Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

90

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
affiliateimportereb affiliateimportereb
95
AffiliateImporterEb <= 1.0.6 - Reflected Cross-Site Scripting via 'ebdn_min_price' LOW *-1.0.6 July 5, 2026
affiliateimportereb affiliateimportereb
95
AffiliateImporterEb <= 1.0.6 - Reflected Cross-Site Scripting via 'module' LOW *-1.0.6 July 5, 2026
advance-post-prefix advance-post-prefix
95
Advance Post Prefix <= 1.1.1 - Authenticated (Admin+) SQL Injection LOW *-1.1.1 July 5, 2026
advance-post-prefix advance-post-prefix
95
Advance Post Prefix <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 July 5, 2026
greenshift-animation-and-page-builder-blocks greenshift-animation-and-page-builder-blocks
93
Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting LOW *-9.0.0 9.0.1 July 5, 2026
ajax-filter-posts ajax-filter-posts
95
Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion LOW *-3.4.12 3.4.13 July 5, 2026
wp-action-network wp-action-network N/A Action Network <= 1.4.4 - Reflected Cross-Site Scripting LOW *-1.4.4 1.8.0 July 5, 2026
wc-shipos-delivery wc-shipos-delivery N/A Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting via dvsfw_bulk_label_url Parameter LOW *-2.1.7 2.2.0 July 5, 2026
woocommerce-check-pincode-zipcode-for-shipping woocommerce-check-pincode-zipcode-for-shipping N/A Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-2.0.4 July 5, 2026
resads resads N/A ResAds <= 2.0.6 - Reflected Cross-Site Scripting via Multiple Parameters LOW *-2.0.6 July 5, 2026
sema-api sema-api N/A SEMA API <= 5.27 - Reflected Cross-Site Scripting via catid Parameter LOW *-5.27 5.30 July 5, 2026
linkid linkid
91
linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure LOW *-0.1.2 July 5, 2026
responsive-flipbook responsive-flipbook N/A Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.5.0 July 5, 2026
cluevo-lms cluevo-lms
93
CLUEVO LMS, E-Learning Platform <= 1.13.2 - Reflected Cross-Site Scripting LOW *-1.13.2 1.13.3 July 5, 2026
manycontacts-bar manycontacts-bar
91
WhatsApp click to chat <= 3.0.4 - Reflected Cross-Site Scripting LOW *-3.0.4 July 5, 2026
searchie searchie N/A Searchie <= 1.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.17.0 July 5, 2026
files-download-delay files-download-delay
91
Files Download Delay <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.9 July 5, 2026
linear linear
93
Linear <= 2.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.12 2.8.0 July 5, 2026
masjidal masjidal
93
Muslim Prayer Time-Salah/Iqamah <= 1.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.11 1.8.12 July 5, 2026
3dvieweronline-wp 3dvieweronline-wp
97
3DVieweronline <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.2 2.2.3 July 5, 2026
wp-travel wp-travel N/A WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection LOW *-10.0.0 10.0.1 July 5, 2026
skyword-plugin skyword-plugin N/A Skyword API Plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.2 2.5.3 July 5, 2026
gs-instagram-portfolio gs-instagram-portfolio
89
GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection LOW *-1.4.5 July 5, 2026
yumpu-epaper-publishing yumpu-epaper-publishing N/A Yumpu E-Paper publishing <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.8 3.0.9 July 5, 2026
ai-scribe-the-chatgpt-powered-seo-content-creation-wizard ai-scribe-the-chatgpt-powered-seo-content-creation-wizard
97
AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Cross-Site Request Forgery to Settings Update LOW *-2.5 2.6 July 5, 2026
unlimited-elements-for-elementor unlimited-elements-for-elementor N/A Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets LOW *-1.5.135 1.5.136 July 5, 2026
wp-database-backup wp-database-backup N/A WP Database Backup – Unlimited Database & Files Backup by Backup for WP <= 7.3 - Unauthenticated Database Back-Up Exposure LOW *-7.3 7.4 July 5, 2026
wp-bitly wp-bitly N/A Bitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-2.7.3 2.7.4 July 5, 2026
skt-builder skt-builder N/A SKT Page Builder <= 4.6 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-4.7 4.8 July 5, 2026
simply-rets simply-rets N/A SimplyRETS Real Estate IDX <= 2.11.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.11.3 3.0.0 July 5, 2026
pearl-header-builder pearl-header-builder
93
Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion LOW *-1.3.8 1.3.9 July 5, 2026
newsletter2go newsletter2go
89
Newsletter2Go <= 4.0.14 - Missing Authorization to Authenticated (Subscriber+) Style Reset LOW *-4.0.14 July 5, 2026
