Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

94

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
seo-bulk-editor seo-bulk-editor N/A SEO Bulk Editor <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.1.0 July 5, 2026
sell-digital-downloads sell-digital-downloads N/A Sell Digital Downloads <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.7 July 5, 2026
scan-external-links scan-external-links N/A Scan External Links <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
saoshyant-page-builder saoshyant-page-builder N/A Saoshyant Page Builder <= 3.8 - Missing Authorization LOW *-3.8 July 5, 2026
quote-tweet quote-tweet N/A Quote Tweet <= 0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.7 July 5, 2026
qr-code-and-barcode-scanner-reader qr-code-and-barcode-scanner-reader N/A Qr Code and Barcode Scanner Reader <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 July 5, 2026
pretty-url pretty-url N/A Pretty Url <= 1.5.4 - Reflected Cross-Site Scripting LOW *-1.5.4 1.5.5 July 5, 2026
pretty-url pretty-url N/A Pretty Url <= 1.5.4 - Cross-Site Request Forgery LOW *-1.5.4 July 5, 2026
prayer-times-anywhere prayer-times-anywhere N/A Prayer Times Anywhere <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.1 July 5, 2026
powers-triggers-of-woo-to-chat powers-triggers-of-woo-to-chat N/A Powerful Auto Chat <= 1.9.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.9.8 July 5, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App post-smtp
87
Post SMTP <= 2.9.11 - Missing Authorization via regenerate_qrcode() LOW *-2.9.11 2.9.12 July 5, 2026
post-and-page-reactions post-and-page-reactions
91
Post And Page Reactions <= 1.0.5 - Reflected Cross-Site Scripting LOW *-1.0.5 July 5, 2026
pdf-catalog-woocommerce pdf-catalog-woocommerce
93
PDF Catalog Woocommerce <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 3.0 July 5, 2026
norse-runes-oracle norse-runes-oracle
93
Norse Rune Oracle Plugin <= 1.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.2 1.4.3 July 5, 2026
news-ticker-widget-for-elementor news-ticker-widget-for-elementor
93
News Ticker Widget for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.2 1.3.3 July 5, 2026
nc-wishlist-for-woocommerce nc-wishlist-for-woocommerce
91
NC Wishlist for Woocommerce <= 1.0.1 - Authenticated (Subscriber+) SQL Injection LOW *-1.0.1 July 5, 2026
multicarousel multicarousel
91
Multiple Carousel <= 2.0 - Unauthenticated SQL Injection LOW *-2.0 July 5, 2026
mt-addons-for-elementor mt-addons-for-elementor
93
MT Addons for Elementor <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6 1.0.7 July 5, 2026
mobile-friendly-flickr-slideshow mobile-friendly-flickr-slideshow
93
Responsive Flickr Slideshow <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.0 2.6.1 July 5, 2026
mindvalley-pagemash mindvalley-pagemash
91
MindValley Super PageMash <= 1.1 - Authenticated (Editor+) SQL Injection LOW *-1.1 July 5, 2026
mind-doodle-sitemap mind-doodle-sitemap
91
Mind Doodle Visual Sitemaps & Tasks <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6 July 5, 2026
metadata-seo metadata-seo
91
Metadata SEO <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3 July 5, 2026
mcjh-button-shortcode mcjh-button-shortcode
91
mcjh button shortcode <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.4 July 5, 2026
mas-addons-for-elementor mas-addons-for-elementor
93
MAS Elementor <= 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG LOW *-1.1.7 1.1.8 July 5, 2026
lucidlms lucidlms
91
LucidLMS <= 1.0.5 - Reflected Cross-Site Scripting LOW *-1.0.5 July 5, 2026
live-flight-radar live-flight-radar
91
Live Flight Radar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
list-pages-at-depth list-pages-at-depth
91
List Pages at Depth <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5 July 5, 2026
ldap-login-password-and-role-manager ldap-login-password-and-role-manager
91
ldap_login_password_and_role_manager <= 1.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.12 July 5, 2026
laika-pedigree-tree laika-pedigree-tree
91
Laika Pedigree Tree <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4 July 5, 2026
knr-author-list-widget knr-author-list-widget
91
KNR Author List Widget <= 3.1.1 - Reflected Cross-Site Scripting LOW *-3.1.1 July 5, 2026
justified-image-gallery justified-image-gallery
91
Justified Image Gallery <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
js-twentytwenty js-twentytwenty
91
jQuery TwentyTwenty <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
