Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

92

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
hash-elements hash-elements
93
Hash Elements <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.0 1.5.1 July 5, 2026
gutentor gutentor
91
Gutentor <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.4.3 3.4.4 July 5, 2026
food-store food-store
91
Food Store – Online Food Delivery & Pickup <= 1.5.2 - Reflected Cross-Site Scripting LOW *-1.5.2 July 5, 2026
estatik-mortgage-calculator estatik-mortgage-calculator
86
Estatik Mortgage Calculator <= 2.0.11 - Reflected Cross-Site Scripting LOW *-2.0.11 2.0.12 July 5, 2026
dyn-business-panel dyn-business-panel
87
Dyn Business Panel <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
dyn-business-panel dyn-business-panel
87
Dyn Business Panel <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
dyn-business-panel dyn-business-panel
87
Dyn Business Panel <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 5, 2026
directorypress directorypress
93
DirectoryPress <= 3.6.19 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-3.6.19 3.6.20 July 5, 2026
dental-optimizer-patient-generator-app dental-optimizer-patient-generator-app
91
Dental Optimizer Patient Generator App <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
customer-area customer-area
89
WP Customer Area <= 8.2.4 - Cross-Site Request Forgery to Event Log Deletion LOW *-8.2.4 8.2.5 July 5, 2026
customer-area customer-area
89
WP Customer Area <= 8.2.4 - Cross-Site Request Forgery to Bulk Deletion LOW *-8.2.4 8.2.5 July 5, 2026
custom-field-for-wp-job-manager custom-field-for-wp-job-manager
93
Custom Field For WP Job Manager <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 1.4 July 5, 2026
cubewp-forms cubewp-forms
91
CubeWP Forms – All-in-One Form Builder <= 1.1.5 - Missing Authorization LOW *-1.1.5 July 5, 2026
croma-music croma-music
93
Croma Music <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax LOW *-3.6 3.6.1 July 5, 2026
crelly-slider crelly-slider
91
Crelly Slider <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.4.5 1.4.7 July 5, 2026
coupon-lite coupon-lite
91
Coupon Plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.1 1.2.2 July 5, 2026
content-protector content-protector
93
Passster – Password Protect Pages and Content <= 4.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-4.2.10 4.2.11 July 5, 2026
clickwhale clickwhale
93
ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) SQL Injection LOW *-2.4.1 2.4.2 July 5, 2026
bwd-elementor-addons bwd-elementor-addons
91
BWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates LOW *-4.3.18 4.3.19 July 5, 2026
bus-ticket-booking-with-seat-reservation bus-ticket-booking-with-seat-reservation
91
Bus Ticket Booking with Seat Reservation <= 5.4.3 - Cross-Site Request Forgery LOW *-5.4.3 5.4.5 July 5, 2026
build-app-online build-app-online
85
Build App Online <= 1.0.23 - Unauthenticated Local File Inclusion LOW *-1.0.23 July 5, 2026
booking-calendar-pro booking-calendar-pro
93
Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' LOW *-11.2.19 11.2.20 July 5, 2026
booking-calendar booking-calendar
91
Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' LOW *-3.2.19 3.2.20 July 5, 2026
beacon-by beacon-by
93
Beacon Lead Magnets and Lead Capture <= 1.5.7 - Reflected Cross-Site Scripting LOW *-1.5.7 1.5.8 July 5, 2026
ars-affiliate-page ars-affiliate-page
97
ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting LOW *-2.0.2 2.0.4 July 5, 2026
