Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

93

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
posts-and-products-views posts-and-products-views N/A Posts and Products Views for WooCommerce <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1 2.1.1 July 5, 2026
kredeum-nfts kredeum-nfts
93
Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.9 1.6.10 July 5, 2026
Koalendar – Easy Appointment Scheduling & Booking Plugin koalendar-free-booking-widget
95
Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter LOW *-1.0.2 1.0.3 July 5, 2026
companion-portfolio companion-portfolio
91
Companion Portfolio – Responsive Portfolio Plugin <= 2.4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.0.1 July 5, 2026
ymc-states-map ymc-states-map N/A States Map US <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.2 July 5, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation LOW *-2.2.2 2.2.3 July 5, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() LOW *-2.2.2 2.2.3 July 5, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() LOW *-2.2.2 2.2.3 July 5, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection LOW *-2.2.1 2.2.3 July 5, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection LOW *-2.2.2 2.2.3 July 5, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download LOW *-2.2.2 2.2.3 July 5, 2026
wp-ad-guru wp-ad-guru N/A WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More <= 2.5.4 - Reflected Cross-Site Scripting LOW *-2.5.4 July 5, 2026
tickera-event-ticketing-system tickera-event-ticketing-system N/A Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure LOW *-3.5.4.8 3.5.4.9 July 5, 2026
simple-locator simple-locator N/A Simple Locator <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.3 2.0.4 July 5, 2026
shortcode-elementor shortcode-elementor N/A Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure LOW *-1.0.4 1.0.5 July 5, 2026
sailthru-triggermail sailthru-triggermail N/A Sailthru Triggermail <= 1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
post-to-pdf post-to-pdf N/A Post to Pdf <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0 1.1 July 5, 2026
plezi plezi
93
Plezi <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6 1.0.7 July 5, 2026
pepro-bacs-receipt-upload-for-woocommerce pepro-bacs-receipt-upload-for-woocommerce
93
PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting LOW *-2.6.9 2.7.0 July 5, 2026
my-wp my-wp
93
My WP Customize Admin/Frontend <= 1.24.0 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.24.0 1.24.1 July 5, 2026
ims-countdown ims-countdown
93
IMS Countdown <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.5 1.3.6 July 5, 2026
import-eventbrite-events import-eventbrite-events
93
Import Eventbrite Events <= 1.7.4 - Reflected Cross-Site Scripting LOW *-1.7.4 1.7.5 July 5, 2026
geodatasource-country-region-dropdown geodatasource-country-region-dropdown
93
GeoDataSource Country Region DropDown <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 1.0.2 July 5, 2026
geocache-stat-bar-widget geocache-stat-bar-widget
91
Geocache Stat Bar Widget <= 0.911 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.911 July 5, 2026
ganohrs-toggle-shortcode ganohrs-toggle-shortcode
93
Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.2.4 0.2.5 July 5, 2026
eveeno eveeno
93
Eveeno <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7 1.8 July 5, 2026
bukza bukza
93
Bukza <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.0 2.0.1 July 5, 2026
bodi0s-easy-cache bodi0s-easy-cache
93
bodi0’s Easy Cache <= 0.8 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-0.8 0.9 July 5, 2026
acf-frontend-form-element acf-frontend-form-element
97
Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting LOW *-3.24.5 3.25.1 July 5, 2026
acf-frontend-form-element acf-frontend-form-element
97
Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation LOW *-3.24.5 3.25.1 July 5, 2026
ootb-openstreetmap ootb-openstreetmap
93
Out of the Block: OpenStreetMap <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via ootb_query Shortcode LOW *-2.8.3 2.8.4 July 5, 2026
notibar notibar
93
Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text LOW *-2.1.4 2.1.5 July 5, 2026
wp-crowdfunding wp-crowdfunding N/A WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation LOW *-2.1.12 2.1.13 July 5, 2026
