Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
display-future-posts display-future-posts
91
Display Future Posts <= 0.2.3 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-0.2.3 July 5, 2026
crudlab-google-plus crudlab-google-plus
91
CRUDLab Google Plus Button <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
comments-on-feed comments-on-feed
91
Comments On Feed <= 1.2.1 - Reflected Cross-Site Scripting LOW *-1.2.1 July 5, 2026
ck-and-syntaxhighlighter ck-and-syntaxhighlighter
91
CK and SyntaxHighlighter <= 3.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.4.2 July 5, 2026
bet-sport-free bet-sport-free
91
Bet sport Free <= 1.0.0 - Cross-Site Request Forgery LOW *-1.0.0 July 5, 2026
beaver-builder-lite-version beaver-builder-lite-version
93
Beaver Builder – WordPress Page Builder <= 2.8.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.8.4.4 2.8.5.3 July 5, 2026
banner-system banner-system
87
Banner System <= 1.0.0 - Missing Authorization LOW *-1.0.0 July 5, 2026
arabic-webfonts arabic-webfonts
95
Arabic Webfonts <= 1.4.6 - Missing Authorization LOW *-1.4.6 July 5, 2026
appmaps appmaps
95
AppMaps <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
aphorismus aphorismus
95
Aphorismus <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.0 July 5, 2026
ahathat ahathat
92
AHAthat <= 1.6 - Reflected Cross-Site Scripting LOW *-1.6 July 5, 2026
advanced-fancybox advanced-fancybox
95
Advanced Fancybox <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.1.1 July 5, 2026
add-image-to-post add-image-to-post
95
Add image to Post <= 0.6 - Cross-Site Request Forgery LOW *-0.6 July 5, 2026
3d-avatar-user-profile 3d-avatar-user-profile
95
3D Avatar User Profile <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 July 5, 2026
print-science-designer print-science-designer N/A Print Science Designer <= 1.3.152 - Unauthenticated PHP Object Injection LOW *-1.3.152 1.3.153 July 5, 2026
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
69
Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations LOW *-3.8.19 3.8.20 July 5, 2026
cognito-forms cognito-forms
93
Cognito Forms <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter LOW *-2.0.7 2.0.8 July 5, 2026
grid-plus grid-plus
89
Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category LOW *-1.3.5 July 5, 2026
halfdata-optin-downloads halfdata-optin-downloads
91
Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-4.07 July 5, 2026
library-management-system library-management-system
93
Library Management System <= 3.2.0 - Authenticated (Subscriber+) SQL Injection LOW *-3.2.0 3.2.1 July 5, 2026
country-blocker country-blocker
89
Country Blocker <= 3.2 - Reflected Cross-Site Scripting LOW *-3.2 July 5, 2026
arena-liveblog-and-chat-tool arena-liveblog-and-chat-tool
95
Arena.IM – Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings Update LOW *-0.4.1 July 5, 2026
arena-liveblog-and-chat-tool arena-liveblog-and-chat-tool
95
Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode LOW *-0.4.1 July 5, 2026
arena-liveblog-and-chat-tool arena-liveblog-and-chat-tool
95
Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.3.0 0.4.0 July 5, 2026
ai-post-generator ai-post-generator
95
AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion LOW *-3.5 July 5, 2026
kvcore-idx kvcore-idx
91
kvCORE IDX <= 2.3.35 - Reflected Cross-Site Scripting LOW *-2.3.35 July 5, 2026
yoo-bar yoo-bar N/A Top and footer bars for announcements, notifications, advertisements, promotions – YooBar <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.6 2.0.7 July 5, 2026
