Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

91

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
Htaccess File Editor – Easily Edit, Backup, Restore .htaccess file htaccess-file-editor
98
Htaccess File Editor <= 1.0.19 - Unauthenticated Information Exposure LOW *-1.0.19 1.0.20 July 5, 2026
gsheetconnector-forminator gsheetconnector-forminator
93
GSheetConnector for Forminator Forms <= 1.0.12 - Reflected Cross-Site Scripting LOW *-1.0.12 1.0.13 July 5, 2026
glossy glossy
91
Glossy <= 2.3.5 - Reflected Cross-Site Scripting LOW *-2.3.5 July 5, 2026
giga-messenger-bots giga-messenger-bots
91
Giga Messenger – Express <= 2.3.1 - Reflected Cross-Site Scripting LOW *-2.3.1 July 5, 2026
fws-ajax-contact-form fws-ajax-contact-form
93
Ajax Contact Form <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.1 1.4.2 July 5, 2026
foundation-columns foundation-columns
91
Foundation Columns <= 0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.8 July 5, 2026
eazy-under-construction eazy-under-construction
93
Eazy Under Construction <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 2.0 July 5, 2026
codebard-help-desk codebard-help-desk
89
CodeBard Help Desk <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 July 5, 2026
cf7-redirect-thank-you-page cf7-redirect-thank-you-page
93
Contact Form 7 Redirect & Thank You Page <= 1.0.7 - Reflected Cross-Site Scripting LOW *-1.0.7 1.0.8 July 5, 2026
build-private-store-for-woocommerce build-private-store-for-woocommerce
93
Build Private Store For Woocommerce <= 1.0 - Cross-Site Request Forgery LOW *-1.0 1.1 July 5, 2026
buddyboss-platform buddyboss-platform
93
BuddyBoss Platform < 2.7.60 - Insecure Direct Object Reference to Private Post Comment Exposure LOW [*, 2.7.60) 2.7.60 July 5, 2026
brizy-pro brizy-pro
93
Brizy Pro <= 2.8.0 - Reflected Cross-Site Scripting LOW *-2.8.0 2.8.1 July 5, 2026
better-wlm-api better-wlm-api
93
Better WishList API <= 1.1.3 - Unauthenticated Stored Cross-Site Scripting LOW *-1.1.3 1.1.4 July 5, 2026
banner-garden banner-garden
91
Banner Garden Plugin for WordPress <= 0.1.3 - Reflected Cross-Site Scripting LOW *-0.1.3 July 5, 2026
awesome-responsive-photo-gallery awesome-responsive-photo-gallery
93
Image Gallery – Responsive Photo Gallery <= 1.0.5 - Reflected Cross-Site Scripting LOW *-1.0.5 2.1 July 5, 2026
amberlink amberlink
95
Amber <= 1.4.4 - Reflected Cross-Site Scripting LOW *-1.4.4 July 5, 2026
ai-addons-for-elementor ai-addons-for-elementor
95
Elementor AI Addons <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.1 July 5, 2026
addon-elements-for-elementor-page-builder addon-elements-for-elementor-page-builder
97
Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup LOW *-1.13.10 1.14 July 5, 2026
Page Builder by SiteOrigin siteorigin-panels
86
Page Builder by SiteOrigin <= 2.31.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Row Label Parameter LOW *-2.31.0 2.31.1 July 5, 2026
groundhogg groundhogg
93
Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function LOW *-3.7.3.5 3.7.3.6 July 5, 2026
html5-video-player html5-video-player
93
HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter LOW *-2.5.35 2.5.36 July 5, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-1.7.1006 1.7.1007 July 5, 2026
W3 Total Cache w3-total-cache
69
W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery LOW *-2.8.1 2.8.2 July 5, 2026
event-monster event-monster
93
Event monster <= 1.4.3 - Information Exposure Via Visitors List Export LOW *-1.4.3 1.4.4 July 5, 2026
wr-price-list-for-woocommerce wr-price-list-for-woocommerce N/A WR Price List Manager For Woocommerce <= 1.0.8 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.0.8 1.1.0 July 5, 2026
wp-migration-duplicator wp-migration-duplicator N/A WebToffee WP Backup and Migration <= 1.5.3 - Unauthenticated Sensitive Information Exposure LOW *-1.5.3 1.5.4 July 5, 2026
wp-asambleas wp-asambleas N/A WP-Asambleas <= 2.85.0 - Reflected Cross-Site Scripting LOW *-2.85.0 July 5, 2026
world-cup-predictor world-cup-predictor N/A World Cup Predictor <= 1.9.6 - Reflected Cross-Site Scripting LOW *-1.9.6 July 5, 2026
woolementor woolementor N/A CoDesigner WooCommerce Builder for Elementor <= 4.21 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-4.21 July 5, 2026
responsive-jquery-slider responsive-jquery-slider N/A Responsive jQuery Slider <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 July 5, 2026
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction paid-member-subscriptions
67
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id LOW *-2.13.7 2.13.8 July 5, 2026
neon-product-designer-for-woocommerce neon-product-designer-for-woocommerce