wp-crowdfunding wp-crowdfunding N/A WP Crowdfunding <= 2.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.15 2.1.16 July 5, 2026
booking-system-trafft booking-system-trafft
93
Booking System Trafft <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6 1.0.7 July 5, 2026
simple-link-directory simple-link-directory N/A Simple Link Directory <= 8.4.5 - Unauthenticated Arbitrary Shortcode Execution LOW *-8.4.5 8.4.6 July 5, 2026
primer-mydata primer-mydata N/A Primer MyData for Woocommerce <= 4.2.1 - Reflected Cross-Site Scripting LOW *-4.2.1 4.2.2 July 5, 2026
newsmanapp newsmanapp
93
NewsmanApp <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.7.6 2.7.7 July 5, 2026
ar-for-wordpress ar-for-wordpress
95
AR for WordPress <= 7.3 - Missing Authorization to Unauthenticated Limited File Upload LOW *-7.3 7.4 July 5, 2026
youmax-channel-embeds-for-youtube-businesses youmax-channel-embeds-for-youtube-businesses N/A Youtube Video Grid <= 1.9 - Cross-Site Request Forgery LOW *-1.9 July 5, 2026
xpd-reduce-image-filesize xpd-reduce-image-filesize N/A XPD Reduce Image Filesize <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
wpp-customization wpp-customization N/A Admin Customization <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.2 July 5, 2026
wpappninja wpappninja N/A WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution LOW *-11.52 11.53 July 5, 2026
wp-weixin-robot wp-weixin-robot N/A WP微信机器人 <= 5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-5.3.5 July 5, 2026
wp-management-controller wp-management-controller N/A WP Controller <= 3.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.2.0 July 5, 2026
wp-login-with-ajax wp-login-with-ajax N/A Wp Login with Ajax <= 0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.6 July 5, 2026
wp-hide-that wp-hide-that N/A WP-HideThat <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
wp-flipkart-importer wp-flipkart-importer N/A WP Flipkart Importer <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4 July 5, 2026
wp-fiddle wp-fiddle N/A WP Fiddle <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
wp-ban-user wp-ban-user N/A WP-Ban-User <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.0 July 5, 2026
wordpress-filter wordpress-filter N/A WordPress Filter <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.1 July 5, 2026
woocommerce-myparcel woocommerce-myparcel N/A MyParcel <= 4.24.1 - Reflected Cross-Site Scripting LOW *-4.24.1 4.24.2 July 5, 2026
woo-coupon-usage woo-coupon-usage N/A Coupon Affiliates – Affiliate Plugin for WooCommerce <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting LOW *-5.16.7.1 5.16.7.2 July 5, 2026
visual-recent-posts visual-recent-posts N/A Visual Recent Posts <= 1.2.3 - Reflected Cross-Site Scripting LOW *-1.2.3 July 5, 2026
ui-slider-filter-by-price ui-slider-filter-by-price N/A Ui Slider Filter By Price <= 1.1 - Cross-Site Request Forgery LOW *-1.1 July 5, 2026
timetics timetics N/A WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion LOW *-1.0.27 1.0.28 July 5, 2026
themify-store-locator themify-store-locator N/A Themify Store Locator <= 1.1.9 - Cross-Site Request Forgery LOW *-1.1.9 1.2.0 July 5, 2026
termin-kalender termin-kalender N/A Termin-Kalender <= 0.99.47 - Missing Authorization to Authenticated (Subscriber+) LOW *-0.99.47 1.00.04 July 5, 2026
taggator taggator N/A TagGator <= 1.54 - Reflected Cross-Site Scripting LOW *-1.54 July 5, 2026
svg-shortcode svg-shortcode N/A SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload LOW *-1.0.1 July 5, 2026
sopa-blackout sopa-blackout N/A SOPA Blackout <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4 July 5, 2026
social-media-sharing social-media-sharing N/A Social Media Sharing <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
simple-booking-widget simple-booking-widget N/A Simple Booking Widget <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
responsive-filterable-portfolio responsive-filterable-portfolio N/A Responsive Filterable Portfolio <=1.0.8 - Authenticated (Admin+) SQL Injection LOW *-1.0.8 1.0.9 July 5, 2026
rate-my-post rate-my-post N/A Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts LOW *-4.2.4 4.2.5 July 5, 2026
radio-player radio-player N/A Radio Player <= 2.0.83 - Unauthenticated Server-Side Request Forgery LOW *-2.0.83 2.0.85 July 5, 2026
