Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

91

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
embedding-barcodes-into-product-pages-and-orders embedding-barcodes-into-product-pages-and-orders
93
Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages <= 2.0.2 - Authenticated (Subscriber+) Sensitive Information Disclosure LOW *-2.0.2 2.0.3 July 5, 2026
drm-protected-video-streaming drm-protected-video-streaming
89
S3Player – WooCommerce & Elementor Integration <= 4.2.1 - Reflected Cross-Site Scripting LOW *-4.2.1 July 5, 2026
edwiser-bridge edwiser-bridge
93
Edwiser Bridge – WordPress Moodle LMS Integration <= 3.0.8 - Reflected Cross-Site Scripting LOW *-3.0.8 3.1.0 July 5, 2026
wte-elementor-widgets wte-elementor-widgets N/A WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion LOW *-1.3.7 1.3.8 July 5, 2026
wplegalpages wplegalpages N/A Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forgery LOW *-3.2.7 3.2.8 July 5, 2026
wp2leads wp2leads N/A WP2LEADS <= 3.3.3 - Reflected Cross-Site Scripting LOW *-3.3.3 3.3.4 July 5, 2026
WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards wp-data-access N/A WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection LOW *-5.5.22 5.5.23 July 5, 2026
woo-point-of-sale woo-point-of-sale N/A WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change LOW *-6.1.0 6.2.0 July 5, 2026
tourfic tourfic N/A Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection LOW *-2.15.3 2.15.4 July 5, 2026
nex-forms-express-wp-form-builder nex-forms-express-wp-form-builder
93
NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection LOW *-8.7.15 8.7.16 July 5, 2026
marketking-multivendor-marketplace-for-woocommerce marketking-multivendor-marketplace-for-woocommerce
93
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 2.0.00 - Missing Authorization LOW *-2.0.00 2.0.25 July 5, 2026
fusion-builder fusion-builder
93
Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure LOW *-3.11.12 3.11.13 July 5, 2026
bit-form bit-form
93
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure LOW *-2.17.3 2.17.4 July 5, 2026
booking-calendar booking-calendar
91
Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection LOW *-3.2.19 3.2.20 July 5, 2026
database-backup database-backup
93
Database Backup and check Tables Automated With Scheduler 2024 <= 2.32 - Authenticated (Admin+) Arbitrary File Read LOW *-2.32 2.33 July 5, 2026
content-no-cache content-no-cache
93
Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure LOW *-0.1.2 0.1.3 July 5, 2026
wp-datepicker wp-datepicker N/A WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting LOW *-2.1.4 2.1.5 July 5, 2026
bitcoin-lightning-publisher bitcoin-lightning-publisher
93
Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting LOW *-1.4.1 1.4.2 July 5, 2026
optio-dentistry optio-dentistry
93
Optio Dentistry <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1 2.2 July 5, 2026
wp-appbox wp-appbox N/A WP-Appbox <= 4.5.3 - Reflected Cross-Site Scripting LOW *-4.5.3 4.5.4 July 5, 2026
wordpress-simple-paypal-shopping-cart wordpress-simple-paypal-shopping-cart N/A WordPress Simple Shopping Cart <= 5.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.0.7 5.0.8 July 5, 2026
woocommerce-delivery-notes woocommerce-delivery-notes N/A Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion LOW *-5.4.0 5.4.1 July 5, 2026
wc-price-history wc-price-history N/A WC Price History for Omnibus <= 2.1.3 - Missing Authorization LOW *-2.1.3 2.1.4 July 5, 2026
tracking-code-manager tracking-code-manager N/A Tracking Code Manager <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.0 2.4.0 July 5, 2026
shmapper-by-teplitsa shmapper-by-teplitsa N/A shMapper by Teplitsa <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.18 1.5.0 July 5, 2026
responsive-block-editor-addons responsive-block-editor-addons N/A Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.7 1.9.8 July 5, 2026
plugversions plugversions
93
PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation LOW *-0.0.7 0.0.8 July 5, 2026
ninjateam-telegram ninjateam-telegram
93
NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 1.1 July 5, 2026
login-page-styler login-page-styler
93
ALL In One Custom Login Page <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+)Privilege Escalation LOW *-7.1.1 7.1.2 July 5, 2026
loan-comparison loan-comparison
93
Loan Comparison <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 2.0.1 July 5, 2026
export-customers-data export-customers-data
93
Export Customers Data <= 1.2.3 - Reflected Cross-Site Scripting LOW *-1.2.3 1.2.4 July 5, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress email-subscribers
65
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce <= 5.7.44 - Authenticated (Admin+) Stored Cross-Site Scripting via Form Settings LOW *-5.7.44 5.7.45 July 5, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress email-subscribers
65