89
Neon Product Designer <= 2.1.1 - Authenticated (Contributor+) SQL Injection LOW *-2.1.1 July 5, 2026
multilang-contact-form multilang-contact-form
89
Multilang Contact Form <= 1.5 - Reflected Cross-Site Scripting LOW *-1.5 July 5, 2026
homey-login-register homey-login-register
89
Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation LOW *-2.4.0 July 5, 2026
gallery-and-lightbox gallery-and-lightbox
91
Gallery and Lightbox <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.14 July 5, 2026
essential-wp-real-estate essential-wp-real-estate
87
Essential WP Real Estate <= 1.1.3 - Reflected Cross-Site Scripting LOW *-1.1.3 July 5, 2026
elementinvader-addons-for-elementor elementinvader-addons-for-elementor
93
ElementInvader Addons for Elementor <= 1.2.6 - Authenticated (Contributor+) Local File Inclusion LOW *-1.2.6 1.2.7 July 5, 2026
course-booking-system course-booking-system
93
Course Booking System <= 6.0.6 - Unauthenticated SQL Injection LOW *-6.0.6 6.0.7 July 5, 2026
button-block button-block
93
Button Block <= 1.1.5 - Missing Authorization LOW *-1.1.5 1.1.6 July 5, 2026
Booking Calendar booking
71
Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode LOW *-10.9.2 10.9.3 July 5, 2026
bold-pagos-en-linea bold-pagos-en-linea
93
Bold pagos en linea <= 3.1.4 - Reflected Cross-Site Scripting LOW *-3.1.4 3.1.5 July 5, 2026
background-control background-control
91
Background Control <= 1.0.5 - Cross-Site Request Forgery to Arbitrary File Deletion LOW *-1.0.5 July 5, 2026
booking-and-rental-manager-for-woocommerce booking-and-rental-manager-for-woocommerce
93
Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting LOW *-2.2.1 2.2.2 July 5, 2026
tcbd-auto-refresher tcbd-auto-refresher N/A TCBD Auto Refresher <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 July 5, 2026
wp-spid-italia wp-spid-italia N/A WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9 2.12 July 5, 2026
accordion-slider-lite accordion-slider-lite
95
Accordion Slider Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.1 July 5, 2026
gatormail-smart-forms gatormail-smart-forms
93
GatorMail SmartForms <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 1.1.1 July 5, 2026
perfect-portal-widgets perfect-portal-widgets
93
Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.3 3.0.4 July 5, 2026
dominion-domain-checker-wpbakery-addon dominion-domain-checker-wpbakery-addon
91
Dominion – Domain Checker for WPBakery <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.0 July 5, 2026
rrdevs-for-elementor rrdevs-for-elementor N/A RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure LOW *-1.1.0 July 5, 2026
grid-accordion-lite grid-accordion-lite
91
Grid Accordion Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.1 July 5, 2026
push-notification-for-post-and-buddypress push-notification-for-post-and-buddypress N/A Push Notification for Post and BuddyPress <= 2.07 - Reflected Cross-Site Scripting LOW *-2.06 2.08 July 5, 2026
unlimited-theme-addons unlimited-theme-addons N/A Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.2 - Authenticated (Contributor+) Post Disclosure LOW *-1.2.2 1.2.3 July 5, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor kadence-blocks
91
Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link LOW *-3.4.2 3.4.3 July 5, 2026
post-duplicator post-duplicator
93
Post Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure LOW *-2.36 2.37 July 5, 2026
coupon-x-discount-pop-up coupon-x-discount-pop-up
93
Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection LOW *-1.3.5 1.3.6 July 5, 2026
coupon-x-discount-pop-up coupon-x-discount-pop-up
93
Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization LOW *-1.3.5 1.3.6 July 5, 2026
trackserver trackserver N/A Trackserver <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.0.2 5.0.3 July 5, 2026
internal-link-shortcode internal-link-shortcode
91
CF Internal Link Shortcode <= 1.1.0 - Unauthenticated SQL Injection LOW *-1.1.0 July 5, 2026
zalomeni zalomeni N/A Zalomení <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.5 July 5, 2026
xml-for-avito xml-for-avito N/A XML for Avito <= 2.5.2 - Reflected Cross-Site Scripting LOW *-2.5.2 2.5.3 July 5, 2026
wp-mediatagger wp-mediatagger N/A WP MediaTagger <= 4.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.1.1 July 5, 2026
wp-mediatagger wp-mediatagger N/A WP MediaTagger <= 4.1.1 - Reflected Cross-Site Scripting LOW *-4.1.1 July 5, 2026
wp-finance wp-finance N/A WP Finance <= 1.3.6 - Reflected Cross-Site Scripting LOW *-1.3.6 July 5, 2026
wp-finance wp-finance N/A WP Finance <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3.6 July 5, 2026