push-monkey-desktop-push-notifications push-monkey-desktop-push-notifications N/A Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.9 July 5, 2026
property-hive-stamp-duty-calculator property-hive-stamp-duty-calculator N/A Property Hive Stamp Duty Calculator <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.22 1.0.23 July 5, 2026
posts-date-ranges posts-date-ranges N/A Posts Date Ranges <= 2.2 - Reflected Cross-Site Scripting LOW *-2.2 July 5, 2026
pixproof pixproof
91
PixProof <= 2.0.1 - Missing Authorization LOW *-2.0.1 July 5, 2026
phzoom phzoom
91
phZoom <= 1.2.92 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.92 July 5, 2026
onlywire-multi-autosubmitter onlywire-multi-autosubmitter
91
Onlywire Multi Autosubmitter <= 1.2.4 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.2.4 July 5, 2026
myweather myweather
91
addWeather <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.5.1 July 5, 2026
multiple-admin-emails multiple-admin-emails
91
Multiple Admin Emails <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
mstore-api mstore-api
93
MStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting) LOW *-4.16.4 4.16.5 July 5, 2026
minify-html-markup minify-html-markup
93
Minify HTML <= 2.1.10 - - Regular Expressions Denial of Service LOW *-2.1.10 2.1.11 July 5, 2026
metrika metrika
91
Metrika <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
mdc-comment-toolbar mdc-comment-toolbar
91
MDC Comment Toolbar <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites mainwp-child N/A MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation LOW *-5.3.3 5.3.4 July 5, 2026
maintenance-and-noindex-nofollow maintenance-and-noindex-nofollow
91
LionScripts: Site Maintenance & Noindex Nofollow Plugin <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1 July 5, 2026
list-one-category-of-posts list-one-category-of-posts
91
Category of Posts <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
like-on-vkontakte like-on-vkontakte
91
Like in Vk.com <= 0.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-0.5.2 July 5, 2026
leaderboard-lite leaderboard-lite
91
LeaderBoard Plugin <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.4 July 5, 2026
jet-footer-code jet-footer-code
91
Jet Footer Code <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4 July 5, 2026
jcarousel-for-wordpress jcarousel-for-wordpress
91
jCarousel <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.0 July 5, 2026
instant-appointment instant-appointment
87
Instant Appointment <= 1.2 - Unauthenticated SQL Injection LOW *-1.2 July 5, 2026
indeed-wp-superbackup indeed-wp-superbackup
93
Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload LOW *-2.3.3 2.4 July 5, 2026
increase-sociability increase-sociability
91
Increase Sociability <= 1.3.0 - Reflected Cross-Site Scripting LOW *-1.3.0 July 5, 2026
hello-in-all-languages hello-in-all-languages
91
Hello in All Languages <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.6 July 5, 2026
goanimate goanimate
91
Go Animate <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
geoportail-shortcode geoportail-shortcode
89
Geoportail Shortcode <= 2.4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.4.4 July 5, 2026
gaxx-keywords gaxx-keywords
91
Gaxx Keywords <= 0.2 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-0.2 July 5, 2026
floating-player floating-player
91
Floating Video Player <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0 July 5, 2026
flaming-forms flaming-forms
87
Flaming Forms <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.1 July 5, 2026
evernote-sync evernote-sync
91
Evernote Sync <= 3.0.0 - Reflected Cross-Site Scripting LOW *-3.0.0 July 5, 2026
email-form-under-post email-form-under-post
91
Mandrill WP <= 1.0.5 - Cross-Site Request Forgery LOW *-1.0.5 July 5, 2026
eelv-newsletter eelv-newsletter
89
EELV Newsletter <= 4.8.2 - Cross-Site Request Forgery LOW *-4.8.2 July 5, 2026
ect-social-share ect-social-share
91
ECT Social Share <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.3 July 5, 2026
ect-product-carousel ect-product-carousel
91
ECT Product Carousel <= 1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.9 July 5, 2026
dtc-documents dtc-documents
91
DTC Documents <= 1.1.05 - Cross-Site Request Forgery LOW *-1.1.05 July 5, 2026
LOW