jk-html-to-pdf jk-html-to-pdf
91
JK Html To Pdf <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 5, 2026
iwp-client iwp-client
93
InfiniteWP Client <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading LOW *-1.13.0 1.13.1 July 5, 2026
instabot instabot
93
Instabot <= 1.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.10 1.11 July 5, 2026
inline-tweets inline-tweets
91
Inline Tweets <= 2.0 - Unauthenticated Stored Cross-Site Scripting LOW *-2.0 July 5, 2026
iframe-to-embed iframe-to-embed
91
iframe to embed <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
ics-button ics-button
91
ICS Button <= 0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.6 July 5, 2026
icons-enricher icons-enricher
91
Icons Enricher <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.8 July 5, 2026
iamport-payment iamport-payment
91
아임포트 결제버튼 생성 플러그인 <= 1.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.19 July 5, 2026
huurkalender-wp huurkalender-wp
93
Huurkalender WP <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.6 1.6.0 July 5, 2026
help-scout help-scout
93
Help Scout <= 6.5.6 - Missing Authorization LOW *-6.5.6 6.5.7 July 5, 2026
happy-elementor-addons happy-elementor-addons
93
Happy Addons for Elementor <= 3.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.15.1 3.15.2 July 5, 2026
google-maps-travel-route google-maps-travel-route
91
Google Maps Travel Route <= 1.3.1 - Authenticated (Subscriber+) SQL Injection LOW *-1.3.1 July 5, 2026
genesis-style-shortcodes genesis-style-shortcodes
91
Genesis Style Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
formafzar formafzar
93
formafzar <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 2.1 July 5, 2026
featured-page-widget featured-page-widget
91
Featured Page Widget <= 2.2 - Reflected Cross-Site Scripting LOW *-2.2 July 5, 2026
fat-event-lite fat-event-lite
87
FAT Event Lite <= 1.1 - Unauthenticated Local File Inclusion LOW *-1.1 July 5, 2026
f4-tree f4-tree
93
F4 Post Tree <= 1.1.18 - Reflected Cross-Site Scripting LOW *-1.1.18 1.1.19 July 5, 2026
etruel-del-post-copies etruel-del-post-copies
93
WP Delete Post Copies <= 5.5 - Missing Authorization LOW *-5.5 6.0 July 5, 2026
essential-blocks essential-blocks
93
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-5.1.0 5.1.1 July 5, 2026
email-suscripcion email-suscripcion
91
Emailing Subscription <= 1.4.1 - Unauthenticated SQL Injection LOW *-1.4.1 July 5, 2026
edoc-easy-tables edoc-easy-tables
89
eDoc Easy Tables <= 1.29 - Authenticated (Contributor+) SQL Injection LOW *-1.29 July 5, 2026
easy-form-builder easy-form-builder
93
Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-3.8.8 3.8.9 July 5, 2026
dzs-enable-debug dzs-enable-debug
91
Admin debug wordpress – enable debug <= 1.0.13 - Cross-Site Request Forgery LOW *-1.0.13 July 5, 2026
drm-protected-video-streaming drm-protected-video-streaming
89
S3Player – WooCommerce & Elementor Integration <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.2.1 July 5, 2026
donations-block donations-block
93
Donation Block For PayPal <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.0 2.3.1 July 5, 2026
custom-field-manager custom-field-manager
91
Custom Field Manager <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
custom-database-tables custom-database-tables
91
Custom DataBase Tables <= 2.1.34 - Reflected Cross-Site Scripting LOW *-2.1.34 July 5, 2026
cost-calculator-builder-pro cost-calculator-builder-pro
93
Cost Calculator Builder PRO <= 3.2.15 - Unauthenticated SQL Injection via data LOW *-3.2.15 3.2.16 July 5, 2026
conversational-forms conversational-forms
93
Conversational Forms for ChatBot <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.2 1.4.3 July 5, 2026
content-blocks-builder content-blocks-builder
93
Content Blocks Builder <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.6 2.7.7 July 5, 2026
competition-form competition-form
89
Competition Form <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 5, 2026
competition-form competition-form
89
Competition Form <= 2.0 - Cross-Site Request Forgery to Competition Deletion LOW *-2.0 July 5, 2026
button-block button-block
93
Button Block <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.9 1.2.0 July 5, 2026
bp-profile-shortcodes-extra bp-profile-shortcodes-extra
89
BP Profile Shortcodes Extra <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.0 July 5, 2026
boot-modal boot-modal
93
Boot-Modal <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.1 1.10 July 5, 2026