wp-email-newsletter wp-email-newsletter N/A WP Email Newsletter <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 July 5, 2026
wp-desklite wp-desklite N/A WP DeskLite – Helpdesk and Support Plugin <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
woo-ups-pickup woo-ups-pickup N/A OPSI Israel Domestic Shipments <= 2.6.5 - Reflected Cross-Site Scripting LOW *-2.6.5 2.6.6 July 5, 2026
widget4call widget4call N/A Widget4Call <= 1.0.7 - Reflected Cross-Site Scripting LOW *-1.0.7 July 5, 2026
user-messages user-messages N/A User Messages <= 1.2.4 - Reflected Cross-Site Scripting LOW *-1.2.4 July 5, 2026
twitter-bootstrap-collapse-aka-accordian-shortcode twitter-bootstrap-collapse-aka-accordian-shortcode N/A Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.0 July 5, 2026
tabulate tabulate N/A Tabulate <= 2.10.3 - Reflected Cross-Site Scripting LOW *-2.10.3 July 5, 2026
slidedeck-lite-for-wordpress slidedeck-lite-for-wordpress N/A SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected Cross-Site Scripting LOW *-1.4.8 July 5, 2026
responsive-iframe responsive-iframe N/A Responsive iframe <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.0 July 5, 2026
policy-genius policy-genius
91
Policy Genius <= 2.0.4 - Reflected Cross-Site Scripting LOW *-2.0.4 July 5, 2026
google-map-professional google-map-professional
89
Google Map Professional <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
give give
93
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.3 - Unauthenticated PHP Object Injection LOW *-3.19.3 3.19.4 July 5, 2026
give give
93
GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection LOW *-3.19.2 3.19.3 July 5, 2026
fast-tube fast-tube
89
Fast Tube <= 2.3.1 - Reflected Cross-Site Scripting LOW *-2.3.1 July 5, 2026
fantastic-elasticsearch fantastic-elasticsearch
91
Fantastic Elasticsearch <= 4.1.0 - Reflected Cross-Site Scripting LOW *-4.1.0 July 5, 2026
ect-homepage-products ect-homepage-products
91
ECT Home Page Products <= 1.9 - Reflected Cross-Site Scripting LOW *-1.9 July 5, 2026
custom-login-page custom-login-page
91
A5 Custom Login Page <= 2.8.1 - Reflected Cross-Site Scripting LOW *-2.8.1 July 5, 2026
clickwhale clickwhale
93
ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Reflected Cross-Site Scripting LOW *-2.4.1 2.4.2 July 5, 2026
canvasflow canvasflow
91
CanvasFlow <= 1.5.5 - Reflected Cross-Site Scripting LOW *-1.5.5 July 5, 2026
essential-wp-real-estate essential-wp-real-estate
87
Essential WP Real Estate <= 1.1.3 - Missing Authorization to Arbitrary Post/Page Deletion LOW *-1.1.3 July 5, 2026
themeisle-companion themeisle-companion N/A Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter LOW *-2.10.43 2.10.44 July 5, 2026
themeisle-companion themeisle-companion N/A Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget LOW *-2.10.43 2.10.44 July 5, 2026
ai-scribe-the-chatgpt-powered-seo-content-creation-wizard ai-scribe-the-chatgpt-powered-seo-content-creation-wizard
97
AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Authenticated (Contributor+) SQL Injection LOW *-2.5 2.6 July 5, 2026
ai-scribe-the-chatgpt-powered-seo-content-creation-wizard ai-scribe-the-chatgpt-powered-seo-content-creation-wizard
97
AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-2.5 2.6 July 5, 2026
wpguppy-lite wpguppy-lite N/A One to one user Chat by WPGuppy <= 1.1.0 - Authorization Bypass LOW *-1.1.0 1.1.1 July 5, 2026
wpbookit wpbookit N/A WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change LOW *-1.6.4 1.6.6 July 5, 2026
tourmaster tourmaster N/A Tour Master - Tour Booking, Travel, Hotel <= 5.3.4 - Reflected Cross-Site Scripting LOW *-5.3.4 5.3.5 July 5, 2026
The Events Calendar the-events-calendar N/A The Events Calendar <= 6.7.0 - Cross-Site Request Forgery LOW *-6.7.0 6.7.1 July 5, 2026
ninja-tables ninja-tables
93
Ninja Tables – Easy Data Table <= 5.0.16 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-5.0.16 5.0.17 July 5, 2026
goodlayers-core goodlayers-core
93
Goodlayers Core <= 2.1.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG Upload LOW *-2.1.2 2.1.3 July 5, 2026
clipart clipart
91
ClipArt <= 0.2 - Reflected Cross-Site Scripting LOW *-0.2 July 5, 2026
clasify-classified-listing clasify-classified-listing
91
Clasify Classified Listing <= 1.0.7 - Reflected Cross-Site Scripting LOW *-1.0.7 July 5, 2026
bulk-me-now bulk-me-now
87
Bulk Me Now! <= 2.0 - Cross-Site Request Forgery to Message Deletion LOW *-2.0 July 5, 2026
bulk-me-now bulk-me-now
87
Bulk Me Now! <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 July 5, 2026
bulk-me-now bulk-me-now
87
Bulk Me Now! <= 2.0 - Reflected Cross-Site Scripting via 'status' LOW *-2.0 July 5, 2026
LOW