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce <= 5.7.44 - Authenticated (Admin+) Stored Cross-Site Scripting via Workflow Settings LOW *-5.7.44 5.7.45 July 5, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress email-subscribers
65
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce <= 5.7.44 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-5.7.44 5.7.45 July 5, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress email-subscribers
65
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce <= 5.7.44 - Authenticated (Admin+) Stored Cross-Site Scripting via Text Block LOW *-5.7.44 5.7.45 July 5, 2026
elex-woocommerce-dynamic-pricing-and-discounts elex-woocommerce-dynamic-pricing-and-discounts
93
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization LOW *-2.1.7 2.1.8 July 5, 2026
directorypress directorypress
93
DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-3.6.16 3.6.17 July 5, 2026
bookingpress-appointment-booking bookingpress-appointment-booking
93
BookingPress <= 1.1.22 - Unauthenticated File Export Download LOW *-1.1.22 1.1.23 July 5, 2026
bookingpress-appointment-booking bookingpress-appointment-booking
93
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection LOW *-1.1.21 1.1.22 July 5, 2026
ai-content ai-content
97
Text Prompter – Unlimited chatgpt text prompts for openai tasks <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.7 1.0.8 July 5, 2026
Advanced Google reCAPTCHA advanced-google-recaptcha
89
Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock LOW *-1.25 1.26 July 5, 2026
advanced-floating-content advanced-floating-content
97
Advanced Floating Content <= 3.8.2 - Authenticated (Subscriber+) SQL Injection LOW *-3.8.2 3.8.3 July 5, 2026
header-footer-elementor header-footer-elementor
93
Elementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title Widget LOW *-1.6.46 1.6.47 July 5, 2026
wp-mailster wp-mailster N/A WP Mailster <= 1.8.17.0 - Reflected Cross-Site Scripting LOW *-1.8.17.0 1.8.18.0 July 5, 2026
sprout-invoices sprout-invoices N/A Client Invoicing by Sprout Invoices – Easy Estimates and Invoices <= 20.8.1 - Missing Authorization LOW *-20.8.1 20.8.2 July 5, 2026
picu picu
93
picu – Online Photo Proofing Gallery <= 2.4.0 - Missing Authorization LOW *-2.4.0 2.4.1 July 5, 2026
bdthemes-element-pack-lite bdthemes-element-pack-lite
93
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization LOW *-5.10.12 5.10.13 July 5, 2026
customize-my-account-for-woocommerce customize-my-account-for-woocommerce
93
SysBasics Customize My Account for WooCommerce <= 2.8.22 - Reflected Cross-Site Scripting LOW *-2.8.22 2.9.0 July 5, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download LOW *-3.3.2 3.3.3 July 5, 2026
Elementor Website Builder – more than just a page builder elementor
79
Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings LOW *-3.25.9 3.25.10 July 5, 2026
wp-base-booking-of-appointments-services-and-events wp-base-booking-of-appointments-services-and-events N/A WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db LOW *-4.9.2 5.0.0 July 5, 2026
latex2html latex2html
93
LaTeX2HTML <= 2.5.5 - Reflected Cross-Site Scripting LOW *-2.5.5 2.6.0 July 5, 2026
acf-frontend-form-element acf-frontend-form-element
97
Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection LOW *-3.25.1 3.25.2 July 5, 2026
auxin-elements auxin-elements
89
Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget LOW *-2.17.2 2.17.3 July 5, 2026
auxin-elements auxin-elements
89
Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes LOW *-2.17.0 2.17.1 July 5, 2026
full-screen-menu-for-elementor full-screen-menu-for-elementor
91
Full Screen Menu for Elementor <= 1.0.7 - Authenticated (Contributor+) Post Disclosure LOW *-1.0.7 July 5, 2026
pingmeter-uptime-monitoring pingmeter-uptime-monitoring
91
Pingmeter Uptime Monitoring <= 1.0.3 - Reflected Cross-Site Scripting LOW *-1.0.3 July 5, 2026
Custom Product tabs for WooCommerce wb-custom-product-tabs-for-woocommerce
94
Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection LOW *-1.2.4 1.2.5 July 5, 2026
real-kit real-kit N/A real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.1.1 July 5, 2026
One Click Upsell Funnel for Woocommerce woo-one-click-upsell-funnel N/A One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode LOW *-3.4.9 3.4.10 July 5, 2026
ebook-store ebook-store
93
Ebook Store <= 5.8001 - Reflected Cross-Site Scripting LOW *-5.8001 5.8002 July 5, 2026
ebook-store ebook-store
93
Ebook Store <= 5.8001 - Reflected Cross-Site Scripting via 'step' LOW *-5.8001 5.8002 July 5, 2026
reactflow-session-replay-heatmap reactflow-session-replay-heatmap N/A Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Reflected Cross-Site Scripting LOW *-1.0.10 July 5, 2026
multi-column-tag-map multi-column-tag-map
91
Multi-column Tag Map <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode LOW *-17.0.33 17.0.34 July 5, 2026