posts-and-products-views

posts-and-products-views

Score: N/A Posts and Products Views for WooCommerce <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1 Patched: 2.1.1 Updated: July 5, 2026
LOW

kredeum-nfts

kredeum-nfts

Score: 93/100 Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.9 Patched: 1.6.10 Updated: July 5, 2026
LOW

Koalendar – Easy Appointment Scheduling & Booking Plugin

koalendar-free-booking-widget

Score: 95/100 Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter Affected: *-1.0.2 Patched: 1.0.3 Updated: July 5, 2026
LOW

companion-portfolio

companion-portfolio

Score: 91/100 Companion Portfolio – Responsive Portfolio Plugin <= 2.4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.0.1 Patched: Updated: July 5, 2026
LOW

ymc-states-map

ymc-states-map

Score: N/A States Map US <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.2 Patched: Updated: July 5, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation Affected: *-2.2.2 Patched: 2.2.3 Updated: July 5, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() Affected: *-2.2.2 Patched: 2.2.3 Updated: July 5, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() Affected: *-2.2.2 Patched: 2.2.3 Updated: July 5, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection Affected: *-2.2.1 Patched: 2.2.3 Updated: July 5, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection Affected: *-2.2.2 Patched: 2.2.3 Updated: July 5, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download Affected: *-2.2.2 Patched: 2.2.3 Updated: July 5, 2026
LOW

wp-ad-guru

wp-ad-guru

Score: N/A WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More <= 2.5.4 - Reflected Cross-Site Scripting Affected: *-2.5.4 Patched: Updated: July 5, 2026
LOW

tickera-event-ticketing-system

tickera-event-ticketing-system

Score: N/A Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure Affected: *-3.5.4.8 Patched: 3.5.4.9 Updated: July 5, 2026
LOW

simple-locator

simple-locator

Score: N/A Simple Locator <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.3 Patched: 2.0.4 Updated: July 5, 2026
LOW

shortcode-elementor

shortcode-elementor

Score: N/A Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure Affected: *-1.0.4 Patched: 1.0.5 Updated: July 5, 2026
LOW

sailthru-triggermail

sailthru-triggermail

Score: N/A Sailthru Triggermail <= 1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

post-to-pdf

post-to-pdf

Score: N/A Post to Pdf <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: 1.1 Updated: July 5, 2026
LOW

plezi

plezi

Score: 93/100 Plezi <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: July 5, 2026
LOW

pepro-bacs-receipt-upload-for-woocommerce

pepro-bacs-receipt-upload-for-woocommerce

Score: 93/100 PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting Affected: *-2.6.9 Patched: 2.7.0 Updated: July 5, 2026
LOW

my-wp

my-wp

Score: 93/100 My WP Customize Admin/Frontend <= 1.24.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.24.0 Patched: 1.24.1 Updated: July 5, 2026
LOW

ims-countdown

ims-countdown

Score: 93/100 IMS Countdown <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.5 Patched: 1.3.6 Updated: July 5, 2026
LOW

import-eventbrite-events

import-eventbrite-events

Score: 93/100 Import Eventbrite Events <= 1.7.4 - Reflected Cross-Site Scripting Affected: *-1.7.4 Patched: 1.7.5 Updated: July 5, 2026
LOW

geodatasource-country-region-dropdown

geodatasource-country-region-dropdown

Score: 93/100 GeoDataSource Country Region DropDown <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: July 5, 2026
LOW

