Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

97

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
category-post-shortcode category-post-shortcode
91
Category Post Shortcode <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4 July 5, 2026
bu-section-editing bu-section-editing
89
BU Section Editing <= 0.9.9 - Reflected Cross-Site Scripting LOW *-0.9.9 July 5, 2026
biagiotti-membership biagiotti-membership
93
Biagiotti Membership <= 1.0.2 - Authentication Bypass via biagiotti_membership_check_facebook_user LOW *-1.0.2 1.1 July 5, 2026
animation-addons-for-elementor animation-addons-for-elementor
95
Animation Addons for Elementor <= 1.1.6 - Authenticated (Contributor+) Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template LOW *-1.1.6 1.1.7 July 5, 2026
agency-toolkit agency-toolkit
97
Agency Toolkit <= 1.0.23 - Missing Authorization to Unauthenticated Arbitrary Options Update LOW *-1.0.23 1.0.24 July 5, 2026
adwork-media-ez-content-locker adwork-media-ez-content-locker
95
AdWork Media EZ Content Locker <= 3.0 - Reflected Cross-Site Scripting LOW *-3.0 July 5, 2026
10centmail-subscription-management-and-analytics 10centmail-subscription-management-and-analytics
95
10CentMail <= 2.1.50 - Reflected Cross-Site Scripting LOW *-2.1.50 July 5, 2026
wp-base-booking-of-appointments-services-and-events wp-base-booking-of-appointments-services-and-events N/A WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter LOW *-4.9.1 4.9.2 July 5, 2026
sikshya sikshya N/A Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter LOW *-0.0.21 0.0.22 July 5, 2026
EventPrime – Events Calendar, Bookings and Tickets eventprime-event-calendar-management
74
EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name LOW *-4.0.7.3 4.0.7.4 July 5, 2026
user-role-editor user-role-editor N/A User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation LOW *-4.64.3 4.64.4 July 5, 2026
wc-sms wc-sms N/A SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-2.8.1 2.8.1.1 July 5, 2026
stop-registration-spam stop-registration-spam N/A Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.23 1.24 July 5, 2026
wp-all-import-pro wp-all-import-pro N/A WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import LOW *-4.9.3 4.9.4 July 5, 2026
powerpack-addon-for-beaver-builder powerpack-addon-for-beaver-builder N/A PowerPack Lite for Beaver Builder <= 1.3.0.5 - Reflected Cross-Site Scripting via Navigate Parameter LOW *-1.3.0.5 1.3.1 July 5, 2026
slope-widgets slope-widgets N/A Slope Widgets <= 4.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.2.12 4.2.13 July 5, 2026
animated-counters animated-counters
95
Animated Counters <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0 July 5, 2026
tpg-get-posts tpg-get-posts N/A TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.6.5 July 5, 2026
portfolio-pro portfolio-pro
91
Portfolio – Filterable Masonry Portfolio Gallery for Professionals <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2 July 5, 2026
support-x support-x N/A CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.6 1.1.7 July 5, 2026
wp-menu-image wp-menu-image N/A WP Menu Image <= 2.2 - Missing Authorization to Unauthenticated Menu Image Deletion LOW *-2.2 2.3 July 5, 2026
woo-additional-fees-on-checkout-wordpress woo-additional-fees-on-checkout-wordpress N/A WooCommerce Additional Fees On Checkout (Free) <= 1.4.7 - Reflected Cross-Site Scripting via 'number' LOW *-1.4.7 1.4.8 July 5, 2026
tourmaster tourmaster N/A Tour Master - Tour Booking, Travel, Hotel < 5.3.4 - Unauthenticated Stored Cross-Site Scripting via Room Booking LOW [*, 5.3.4) 5.3.4 July 5, 2026
tidy-up tidy-up N/A Tidy Up <= 1.3 - Cross-Site Request Forgery LOW *-1.3 July 5, 2026
saoshyant-element saoshyant-element N/A Saoshyant Element <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 5, 2026
s2member s2member N/A s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241114 - Authenticated (Contributor+) Sensitive Information Exposure LOW *-241114 241216 July 5, 2026
pods pods
93
Pods – Custom Content Types and Fields <= 3.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.2.8 3.2.8.1 July 5, 2026
password-protect-page password-protect-page
93
PPWP – Password Protect Pages <= 1.9.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-1.9.5 1.9.6 July 5, 2026
memberful-wp memberful-wp
93
Memberful <= 1.73.9 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-1.73.9 1.74.0 July 5, 2026
image-mapper image-mapper
91
Image Mapper <= 0.2.5.3 - Reflected Cross-Site Scripting LOW *-0.2.5.3 July 5, 2026
icegram icegram
93
Icegram Engage <= 3.1.31 - Authenticated (Author+) Stored Cross-Site Scripting LOW *-3.1.31 3.1.32 July 5, 2026