smsa-shipping-official smsa-shipping-official N/A SMSA Shipping(official) <= 2.3 - Authenticated (Subscriber+) Arbitrary File Deletion LOW *-2.3 2.4 July 5, 2026
gwebpro-store-locator gwebpro-store-locator
89
G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting LOW *-2.1 July 5, 2026
kk-star-ratings kk-star-ratings
93
kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution LOW *-5.4.10 5.4.10.2 July 5, 2026
push-notification-by-feedify push-notification-by-feedify N/A Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting LOW *-2.4.2 2.4.3 July 5, 2026
wp-migrate-2-aws wp-migrate-2-aws N/A WP on AWS <= 5.2.1 - Reflected Cross-Site Scripting LOW *-5.2.1 5.2.2 July 5, 2026
wp-docs wp-docs N/A WP Docs <= 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection via 'dir_id' LOW *-2.2.0 2.2.1 July 5, 2026
magicpost magicpost
93
MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode LOW *-1.2.1 1.2.2 July 5, 2026
LiteSpeed Cache litespeed-cache
69
LiteSpeed Cache <= 6.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.5.2 6.5.3 July 5, 2026
ecommerce-product-catalog ecommerce-product-catalog
93
eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset LOW *-3.3.43 3.3.44 July 5, 2026
contact-form-master contact-form-master
91
Contact Form Master <= 1.0.7 - Reflected Cross-Site Scripting LOW *-1.0.7 July 5, 2026
isee-products-extractor isee-products-extractor
93
isee-products-extractor <= 2.1.3 - Reflected Cross-Site Scripting LOW *-2.1.3 2.1.4 July 5, 2026
category-post-slider category-post-slider
91
Category Post Slider <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4 July 5, 2026
maintenance-coming-soon-redirect-animation maintenance-coming-soon-redirect-animation
91
Maintenance & Coming Soon Redirect Animation <= 2.1.3 - Missing Authorization to Settings Update LOW *-2.1.3 2.3.0 July 5, 2026
spoki spoki N/A Spoki – Chat Buttons and WooCommerce Notifications <= 2.15.15 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.15.15 2.15.16 July 5, 2026
nacc-wordpress-plugin nacc-wordpress-plugin
93
NACC WordPress Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.1.0 4.2.0 July 5, 2026
outdooractive-embed outdooractive-embed
93
Outdooractive Embed <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5 1.6 July 5, 2026
wp-shapes wp-shapes N/A WP SHAPES <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW 1.0.0 July 5, 2026
ticketsource-events ticketsource-events N/A Sell Tickets Online – TicketSource Ticket Shop for WordPress <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.2 3.1.0 July 5, 2026
embed-twine embed-twine
91
Embed Twine <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1.0 July 5, 2026
particle-background particle-background
91
Particle Background <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
finance-calculator-with-application-form finance-calculator-with-application-form
91
Financial Calculator <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.1 July 5, 2026
wtyczka-seopilot-dla-wp wtyczka-seopilot-dla-wp N/A Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.3.091 July 5, 2026
spotlightr spotlightr N/A Spotlightr <= 0.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1.11 0.1.12 July 5, 2026
pcrecruiter-extensions pcrecruiter-extensions
93
PCRecruiter Extensions <= 1.4.22 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.22 1.4.23 July 5, 2026
wpmozo-addons-lite-for-elementor wpmozo-addons-lite-for-elementor N/A WPMozo Addons Lite for Elementor <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.0 1.3.0 July 5, 2026
wp-nice-loader wp-nice-loader N/A WP Nice Loader <= 0.1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.1.0.4 July 5, 2026
wp-event-solution wp-event-solution N/A Eventin <= 4.0.7 - Authenticated (Contributor+) Local File Inclusion LOW *-4.0.7 4.0.9 July 5, 2026
woocommerce-pdf-vouchers woocommerce-pdf-vouchers N/A WooCommerce PDF Vouchers < 4.9.9 - Reflected Cross-Site Scripting LOW [*, 4.9.9) 4.9.9 July 5, 2026
wish-list-for-woocommerce wish-list-for-woocommerce N/A Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.2 - Reflected Cross-Site Scripting LOW *-3.1.2 3.1.3 July 5, 2026
widget-options widget-options N/A Widget Options <= 4.0.6.1 - Missing Authorization LOW *-4.0.6.1 4.0.8 July 5, 2026
userpro userpro N/A Userpro <= 5.1.9 - Reflected Cross-Site Scripting LOW *-5.1.9 July 5, 2026
userpro userpro N/A Userpro <= 5.1.9 - Unauthenticated Local File Inclusion LOW *-5.1.9 July 5, 2026
userpro userpro N/A Userpro <= 5.1.9 - Missing Authorization LOW *-5.1.9 July 5, 2026
userpro userpro N/A Userpro <= 5.1.9 - Authenticated (Contributor+) SQL Injection LOW *-5.1.9 July 5, 2026
ultimate-store-kit ultimate-store-kit N/A Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.3.0 - Missing Authorization LOW *-2.3.0 2.3.1 July 5, 2026
themify-builder themify-builder N/A Themify Builder <= 7.6.3 - Authenticated (Contributor+) Local File Inclusion LOW *-7.6.3 7.6.5 July 5, 2026
LOW

