Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36406Across tracked plugins
Affected Plugins
91With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| embedding-barcodes-into-product-pages-and-orders | embedding-barcodes-into-product-pages-and-orders |
93
|
Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages <= 2.0.2 - Authenticated (Subscriber+) Sensitive Information Disclosure | LOW | *-2.0.2 | 2.0.3 | July 5, 2026 | |
| drm-protected-video-streaming | drm-protected-video-streaming |
89
|
S3Player – WooCommerce & Elementor Integration <= 4.2.1 - Reflected Cross-Site Scripting | LOW | *-4.2.1 | July 5, 2026 | ||
| edwiser-bridge | edwiser-bridge |
93
|
Edwiser Bridge – WordPress Moodle LMS Integration <= 3.0.8 - Reflected Cross-Site Scripting | LOW | *-3.0.8 | 3.1.0 | July 5, 2026 | |
| wte-elementor-widgets | wte-elementor-widgets | N/A | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion | LOW | *-1.3.7 | 1.3.8 | July 5, 2026 | |
| wplegalpages | wplegalpages | N/A | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forgery | LOW | *-3.2.7 | 3.2.8 | July 5, 2026 | |
| wp2leads | wp2leads | N/A | WP2LEADS <= 3.3.3 - Reflected Cross-Site Scripting | LOW | *-3.3.3 | 3.3.4 | July 5, 2026 | |
| WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards | wp-data-access | N/A | WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection | LOW | *-5.5.22 | 5.5.23 | July 5, 2026 | |
| woo-point-of-sale | woo-point-of-sale | N/A | WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change | LOW | *-6.1.0 | 6.2.0 | July 5, 2026 | |
| tourfic | tourfic | N/A | Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection | LOW | *-2.15.3 | 2.15.4 | July 5, 2026 | |
| nex-forms-express-wp-form-builder | nex-forms-express-wp-form-builder |
93
|
NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection | LOW | *-8.7.15 | 8.7.16 | July 5, 2026 | |
| marketking-multivendor-marketplace-for-woocommerce | marketking-multivendor-marketplace-for-woocommerce |
93
|
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 2.0.00 - Missing Authorization | LOW | *-2.0.00 | 2.0.25 | July 5, 2026 | |
| fusion-builder | fusion-builder |
93
|
Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure | LOW | *-3.11.12 | 3.11.13 | July 5, 2026 | |
| bit-form | bit-form |
93
|
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure | LOW | *-2.17.3 | 2.17.4 | July 5, 2026 | |
| booking-calendar | booking-calendar |
91
|
Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection | LOW | *-3.2.19 | 3.2.20 | July 5, 2026 | |
| database-backup | database-backup |
93
|
Database Backup and check Tables Automated With Scheduler 2024 <= 2.32 - Authenticated (Admin+) Arbitrary File Read | LOW | *-2.32 | 2.33 | July 5, 2026 | |
| content-no-cache | content-no-cache |
93
|
Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure | LOW | *-0.1.2 | 0.1.3 | July 5, 2026 | |
| wp-datepicker | wp-datepicker | N/A | WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting | LOW | *-2.1.4 | 2.1.5 | July 5, 2026 | |
| bitcoin-lightning-publisher | bitcoin-lightning-publisher |
93
|
Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting | LOW | *-1.4.1 | 1.4.2 | July 5, 2026 | |
| optio-dentistry | optio-dentistry |
93
|
Optio Dentistry <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.1 | 2.2 | July 5, 2026 | |
| wp-appbox | wp-appbox | N/A | WP-Appbox <= 4.5.3 - Reflected Cross-Site Scripting | LOW | *-4.5.3 | 4.5.4 | July 5, 2026 | |
| wordpress-simple-paypal-shopping-cart | wordpress-simple-paypal-shopping-cart | N/A | WordPress Simple Shopping Cart <= 5.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-5.0.7 | 5.0.8 | July 5, 2026 | |
| woocommerce-delivery-notes | woocommerce-delivery-notes | N/A | Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion | LOW | *-5.4.0 | 5.4.1 | July 5, 2026 | |
| wc-price-history | wc-price-history | N/A | WC Price History for Omnibus <= 2.1.3 - Missing Authorization | LOW | *-2.1.3 | 2.1.4 | July 5, 2026 | |
| tracking-code-manager | tracking-code-manager | N/A | Tracking Code Manager <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.3.0 | 2.4.0 | July 5, 2026 | |
| shmapper-by-teplitsa | shmapper-by-teplitsa | N/A | shMapper by Teplitsa <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.4.18 | 1.5.0 | July 5, 2026 | |