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress email-subscribers
65
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce <= 5.7.43 - Authenticated (Admin+) SQL Injection LOW *-5.7.43 5.7.44 July 5, 2026
element-ready-lite element-ready-lite
93
ElementsReady Addons for Elementor <= 6.4.8 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates LOW *-6.4.8 6.4.9 July 5, 2026
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
78
Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass LOW 3.1-3.3.4 3.3.5 July 5, 2026
Calculated Fields Form calculated-fields-form
70
Calculated Fields Form <= 5.2.63 - Denial of Service LOW *-5.2.63 5.2.64 July 5, 2026
poll-maker poll-maker
93
Poll Maker <= 5.5.0 - Missing Authorization LOW *-5.5.0 5.5.1 July 5, 2026
yds-support-ticket-system yds-support-ticket-system N/A YDS Support Ticket System <= 1.0 - Authenticated (Subscriber+) SQL Injection LOW *-1.0 July 5, 2026
xml-multilanguage-sitemap-generator xml-multilanguage-sitemap-generator N/A XML Multilanguage Sitemap Generator <= 2.0.6 - Missing Authorization LOW *-2.0.6 July 5, 2026
wr-age-verification wr-age-verification N/A Wr Age Verification <= 2.0.0 - Authenticated (Subscriber+) SQL Injection LOW *-2.0.0 July 5, 2026
wr-age-verification wr-age-verification N/A Wr Age Verification <= 2.0.0 - Unauthenticated SQL Injection LOW *-2.0.0 July 5, 2026
wp-crm-system wp-crm-system N/A WordPress CRM Plugin – WP-CRM System <= 3.2.9.1 - Missing Authorization LOW *-3.2.9.1 3.4.0 July 5, 2026
wovax-idx wovax-idx N/A Wovax IDX <= 1.2.2 - Missing Authorization to Privilege Escalation LOW *-1.2.2 July 5, 2026
woocommerce-product-payments woocommerce-product-payments N/A Dreamfox Media Payment gateway per Product for Woocommerce <= 3.5.8 - Missing Authorization LOW *-3.5.8 3.5.9 July 5, 2026
woocommerce-basic-ordernumbers woocommerce-basic-ordernumbers N/A WooCommerce Basic Ordernumbers <= 1.4.4 - Missing Authorization LOW *-1.4.4 July 5, 2026
utech-world-time-for-wp utech-world-time-for-wp N/A Utech World Time <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
tsb-occasion-editor tsb-occasion-editor N/A TSB Occasion Editor <= 1.2.1 - Authenticated (Subscriber+) SQL Injection LOW *-1.2.1 July 5, 2026
torod torod N/A Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.7 - Missing Authorization to Unauthenticated Plugin Settings Update LOW *-1.7 1.8 July 5, 2026
stripe-manager stripe-manager N/A WP Simple Pay Lite Manager <= 1.4 - Authenticated (Administrator+) SQL Injection LOW *-1.4 July 5, 2026
spreadr-for-woocomerce spreadr-for-woocomerce N/A Spreadr Woocommerce <= 1.0.4 - Missing Authorization LOW *-1.0.4 1.0.5 July 5, 2026
spreadr-for-woocomerce spreadr-for-woocomerce N/A Spreadr Woocommerce <= 1.0.4 - Missing Authorization to Arbitrary Content Deletion LOW *-1.0.4 1.0.5 July 5, 2026
service service N/A Service <= 1.0.4 - Authenticated (Subscriber+) SQL Injection LOW *-1.0.4 July 5, 2026
saksh-escrow-system saksh-escrow-system N/A Saksh Escrow System <= 2.4 - Authenticated (Subscriber+) SQL Injection LOW *-2.4 July 5, 2026
rich-web-share-button rich-web-share-button N/A Share Buttons – Social Media <= 1.0.2 - Unauthenticated SQL Injection LOW *-1.0.2 July 5, 2026
responsive-google-maps responsive-google-maps N/A Responsive Google Maps | by imbaa <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.5 1.2.7 July 5, 2026
power-forms-builder power-forms-builder N/A PowerFormBuilder <= 1.0.6 - Authenticated (Subscriber+) SQL Injection LOW *-1.0.6 July 5, 2026
posti-shipping posti-shipping N/A Posti Shipping <= 3.10.3 - Cross-Site Request Forgery LOW *-3.10.3 3.10.4 July 5, 2026
popup-surveys popup-surveys
91
Popup Surveys & Polls for WordPress (Mare.io) <= 1.36 - Missing Authorization LOW *-1.36 July 5, 2026
order-delivery-pickup-location-date-time-free-version order-delivery-pickup-location-date-time-free-version
91
Order Delivery & Pickup Location Date Time ( Free Version ) <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update LOW *-1.1.0 July 5, 2026
navayan-csv-export navayan-csv-export
91
Navayan CSV Export <= 1.0.9 - Unauthenticated SQL Injection LOW *-1.0.9 July 5, 2026
nabz-image-gallery nabz-image-gallery
91
Nabz Image Gallery <= v1.00 - Unauthenticated SQL Injection LOW * - v1.00 July 5, 2026
mightyforms mightyforms
93
Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Missing Authorization LOW *-1.3.9 1.3.10 July 5, 2026
leader leader
91
Leader <= 2.6.1 - Missing Authorization LOW *-2.6.1 July 5, 2026
launchpage-app-importer launchpage-app-importer
91
LaunchPage.app Importer <= 1.1 - Unauthenticated SQL Injection LOW *-1.1 July 5, 2026
ksher-payment ksher-payment
93
Ksher <= 1.1.1 - Missing Authorization LOW *-1.1.1 1.1.2 July 5, 2026