gsheetconnector-forminator

gsheetconnector-forminator

Score: 93/100 GSheetConnector for Forminator Forms <= 1.0.12 - Reflected Cross-Site Scripting Affected: *-1.0.12 Patched: 1.0.13 Updated: July 5, 2026
LOW

glossy

glossy

Score: 91/100 Glossy <= 2.3.5 - Reflected Cross-Site Scripting Affected: *-2.3.5 Patched: Updated: July 5, 2026
LOW

giga-messenger-bots

giga-messenger-bots

Score: 91/100 Giga Messenger – Express <= 2.3.1 - Reflected Cross-Site Scripting Affected: *-2.3.1 Patched: Updated: July 5, 2026
LOW

fws-ajax-contact-form

fws-ajax-contact-form

Score: 93/100 Ajax Contact Form <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: 1.4.2 Updated: July 5, 2026
LOW

foundation-columns

foundation-columns

Score: 91/100 Foundation Columns <= 0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.8 Patched: Updated: July 5, 2026
LOW

eazy-under-construction

eazy-under-construction

Score: 93/100 Eazy Under Construction <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: 2.0 Updated: July 5, 2026
LOW

codebard-help-desk

codebard-help-desk

Score: 89/100 CodeBard Help Desk <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 5, 2026
LOW

