Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

88

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
store-locator store-locator N/A Store Locator <= 3.98.10 - Unauthenticated Local File Inclusion LOW 3.98.9 July 5, 2026
ssl-wireless-sms-notification ssl-wireless-sms-notification N/A SSL Wireless SMS Notification <= 3.6.0 - Unauthenticated Privilege Escalation LOW *-3.6.0 3.7.0 July 5, 2026
shipment-tracker-for-woocommerce shipment-tracker-for-woocommerce N/A Shipment Tracker for Woocommerce <= 1.4.23 - Reflected Cross-Site Scripting LOW *-1.4.23 1.4.23.1 July 5, 2026
seraphinite-accelerator-ext seraphinite-accelerator-ext N/A Seraphinite Accelerator <= 2.22.15 (2.21.13 PRO) - Authenticated (Subscriber+) Information Exposure LOW *-2.21.13 2.22.16 July 5, 2026
Seraphinite Accelerator seraphinite-accelerator
82
Seraphinite Accelerator <= 2.22.15 (2.21.13 PRO) - Authenticated (Subscriber+) Information Exposure LOW *-2.22.15 2.22.16 July 5, 2026
searchiq searchiq N/A SearchIQ <= 4.6 - Cross-Site Request Forgery LOW *-4.6 4.7 July 5, 2026
saaspricing saaspricing N/A SaasPricing <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.4 1.2.5 July 5, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.7.1001 - Reflected Cross-Site Scripting LOW *-1.7.1001 1.7.1002 July 5, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.7.1001 - Missing Authorization LOW *-1.7.1001 1.7.1002 July 5, 2026
pta-member-directory pta-member-directory N/A Member Directory and Contact Form <= 1.7.0 - Missing Authorization LOW *-1.7.0 1.8.0 July 5, 2026
premium-addons-for-elementor premium-addons-for-elementor N/A Premium Addons for Elementor <= 4.10.56 - Missing Authorization LOW *-4.10.56 4.10.57 July 5, 2026
postlists postlists N/A PostLists <= 2.0.2 - Reflected Cross-Site Scripting LOW *-2.0.2 July 5, 2026
pkt1-centro-de-envios pkt1-centro-de-envios
93
PKT1 Centro de envios <= 1.2.1 - Reflected Cross-Site Scripting LOW *-1.2.1 1.2.2 July 5, 2026
page-and-post-restriction page-and-post-restriction
93
Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-1.3.6 1.3.7 July 5, 2026
ledenbeheer-external-connection ledenbeheer-external-connection
93
Ledenbeheer <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.0 2.1.1 July 5, 2026
kintpv-connect kintpv-connect
93
Kintpv Wooconnect <= 8.129 - Unauthenticated Stored Cross-Site Scripting LOW *-8.129 8.141 July 5, 2026
gulri-slider gulri-slider
93
Gulri Slider <= 3.5.8 - Reflected Cross-Site Scripting LOW *-3.5.8 3.5.9 July 5, 2026
embed-pdf-viewer embed-pdf-viewer
93
Embed PDF Viewer <= 2.3.1 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-2.3.1 2.4.0 July 5, 2026
dynamic-product-categories-design dynamic-product-categories-design
93
Dynamic Product Category Grid, Slider for WooCommerce <= 1.1.3 - Authenticated (Contributor+) Local File Inclusion LOW *-1.1.3 1.1.4 July 5, 2026
Download Manager download-manager
63
Download Manager <= 3.3.03 - Missing Authorization LOW *-3.3.03 3.3.04 July 5, 2026
coupon-lite coupon-lite
91
Coupon <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.1 July 5, 2026
Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension
96
Contact Form 7 Dynamic Text Extension <= 5.0.1 - Cross-Site Request Forgery LOW *-5.0.1 5.0.2 July 5, 2026
codebard-help-desk codebard-help-desk
89
CodeBard Help Desk <= 1.1.1 - Cross-Site Request Forgery LOW *-1.1.1 1.1.2 July 5, 2026
bu-section-editing bu-section-editing
89
BU Section Editing <= 0.9.9 - Reflected Cross-Site Scripting LOW *-0.9.9 July 5, 2026