black-widgets black-widgets
91
Black Widgets For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.8 1.3.9 July 5, 2026
biltorvet-dealer-tools biltorvet-dealer-tools
91
Biltorvet Dealer Tools <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.22 July 5, 2026
better-user-shortcodes better-user-shortcodes
91
Better User Shortcodes <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
bdthemes-element-pack-lite bdthemes-element-pack-lite
93
Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.10.14 5.10.15 July 5, 2026
author-avatars author-avatars
91
Author Avatars List/Block <= 2.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.23 2.1.24 July 5, 2026
arcadeready arcadeready
95
Arcade Ready <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
alpha-price-table-for-elementor alpha-price-table-for-elementor
95
Alpha Price Table For Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.8 July 5, 2026
affiliate-disclosure-statement affiliate-disclosure-statement
95
Affiliate Disclosure Statement <= 0.3 - Cross-Site Request Forgery LOW *-0.3 July 5, 2026
addfunc-mobile-detect addfunc-mobile-detect
95
AddFunc Mobile Detect <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1 July 5, 2026
99fy-core 99fy-core
97
Free WooCommerce Theme 99fy Extension <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.8 1.2.9 July 5, 2026
4ecps-webforms 4ecps-webforms
95
4ECPS Web Forms <= 0.2.18 - Unauthenticated Arbitrary File Upload LOW *-0.2.18 July 5, 2026
3d-flipbook-dflip-lite 3d-flipbook-dflip-lite
97
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.52 2.3.53 July 5, 2026
1003-mortgage-application 1003-mortgage-application
93
1003 Mortgage Application <= 1.87 - Missing Authorization LOW *-1.87 July 5, 2026
1003-mortgage-application 1003-mortgage-application
93
1003 Mortgage Application <= 1.87 - Missing Authorization LOW *-1.87 July 5, 2026
service-boxs service-boxs N/A Service Box <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9 2.0 July 5, 2026
export-import-menus export-import-menus
93
Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export LOW *-1.9.1 1.9.2 July 5, 2026
wp-editor-bootstrap-blocks wp-editor-bootstrap-blocks N/A Bootstrap Blocks for WP Editor v2 <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.0 2.5.1 July 5, 2026
master-addons master-addons
93
Master Addons -- Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip Module LOW *-2.0.6.7 2.0.6.8 July 5, 2026
error-log-viewer-wp error-log-viewer-wp
91
Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Unauthenticated Arbitrary File Read LOW *-1.0.1.3 1.0.4 July 5, 2026
marketplace-items marketplace-items
89
Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.5.5 July 5, 2026
marketplace-items marketplace-items
89
Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketplace' Shortcode LOW *-1.5.5 July 5, 2026
social-rocket social-rocket N/A Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update LOW *-1.3.4 1.3.4.1 July 5, 2026
social-rocket social-rocket N/A Social Rocket <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.3.4 1.3.4.1 July 5, 2026
woocommerce-digital-content-delivery-with-drm-flickrocket woocommerce-digital-content-delivery-with-drm-flickrocket N/A WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket <= 4.75 - Reflected Cross-Site Scripting LOW *-4.75 4.76 July 5, 2026
geo-targetly-geo-content geo-targetly-geo-content
93
Geo Content <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.0 6.1 July 5, 2026
sweepwidget sweepwidget N/A SweepWidget Contests, Giveaways, Photo Contests, Competitions <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.6 2.0.7 July 5, 2026
host-php-info host-php-info
91
Host PHP Info <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure LOW *-1.0.4 July 5, 2026
post-block post-block
91
FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode Export LOW *-6.0.0 6.0.1 July 5, 2026
chatroll-live-chat chatroll-live-chat
93
Chatroll Live Chat <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.0 2.6.0 July 5, 2026
candifly candifly
91
Candifly <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6 July 5, 2026
woo-binary-mlm woo-binary-mlm N/A Binary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page' LOW *-2.0 2.1 July 5, 2026
woo-binary-mlm woo-binary-mlm N/A Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0 2.1 July 5, 2026
meteor-slides meteor-slides
89
Meteor Slides <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.7 July 5, 2026
LOW

