Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

93

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
sakolawp-lite sakolawp-lite N/A School Management System – SakolaWP <= 1.0.8 - Unauthenticated Privilege Escalation LOW *-1.0.8 July 5, 2026
woo-ukrposhta woo-ukrposhta N/A Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters LOW *-1.17.11 1.18.0 July 5, 2026
rightmessage rightmessage N/A RightMessage WP <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.9.7 July 5, 2026
cc-canadian-mortgage-calculator cc-canadian-mortgage-calculator
93
CC Canadian Mortgage Calculator <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.0 2.1.1 July 5, 2026
wp-bulk-sms wp-bulk-sms N/A WP – Bulk SMS – by SMS.to <= 1.0.12 - Reflected Cross-Site Scripting LOW *-1.0.12 July 5, 2026
uptodown-apk-download-widget uptodown-apk-download-widget N/A Uptodown APK Download Widget <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1.10 0.1.11 July 5, 2026
image-magnify image-magnify
91
Image Magnify <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
paygreen-payment-gateway paygreen-payment-gateway
93
PayGreen Payment Gateway <= 1.0.26 - Reflected Cross-Site Scripting LOW *-1.0.26 1.0.27 July 5, 2026
yogo-booking yogo-booking N/A YOGO Booking <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.2 1.6.3 July 5, 2026
live-stock-prices-for-wordpress live-stock-prices-for-wordpress
91
Financial Stocks & Crypto Market Data Plugin <= 1.10.3 - Reflected Cross-Site Scripting LOW *-1.10.3 July 5, 2026
pixnet pixnet
91
PIXNET Plugin <= 2.9.10 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.9.10 July 5, 2026
Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode chat-viber
92
Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.3 1.7.4 July 5, 2026
payu-india payu-india
93
PayU CommercePro Plugin <= 3.8.3 - Unauthenticated Privilege Escalation LOW *-3.8.3 3.8.4 July 5, 2026
wpschoolpress wpschoolpress N/A School Management System – WPSchoolPress <= 2.2.14 - Authenticated (Student/Parent+) SQL Injection LOW *-2.2.14 2.2.15 July 5, 2026
toggles-shortcode-and-widget toggles-shortcode-and-widget N/A Toggles Shortcode and Widget <= 1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.14 July 5, 2026
infility-global infility-global
81
Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update LOW *-2.9.8 2.9.9 July 5, 2026
infility-global infility-global
81
Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter LOW *-2.9.8 2.9.9 July 5, 2026
ai-addons-for-elementor ai-addons-for-elementor
95
Elementor AI Addons – 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Contributor+) Private Templates Content Disclosure LOW *-2.2.1 July 5, 2026
smartemailing smartemailing N/A SmartEmailing.cz <= 2.2.0 - Reflected Cross-Site Scripting LOW *-2.2.0 2.2.6 July 5, 2026
same-but-different same-but-different N/A Same but Different – Related Posts by Taxonomy <= 1.0.16 - Reflected Cross-Site Scripting LOW *-1.0.16 July 5, 2026
seo-keywords seo-keywords N/A SEO Keywords <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter LOW *-1.1.3 July 5, 2026
muzaara-adwords-optimize-dashboard muzaara-adwords-optimize-dashboard
89
Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Information Exposure LOW *-3.1 July 5, 2026
member-access member-access
91
Member Access <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-1.1.6 July 5, 2026
woocommerce-hss-extension-for-streaming-video woocommerce-hss-extension-for-streaming-video N/A WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter LOW *-3.31 July 5, 2026
woocommerce-compare-products woocommerce-compare-products N/A Compare Products for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting LOW *-3.2.1 3.2.2 July 5, 2026
woocommerce-compare-products woocommerce-compare-products N/A Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection LOW *-3.2.1 3.2.2 July 5, 2026
horoscope-and-tarot horoscope-and-tarot
93
Horoscope And Tarot <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.0 1.3.1 July 5, 2026
simple-add-pages-or-posts simple-add-pages-or-posts N/A Simple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-2.0.0 July 5, 2026
common-ninja common-ninja
91
Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 5, 2026
ultimate-popup-creator ultimate-popup-creator N/A Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection LOW *-3.2.6 July 5, 2026
unilevel-mlm-plan unilevel-mlm-plan N/A Unilevel MLM Plan <= 1.1.0 - Reflected Cross-Site Scripting via 'page' LOW *-1.1.0 2.0.0 July 5, 2026
seo-beginner-auto-post seo-beginner-auto-post N/A SEO LAT Auto Post <= 2.2.1 - Missing Authorization to File Overwrite/Upload (Remote Code Execution) LOW *-2.2.1 July 5, 2026