backlink-monitoring-manager backlink-monitoring-manager
91
Backlink Monitoring Manager <= 0.1.3 - Reflected Cross-Site Scripting LOW *-0.1.3 July 5, 2026
asgard asgard
95
Asgard Security Scanner <= 0.7 - Reflected Cross-Site Scripting LOW *-0.7 July 5, 2026
aklamator-infeed aklamator-infeed
95
Aklamator INfeed <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0.0 July 5, 2026
Download Manager download-manager
63
Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution LOW *-3.3.03 3.3.04 July 5, 2026
Download Manager download-manager
63
Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files LOW *-3.3.03 3.3.04 July 5, 2026
wedevs-project-manager wedevs-project-manager N/A WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API LOW *-2.6.15 2.6.16 July 5, 2026
wayne-audio-player wayne-audio-player N/A Wayne Audio Player <= 1.0 - Cross-Site Request Forgery to Privilege Escalation LOW *-1.0 July 5, 2026
sinking-dropdowns sinking-dropdowns N/A Sinking Dropdowns <= 1.25 - Cross-Site Request Forgery LOW *-1.25 July 5, 2026
simple-dashboard simple-dashboard N/A Simple Dashboard <= 2.0 - Unauthenticated Privilege Escalation LOW *-2.0 July 5, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor royal-elementor-addons N/A Royal Elementor Addons <= 1.3.987 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.987 1.7.1 July 5, 2026
propertyhive propertyhive N/A Property Hive <= 2.1.0 - Reflected Cross-Site Scripting LOW *-2.1.0 2.1.1 July 5, 2026
newsletter-page-redirects newsletter-page-redirects
93
AI Magic <= 1.0.4 - Unauthenticated Privilege Escalation LOW *-1.0.4 1.0.6 July 5, 2026
instantio instantio
93
Instantio <= 3.3.7 - Missing Authorization to Unauthenticated Settings Update LOW *-3.3.7 3.3.8 July 5, 2026
indeed-wp-superbackup indeed-wp-superbackup
93
WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload LOW *-2.3.3 2.4 July 5, 2026
indeed-wp-superbackup indeed-wp-superbackup
93
WP SuperBackup <= 2.3.3 - Reflected Cross-Site Scripting LOW *-2.3.3 2.4 July 5, 2026
indeed-wp-superbackup indeed-wp-superbackup
93
WP SuperBackup <= 2.3.3 - Missing Authorization LOW *-2.3.3 2.4 July 5, 2026
indeed-wp-superbackup indeed-wp-superbackup
93
WP SuperBackup <= 2.3.3 - Authenticated (Subscriber+) PHP Object Injection LOW *-2.3.3 2.4 July 5, 2026
indeed-wp-superbackup indeed-wp-superbackup
93
WP SuperBackup <= 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download LOW *-2.3.3 2.4 July 5, 2026
HTML Forms – Simple WordPress Forms Plugin html-forms
86
HTML Forms <= 1.4.1 - Reflected Cross-Site Scripting LOW *-1.4.1 1.4.2 July 5, 2026
gap-hub-user-role gap-hub-user-role
91
gap-hub-user-role <= 3.4.1 - Cross-Site Request Forgery LOW *-3.4.1 July 5, 2026
File Manager Pro – Filester filester
78
File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation LOW *-1.8.6 1.8.7 July 5, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets essential-addons-for-elementor-lite
85
Essential Addons for Elementor <= 6.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.0.7 6.0.8 July 5, 2026
editionguard-for-woocommerce-ebook-sales-with-drm editionguard-for-woocommerce-ebook-sales-with-drm
89
EditionGuard for WooCommerce – eBook Sales with DRM <= 3.4.2 - Cross-Site Request Forgery to Privilege Escalation LOW *-3.4.2 July 5, 2026
computer-repair-shop computer-repair-shop
93
Computer Repair Shop <= 3.8119 - Authenticated (Customer+) Privilege Esclation via Account Takeover LOW *-3.8119 3.8120 July 5, 2026
button-block button-block