seo-bulk-editor

seo-bulk-editor

Score: N/A SEO Bulk Editor <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

sell-digital-downloads

sell-digital-downloads

Score: N/A Sell Digital Downloads <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.7 Patched: Updated: July 5, 2026
LOW

scan-external-links

scan-external-links

Score: N/A Scan External Links <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

saoshyant-page-builder

saoshyant-page-builder

Score: N/A Saoshyant Page Builder <= 3.8 - Missing Authorization Affected: *-3.8 Patched: Updated: July 5, 2026
LOW

quote-tweet

quote-tweet

Score: N/A Quote Tweet <= 0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.7 Patched: Updated: July 5, 2026
LOW

qr-code-and-barcode-scanner-reader

qr-code-and-barcode-scanner-reader

Score: N/A Qr Code and Barcode Scanner Reader <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

pretty-url

pretty-url

Score: N/A Pretty Url <= 1.5.4 - Reflected Cross-Site Scripting Affected: *-1.5.4 Patched: 1.5.5 Updated: July 5, 2026
LOW

pretty-url

pretty-url

Score: N/A Pretty Url <= 1.5.4 - Cross-Site Request Forgery Affected: *-1.5.4 Patched: Updated: July 5, 2026
LOW

prayer-times-anywhere

prayer-times-anywhere

Score: N/A Prayer Times Anywhere <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: July 5, 2026
LOW

powers-triggers-of-woo-to-chat

powers-triggers-of-woo-to-chat

Score: N/A Powerful Auto Chat <= 1.9.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.9.8 Patched: Updated: July 5, 2026
LOW

post-and-page-reactions

post-and-page-reactions

Score: 91/100 Post And Page Reactions <= 1.0.5 - Reflected Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 5, 2026
LOW

pdf-catalog-woocommerce

pdf-catalog-woocommerce

Score: 93/100 PDF Catalog Woocommerce <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 3.0 Updated: July 5, 2026
LOW

norse-runes-oracle

norse-runes-oracle

Score: 93/100 Norse Rune Oracle Plugin <= 1.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.2 Patched: 1.4.3 Updated: July 5, 2026
LOW

news-ticker-widget-for-elementor

news-ticker-widget-for-elementor

Score: 93/100 News Ticker Widget for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.2 Patched: 1.3.3 Updated: July 5, 2026
LOW

nc-wishlist-for-woocommerce

nc-wishlist-for-woocommerce

Score: 91/100 NC Wishlist for Woocommerce <= 1.0.1 - Authenticated (Subscriber+) SQL Injection Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

multicarousel

multicarousel

Score: 91/100 Multiple Carousel <= 2.0 - Unauthenticated SQL Injection Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

mt-addons-for-elementor

mt-addons-for-elementor

Score: 93/100 MT Addons for Elementor <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: July 5, 2026
LOW

mobile-friendly-flickr-slideshow

mobile-friendly-flickr-slideshow

Score: 93/100 Responsive Flickr Slideshow <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.0 Patched: 2.6.1 Updated: July 5, 2026
LOW

mindvalley-pagemash

mindvalley-pagemash

Score: 91/100 MindValley Super PageMash <= 1.1 - Authenticated (Editor+) SQL Injection Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

mind-doodle-sitemap

mind-doodle-sitemap

Score: 91/100 Mind Doodle Visual Sitemaps & Tasks <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 5, 2026
LOW

metadata-seo

metadata-seo

Score: 91/100 Metadata SEO <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: Updated: July 5, 2026
LOW

mcjh-button-shortcode

mcjh-button-shortcode

Score: 91/100 mcjh button shortcode <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.4 Patched: Updated: July 5, 2026
LOW