arforms-form-builder arforms-form-builder
95
Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting LOW *-1.7.0 1.7.1 July 5, 2026
appizy-app-embed appizy-app-embed
97
App Embed <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.2 2.4.0 July 5, 2026
altra-side-menu altra-side-menu
95
Altra Side Menu <= 2.0 - Cross-Site Request Forgery to Arbitrary Menu Deletion LOW *-2.0 July 5, 2026
altra-side-menu altra-side-menu
95
Altra Side Menu <= 2.0 - Authenticated (Admin+) SQL Injection LOW *-2.0 July 5, 2026
ai-wp-writer ai-wp-writer
97
AI WP Writer <= 3.8.4.4 - Cross-Site Request Forgery LOW *-3.8.4.4 3.8.4.5 July 5, 2026
SOOZ – AI for SEO – Bulk Generate Focus Keyphrases, Metadata, Alt Text (SEO Autopilot) ai-for-seo
92
AI for SEO <= 1.2.9 - Missing Authorization LOW *-1.2.9 1.2.10 July 5, 2026
WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek ai-content-generation
89
WP Wand <= 1.2.5 - Missing Authorization LOW *-1.2.5 1.2.6 July 5, 2026
paytm-donation paytm-donation
91
Paytm Payment Donation <= 2.3.1 - Reflected Cross-Site Scripting LOW *-2.3.1 2.3.2 July 5, 2026
ni-crm-lead ni-crm-lead
89
Ni CRM Lead <= 1.3.0 - Reflected Cross-Site Scripting LOW *-1.3.0 July 5, 2026
advanced-options-editor advanced-options-editor
95
Advanced Options Editor <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
advanced-dynamic-pricing-for-woocommerce advanced-dynamic-pricing-for-woocommerce
97
Advanced Dynamic Pricing for WooCommerce <= 4.9.0 - Reflected Cross-Site Scripting LOW *-4.9.0 4.9.1 July 5, 2026
sikshya sikshya N/A Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting LOW *-0.0.21 0.0.22 July 5, 2026
wp-fb-autoconnect wp-fb-autoconnect N/A WP Social AutoConnect <= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-4.6.2 4.6.3 July 5, 2026
wp-multi-store-locator wp-multi-store-locator N/A WP Multi Store Locator <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.1 2.4.6 July 5, 2026
weaver-for-bbpress weaver-for-bbpress N/A Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter LOW *-1.6.3 1.7.1 July 5, 2026
taskbuilder taskbuilder N/A Taskbuilder – WordPress Project & Task Management plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode LOW *-3.0.6 3.0.7 July 5, 2026
scratch-win-giveaways-for-website-facebook scratch-win-giveaways-for-website-facebook N/A Scratch & Win – Giveaways and Contests <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function LOW *-2.7.1 2.8.0 July 5, 2026
media-library-assistant media-library-assistant
93
Media Library Assistant <= 3.23 - Reflected Cross-Site Scripting via smc_settings_tab, unattachfixit-action, and woofixit-action Parameters LOW *-3.23 3.24 July 5, 2026
WP Compress – Instant Performance & Speed Optimization wp-compress-image-optimizer
61
WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter LOW *-6.30.03 6.30.04 July 5, 2026
WP Popular Posts wordpress-popular-posts N/A WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution LOW *-7.1.0 7.2.0 July 5, 2026
wp-responsive-photo-gallery wp-responsive-photo-gallery N/A Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request Forgery LOW *-1.0.15 1.0.16 July 5, 2026
z-inventory-manager z-inventory-manager N/A PlainInventory <= 3.1.6 - Unauthenticated PHP Object Injection LOW *-3.1.6 3.1.7 July 5, 2026
WPvivid — Backup, Migration & Staging wpvivid-backuprestore
63
WPvivid Backup and Migration <= 0.9.106 - Missing Authorization LOW *-0.9.106 0.9.107 July 5, 2026