geocache-stat-bar-widget

geocache-stat-bar-widget

Score: 91/100 Geocache Stat Bar Widget <= 0.911 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.911 Patched: Updated: July 5, 2026
LOW

ganohrs-toggle-shortcode

ganohrs-toggle-shortcode

Score: 93/100 Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2.4 Patched: 0.2.5 Updated: July 5, 2026
LOW

eveeno

eveeno

Score: 93/100 Eveeno <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7 Patched: 1.8 Updated: July 5, 2026
LOW

bukza

bukza

Score: 93/100 Bukza <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.0.1 Updated: July 5, 2026
LOW

bodi0s-easy-cache

bodi0s-easy-cache

Score: 93/100 bodi0’s Easy Cache <= 0.8 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-0.8 Patched: 0.9 Updated: July 5, 2026
LOW

acf-frontend-form-element

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.24.5 Patched: 3.25.1 Updated: July 5, 2026
LOW

acf-frontend-form-element

acf-frontend-form-element

Score: 97/100 Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation Affected: *-3.24.5 Patched: 3.25.1 Updated: July 5, 2026
LOW

ootb-openstreetmap

ootb-openstreetmap

Score: 93/100 Out of the Block: OpenStreetMap <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via ootb_query Shortcode Affected: *-2.8.3 Patched: 2.8.4 Updated: July 5, 2026
LOW

notibar

notibar

Score: 93/100 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text Affected: *-2.1.4 Patched: 2.1.5 Updated: July 5, 2026
LOW

wp-crowdfunding

wp-crowdfunding

Score: N/A WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation Affected: *-2.1.12 Patched: 2.1.13 Updated: July 5, 2026
LOW

wp-crowdfunding

wp-crowdfunding

Score: N/A WP Crowdfunding <= 2.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.15 Patched: 2.1.16 Updated: July 5, 2026
LOW

booking-system-trafft

booking-system-trafft

Score: 93/100 Booking System Trafft <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: July 5, 2026
LOW

simple-link-directory

simple-link-directory

Score: N/A Simple Link Directory <= 8.4.5 - Unauthenticated Arbitrary Shortcode Execution Affected: *-8.4.5 Patched: 8.4.6 Updated: July 5, 2026
LOW

primer-mydata

primer-mydata

Score: N/A Primer MyData for Woocommerce <= 4.2.1 - Reflected Cross-Site Scripting Affected: *-4.2.1 Patched: 4.2.2 Updated: July 5, 2026
LOW

newsmanapp

newsmanapp

Score: 93/100 NewsmanApp <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.7.6 Patched: 2.7.7 Updated: July 5, 2026
LOW

ar-for-wordpress

ar-for-wordpress

Score: 95/100 AR for WordPress <= 7.3 - Missing Authorization to Unauthenticated Limited File Upload Affected: *-7.3 Patched: 7.4 Updated: July 5, 2026
LOW

xpd-reduce-image-filesize

xpd-reduce-image-filesize

Score: N/A XPD Reduce Image Filesize <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

wpp-customization

wpp-customization

Score: N/A Admin Customization <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 5, 2026
LOW

wpappninja

wpappninja

Score: N/A WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution Affected: *-11.52 Patched: 11.53 Updated: July 5, 2026
LOW

wp-weixin-robot

wp-weixin-robot

Score: N/A WP微信机器人 <= 5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-5.3.5 Patched: Updated: July 5, 2026
LOW

wp-management-controller

wp-management-controller

Score: N/A WP Controller <= 3.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.2.0 Patched: Updated: July 5, 2026
LOW

wp-login-with-ajax

wp-login-with-ajax

Score: N/A Wp Login with Ajax <= 0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.6 Patched: Updated: July 5, 2026
LOW

wp-hide-that

wp-hide-that

Score: N/A WP-HideThat <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

wp-flipkart-importer

wp-flipkart-importer

Score: N/A WP Flipkart Importer <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