mimo-woocommerce-order-tracking mimo-woocommerce-order-tracking
89
MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings Update LOW *-1.0.2 July 5, 2026
woo-gift-cards-lite woo-gift-cards-lite N/A Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch LOW *-3.0.6 3.0.7 July 5, 2026
gift-cards-for-woocommerce-pro gift-cards-for-woocommerce-pro
93
Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch LOW *-2.9.1 2.9.2 July 5, 2026
wp-easycart wp-easycart N/A Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates LOW *-5.7.8 5.7.9 July 5, 2026
garden-gnome-package garden-gnome-package
93
Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload LOW *-2.3.0 2.4.0 July 5, 2026
modula-best-grid-gallery modula-best-grid-gallery
93
Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload LOW *-2.11.10 2.11.11 July 5, 2026
Iptanus File Upload wp-file-upload
76
WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution LOW *-4.24.12 4.24.14 July 5, 2026
zephyr-modern-admin-theme zephyr-modern-admin-theme N/A Zephyr Admin Theme <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.1 1.5.0 July 5, 2026
yeemail yeemail N/A Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.4 2.1.5 July 5, 2026
xpro-elementor-addons xpro-elementor-addons N/A 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication LOW *-1.4.6.2 1.4.6.3 July 5, 2026
wpmu-prefill-post wpmu-prefill-post N/A WPMU Prefill Post <= 1.02 - Authenticated (Administrator+) SQL Injection LOW *-1.02 July 5, 2026
wpm-news-api wpm-news-api N/A News Publisher Autopilot <= 2.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1.4 July 5, 2026
wplistcal wplistcal N/A WPListCal <= 1.3.5 - Authenticated (Subscriber+) SQL Injection LOW *-1.3.5 July 5, 2026
WP Extended – The Ultimate WordPress Toolkit wpextended N/A The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-3.0.11 3.0.12 July 5, 2026
WP Extended – The Ultimate WordPress Toolkit wpextended N/A The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution LOW *-3.0.11 3.0.12 July 5, 2026
wpex-replace wpex-replace N/A WPEX Replace DB Urls <= 0.4.0 - Reflected Cross-Site Scripting LOW *-0.4.0 July 5, 2026
wp-webinarsystem wp-webinarsystem N/A WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates LOW *-1.33.24 1.33.25 July 5, 2026
wp-webinarsystem wp-webinarsystem N/A WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation LOW *-1.33.24 1.33.25 July 5, 2026
wp-music-player wp-music-player N/A WP Music Player <= 1.3 - Authenticated (Administrator+) SQL Injection LOW *-1.3 July 5, 2026
wp-meta-data-filter-and-taxonomy-filter wp-meta-data-filter-and-taxonomy-filter N/A MDTF – Meta Data and Taxonomies Filter <= 1.3.3.5 - Authenticated (Contributor+) SQL Injection LOW *-1.3.3.5 1.3.3.6 July 5, 2026
wp-mailing-group wp-mailing-group N/A Mailing Group Listserv <= 2.0.9 - Authenticated (Administrator+) SQL Injection LOW *-2.0.9 3.0.0 July 5, 2026
wp-mailing-group wp-mailing-group N/A Mailing Group Listserv <= 2.0.9 - Reflected Cross-Site Scripting LOW *-2.0.9 3.0.0 July 5, 2026
wp-joomag wp-joomag N/A WP Joomag <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.2 July 5, 2026
wp-hosting-performance-check wp-hosting-performance-check N/A wp Hosting Performance Check <= 2.18.8 - Reflected Cross-Site Scripting LOW *-2.18.8 July 5, 2026
wp-header-notification wp-header-notification N/A WP Header Notification <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2.7 July 5, 2026
wp-github wp-github N/A WP Github <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.3 July 5, 2026
Iptanus File Upload wp-file-upload
76
WordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion LOW *-4.24.15 4.25.0 July 5, 2026
Iptanus File Upload wp-file-upload
76
WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php LOW *-4.24.13 4.24.14 July 5, 2026
wp-experiments-free wp-experiments-free N/A Title Experiments Free <= 9.0.4 - Cross-Site Request Forgery LOW *-9.0.4 July 5, 2026
wp-experiments-free wp-experiments-free N/A Title Experiments Free <= 9.0.4 - Missing Authorization LOW *-9.0.4 July 5, 2026
wp-custom-countdown wp-custom-countdown N/A wp custom countdown <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.8 July 5, 2026
wp-cookie wp-cookie N/A WP Cookie <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.0 July 5, 2026
wp-connect wp-connect N/A WordPress连接微博 <= 2.5.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.5.6 July 5, 2026
wp-able-player wp-able-player N/A Able Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