93
Button Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication LOW *-1.1.5 1.1.6 July 5, 2026
broken-link-finder broken-link-finder
93
Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery LOW *-2.5.0 2.5.1 July 5, 2026
automatorwp automatorwp
93
AutomatorWP <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value LOW *-5.0.9 5.1.0 July 5, 2026
auto-iframe auto-iframe
93
Auto iFrame <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9 2.0 July 5, 2026
12-step-meeting-list 12-step-meeting-list
97
12 Step Meeting List <= 3.16.5 - Missing Authorization to Unauthenticated Settings Update LOW *-3.16.5 3.16.6 July 5, 2026
slicewp slicewp N/A Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-1.1.23 1.1.24 July 5, 2026
peters-custom-anti-spam-image peters-custom-anti-spam-image
93
Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function LOW *-3.2.3 3.2.4 July 5, 2026
accept-authorize-net-payments-using-contact-form-7 accept-authorize-net-payments-using-contact-form-7
97
Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure LOW *-2.2 2.3 July 5, 2026
accelerated-mobile-pages accelerated-mobile-pages
97
AMP for WP – Accelerated Mobile Pages <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 1.1.2 July 5, 2026
lifterlms lifterlms
93
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion LOW *-7.8.5 7.8.6 July 5, 2026
easy-waveform-player easy-waveform-player
93
Easy Waveform Player <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.0 1.2.1 July 5, 2026
wplms_plugin wplms_plugin N/A WPLMS < 1.9.9.5.3 - Unauthenticated SQL Injection LOW [*, 1.9.9.5.3) 1.9.9.5.3 July 5, 2026
wpc-shop-as-customer wpc-shop-as-customer N/A WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key LOW *-1.2.8 1.2.9 July 5, 2026
wp-ecommerce-quickpay wp-ecommerce-quickpay N/A WP eCommerce Quickpay <= 1.1.0 - Reflected Cross-Site Scripting LOW *-1.1.0 July 5, 2026
wp-auctions wp-auctions N/A WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-3.7 July 5, 2026
wp-auctions wp-auctions N/A WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) SQL Injection LOW *-3.7 July 5, 2026
vrpconnector vrpconnector N/A VRPConnector <= 2.0.1 - Unauthenticated PHP Object Injection LOW *-2.0.1 July 5, 2026
video-share-vod video-share-vod N/A Video Share VOD – Turnkey Video Site Builder Script <= 2.6.30 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.30 2.6.31 July 5, 2026
vibebp vibebp N/A VibeBP < 1.9.9.5.1 - Authenticated (Subscriber+) SQL Injection LOW [*, 1.9.9.5.1) 1.9.9.5.1 July 5, 2026
vibebp vibebp N/A VibeBP < 1.9.9.7.7 - Unauthenticated SQL Injection LOW [*, 1.9.9.7.7) 1.9.9.7.7 July 5, 2026
vibebp vibebp N/A VibeBP <= 1.9.9.4.1 - Unauthenticated Privilege Escalation LOW *-1.9.9.4.1 1.9.9.5 July 5, 2026
user-referral-free user-referral-free N/A User Referral <= 8.0 - Reflected Cross-Site Scripting LOW *-8.0 July 5, 2026
upload-scanner upload-scanner N/A Upload Scanner <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 5, 2026
taeggie-feed taeggie-feed N/A Taeggie Feed <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.1.9 0.1.10 July 5, 2026
tabs-shortcode tabs-shortcode N/A Tabs Shortcode <= 2.0.2 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode LOW *-2.0.2 July 5, 2026
svegliat-buttons svegliat-buttons N/A SvegliaT Buttons <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.0 July 5, 2026
smart-shopify-product smart-shopify-product N/A Smart Shopify Product <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion LOW *-1.0.2 July 5, 2026