job-board-manager job-board-manager
83
Job Board Manager <= 2.1.60 - Missing Authorization LOW *-2.1.60 July 5, 2026
flashnews-fading-effect-pearlbells flashnews-fading-effect-pearlbells
91
Flash News / Post (Responsive) <= 4.1 - Cross-Site Request Forgery to Privilege Escalation LOW *-4.1 July 5, 2026
etemplates etemplates
91
eTemplates <= 0.2.1 - Unauthenticated SQL Injection LOW *-0.2.1 July 5, 2026
easy-site-importer easy-site-importer
91
Easy Site Importer <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Settings Change LOW *-1.0.1 July 5, 2026
dr-affiliate dr-affiliate
91
Dr Affiliate <= 1.2.3 - Authenticated (Subscriber+) SQL Injection LOW *-1.2.3 July 5, 2026
devoluciones-packback devoluciones-packback
91
Mimoos <= 1.2 - Authenticated (Subscriber+) SQL Injection LOW *-1.2 July 5, 2026
device-detector device-detector
93
Device Detector <= 4.2.0 - Reflected Cross-Site Scripting via id LOW *-4.2.0 4.2.1 July 5, 2026
critical-site-intel-stats critical-site-intel-stats
91
Critical Site Intel <= 1.0 - Unauthenticated SQL Injection LOW *-1.0 July 5, 2026
code-generator-pro code-generator-pro
91
Code Generator Pro <= 1.2 - Unauthenticated SQL Injection LOW *-1.2 July 5, 2026
changyan changyan
91
畅言评论系统 <= 2.0.5 - Missing Authorization LOW *-2.0.5 July 5, 2026
cf7-mollie cf7-mollie
89
Mollie for Contact Form 7 <= 5.0.0 - Authenticated (Administrator+) SQL Injection LOW *-5.0.0 July 5, 2026
caldera-smtp-mailer caldera-smtp-mailer
91
Caldera SMTP Mailer <= 1.0.1 - Missing Authorization LOW *-1.0.1 July 5, 2026
bootstrap-buttons bootstrap-buttons
91
Bootstrap Buttons <= 1.2 - Reflected Cross-Site Scripting LOW *-1.2 July 5, 2026
better-wp-login-page better-wp-login-page
91
Better WP Login Page <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.1.2 July 5, 2026
advanced-what-should-we-write-about-next advanced-what-should-we-write-about-next
95
Advanced What should we write next about <= 1.0.3 - Authenticated (Subscriber+) SQL Injection LOW *-1.0.3 July 5, 2026
advanced-data-table-for-elementor advanced-data-table-for-elementor
97
Advanced Data Table For Elementor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.0 1.0.1 July 5, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder fluentform
78
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject LOW *-5.2.6 5.2.7 July 5, 2026
smart-popup-blaster smart-popup-blaster N/A Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.3 July 5, 2026
connatix-video-embed connatix-video-embed
91
Connatix Video Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.5 July 5, 2026
tcbd-popover tcbd-popover N/A TCBD Popover <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
post-types-carousel-slider post-types-carousel-slider N/A Post Carousel & Slider <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.3 1.0.4 July 5, 2026
ider-login ider-login
91
IDer Login for WordPress <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1 July 5, 2026
buk-appointments buk-appointments
93
Buk for WordPress <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.7 1.0.8 July 5, 2026
filestack-upload filestack-upload
93
Filestack Official <= 2.1.0 - Reflected Cross-Site Scripting LOW *-2.1.0 3.0.0 July 5, 2026
cricket-score cricket-score
93
Cricket Live Score <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.2 2.0.3 July 5, 2026
the-permalinker the-permalinker N/A The Permalinker <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.1 1.9.0 July 5, 2026
wp-photo-text-slider-50 wp-photo-text-slider-50 N/A Wp photo text slider 50 <= 8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-8.1 July 5, 2026
sip-calculator sip-calculator N/A SIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
my-idx-home-search my-idx-home-search
93
My IDX Home Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.1 2.1.2 July 5, 2026
my-idx-home-search my-idx-home-search
93
My IDX Home Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.1 2.1.2 July 5, 2026
woo-cart-count-shortcode woo-cart-count-shortcode N/A WooCommerce Cart Count Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 July 5, 2026
visualmodo-elements visualmodo-elements N/A Visualmodo Elements <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-1.0.2 July 5, 2026
get-post-content-shortcode get-post-content-shortcode
91
Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode LOW *-0.4 July 5, 2026
crafthemes-demo-import crafthemes-demo-import
91
Crafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_files LOW *-3.3 July 5, 2026
tabs-maker tabs-maker N/A Tabs Maker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
glomex-oembed glomex-oembed
93
glomex oEmbed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.9.1 0.9.2 July 5, 2026
LOW