cf7-redirect-thank-you-page

cf7-redirect-thank-you-page

Score: 93/100 Contact Form 7 Redirect & Thank You Page <= 1.0.7 - Reflected Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: July 5, 2026
LOW

build-private-store-for-woocommerce

build-private-store-for-woocommerce

Score: 93/100 Build Private Store For Woocommerce <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: 1.1 Updated: July 5, 2026
LOW

buddyboss-platform

buddyboss-platform

Score: 93/100 BuddyBoss Platform < 2.7.60 - Insecure Direct Object Reference to Private Post Comment Exposure Affected: [*, 2.7.60) Patched: 2.7.60 Updated: July 5, 2026
LOW

brizy-pro

brizy-pro

Score: 93/100 Brizy Pro <= 2.8.0 - Reflected Cross-Site Scripting Affected: *-2.8.0 Patched: 2.8.1 Updated: July 5, 2026
LOW

better-wlm-api

better-wlm-api

Score: 93/100 Better WishList API <= 1.1.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1.3 Patched: 1.1.4 Updated: July 5, 2026
LOW

banner-garden

banner-garden

Score: 91/100 Banner Garden Plugin for WordPress <= 0.1.3 - Reflected Cross-Site Scripting Affected: *-0.1.3 Patched: Updated: July 5, 2026
LOW

awesome-responsive-photo-gallery

awesome-responsive-photo-gallery

Score: 93/100 Image Gallery – Responsive Photo Gallery <= 1.0.5 - Reflected Cross-Site Scripting Affected: *-1.0.5 Patched: 2.1 Updated: July 5, 2026
LOW

amberlink

amberlink

Score: 95/100 Amber <= 1.4.4 - Reflected Cross-Site Scripting Affected: *-1.4.4 Patched: Updated: July 5, 2026
LOW

ai-addons-for-elementor

ai-addons-for-elementor

Score: 95/100 Elementor AI Addons <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: July 5, 2026
LOW

addon-elements-for-elementor-page-builder

addon-elements-for-elementor-page-builder

Score: 97/100 Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup Affected: *-1.13.10 Patched: 1.14 Updated: July 5, 2026
LOW

Page Builder by SiteOrigin

siteorigin-panels

Score: 86/100 Page Builder by SiteOrigin <= 2.31.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Row Label Parameter Affected: *-2.31.0 Patched: 2.31.1 Updated: July 5, 2026
LOW

groundhogg

groundhogg

Score: 93/100 Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function Affected: *-3.7.3.5 Patched: 3.7.3.6 Updated: July 5, 2026
LOW

html5-video-player

html5-video-player

Score: 93/100 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter Affected: *-2.5.35 Patched: 2.5.36 Updated: July 5, 2026
LOW

W3 Total Cache

w3-total-cache

Score: 69/100 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery Affected: *-2.8.1 Patched: 2.8.2 Updated: July 5, 2026
LOW

event-monster

event-monster

Score: 93/100 Event monster <= 1.4.3 - Information Exposure Via Visitors List Export Affected: *-1.4.3 Patched: 1.4.4 Updated: July 5, 2026
LOW

wr-price-list-for-woocommerce

wr-price-list-for-woocommerce

Score: N/A WR Price List Manager For Woocommerce <= 1.0.8 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.0.8 Patched: 1.1.0 Updated: July 5, 2026
LOW

wp-migration-duplicator

wp-migration-duplicator

Score: N/A WebToffee WP Backup and Migration <= 1.5.3 - Unauthenticated Sensitive Information Exposure Affected: *-1.5.3 Patched: 1.5.4 Updated: July 5, 2026
LOW

wp-asambleas

wp-asambleas

Score: N/A WP-Asambleas <= 2.85.0 - Reflected Cross-Site Scripting Affected: *-2.85.0 Patched: Updated: July 5, 2026
LOW

world-cup-predictor

world-cup-predictor

Score: N/A World Cup Predictor <= 1.9.6 - Reflected Cross-Site Scripting Affected: *-1.9.6 Patched: Updated: July 5, 2026
LOW

woolementor

woolementor

Score: N/A CoDesigner WooCommerce Builder for Elementor <= 4.21 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-4.21 Patched: Updated: July 5, 2026
LOW