wooexim wooexim N/A WOOEXIM <= 5.0.0 - Authenticated (Administrator+) SQL Injection LOW *-5.0.0 July 5, 2026
woocommerce-inventory-management woocommerce-inventory-management N/A Scanventory <= 1.1.3 - Reflected Cross-Site Scripting LOW *-1.1.3 July 5, 2026
woo-advanced-product-information woo-advanced-product-information N/A Advanced Product Information for WooCommerce <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.4 1.1.5 July 5, 2026
we-blocks we-blocks N/A WE Blocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.5 July 5, 2026
wc-price-history wc-price-history N/A WC Price History for Omnibus <= 2.1.4 - Authenticated (Shop manager+) PHP Object Injection LOW *-2.1.4 2.1.5 July 5, 2026
wc-planzer-shipping wc-planzer-shipping N/A Shipping via Planzer for WooCommerce <= 1.0.25 - Reflected Cross-Site Scripting via processed-ids LOW *-1.0.25 1.0.26 July 5, 2026
vr-views vr-views N/A VR Views <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.1 July 5, 2026
vooplayer vooplayer N/A vooPlayer v4 <= 4.0.4 - Reflected Cross-Site Scripting LOW *-4.0.4 July 5, 2026
virtual-bot virtual-bot N/A Virtual Bot <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 5, 2026
virtual-bot virtual-bot N/A Virtual Bot <= 1.0.0 - Unauthenticated SQL Injection LOW *-1.0.0 July 5, 2026
video-embed-optimizer video-embed-optimizer N/A Video Embed Optimizer <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 5, 2026
urdu-formatter-shamil urdu-formatter-shamil N/A Urdu Formatter – Shamil <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1 July 5, 2026
uptime-robot uptime-robot N/A Uptime Robot <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1.3 July 5, 2026
ultimate-image-hover-effects ultimate-image-hover-effects N/A Ultimate Image Hover Effects <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.2 July 5, 2026
tubepressnet tubepressnet N/A TubePress.NET <= 4.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.0.1 July 5, 2026
trustist-reviewer trustist-reviewer N/A TRUSTist REVIEWer <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 5, 2026
tock-widget tock-widget N/A Tock Widget <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 1.2 July 5, 2026
timeline-pro timeline-pro N/A Timeline Pro <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via [placeholder] LOW *-1.3 1.4 July 5, 2026
themesflat-addons-for-elementor themesflat-addons-for-elementor N/A Themesflat Addons For Elementor <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.4 2.2.5 July 5, 2026
SureForms – Contact Form, Payment Form, Survey & Other Custom Form Builder sureforms N/A SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure LOW *-1.2.2 1.2.3 July 5, 2026
surbma-premium-wp surbma-premium-wp N/A Surbma | Premium WP <= 9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-9.0 10.0 July 5, 2026
st-gallery-wp st-gallery-wp N/A ST Gallery WP <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-1.0.8 July 5, 2026
sportspress-tv sportspress-tv N/A Legacy ePlayer <= 0.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.9.9 July 5, 2026
smoothness-slider-shortcode smoothness-slider-shortcode N/A Smoothness Slider Shortcode <= v1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW * - v1.2.2 July 5, 2026
smart-agenda-prise-de-rendez-vous-en-ligne smart-agenda-prise-de-rendez-vous-en-ligne N/A Smart Agenda <= 4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-4.7 4.8 July 5, 2026
slotti-ajanvaraus slotti-ajanvaraus N/A Slotti Ajanvaraus <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.1 2.0.0 July 5, 2026
slide slide N/A Slides & Presentations <= 0.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.0.39 July 5, 2026
slide slide N/A Slides & Presentations <= 0.0.39 - Missing Authorization LOW *-0.0.39 July 5, 2026
skillbars skillbars N/A Skill Bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2 1.3 July 5, 2026
site-pin site-pin N/A Site PIN <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 5, 2026
singsong singsong N/A SingSong <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
simple-photo-sphere simple-photo-sphere N/A Simple Photo Sphere <= 0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.0.10 July 5, 2026
simple-locator simple-locator N/A Simple Locator <= 2.0.4 - Reflected Cross-Site Scripting LOW *-2.0.4 July 5, 2026
show-google-analytics-widget show-google-analytics-widget N/A Show Google Analytics widget <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.4 July 5, 2026
LOW