simple-proxy simple-proxy N/A Simple Proxy <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
simple-page-access-restriction simple-page-access-restriction N/A Simple Page Access Restriction <= 1.0.29 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-1.0.29 1.0.30 July 5, 2026
service-updates-for-customers service-updates-for-customers N/A Services updates for customers <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
sendsms sendsms N/A SendSMS <= 1.2.9 - Reflected Cross-Site Scripting LOW *-1.2.9 July 5, 2026
scancircle scancircle N/A ScanCircle <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.2 2.9.3 July 5, 2026
Robo Gallery – Photo & Image Slider robo-gallery N/A Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.2.21 3.2.22 July 5, 2026
preloader-sws preloader-sws N/A Preloader by WordPress Monsters <= 1.2.3 - Reflected Cross-Site Scripting LOW *-1.2.3 July 5, 2026
philantro philantro
93
Philantro – Donations and Donor Management <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.2 5.3 July 5, 2026
partners partners
89
Partners <= 0.2.0 - Unauthenticated PHP Object Injection LOW *-0.2.0 July 5, 2026
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction paid-member-subscriptions
67
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.4 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-2.13.4 2.13.5 July 5, 2026
od-photogallery-plugin od-photogallery-plugin
91
odPhotogallery <= 0.5.3 - Reflected Cross-Site Scripting LOW *-0.5.3 July 5, 2026
lemonade-sna-pinterest-edition lemonade-sna-pinterest-edition
91
Lemonade Social Networks Autoposter Pinterest <= 2.0 - Reflected Cross-Site Scripting LOW *-2.0 July 5, 2026
leads-crm leads-crm
91
Leads CRM <= 2.0.13 - Reflected Cross-Site Scripting LOW *-2.0.13 July 5, 2026
landing-page-cat landing-page-cat
93
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages <= 1.7.7 - Reflected Cross-Site Scripting LOW *-1.7.7 1.7.8 July 5, 2026
inline-footnotes inline-footnotes
91
Inline Footnotes <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3.0 July 5, 2026
fv-descriptions fv-descriptions
93
FV Descriptions <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 1.5 July 5, 2026
form-maker form-maker
93
Form Maker by 10Web <= 1.15.30 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.15.30 1.15.31 July 5, 2026
faqs faqs
89
FAQs <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 5, 2026
events-addon-for-elementor events-addon-for-elementor
93
Events Addon for Elementor <= 2.2.3 - Authenticated (Contributor+) Post Disclosure LOW *-2.2.3 2.2.4 July 5, 2026
easy-language-switcher easy-language-switcher
91
Easy Language Switcher <= 1.0 - Reflected Cross-Site Scripting LOW *-1.0 July 5, 2026
create-custom-dashboard-widget create-custom-dashboard-widget
89
Custom Dashboard Widget <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
contests-from-rewards-fuel contests-from-rewards-fuel
93
Contests by Rewards Fuel <= 2.0.65 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.65 2.0.66 July 5, 2026
computer-repair-shop computer-repair-shop
93
CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation LOW *-3.8120 3.8122 July 5, 2026
collapsing-categories collapsing-categories
93
Collapsing Categories <= 3.0.8 - Unauthenticated SQL Injection LOW *-3.0.8 3.0.9 July 5, 2026
category-posts category-posts
93
Category Posts Widget <= 4.9.17 - Authenticated (Admin+) Stored Cross-Site SCripting LOW *-4.9.17 4.9.18 July 5, 2026
LOW

