Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

90

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
image-hover-effects-elementor-addon image-hover-effects-elementor-addon
93
Image Hover Effects for Elementor <= 1.0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2.4 1.1.0 July 5, 2026
hmenu hmenu
83
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection LOW *-1.16.5 July 5, 2026
hmenu hmenu
83
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Reflected Cross-Site Scripting LOW *-1.16.5 July 5, 2026
hmenu hmenu
83
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection LOW *-1.16.5 July 5, 2026
highlight highlight
93
Highlight <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0.2 2.0.6 July 5, 2026
hide-login hide-login
91
Hide Login+ <= 3.5.1 - Reflected Cross-Site Scripting LOW *-3.5.1 July 5, 2026
hide-category-by-user-role-for-woocommerce hide-category-by-user-role-for-woocommerce
93
Hide Category by User Role for WooCommerce <= 2.1.1 - Missing Authorization LOW *-2.1.1 2.2 July 5, 2026
groundhogg groundhogg
93
Groundhogg <= 3.7.3.3 - Reflected Cross-Site Scripting LOW *-3.7.3.3 3.7.3.4 July 5, 2026
google-captcha google-captcha
93
reCaptcha by BestWebSoft <= 1.78 - CAPTCHA Bypass LOW *-1.78 1.79 July 5, 2026
gallery-images-ape gallery-images-ape
87
Gallery Images Ape <= 2.2.8 - Reflected Cross-Site Scripting LOW *-2.2.8 July 5, 2026
fw-integration-for-emailoctopus fw-integration-for-emailoctopus
93
EO4WP <= 1.0.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.8.1 1.0.8.2 July 5, 2026
fancy-product-designer fancy-product-designer
93
Fancy Product Designer <= 6.4.3 - Unauthenticated SQL Injection LOW *-6.4.3 6.4.4 July 5, 2026
fancy-product-designer fancy-product-designer
93
Fancy Product Designer <= 6.4.3 - Unauthenticated Arbitrary File Upload LOW *-6.4.3 6.4.4 July 5, 2026
envato-elements envato-elements
93
Envato Elements <= 2.0.14 - Authenticated (Author+) Server-Side Request Forgery LOW *-2.0.14 2.0.15 July 5, 2026
emc2-alert-boxes emc2-alert-boxes
91
EMC2 Alert Boxes <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3 July 5, 2026
email-reminders email-reminders
93
Email Reminders <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.0.5 2.0.6 July 5, 2026
elex-bulk-edit-products-prices-attributes-for-woocommerce-basic elex-bulk-edit-products-prices-attributes-for-woocommerce-basic
93
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Shop manager+) SQL Injection LOW *-1.4.9 1.5.0 July 5, 2026
elevio elevio
91
Elevio <= 4.4.1 - Cross-Site Request Forgery LOW *-4.4.1 July 5, 2026
dynamictags dynamictags
93
DynamicTags <= 1.4.0 - Authenticated (Subscriber+) SQL Injection LOW *-1.4.0 1.4.1 July 5, 2026
distance-based-shipping-calculator distance-based-shipping-calculator
93
Distance Based Shipping Calculator <= 2.0.21 - Reflected Cross-Site Scripting LOW *-2.0.21 2.0.22 July 5, 2026
different-shipping-and-billing-address-for-woocommerce different-shipping-and-billing-address-for-woocommerce
93
Multiple Shipping And Billing Address For Woocommerce <= 1.2 - Unauthenticated SQL Injection LOW *-1.2 1.3 July 5, 2026
data-dash data-dash
89
Data Dash <= 1.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.2.3 July 5, 2026
css-for-elementor css-for-elementor
89
ElementsCSS Addons for Elementor <= 1.0.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.8.7 July 5, 2026
course-migration-for-learndash course-migration-for-learndash
91
Course Migration for LearnDash <= 1.0.2 - Authenticated (Subscriber+) Server-Side Request Forgery LOW *-1.0.2 July 5, 2026
compact-wp-audio-player compact-wp-audio-player
93
Compact WP Audio Player <= 1.9.14 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-1.9.14 1.9.15 July 5, 2026
cloudflare-cache-purge cloudflare-cache-purge
91
CloudFlare(R) Cache Purge <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 5, 2026
classic-addons-wpbakery-page-builder-addons classic-addons-wpbakery-page-builder-addons
93
Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Editor+) Local File Inclusion LOW *-3.0 3.1 July 5, 2026
cf7save-extension cf7save-extension
91
Cf7Save Extension <= 1 - Reflected Cross-Site Scripting LOW *-1 July 5, 2026
bvd-easy-gallery-manager bvd-easy-gallery-manager
91
BVD Easy Gallery Manager <= 1.0.6 - Reflected Cross-Site Scripting LOW *-1.0.6 July 5, 2026
bsk-gravityforms-blacklist bsk-gravityforms-blacklist
93
BSK Forms Blacklist <= 3.9 - Cross-Site Request Forgery LOW *-3.9 4.0 July 5, 2026
Backup Migration backup-backup
61
Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace' LOW *-1.4.6 1.4.6.1 July 5, 2026
autocompleter autocompleter
91