mas-addons-for-elementor

mas-addons-for-elementor

Score: 93/100 MAS Elementor <= 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Affected: *-1.1.7 Patched: 1.1.8 Updated: July 5, 2026
LOW

lucidlms

lucidlms

Score: 91/100 LucidLMS <= 1.0.5 - Reflected Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 5, 2026
LOW

live-flight-radar

live-flight-radar

Score: 91/100 Live Flight Radar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

list-pages-at-depth

list-pages-at-depth

Score: 91/100 List Pages at Depth <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5 Patched: Updated: July 5, 2026
LOW

ldap-login-password-and-role-manager

ldap-login-password-and-role-manager

Score: 91/100 ldap_login_password_and_role_manager <= 1.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.12 Patched: Updated: July 5, 2026
LOW

laika-pedigree-tree

laika-pedigree-tree

Score: 91/100 Laika Pedigree Tree <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

knr-author-list-widget

knr-author-list-widget

Score: 91/100 KNR Author List Widget <= 3.1.1 - Reflected Cross-Site Scripting Affected: *-3.1.1 Patched: Updated: July 5, 2026
LOW

justified-image-gallery

justified-image-gallery

Score: 91/100 Justified Image Gallery <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

js-twentytwenty

js-twentytwenty

Score: 91/100 jQuery TwentyTwenty <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

jk-html-to-pdf

jk-html-to-pdf

Score: 91/100 JK Html To Pdf <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

iwp-client

iwp-client

Score: 93/100 InfiniteWP Client <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading Affected: *-1.13.0 Patched: 1.13.1 Updated: July 5, 2026
LOW

instabot

instabot

Score: 93/100 Instabot <= 1.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.10 Patched: 1.11 Updated: July 5, 2026
LOW

inline-tweets

inline-tweets

Score: 91/100 Inline Tweets <= 2.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

iframe-to-embed

iframe-to-embed

Score: 91/100 iframe to embed <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

ics-button

ics-button

Score: 91/100 ICS Button <= 0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.6 Patched: Updated: July 5, 2026
LOW

icons-enricher

icons-enricher

Score: 91/100 Icons Enricher <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.8 Patched: Updated: July 5, 2026
LOW

iamport-payment

iamport-payment

Score: 91/100 아임포트 결제버튼 생성 플러그인 <= 1.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.19 Patched: Updated: July 5, 2026
LOW

huurkalender-wp

huurkalender-wp

Score: 93/100 Huurkalender WP <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.6 Patched: 1.6.0 Updated: July 5, 2026
LOW

help-scout

help-scout

Score: 93/100 Help Scout <= 6.5.6 - Missing Authorization Affected: *-6.5.6 Patched: 6.5.7 Updated: July 5, 2026
LOW

happy-elementor-addons

happy-elementor-addons

Score: 93/100 Happy Addons for Elementor <= 3.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.15.1 Patched: 3.15.2 Updated: July 5, 2026
LOW

google-maps-travel-route

google-maps-travel-route

Score: 91/100 Google Maps Travel Route <= 1.3.1 - Authenticated (Subscriber+) SQL Injection Affected: *-1.3.1 Patched: Updated: July 5, 2026
LOW

genesis-style-shortcodes

genesis-style-shortcodes

Score: 91/100 Genesis Style Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

formafzar

formafzar

Score: 93/100 formafzar <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.1 Updated: July 5, 2026
LOW

featured-page-widget

featured-page-widget

Score: 91/100 Featured Page Widget <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 5, 2026
LOW

fat-event-lite

fat-event-lite

Score: 87/100 FAT Event Lite <= 1.1 - Unauthenticated Local File Inclusion Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

f4-tree

f4-tree

Score: 93/100 F4 Post Tree <= 1.1.18 - Reflected Cross-Site Scripting Affected: *-1.1.18 Patched: 1.1.19 Updated: July 5, 2026
LOW

etruel-del-post-copies

etruel-del-post-copies

Score: 93/100 WP Delete Post Copies <= 5.5 - Missing Authorization Affected: *-5.5 Patched: 6.0 Updated: July 5, 2026
LOW

essential-blocks

essential-blocks

Score: 93/100 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-5.1.0 Patched: 5.1.1 Updated: July 5, 2026
LOW