affiliateimportereb

affiliateimportereb

Score: 95/100 AffiliateImporterEb <= 1.0.6 - Reflected Cross-Site Scripting via 'ebdn_min_price' Affected: *-1.0.6 Patched: Updated: July 5, 2026
LOW

affiliateimportereb

affiliateimportereb

Score: 95/100 AffiliateImporterEb <= 1.0.6 - Reflected Cross-Site Scripting via 'module' Affected: *-1.0.6 Patched: Updated: July 5, 2026
LOW

advance-post-prefix

advance-post-prefix

Score: 95/100 Advance Post Prefix <= 1.1.1 - Authenticated (Admin+) SQL Injection Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

advance-post-prefix

advance-post-prefix

Score: 95/100 Advance Post Prefix <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

greenshift-animation-and-page-builder-blocks

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting Affected: *-9.0.0 Patched: 9.0.1 Updated: July 5, 2026
LOW

ajax-filter-posts

ajax-filter-posts

Score: 95/100 Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion Affected: *-3.4.12 Patched: 3.4.13 Updated: July 5, 2026
LOW

wp-action-network

wp-action-network

Score: N/A Action Network <= 1.4.4 - Reflected Cross-Site Scripting Affected: *-1.4.4 Patched: 1.8.0 Updated: July 5, 2026
LOW

wc-shipos-delivery

wc-shipos-delivery

Score: N/A Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting via dvsfw_bulk_label_url Parameter Affected: *-2.1.7 Patched: 2.2.0 Updated: July 5, 2026
LOW

woocommerce-check-pincode-zipcode-for-shipping

woocommerce-check-pincode-zipcode-for-shipping

Score: N/A Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-2.0.4 Patched: Updated: July 5, 2026
LOW

resads

resads

Score: N/A ResAds <= 2.0.6 - Reflected Cross-Site Scripting via Multiple Parameters Affected: *-2.0.6 Patched: Updated: July 5, 2026
LOW

sema-api

sema-api

Score: N/A SEMA API <= 5.27 - Reflected Cross-Site Scripting via catid Parameter Affected: *-5.27 Patched: 5.30 Updated: July 5, 2026
LOW

linkid

linkid

Score: 91/100 linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure Affected: *-0.1.2 Patched: Updated: July 5, 2026
LOW

responsive-flipbook

responsive-flipbook

Score: N/A Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.5.0 Patched: Updated: July 5, 2026
LOW

cluevo-lms

cluevo-lms

Score: 93/100 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Reflected Cross-Site Scripting Affected: *-1.13.2 Patched: 1.13.3 Updated: July 5, 2026
LOW

manycontacts-bar

manycontacts-bar

Score: 91/100 WhatsApp click to chat <= 3.0.4 - Reflected Cross-Site Scripting Affected: *-3.0.4 Patched: Updated: July 5, 2026
LOW

searchie

searchie

Score: N/A Searchie <= 1.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.17.0 Patched: Updated: July 5, 2026
LOW

files-download-delay

files-download-delay

Score: 91/100 Files Download Delay <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: Updated: July 5, 2026
LOW

linear

linear

Score: 93/100 Linear <= 2.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.12 Patched: 2.8.0 Updated: July 5, 2026
LOW

masjidal

masjidal

Score: 93/100 Muslim Prayer Time-Salah/Iqamah <= 1.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.11 Patched: 1.8.12 Updated: July 5, 2026
LOW