category-post-shortcode

category-post-shortcode

Score: 91/100 Category Post Shortcode <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4 Patched: Updated: July 5, 2026
LOW

bu-section-editing

bu-section-editing

Score: 89/100 BU Section Editing <= 0.9.9 - Reflected Cross-Site Scripting Affected: *-0.9.9 Patched: Updated: July 5, 2026
LOW

biagiotti-membership

biagiotti-membership

Score: 93/100 Biagiotti Membership <= 1.0.2 - Authentication Bypass via biagiotti_membership_check_facebook_user Affected: *-1.0.2 Patched: 1.1 Updated: July 5, 2026
LOW

animation-addons-for-elementor

animation-addons-for-elementor

Score: 95/100 Animation Addons for Elementor <= 1.1.6 - Authenticated (Contributor+) Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template Affected: *-1.1.6 Patched: 1.1.7 Updated: July 5, 2026
LOW

agency-toolkit

agency-toolkit

Score: 97/100 Agency Toolkit <= 1.0.23 - Missing Authorization to Unauthenticated Arbitrary Options Update Affected: *-1.0.23 Patched: 1.0.24 Updated: July 5, 2026
LOW

adwork-media-ez-content-locker

adwork-media-ez-content-locker

Score: 95/100 AdWork Media EZ Content Locker <= 3.0 - Reflected Cross-Site Scripting Affected: *-3.0 Patched: Updated: July 5, 2026
LOW

wp-base-booking-of-appointments-services-and-events

wp-base-booking-of-appointments-services-and-events

Score: N/A WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter Affected: *-4.9.1 Patched: 4.9.2 Updated: July 5, 2026
LOW

sikshya

sikshya

Score: N/A Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter Affected: *-0.0.21 Patched: 0.0.22 Updated: July 5, 2026
LOW