debranding debranding
89
de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update LOW *-1.0.2 July 5, 2026
hostfact-bestelformulier-integratie hostfact-bestelformulier-integratie
93
HostFact bestelformulier integratie <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 1.2 July 5, 2026
newsletter-subscriptions newsletter-subscriptions
91
Newsletter Subscriptions <= 2.1 - Reflected Cross-Site Scripting LOW *-2.1 July 5, 2026
attire-blocks attire-blocks
93
Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.5 1.9.6 July 5, 2026
custom-skins-contact-form-7 custom-skins-contact-form-7
91
Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation LOW *-1.0 July 5, 2026
sql-chart-builder sql-chart-builder N/A SQL Chart Builder <= 2.3.6 - Authenticated (Contributor+) SQL Injection LOW *-2.3.6 2.3.7 July 5, 2026
sign-in-with-google sign-in-with-google N/A Sign In With Google <= 1.8.0 - Authentication Bypass in authenticate_user LOW *-1.8.0 July 5, 2026
horizontal-scroll-image-slideshow horizontal-scroll-image-slideshow
91
Horizontal scroll image slideshow <= 10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-10.1 July 5, 2026
custom-wp-rest-api custom-wp-rest-api
91
Ultimate Endpoints With Rest Api <= 2.2.2 - Reflected Cross-Site Scripting LOW *-2.2.2 July 5, 2026
dejureorg-vernetzungsfunktion dejureorg-vernetzungsfunktion
93
dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.97.5 1.98.0 July 5, 2026
website-toolbox-forums website-toolbox-forums N/A Website Toolbox Community <= 2.0.1 - Reflected Cross-Site Scripting via websitetoolbox_username LOW *-2.0.1 2.0.2 July 5, 2026
surbma-salesautopilot-shortcode surbma-salesautopilot-shortcode N/A Surbma | SalesAutopilot Shortcode <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.5 July 5, 2026
hq-rental-software hq-rental-software
91
HQ Rental Software <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update LOW *-1.5.29 July 5, 2026
wp-service-payment-form-with-authorizenet wp-service-payment-form-with-authorizenet N/A WP Service Payment Form With Authorize.net <= 2.6.3 - Reflected Cross-Site Scripting LOW *-2.6.3 July 5, 2026
miniorange-login-with-eve-online-google-facebook miniorange-login-with-eve-online-google-facebook
93
OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass LOW *-6.26.3 6.26.4 July 5, 2026
schema-app-structured-data-for-schemaorg schema-app-structured-data-for-schemaorg N/A Schema App Structured Data <= 2.2.4 - Reflected Cross-Site Scripting LOW *-2.2.4 2.2.5 July 5, 2026
catch-popup catch-popup
91
Catch Popup <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.4 July 5, 2026
wp-revive-adserver wp-revive-adserver N/A WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.1 July 5, 2026
password-for-wp password-for-wp
93
Password for WP <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.5 1.6 July 5, 2026
embed-power-bi-reports embed-power-bi-reports
93
PowerBI Embed Reports <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.7 1.1.8 July 5, 2026
wpcargo wpcargo N/A WPCargo Track & Trace <= 8.0.1 - Missing authorization to Authenticated (Subscriber+) Settings Update LOW *-8.0.1 July 5, 2026
wpbookit wpbookit N/A WPBookit <= 1.6.0 - Unauthenticated SQL Injection LOW *-1.6.0 July 5, 2026
wp-quick-shop wp-quick-shop N/A WP Quick Shop <= 1.3.1 - Reflected Cross-Site Scripting LOW *-1.3.1 1.3.2 July 5, 2026
wp-nssuser-register wp-nssuser-register N/A Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation LOW *-1.0.0 July 5, 2026