3dvieweronline-wp

3dvieweronline-wp

Score: 97/100 3DVieweronline <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.2 Patched: 2.2.3 Updated: July 5, 2026
LOW

wp-travel

wp-travel

Score: N/A WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection Affected: *-10.0.0 Patched: 10.0.1 Updated: July 5, 2026
LOW

skyword-plugin

skyword-plugin

Score: N/A Skyword API Plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.2 Patched: 2.5.3 Updated: July 5, 2026
LOW

gs-instagram-portfolio

gs-instagram-portfolio

Score: 89/100 GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection Affected: *-1.4.5 Patched: Updated: July 5, 2026
LOW

yumpu-epaper-publishing

yumpu-epaper-publishing

Score: N/A Yumpu E-Paper publishing <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.8 Patched: 3.0.9 Updated: July 5, 2026
LOW

ai-scribe-the-chatgpt-powered-seo-content-creation-wizard

ai-scribe-the-chatgpt-powered-seo-content-creation-wizard

Score: 97/100 AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.5 - Cross-Site Request Forgery to Settings Update Affected: *-2.5 Patched: 2.6 Updated: July 5, 2026
LOW

unlimited-elements-for-elementor

unlimited-elements-for-elementor

Score: N/A Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-1.5.135 Patched: 1.5.136 Updated: July 5, 2026
LOW

wp-database-backup

wp-database-backup

Score: N/A WP Database Backup – Unlimited Database & Files Backup by Backup for WP <= 7.3 - Unauthenticated Database Back-Up Exposure Affected: *-7.3 Patched: 7.4 Updated: July 5, 2026
LOW

wp-bitly

wp-bitly

Score: N/A Bitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-2.7.3 Patched: 2.7.4 Updated: July 5, 2026
LOW

skt-builder

skt-builder

Score: N/A SKT Page Builder <= 4.6 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-4.7 Patched: 4.8 Updated: July 5, 2026
LOW

simply-rets

simply-rets

Score: N/A SimplyRETS Real Estate IDX <= 2.11.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.11.3 Patched: 3.0.0 Updated: July 5, 2026
LOW

pearl-header-builder

pearl-header-builder

Score: 93/100 Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion Affected: *-1.3.8 Patched: 1.3.9 Updated: July 5, 2026
LOW

newsletter2go

newsletter2go

Score: 89/100 Newsletter2Go <= 4.0.14 - Missing Authorization to Authenticated (Subscriber+) Style Reset Affected: *-4.0.14 Patched: Updated: July 5, 2026
LOW

mimo-woocommerce-order-tracking

mimo-woocommerce-order-tracking

Score: 89/100 MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings Update Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

woo-gift-cards-lite

woo-gift-cards-lite

Score: N/A Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch Affected: *-3.0.6 Patched: 3.0.7 Updated: July 5, 2026
LOW

gift-cards-for-woocommerce-pro

gift-cards-for-woocommerce-pro

Score: 93/100 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch Affected: *-2.9.1 Patched: 2.9.2 Updated: July 5, 2026
LOW

wp-easycart

wp-easycart

Score: N/A Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates Affected: *-5.7.8 Patched: 5.7.9 Updated: July 5, 2026
LOW

garden-gnome-package

garden-gnome-package

Score: 93/100 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload Affected: *-2.3.0 Patched: 2.4.0 Updated: July 5, 2026
LOW

modula-best-grid-gallery

modula-best-grid-gallery

Score: 93/100 Modula Image Gallery <= 2.11.10 - Authenticated (Author+) Arbitrary File Upload Affected: *-2.11.10 Patched: 2.11.11 Updated: July 5, 2026
LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution Affected: *-4.24.12 Patched: 4.24.14 Updated: July 5, 2026
LOW

zephyr-modern-admin-theme

zephyr-modern-admin-theme

Score: N/A Zephyr Admin Theme <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.1 Patched: 1.5.0 Updated: July 5, 2026
LOW

yeemail

yeemail

Score: N/A Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.4 Patched: 2.1.5 Updated: July 5, 2026
LOW

xpro-elementor-addons

xpro-elementor-addons

Score: N/A 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication Affected: *-1.4.6.2 Patched: 1.4.6.3 Updated: July 5, 2026
LOW

wpmu-prefill-post

wpmu-prefill-post

Score: N/A WPMU Prefill Post <= 1.02 - Authenticated (Administrator+) SQL Injection Affected: *-1.02 Patched: Updated: July 5, 2026
LOW

wpm-news-api

wpm-news-api

Score: N/A News Publisher Autopilot <= 2.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.4 Patched: Updated: July 5, 2026
LOW

wplistcal

wplistcal

Score: N/A WPListCal <= 1.3.5 - Authenticated (Subscriber+) SQL Injection Affected: *-1.3.5 Patched: Updated: July 5, 2026
LOW