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Score: 74/100 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name Affected: *-4.0.7.3 Patched: 4.0.7.4 Updated: July 5, 2026
LOW

user-role-editor

user-role-editor

Score: N/A User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation Affected: *-4.64.3 Patched: 4.64.4 Updated: July 5, 2026
LOW

wc-sms

wc-sms

Score: N/A SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-2.8.1 Patched: 2.8.1.1 Updated: July 5, 2026
LOW

stop-registration-spam

stop-registration-spam

Score: N/A Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.23 Patched: 1.24 Updated: July 5, 2026
LOW

wp-all-import-pro

wp-all-import-pro

Score: N/A WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import Affected: *-4.9.3 Patched: 4.9.4 Updated: July 5, 2026
LOW

powerpack-addon-for-beaver-builder

powerpack-addon-for-beaver-builder

Score: N/A PowerPack Lite for Beaver Builder <= 1.3.0.5 - Reflected Cross-Site Scripting via Navigate Parameter Affected: *-1.3.0.5 Patched: 1.3.1 Updated: July 5, 2026
LOW

slope-widgets

slope-widgets

Score: N/A Slope Widgets <= 4.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.12 Patched: 4.2.13 Updated: July 5, 2026
LOW

animated-counters

animated-counters

Score: 95/100 Animated Counters <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: July 5, 2026
LOW

tpg-get-posts

tpg-get-posts

Score: N/A TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.5 Patched: Updated: July 5, 2026
LOW

portfolio-pro

portfolio-pro

Score: 91/100 Portfolio – Filterable Masonry Portfolio Gallery for Professionals <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 5, 2026
LOW

support-x

support-x

Score: N/A CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.6 Patched: 1.1.7 Updated: July 5, 2026
LOW

wp-menu-image

wp-menu-image

Score: N/A WP Menu Image <= 2.2 - Missing Authorization to Unauthenticated Menu Image Deletion Affected: *-2.2 Patched: 2.3 Updated: July 5, 2026
LOW

woo-additional-fees-on-checkout-wordpress

woo-additional-fees-on-checkout-wordpress

Score: N/A WooCommerce Additional Fees On Checkout (Free) <= 1.4.7 - Reflected Cross-Site Scripting via 'number' Affected: *-1.4.7 Patched: 1.4.8 Updated: July 5, 2026
LOW

tourmaster

tourmaster

Score: N/A Tour Master - Tour Booking, Travel, Hotel < 5.3.4 - Unauthenticated Stored Cross-Site Scripting via Room Booking Affected: [*, 5.3.4) Patched: 5.3.4 Updated: July 5, 2026
LOW

tidy-up

tidy-up

Score: N/A Tidy Up <= 1.3 - Cross-Site Request Forgery Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

saoshyant-element

saoshyant-element

Score: N/A Saoshyant Element <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

s2member

s2member

Score: N/A s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241114 - Authenticated (Contributor+) Sensitive Information Exposure Affected: *-241114 Patched: 241216 Updated: July 5, 2026
LOW

pods

pods

Score: 93/100 Pods – Custom Content Types and Fields <= 3.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.2.8 Patched: 3.2.8.1 Updated: July 5, 2026
LOW

password-protect-page

password-protect-page

Score: 93/100 PPWP – Password Protect Pages <= 1.9.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-1.9.5 Patched: 1.9.6 Updated: July 5, 2026
LOW

memberful-wp

memberful-wp

Score: 93/100 Memberful <= 1.73.9 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-1.73.9 Patched: 1.74.0 Updated: July 5, 2026
LOW

image-mapper

image-mapper

Score: 91/100 Image Mapper <= 0.2.5.3 - Reflected Cross-Site Scripting Affected: *-0.2.5.3 Patched: Updated: July 5, 2026
LOW

icegram

icegram

Score: 93/100 Icegram Engage <= 3.1.31 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.1.31 Patched: 3.1.32 Updated: July 5, 2026
LOW

element-ready-lite

element-ready-lite

Score: 93/100 ElementsReady Addons for Elementor <= 6.4.8 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates Affected: *-6.4.8 Patched: 6.4.9 Updated: July 5, 2026
LOW