bizapp-for-woocommerce bizapp-for-woocommerce
91
Bizapp for WooCommerce <= 2.0.8 - Reflected Cross-Site Scripting LOW *-2.0.8 July 5, 2026
wordlift wordlift N/A WordLift – AI powered SEO – Schema <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update LOW *-3.54.2 3.54.3 July 5, 2026
automate-hub-free-by-sperse-io automate-hub-free-by-sperse-io
89
Automate Hub Free by Sperse.IO <= 1.7.0 - Reflected Cross-Site Scripting LOW *-1.7.0 July 5, 2026
lazyload-background-images lazyload-background-images
91
LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update LOW *-1.0.7 July 5, 2026
viewmedica viewmedica N/A ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection LOW *-1.4.17 1.4.18 July 5, 2026
viewmedica viewmedica N/A ViewMedica 9 <= 1.4.17 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-1.4.17 1.4.18 July 5, 2026
gdy-modular-content gdy-modular-content
93
GDY Modular Content <= 0.9.92 - Reflected Cross-Site Scripting LOW *-0.9.92 0.9.93 July 5, 2026
wc1c-main wc1c-main N/A WC1C <= 0.23.0 - Reflected Cross-Site Scripting LOW *-0.23.0 July 5, 2026
theperfectweddingnl-widget theperfectweddingnl-widget N/A ThePerfectWedding.nl Widget <= 2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.8 2.9 July 5, 2026
yikes-inc-easy-custom-woocommerce-product-tabs yikes-inc-easy-custom-woocommerce-product-tabs N/A Custom Product Tabs for WooCommerce <= 1.8.5 - Authenticated (Shop Manager+) PHP Object Injection LOW *-1.8.5 1.8.6 July 5, 2026
spacer spacer N/A Spacer <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Limited Information Disclosure LOW *-3.0.7 July 5, 2026
enable-accessibility enable-accessibility
91
Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting LOW *-1.4.1 July 5, 2026
tc-ecommerce tc-ecommerce N/A Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation LOW *-1.3.4 1.4.0 July 5, 2026
timeline-designer timeline-designer N/A Timeline Designer <= 1.4 - Authenticated (Admin+) SQL Injection LOW *-1.4 1.4.1 July 5, 2026
woomotiv woomotiv N/A Woomotiv <= 3.6.1 - Unauthenticated SQL Injection LOW *-3.6.1 3.6.3 July 5, 2026
chative-live-chat-and-chatbot chative-live-chat-and-chatbot
93
Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function LOW *-1.1 1.2 July 5, 2026
cf7-styler cf7-styler
91
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting LOW *-1.7.1 July 5, 2026
duplicate-pp duplicate-pp
93
Duplicate Post, Page and Any Custom Post <= 3.5.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication LOW *-3.5.5 3.5.6 July 5, 2026
transportersio transportersio N/A Transporters.io <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1.1 2.1.2 July 5, 2026
clickdesigns clickdesigns
93
ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal LOW *-1.8.0 2.0.0 July 5, 2026
sell-media sell-media N/A Sell Media <= 2.5.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5.8.5 July 5, 2026
wp-survey-and-poll wp-survey-and-poll N/A WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.5 July 5, 2026
sellsy sellsy N/A Sellsy <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.3 2.4.0 July 5, 2026
formaloo-form-builder formaloo-form-builder
91
Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1.3.2 July 5, 2026
slider-pro-lite slider-pro-lite N/A Slider Pro Lite <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.1 July 5, 2026
wp-youtube-gallery wp-youtube-gallery N/A WP Youtube Gallery <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter LOW *-1.9 2.0 July 5, 2026
wpbits-addons-for-elementor wpbits-addons-for-elementor N/A WPBITS Addons For Elementor Page Builder <= 1.5.1 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-1.5.1 1.6 July 5, 2026
wp-triggers-lite wp-triggers-lite N/A WP Triggers Lite <= 2.5.3 - Authenticated (Admin+) SQL Injection LOW *-2.5.3 July 5, 2026
wp-triggers-lite wp-triggers-lite N/A WP Triggers Lite <= 2.5.3 - Reflected Cross-Site Scripting LOW *-2.5.3 July 5, 2026
wp-stats-manager wp-stats-manager N/A WP Visitor Statistics (Real Time Traffic) <= 7.5 - Missing Authorization LOW *-7.5 7.6 July 5, 2026
wp-mailster wp-mailster N/A WP Mailster <= 1.8.17.0 - Unauthenticated Sensitive Information Exposure LOW *-1.8.17.0 1.8.18.0 July 5, 2026
wp-jquery-datatable wp-jquery-datatable N/A WP jQuery DataTable <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.0.1 4.1.0 July 5, 2026
wp-job-portal wp-job-portal N/A WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference LOW *-2.2.5 2.2.6 July 5, 2026
wp-fullcalendar wp-fullcalendar N/A WP FullCalendar <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5 1.6 July 5, 2026
Iptanus File Upload wp-file-upload
76
WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal LOW *-4.24.15 4.25.0 July 5, 2026