WP Extended – The Ultimate WordPress Toolkit

wpextended

Score: N/A The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.0.11 Patched: 3.0.12 Updated: July 5, 2026
LOW

WP Extended – The Ultimate WordPress Toolkit

wpextended

Score: N/A The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution Affected: *-3.0.11 Patched: 3.0.12 Updated: July 5, 2026
LOW

wpex-replace

wpex-replace

Score: N/A WPEX Replace DB Urls <= 0.4.0 - Reflected Cross-Site Scripting Affected: *-0.4.0 Patched: Updated: July 5, 2026
LOW

wp-webinarsystem

wp-webinarsystem

Score: N/A WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates Affected: *-1.33.24 Patched: 1.33.25 Updated: July 5, 2026
LOW

wp-webinarsystem

wp-webinarsystem

Score: N/A WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation Affected: *-1.33.24 Patched: 1.33.25 Updated: July 5, 2026
LOW

wp-music-player

wp-music-player

Score: N/A WP Music Player <= 1.3 - Authenticated (Administrator+) SQL Injection Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

wp-meta-data-filter-and-taxonomy-filter

wp-meta-data-filter-and-taxonomy-filter

Score: N/A MDTF – Meta Data and Taxonomies Filter <= 1.3.3.5 - Authenticated (Contributor+) SQL Injection Affected: *-1.3.3.5 Patched: 1.3.3.6 Updated: July 5, 2026
LOW

wp-mailing-group

wp-mailing-group

Score: N/A Mailing Group Listserv <= 2.0.9 - Authenticated (Administrator+) SQL Injection Affected: *-2.0.9 Patched: 3.0.0 Updated: July 5, 2026
LOW

wp-mailing-group

wp-mailing-group

Score: N/A Mailing Group Listserv <= 2.0.9 - Reflected Cross-Site Scripting Affected: *-2.0.9 Patched: 3.0.0 Updated: July 5, 2026
LOW

wp-joomag

wp-joomag

Score: N/A WP Joomag <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.2 Patched: Updated: July 5, 2026
LOW

wp-hosting-performance-check

wp-hosting-performance-check

Score: N/A wp Hosting Performance Check <= 2.18.8 - Reflected Cross-Site Scripting Affected: *-2.18.8 Patched: Updated: July 5, 2026
LOW

wp-header-notification

wp-header-notification

Score: N/A WP Header Notification <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.7 Patched: Updated: July 5, 2026
LOW

wp-github

wp-github

Score: N/A WP Github <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 5, 2026
LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 WordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion Affected: *-4.24.15 Patched: 4.25.0 Updated: July 5, 2026
LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php Affected: *-4.24.13 Patched: 4.24.14 Updated: July 5, 2026
LOW

wp-experiments-free

wp-experiments-free

Score: N/A Title Experiments Free <= 9.0.4 - Cross-Site Request Forgery Affected: *-9.0.4 Patched: Updated: July 5, 2026
LOW

wp-experiments-free

wp-experiments-free

Score: N/A Title Experiments Free <= 9.0.4 - Missing Authorization Affected: *-9.0.4 Patched: Updated: July 5, 2026
LOW

wp-custom-countdown

wp-custom-countdown

Score: N/A wp custom countdown <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8 Patched: Updated: July 5, 2026
LOW

wp-cookie

wp-cookie

Score: N/A WP Cookie <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

wp-connect

wp-connect

Score: N/A WordPress连接微博 <= 2.5.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.5.6 Patched: Updated: July 5, 2026
LOW

wp-able-player

wp-able-player

Score: N/A Able Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

wooexim

wooexim

Score: N/A WOOEXIM <= 5.0.0 - Authenticated (Administrator+) SQL Injection Affected: *-5.0.0 Patched: Updated: July 5, 2026
LOW

woocommerce-inventory-management

woocommerce-inventory-management

Score: N/A Scanventory <= 1.1.3 - Reflected Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: July 5, 2026
LOW

woo-advanced-product-information

woo-advanced-product-information

Score: N/A Advanced Product Information for WooCommerce <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.4 Patched: 1.1.5 Updated: July 5, 2026
LOW

we-blocks

we-blocks

Score: N/A WE Blocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.5 Patched: Updated: July 5, 2026
LOW