embedding-barcodes-into-product-pages-and-orders

embedding-barcodes-into-product-pages-and-orders

Score: 93/100 Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages <= 2.0.2 - Authenticated (Subscriber+) Sensitive Information Disclosure Affected: *-2.0.2 Patched: 2.0.3 Updated: July 5, 2026
LOW

drm-protected-video-streaming

drm-protected-video-streaming

Score: 89/100 S3Player – WooCommerce & Elementor Integration <= 4.2.1 - Reflected Cross-Site Scripting Affected: *-4.2.1 Patched: Updated: July 5, 2026
LOW

edwiser-bridge

edwiser-bridge

Score: 93/100 Edwiser Bridge – WordPress Moodle LMS Integration <= 3.0.8 - Reflected Cross-Site Scripting Affected: *-3.0.8 Patched: 3.1.0 Updated: July 5, 2026
LOW

wte-elementor-widgets

wte-elementor-widgets

Score: N/A WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.3.7 Patched: 1.3.8 Updated: July 5, 2026
LOW

wplegalpages

wplegalpages

Score: N/A Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forgery Affected: *-3.2.7 Patched: 3.2.8 Updated: July 5, 2026
LOW

wp2leads

wp2leads

Score: N/A WP2LEADS <= 3.3.3 - Reflected Cross-Site Scripting Affected: *-3.3.3 Patched: 3.3.4 Updated: July 5, 2026
LOW

woo-point-of-sale

woo-point-of-sale

Score: N/A WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change Affected: *-6.1.0 Patched: 6.2.0 Updated: July 5, 2026
LOW