Autocompleter <= 1.3.5.2 - Cross-Site Request Forgery LOW *-1.3.5.2 July 5, 2026
astra-widgets astra-widgets
93
Astra Widgets <= 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.15 1.2.16 July 5, 2026
arprice arprice
95
ARPrice <= 4.1.3 - Unauthenticated SQL Injection LOW *-4.1.3 4.2 July 5, 2026
arprice arprice
95
ARPrice <= 4.1.3 - Unauthenticated PHP Object Injection LOW *-4.1.3 4.2 July 5, 2026
arprice arprice
95
ARPrice <= 4.1.3 - Authenticated (Subscriber+) SQL Injection LOW *-4.1.3 4.2 July 5, 2026
arprice arprice
95
ARPrice <= 4.1.3 - Authenticated (Subscriber+) PHP Object Injection LOW *-4.1.3 4.2 July 5, 2026
arprice arprice
95
ARPrice - WordPress Pricing Table Plugin <= 4.1.3 - Reflected Cross-Site Scripting LOW *-4.1.3 4.2 July 5, 2026
allada-tshirt-designer-for-woocommerce allada-tshirt-designer-for-woocommerce
95
Allada T-shirt Designer for Woocommerce <= 1.1 - Missing Authorization LOW *-1.1 July 5, 2026
allaccessible allaccessible
97
Accessibility by AllAccessible <= 1.3.4 - Authenticated (Subscriber+) Privilege Escalation LOW *-1.3.4 1.3.5 July 5, 2026
advertising-management advertising-management
95
Wp advertising management <= 1.0.3 - Reflected Cross-Site Scripting LOW *-1.0.3 July 5, 2026
advanced-form-integration advanced-form-integration
97
Advanced Form Integration <= 1.95.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.95.0 1.97.0 July 5, 2026
advanced-cf7-database advanced-cf7-database
95
Contact Form 7 Database – CFDB7 <= 1.0.0 - Authenticated (Administrator+) SQL Injection LOW *-1.0.0 July 5, 2026
ach-invoice-app ach-invoice-app
95
Ach Invoice App <= 1.0.1 - Unauthenticated Local File Inclusion LOW *-1.0.1 July 5, 2026
5centscdn 5centscdn
95
5centsCDN <= 25.4.15 - Reflected Cross-Site Scripting LOW *-25.4.15 July 5, 2026
wp-job-portal wp-job-portal N/A WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference LOW *-2.2.4 2.2.5 July 5, 2026
top-comments top-comments N/A Top Comments <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
project-panorama-lite project-panorama-lite N/A Panorama – WordPress Project Management Plugin <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.5.1 July 5, 2026
goodlayers-core goodlayers-core
93
Goodlayers Core <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.9 2.0.10 July 5, 2026
wpsso wpsso N/A WPSSO Core <= 18.18.1 - Missing Authorization LOW *-18.18.1 18.18.2 July 5, 2026
WPMasterToolKit (WPMTK) – All in one plugin wpmastertoolkit N/A WPMasterToolKit <= 1.13.1 - Authenticated (Admin+) Arbitrary File Upload LOW *-1.13.1 1.14.0 July 5, 2026
WPMasterToolKit (WPMTK) – All in one plugin wpmastertoolkit N/A WPMasterToolKit <= 1.13.1 - Authenticated (Admin+) Arbitrary File Download LOW *-1.13.1 1.14.0 July 5, 2026
wpkoi-templates-for-elementor wpkoi-templates-for-elementor N/A WPKoi Templates for Elementor <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.3 3.1.4 July 5, 2026
wp-post-author wp-post-author N/A WP Post Author <= 3.8.2 - Authenticated (Administrator+) SQL Injection LOW *-3.8.2 3.8.3 July 5, 2026
themify-audio-dock themify-audio-dock N/A Themify Audio Dock <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.4 2.0.5 July 5, 2026
the-plus-addons-for-block-editor the-plus-addons-for-block-editor N/A Nexter Blocks <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.0.4 4.0.5 July 5, 2026
shopelement shopelement N/A ShopElement <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.0 2.1.0 July 5, 2026
pronamic-google-maps pronamic-google-maps N/A Pronamic Google Maps <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.2 2.3.3 July 5, 2026
premium-blocks-for-gutenberg premium-blocks-for-gutenberg N/A Premium Blocks – Gutenberg Blocks for WordPress <= 2.1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.42 2.1.43 July 5, 2026
post-grid-elementor-addon post-grid-elementor-addon
93
Post Grid Elementor Addon <= 2.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.18 2.0.19 July 5, 2026
music-store music-store
93
Music Store – WordPress eCommerce <= 1.1.19 - Reflected Cross-Site Scripting LOW *-1.1.19 1.2.0 July 5, 2026
mp3-music-player-by-sonaar mp3-music-player-by-sonaar
93
MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.8 - Missing Authorization LOW *-5.8 5.9 July 5, 2026
move-addons move-addons
93
Move Addons for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.6 1.3.7 July 5, 2026
magazine-blocks magazine-blocks
93
Magazine Blocks <= 1.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.20 1.3.21 July 5, 2026
just-writing-statistics just-writing-statistics
93
Just Writing Statistics <= 4.7 - Authenticated (Administrator+) SQL Injection LOW *-4.7 4.8 July 5, 2026