responsive-jquery-slider

responsive-jquery-slider

Score: N/A Responsive jQuery Slider <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

neon-product-designer-for-woocommerce

neon-product-designer-for-woocommerce

Score: 89/100 Neon Product Designer <= 2.1.1 - Authenticated (Contributor+) SQL Injection Affected: *-2.1.1 Patched: Updated: July 5, 2026
LOW

multilang-contact-form

multilang-contact-form

Score: 89/100 Multilang Contact Form <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 5, 2026
LOW

homey-login-register

homey-login-register

Score: 89/100 Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation Affected: *-2.4.0 Patched: Updated: July 5, 2026
LOW

gallery-and-lightbox

gallery-and-lightbox

Score: 91/100 Gallery and Lightbox <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.14 Patched: Updated: July 5, 2026
LOW

essential-wp-real-estate

essential-wp-real-estate

Score: 87/100 Essential WP Real Estate <= 1.1.3 - Reflected Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: July 5, 2026
LOW

elementinvader-addons-for-elementor

elementinvader-addons-for-elementor

Score: 93/100 ElementInvader Addons for Elementor <= 1.2.6 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.2.6 Patched: 1.2.7 Updated: July 5, 2026
LOW

course-booking-system

course-booking-system

Score: 93/100 Course Booking System <= 6.0.6 - Unauthenticated SQL Injection Affected: *-6.0.6 Patched: 6.0.7 Updated: July 5, 2026
LOW

button-block

button-block

Score: 93/100 Button Block <= 1.1.5 - Missing Authorization Affected: *-1.1.5 Patched: 1.1.6 Updated: July 5, 2026
LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode Affected: *-10.9.2 Patched: 10.9.3 Updated: July 5, 2026
LOW

bold-pagos-en-linea

bold-pagos-en-linea

Score: 93/100 Bold pagos en linea <= 3.1.4 - Reflected Cross-Site Scripting Affected: *-3.1.4 Patched: 3.1.5 Updated: July 5, 2026
LOW

background-control

background-control

Score: 91/100 Background Control <= 1.0.5 - Cross-Site Request Forgery to Arbitrary File Deletion Affected: *-1.0.5 Patched: Updated: July 5, 2026
LOW

booking-and-rental-manager-for-woocommerce

booking-and-rental-manager-for-woocommerce

Score: 93/100 Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting Affected: *-2.2.1 Patched: 2.2.2 Updated: July 5, 2026
LOW

tcbd-auto-refresher

tcbd-auto-refresher

Score: N/A TCBD Auto Refresher <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

wp-spid-italia

wp-spid-italia

Score: N/A WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9 Patched: 2.12 Updated: July 5, 2026
LOW

accordion-slider-lite

accordion-slider-lite

Score: 95/100 Accordion Slider Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 5, 2026
LOW

gatormail-smart-forms

gatormail-smart-forms

Score: 93/100 GatorMail SmartForms <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: July 5, 2026
LOW

perfect-portal-widgets

perfect-portal-widgets

Score: 93/100 Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.3 Patched: 3.0.4 Updated: July 5, 2026
LOW

dominion-domain-checker-wpbakery-addon

dominion-domain-checker-wpbakery-addon

Score: 91/100 Dominion – Domain Checker for WPBakery <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.0 Patched: Updated: July 5, 2026
LOW

rrdevs-for-elementor

rrdevs-for-elementor

Score: N/A RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

grid-accordion-lite

grid-accordion-lite

Score: 91/100 Grid Accordion Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 5, 2026
LOW

push-notification-for-post-and-buddypress

push-notification-for-post-and-buddypress

Score: N/A Push Notification for Post and BuddyPress <= 2.07 - Reflected Cross-Site Scripting Affected: *-2.06 Patched: 2.08 Updated: July 5, 2026
LOW

unlimited-theme-addons

unlimited-theme-addons

Score: N/A Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.2 - Authenticated (Contributor+) Post Disclosure Affected: *-1.2.2 Patched: 1.2.3 Updated: July 5, 2026
LOW

post-duplicator

post-duplicator

Score: 93/100 Post Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure Affected: *-2.36 Patched: 2.37 Updated: July 5, 2026
LOW