wp-nerd-toolkit wp-nerd-toolkit N/A WP-NERD Toolkit <= 1.1 - Unauthenticated Information Exposure LOW *-1.1 July 5, 2026
wp-megamenu wp-megamenu N/A WP Mega Menu <= 1.4.2 - Authenticated (Administrator+) PHP Object Injection LOW *-1.4.2 July 5, 2026
wp-mailster wp-mailster N/A WP Mailster <= 1.8.17.0 - Cross-Site Request Forgery LOW *-1.8.17.0 1.8.18.0 July 5, 2026
wp-geonames wp-geonames N/A WP GeoNames <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9.0.1 1.9.1 July 5, 2026
wp-enable-svg wp-enable-svg N/A WP Enabled SVG <= 0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG LOW *-0.7 July 5, 2026
wp-currency-exchange-rates wp-currency-exchange-rates N/A WP Currency Exchange Rates <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.0 1.3.0 July 5, 2026
wp-courses wp-courses N/A WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update LOW *-3.2.21 3.2.22 July 5, 2026
wp-cookies-enabler wp-cookies-enabler N/A WP Cookies Enabler <= 1.0.1 - Unauthenticated Local File Inclusion LOW *-1.0.1 July 5, 2026
woolook woolook N/A Woolook <= 1.7.0 - Unauthenticated Local File Inclusion LOW *-1.7.0 July 5, 2026
woocommerce-pdf-vouchers woocommerce-pdf-vouchers N/A WooCommerce PDF Vouchers < 4.9.9 - Authentication Bypass LOW [*, 4.9.9) 4.9.9 July 5, 2026
woo-product-carousel-slider-and-grid-ultimate woo-product-carousel-slider-and-grid-ultimate N/A Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme' LOW *-1.9.10 1.10.0 July 5, 2026
Web Stories web-stories
85
Web Stories <= 1.37.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.37.0 1.38.0 July 5, 2026
vimeography vimeography N/A Vimeography <= 2.4.4 - Sensitive Information Exposure LOW *-2.4.4 2.4.5 July 5, 2026
vbsso-lite vbsso-lite N/A vBSSO-lite <= 1.4.3 - Missing Authorization to Privilege Escalation LOW *-1.4.3 July 5, 2026
vayu-blocks vayu-blocks N/A Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation LOW *-1.1.1 1.2.0 July 5, 2026
v-form v-form N/A VForm <= 3.0.0 - Reflected Cross-Site Scripting LOW *-3.0.0 3.0.1 July 5, 2026
unlimited-elements-for-elementor unlimited-elements-for-elementor N/A Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.126 1.5.127 July 5, 2026
universam-demo universam-demo N/A UNIVERSAM < 8.59 - Reflected Cross-Site Scripting LOW [*, 8.59) 8.59 July 5, 2026
staggs staggs N/A Staggs Product Configurator for WooCommerce <= 2.0.0 - Reflected Cross-Site Scripting LOW *-2.0.0 2.1.0 July 5, 2026
sogrid sogrid N/A Sogrid <= 1.5.2 - Cross-Site Request Forgery to Arbitrary Options Update LOW *-1.5.2 1.5.5 July 5, 2026
sogrid sogrid N/A Sogrid <= 1.5.6 - Unauthenticated Local File Inclusion LOW *-1.5.6 1.5.7 July 5, 2026
social-media-shortcodes social-media-shortcodes N/A Social Media Shortcodes <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.0 1.3.1 July 5, 2026
smsify smsify N/A SMSify <= 6.0.4 - Reflected Cross-Site Scripting LOW *-6.0.4 6.1.0 July 5, 2026
smart-agenda-prise-de-rendez-vous-en-ligne smart-agenda-prise-de-rendez-vous-en-ligne N/A Smart Agenda – Prise de rendez-vous en ligne <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.6 4.7 July 5, 2026
smaily-for-wp smaily-for-wp N/A Smaily for WP <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.1.5 3.1.6 July 5, 2026
simple-presenter simple-presenter N/A Simple Presenter <= 1.5.1 - Reflected Cross-Site Scripting LOW *-1.5.1 1.5.2 July 5, 2026
simple-payment simple-payment N/A Simple Payment <= 2.3.7 - Reflected Cross-Site Scripting LOW *-2.3.7 2.3.8 July 5, 2026