interactive-uk-map interactive-uk-map
93
Interactive UK Map <= 3.4.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.4.8 3.4.9 July 5, 2026
ht-event ht-event
93
HT Event <= 1.4.6 - Reflected Cross-Site Scripting LOW *-1.4.6 1.4.7 July 5, 2026
hestia-nginx-cache hestia-nginx-cache
93
Hestia Nginx Cache <= 2.4.0 - Missing Authorization LOW *-2.4.0 2.4.1 July 5, 2026
gs-projects gs-projects
93
Project Showcase <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 1.1.2 July 5, 2026
gs-dribbble-portfolio gs-dribbble-portfolio
93
GS Shots for Dribbble <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.0 1.2.1 July 5, 2026
gs-coach gs-coach
93
GS Coaches <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 1.1.1 July 5, 2026
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory geodirectory
66
GeoDirectory <= 2.3.84 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.84 2.3.85 July 5, 2026
floating-action-buttons floating-action-buttons
93
Floating Action Buttons <= 0.9.1 - Missing Authorization LOW *-0.9.1 1.0.1 July 5, 2026
event-espresso-decaf event-espresso-decaf
93
Event Espresso 4 Decaf <= 5.0.28.decaf - Cross-Site Request Forgery LOW * - 5.0.28.decaf 5.0.31.decaf July 5, 2026
enteraddons enteraddons
93
Enter Addons <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.9 2.2.1 July 5, 2026
Data Tables Generator by Supsystic data-tables-generator-by-supsystic
89
Data Tables Generator by Supsystic <= 1.10.36 - Missing Authorization LOW *-1.10.36 1.10.37 July 5, 2026
convertcalculator convertcalculator
93
ConvertCalculator for WordPress <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.1 1.1.2 July 5, 2026
contest-gallery contest-gallery
93
Contest Gallery <= 24.0.3 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-24.0.3 24.0.4 July 5, 2026
coins-marketcap coins-marketcap
93
Coins MarketCap <= 5.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.5.8 5.5.9 July 5, 2026
ayecode-connect ayecode-connect
93
AyeCode Connect <= 1.3.8 - Missing Authorization LOW *-1.3.8 1.3.9 July 5, 2026
ashe-extra ashe-extra
97
Ashe Extra <= 1.2.92 - Missing Authorization LOW *-1.2.92 1.3 July 5, 2026
arconix-shortcodes arconix-shortcodes
95
Arconix Shortcodes <= 2.1.15 - Reflected Cross-Site Scripting LOW *-2.1.15 2.1.16 July 5, 2026
arconix-shortcodes arconix-shortcodes
95
Arconix Shortcodes <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.14 2.1.15 July 5, 2026
aio-shortcodes aio-shortcodes
97
Best WordPress Shortcode Plugin in 2025 – AIO Shortcodes <= 1.3.0 - Unauthenticated Stored Cross-Site Scripting LOW *-1.3.0 1.3.1 July 5, 2026
acymailing acymailing
97
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress <= 9.11.0 - Reflected Cross-Site Scripting LOW *-9.11.0 9.11.1 July 5, 2026
acf-city-selector acf-city-selector
95
ACF City Selector <= 1.14.0 - Authenticated (Admin+) Arbitrary File Upload LOW *-1.14.0 1.15.0 July 5, 2026
post-timeline post-timeline N/A Post Timeline <= 2.3.9 - Reflected Cross-Site Scripting LOW *-2.3.9 2.3.10 July 5, 2026
nova-poshta-ttn nova-poshta-ttn
93
Shipping for Nova Poshta plugin for WordPress <= 1.19.6 - Unauthenticated SQL Injection LOW *-1.19.6 1.19.7 July 5, 2026
analytics-cat analytics-cat
97
Analytics Cat <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 1.1.3 July 5, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution LOW *-3.8.22 3.8.23 July 5, 2026
iamport-for-woocommerce iamport-for-woocommerce
93
PORTONE 우커머스 결제 <= 3.2.5 - Reflected Cross-Site Scripting LOW *-3.2.5 3.2.6 July 5, 2026
gd-mail-queue gd-mail-queue
93
GD Mail Queue <= 4.3 - Reflected Cross-Site Scripting LOW *-4.3 4.4 July 5, 2026
List category posts list-category-posts
94
List category posts <= 0.90.2 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-0.90.2 0.90.3 July 5, 2026
jsp-store-locator jsp-store-locator
89
JSP Store Locator <= 1.0 - Authenticated (Contributor+) SQL Injection LOW *-1.0 July 5, 2026
jsp-store-locator jsp-store-locator
89
JSP Store Locator <= 1.0 - Cross-Site Request Forgery to Store Deletion LOW *-1.0 July 5, 2026
ideapush ideapush
93
IdeaPush <= 8.72 - Missing Authorization LOW *-8.72 8.73 July 5, 2026
bulk-editor bulk-editor
93
WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.5 - Authenticated (Editor+) Path Traversal LOW *-1.0.8.5 1.0.8.6 July 5, 2026
ahathat ahathat
92
AHAthat Plugin <= 1.6 - Authenticated (Admin+) SQL Injection LOW *-1.6 July 5, 2026
wp24-domain-check wp24-domain-check N/A WP24 Domain Check <= 1.10.14 - Reflected Cross-Site Scripting LOW *-1.10.14 1.10.15 July 5, 2026
newsletters-lite newsletters-lite
93
Newsletters <= 4.9.9.6 - Reflected Cross-Site Scripting LOW *-4.9.9.6 4.9.9.7 July 5, 2026
LOW