Calculated Fields Form

calculated-fields-form

Score: 70/100 Calculated Fields Form <= 5.2.63 - Denial of Service Affected: *-5.2.63 Patched: 5.2.64 Updated: July 5, 2026
LOW

poll-maker

poll-maker

Score: 93/100 Poll Maker <= 5.5.0 - Missing Authorization Affected: *-5.5.0 Patched: 5.5.1 Updated: July 5, 2026
LOW

yds-support-ticket-system

yds-support-ticket-system

Score: N/A YDS Support Ticket System <= 1.0 - Authenticated (Subscriber+) SQL Injection Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

xml-multilanguage-sitemap-generator

xml-multilanguage-sitemap-generator

Score: N/A XML Multilanguage Sitemap Generator <= 2.0.6 - Missing Authorization Affected: *-2.0.6 Patched: Updated: July 5, 2026
LOW

wr-age-verification

wr-age-verification

Score: N/A Wr Age Verification <= 2.0.0 - Authenticated (Subscriber+) SQL Injection Affected: *-2.0.0 Patched: Updated: July 5, 2026
LOW

wr-age-verification

wr-age-verification

Score: N/A Wr Age Verification <= 2.0.0 - Unauthenticated SQL Injection Affected: *-2.0.0 Patched: Updated: July 5, 2026
LOW

wp-crm-system

wp-crm-system

Score: N/A WordPress CRM Plugin – WP-CRM System <= 3.2.9.1 - Missing Authorization Affected: *-3.2.9.1 Patched: 3.4.0 Updated: July 5, 2026
LOW

wovax-idx

wovax-idx

Score: N/A Wovax IDX <= 1.2.2 - Missing Authorization to Privilege Escalation Affected: *-1.2.2 Patched: Updated: July 5, 2026
LOW

woocommerce-product-payments

woocommerce-product-payments

Score: N/A Dreamfox Media Payment gateway per Product for Woocommerce <= 3.5.8 - Missing Authorization Affected: *-3.5.8 Patched: 3.5.9 Updated: July 5, 2026
LOW

woocommerce-basic-ordernumbers

woocommerce-basic-ordernumbers

Score: N/A WooCommerce Basic Ordernumbers <= 1.4.4 - Missing Authorization Affected: *-1.4.4 Patched: Updated: July 5, 2026
LOW

utech-world-time-for-wp

utech-world-time-for-wp

Score: N/A Utech World Time <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

tsb-occasion-editor

tsb-occasion-editor

Score: N/A TSB Occasion Editor <= 1.2.1 - Authenticated (Subscriber+) SQL Injection Affected: *-1.2.1 Patched: Updated: July 5, 2026
LOW

torod

torod

Score: N/A Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.7 - Missing Authorization to Unauthenticated Plugin Settings Update Affected: *-1.7 Patched: 1.8 Updated: July 5, 2026
LOW

stripe-manager

stripe-manager

Score: N/A WP Simple Pay Lite Manager <= 1.4 - Authenticated (Administrator+) SQL Injection Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

spreadr-for-woocomerce

spreadr-for-woocomerce

Score: N/A Spreadr Woocommerce <= 1.0.4 - Missing Authorization Affected: *-1.0.4 Patched: 1.0.5 Updated: July 5, 2026
LOW

spreadr-for-woocomerce

spreadr-for-woocomerce

Score: N/A Spreadr Woocommerce <= 1.0.4 - Missing Authorization to Arbitrary Content Deletion Affected: *-1.0.4 Patched: 1.0.5 Updated: July 5, 2026
LOW