shortcode-variables shortcode-variables N/A Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion LOW *-4.1.6 4.1.7 July 5, 2026
seraphinite-discount-for-woocommerce seraphinite-discount-for-woocommerce N/A Seraphinite Bulk Discounts for WooCommerce <= 2.4.6 - Reflected Cross-Site Scripting LOW *-2.4.6 2.4.7 July 5, 2026
seo-help seo-help N/A AI Content Writer, RSS Feed to Post, Autoblogging SEO Help <= 6.1.3 - Reflected Cross-Site Scripting LOW *-6.1.3 6.1.4 July 5, 2026
seedprod-coming-soon-pro-5 seedprod-coming-soon-pro-5 N/A SeedProd Pro <= 6.18.13 - Authenticated (Editor+) Remote Code Execution LOW *-6.18.13 6.18.14 July 5, 2026
seedprod-coming-soon-pro-5 seedprod-coming-soon-pro-5 N/A SeedProd Pro <= 6.18.12 - Authenticated (Administrator+) SQL Injection LOW *-6.18.12 6.18.13 July 5, 2026
seedprod-coming-soon-pro-5 seedprod-coming-soon-pro-5 N/A SeedProd Pro <= 6.18.12 - Authenticated (Editor+) SQL Injection LOW *-6.18.12 6.18.13 July 5, 2026
role-includer role-includer N/A Role Includer <= 1.6 - Reflected Cross-Site Scripting via user_id Parameter LOW *-1.6 July 5, 2026
revi-io-customer-and-product-reviews revi-io-customer-and-product-reviews N/A Revi.io <= 5.7.3 - Reflected Cross-Site Scripting LOW *-5.7.3 5.8.0 July 5, 2026
restaurant-cafe-addon-for-elementor restaurant-cafe-addon-for-elementor N/A Restaurant & Cafe Addon for Elementor <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.8 1.5.9 July 5, 2026
radius-blocks radius-blocks N/A Radius Blocks – WordPress Gutenberg Blocks <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.2 2.2.0 July 5, 2026
quran-phrases-about-most-people-shortcodes quran-phrases-about-most-people-shortcodes N/A Quran Phrases About Most People Shortcodes <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4 1.5 July 5, 2026
quietly-insights quietly-insights N/A Quietly Insights <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-1.2.2 July 5, 2026
projectopia-core projectopia-core N/A Projectopia <= 5.1.7 - Missing Authorization to Privilege Escalation via pto_reset_password() LOW *-5.1.7 5.1.8 July 5, 2026
primary-addon-for-elementor primary-addon-for-elementor N/A Primary Addon for Elementor <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.0 1.6.2 July 5, 2026
postbox-email-logs postbox-email-logs N/A PostBox <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Log Export LOW *-1.0.4 1.0.5 July 5, 2026
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder popup-maker
79
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder <= 1.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.20.2 1.20.3 July 5, 2026
poll-builder poll-builder
91
Poll Builder <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.5 July 5, 2026
planaday-api planaday-api
93
Planaday API <= 11.4 - Reflected Cross-Site Scripting LOW *-11.4 11.5 July 5, 2026
persian-woocommerce-sms persian-woocommerce-sms
91
Persian Woocommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting LOW *-7.0.5 7.0.6 July 5, 2026
perfect-font-awesome-integration perfect-font-awesome-integration
93
Perfect Font Awesome Integration <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.3 2.3.1 July 5, 2026
orbisius-child-theme-creator orbisius-child-theme-creator
93
Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete LOW *-1.5.5 1.5.6 July 5, 2026
onlyoffice-docspace onlyoffice-docspace
93
ONLYOFFICE DocSpace <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1.1 2.1.2 July 5, 2026
LOW