image-hover-effects-elementor-addon

image-hover-effects-elementor-addon

Score: 93/100 Image Hover Effects for Elementor <= 1.0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2.4 Patched: 1.1.0 Updated: July 5, 2026
LOW

hmenu

hmenu

Score: 83/100 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection Affected: *-1.16.5 Patched: Updated: July 5, 2026
LOW

hmenu

hmenu

Score: 83/100 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Reflected Cross-Site Scripting Affected: *-1.16.5 Patched: Updated: July 5, 2026
LOW

hmenu

hmenu

Score: 83/100 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection Affected: *-1.16.5 Patched: Updated: July 5, 2026
LOW

highlight

highlight

Score: 93/100 Highlight <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.6 Updated: July 5, 2026
LOW

hide-login

hide-login

Score: 91/100 Hide Login+ <= 3.5.1 - Reflected Cross-Site Scripting Affected: *-3.5.1 Patched: Updated: July 5, 2026
LOW

hide-category-by-user-role-for-woocommerce

hide-category-by-user-role-for-woocommerce

Score: 93/100 Hide Category by User Role for WooCommerce <= 2.1.1 - Missing Authorization Affected: *-2.1.1 Patched: 2.2 Updated: July 5, 2026
LOW

groundhogg

groundhogg

Score: 93/100 Groundhogg <= 3.7.3.3 - Reflected Cross-Site Scripting Affected: *-3.7.3.3 Patched: 3.7.3.4 Updated: July 5, 2026
LOW