tourfic

tourfic

Score: N/A Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection Affected: *-2.15.3 Patched: 2.15.4 Updated: July 5, 2026
LOW

nex-forms-express-wp-form-builder

nex-forms-express-wp-form-builder

Score: 93/100 NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection Affected: *-8.7.15 Patched: 8.7.16 Updated: July 5, 2026
LOW

marketking-multivendor-marketplace-for-woocommerce

marketking-multivendor-marketplace-for-woocommerce

Score: 93/100 MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 2.0.00 - Missing Authorization Affected: *-2.0.00 Patched: 2.0.25 Updated: July 5, 2026
LOW

fusion-builder

fusion-builder

Score: 93/100 Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure Affected: *-3.11.12 Patched: 3.11.13 Updated: July 5, 2026
LOW

bit-form

bit-form

Score: 93/100 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure Affected: *-2.17.3 Patched: 2.17.4 Updated: July 5, 2026
LOW

booking-calendar

booking-calendar

Score: 91/100 Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection Affected: *-3.2.19 Patched: 3.2.20 Updated: July 5, 2026
LOW

database-backup

database-backup

Score: 93/100 Database Backup and check Tables Automated With Scheduler 2024 <= 2.32 - Authenticated (Admin+) Arbitrary File Read Affected: *-2.32 Patched: 2.33 Updated: July 5, 2026
LOW

content-no-cache

content-no-cache

Score: 93/100 Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure Affected: *-0.1.2 Patched: 0.1.3 Updated: July 5, 2026
LOW

wp-datepicker

wp-datepicker

Score: N/A WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting Affected: *-2.1.4 Patched: 2.1.5 Updated: July 5, 2026
LOW

bitcoin-lightning-publisher

bitcoin-lightning-publisher

Score: 93/100 Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting Affected: *-1.4.1 Patched: 1.4.2 Updated: July 5, 2026
LOW

optio-dentistry

optio-dentistry

Score: 93/100 Optio Dentistry <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1 Patched: 2.2 Updated: July 5, 2026
LOW

wp-appbox

wp-appbox

Score: N/A WP-Appbox <= 4.5.3 - Reflected Cross-Site Scripting Affected: *-4.5.3 Patched: 4.5.4 Updated: July 5, 2026
LOW

wordpress-simple-paypal-shopping-cart

wordpress-simple-paypal-shopping-cart

Score: N/A WordPress Simple Shopping Cart <= 5.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.0.7 Patched: 5.0.8 Updated: July 5, 2026
LOW

woocommerce-delivery-notes

woocommerce-delivery-notes

Score: N/A Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion Affected: *-5.4.0 Patched: 5.4.1 Updated: July 5, 2026
LOW

wc-price-history

wc-price-history

Score: N/A WC Price History for Omnibus <= 2.1.3 - Missing Authorization Affected: *-2.1.3 Patched: 2.1.4 Updated: July 5, 2026
LOW

tracking-code-manager

tracking-code-manager

Score: N/A Tracking Code Manager <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.0 Patched: 2.4.0 Updated: July 5, 2026
LOW

shmapper-by-teplitsa

shmapper-by-teplitsa

Score: N/A shMapper by Teplitsa <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.18 Patched: 1.5.0 Updated: July 5, 2026
LOW

responsive-block-editor-addons

responsive-block-editor-addons

Score: N/A Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.7 Patched: 1.9.8 Updated: July 5, 2026
LOW

plugversions

plugversions

Score: 93/100 PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation Affected: *-0.0.7 Patched: 0.0.8 Updated: July 5, 2026
LOW

ninjateam-telegram

ninjateam-telegram

Score: 93/100 NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: 1.1 Updated: July 5, 2026
LOW

login-page-styler

login-page-styler

Score: 93/100 ALL In One Custom Login Page <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+)Privilege Escalation Affected: *-7.1.1 Patched: 7.1.2 Updated: July 5, 2026
LOW

loan-comparison

loan-comparison

Score: 93/100 Loan Comparison <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: 2.0.1 Updated: July 5, 2026
LOW

export-customers-data

export-customers-data

Score: 93/100 Export Customers Data <= 1.2.3 - Reflected Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: July 5, 2026
LOW