| responsive-block-editor-addons | responsive-block-editor-addons | N/A | Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.9.7 | 1.9.8 | July 5, 2026 | |
| plugversions | plugversions |
93
|
PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation | LOW | *-0.0.7 | 0.0.8 | July 5, 2026 | |
| ninjateam-telegram | ninjateam-telegram |
93
|
NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0 | 1.1 | July 5, 2026 | |
| login-page-styler | login-page-styler |
93
|
ALL In One Custom Login Page <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+)Privilege Escalation | LOW | *-7.1.1 | 7.1.2 | July 5, 2026 | |
| loan-comparison | loan-comparison |
93
|
Loan Comparison <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.0 | 2.0.1 | July 5, 2026 | |
| export-customers-data | export-customers-data |
93
|
Export Customers Data <= 1.2.3 - Reflected Cross-Site Scripting | LOW | *-1.2.3 | 1.2.4 | July 5, 2026 | |
| Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | email-subscribers |
65
|
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce <= 5.7.44 - Authenticated (Admin+) Stored Cross-Site Scripting via Form Settings | LOW | *-5.7.44 | 5.7.45 | July 5, 2026 | |
| Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | email-subscribers |
65
|
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce <= 5.7.44 - Authenticated (Admin+) Stored Cross-Site Scripting via Workflow Settings | LOW | *-5.7.44 | 5.7.45 | July 5, 2026 | |
| Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | email-subscribers |
65
|
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce <= 5.7.44 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-5.7.44 | 5.7.45 | July 5, 2026 | |
| Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | email-subscribers |
65
|
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce <= 5.7.44 - Authenticated (Admin+) Stored Cross-Site Scripting via Text Block | LOW | *-5.7.44 | 5.7.45 | July 5, 2026 | |
| elex-woocommerce-dynamic-pricing-and-discounts | elex-woocommerce-dynamic-pricing-and-discounts |
93
|
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization | LOW | *-2.1.7 | 2.1.8 | July 5, 2026 | |
| directorypress | directorypress |
93
|
DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting | LOW | *-3.6.16 | 3.6.17 | July 5, 2026 | |
| bookingpress-appointment-booking | bookingpress-appointment-booking |
93
|
BookingPress <= 1.1.22 - Unauthenticated File Export Download | LOW | *-1.1.22 | 1.1.23 | July 5, 2026 | |
| bookingpress-appointment-booking | bookingpress-appointment-booking |
93
|
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection | LOW | *-1.1.21 | 1.1.22 | July 5, 2026 | |
| ai-content | ai-content |
97
|
Text Prompter – Unlimited chatgpt text prompts for openai tasks <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.7 | 1.0.8 | July 5, 2026 | |
| Advanced Google reCAPTCHA | advanced-google-recaptcha |
89
|
Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock | LOW | *-1.25 | 1.26 | July 5, 2026 | |
| advanced-floating-content | advanced-floating-content |
97
|
Advanced Floating Content <= 3.8.2 - Authenticated (Subscriber+) SQL Injection | LOW | *-3.8.2 | 3.8.3 | July 5, 2026 | |
| header-footer-elementor | header-footer-elementor |
93
|
Elementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title Widget | LOW | *-1.6.46 | 1.6.47 | July 5, 2026 | |
| wp-mailster | wp-mailster | N/A | WP Mailster <= 1.8.17.0 - Reflected Cross-Site Scripting | LOW | *-1.8.17.0 | 1.8.18.0 | July 5, 2026 | |
| sprout-invoices | sprout-invoices | N/A | Client Invoicing by Sprout Invoices – Easy Estimates and Invoices <= 20.8.1 - Missing Authorization | LOW | *-20.8.1 | 20.8.2 | July 5, 2026 | |
| picu | picu |
93
|
picu – Online Photo Proofing Gallery <= 2.4.0 - Missing Authorization | LOW | *-2.4.0 | 2.4.1 | July 5, 2026 | |
| bdthemes-element-pack-lite | bdthemes-element-pack-lite |
93
|
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization | LOW | *-5.10.12 | 5.10.13 | July 5, 2026 | |
| customize-my-account-for-woocommerce | customize-my-account-for-woocommerce |
93
|
SysBasics Customize My Account for WooCommerce <= 2.8.22 - Reflected Cross-Site Scripting | LOW | *-2.8.22 | 2.9.0 | July 5, 2026 | |
| Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | easy-digital-downloads |
78
|
Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download | LOW | *-3.3.2 | 3.3.3 | July 5, 2026 | |
| Elementor Website Builder – more than just a page builder | elementor |
79
|
Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings | LOW | *-3.25.9 | 3.25.10 | July 5, 2026 | |
| wp-base-booking-of-appointments-services-and-events | wp-base-booking-of-appointments-services-and-events | N/A | WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db | LOW | *-4.9.2 | 5.0.0 | July 5, 2026 | |
| latex2html | latex2html |
93
|
LaTeX2HTML <= 2.5.5 - Reflected Cross-Site Scripting | LOW | *-2.5.5 | 2.6.0 | July 5, 2026 | |
| acf-frontend-form-element | acf-frontend-form-element |
97
|
Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection | LOW | *-3.25.1 | 3.25.2 | July 5, 2026 | |
| auxin-elements | auxin-elements |
89
|
Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget | LOW | *-2.17.2 | 2.17.3 | July 5, 2026 | |
| auxin-elements | auxin-elements |
89
|
Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes | LOW | *-2.17.0 | 2.17.1 | July 5, 2026 | |
| full-screen-menu-for-elementor | full-screen-menu-for-elementor |
91
|
Full Screen Menu for Elementor <= 1.0.7 - Authenticated (Contributor+) Post Disclosure | LOW | *-1.0.7 | July 5, 2026 | ||
| pingmeter-uptime-monitoring | pingmeter-uptime-monitoring |
91
|
Pingmeter Uptime Monitoring <= 1.0.3 - Reflected Cross-Site Scripting | LOW | *-1.0.3 | July 5, 2026 | ||
| Custom Product tabs for WooCommerce | wb-custom-product-tabs-for-woocommerce |
94
|
Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection | LOW | *-1.2.4 | 1.2.5 | July 5, 2026 | |
| real-kit | real-kit | N/A | real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-5.1.1 | July 5, 2026 | ||
| One Click Upsell Funnel for Woocommerce | woo-one-click-upsell-funnel | N/A | One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode | LOW | *-3.4.9 | 3.4.10 | July 5, 2026 | |
| ebook-store | ebook-store |
93
|
Ebook Store <= 5.8001 - Reflected Cross-Site Scripting | LOW | *-5.8001 | 5.8002 | July 5, 2026 | |
| ebook-store | ebook-store |
93
|
Ebook Store <= 5.8001 - Reflected Cross-Site Scripting via 'step' | LOW | *-5.8001 | 5.8002 | July 5, 2026 | |
| reactflow-session-replay-heatmap | reactflow-session-replay-heatmap | N/A | Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Reflected Cross-Site Scripting | LOW | *-1.0.10 | July 5, 2026 | ||
| multi-column-tag-map | multi-column-tag-map |
91
|
Multi-column Tag Map <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode | LOW | *-17.0.33 | 17.0.34 | July 5, 2026 | |
| smsa-shipping-official | smsa-shipping-official | N/A | SMSA Shipping(official) <= 2.3 - Authenticated (Subscriber+) Arbitrary File Deletion | LOW | *-2.3 | 2.4 | July 5, 2026 | |
| gwebpro-store-locator | gwebpro-store-locator |
89
|
G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting | LOW | *-2.1 | July 5, 2026 | ||
| kk-star-ratings | kk-star-ratings |
93
|
kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution | LOW | *-5.4.10 | 5.4.10.2 | July 5, 2026 | |
| push-notification-by-feedify | push-notification-by-feedify | N/A | Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting | LOW | *-2.4.2 | 2.4.3 | July 5, 2026 | |
| wp-migrate-2-aws | wp-migrate-2-aws | N/A | WP on AWS <= 5.2.1 - Reflected Cross-Site Scripting | LOW | *-5.2.1 | 5.2.2 | July 5, 2026 | |
| wp-docs | wp-docs | N/A | WP Docs <= 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection via 'dir_id' | LOW | *-2.2.0 | 2.2.1 | July 5, 2026 | |
| magicpost | magicpost |
93
|
MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode | LOW | *-1.2.1 | 1.2.2 | July 5, 2026 | |
| LiteSpeed Cache | litespeed-cache |
69
|
LiteSpeed Cache <= 6.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-6.5.2 | 6.5.3 | July 5, 2026 | |
| ecommerce-product-catalog | ecommerce-product-catalog |
93
|
eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset | LOW | *-3.3.43 | 3.3.44 | July 5, 2026 | |
| contact-form-master | contact-form-master |
91
|
Contact Form Master <= 1.0.7 - Reflected Cross-Site Scripting | LOW | *-1.0.7 | July 5, 2026 | ||
| isee-products-extractor | isee-products-extractor |
93
|