google-captcha

google-captcha

Score: 93/100 reCaptcha by BestWebSoft <= 1.78 - CAPTCHA Bypass Affected: *-1.78 Patched: 1.79 Updated: July 5, 2026
LOW

gallery-images-ape

gallery-images-ape

Score: 87/100 Gallery Images Ape <= 2.2.8 - Reflected Cross-Site Scripting Affected: *-2.2.8 Patched: Updated: July 5, 2026
LOW

fw-integration-for-emailoctopus

fw-integration-for-emailoctopus

Score: 93/100 EO4WP <= 1.0.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.8.1 Patched: 1.0.8.2 Updated: July 5, 2026
LOW

fancy-product-designer

fancy-product-designer

Score: 93/100 Fancy Product Designer <= 6.4.3 - Unauthenticated SQL Injection Affected: *-6.4.3 Patched: 6.4.4 Updated: July 5, 2026
LOW

fancy-product-designer

fancy-product-designer

Score: 93/100 Fancy Product Designer <= 6.4.3 - Unauthenticated Arbitrary File Upload Affected: *-6.4.3 Patched: 6.4.4 Updated: July 5, 2026
LOW

envato-elements

envato-elements

Score: 93/100 Envato Elements <= 2.0.14 - Authenticated (Author+) Server-Side Request Forgery Affected: *-2.0.14 Patched: 2.0.15 Updated: July 5, 2026
LOW

emc2-alert-boxes

emc2-alert-boxes

Score: 91/100 EMC2 Alert Boxes <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

email-reminders

email-reminders

Score: 93/100 Email Reminders <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.5 Patched: 2.0.6 Updated: July 5, 2026
LOW

elex-bulk-edit-products-prices-attributes-for-woocommerce-basic

elex-bulk-edit-products-prices-attributes-for-woocommerce-basic

Score: 93/100 ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Shop manager+) SQL Injection Affected: *-1.4.9 Patched: 1.5.0 Updated: July 5, 2026
LOW

elevio

elevio

Score: 91/100 Elevio <= 4.4.1 - Cross-Site Request Forgery Affected: *-4.4.1 Patched: Updated: July 5, 2026
LOW

dynamictags

dynamictags

Score: 93/100 DynamicTags <= 1.4.0 - Authenticated (Subscriber+) SQL Injection Affected: *-1.4.0 Patched: 1.4.1 Updated: July 5, 2026
LOW

distance-based-shipping-calculator

distance-based-shipping-calculator

Score: 93/100 Distance Based Shipping Calculator <= 2.0.21 - Reflected Cross-Site Scripting Affected: *-2.0.21 Patched: 2.0.22 Updated: July 5, 2026
LOW

different-shipping-and-billing-address-for-woocommerce

different-shipping-and-billing-address-for-woocommerce

Score: 93/100 Multiple Shipping And Billing Address For Woocommerce <= 1.2 - Unauthenticated SQL Injection Affected: *-1.2 Patched: 1.3 Updated: July 5, 2026
LOW

data-dash

data-dash

Score: 89/100 Data Dash <= 1.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: Updated: July 5, 2026
LOW

css-for-elementor

css-for-elementor

Score: 89/100 ElementsCSS Addons for Elementor <= 1.0.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.8.7 Patched: Updated: July 5, 2026
LOW

course-migration-for-learndash

course-migration-for-learndash

Score: 91/100 Course Migration for LearnDash <= 1.0.2 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

compact-wp-audio-player

compact-wp-audio-player

Score: 93/100 Compact WP Audio Player <= 1.9.14 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.9.14 Patched: 1.9.15 Updated: July 5, 2026
LOW

cloudflare-cache-purge

cloudflare-cache-purge

Score: 91/100 CloudFlare(R) Cache Purge <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

classic-addons-wpbakery-page-builder-addons

classic-addons-wpbakery-page-builder-addons

Score: 93/100 Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Editor+) Local File Inclusion Affected: *-3.0 Patched: 3.1 Updated: July 5, 2026
LOW

cf7save-extension

cf7save-extension

Score: 91/100 Cf7Save Extension <= 1 - Reflected Cross-Site Scripting Affected: *-1 Patched: Updated: July 5, 2026
LOW

bvd-easy-gallery-manager

bvd-easy-gallery-manager

Score: 91/100 BVD Easy Gallery Manager <= 1.0.6 - Reflected Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: July 5, 2026
LOW

bsk-gravityforms-blacklist

bsk-gravityforms-blacklist

Score: 93/100 BSK Forms Blacklist <= 3.9 - Cross-Site Request Forgery Affected: *-3.9 Patched: 4.0 Updated: July 5, 2026
LOW