elex-woocommerce-dynamic-pricing-and-discounts

elex-woocommerce-dynamic-pricing-and-discounts

Score: 93/100 ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization Affected: *-2.1.7 Patched: 2.1.8 Updated: July 5, 2026
LOW

directorypress

directorypress

Score: 93/100 DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.6.16 Patched: 3.6.17 Updated: July 5, 2026
LOW

bookingpress-appointment-booking

bookingpress-appointment-booking

Score: 93/100 BookingPress <= 1.1.22 - Unauthenticated File Export Download Affected: *-1.1.22 Patched: 1.1.23 Updated: July 5, 2026
LOW

bookingpress-appointment-booking

bookingpress-appointment-booking

Score: 93/100 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection Affected: *-1.1.21 Patched: 1.1.22 Updated: July 5, 2026
LOW

ai-content

ai-content

Score: 97/100 Text Prompter – Unlimited chatgpt text prompts for openai tasks <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: July 5, 2026
LOW

Advanced Google reCAPTCHA

advanced-google-recaptcha

Score: 89/100 Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock Affected: *-1.25 Patched: 1.26 Updated: July 5, 2026
LOW

advanced-floating-content

advanced-floating-content

Score: 97/100 Advanced Floating Content <= 3.8.2 - Authenticated (Subscriber+) SQL Injection Affected: *-3.8.2 Patched: 3.8.3 Updated: July 5, 2026
LOW

header-footer-elementor

header-footer-elementor

Score: 93/100 Elementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title Widget Affected: *-1.6.46 Patched: 1.6.47 Updated: July 5, 2026
LOW

wp-mailster

wp-mailster

Score: N/A WP Mailster <= 1.8.17.0 - Reflected Cross-Site Scripting Affected: *-1.8.17.0 Patched: 1.8.18.0 Updated: July 5, 2026
LOW

sprout-invoices

sprout-invoices

Score: N/A Client Invoicing by Sprout Invoices – Easy Estimates and Invoices <= 20.8.1 - Missing Authorization Affected: *-20.8.1 Patched: 20.8.2 Updated: July 5, 2026
LOW

picu

picu

Score: 93/100 picu – Online Photo Proofing Gallery <= 2.4.0 - Missing Authorization Affected: *-2.4.0 Patched: 2.4.1 Updated: July 5, 2026
LOW

bdthemes-element-pack-lite

bdthemes-element-pack-lite

Score: 93/100 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization Affected: *-5.10.12 Patched: 5.10.13 Updated: July 5, 2026
LOW

customize-my-account-for-woocommerce

customize-my-account-for-woocommerce

Score: 93/100 SysBasics Customize My Account for WooCommerce <= 2.8.22 - Reflected Cross-Site Scripting Affected: *-2.8.22 Patched: 2.9.0 Updated: July 5, 2026
LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings Affected: *-3.25.9 Patched: 3.25.10 Updated: July 5, 2026
LOW

wp-base-booking-of-appointments-services-and-events

wp-base-booking-of-appointments-services-and-events

Score: N/A WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db Affected: *-4.9.2 Patched: 5.0.0 Updated: July 5, 2026
LOW

latex2html

latex2html

Score: 93/100 LaTeX2HTML <= 2.5.5 - Reflected Cross-Site Scripting Affected: *-2.5.5 Patched: 2.6.0 Updated: July 5, 2026
LOW

acf-frontend-form-element

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.25.1 - Unauthenticated SQL Injection Affected: *-3.25.1 Patched: 3.25.2 Updated: July 5, 2026
LOW

auxin-elements

auxin-elements

Score: 89/100 Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget Affected: *-2.17.2 Patched: 2.17.3 Updated: July 5, 2026
LOW

auxin-elements

auxin-elements

Score: 89/100 Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes Affected: *-2.17.0 Patched: 2.17.1 Updated: July 5, 2026
LOW

full-screen-menu-for-elementor

full-screen-menu-for-elementor

Score: 91/100 Full Screen Menu for Elementor <= 1.0.7 - Authenticated (Contributor+) Post Disclosure Affected: *-1.0.7 Patched: Updated: July 5, 2026
LOW

pingmeter-uptime-monitoring

pingmeter-uptime-monitoring

Score: 91/100 Pingmeter Uptime Monitoring <= 1.0.3 - Reflected Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: July 5, 2026
LOW