isee-products-extractor <= 2.1.3 - Reflected Cross-Site Scripting | LOW | *-2.1.3 | 2.1.4 | July 5, 2026 | |
| category-post-slider | category-post-slider |
91
|
Category Post Slider <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.4 | July 5, 2026 | ||
| maintenance-coming-soon-redirect-animation | maintenance-coming-soon-redirect-animation |
91
|
Maintenance & Coming Soon Redirect Animation <= 2.1.3 - Missing Authorization to Settings Update | LOW | *-2.1.3 | 2.3.0 | July 5, 2026 | |
| spoki | spoki | N/A | Spoki – Chat Buttons and WooCommerce Notifications <= 2.15.15 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.15.15 | 2.15.16 | July 5, 2026 | |
| nacc-wordpress-plugin | nacc-wordpress-plugin |
93
|
NACC WordPress Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.1.0 | 4.2.0 | July 5, 2026 | |
| outdooractive-embed | outdooractive-embed |
93
|
Outdooractive Embed <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.5 | 1.6 | July 5, 2026 | |
| wp-shapes | wp-shapes | N/A | WP SHAPES <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | LOW | 1.0.0 | July 5, 2026 | ||
| ticketsource-events | ticketsource-events | N/A | Sell Tickets Online – TicketSource Ticket Shop for WordPress <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.0.2 | 3.1.0 | July 5, 2026 | |
| embed-twine | embed-twine |
91
|
Embed Twine <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-0.1.0 | July 5, 2026 | ||
| particle-background | particle-background |
91
|
Particle Background <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.0.2 | July 5, 2026 | ||
| finance-calculator-with-application-form | finance-calculator-with-application-form |
91
|
Financial Calculator <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.2.1 | July 5, 2026 | ||
| wtyczka-seopilot-dla-wp | wtyczka-seopilot-dla-wp | N/A | Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-3.3.091 | July 5, 2026 | ||
| spotlightr | spotlightr | N/A | Spotlightr <= 0.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-0.1.11 | 0.1.12 | July 5, 2026 | |
| pcrecruiter-extensions | pcrecruiter-extensions |
93
|
PCRecruiter Extensions <= 1.4.22 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.4.22 | 1.4.23 | July 5, 2026 | |
| wpmozo-addons-lite-for-elementor | wpmozo-addons-lite-for-elementor | N/A | WPMozo Addons Lite for Elementor <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.2.0 | 1.3.0 | July 5, 2026 | |
| wp-nice-loader | wp-nice-loader | N/A | WP Nice Loader <= 0.1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-0.1.0.4 | July 5, 2026 | ||
| wp-event-solution | wp-event-solution | N/A | Eventin <= 4.0.7 - Authenticated (Contributor+) Local File Inclusion | LOW | *-4.0.7 | 4.0.9 | July 5, 2026 | |
| woocommerce-pdf-vouchers | woocommerce-pdf-vouchers | N/A | WooCommerce PDF Vouchers < 4.9.9 - Reflected Cross-Site Scripting | LOW | [*, 4.9.9) | 4.9.9 | July 5, 2026 | |
| wish-list-for-woocommerce | wish-list-for-woocommerce | N/A | Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.2 - Reflected Cross-Site Scripting | LOW | *-3.1.2 | 3.1.3 | July 5, 2026 | |
| widget-options | widget-options | N/A | Widget Options <= 4.0.6.1 - Missing Authorization | LOW | *-4.0.6.1 | 4.0.8 | July 5, 2026 | |
| userpro | userpro | N/A | Userpro <= 5.1.9 - Reflected Cross-Site Scripting | LOW | *-5.1.9 | July 5, 2026 | ||
| userpro | userpro | N/A | Userpro <= 5.1.9 - Unauthenticated Local File Inclusion | LOW | *-5.1.9 | July 5, 2026 | ||
| userpro | userpro | N/A | Userpro <= 5.1.9 - Missing Authorization | LOW | *-5.1.9 | July 5, 2026 | ||
| userpro | userpro | N/A | Userpro <= 5.1.9 - Authenticated (Contributor+) SQL Injection | LOW | *-5.1.9 | July 5, 2026 | ||
| ultimate-store-kit | ultimate-store-kit | N/A | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.3.0 - Missing Authorization | LOW | *-2.3.0 | 2.3.1 | July 5, 2026 | |
| themify-builder | themify-builder | N/A | Themify Builder <= 7.6.3 - Authenticated (Contributor+) Local File Inclusion | LOW | *-7.6.3 | 7.6.5 | July 5, 2026 |
embedding-barcodes-into-product-pages-and-orders
embedding-barcodes-into-product-pages-and-orders
drm-protected-video-streaming
drm-protected-video-streaming
edwiser-bridge
edwiser-bridge
wte-elementor-widgets
wte-elementor-widgets
wplegalpages
wplegalpages