Backup Migration

backup-backup

Score: 61/100 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace' Affected: *-1.4.6 Patched: 1.4.6.1 Updated: July 5, 2026
LOW

autocompleter

autocompleter

Score: 91/100 Autocompleter <= 1.3.5.2 - Cross-Site Request Forgery Affected: *-1.3.5.2 Patched: Updated: July 5, 2026
LOW

astra-widgets

astra-widgets

Score: 93/100 Astra Widgets <= 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.15 Patched: 1.2.16 Updated: July 5, 2026
LOW

arprice

arprice

Score: 95/100 ARPrice <= 4.1.3 - Unauthenticated SQL Injection Affected: *-4.1.3 Patched: 4.2 Updated: July 5, 2026
LOW

arprice

arprice

Score: 95/100 ARPrice <= 4.1.3 - Unauthenticated PHP Object Injection Affected: *-4.1.3 Patched: 4.2 Updated: July 5, 2026
LOW

arprice

arprice

Score: 95/100 ARPrice <= 4.1.3 - Authenticated (Subscriber+) SQL Injection Affected: *-4.1.3 Patched: 4.2 Updated: July 5, 2026
LOW

arprice

arprice

Score: 95/100 ARPrice <= 4.1.3 - Authenticated (Subscriber+) PHP Object Injection Affected: *-4.1.3 Patched: 4.2 Updated: July 5, 2026
LOW

arprice

arprice

Score: 95/100 ARPrice - WordPress Pricing Table Plugin <= 4.1.3 - Reflected Cross-Site Scripting Affected: *-4.1.3 Patched: 4.2 Updated: July 5, 2026
LOW

allada-tshirt-designer-for-woocommerce

allada-tshirt-designer-for-woocommerce

Score: 95/100 Allada T-shirt Designer for Woocommerce <= 1.1 - Missing Authorization Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

allaccessible

allaccessible

Score: 97/100 Accessibility by AllAccessible <= 1.3.4 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.3.4 Patched: 1.3.5 Updated: July 5, 2026
LOW

advertising-management

advertising-management

Score: 95/100 Wp advertising management <= 1.0.3 - Reflected Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 5, 2026
LOW

advanced-form-integration

advanced-form-integration

Score: 97/100 Advanced Form Integration <= 1.95.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.95.0 Patched: 1.97.0 Updated: July 5, 2026
LOW

advanced-cf7-database

advanced-cf7-database

Score: 95/100 Contact Form 7 Database – CFDB7 <= 1.0.0 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

ach-invoice-app

ach-invoice-app

Score: 95/100 Ach Invoice App <= 1.0.1 - Unauthenticated Local File Inclusion Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

5centscdn

5centscdn

Score: 95/100 5centsCDN <= 25.4.15 - Reflected Cross-Site Scripting Affected: *-25.4.15 Patched: Updated: July 5, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-2.2.4 Patched: 2.2.5 Updated: July 5, 2026
LOW

top-comments

top-comments

Score: N/A Top Comments <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

project-panorama-lite

project-panorama-lite

Score: N/A Panorama – WordPress Project Management Plugin <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.5.1 Patched: Updated: July 5, 2026
LOW

goodlayers-core

goodlayers-core

Score: 93/100 Goodlayers Core <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.9 Patched: 2.0.10 Updated: July 5, 2026
LOW

wpsso

wpsso

Score: N/A WPSSO Core <= 18.18.1 - Missing Authorization Affected: *-18.18.1 Patched: 18.18.2 Updated: July 5, 2026
LOW

wpkoi-templates-for-elementor

wpkoi-templates-for-elementor

Score: N/A WPKoi Templates for Elementor <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.3 Patched: 3.1.4 Updated: July 5, 2026
LOW

wp-post-author

wp-post-author

Score: N/A WP Post Author <= 3.8.2 - Authenticated (Administrator+) SQL Injection Affected: *-3.8.2 Patched: 3.8.3 Updated: July 5, 2026
LOW