wc-price-history

wc-price-history

Score: N/A WC Price History for Omnibus <= 2.1.4 - Authenticated (Shop manager+) PHP Object Injection Affected: *-2.1.4 Patched: 2.1.5 Updated: July 5, 2026
LOW

wc-planzer-shipping

wc-planzer-shipping

Score: N/A Shipping via Planzer for WooCommerce <= 1.0.25 - Reflected Cross-Site Scripting via processed-ids Affected: *-1.0.25 Patched: 1.0.26 Updated: July 5, 2026
LOW

vr-views

vr-views

Score: N/A VR Views <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 5, 2026
LOW

vooplayer

vooplayer

Score: N/A vooPlayer v4 <= 4.0.4 - Reflected Cross-Site Scripting Affected: *-4.0.4 Patched: Updated: July 5, 2026
LOW

virtual-bot

virtual-bot

Score: N/A Virtual Bot <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

virtual-bot

virtual-bot

Score: N/A Virtual Bot <= 1.0.0 - Unauthenticated SQL Injection Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

video-embed-optimizer

video-embed-optimizer

Score: N/A Video Embed Optimizer <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

urdu-formatter-shamil

urdu-formatter-shamil

Score: N/A Urdu Formatter – Shamil <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: July 5, 2026
LOW

uptime-robot

uptime-robot

Score: N/A Uptime Robot <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1.3 Patched: Updated: July 5, 2026
LOW

ultimate-image-hover-effects

ultimate-image-hover-effects

Score: N/A Ultimate Image Hover Effects <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 5, 2026
LOW

tubepressnet

tubepressnet

Score: N/A TubePress.NET <= 4.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.0.1 Patched: Updated: July 5, 2026
LOW

trustist-reviewer

trustist-reviewer

Score: N/A TRUSTist REVIEWer <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

tock-widget

tock-widget

Score: N/A Tock Widget <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: 1.2 Updated: July 5, 2026
LOW

timeline-pro

timeline-pro

Score: N/A Timeline Pro <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via [placeholder] Affected: *-1.3 Patched: 1.4 Updated: July 5, 2026
LOW

themesflat-addons-for-elementor

themesflat-addons-for-elementor

Score: N/A Themesflat Addons For Elementor <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.4 Patched: 2.2.5 Updated: July 5, 2026
LOW

surbma-premium-wp

surbma-premium-wp

Score: N/A Surbma | Premium WP <= 9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-9.0 Patched: 10.0 Updated: July 5, 2026
LOW

st-gallery-wp

st-gallery-wp

Score: N/A ST Gallery WP <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-1.0.8 Patched: Updated: July 5, 2026
LOW

sportspress-tv

sportspress-tv

Score: N/A Legacy ePlayer <= 0.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.9.9 Patched: Updated: July 5, 2026
LOW

smoothness-slider-shortcode

smoothness-slider-shortcode

Score: N/A Smoothness Slider Shortcode <= v1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: * - v1.2.2 Patched: Updated: July 5, 2026
LOW

smart-agenda-prise-de-rendez-vous-en-ligne

smart-agenda-prise-de-rendez-vous-en-ligne

Score: N/A Smart Agenda <= 4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.7 Patched: 4.8 Updated: July 5, 2026
LOW

slotti-ajanvaraus

slotti-ajanvaraus

Score: N/A Slotti Ajanvaraus <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 2.0.0 Updated: July 5, 2026
LOW

slide

slide

Score: N/A Slides & Presentations <= 0.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.0.39 Patched: Updated: July 5, 2026
LOW

slide

slide

Score: N/A Slides & Presentations <= 0.0.39 - Missing Authorization Affected: *-0.0.39 Patched: Updated: July 5, 2026
LOW

skillbars

skillbars

Score: N/A Skill Bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: 1.3 Updated: July 5, 2026
LOW

site-pin

site-pin

Score: N/A Site PIN <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

singsong

singsong

Score: N/A SingSong <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

simple-photo-sphere

simple-photo-sphere

Score: N/A Simple Photo Sphere <= 0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.0.10 Patched: Updated: July 5, 2026
LOW

simple-locator

simple-locator

Score: N/A Simple Locator <= 2.0.4 - Reflected Cross-Site Scripting Affected: *-2.0.4 Patched: Updated: July 5, 2026
LOW

show-google-analytics-widget

show-google-analytics-widget

Score: N/A Show Google Analytics widget <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.4 Patched: Updated: July 5, 2026

Showing 13601 to 13700 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 06:58 UTC.