store-locator

store-locator

Score: N/A Store Locator <= 3.98.10 - Unauthenticated Local File Inclusion Affected: 3.98.9 Patched: Updated: July 5, 2026
LOW

ssl-wireless-sms-notification

ssl-wireless-sms-notification

Score: N/A SSL Wireless SMS Notification <= 3.6.0 - Unauthenticated Privilege Escalation Affected: *-3.6.0 Patched: 3.7.0 Updated: July 5, 2026
LOW

shipment-tracker-for-woocommerce

shipment-tracker-for-woocommerce

Score: N/A Shipment Tracker for Woocommerce <= 1.4.23 - Reflected Cross-Site Scripting Affected: *-1.4.23 Patched: 1.4.23.1 Updated: July 5, 2026
LOW

seraphinite-accelerator-ext

seraphinite-accelerator-ext

Score: N/A Seraphinite Accelerator <= 2.22.15 (2.21.13 PRO) - Authenticated (Subscriber+) Information Exposure Affected: *-2.21.13 Patched: 2.22.16 Updated: July 5, 2026
LOW

Seraphinite Accelerator

seraphinite-accelerator

Score: 82/100 Seraphinite Accelerator <= 2.22.15 (2.21.13 PRO) - Authenticated (Subscriber+) Information Exposure Affected: *-2.22.15 Patched: 2.22.16 Updated: July 5, 2026
LOW

searchiq

searchiq

Score: N/A SearchIQ <= 4.6 - Cross-Site Request Forgery Affected: *-4.6 Patched: 4.7 Updated: July 5, 2026
LOW

saaspricing

saaspricing

Score: N/A SaasPricing <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.4 Patched: 1.2.5 Updated: July 5, 2026
LOW

pta-member-directory

pta-member-directory

Score: N/A Member Directory and Contact Form <= 1.7.0 - Missing Authorization Affected: *-1.7.0 Patched: 1.8.0 Updated: July 5, 2026
LOW

premium-addons-for-elementor

premium-addons-for-elementor

Score: N/A Premium Addons for Elementor <= 4.10.56 - Missing Authorization Affected: *-4.10.56 Patched: 4.10.57 Updated: July 5, 2026
LOW

postlists

postlists

Score: N/A PostLists <= 2.0.2 - Reflected Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: July 5, 2026
LOW

pkt1-centro-de-envios

pkt1-centro-de-envios

Score: 93/100 PKT1 Centro de envios <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: July 5, 2026
LOW

page-and-post-restriction

page-and-post-restriction

Score: 93/100 Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-1.3.6 Patched: 1.3.7 Updated: July 5, 2026
LOW

ledenbeheer-external-connection

ledenbeheer-external-connection

Score: 93/100 Ledenbeheer <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.0 Patched: 2.1.1 Updated: July 5, 2026
LOW

kintpv-connect

kintpv-connect

Score: 93/100 Kintpv Wooconnect <= 8.129 - Unauthenticated Stored Cross-Site Scripting Affected: *-8.129 Patched: 8.141 Updated: July 5, 2026
LOW

gulri-slider

gulri-slider

Score: 93/100 Gulri Slider <= 3.5.8 - Reflected Cross-Site Scripting Affected: *-3.5.8 Patched: 3.5.9 Updated: July 5, 2026
LOW

embed-pdf-viewer

embed-pdf-viewer

Score: 93/100 Embed PDF Viewer <= 2.3.1 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-2.3.1 Patched: 2.4.0 Updated: July 5, 2026
LOW

dynamic-product-categories-design

dynamic-product-categories-design

Score: 93/100 Dynamic Product Category Grid, Slider for WooCommerce <= 1.1.3 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.1.3 Patched: 1.1.4 Updated: July 5, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.03 - Missing Authorization Affected: *-3.3.03 Patched: 3.3.04 Updated: July 5, 2026
LOW

coupon-lite

coupon-lite

Score: 91/100 Coupon <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 5, 2026
LOW

Contact Form 7 – Dynamic Text Extension

contact-form-7-dynamic-text-extension

Score: 96/100 Contact Form 7 Dynamic Text Extension <= 5.0.1 - Cross-Site Request Forgery Affected: *-5.0.1 Patched: 5.0.2 Updated: July 5, 2026
LOW

codebard-help-desk

codebard-help-desk

Score: 89/100 CodeBard Help Desk <= 1.1.1 - Cross-Site Request Forgery Affected: *-1.1.1 Patched: 1.1.2 Updated: July 5, 2026
LOW

bu-section-editing

bu-section-editing

Score: 89/100 BU Section Editing <= 0.9.9 - Reflected Cross-Site Scripting Affected: *-0.9.9 Patched: Updated: July 5, 2026
LOW

backlink-monitoring-manager

backlink-monitoring-manager

Score: 91/100 Backlink Monitoring Manager <= 0.1.3 - Reflected Cross-Site Scripting Affected: *-0.1.3 Patched: Updated: July 5, 2026
LOW

asgard

asgard

Score: 95/100 Asgard Security Scanner <= 0.7 - Reflected Cross-Site Scripting Affected: *-0.7 Patched: Updated: July 5, 2026
LOW

aklamator-infeed

aklamator-infeed

Score: 95/100 Aklamator INfeed <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 5, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution Affected: *-3.3.03 Patched: 3.3.04 Updated: July 5, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files Affected: *-3.3.03 Patched: 3.3.04 Updated: July 5, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API Affected: *-2.6.15 Patched: 2.6.16 Updated: July 5, 2026
LOW