display-future-posts

display-future-posts

Score: 91/100 Display Future Posts <= 0.2.3 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-0.2.3 Patched: Updated: July 5, 2026
LOW

crudlab-google-plus

crudlab-google-plus

Score: 91/100 CRUDLab Google Plus Button <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

comments-on-feed

comments-on-feed

Score: 91/100 Comments On Feed <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 5, 2026
LOW

ck-and-syntaxhighlighter

ck-and-syntaxhighlighter

Score: 91/100 CK and SyntaxHighlighter <= 3.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.4.2 Patched: Updated: July 5, 2026
LOW

bet-sport-free

bet-sport-free

Score: 91/100 Bet sport Free <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

beaver-builder-lite-version

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.8.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.4.4 Patched: 2.8.5.3 Updated: July 5, 2026
LOW

banner-system

banner-system

Score: 87/100 Banner System <= 1.0.0 - Missing Authorization Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

arabic-webfonts

arabic-webfonts

Score: 95/100 Arabic Webfonts <= 1.4.6 - Missing Authorization Affected: *-1.4.6 Patched: Updated: July 5, 2026
LOW

appmaps

appmaps

Score: 95/100 AppMaps <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

aphorismus

aphorismus

Score: 95/100 Aphorismus <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 5, 2026
LOW

ahathat

ahathat

Score: 92/100 AHAthat <= 1.6 - Reflected Cross-Site Scripting Affected: *-1.6 Patched: Updated: July 5, 2026
LOW

advanced-fancybox

advanced-fancybox

Score: 95/100 Advanced Fancybox <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

add-image-to-post

add-image-to-post

Score: 95/100 Add image to Post <= 0.6 - Cross-Site Request Forgery Affected: *-0.6 Patched: Updated: July 5, 2026
LOW

3d-avatar-user-profile

3d-avatar-user-profile

Score: 95/100 3D Avatar User Profile <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

print-science-designer

print-science-designer

Score: N/A Print Science Designer <= 1.3.152 - Unauthenticated PHP Object Injection Affected: *-1.3.152 Patched: 1.3.153 Updated: July 5, 2026
LOW

cognito-forms

cognito-forms

Score: 93/100 Cognito Forms <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-2.0.7 Patched: 2.0.8 Updated: July 5, 2026
LOW

grid-plus

grid-plus

Score: 89/100 Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category Affected: *-1.3.5 Patched: Updated: July 5, 2026
LOW

halfdata-optin-downloads

halfdata-optin-downloads

Score: 91/100 Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-4.07 Patched: Updated: July 5, 2026
LOW

library-management-system

library-management-system

Score: 93/100 Library Management System <= 3.2.0 - Authenticated (Subscriber+) SQL Injection Affected: *-3.2.0 Patched: 3.2.1 Updated: July 5, 2026
LOW

country-blocker

country-blocker

Score: 89/100 Country Blocker <= 3.2 - Reflected Cross-Site Scripting Affected: *-3.2 Patched: Updated: July 5, 2026
LOW

arena-liveblog-and-chat-tool

arena-liveblog-and-chat-tool

Score: 95/100 Arena.IM – Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings Update Affected: *-0.4.1 Patched: Updated: July 5, 2026
LOW

arena-liveblog-and-chat-tool

arena-liveblog-and-chat-tool

Score: 95/100 Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode Affected: *-0.4.1 Patched: Updated: July 5, 2026
LOW

arena-liveblog-and-chat-tool

arena-liveblog-and-chat-tool

Score: 95/100 Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.3.0 Patched: 0.4.0 Updated: July 5, 2026
LOW

ai-post-generator

ai-post-generator

Score: 95/100 AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion Affected: *-3.5 Patched: Updated: July 5, 2026
LOW

kvcore-idx

kvcore-idx

Score: 91/100 kvCORE IDX <= 2.3.35 - Reflected Cross-Site Scripting Affected: *-2.3.35 Patched: Updated: July 5, 2026
LOW

yoo-bar

yoo-bar

Score: N/A Top and footer bars for announcements, notifications, advertisements, promotions – YooBar <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.6 Patched: 2.0.7 Updated: July 5, 2026
LOW

debranding

debranding

Score: 89/100 de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

hostfact-bestelformulier-integratie

hostfact-bestelformulier-integratie

Score: 93/100 HostFact bestelformulier integratie <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: 1.2 Updated: July 5, 2026
LOW

newsletter-subscriptions

newsletter-subscriptions

Score: 91/100 Newsletter Subscriptions <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 5, 2026
LOW

attire-blocks

attire-blocks

Score: 93/100 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.5 Patched: 1.9.6 Updated: July 5, 2026
LOW

custom-skins-contact-form-7

custom-skins-contact-form-7

Score: 91/100 Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation Affected: *-1.0 Patched: Updated: July 5, 2026
LOW

sql-chart-builder

sql-chart-builder

Score: N/A SQL Chart Builder <= 2.3.6 - Authenticated (Contributor+) SQL Injection Affected: *-2.3.6 Patched: 2.3.7 Updated: July 5, 2026
LOW

sign-in-with-google

sign-in-with-google

Score: N/A Sign In With Google <= 1.8.0 - Authentication Bypass in authenticate_user Affected: *-1.8.0 Patched: Updated: July 5, 2026
LOW