woo-product-table woo-product-table N/A Product Table for WooCommerce <= 4.0.3 - Reflected Cross-Site Scripting LOW *-4.0.3 5.0.0 July 5, 2026
widgetize-pages-light widgetize-pages-light N/A Widgetize Pages Light <= 3.0 - Reflected Cross-Site Scripting LOW *-3.0 July 5, 2026
wc-affiliate wc-affiliate N/A WC Affiliate <= 2.3 - Reflected Cross-Site Scripting LOW *-2.3 2.4 July 5, 2026
ultimate-popup-creator ultimate-popup-creator N/A Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation LOW *-3.2.6 July 5, 2026
typing-text typing-text N/A Typing Text <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.7 July 5, 2026
tripetto tripetto N/A WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.6 - Unauthenticated Stored Cross-Site Scripting LOW *-8.0.6 8.0.7 July 5, 2026
thim-elementor-kit thim-elementor-kit N/A Thim Elementor Kit <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.9 1.2.9.1 July 5, 2026
templatesnext-toolkit templatesnext-toolkit N/A TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.9 July 5, 2026
store-credit-for-woocommerce store-credit-for-woocommerce N/A Store credit / Gift cards for woocommerce <= 1.0.49.46 - Reflected Cross-Site Scripting LOW *-1.0.49.46 1.0.49.47 July 5, 2026
speakout speakout N/A SpeakOut! Email Petitions <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.4.2 4.5.0 July 5, 2026
solar-wizard-lite solar-wizard-lite N/A Solar Wizard Lite <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.4 1.2.5 July 5, 2026
sms-alert sms-alert N/A SMS Alert Order Notifications – WooCommerce <= 3.7.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-3.7.6 3.7.7 July 5, 2026
smart-custom-fields smart-custom-fields N/A Smart Custom Fields <= 5.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.0.0 5.0.1 July 5, 2026
sina-extension-for-elementor sina-extension-for-elementor N/A Sina Extension for Elementor <= 3.5.91 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Sina Image Differ LOW *-3.5.91 3.6.0 July 5, 2026
simple-video-management-system simple-video-management-system N/A Simple Video Management System <= 1.0.4 - Reflected Cross-Site Scripting LOW *-1.0.4 July 5, 2026
share-buttons share-buttons N/A Social Share Buttons for WordPress <= 2.7 - Missing Authorization to Unauthenticated Image Upload & Path Traversal LOW *-2.7 July 5, 2026
share-buttons share-buttons N/A Social Share Buttons for WordPress <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.7 July 5, 2026
rsvp rsvp N/A RSVP and Event Management <= 2.7.13 - Missing Authorization LOW *-2.7.13 2.7.14 July 5, 2026
rezgo rezgo N/A Rezgo Online Booking <= 4.17 - Unauthenticated Local File Inclusion LOW *-4.17 4.17.1 July 5, 2026
quillforms quillforms N/A Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.10.0 4.0.0 July 5, 2026
profile-builder profile-builder N/A User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting LOW *-3.12.9 3.13.0 July 5, 2026
posturinn posturinn N/A Pósturinn\'s Shipping with WooCommerce <= 1.3.1 - Reflected Cross-Site Scripting LOW *-1.3.1 1.3.3 July 5, 2026
post-saint post-saint N/A Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.3.1 July 5, 2026
pixelyoursite pixelyoursite
93
PixelYourSite – Your smart PIXEL (TAG) Manager <= 10.0.1.2 - Cross-Site Request Forgery LOW *-10.0.1.2 10.0.2 July 5, 2026
mybooktable mybooktable
89
MyBookTable Bookstore <= 3.5.3 - Cross-Site Request Forgery LOW *-3.5.3 3.5.4 July 5, 2026
mipl-wc-multisite-sync mipl-wc-multisite-sync
91
MIPL WC Multisite Sync <= 1.1.5 - Unauthenticated Arbitrary File Download LOW *-1.1.5 1.1.6 July 5, 2026
link-whisper link-whisper
93
Link Whisper Free <= 0.7.8 - Unauthenticated Sensitive Information Exposure LOW *-0.7.8 0.7.9 July 5, 2026
korea-for-woocommerce korea-for-woocommerce
93
Korea for WooCommerce <= 1.1.11 - Authenticated (Subscriber+) Sensitive Information Exposure LOW *-1.1.11 1.1.12 July 5, 2026
jupiterx-core jupiterx-core
93
Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export LOW *-4.8.5 4.8.6 July 5, 2026
jupiterx-core jupiterx-core
93
Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync LOW *-4.8.5 4.8.6 July 5, 2026
joomsport-sports-league-results-management joomsport-sports-league-results-management
93
JoomSport <= 5.6.17 - Reflected Cross-Site Scripting via page LOW *-5.6.17 5.6.18 July 5, 2026
Hive Support | AI-Powered Help Desk, Live Chat and Chatbot hive-support
68
Hive Support – WordPress Help Desk <= 1.1.6 - Missing Authorization LOW *-1.1.6 1.1.7 July 5, 2026
hero-banner-ultimate hero-banner-ultimate
93
Hero Banner Ultimate <= 1.4.4 - Authenticated (Author+) Local File Inclusion LOW *-1.4.4 1.4.5 July 5, 2026
LOW

