, 2026
LOW

flexible-coupons

flexible-coupons

Score: 93/100 Flexible PDF Coupons <= 1.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.10.2 Patched: 1.10.3 Updated: July 5, 2026
LOW

fat-event-lite

fat-event-lite

Score: 87/100 FAT Event Lite <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

contact-form-with-shortcode

contact-form-with-shortcode

Score: 93/100 Contact Form With Shortcode <= 4.2.5 - Reflected Cross-Site Scripting Affected: *-4.2.5 Patched: 4.2.6 Updated: July 5, 2026
LOW

chamber-dashboard-business-directory

chamber-dashboard-business-directory

Score: 89/100 Chamber Dashboard Business Directory <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.3.8 Patched: 3.3.10 Updated: July 5, 2026
LOW

booking-and-rental-manager-for-woocommerce

booking-and-rental-manager-for-woocommerce

Score: 93/100 Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment plugin for WordPress <= 2.2.1 - Missing Authorization Affected: *-2.2.1 Patched: 2.2.2 Updated: July 5, 2026
LOW

apply-online

apply-online

Score: 97/100 ApplyOnline – Application Form Builder and Manager <= 2.6.7.1 - Missing Authorization Affected: *-2.6.7.1 Patched: 2.6.7.2 Updated: July 5, 2026
LOW

admin-and-client-message-after-order-for-woocommerce

admin-and-client-message-after-order-for-woocommerce

Score: 97/100 Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting Affected: *-13.2 Patched: 13.3 Updated: July 5, 2026
LOW

ad-blocking-detector

ad-blocking-detector

Score: 95/100 Ad Blocking Detector <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.0 Patched: Updated: July 5, 2026
LOW

pdf-for-wpforms

pdf-for-wpforms

Score: 93/100 PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode Affected: *-4.6.0 Patched: 4.8.0 Updated: July 5, 2026
LOW

post-grid

post-grid

Score: 89/100 Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation Affected: 2.2.85-2.3.3 Patched: 2.3.4 Updated: July 5, 2026
LOW

social-testimonials-and-reviews-widget

social-testimonials-and-reviews-widget

Score: N/A Social proof testimonials and reviews by Repuso <= 5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.20 Patched: 5.21 Updated: July 5, 2026
LOW

piotnet-addons-for-elementor

piotnet-addons-for-elementor

Score: 89/100 Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure Affected: *-2.4.32 Patched: 2.4.33 Updated: July 5, 2026
LOW

event-registration-calendar-by-vcita

event-registration-calendar-by-vcita

Score: 89/100 Event Registration Calendar By vcita <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.0 Patched: Updated: July 5, 2026
LOW

viewmedica

viewmedica

Score: N/A ViewMedica 9 <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.18 Patched: 1.4.19 Updated: July 5, 2026
LOW

car-demon

car-demon

Score: 91/100 Car Demon <= 1.8.1 - Reflected Cross-Site Scripting Affected: *-1.8.1 Patched: Updated: July 5, 2026
LOW

zartis-job-plugin

zartis-job-plugin

Score: N/A HireHive Job Plugin <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.0 Patched: Updated: July 5, 2026
LOW

zarinpal-paid-downloads

zarinpal-paid-downloads

Score: N/A Zarinpal Paid Download <= 2.3 - Reflected Cross-Site Scripting Affected: *-2.3 Patched: Updated: July 5, 2026
LOW

wp-viewstl

wp-viewstl

Score: N/A WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

wp-ulike

wp-ulike

Score: N/A WP ULike <= 4.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.7.6 Patched: 4.7.7 Updated: July 5, 2026
LOW

wp-smart-tv

wp-smart-tv

Score: N/A WP Smart TV <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.8 Patched: 2.1.9 Updated: July 5, 2026
LOW

wp-projects-portfolio

wp-projects-portfolio

Score: N/A WP Projects Portfolio with Client Testimonials <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 5, 2026
LOW

wp-projects-portfolio

wp-projects-portfolio

Score: N/A WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 5, 2026
LOW

wp-post-corrector

wp-post-corrector

Score: N/A WP Post Corrector <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

wp-pano

wp-pano

Score: N/A wp-pano <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.17 Patched: Updated: July 5, 2026
LOW

wp-order-by

wp-order-by

Score: N/A WP Order By <= 1.4.2 - Reflected Cross-Site Scripting Affected: *-1.4.2 Patched: Updated: July 5, 2026
LOW

wp-news-sliders

wp-news-sliders

Score: N/A WP News Sliders <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

wp-lijit-wijit

wp-lijit-wijit

Score: N/A Lijit Search <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

wp-headmaster

wp-headmaster

Score: N/A WP Headmaster <= 0.3 - Reflected Cross-Site Scripting Affected: *-0.3 Patched: Updated: July 5, 2026
LOW

wp-dream-carousel

wp-dream-carousel

Score: N/A WP Dream Carousel <= 1.0.1b - Reflected Cross-Site Scripting Affected: * - 1.0.1b Patched: Updated: July 5, 2026
LOW