wayne-audio-player

wayne-audio-player

Score: N/A Wayne Audio Player <= 1.0 - Cross-Site Request Forgery to Privilege Escalation Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

sinking-dropdowns

sinking-dropdowns

Score: N/A Sinking Dropdowns <= 1.25 - Cross-Site Request Forgery Affected: *-1.25 Patched: Updated: July 5, 2026
LOW

simple-dashboard

simple-dashboard

Score: N/A Simple Dashboard <= 2.0 - Unauthenticated Privilege Escalation Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

propertyhive

propertyhive

Score: N/A Property Hive <= 2.1.0 - Reflected Cross-Site Scripting Affected: *-2.1.0 Patched: 2.1.1 Updated: July 5, 2026
LOW

newsletter-page-redirects

newsletter-page-redirects

Score: 93/100 AI Magic <= 1.0.4 - Unauthenticated Privilege Escalation Affected: *-1.0.4 Patched: 1.0.6 Updated: July 5, 2026
LOW

instantio

instantio

Score: 93/100 Instantio <= 3.3.7 - Missing Authorization to Unauthenticated Settings Update Affected: *-3.3.7 Patched: 3.3.8 Updated: July 5, 2026
LOW

indeed-wp-superbackup

indeed-wp-superbackup

Score: 93/100 WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload Affected: *-2.3.3 Patched: 2.4 Updated: July 5, 2026
LOW

indeed-wp-superbackup

indeed-wp-superbackup

Score: 93/100 WP SuperBackup <= 2.3.3 - Reflected Cross-Site Scripting Affected: *-2.3.3 Patched: 2.4 Updated: July 5, 2026
LOW

indeed-wp-superbackup

indeed-wp-superbackup

Score: 93/100 WP SuperBackup <= 2.3.3 - Missing Authorization Affected: *-2.3.3 Patched: 2.4 Updated: July 5, 2026
LOW

indeed-wp-superbackup

indeed-wp-superbackup

Score: 93/100 WP SuperBackup <= 2.3.3 - Authenticated (Subscriber+) PHP Object Injection Affected: *-2.3.3 Patched: 2.4 Updated: July 5, 2026
LOW

indeed-wp-superbackup

indeed-wp-superbackup

Score: 93/100 WP SuperBackup <= 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download Affected: *-2.3.3 Patched: 2.4 Updated: July 5, 2026
LOW

gap-hub-user-role

gap-hub-user-role

Score: 91/100 gap-hub-user-role <= 3.4.1 - Cross-Site Request Forgery Affected: *-3.4.1 Patched: Updated: July 5, 2026
LOW

File Manager Pro – Filester

filester

Score: 78/100 File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation Affected: *-1.8.6 Patched: 1.8.7 Updated: July 5, 2026
LOW

editionguard-for-woocommerce-ebook-sales-with-drm

editionguard-for-woocommerce-ebook-sales-with-drm

Score: 89/100 EditionGuard for WooCommerce – eBook Sales with DRM <= 3.4.2 - Cross-Site Request Forgery to Privilege Escalation Affected: *-3.4.2 Patched: Updated: July 5, 2026
LOW

computer-repair-shop

computer-repair-shop

Score: 93/100 Computer Repair Shop <= 3.8119 - Authenticated (Customer+) Privilege Esclation via Account Takeover Affected: *-3.8119 Patched: 3.8120 Updated: July 5, 2026
LOW

button-block

button-block

Score: 93/100 Button Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication Affected: *-1.1.5 Patched: 1.1.6 Updated: July 5, 2026
LOW

broken-link-finder

broken-link-finder

Score: 93/100 Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery Affected: *-2.5.0 Patched: 2.5.1 Updated: July 5, 2026
LOW

automatorwp

automatorwp

Score: 93/100 AutomatorWP <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value Affected: *-5.0.9 Patched: 5.1.0 Updated: July 5, 2026
LOW

auto-iframe

auto-iframe

Score: 93/100 Auto iFrame <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9 Patched: 2.0 Updated: July 5, 2026
LOW