wp2leads
wp2leads
WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards
wp-data-access
woo-point-of-sale
woo-point-of-sale
tourfic
tourfic
nex-forms-express-wp-form-builder
nex-forms-express-wp-form-builder
marketking-multivendor-marketplace-for-woocommerce
marketking-multivendor-marketplace-for-woocommerce
fusion-builder
fusion-builder
bit-form
bit-form
booking-calendar
booking-calendar
database-backup
database-backup
content-no-cache
content-no-cache
wp-datepicker
wp-datepicker
bitcoin-lightning-publisher
bitcoin-lightning-publisher
optio-dentistry
optio-dentistry
wp-appbox
wp-appbox
wordpress-simple-paypal-shopping-cart
wordpress-simple-paypal-shopping-cart
woocommerce-delivery-notes
woocommerce-delivery-notes
wc-price-history
wc-price-history
tracking-code-manager
tracking-code-manager
shmapper-by-teplitsa
shmapper-by-teplitsa
responsive-block-editor-addons
responsive-block-editor-addons
plugversions
plugversions
ninjateam-telegram
ninjateam-telegram
login-page-styler
login-page-styler
loan-comparison
loan-comparison
export-customers-data
export-customers-data
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
email-subscribers
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
email-subscribers
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
email-subscribers
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
email-subscribers
elex-woocommerce-dynamic-pricing-and-discounts
elex-woocommerce-dynamic-pricing-and-discounts
directorypress
directorypress
bookingpress-appointment-booking
bookingpress-appointment-booking
bookingpress-appointment-booking
bookingpress-appointment-booking
ai-content
ai-content
Advanced Google reCAPTCHA
advanced-google-recaptcha
advanced-floating-content
advanced-floating-content
header-footer-elementor
header-footer-elementor
wp-mailster
wp-mailster
sprout-invoices
sprout-invoices
picu
picu
bdthemes-element-pack-lite
bdthemes-element-pack-lite
customize-my-account-for-woocommerce
customize-my-account-for-woocommerce
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
easy-digital-downloads
Elementor Website Builder – more than just a page builder
elementor
wp-base-booking-of-appointments-services-and-events
wp-base-booking-of-appointments-services-and-events
latex2html
latex2html
acf-frontend-form-element
acf-frontend-form-element
auxin-elements
auxin-elements
auxin-elements
auxin-elements
full-screen-menu-for-elementor
full-screen-menu-for-elementor
pingmeter-uptime-monitoring
pingmeter-uptime-monitoring
Custom Product tabs for WooCommerce
wb-custom-product-tabs-for-woocommerce
real-kit
real-kit
One Click Upsell Funnel for Woocommerce
woo-one-click-upsell-funnel
ebook-store
ebook-store
ebook-store
ebook-store
reactflow-session-replay-heatmap
reactflow-session-replay-heatmap
multi-column-tag-map
multi-column-tag-map
smsa-shipping-official
smsa-shipping-official
gwebpro-store-locator
gwebpro-store-locator
kk-star-ratings
kk-star-ratings
push-notification-by-feedify
push-notification-by-feedify
wp-migrate-2-aws
wp-migrate-2-aws
wp-docs
wp-docs
magicpost
magicpost
LiteSpeed Cache
litespeed-cache
ecommerce-product-catalog
ecommerce-product-catalog
contact-form-master
contact-form-master
isee-products-extractor
isee-products-extractor
category-post-slider
category-post-slider
maintenance-coming-soon-redirect-animation
maintenance-coming-soon-redirect-animation
spoki
spoki
nacc-wordpress-plugin
nacc-wordpress-plugin
outdooractive-embed
outdooractive-embed
wp-shapes
wp-shapes
ticketsource-events
ticketsource-events
embed-twine
embed-twine
particle-background
particle-background
finance-calculator-with-application-form
finance-calculator-with-application-form
wtyczka-seopilot-dla-wp
wtyczka-seopilot-dla-wp
spotlightr
spotlightr
pcrecruiter-extensions
pcrecruiter-extensions
wpmozo-addons-lite-for-elementor
wpmozo-addons-lite-for-elementor
wp-nice-loader
wp-nice-loader
wp-event-solution
wp-event-solution
woocommerce-pdf-vouchers
woocommerce-pdf-vouchers
wish-list-for-woocommerce
wish-list-for-woocommerce
widget-options
widget-options
userpro
userpro
userpro
userpro
userpro
userpro
userpro
userpro
ultimate-store-kit
ultimate-store-kit
themify-builder
themify-builder
Showing 14101 to 14200 of 36406 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 5, 2026 at 11:56 UTC.