wpsol wpsol N/A wpSOL <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.0 July 5, 2026
wpmozo-addons-lite-for-elementor wpmozo-addons-lite-for-elementor N/A WPMozo Addons Lite for Elementor <= 1.1.0 - Authenticated (Contributor+) Local File Inclusion LOW *-1.1.0 1.1.1 July 5, 2026
wpguppy-lite wpguppy-lite N/A WPGuppy <= 1.1.0 - Authenticated (Subscriber+) Privilege Escalation LOW *-1.1.0 1.1.1 July 5, 2026
wpguppy-lite wpguppy-lite N/A WPGuppy <= 1.1.0 - Unauthenticated PHP Object Injection LOW *-1.1.0 1.1.1 July 5, 2026
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More wpforms-lite
70
Contact Form by WPForms <= 1.9.2.2 - Missing Authorization LOW *-1.9.2.2 1.9.2.3 July 5, 2026
wpbits-addons-for-elementor wpbits-addons-for-elementor N/A WPBITS Addons For Elementor Page Builder <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.1 1.6 July 5, 2026
wpachievements-free wpachievements-free N/A WPAchievements Free <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.0 July 5, 2026
wp2leads wp2leads N/A WP2LEADS <= 3.4.2 - Reflected Cross-Site Scripting LOW *-3.4.2 3.4.3 July 5, 2026
wp-ultimate-exporter wp-ultimate-exporter N/A WP Ultimate Exporter <= 2.9.1 - Authenticated (Admin+) Remote Code Execution LOW *-2.9.1 2.9.2 July 5, 2026
wp-smart-import wp-smart-import N/A WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 1.1.3 July 5, 2026
wp-simple-sitemap wp-simple-sitemap N/A WP Simple Sitemap <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.2 July 5, 2026
wp-map wp-map N/A Free Google Maps <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.1 July 5, 2026
wp-jquery-datatable wp-jquery-datatable N/A WP jQuery DataTable <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.0.1 4.1.0 July 5, 2026
wp-docs wp-docs N/A WP Docs <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.2.1 2.2.2 July 5, 2026
wp-auctions wp-auctions N/A WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) SQL Injection LOW *-3.7 July 5, 2026
wizhi-multi-filters wizhi-multi-filters N/A Wizhi Multi Filters by Wenprise <= 1.8.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.8.6 July 5, 2026
wedevs-project-manager wedevs-project-manager N/A WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection LOW *-2.6.16 2.6.17 July 5, 2026
userpro-messaging userpro-messaging N/A Private Messages for UserPro <= 4.10.0 - Reflected Cross-Site Scripting LOW *-4.10.0 July 5, 2026
userpro-messaging userpro-messaging N/A Private Messages for UserPro <= 4.10.0 - Unauthenticated Local File Inclusion LOW *-4.10.0 July 5, 2026
UpdraftPlus: WP Backup & Migration Plugin updraftplus
69
UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection LOW 1.23.8-1.24.11 1.24.12 July 5, 2026
ts-comfort-database ts-comfort-database N/A TS Comfort DB <= 2.0.7 - Reflected Cross-Site Scripting LOW *-2.0.7 July 5, 2026
the-plus-addons-for-block-editor the-plus-addons-for-block-editor N/A Nexter Blocks <= 4.0.7 - Missing Authorization LOW *-4.0.7 4.0.8 July 5, 2026
target-notifications target-notifications N/A Target Notifications <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 July 5, 2026
tagmaker tagmaker N/A WP-tagMaker <= 0.2.2 - Reflected Cross-Site Scripting LOW *-0.2.2 July 5, 2026
syncfields syncfields N/A SyncFields < 4.1 - Reflected Cross-Site Scripting LOW [*, 4.1) 4.1 July 5, 2026
standard-box-sizes standard-box-sizes N/A Standard Box Sizes – for WooCommerce <= 1.6.13 - Missing Authorization LOW *-1.6.13 1.6.14 July 5, 2026