wp-bulletin-board

wp-bulletin-board

Score: N/A WP Bulletin Board <= 1.1.4 - Reflected Cross-Site Scripting Affected: *-1.1.4 Patched: Updated: July 5, 2026
LOW

woorousell

woorousell

Score: N/A Product Carousel For WooCommerce – WoorouSell <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: July 5, 2026
LOW

vod-infomaniak

vod-infomaniak

Score: N/A VOD Infomaniak <= 1.5.9 - Missing Authorization Affected: *-1.5.9 Patched: 1.5.10 Updated: July 5, 2026
LOW

user-management

user-management

Score: N/A User Management <= 1.2 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

twitter-bootstrap-collapse-aka-accordian-shortcode

twitter-bootstrap-collapse-aka-accordian-shortcode

Score: N/A Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

turbosmtp

turbosmtp

Score: N/A turboSMTP <= 4.6 - Reflected Cross-Site Scripting Affected: *-4.6 Patched: 4.7 Updated: July 5, 2026
LOW

transfinanz

transfinanz

Score: N/A TransFinanz <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

tour-booking-manager

tour-booking-manager

Score: N/A WpTravelly <= 1.8.5 - Missing Authorization Affected: *-1.8.5 Patched: 1.8.6 Updated: July 5, 2026
LOW

solidres

solidres

Score: N/A Solidres <= 0.9.4 - Reflected Cross-Site Scripting Affected: *-0.9.4 Patched: Updated: July 5, 2026
LOW

social-media-engine

social-media-engine

Score: N/A Social Media Engine <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

setup-default-feature-image

setup-default-feature-image

Score: N/A Setup Default Featured Image <= 1.2 - Missing Authorization Affected: *-1.2 Patched: 1.3 Updated: July 5, 2026
LOW

service-provider-profile-cpt

service-provider-profile-cpt

Score: N/A SetMore Theme – Custom Post Types <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

sensei-lms

sensei-lms

Score: N/A Sensei LMS – Online Courses, Quizzes, & Learning <= 4.24.3 - Unauthenticated Information Exposure Affected: *-4.24.3 Patched: 4.24.4 Updated: July 5, 2026
LOW

s-dev-seo

s-dev-seo

Score: N/A S-DEV SEO <= 1.88 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.88 Patched: Updated: July 5, 2026
LOW

rometheme-for-elementor

rometheme-for-elementor

Score: N/A RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets Affected: *-1.5.3 Patched: 1.5.4 Updated: July 5, 2026
LOW

rocket-media-library-mime-type

rocket-media-library-mime-type

Score: N/A Rocket Media Library Mime Type <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.0 Patched: Updated: July 5, 2026
LOW

post-types-carousel-slider

post-types-carousel-slider

Score: N/A Post Carousel & Slider <= 1.0.4 - Reflected Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 5, 2026
LOW

post-grid

post-grid

Score: 89/100 Post Grid and Gutenberg Blocks <= 2.2.92 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.92 Patched: 2.2.93 Updated: July 5, 2026
LOW

post-and-page-builder

post-and-page-builder

Score: 93/100 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.27.5 Patched: 1.27.6 Updated: July 5, 2026
LOW

partners

partners

Score: 89/100 Partners <= 0.2.0 - Reflected Cross-Site Scripting Affected: *-0.2.0 Patched: Updated: July 5, 2026
LOW

octrace-support

octrace-support

Score: 89/100 WordPress HelpDesk & Support Ticket System Plugin – Octrace Support <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.7 Patched: Updated: July 5, 2026
LOW

navigation-du-lapin-blanc

navigation-du-lapin-blanc

Score: 91/100 Navigation Du Lapin Blanc <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

nativery

nativery

Score: 91/100 Nativery <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.6 Patched: Updated: July 5, 2026
LOW

musicbox

musicbox

Score: 91/100 Musicbox <= 2.0.3 - Reflected Cross-Site Scripting Affected: *-2.0.3 Patched: Updated: July 5, 2026
LOW

mapbox-for-wp-advanced

mapbox-for-wp-advanced

Score: 91/100 Mapbox for WP Advanced <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

justrows-free

justrows-free

Score: 91/100 JustRows free <= 0.2 - Reflected Cross-Site Scripting Affected: *-0.2 Patched: Updated: July 5, 2026
LOW

intelly-posts-footer-manager

intelly-posts-footer-manager

Score: 91/100 Posts Footer Manager <= 2.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.0 Patched: 2.2.0 Updated: July 5, 2026
LOW

intelligent-importer

intelligent-importer

Score: 91/100 Catalog Importer, Scraper & Crawler <= 5.1.3 - Reflected Cross-Site Scripting Affected: *-5.1.3 Patched: 5.1.4 Updated: July 5, 2026
LOW

ibuildapp

ibuildapp

Score: 91/100 iBuildApp <= 0.2.0 - Reflected Cross-Site Scripting Affected: *-0.2.0 Patched: Updated: July 5, 2026

Showing 13401 to 13500 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 04:56 UTC.