12-step-meeting-list

12-step-meeting-list

Score: 97/100 12 Step Meeting List <= 3.16.5 - Missing Authorization to Unauthenticated Settings Update Affected: *-3.16.5 Patched: 3.16.6 Updated: July 5, 2026
LOW

slicewp

slicewp

Score: N/A Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-1.1.23 Patched: 1.1.24 Updated: July 5, 2026
LOW

peters-custom-anti-spam-image

peters-custom-anti-spam-image

Score: 93/100 Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function Affected: *-3.2.3 Patched: 3.2.4 Updated: July 5, 2026
LOW

accept-authorize-net-payments-using-contact-form-7

accept-authorize-net-payments-using-contact-form-7

Score: 97/100 Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure Affected: *-2.2 Patched: 2.3 Updated: July 5, 2026
LOW

accelerated-mobile-pages

accelerated-mobile-pages

Score: 97/100 AMP for WP – Accelerated Mobile Pages <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.2 Updated: July 5, 2026
LOW

lifterlms

lifterlms

Score: 93/100 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion Affected: *-7.8.5 Patched: 7.8.6 Updated: July 5, 2026
LOW

easy-waveform-player

easy-waveform-player

Score: 93/100 Easy Waveform Player <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.1 Updated: July 5, 2026
LOW

wplms_plugin

wplms_plugin

Score: N/A WPLMS < 1.9.9.5.3 - Unauthenticated SQL Injection Affected: [*, 1.9.9.5.3) Patched: 1.9.9.5.3 Updated: July 5, 2026
LOW

wpc-shop-as-customer

wpc-shop-as-customer

Score: N/A WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key Affected: *-1.2.8 Patched: 1.2.9 Updated: July 5, 2026
LOW

wp-ecommerce-quickpay

wp-ecommerce-quickpay

Score: N/A WP eCommerce Quickpay <= 1.1.0 - Reflected Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

wp-auctions

wp-auctions

Score: N/A WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.7 Patched: Updated: July 5, 2026
LOW

wp-auctions

wp-auctions

Score: N/A WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) SQL Injection Affected: *-3.7 Patched: Updated: July 5, 2026
LOW

vrpconnector

vrpconnector

Score: N/A VRPConnector <= 2.0.1 - Unauthenticated PHP Object Injection Affected: *-2.0.1 Patched: Updated: July 5, 2026
LOW

video-share-vod

video-share-vod

Score: N/A Video Share VOD – Turnkey Video Site Builder Script <= 2.6.30 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.30 Patched: 2.6.31 Updated: July 5, 2026
LOW

vibebp

vibebp

Score: N/A VibeBP < 1.9.9.5.1 - Authenticated (Subscriber+) SQL Injection Affected: [*, 1.9.9.5.1) Patched: 1.9.9.5.1 Updated: July 5, 2026
LOW

vibebp

vibebp

Score: N/A VibeBP < 1.9.9.7.7 - Unauthenticated SQL Injection Affected: [*, 1.9.9.7.7) Patched: 1.9.9.7.7 Updated: July 5, 2026
LOW

vibebp

vibebp

Score: N/A VibeBP <= 1.9.9.4.1 - Unauthenticated Privilege Escalation Affected: *-1.9.9.4.1 Patched: 1.9.9.5 Updated: July 5, 2026
LOW

user-referral-free

user-referral-free

Score: N/A User Referral <= 8.0 - Reflected Cross-Site Scripting Affected: *-8.0 Patched: Updated: July 5, 2026
LOW

upload-scanner

upload-scanner

Score: N/A Upload Scanner <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

taeggie-feed

taeggie-feed

Score: N/A Taeggie Feed <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.9 Patched: 0.1.10 Updated: July 5, 2026
LOW

tabs-shortcode

tabs-shortcode

Score: N/A Tabs Shortcode <= 2.0.2 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Affected: *-2.0.2 Patched: Updated: July 5, 2026
LOW

svegliat-buttons

svegliat-buttons

Score: N/A SvegliaT Buttons <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: July 5, 2026
LOW

smart-shopify-product

smart-shopify-product

Score: N/A Smart Shopify Product <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