Custom Product tabs for WooCommerce

wb-custom-product-tabs-for-woocommerce

Score: 94/100 Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection Affected: *-1.2.4 Patched: 1.2.5 Updated: July 5, 2026
LOW

real-kit

real-kit

Score: N/A real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.1.1 Patched: Updated: July 5, 2026
LOW

One Click Upsell Funnel for Woocommerce

woo-one-click-upsell-funnel

Score: N/A One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode Affected: *-3.4.9 Patched: 3.4.10 Updated: July 5, 2026
LOW

ebook-store

ebook-store

Score: 93/100 Ebook Store <= 5.8001 - Reflected Cross-Site Scripting Affected: *-5.8001 Patched: 5.8002 Updated: July 5, 2026
LOW

ebook-store

ebook-store

Score: 93/100 Ebook Store <= 5.8001 - Reflected Cross-Site Scripting via 'step' Affected: *-5.8001 Patched: 5.8002 Updated: July 5, 2026
LOW

reactflow-session-replay-heatmap

reactflow-session-replay-heatmap

Score: N/A Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Reflected Cross-Site Scripting Affected: *-1.0.10 Patched: Updated: July 5, 2026
LOW

multi-column-tag-map

multi-column-tag-map

Score: 91/100 Multi-column Tag Map <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode Affected: *-17.0.33 Patched: 17.0.34 Updated: July 5, 2026
LOW

smsa-shipping-official

smsa-shipping-official

Score: N/A SMSA Shipping(official) <= 2.3 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-2.3 Patched: 2.4 Updated: July 5, 2026
LOW

gwebpro-store-locator

gwebpro-store-locator

Score: 89/100 G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 5, 2026
LOW

kk-star-ratings

kk-star-ratings

Score: 93/100 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution Affected: *-5.4.10 Patched: 5.4.10.2 Updated: July 5, 2026
LOW

push-notification-by-feedify

push-notification-by-feedify

Score: N/A Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting Affected: *-2.4.2 Patched: 2.4.3 Updated: July 5, 2026
LOW

wp-migrate-2-aws

wp-migrate-2-aws

Score: N/A WP on AWS <= 5.2.1 - Reflected Cross-Site Scripting Affected: *-5.2.1 Patched: 5.2.2 Updated: July 5, 2026
LOW

wp-docs

wp-docs

Score: N/A WP Docs <= 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection via 'dir_id' Affected: *-2.2.0 Patched: 2.2.1 Updated: July 5, 2026
LOW

magicpost

magicpost

Score: 93/100 MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode Affected: *-1.2.1 Patched: 1.2.2 Updated: July 5, 2026
LOW

LiteSpeed Cache

litespeed-cache

Score: 69/100 LiteSpeed Cache <= 6.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.5.2 Patched: 6.5.3 Updated: July 5, 2026
LOW

ecommerce-product-catalog

ecommerce-product-catalog

Score: 93/100 eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset Affected: *-3.3.43 Patched: 3.3.44 Updated: July 5, 2026
LOW

contact-form-master

contact-form-master

Score: 91/100 Contact Form Master <= 1.0.7 - Reflected Cross-Site Scripting Affected: *-1.0.7 Patched: Updated: July 5, 2026
LOW

isee-products-extractor

isee-products-extractor

Score: 93/100 isee-products-extractor <= 2.1.3 - Reflected Cross-Site Scripting Affected: *-2.1.3 Patched: 2.1.4 Updated: July 5, 2026
LOW

category-post-slider

category-post-slider

Score: 91/100 Category Post Slider <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

maintenance-coming-soon-redirect-animation

maintenance-coming-soon-redirect-animation

Score: 91/100 Maintenance & Coming Soon Redirect Animation <= 2.1.3 - Missing Authorization to Settings Update Affected: *-2.1.3 Patched: 2.3.0 Updated: July 5, 2026
LOW

spoki

spoki

Score: N/A Spoki – Chat Buttons and WooCommerce Notifications <= 2.15.15 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.15.15 Patched: 2.15.16 Updated: July 5, 2026
LOW