sakolawp-lite

sakolawp-lite

Score: N/A School Management System – SakolaWP <= 1.0.8 - Unauthenticated Privilege Escalation Affected: *-1.0.8 Patched: Updated: July 5, 2026
LOW

woo-ukrposhta

woo-ukrposhta

Score: N/A Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters Affected: *-1.17.11 Patched: 1.18.0 Updated: July 5, 2026
LOW

rightmessage

rightmessage

Score: N/A RightMessage WP <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.9.7 Patched: Updated: July 5, 2026
LOW

cc-canadian-mortgage-calculator

cc-canadian-mortgage-calculator

Score: 93/100 CC Canadian Mortgage Calculator <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.0 Patched: 2.1.1 Updated: July 5, 2026
LOW

wp-bulk-sms

wp-bulk-sms

Score: N/A WP – Bulk SMS – by SMS.to <= 1.0.12 - Reflected Cross-Site Scripting Affected: *-1.0.12 Patched: Updated: July 5, 2026
LOW

uptodown-apk-download-widget

uptodown-apk-download-widget

Score: N/A Uptodown APK Download Widget <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.10 Patched: 0.1.11 Updated: July 5, 2026
LOW

image-magnify

image-magnify

Score: 91/100 Image Magnify <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

paygreen-payment-gateway

paygreen-payment-gateway

Score: 93/100 PayGreen Payment Gateway <= 1.0.26 - Reflected Cross-Site Scripting Affected: *-1.0.26 Patched: 1.0.27 Updated: July 5, 2026
LOW

yogo-booking

yogo-booking

Score: N/A YOGO Booking <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.2 Patched: 1.6.3 Updated: July 5, 2026
LOW