service

service

Score: N/A Service <= 1.0.4 - Authenticated (Subscriber+) SQL Injection Affected: *-1.0.4 Patched: Updated: July 5, 2026
LOW

saksh-escrow-system

saksh-escrow-system

Score: N/A Saksh Escrow System <= 2.4 - Authenticated (Subscriber+) SQL Injection Affected: *-2.4 Patched: Updated: July 5, 2026
LOW

rich-web-share-button

rich-web-share-button

Score: N/A Share Buttons – Social Media <= 1.0.2 - Unauthenticated SQL Injection Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

responsive-google-maps

responsive-google-maps

Score: N/A Responsive Google Maps | by imbaa <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.5 Patched: 1.2.7 Updated: July 5, 2026
LOW

power-forms-builder

power-forms-builder

Score: N/A PowerFormBuilder <= 1.0.6 - Authenticated (Subscriber+) SQL Injection Affected: *-1.0.6 Patched: Updated: July 5, 2026
LOW

posti-shipping

posti-shipping

Score: N/A Posti Shipping <= 3.10.3 - Cross-Site Request Forgery Affected: *-3.10.3 Patched: 3.10.4 Updated: July 5, 2026
LOW

popup-surveys

popup-surveys

Score: 91/100 Popup Surveys & Polls for WordPress (Mare.io) <= 1.36 - Missing Authorization Affected: *-1.36 Patched: Updated: July 5, 2026
LOW

order-delivery-pickup-location-date-time-free-version

order-delivery-pickup-location-date-time-free-version

Score: 91/100 Order Delivery & Pickup Location Date Time ( Free Version ) <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

navayan-csv-export

navayan-csv-export

Score: 91/100 Navayan CSV Export <= 1.0.9 - Unauthenticated SQL Injection Affected: *-1.0.9 Patched: Updated: July 5, 2026
LOW

nabz-image-gallery

nabz-image-gallery

Score: 91/100 Nabz Image Gallery <= v1.00 - Unauthenticated SQL Injection Affected: * - v1.00 Patched: Updated: July 5, 2026
LOW

mightyforms

mightyforms

Score: 93/100 Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Missing Authorization Affected: *-1.3.9 Patched: 1.3.10 Updated: July 5, 2026
LOW

leader

leader

Score: 91/100 Leader <= 2.6.1 - Missing Authorization Affected: *-2.6.1 Patched: Updated: July 5, 2026
LOW

launchpage-app-importer

launchpage-app-importer

Score: 91/100 LaunchPage.app Importer <= 1.1 - Unauthenticated SQL Injection Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

ksher-payment

ksher-payment

Score: 93/100 Ksher <= 1.1.1 - Missing Authorization Affected: *-1.1.1 Patched: 1.1.2 Updated: July 5, 2026
LOW

job-board-manager

job-board-manager

Score: 83/100 Job Board Manager <= 2.1.60 - Missing Authorization Affected: *-2.1.60 Patched: Updated: July 5, 2026
LOW

flashnews-fading-effect-pearlbells

flashnews-fading-effect-pearlbells

Score: 91/100 Flash News / Post (Responsive) <= 4.1 - Cross-Site Request Forgery to Privilege Escalation Affected: *-4.1 Patched: Updated: July 5, 2026
LOW

etemplates

etemplates

Score: 91/100 eTemplates <= 0.2.1 - Unauthenticated SQL Injection Affected: *-0.2.1 Patched: Updated: July 5, 2026
LOW

easy-site-importer

easy-site-importer

Score: 91/100 Easy Site Importer <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Settings Change Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

dr-affiliate

dr-affiliate

Score: 91/100 Dr Affiliate <= 1.2.3 - Authenticated (Subscriber+) SQL Injection Affected: *-1.2.3 Patched: Updated: July 5, 2026
LOW

devoluciones-packback

devoluciones-packback

Score: 91/100 Mimoos <= 1.2 - Authenticated (Subscriber+) SQL Injection Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

device-detector

device-detector

Score: 93/100 Device Detector <= 4.2.0 - Reflected Cross-Site Scripting via id Affected: *-4.2.0 Patched: 4.2.1 Updated: July 5, 2026
LOW