email-suscripcion

email-suscripcion

Score: 91/100 Emailing Subscription <= 1.4.1 - Unauthenticated SQL Injection Affected: *-1.4.1 Patched: Updated: July 5, 2026
LOW

edoc-easy-tables

edoc-easy-tables

Score: 89/100 eDoc Easy Tables <= 1.29 - Authenticated (Contributor+) SQL Injection Affected: *-1.29 Patched: Updated: July 5, 2026
LOW

easy-form-builder

easy-form-builder

Score: 93/100 Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.8.8 Patched: 3.8.9 Updated: July 5, 2026
LOW

dzs-enable-debug

dzs-enable-debug

Score: 91/100 Admin debug wordpress – enable debug <= 1.0.13 - Cross-Site Request Forgery Affected: *-1.0.13 Patched: Updated: July 5, 2026
LOW

drm-protected-video-streaming

drm-protected-video-streaming

Score: 89/100 S3Player – WooCommerce & Elementor Integration <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.1 Patched: Updated: July 5, 2026
LOW

donations-block

donations-block

Score: 93/100 Donation Block For PayPal <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.0 Patched: 2.3.1 Updated: July 5, 2026
LOW

custom-field-manager

custom-field-manager

Score: 91/100 Custom Field Manager <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

custom-database-tables

custom-database-tables

Score: 91/100 Custom DataBase Tables <= 2.1.34 - Reflected Cross-Site Scripting Affected: *-2.1.34 Patched: Updated: July 5, 2026
LOW

cost-calculator-builder-pro

cost-calculator-builder-pro

Score: 93/100 Cost Calculator Builder PRO <= 3.2.15 - Unauthenticated SQL Injection via data Affected: *-3.2.15 Patched: 3.2.16 Updated: July 5, 2026
LOW

conversational-forms

conversational-forms

Score: 93/100 Conversational Forms for ChatBot <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.2 Patched: 1.4.3 Updated: July 5, 2026
LOW

content-blocks-builder

content-blocks-builder

Score: 93/100 Content Blocks Builder <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.6 Patched: 2.7.7 Updated: July 5, 2026
LOW

competition-form

competition-form

Score: 89/100 Competition Form <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

competition-form

competition-form

Score: 89/100 Competition Form <= 2.0 - Cross-Site Request Forgery to Competition Deletion Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

button-block

button-block

Score: 93/100 Button Block <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.9 Patched: 1.2.0 Updated: July 5, 2026
LOW

bp-profile-shortcodes-extra

bp-profile-shortcodes-extra

Score: 89/100 BP Profile Shortcodes Extra <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.0 Patched: Updated: July 5, 2026
LOW

boot-modal

boot-modal

Score: 93/100 Boot-Modal <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.1 Patched: 1.10 Updated: July 5, 2026
LOW

black-widgets

black-widgets

Score: 91/100 Black Widgets For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.8 Patched: 1.3.9 Updated: July 5, 2026
LOW

biltorvet-dealer-tools

biltorvet-dealer-tools

Score: 91/100 Biltorvet Dealer Tools <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.22 Patched: Updated: July 5, 2026
LOW

better-user-shortcodes

better-user-shortcodes

Score: 91/100 Better User Shortcodes <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

bdthemes-element-pack-lite

bdthemes-element-pack-lite

Score: 93/100 Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.10.14 Patched: 5.10.15 Updated: July 5, 2026
LOW

author-avatars

author-avatars

Score: 91/100 Author Avatars List/Block <= 2.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.23 Patched: 2.1.24 Updated: July 5, 2026
LOW

arcadeready

arcadeready

Score: 95/100 Arcade Ready <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

alpha-price-table-for-elementor

alpha-price-table-for-elementor

Score: 95/100 Alpha Price Table For Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.8 Patched: Updated: July 5, 2026
LOW

affiliate-disclosure-statement

affiliate-disclosure-statement

Score: 95/100 Affiliate Disclosure Statement <= 0.3 - Cross-Site Request Forgery Affected: *-0.3 Patched: Updated: July 5, 2026
LOW

addfunc-mobile-detect

addfunc-mobile-detect

Score: 95/100 AddFunc Mobile Detect <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1 Patched: Updated: July 5, 2026
LOW