live-stock-prices-for-wordpress

live-stock-prices-for-wordpress

Score: 91/100 Financial Stocks & Crypto Market Data Plugin <= 1.10.3 - Reflected Cross-Site Scripting Affected: *-1.10.3 Patched: Updated: July 5, 2026
LOW

pixnet

pixnet

Score: 91/100 PIXNET Plugin <= 2.9.10 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.9.10 Patched: Updated: July 5, 2026
LOW

payu-india

payu-india

Score: 93/100 PayU CommercePro Plugin <= 3.8.3 - Unauthenticated Privilege Escalation Affected: *-3.8.3 Patched: 3.8.4 Updated: July 5, 2026
LOW

wpschoolpress

wpschoolpress

Score: N/A School Management System – WPSchoolPress <= 2.2.14 - Authenticated (Student/Parent+) SQL Injection Affected: *-2.2.14 Patched: 2.2.15 Updated: July 5, 2026
LOW

toggles-shortcode-and-widget

toggles-shortcode-and-widget

Score: N/A Toggles Shortcode and Widget <= 1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.14 Patched: Updated: July 5, 2026
LOW

infility-global

infility-global

Score: 81/100 Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update Affected: *-2.9.8 Patched: 2.9.9 Updated: July 5, 2026
LOW

infility-global

infility-global

Score: 81/100 Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter Affected: *-2.9.8 Patched: 2.9.9 Updated: July 5, 2026
LOW

ai-addons-for-elementor

ai-addons-for-elementor

Score: 95/100 Elementor AI Addons – 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Contributor+) Private Templates Content Disclosure Affected: *-2.2.1 Patched: Updated: July 5, 2026
LOW

smartemailing

smartemailing

Score: N/A SmartEmailing.cz <= 2.2.0 - Reflected Cross-Site Scripting Affected: *-2.2.0 Patched: 2.2.6 Updated: July 5, 2026
LOW

same-but-different

same-but-different

Score: N/A Same but Different – Related Posts by Taxonomy <= 1.0.16 - Reflected Cross-Site Scripting Affected: *-1.0.16 Patched: Updated: July 5, 2026
LOW

seo-keywords

seo-keywords

Score: N/A SEO Keywords <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter Affected: *-1.1.3 Patched: Updated: July 5, 2026
LOW

muzaara-adwords-optimize-dashboard

muzaara-adwords-optimize-dashboard

Score: 89/100 Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Information Exposure Affected: *-3.1 Patched: Updated: July 5, 2026
LOW

member-access

member-access

Score: 91/100 Member Access <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-1.1.6 Patched: Updated: July 5, 2026
LOW

woocommerce-hss-extension-for-streaming-video

woocommerce-hss-extension-for-streaming-video

Score: N/A WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter Affected: *-3.31 Patched: Updated: July 5, 2026
LOW

woocommerce-compare-products

woocommerce-compare-products

Score: N/A Compare Products for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2 Updated: July 5, 2026
LOW

woocommerce-compare-products

woocommerce-compare-products

Score: N/A Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection Affected: *-3.2.1 Patched: 3.2.2 Updated: July 5, 2026
LOW

horoscope-and-tarot

horoscope-and-tarot

Score: 93/100 Horoscope And Tarot <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: July 5, 2026
LOW

simple-add-pages-or-posts

simple-add-pages-or-posts

Score: N/A Simple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 5, 2026
LOW

common-ninja

common-ninja

Score: 91/100 Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

ultimate-popup-creator

ultimate-popup-creator

Score: N/A Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection Affected: *-3.2.6 Patched: Updated: July 5, 2026
LOW

unilevel-mlm-plan

unilevel-mlm-plan

Score: N/A Unilevel MLM Plan <= 1.1.0 - Reflected Cross-Site Scripting via 'page' Affected: *-1.1.0 Patched: 2.0.0 Updated: July 5, 2026
LOW

seo-beginner-auto-post

seo-beginner-auto-post

Score: N/A SEO LAT Auto Post <= 2.2.1 - Missing Authorization to File Overwrite/Upload (Remote Code Execution) Affected: *-2.2.1 Patched: Updated: July 5, 2026
LOW