themify-audio-dock

themify-audio-dock

Score: N/A Themify Audio Dock <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.4 Patched: 2.0.5 Updated: July 5, 2026
LOW

the-plus-addons-for-block-editor

the-plus-addons-for-block-editor

Score: N/A Nexter Blocks <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0.4 Patched: 4.0.5 Updated: July 5, 2026
LOW

shopelement

shopelement

Score: N/A ShopElement <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.1.0 Updated: July 5, 2026
LOW

pronamic-google-maps

pronamic-google-maps

Score: N/A Pronamic Google Maps <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.2 Patched: 2.3.3 Updated: July 5, 2026
LOW

premium-blocks-for-gutenberg

premium-blocks-for-gutenberg

Score: N/A Premium Blocks – Gutenberg Blocks for WordPress <= 2.1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.42 Patched: 2.1.43 Updated: July 5, 2026
LOW

post-grid-elementor-addon

post-grid-elementor-addon

Score: 93/100 Post Grid Elementor Addon <= 2.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.18 Patched: 2.0.19 Updated: July 5, 2026
LOW

music-store

music-store

Score: 93/100 Music Store – WordPress eCommerce <= 1.1.19 - Reflected Cross-Site Scripting Affected: *-1.1.19 Patched: 1.2.0 Updated: July 5, 2026
LOW

mp3-music-player-by-sonaar

mp3-music-player-by-sonaar

Score: 93/100 MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.8 - Missing Authorization Affected: *-5.8 Patched: 5.9 Updated: July 5, 2026
LOW

move-addons

move-addons

Score: 93/100 Move Addons for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: 1.3.7 Updated: July 5, 2026
LOW

magazine-blocks

magazine-blocks

Score: 93/100 Magazine Blocks <= 1.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.20 Patched: 1.3.21 Updated: July 5, 2026
LOW

just-writing-statistics

just-writing-statistics

Score: 93/100 Just Writing Statistics <= 4.7 - Authenticated (Administrator+) SQL Injection Affected: *-4.7 Patched: 4.8 Updated: July 5, 2026
LOW

interactive-uk-map

interactive-uk-map

Score: 93/100 Interactive UK Map <= 3.4.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.4.8 Patched: 3.4.9 Updated: July 5, 2026
LOW

ht-event

ht-event

Score: 93/100 HT Event <= 1.4.6 - Reflected Cross-Site Scripting Affected: *-1.4.6 Patched: 1.4.7 Updated: July 5, 2026
LOW

hestia-nginx-cache

hestia-nginx-cache

Score: 93/100 Hestia Nginx Cache <= 2.4.0 - Missing Authorization Affected: *-2.4.0 Patched: 2.4.1 Updated: July 5, 2026
LOW

gs-projects

gs-projects

Score: 93/100 Project Showcase <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.2 Updated: July 5, 2026
LOW

gs-dribbble-portfolio

gs-dribbble-portfolio

Score: 93/100 GS Shots for Dribbble <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.1 Updated: July 5, 2026
LOW

gs-coach

gs-coach

Score: 93/100 GS Coaches <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.1 Updated: July 5, 2026
LOW

floating-action-buttons

floating-action-buttons

Score: 93/100 Floating Action Buttons <= 0.9.1 - Missing Authorization Affected: *-0.9.1 Patched: 1.0.1 Updated: July 5, 2026
LOW

event-espresso-decaf

event-espresso-decaf

Score: 93/100 Event Espresso 4 Decaf <= 5.0.28.decaf - Cross-Site Request Forgery Affected: * - 5.0.28.decaf Patched: 5.0.31.decaf Updated: July 5, 2026
LOW

enteraddons

enteraddons

Score: 93/100 Enter Addons <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.9 Patched: 2.2.1 Updated: July 5, 2026
LOW