horizontal-scroll-image-slideshow

horizontal-scroll-image-slideshow

Score: 91/100 Horizontal scroll image slideshow <= 10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-10.1 Patched: Updated: July 5, 2026
LOW

custom-wp-rest-api

custom-wp-rest-api

Score: 91/100 Ultimate Endpoints With Rest Api <= 2.2.2 - Reflected Cross-Site Scripting Affected: *-2.2.2 Patched: Updated: July 5, 2026
LOW

dejureorg-vernetzungsfunktion

dejureorg-vernetzungsfunktion

Score: 93/100 dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.97.5 Patched: 1.98.0 Updated: July 5, 2026
LOW

website-toolbox-forums

website-toolbox-forums

Score: N/A Website Toolbox Community <= 2.0.1 - Reflected Cross-Site Scripting via websitetoolbox_username Affected: *-2.0.1 Patched: 2.0.2 Updated: July 5, 2026
LOW

surbma-salesautopilot-shortcode

surbma-salesautopilot-shortcode

Score: N/A Surbma | SalesAutopilot Shortcode <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5 Patched: Updated: July 5, 2026
LOW

hq-rental-software

hq-rental-software

Score: 91/100 HQ Rental Software <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update Affected: *-1.5.29 Patched: Updated: July 5, 2026
LOW

wp-service-payment-form-with-authorizenet

wp-service-payment-form-with-authorizenet

Score: N/A WP Service Payment Form With Authorize.net <= 2.6.3 - Reflected Cross-Site Scripting Affected: *-2.6.3 Patched: Updated: July 5, 2026
LOW

miniorange-login-with-eve-online-google-facebook

miniorange-login-with-eve-online-google-facebook

Score: 93/100 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass Affected: *-6.26.3 Patched: 6.26.4 Updated: July 5, 2026
LOW

schema-app-structured-data-for-schemaorg

schema-app-structured-data-for-schemaorg

Score: N/A Schema App Structured Data <= 2.2.4 - Reflected Cross-Site Scripting Affected: *-2.2.4 Patched: 2.2.5 Updated: July 5, 2026
LOW

catch-popup

catch-popup

Score: 91/100 Catch Popup <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.4 Patched: Updated: July 5, 2026
LOW

wp-revive-adserver

wp-revive-adserver

Score: N/A WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: July 5, 2026
LOW

password-for-wp

password-for-wp

Score: 93/100 Password for WP <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.5 Patched: 1.6 Updated: July 5, 2026
LOW

embed-power-bi-reports

embed-power-bi-reports

Score: 93/100 PowerBI Embed Reports <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.7 Patched: 1.1.8 Updated: July 5, 2026
LOW

wpcargo

wpcargo

Score: N/A WPCargo Track & Trace <= 8.0.1 - Missing authorization to Authenticated (Subscriber+) Settings Update Affected: *-8.0.1 Patched: Updated: July 5, 2026
LOW

wpbookit

wpbookit

Score: N/A WPBookit <= 1.6.0 - Unauthenticated SQL Injection Affected: *-1.6.0 Patched: Updated: July 5, 2026
LOW

wp-quick-shop

wp-quick-shop

Score: N/A WP Quick Shop <= 1.3.1 - Reflected Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.2 Updated: July 5, 2026
LOW

wp-nssuser-register

wp-nssuser-register

Score: N/A Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

wp-nerd-toolkit

wp-nerd-toolkit

Score: N/A WP-NERD Toolkit <= 1.1 - Unauthenticated Information Exposure Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

wp-megamenu

wp-megamenu

Score: N/A WP Mega Menu <= 1.4.2 - Authenticated (Administrator+) PHP Object Injection Affected: *-1.4.2 Patched: Updated: July 5, 2026
LOW

wp-mailster

wp-mailster

Score: N/A WP Mailster <= 1.8.17.0 - Cross-Site Request Forgery Affected: *-1.8.17.0 Patched: 1.8.18.0 Updated: July 5, 2026
LOW