bizapp-for-woocommerce

bizapp-for-woocommerce

Score: 91/100 Bizapp for WooCommerce <= 2.0.8 - Reflected Cross-Site Scripting Affected: *-2.0.8 Patched: Updated: July 5, 2026
LOW

wordlift

wordlift

Score: N/A WordLift – AI powered SEO – Schema <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-3.54.2 Patched: 3.54.3 Updated: July 5, 2026
LOW

automate-hub-free-by-sperse-io

automate-hub-free-by-sperse-io

Score: 89/100 Automate Hub Free by Sperse.IO <= 1.7.0 - Reflected Cross-Site Scripting Affected: *-1.7.0 Patched: Updated: July 5, 2026
LOW

lazyload-background-images

lazyload-background-images

Score: 91/100 LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update Affected: *-1.0.7 Patched: Updated: July 5, 2026
LOW

viewmedica

viewmedica

Score: N/A ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection Affected: *-1.4.17 Patched: 1.4.18 Updated: July 5, 2026
LOW

viewmedica

viewmedica

Score: N/A ViewMedica 9 <= 1.4.17 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-1.4.17 Patched: 1.4.18 Updated: July 5, 2026
LOW

gdy-modular-content

gdy-modular-content

Score: 93/100 GDY Modular Content <= 0.9.92 - Reflected Cross-Site Scripting Affected: *-0.9.92 Patched: 0.9.93 Updated: July 5, 2026
LOW

wc1c-main

wc1c-main

Score: N/A WC1C <= 0.23.0 - Reflected Cross-Site Scripting Affected: *-0.23.0 Patched: Updated: July 5, 2026
LOW

theperfectweddingnl-widget

theperfectweddingnl-widget

Score: N/A ThePerfectWedding.nl Widget <= 2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.8 Patched: 2.9 Updated: July 5, 2026
LOW

yikes-inc-easy-custom-woocommerce-product-tabs

yikes-inc-easy-custom-woocommerce-product-tabs

Score: N/A Custom Product Tabs for WooCommerce <= 1.8.5 - Authenticated (Shop Manager+) PHP Object Injection Affected: *-1.8.5 Patched: 1.8.6 Updated: July 5, 2026
LOW

spacer

spacer

Score: N/A Spacer <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Limited Information Disclosure Affected: *-3.0.7 Patched: Updated: July 5, 2026
LOW

enable-accessibility

enable-accessibility

Score: 91/100 Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 5, 2026
LOW

tc-ecommerce

tc-ecommerce

Score: N/A Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation Affected: *-1.3.4 Patched: 1.4.0 Updated: July 5, 2026
LOW

timeline-designer

timeline-designer

Score: N/A Timeline Designer <= 1.4 - Authenticated (Admin+) SQL Injection Affected: *-1.4 Patched: 1.4.1 Updated: July 5, 2026
LOW

woomotiv

woomotiv

Score: N/A Woomotiv <= 3.6.1 - Unauthenticated SQL Injection Affected: *-3.6.1 Patched: 3.6.3 Updated: July 5, 2026
LOW

chative-live-chat-and-chatbot

chative-live-chat-and-chatbot

Score: 93/100 Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function Affected: *-1.1 Patched: 1.2 Updated: July 5, 2026
LOW

cf7-styler

cf7-styler

Score: 91/100 Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting Affected: *-1.7.1 Patched: Updated: July 5, 2026
LOW

duplicate-pp

duplicate-pp

Score: 93/100 Duplicate Post, Page and Any Custom Post <= 3.5.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication Affected: *-3.5.5 Patched: 3.5.6 Updated: July 5, 2026
LOW

transportersio

transportersio

Score: N/A Transporters.io <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1.1 Patched: 2.1.2 Updated: July 5, 2026
LOW

clickdesigns

clickdesigns

Score: 93/100 ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal Affected: *-1.8.0 Patched: 2.0.0 Updated: July 5, 2026
LOW

sell-media

sell-media

Score: N/A Sell Media <= 2.5.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5.8.5 Patched: Updated: July 5, 2026
LOW

wp-survey-and-poll

wp-survey-and-poll

Score: N/A WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.5 Patched: Updated: July 5, 2026
LOW

sellsy

sellsy

Score: N/A Sellsy <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.3 Patched: 2.4.0 Updated: July 5, 2026
LOW