coupon-x-discount-pop-up

coupon-x-discount-pop-up

Score: 93/100 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection Affected: *-1.3.5 Patched: 1.3.6 Updated: July 5, 2026
LOW

coupon-x-discount-pop-up

coupon-x-discount-pop-up

Score: 93/100 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization Affected: *-1.3.5 Patched: 1.3.6 Updated: July 5, 2026
LOW

trackserver

trackserver

Score: N/A Trackserver <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.0.2 Patched: 5.0.3 Updated: July 5, 2026
LOW

internal-link-shortcode

internal-link-shortcode

Score: 91/100 CF Internal Link Shortcode <= 1.1.0 - Unauthenticated SQL Injection Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

zalomeni

zalomeni

Score: N/A Zalomení <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 5, 2026
LOW

xml-for-avito

xml-for-avito

Score: N/A XML for Avito <= 2.5.2 - Reflected Cross-Site Scripting Affected: *-2.5.2 Patched: 2.5.3 Updated: July 5, 2026
LOW

wp-mediatagger

wp-mediatagger

Score: N/A WP MediaTagger <= 4.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.1 Patched: Updated: July 5, 2026
LOW

wp-mediatagger

wp-mediatagger

Score: N/A WP MediaTagger <= 4.1.1 - Reflected Cross-Site Scripting Affected: *-4.1.1 Patched: Updated: July 5, 2026
LOW

wp-finance

wp-finance

Score: N/A WP Finance <= 1.3.6 - Reflected Cross-Site Scripting Affected: *-1.3.6 Patched: Updated: July 5, 2026
LOW

wp-finance

wp-finance

Score: N/A WP Finance <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3.6 Patched: Updated: July 5, 2026
LOW

wp-email-newsletter

wp-email-newsletter

Score: N/A WP Email Newsletter <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

wp-desklite

wp-desklite

Score: N/A WP DeskLite – Helpdesk and Support Plugin <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

woo-ups-pickup

woo-ups-pickup

Score: N/A OPSI Israel Domestic Shipments <= 2.6.5 - Reflected Cross-Site Scripting Affected: *-2.6.5 Patched: 2.6.6 Updated: July 5, 2026
LOW

widget4call

widget4call

Score: N/A Widget4Call <= 1.0.7 - Reflected Cross-Site Scripting Affected: *-1.0.7 Patched: Updated: July 5, 2026
LOW

user-messages

user-messages

Score: N/A User Messages <= 1.2.4 - Reflected Cross-Site Scripting Affected: *-1.2.4 Patched: Updated: July 5, 2026
LOW

twitter-bootstrap-collapse-aka-accordian-shortcode

twitter-bootstrap-collapse-aka-accordian-shortcode

Score: N/A Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

tabulate

tabulate

Score: N/A Tabulate <= 2.10.3 - Reflected Cross-Site Scripting Affected: *-2.10.3 Patched: Updated: July 5, 2026
LOW

slidedeck-lite-for-wordpress

slidedeck-lite-for-wordpress

Score: N/A SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected Cross-Site Scripting Affected: *-1.4.8 Patched: Updated: July 5, 2026
LOW

responsive-iframe

responsive-iframe

Score: N/A Responsive iframe <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 5, 2026
LOW

policy-genius

policy-genius

Score: 91/100 Policy Genius <= 2.0.4 - Reflected Cross-Site Scripting Affected: *-2.0.4 Patched: Updated: July 5, 2026
LOW

google-map-professional

google-map-professional

Score: 89/100 Google Map Professional <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

give

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.3 - Unauthenticated PHP Object Injection Affected: *-3.19.3 Patched: 3.19.4 Updated: July 5, 2026
LOW

give

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection Affected: *-3.19.2 Patched: 3.19.3 Updated: July 5, 2026
LOW

fast-tube

fast-tube

Score: 89/100 Fast Tube <= 2.3.1 - Reflected Cross-Site Scripting Affected: *-2.3.1 Patched: Updated: July 5, 2026
LOW

fantastic-elasticsearch

fantastic-elasticsearch

Score: 91/100 Fantastic Elasticsearch <= 4.1.0 - Reflected Cross-Site Scripting Affected: *-4.1.0 Patched: Updated: July 5, 2026
LOW