wp-fiddle

wp-fiddle

Score: N/A WP Fiddle <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

wp-ban-user

wp-ban-user

Score: N/A WP-Ban-User <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

wordpress-filter

wordpress-filter

Score: N/A WordPress Filter <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.1 Patched: Updated: July 5, 2026
LOW

woocommerce-myparcel

woocommerce-myparcel

Score: N/A MyParcel <= 4.24.1 - Reflected Cross-Site Scripting Affected: *-4.24.1 Patched: 4.24.2 Updated: July 5, 2026
LOW

woo-coupon-usage

woo-coupon-usage

Score: N/A Coupon Affiliates – Affiliate Plugin for WooCommerce <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting Affected: *-5.16.7.1 Patched: 5.16.7.2 Updated: July 5, 2026
LOW

visual-recent-posts

visual-recent-posts

Score: N/A Visual Recent Posts <= 1.2.3 - Reflected Cross-Site Scripting Affected: *-1.2.3 Patched: Updated: July 5, 2026
LOW

ui-slider-filter-by-price

ui-slider-filter-by-price

Score: N/A Ui Slider Filter By Price <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

timetics

timetics

Score: N/A WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion Affected: *-1.0.27 Patched: 1.0.28 Updated: July 5, 2026
LOW

themify-store-locator

themify-store-locator

Score: N/A Themify Store Locator <= 1.1.9 - Cross-Site Request Forgery Affected: *-1.1.9 Patched: 1.2.0 Updated: July 5, 2026
LOW

termin-kalender

termin-kalender

Score: N/A Termin-Kalender <= 0.99.47 - Missing Authorization to Authenticated (Subscriber+) Affected: *-0.99.47 Patched: 1.00.04 Updated: July 5, 2026
LOW

taggator

taggator

Score: N/A TagGator <= 1.54 - Reflected Cross-Site Scripting Affected: *-1.54 Patched: Updated: July 5, 2026
LOW

svg-shortcode

svg-shortcode

Score: N/A SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

sopa-blackout

sopa-blackout

Score: N/A SOPA Blackout <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

social-media-sharing

social-media-sharing

Score: N/A Social Media Sharing <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

simple-booking-widget

simple-booking-widget

Score: N/A Simple Booking Widget <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

responsive-filterable-portfolio

responsive-filterable-portfolio

Score: N/A Responsive Filterable Portfolio <=1.0.8 - Authenticated (Admin+) SQL Injection Affected: *-1.0.8 Patched: 1.0.9 Updated: July 5, 2026
LOW

rate-my-post

rate-my-post

Score: N/A Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts Affected: *-4.2.4 Patched: 4.2.5 Updated: July 5, 2026
LOW

radio-player

radio-player

Score: N/A Radio Player <= 2.0.83 - Unauthenticated Server-Side Request Forgery Affected: *-2.0.83 Patched: 2.0.85 Updated: July 5, 2026
LOW

push-monkey-desktop-push-notifications

push-monkey-desktop-push-notifications

Score: N/A Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.9 Patched: Updated: July 5, 2026
LOW

property-hive-stamp-duty-calculator

property-hive-stamp-duty-calculator

Score: N/A Property Hive Stamp Duty Calculator <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.22 Patched: 1.0.23 Updated: July 5, 2026
LOW

posts-date-ranges

posts-date-ranges

Score: N/A Posts Date Ranges <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: Updated: July 5, 2026
LOW

pixproof

pixproof

Score: 91/100 PixProof <= 2.0.1 - Missing Authorization Affected: *-2.0.1 Patched: Updated: July 5, 2026
LOW

phzoom

phzoom

Score: 91/100 phZoom <= 1.2.92 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.92 Patched: Updated: July 5, 2026
LOW

onlywire-multi-autosubmitter

onlywire-multi-autosubmitter

Score: 91/100 Onlywire Multi Autosubmitter <= 1.2.4 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.2.4 Patched: Updated: July 5, 2026
LOW

myweather

myweather

Score: 91/100 addWeather <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.5.1 Patched: Updated: July 5, 2026
LOW