formaloo-form-builder

formaloo-form-builder

Score: 91/100 Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1.3.2 Patched: Updated: July 5, 2026
LOW

slider-pro-lite

slider-pro-lite

Score: N/A Slider Pro Lite <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 5, 2026
LOW

wp-youtube-gallery

wp-youtube-gallery

Score: N/A WP Youtube Gallery <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-1.9 Patched: 2.0 Updated: July 5, 2026
LOW

wpbits-addons-for-elementor

wpbits-addons-for-elementor

Score: N/A WPBITS Addons For Elementor Page Builder <= 1.5.1 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: 1.6 Updated: July 5, 2026
LOW

wp-triggers-lite

wp-triggers-lite

Score: N/A WP Triggers Lite <= 2.5.3 - Authenticated (Admin+) SQL Injection Affected: *-2.5.3 Patched: Updated: July 5, 2026
LOW

wp-triggers-lite

wp-triggers-lite

Score: N/A WP Triggers Lite <= 2.5.3 - Reflected Cross-Site Scripting Affected: *-2.5.3 Patched: Updated: July 5, 2026
LOW

wp-stats-manager

wp-stats-manager

Score: N/A WP Visitor Statistics (Real Time Traffic) <= 7.5 - Missing Authorization Affected: *-7.5 Patched: 7.6 Updated: July 5, 2026
LOW

wp-mailster

wp-mailster

Score: N/A WP Mailster <= 1.8.17.0 - Unauthenticated Sensitive Information Exposure Affected: *-1.8.17.0 Patched: 1.8.18.0 Updated: July 5, 2026
LOW

wp-jquery-datatable

wp-jquery-datatable

Score: N/A WP jQuery DataTable <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.1 Patched: 4.1.0 Updated: July 5, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-2.2.5 Patched: 2.2.6 Updated: July 5, 2026
LOW

wp-fullcalendar

wp-fullcalendar

Score: N/A WP FullCalendar <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5 Patched: 1.6 Updated: July 5, 2026
LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal Affected: *-4.24.15 Patched: 4.25.0 Updated: July 5, 2026
LOW

woo-product-table

woo-product-table

Score: N/A Product Table for WooCommerce <= 4.0.3 - Reflected Cross-Site Scripting Affected: *-4.0.3 Patched: 5.0.0 Updated: July 5, 2026
LOW

widgetize-pages-light

widgetize-pages-light

Score: N/A Widgetize Pages Light <= 3.0 - Reflected Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 5, 2026
LOW

wc-affiliate

wc-affiliate

Score: N/A WC Affiliate <= 2.3 - Reflected Cross-Site Scripting Affected: *-2.3 Patched: 2.4 Updated: July 5, 2026
LOW

ultimate-popup-creator

ultimate-popup-creator

Score: N/A Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation Affected: *-3.2.6 Patched: Updated: July 5, 2026
LOW

typing-text

typing-text

Score: N/A Typing Text <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.7 Patched: Updated: July 5, 2026
LOW

tripetto

tripetto

Score: N/A WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-8.0.6 Patched: 8.0.7 Updated: July 5, 2026
LOW

thim-elementor-kit

thim-elementor-kit

Score: N/A Thim Elementor Kit <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.9 Patched: 1.2.9.1 Updated: July 5, 2026
LOW

templatesnext-toolkit

templatesnext-toolkit

Score: N/A TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.9 Patched: Updated: July 5, 2026
LOW

store-credit-for-woocommerce

store-credit-for-woocommerce

Score: N/A Store credit / Gift cards for woocommerce <= 1.0.49.46 - Reflected Cross-Site Scripting Affected: *-1.0.49.46 Patched: 1.0.49.47 Updated: July 5, 2026
LOW

speakout

speakout

Score: N/A SpeakOut! Email Petitions <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.4.2 Patched: 4.5.0 Updated: July 5, 2026
LOW

solar-wizard-lite

solar-wizard-lite

Score: N/A Solar Wizard Lite <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.4 Patched: 1.2.5 Updated: July 5, 2026
LOW