ssl-wireless-sms-notification ssl-wireless-sms-notification N/A SSL Wireless SMS Notification <= 3.5.0 - Unauthenticated SQL Injection LOW *-3.5.0 3.6.0 July 5, 2026
simplified simplified N/A Simplified Plugin <= 1.0.6 - Unauthenticated Arbitrary File Upload LOW *-1.0.6 1.0.7 July 5, 2026
securesubmit securesubmit N/A WP SecureSubmit <= 1.5.18 - Unauthenticated Sensitive Information Exposure LOW *-1.5.18 July 5, 2026
securesubmit securesubmit N/A WP SecureSubmit <= 1.5.18 - Missing Authorization LOW *-1.5.18 July 5, 2026
sa-post-author-filter sa-post-author-filter N/A Kikx Simple Post Author Filter <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
productdyno productdyno N/A ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting LOW *-1.0.24 1.0.25 July 5, 2026
pretty-simple-popup-builder pretty-simple-popup-builder N/A Pretty Simple Popup Builder <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.0.9 1.0.10 July 5, 2026
postpage-import-export-with-custom-fields-taxonomies postpage-import-export-with-custom-fields-taxonomies N/A Post/Page Copying Tool <= 2.0.0 - Unauthenticated Sensitive Information Exposure LOW *-2.0.0 2.0.1 July 5, 2026
poll-maker poll-maker
93
Poll Maker <= 5.5.6 - Missing Authorization LOW *-5.5.6 5.5.7 July 5, 2026
poll-maker poll-maker
93
Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.5.4 - Unauthenticated HTML Injection LOW *-5.5.4 5.5.5 July 5, 2026
piotnet-addons-for-elementor piotnet-addons-for-elementor
89
Piotnet Addons For Elementor <= 2.4.31 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.31 2.4.32 July 5, 2026
pgall-for-woocommerce pgall-for-woocommerce
93
워드프레스 결제 심플페이 <= 5.2.0 - Authenticated (Contributor+) Local File Inclusion LOW *-5.2.0 5.2.2 July 5, 2026
oz-canonical oz-canonical
91
OZ Canonical <= 0.5 - Reflected Cross-Site Scripting LOW *-0.5 July 5, 2026
order-audit-log-for-woocommerce order-audit-log-for-woocommerce
91
Order Audit Log for WooCommerce <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 5, 2026
opentracker-analytics opentracker-analytics
91
Opentracker Analytics <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 July 5, 2026
opencart-product-in-wp opencart-product-in-wp
91
Opencart Product in WP <= 1.0.1 - Reflected Cross-Site Scripting LOW *-1.0.1 July 5, 2026
notify-odoo notify-odoo
93
Notify Odoo <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 1.0.1 July 5, 2026
naver-analytics naver-analytics
91
NAVER Analytics <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.9 July 5, 2026
mg-parallax-slider mg-parallax-slider
91
MG Parallax Slider <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
media-category-library media-category-library
91
Media Category Library <= 2.7 - Reflected Cross-Site Scripting LOW *-2.7 July 5, 2026
mashsharer mashsharer
91
Social Media Share Buttons | MashShare <= 4.0.47 - Missing Authorization LOW *-4.0.47 July 5, 2026
mangboard mangboard
93
Mang Board WP <= 1.8.4 - Reflected Cross-Site Scripting LOW *-1.8.4 1.8.5 July 5, 2026
locatoraid locatoraid
91
Locatoraid Store Locator <= 3.9.50 - Unauthenticated PHP Object Injection LOW *-3.9.50 3.9.51 July 5, 2026
job-board-light job-board-light
87
JobBoard Job listing <= 1.2.6 - Unauthenticated Arbitrary File Upload LOW *-1.2.6 1.2.7 July 5, 2026
integration-dynamics integration-dynamics
93
Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection LOW *-1.3.23 1.3.24 July 5, 2026
indeed-learning-pro indeed-learning-pro
87
Ultimate Learning Pro <= 3.9 - Authenticated (Administrator+) SQL Injection LOW *-3.9 July 5, 2026
LOW