simple-proxy

simple-proxy

Score: N/A Simple Proxy <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

simple-page-access-restriction

simple-page-access-restriction

Score: N/A Simple Page Access Restriction <= 1.0.29 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-1.0.29 Patched: 1.0.30 Updated: July 5, 2026
LOW

service-updates-for-customers

service-updates-for-customers

Score: N/A Services updates for customers <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

sendsms

sendsms

Score: N/A SendSMS <= 1.2.9 - Reflected Cross-Site Scripting Affected: *-1.2.9 Patched: Updated: July 5, 2026
LOW

scancircle

scancircle

Score: N/A ScanCircle <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.2 Patched: 2.9.3 Updated: July 5, 2026
LOW

Robo Gallery – Photo & Image Slider

robo-gallery

Score: N/A Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.2.21 Patched: 3.2.22 Updated: July 5, 2026
LOW

preloader-sws

preloader-sws

Score: N/A Preloader by WordPress Monsters <= 1.2.3 - Reflected Cross-Site Scripting Affected: *-1.2.3 Patched: Updated: July 5, 2026
LOW

philantro

philantro

Score: 93/100 Philantro – Donations and Donor Management <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.2 Patched: 5.3 Updated: July 5, 2026
LOW

partners

partners

Score: 89/100 Partners <= 0.2.0 - Unauthenticated PHP Object Injection Affected: *-0.2.0 Patched: Updated: July 5, 2026
LOW

od-photogallery-plugin

od-photogallery-plugin

Score: 91/100 odPhotogallery <= 0.5.3 - Reflected Cross-Site Scripting Affected: *-0.5.3 Patched: Updated: July 5, 2026
LOW

lemonade-sna-pinterest-edition

lemonade-sna-pinterest-edition

Score: 91/100 Lemonade Social Networks Autoposter Pinterest <= 2.0 - Reflected Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

leads-crm

leads-crm

Score: 91/100 Leads CRM <= 2.0.13 - Reflected Cross-Site Scripting Affected: *-2.0.13 Patched: Updated: July 5, 2026
LOW

landing-page-cat

landing-page-cat

Score: 93/100 Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages <= 1.7.7 - Reflected Cross-Site Scripting Affected: *-1.7.7 Patched: 1.7.8 Updated: July 5, 2026
LOW

inline-footnotes

inline-footnotes

Score: 91/100 Inline Footnotes <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.0 Patched: Updated: July 5, 2026
LOW

fv-descriptions

fv-descriptions

Score: 93/100 FV Descriptions <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: July 5, 2026
LOW

form-maker

form-maker

Score: 93/100 Form Maker by 10Web <= 1.15.30 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.15.30 Patched: 1.15.31 Updated: July 5, 2026
LOW

faqs

faqs

Score: 89/100 FAQs <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

events-addon-for-elementor

events-addon-for-elementor

Score: 93/100 Events Addon for Elementor <= 2.2.3 - Authenticated (Contributor+) Post Disclosure Affected: *-2.2.3 Patched: 2.2.4 Updated: July 5, 2026
LOW

easy-language-switcher

easy-language-switcher

Score: 91/100 Easy Language Switcher <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

create-custom-dashboard-widget

create-custom-dashboard-widget

Score: 89/100 Custom Dashboard Widget <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

contests-from-rewards-fuel

contests-from-rewards-fuel

Score: 93/100 Contests by Rewards Fuel <= 2.0.65 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.65 Patched: 2.0.66 Updated: July 5, 2026
LOW

computer-repair-shop

computer-repair-shop

Score: 93/100 CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation Affected: *-3.8120 Patched: 3.8122 Updated: July 5, 2026
LOW

collapsing-categories

collapsing-categories

Score: 93/100 Collapsing Categories <= 3.0.8 - Unauthenticated SQL Injection Affected: *-3.0.8 Patched: 3.0.9 Updated: July 5, 2026
LOW

category-posts

category-posts

Score: 93/100 Category Posts Widget <= 4.9.17 - Authenticated (Admin+) Stored Cross-Site SCripting Affected: *-4.9.17 Patched: 4.9.18 Updated: July 5, 2026

Showing 14201 to 14300 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 12:55 UTC.