Data Tables Generator by Supsystic

data-tables-generator-by-supsystic

Score: 89/100 Data Tables Generator by Supsystic <= 1.10.36 - Missing Authorization Affected: *-1.10.36 Patched: 1.10.37 Updated: July 5, 2026
LOW

convertcalculator

convertcalculator

Score: 93/100 ConvertCalculator for WordPress <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.2 Updated: July 5, 2026
LOW

contest-gallery

contest-gallery

Score: 93/100 Contest Gallery <= 24.0.3 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-24.0.3 Patched: 24.0.4 Updated: July 5, 2026
LOW

coins-marketcap

coins-marketcap

Score: 93/100 Coins MarketCap <= 5.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.5.8 Patched: 5.5.9 Updated: July 5, 2026
LOW

ayecode-connect

ayecode-connect

Score: 93/100 AyeCode Connect <= 1.3.8 - Missing Authorization Affected: *-1.3.8 Patched: 1.3.9 Updated: July 5, 2026
LOW

ashe-extra

ashe-extra

Score: 97/100 Ashe Extra <= 1.2.92 - Missing Authorization Affected: *-1.2.92 Patched: 1.3 Updated: July 5, 2026
LOW

arconix-shortcodes

arconix-shortcodes

Score: 95/100 Arconix Shortcodes <= 2.1.15 - Reflected Cross-Site Scripting Affected: *-2.1.15 Patched: 2.1.16 Updated: July 5, 2026
LOW

arconix-shortcodes

arconix-shortcodes

Score: 95/100 Arconix Shortcodes <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.14 Patched: 2.1.15 Updated: July 5, 2026
LOW

aio-shortcodes

aio-shortcodes

Score: 97/100 Best WordPress Shortcode Plugin in 2025 – AIO Shortcodes <= 1.3.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: July 5, 2026
LOW

acymailing

acymailing

Score: 97/100 AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress <= 9.11.0 - Reflected Cross-Site Scripting Affected: *-9.11.0 Patched: 9.11.1 Updated: July 5, 2026
LOW

acf-city-selector

acf-city-selector

Score: 95/100 ACF City Selector <= 1.14.0 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.14.0 Patched: 1.15.0 Updated: July 5, 2026
LOW

post-timeline

post-timeline

Score: N/A Post Timeline <= 2.3.9 - Reflected Cross-Site Scripting Affected: *-2.3.9 Patched: 2.3.10 Updated: July 5, 2026
LOW

nova-poshta-ttn

nova-poshta-ttn

Score: 93/100 Shipping for Nova Poshta plugin for WordPress <= 1.19.6 - Unauthenticated SQL Injection Affected: *-1.19.6 Patched: 1.19.7 Updated: July 5, 2026
LOW

analytics-cat

analytics-cat

Score: 97/100 Analytics Cat <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: July 5, 2026
LOW

iamport-for-woocommerce

iamport-for-woocommerce

Score: 93/100 PORTONE 우커머스 결제 <= 3.2.5 - Reflected Cross-Site Scripting Affected: *-3.2.5 Patched: 3.2.6 Updated: July 5, 2026
LOW

gd-mail-queue

gd-mail-queue

Score: 93/100 GD Mail Queue <= 4.3 - Reflected Cross-Site Scripting Affected: *-4.3 Patched: 4.4 Updated: July 5, 2026
LOW

List category posts

list-category-posts

Score: 94/100 List category posts <= 0.90.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-0.90.2 Patched: 0.90.3 Updated: July 5, 2026
LOW

jsp-store-locator

jsp-store-locator

Score: 89/100 JSP Store Locator <= 1.0 - Authenticated (Contributor+) SQL Injection Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

jsp-store-locator

jsp-store-locator

Score: 89/100 JSP Store Locator <= 1.0 - Cross-Site Request Forgery to Store Deletion Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

ideapush

ideapush

Score: 93/100 IdeaPush <= 8.72 - Missing Authorization Affected: *-8.72 Patched: 8.73 Updated: July 5, 2026
LOW

bulk-editor

bulk-editor

Score: 93/100 WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.5 - Authenticated (Editor+) Path Traversal Affected: *-1.0.8.5 Patched: 1.0.8.6 Updated: July 5, 2026
LOW

ahathat

ahathat

Score: 92/100 AHAthat Plugin <= 1.6 - Authenticated (Admin+) SQL Injection Affected: *-1.6 Patched: Updated: July 5, 2026
LOW

wp24-domain-check

wp24-domain-check

Score: N/A WP24 Domain Check <= 1.10.14 - Reflected Cross-Site Scripting Affected: *-1.10.14 Patched: 1.10.15 Updated: July 5, 2026
LOW

newsletters-lite

newsletters-lite

Score: 93/100 Newsletters <= 4.9.9.6 - Reflected Cross-Site Scripting Affected: *-4.9.9.6 Patched: 4.9.9.7 Updated: July 5, 2026

Showing 14001 to 14100 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 10:59 UTC.