nacc-wordpress-plugin

nacc-wordpress-plugin

Score: 93/100 NACC WordPress Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.0 Patched: 4.2.0 Updated: July 5, 2026
LOW

outdooractive-embed

outdooractive-embed

Score: 93/100 Outdooractive Embed <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5 Patched: 1.6 Updated: July 5, 2026
LOW

wp-shapes

wp-shapes

Score: N/A WP SHAPES <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: 1.0.0 Patched: Updated: July 5, 2026
LOW

ticketsource-events

ticketsource-events

Score: N/A Sell Tickets Online – TicketSource Ticket Shop for WordPress <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.2 Patched: 3.1.0 Updated: July 5, 2026
LOW

embed-twine

embed-twine

Score: 91/100 Embed Twine <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.0 Patched: Updated: July 5, 2026
LOW

particle-background

particle-background

Score: 91/100 Particle Background <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

finance-calculator-with-application-form

finance-calculator-with-application-form

Score: 91/100 Financial Calculator <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: July 5, 2026
LOW

wtyczka-seopilot-dla-wp

wtyczka-seopilot-dla-wp

Score: N/A Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.3.091 Patched: Updated: July 5, 2026
LOW

spotlightr

spotlightr

Score: N/A Spotlightr <= 0.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.11 Patched: 0.1.12 Updated: July 5, 2026
LOW

pcrecruiter-extensions

pcrecruiter-extensions

Score: 93/100 PCRecruiter Extensions <= 1.4.22 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.22 Patched: 1.4.23 Updated: July 5, 2026
LOW

wpmozo-addons-lite-for-elementor

wpmozo-addons-lite-for-elementor

Score: N/A WPMozo Addons Lite for Elementor <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.3.0 Updated: July 5, 2026
LOW

wp-nice-loader

wp-nice-loader

Score: N/A WP Nice Loader <= 0.1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.1.0.4 Patched: Updated: July 5, 2026
LOW

wp-event-solution

wp-event-solution

Score: N/A Eventin <= 4.0.7 - Authenticated (Contributor+) Local File Inclusion Affected: *-4.0.7 Patched: 4.0.9 Updated: July 5, 2026
LOW

woocommerce-pdf-vouchers

woocommerce-pdf-vouchers

Score: N/A WooCommerce PDF Vouchers < 4.9.9 - Reflected Cross-Site Scripting Affected: [*, 4.9.9) Patched: 4.9.9 Updated: July 5, 2026
LOW

wish-list-for-woocommerce

wish-list-for-woocommerce

Score: N/A Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.2 - Reflected Cross-Site Scripting Affected: *-3.1.2 Patched: 3.1.3 Updated: July 5, 2026
LOW

widget-options

widget-options

Score: N/A Widget Options <= 4.0.6.1 - Missing Authorization Affected: *-4.0.6.1 Patched: 4.0.8 Updated: July 5, 2026
LOW

userpro

userpro

Score: N/A Userpro <= 5.1.9 - Reflected Cross-Site Scripting Affected: *-5.1.9 Patched: Updated: July 5, 2026
LOW

userpro

userpro

Score: N/A Userpro <= 5.1.9 - Unauthenticated Local File Inclusion Affected: *-5.1.9 Patched: Updated: July 5, 2026
LOW

userpro

userpro

Score: N/A Userpro <= 5.1.9 - Missing Authorization Affected: *-5.1.9 Patched: Updated: July 5, 2026
LOW

userpro

userpro

Score: N/A Userpro <= 5.1.9 - Authenticated (Contributor+) SQL Injection Affected: *-5.1.9 Patched: Updated: July 5, 2026
LOW

ultimate-store-kit

ultimate-store-kit

Score: N/A Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.3.0 - Missing Authorization Affected: *-2.3.0 Patched: 2.3.1 Updated: July 5, 2026
LOW

themify-builder

themify-builder

Score: N/A Themify Builder <= 7.6.3 - Authenticated (Contributor+) Local File Inclusion Affected: *-7.6.3 Patched: 7.6.5 Updated: July 5, 2026

Showing 14101 to 14200 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 11:56 UTC.