hash-elements

hash-elements

Score: 93/100 Hash Elements <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.0 Patched: 1.5.1 Updated: July 5, 2026
LOW

gutentor

gutentor

Score: 91/100 Gutentor <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4.3 Patched: 3.4.4 Updated: July 5, 2026
LOW

food-store

food-store

Score: 91/100 Food Store – Online Food Delivery & Pickup <= 1.5.2 - Reflected Cross-Site Scripting Affected: *-1.5.2 Patched: Updated: July 5, 2026
LOW

estatik-mortgage-calculator

estatik-mortgage-calculator

Score: 86/100 Estatik Mortgage Calculator <= 2.0.11 - Reflected Cross-Site Scripting Affected: *-2.0.11 Patched: 2.0.12 Updated: July 5, 2026
LOW

dyn-business-panel

dyn-business-panel

Score: 87/100 Dyn Business Panel <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

dyn-business-panel

dyn-business-panel

Score: 87/100 Dyn Business Panel <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

dyn-business-panel

dyn-business-panel

Score: 87/100 Dyn Business Panel <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

directorypress

directorypress

Score: 93/100 DirectoryPress <= 3.6.19 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-3.6.19 Patched: 3.6.20 Updated: July 5, 2026
LOW

dental-optimizer-patient-generator-app

dental-optimizer-patient-generator-app

Score: 91/100 Dental Optimizer Patient Generator App <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

customer-area

customer-area

Score: 89/100 WP Customer Area <= 8.2.4 - Cross-Site Request Forgery to Event Log Deletion Affected: *-8.2.4 Patched: 8.2.5 Updated: July 5, 2026
LOW

customer-area

customer-area

Score: 89/100 WP Customer Area <= 8.2.4 - Cross-Site Request Forgery to Bulk Deletion Affected: *-8.2.4 Patched: 8.2.5 Updated: July 5, 2026
LOW

custom-field-for-wp-job-manager

custom-field-for-wp-job-manager

Score: 93/100 Custom Field For WP Job Manager <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: 1.4 Updated: July 5, 2026
LOW

cubewp-forms

cubewp-forms

Score: 91/100 CubeWP Forms – All-in-One Form Builder <= 1.1.5 - Missing Authorization Affected: *-1.1.5 Patched: Updated: July 5, 2026
LOW

croma-music

croma-music

Score: 93/100 Croma Music <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax Affected: *-3.6 Patched: 3.6.1 Updated: July 5, 2026
LOW

crelly-slider

crelly-slider

Score: 91/100 Crelly Slider <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.4.5 Patched: 1.4.7 Updated: July 5, 2026
LOW

coupon-lite

coupon-lite

Score: 91/100 Coupon Plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: July 5, 2026
LOW

content-protector

content-protector

Score: 93/100 Passster – Password Protect Pages and Content <= 4.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-4.2.10 Patched: 4.2.11 Updated: July 5, 2026
LOW

clickwhale

clickwhale

Score: 93/100 ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) SQL Injection Affected: *-2.4.1 Patched: 2.4.2 Updated: July 5, 2026
LOW

bwd-elementor-addons

bwd-elementor-addons

Score: 91/100 BWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates Affected: *-4.3.18 Patched: 4.3.19 Updated: July 5, 2026
LOW

bus-ticket-booking-with-seat-reservation

bus-ticket-booking-with-seat-reservation

Score: 91/100 Bus Ticket Booking with Seat Reservation <= 5.4.3 - Cross-Site Request Forgery Affected: *-5.4.3 Patched: 5.4.5 Updated: July 5, 2026
LOW

build-app-online

build-app-online

Score: 85/100 Build App Online <= 1.0.23 - Unauthenticated Local File Inclusion Affected: *-1.0.23 Patched: Updated: July 5, 2026
LOW

booking-calendar-pro

booking-calendar-pro

Score: 93/100 Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' Affected: *-11.2.19 Patched: 11.2.20 Updated: July 5, 2026
LOW

booking-calendar

booking-calendar

Score: 91/100 Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' Affected: *-3.2.19 Patched: 3.2.20 Updated: July 5, 2026
LOW

beacon-by

beacon-by

Score: 93/100 Beacon Lead Magnets and Lead Capture <= 1.5.7 - Reflected Cross-Site Scripting Affected: *-1.5.7 Patched: 1.5.8 Updated: July 5, 2026
LOW

ars-affiliate-page

ars-affiliate-page

Score: 97/100 ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.4 Updated: July 5, 2026
LOW

arforms-form-builder

arforms-form-builder

Score: 95/100 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.7.0 Patched: 1.7.1 Updated: July 5, 2026
LOW

appizy-app-embed

appizy-app-embed

Score: 97/100 App Embed <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.2 Patched: 2.4.0 Updated: July 5, 2026
LOW

altra-side-menu

altra-side-menu

Score: 95/100 Altra Side Menu <= 2.0 - Cross-Site Request Forgery to Arbitrary Menu Deletion Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

altra-side-menu

altra-side-menu

Score: 95/100 Altra Side Menu <= 2.0 - Authenticated (Admin+) SQL Injection Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

ai-wp-writer

ai-wp-writer

Score: 97/100 AI WP Writer <= 3.8.4.4 - Cross-Site Request Forgery Affected: *-3.8.4.4 Patched: 3.8.4.5 Updated: July 5, 2026
LOW