99fy-core

99fy-core

Score: 97/100 Free WooCommerce Theme 99fy Extension <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.8 Patched: 1.2.9 Updated: July 5, 2026
LOW

4ecps-webforms

4ecps-webforms

Score: 95/100 4ECPS Web Forms <= 0.2.18 - Unauthenticated Arbitrary File Upload Affected: *-0.2.18 Patched: Updated: July 5, 2026
LOW

3d-flipbook-dflip-lite

3d-flipbook-dflip-lite

Score: 97/100 Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.52 Patched: 2.3.53 Updated: July 5, 2026
LOW

1003-mortgage-application

1003-mortgage-application

Score: 93/100 1003 Mortgage Application <= 1.87 - Missing Authorization Affected: *-1.87 Patched: Updated: July 5, 2026
LOW

1003-mortgage-application

1003-mortgage-application

Score: 93/100 1003 Mortgage Application <= 1.87 - Missing Authorization Affected: *-1.87 Patched: Updated: July 5, 2026
LOW

service-boxs

service-boxs

Score: N/A Service Box <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9 Patched: 2.0 Updated: July 5, 2026
LOW

export-import-menus

export-import-menus

Score: 93/100 Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export Affected: *-1.9.1 Patched: 1.9.2 Updated: July 5, 2026
LOW

wp-editor-bootstrap-blocks

wp-editor-bootstrap-blocks

Score: N/A Bootstrap Blocks for WP Editor v2 <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.0 Patched: 2.5.1 Updated: July 5, 2026
LOW

master-addons

master-addons

Score: 93/100 Master Addons -- Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip Module Affected: *-2.0.6.7 Patched: 2.0.6.8 Updated: July 5, 2026
LOW

error-log-viewer-wp

error-log-viewer-wp

Score: 91/100 Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Unauthenticated Arbitrary File Read Affected: *-1.0.1.3 Patched: 1.0.4 Updated: July 5, 2026
LOW

marketplace-items

marketplace-items

Score: 89/100 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.5 Patched: Updated: July 5, 2026
LOW

marketplace-items

marketplace-items

Score: 89/100 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketplace' Shortcode Affected: *-1.5.5 Patched: Updated: July 5, 2026
LOW

social-rocket

social-rocket

Score: N/A Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update Affected: *-1.3.4 Patched: 1.3.4.1 Updated: July 5, 2026
LOW

social-rocket

social-rocket

Score: N/A Social Rocket <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.3.4 Patched: 1.3.4.1 Updated: July 5, 2026
LOW

woocommerce-digital-content-delivery-with-drm-flickrocket

woocommerce-digital-content-delivery-with-drm-flickrocket

Score: N/A WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket <= 4.75 - Reflected Cross-Site Scripting Affected: *-4.75 Patched: 4.76 Updated: July 5, 2026
LOW

geo-targetly-geo-content

geo-targetly-geo-content

Score: 93/100 Geo Content <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.0 Patched: 6.1 Updated: July 5, 2026
LOW

sweepwidget

sweepwidget

Score: N/A SweepWidget Contests, Giveaways, Photo Contests, Competitions <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.6 Patched: 2.0.7 Updated: July 5, 2026
LOW

host-php-info

host-php-info

Score: 91/100 Host PHP Info <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure Affected: *-1.0.4 Patched: Updated: July 5, 2026
LOW

post-block

post-block

Score: 91/100 FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode Export Affected: *-6.0.0 Patched: 6.0.1 Updated: July 5, 2026
LOW

chatroll-live-chat

chatroll-live-chat

Score: 93/100 Chatroll Live Chat <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.0 Patched: 2.6.0 Updated: July 5, 2026
LOW

candifly

candifly

Score: 91/100 Candifly <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: July 5, 2026
LOW

woo-binary-mlm

woo-binary-mlm

Score: N/A Binary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page' Affected: *-2.0 Patched: 2.1 Updated: July 5, 2026
LOW

woo-binary-mlm

woo-binary-mlm

Score: N/A Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.1 Updated: July 5, 2026
LOW

meteor-slides

meteor-slides

Score: 89/100 Meteor Slides <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.7 Patched: Updated: July 5, 2026

Showing 13701 to 13800 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 07:48 UTC.