multiple-admin-emails

multiple-admin-emails

Score: 91/100 Multiple Admin Emails <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

mstore-api

mstore-api

Score: 93/100 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.16.4 - Authenticated (Subscriber+) HTML File Upload (Stored Cross-Site Scripting) Affected: *-4.16.4 Patched: 4.16.5 Updated: July 5, 2026
LOW

minify-html-markup

minify-html-markup

Score: 93/100 Minify HTML <= 2.1.10 - - Regular Expressions Denial of Service Affected: *-2.1.10 Patched: 2.1.11 Updated: July 5, 2026
LOW

metrika

metrika

Score: 91/100 Metrika <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

mdc-comment-toolbar

mdc-comment-toolbar

Score: 91/100 MDC Comment Toolbar <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

maintenance-and-noindex-nofollow

maintenance-and-noindex-nofollow

Score: 91/100 LionScripts: Site Maintenance & Noindex Nofollow Plugin <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 5, 2026
LOW

list-one-category-of-posts

list-one-category-of-posts

Score: 91/100 Category of Posts <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

like-on-vkontakte

like-on-vkontakte

Score: 91/100 Like in Vk.com <= 0.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.5.2 Patched: Updated: July 5, 2026
LOW

leaderboard-lite

leaderboard-lite

Score: 91/100 LeaderBoard Plugin <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.4 Patched: Updated: July 5, 2026
LOW

jet-footer-code

jet-footer-code

Score: 91/100 Jet Footer Code <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

jcarousel-for-wordpress

jcarousel-for-wordpress

Score: 91/100 jCarousel <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

instant-appointment

instant-appointment

Score: 87/100 Instant Appointment <= 1.2 - Unauthenticated SQL Injection Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

indeed-wp-superbackup

indeed-wp-superbackup

Score: 93/100 Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload Affected: *-2.3.3 Patched: 2.4 Updated: July 5, 2026
LOW

increase-sociability

increase-sociability

Score: 91/100 Increase Sociability <= 1.3.0 - Reflected Cross-Site Scripting Affected: *-1.3.0 Patched: Updated: July 5, 2026
LOW

hello-in-all-languages

hello-in-all-languages

Score: 91/100 Hello in All Languages <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: July 5, 2026
LOW

goanimate

goanimate

Score: 91/100 Go Animate <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

geoportail-shortcode

geoportail-shortcode

Score: 89/100 Geoportail Shortcode <= 2.4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.4.4 Patched: Updated: July 5, 2026
LOW

gaxx-keywords

gaxx-keywords

Score: 91/100 Gaxx Keywords <= 0.2 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-0.2 Patched: Updated: July 5, 2026
LOW

floating-player

floating-player

Score: 91/100 Floating Video Player <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

flaming-forms

flaming-forms

Score: 87/100 Flaming Forms <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

evernote-sync

evernote-sync

Score: 91/100 Evernote Sync <= 3.0.0 - Reflected Cross-Site Scripting Affected: *-3.0.0 Patched: Updated: July 5, 2026
LOW

email-form-under-post

email-form-under-post

Score: 91/100 Mandrill WP <= 1.0.5 - Cross-Site Request Forgery Affected: *-1.0.5 Patched: Updated: July 5, 2026
LOW

eelv-newsletter

eelv-newsletter

Score: 89/100 EELV Newsletter <= 4.8.2 - Cross-Site Request Forgery Affected: *-4.8.2 Patched: Updated: July 5, 2026
LOW

ect-social-share

ect-social-share

Score: 91/100 ECT Social Share <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

ect-product-carousel

ect-product-carousel

Score: 91/100 ECT Product Carousel <= 1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.9 Patched: Updated: July 5, 2026
LOW

dtc-documents

dtc-documents

Score: 91/100 DTC Documents <= 1.1.05 - Cross-Site Request Forgery Affected: *-1.1.05 Patched: Updated: July 5, 2026

Showing 14401 to 14500 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 15:04 UTC.