paytm-donation

paytm-donation

Score: 91/100 Paytm Payment Donation <= 2.3.1 - Reflected Cross-Site Scripting Affected: *-2.3.1 Patched: 2.3.2 Updated: July 5, 2026
LOW

ni-crm-lead

ni-crm-lead

Score: 89/100 Ni CRM Lead <= 1.3.0 - Reflected Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: July 5, 2026
LOW

advanced-options-editor

advanced-options-editor

Score: 95/100 Advanced Options Editor <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

advanced-dynamic-pricing-for-woocommerce

advanced-dynamic-pricing-for-woocommerce

Score: 97/100 Advanced Dynamic Pricing for WooCommerce <= 4.9.0 - Reflected Cross-Site Scripting Affected: *-4.9.0 Patched: 4.9.1 Updated: July 5, 2026
LOW

sikshya

sikshya

Score: N/A Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting Affected: *-0.0.21 Patched: 0.0.22 Updated: July 5, 2026
LOW

wp-fb-autoconnect

wp-fb-autoconnect

Score: N/A WP Social AutoConnect <= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-4.6.2 Patched: 4.6.3 Updated: July 5, 2026
LOW

wp-multi-store-locator

wp-multi-store-locator

Score: N/A WP Multi Store Locator <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.1 Patched: 2.4.6 Updated: July 5, 2026
LOW

weaver-for-bbpress

weaver-for-bbpress

Score: N/A Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter Affected: *-1.6.3 Patched: 1.7.1 Updated: July 5, 2026
LOW

taskbuilder

taskbuilder

Score: N/A Taskbuilder – WordPress Project & Task Management plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode Affected: *-3.0.6 Patched: 3.0.7 Updated: July 5, 2026
LOW

scratch-win-giveaways-for-website-facebook

scratch-win-giveaways-for-website-facebook

Score: N/A Scratch & Win – Giveaways and Contests <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function Affected: *-2.7.1 Patched: 2.8.0 Updated: July 5, 2026
LOW

media-library-assistant

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.23 - Reflected Cross-Site Scripting via smc_settings_tab, unattachfixit-action, and woofixit-action Parameters Affected: *-3.23 Patched: 3.24 Updated: July 5, 2026
LOW

WP Compress – Instant Performance & Speed Optimization

wp-compress-image-optimizer

Score: 61/100 WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter Affected: *-6.30.03 Patched: 6.30.04 Updated: July 5, 2026
LOW

WP Popular Posts

wordpress-popular-posts

Score: N/A WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution Affected: *-7.1.0 Patched: 7.2.0 Updated: July 5, 2026
LOW

wp-responsive-photo-gallery

wp-responsive-photo-gallery

Score: N/A Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request Forgery Affected: *-1.0.15 Patched: 1.0.16 Updated: July 5, 2026
LOW

z-inventory-manager

z-inventory-manager

Score: N/A PlainInventory <= 3.1.6 - Unauthenticated PHP Object Injection Affected: *-3.1.6 Patched: 3.1.7 Updated: July 5, 2026
LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 WPvivid Backup and Migration <= 0.9.106 - Missing Authorization Affected: *-0.9.106 Patched: 0.9.107 Updated: July 5, 2026
LOW

wpsol

wpsol

Score: N/A wpSOL <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 5, 2026
LOW

wpmozo-addons-lite-for-elementor

wpmozo-addons-lite-for-elementor

Score: N/A WPMozo Addons Lite for Elementor <= 1.1.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.0 Patched: 1.1.1 Updated: July 5, 2026
LOW

wpguppy-lite

wpguppy-lite

Score: N/A WPGuppy <= 1.1.0 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.1.0 Patched: 1.1.1 Updated: July 5, 2026
LOW

wpguppy-lite

wpguppy-lite

Score: N/A WPGuppy <= 1.1.0 - Unauthenticated PHP Object Injection Affected: *-1.1.0 Patched: 1.1.1 Updated: July 5, 2026
LOW