ect-homepage-products

ect-homepage-products

Score: 91/100 ECT Home Page Products <= 1.9 - Reflected Cross-Site Scripting Affected: *-1.9 Patched: Updated: July 5, 2026
LOW

custom-login-page

custom-login-page

Score: 91/100 A5 Custom Login Page <= 2.8.1 - Reflected Cross-Site Scripting Affected: *-2.8.1 Patched: Updated: July 5, 2026
LOW

clickwhale

clickwhale

Score: 93/100 ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Reflected Cross-Site Scripting Affected: *-2.4.1 Patched: 2.4.2 Updated: July 5, 2026
LOW

canvasflow

canvasflow

Score: 91/100 CanvasFlow <= 1.5.5 - Reflected Cross-Site Scripting Affected: *-1.5.5 Patched: Updated: July 5, 2026
LOW

essential-wp-real-estate

essential-wp-real-estate

Score: 87/100 Essential WP Real Estate <= 1.1.3 - Missing Authorization to Arbitrary Post/Page Deletion Affected: *-1.1.3 Patched: Updated: July 5, 2026
LOW

themeisle-companion

themeisle-companion

Score: N/A Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter Affected: *-2.10.43 Patched: 2.10.44 Updated: July 5, 2026
LOW

themeisle-companion

themeisle-companion

Score: N/A Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget Affected: *-2.10.43 Patched: 2.10.44 Updated: July 5, 2026
LOW

ai-scribe-the-chatgpt-powered-seo-content-creation-wizard

ai-scribe-the-chatgpt-powered-seo-content-creation-wizard

Score: 97/100 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Authenticated (Contributor+) SQL Injection Affected: *-2.5 Patched: 2.6 Updated: July 5, 2026
LOW

ai-scribe-the-chatgpt-powered-seo-content-creation-wizard

ai-scribe-the-chatgpt-powered-seo-content-creation-wizard

Score: 97/100 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-2.5 Patched: 2.6 Updated: July 5, 2026
LOW

wpguppy-lite

wpguppy-lite

Score: N/A One to one user Chat by WPGuppy <= 1.1.0 - Authorization Bypass Affected: *-1.1.0 Patched: 1.1.1 Updated: July 5, 2026
LOW

wpbookit

wpbookit

Score: N/A WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change Affected: *-1.6.4 Patched: 1.6.6 Updated: July 5, 2026
LOW

tourmaster

tourmaster

Score: N/A Tour Master - Tour Booking, Travel, Hotel <= 5.3.4 - Reflected Cross-Site Scripting Affected: *-5.3.4 Patched: 5.3.5 Updated: July 5, 2026
LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.7.0 - Cross-Site Request Forgery Affected: *-6.7.0 Patched: 6.7.1 Updated: July 5, 2026
LOW

ninja-tables

ninja-tables

Score: 93/100 Ninja Tables – Easy Data Table <= 5.0.16 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.0.16 Patched: 5.0.17 Updated: July 5, 2026
LOW

goodlayers-core

goodlayers-core

Score: 93/100 Goodlayers Core <= 2.1.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG Upload Affected: *-2.1.2 Patched: 2.1.3 Updated: July 5, 2026
LOW

clipart

clipart

Score: 91/100 ClipArt <= 0.2 - Reflected Cross-Site Scripting Affected: *-0.2 Patched: Updated: July 5, 2026
LOW

clasify-classified-listing

clasify-classified-listing

Score: 91/100 Clasify Classified Listing <= 1.0.7 - Reflected Cross-Site Scripting Affected: *-1.0.7 Patched: Updated: July 5, 2026
LOW

bulk-me-now

bulk-me-now

Score: 87/100 Bulk Me Now! <= 2.0 - Cross-Site Request Forgery to Message Deletion Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

bulk-me-now

bulk-me-now

Score: 87/100 Bulk Me Now! <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

bulk-me-now

bulk-me-now

Score: 87/100 Bulk Me Now! <= 2.0 - Reflected Cross-Site Scripting via 'status' Affected: *-2.0 Patched: Updated: July 5, 2026

Showing 13501 to 13600 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 05:58 UTC.