sms-alert

sms-alert

Score: N/A SMS Alert Order Notifications – WooCommerce <= 3.7.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-3.7.6 Patched: 3.7.7 Updated: July 5, 2026
LOW

smart-custom-fields

smart-custom-fields

Score: N/A Smart Custom Fields <= 5.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.0.0 Patched: 5.0.1 Updated: July 5, 2026
LOW

sina-extension-for-elementor

sina-extension-for-elementor

Score: N/A Sina Extension for Elementor <= 3.5.91 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Sina Image Differ Affected: *-3.5.91 Patched: 3.6.0 Updated: July 5, 2026
LOW

simple-video-management-system

simple-video-management-system

Score: N/A Simple Video Management System <= 1.0.4 - Reflected Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 5, 2026
LOW

share-buttons

share-buttons

Score: N/A Social Share Buttons for WordPress <= 2.7 - Missing Authorization to Unauthenticated Image Upload & Path Traversal Affected: *-2.7 Patched: Updated: July 5, 2026
LOW

share-buttons

share-buttons

Score: N/A Social Share Buttons for WordPress <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.7 Patched: Updated: July 5, 2026
LOW

rsvp

rsvp

Score: N/A RSVP and Event Management <= 2.7.13 - Missing Authorization Affected: *-2.7.13 Patched: 2.7.14 Updated: July 5, 2026
LOW

rezgo

rezgo

Score: N/A Rezgo Online Booking <= 4.17 - Unauthenticated Local File Inclusion Affected: *-4.17 Patched: 4.17.1 Updated: July 5, 2026
LOW

quillforms

quillforms

Score: N/A Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.10.0 Patched: 4.0.0 Updated: July 5, 2026
LOW

profile-builder

profile-builder

Score: N/A User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.12.9 Patched: 3.13.0 Updated: July 5, 2026
LOW

posturinn

posturinn

Score: N/A Pósturinn\'s Shipping with WooCommerce <= 1.3.1 - Reflected Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.3 Updated: July 5, 2026
LOW

post-saint

post-saint

Score: N/A Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.3.1 Patched: Updated: July 5, 2026
LOW

pixelyoursite

pixelyoursite

Score: 93/100 PixelYourSite – Your smart PIXEL (TAG) Manager <= 10.0.1.2 - Cross-Site Request Forgery Affected: *-10.0.1.2 Patched: 10.0.2 Updated: July 5, 2026
LOW

mybooktable

mybooktable

Score: 89/100 MyBookTable Bookstore <= 3.5.3 - Cross-Site Request Forgery Affected: *-3.5.3 Patched: 3.5.4 Updated: July 5, 2026
LOW

mipl-wc-multisite-sync

mipl-wc-multisite-sync

Score: 91/100 MIPL WC Multisite Sync <= 1.1.5 - Unauthenticated Arbitrary File Download Affected: *-1.1.5 Patched: 1.1.6 Updated: July 5, 2026
LOW

link-whisper

link-whisper

Score: 93/100 Link Whisper Free <= 0.7.8 - Unauthenticated Sensitive Information Exposure Affected: *-0.7.8 Patched: 0.7.9 Updated: July 5, 2026
LOW

korea-for-woocommerce

korea-for-woocommerce

Score: 93/100 Korea for WooCommerce <= 1.1.11 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-1.1.11 Patched: 1.1.12 Updated: July 5, 2026
LOW

jupiterx-core

jupiterx-core

Score: 93/100 Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export Affected: *-4.8.5 Patched: 4.8.6 Updated: July 5, 2026
LOW

jupiterx-core

jupiterx-core

Score: 93/100 Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync Affected: *-4.8.5 Patched: 4.8.6 Updated: July 5, 2026
LOW

joomsport-sports-league-results-management

joomsport-sports-league-results-management

Score: 93/100 JoomSport <= 5.6.17 - Reflected Cross-Site Scripting via page Affected: *-5.6.17 Patched: 5.6.18 Updated: July 5, 2026
LOW

hero-banner-ultimate

hero-banner-ultimate

Score: 93/100 Hero Banner Ultimate <= 1.4.4 - Authenticated (Author+) Local File Inclusion Affected: *-1.4.4 Patched: 1.4.5 Updated: July 5, 2026

Showing 13801 to 13900 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 08:39 UTC.