wpbits-addons-for-elementor

wpbits-addons-for-elementor

Score: N/A WPBITS Addons For Elementor Page Builder <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: 1.6 Updated: July 5, 2026
LOW

wpachievements-free

wpachievements-free

Score: N/A WPAchievements Free <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 5, 2026
LOW

wp2leads

wp2leads

Score: N/A WP2LEADS <= 3.4.2 - Reflected Cross-Site Scripting Affected: *-3.4.2 Patched: 3.4.3 Updated: July 5, 2026
LOW

wp-ultimate-exporter

wp-ultimate-exporter

Score: N/A WP Ultimate Exporter <= 2.9.1 - Authenticated (Admin+) Remote Code Execution Affected: *-2.9.1 Patched: 2.9.2 Updated: July 5, 2026
LOW

wp-smart-import

wp-smart-import

Score: N/A WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: July 5, 2026
LOW

wp-simple-sitemap

wp-simple-sitemap

Score: N/A WP Simple Sitemap <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.2 Patched: Updated: July 5, 2026
LOW

wp-map

wp-map

Score: N/A Free Google Maps <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

wp-jquery-datatable

wp-jquery-datatable

Score: N/A WP jQuery DataTable <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.1 Patched: 4.1.0 Updated: July 5, 2026
LOW

wp-docs

wp-docs

Score: N/A WP Docs <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: 2.2.2 Updated: July 5, 2026
LOW

wp-auctions

wp-auctions

Score: N/A WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) SQL Injection Affected: *-3.7 Patched: Updated: July 5, 2026
LOW

wizhi-multi-filters

wizhi-multi-filters

Score: N/A Wizhi Multi Filters by Wenprise <= 1.8.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.8.6 Patched: Updated: July 5, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection Affected: *-2.6.16 Patched: 2.6.17 Updated: July 5, 2026
LOW

userpro-messaging

userpro-messaging

Score: N/A Private Messages for UserPro <= 4.10.0 - Reflected Cross-Site Scripting Affected: *-4.10.0 Patched: Updated: July 5, 2026
LOW

userpro-messaging

userpro-messaging

Score: N/A Private Messages for UserPro <= 4.10.0 - Unauthenticated Local File Inclusion Affected: *-4.10.0 Patched: Updated: July 5, 2026
LOW

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

Score: 69/100 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection Affected: 1.23.8-1.24.11 Patched: 1.24.12 Updated: July 5, 2026
LOW

ts-comfort-database

ts-comfort-database

Score: N/A TS Comfort DB <= 2.0.7 - Reflected Cross-Site Scripting Affected: *-2.0.7 Patched: Updated: July 5, 2026
LOW

the-plus-addons-for-block-editor

the-plus-addons-for-block-editor

Score: N/A Nexter Blocks <= 4.0.7 - Missing Authorization Affected: *-4.0.7 Patched: 4.0.8 Updated: July 5, 2026
LOW

target-notifications

target-notifications

Score: N/A Target Notifications <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

tagmaker

tagmaker

Score: N/A WP-tagMaker <= 0.2.2 - Reflected Cross-Site Scripting Affected: *-0.2.2 Patched: Updated: July 5, 2026
LOW

syncfields

syncfields

Score: N/A SyncFields < 4.1 - Reflected Cross-Site Scripting Affected: [*, 4.1) Patched: 4.1 Updated: July 5, 2026
LOW

standard-box-sizes

standard-box-sizes

Score: N/A Standard Box Sizes – for WooCommerce <= 1.6.13 - Missing Authorization Affected: *-1.6.13 Patched: 1.6.14 Updated: July 5, 2026
LOW

ssl-wireless-sms-notification

ssl-wireless-sms-notification

Score: N/A SSL Wireless SMS Notification <= 3.5.0 - Unauthenticated SQL Injection Affected: *-3.5.0 Patched: 3.6.0 Updated: July 5, 2026
LOW

simplified

simplified

Score: N/A Simplified Plugin <= 1.0.6 - Unauthenticated Arbitrary File Upload Affected: *-1.0.6 Patched: 1.0.7 Updated: July 5, 2026
LOW