critical-site-intel-stats

critical-site-intel-stats

Score: 91/100 Critical Site Intel <= 1.0 - Unauthenticated SQL Injection Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

code-generator-pro

code-generator-pro

Score: 91/100 Code Generator Pro <= 1.2 - Unauthenticated SQL Injection Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

changyan

changyan

Score: 91/100 畅言评论系统 <= 2.0.5 - Missing Authorization Affected: *-2.0.5 Patched: Updated: July 5, 2026
LOW

cf7-mollie

cf7-mollie

Score: 89/100 Mollie for Contact Form 7 <= 5.0.0 - Authenticated (Administrator+) SQL Injection Affected: *-5.0.0 Patched: Updated: July 5, 2026
LOW

caldera-smtp-mailer

caldera-smtp-mailer

Score: 91/100 Caldera SMTP Mailer <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

bootstrap-buttons

bootstrap-buttons

Score: 91/100 Bootstrap Buttons <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

better-wp-login-page

better-wp-login-page

Score: 91/100 Better WP Login Page <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.2 Patched: Updated: July 5, 2026
LOW

advanced-what-should-we-write-about-next

advanced-what-should-we-write-about-next

Score: 95/100 Advanced What should we write next about <= 1.0.3 - Authenticated (Subscriber+) SQL Injection Affected: *-1.0.3 Patched: Updated: July 5, 2026
LOW

advanced-data-table-for-elementor

advanced-data-table-for-elementor

Score: 97/100 Advanced Data Table For Elementor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.0 Patched: 1.0.1 Updated: July 5, 2026
LOW

smart-popup-blaster

smart-popup-blaster

Score: N/A Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: Updated: July 5, 2026
LOW

connatix-video-embed

connatix-video-embed

Score: 91/100 Connatix Video Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: Updated: July 5, 2026
LOW

tcbd-popover

tcbd-popover

Score: N/A TCBD Popover <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

post-types-carousel-slider

post-types-carousel-slider

Score: N/A Post Carousel & Slider <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: July 5, 2026
LOW

ider-login

ider-login

Score: 91/100 IDer Login for WordPress <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 5, 2026
LOW

buk-appointments

buk-appointments

Score: 93/100 Buk for WordPress <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: July 5, 2026
LOW

filestack-upload

filestack-upload

Score: 93/100 Filestack Official <= 2.1.0 - Reflected Cross-Site Scripting Affected: *-2.1.0 Patched: 3.0.0 Updated: July 5, 2026
LOW

cricket-score

cricket-score

Score: 93/100 Cricket Live Score <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: 2.0.3 Updated: July 5, 2026
LOW

the-permalinker

the-permalinker

Score: N/A The Permalinker <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.1 Patched: 1.9.0 Updated: July 5, 2026
LOW

wp-photo-text-slider-50

wp-photo-text-slider-50

Score: N/A Wp photo text slider 50 <= 8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-8.1 Patched: Updated: July 5, 2026
LOW

sip-calculator

sip-calculator

Score: N/A SIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

my-idx-home-search

my-idx-home-search

Score: 93/100 My IDX Home Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.1 Patched: 2.1.2 Updated: July 5, 2026
LOW

my-idx-home-search

my-idx-home-search

Score: 93/100 My IDX Home Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.1 Patched: 2.1.2 Updated: July 5, 2026
LOW

woo-cart-count-shortcode

woo-cart-count-shortcode

Score: N/A WooCommerce Cart Count Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 5, 2026
LOW

visualmodo-elements

visualmodo-elements

Score: N/A Visualmodo Elements <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

get-post-content-shortcode

get-post-content-shortcode

Score: 91/100 Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode Affected: *-0.4 Patched: Updated: July 5, 2026
LOW

crafthemes-demo-import

crafthemes-demo-import

Score: 91/100 Crafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_files Affected: *-3.3 Patched: Updated: July 5, 2026
LOW

tabs-maker

tabs-maker

Score: N/A Tabs Maker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

glomex-oembed

glomex-oembed

Score: 93/100 glomex oEmbed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.9.1 Patched: 0.9.2 Updated: July 5, 2026

Showing 14301 to 14400 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 14:02 UTC.