securesubmit

securesubmit

Score: N/A WP SecureSubmit <= 1.5.18 - Unauthenticated Sensitive Information Exposure Affected: *-1.5.18 Patched: Updated: July 5, 2026
LOW

securesubmit

securesubmit

Score: N/A WP SecureSubmit <= 1.5.18 - Missing Authorization Affected: *-1.5.18 Patched: Updated: July 5, 2026
LOW

sa-post-author-filter

sa-post-author-filter

Score: N/A Kikx Simple Post Author Filter <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

productdyno

productdyno

Score: N/A ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting Affected: *-1.0.24 Patched: 1.0.25 Updated: July 5, 2026
LOW

pretty-simple-popup-builder

pretty-simple-popup-builder

Score: N/A Pretty Simple Popup Builder <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.0.10 Updated: July 5, 2026
LOW

poll-maker

poll-maker

Score: 93/100 Poll Maker <= 5.5.6 - Missing Authorization Affected: *-5.5.6 Patched: 5.5.7 Updated: July 5, 2026
LOW

poll-maker

poll-maker

Score: 93/100 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.5.4 - Unauthenticated HTML Injection Affected: *-5.5.4 Patched: 5.5.5 Updated: July 5, 2026
LOW

piotnet-addons-for-elementor

piotnet-addons-for-elementor

Score: 89/100 Piotnet Addons For Elementor <= 2.4.31 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.31 Patched: 2.4.32 Updated: July 5, 2026
LOW

pgall-for-woocommerce

pgall-for-woocommerce

Score: 93/100 워드프레스 결제 심플페이 <= 5.2.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-5.2.0 Patched: 5.2.2 Updated: July 5, 2026
LOW

oz-canonical

oz-canonical

Score: 91/100 OZ Canonical <= 0.5 - Reflected Cross-Site Scripting Affected: *-0.5 Patched: Updated: July 5, 2026
LOW

order-audit-log-for-woocommerce

order-audit-log-for-woocommerce

Score: 91/100 Order Audit Log for WooCommerce <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

opentracker-analytics

opentracker-analytics

Score: 91/100 Opentracker Analytics <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

opencart-product-in-wp

opencart-product-in-wp

Score: 91/100 Opencart Product in WP <= 1.0.1 - Reflected Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

notify-odoo

notify-odoo

Score: 93/100 Notify Odoo <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: 1.0.1 Updated: July 5, 2026
LOW

naver-analytics

naver-analytics

Score: 91/100 NAVER Analytics <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.9 Patched: Updated: July 5, 2026
LOW

mg-parallax-slider

mg-parallax-slider

Score: 91/100 MG Parallax Slider <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

media-category-library

media-category-library

Score: 91/100 Media Category Library <= 2.7 - Reflected Cross-Site Scripting Affected: *-2.7 Patched: Updated: July 5, 2026
LOW

mashsharer

mashsharer

Score: 91/100 Social Media Share Buttons | MashShare <= 4.0.47 - Missing Authorization Affected: *-4.0.47 Patched: Updated: July 5, 2026
LOW

mangboard

mangboard

Score: 93/100 Mang Board WP <= 1.8.4 - Reflected Cross-Site Scripting Affected: *-1.8.4 Patched: 1.8.5 Updated: July 5, 2026
LOW

locatoraid

locatoraid

Score: 91/100 Locatoraid Store Locator <= 3.9.50 - Unauthenticated PHP Object Injection Affected: *-3.9.50 Patched: 3.9.51 Updated: July 5, 2026
LOW

job-board-light

job-board-light

Score: 87/100 JobBoard Job listing <= 1.2.6 - Unauthenticated Arbitrary File Upload Affected: *-1.2.6 Patched: 1.2.7 Updated: July 5, 2026
LOW

integration-dynamics

integration-dynamics

Score: 93/100 Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection Affected: *-1.3.23 Patched: 1.3.24 Updated: July 5, 2026
LOW

indeed-learning-pro

indeed-learning-pro

Score: 87/100 Ultimate Learning Pro <= 3.9 - Authenticated (Administrator+) SQL Injection Affected: *-3.9 Patched: Updated: July 5, 2026

Showing 13901 to 14000 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 09:55 UTC.