wp-geonames

wp-geonames

Score: N/A WP GeoNames <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9.0.1 Patched: 1.9.1 Updated: July 5, 2026
LOW

wp-enable-svg

wp-enable-svg

Score: N/A WP Enabled SVG <= 0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Affected: *-0.7 Patched: Updated: July 5, 2026
LOW

wp-currency-exchange-rates

wp-currency-exchange-rates

Score: N/A WP Currency Exchange Rates <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.3.0 Updated: July 5, 2026
LOW

wp-courses

wp-courses

Score: N/A WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update Affected: *-3.2.21 Patched: 3.2.22 Updated: July 5, 2026
LOW

wp-cookies-enabler

wp-cookies-enabler

Score: N/A WP Cookies Enabler <= 1.0.1 - Unauthenticated Local File Inclusion Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

woolook

woolook

Score: N/A Woolook <= 1.7.0 - Unauthenticated Local File Inclusion Affected: *-1.7.0 Patched: Updated: July 5, 2026
LOW

woocommerce-pdf-vouchers

woocommerce-pdf-vouchers

Score: N/A WooCommerce PDF Vouchers < 4.9.9 - Authentication Bypass Affected: [*, 4.9.9) Patched: 4.9.9 Updated: July 5, 2026
LOW

woo-product-carousel-slider-and-grid-ultimate

woo-product-carousel-slider-and-grid-ultimate

Score: N/A Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme' Affected: *-1.9.10 Patched: 1.10.0 Updated: July 5, 2026
LOW

Web Stories

web-stories

Score: 85/100 Web Stories <= 1.37.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.37.0 Patched: 1.38.0 Updated: July 5, 2026
LOW

vimeography

vimeography

Score: N/A Vimeography <= 2.4.4 - Sensitive Information Exposure Affected: *-2.4.4 Patched: 2.4.5 Updated: July 5, 2026
LOW

vbsso-lite

vbsso-lite

Score: N/A vBSSO-lite <= 1.4.3 - Missing Authorization to Privilege Escalation Affected: *-1.4.3 Patched: Updated: July 5, 2026
LOW

vayu-blocks

vayu-blocks

Score: N/A Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation Affected: *-1.1.1 Patched: 1.2.0 Updated: July 5, 2026
LOW

v-form

v-form

Score: N/A VForm <= 3.0.0 - Reflected Cross-Site Scripting Affected: *-3.0.0 Patched: 3.0.1 Updated: July 5, 2026
LOW

unlimited-elements-for-elementor

unlimited-elements-for-elementor

Score: N/A Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.126 Patched: 1.5.127 Updated: July 5, 2026
LOW

universam-demo

universam-demo

Score: N/A UNIVERSAM < 8.59 - Reflected Cross-Site Scripting Affected: [*, 8.59) Patched: 8.59 Updated: July 5, 2026
LOW

staggs

staggs

Score: N/A Staggs Product Configurator for WooCommerce <= 2.0.0 - Reflected Cross-Site Scripting Affected: *-2.0.0 Patched: 2.1.0 Updated: July 5, 2026
LOW

sogrid

sogrid

Score: N/A Sogrid <= 1.5.2 - Cross-Site Request Forgery to Arbitrary Options Update Affected: *-1.5.2 Patched: 1.5.5 Updated: July 5, 2026
LOW

sogrid

sogrid

Score: N/A Sogrid <= 1.5.6 - Unauthenticated Local File Inclusion Affected: *-1.5.6 Patched: 1.5.7 Updated: July 5, 2026
LOW

social-media-shortcodes

social-media-shortcodes

Score: N/A Social Media Shortcodes <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: July 5, 2026
LOW

smsify

smsify

Score: N/A SMSify <= 6.0.4 - Reflected Cross-Site Scripting Affected: *-6.0.4 Patched: 6.1.0 Updated: July 5, 2026
LOW

smart-agenda-prise-de-rendez-vous-en-ligne

smart-agenda-prise-de-rendez-vous-en-ligne

Score: N/A Smart Agenda – Prise de rendez-vous en ligne <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.6 Patched: 4.7 Updated: July 5, 2026
LOW

smaily-for-wp

smaily-for-wp

Score: N/A Smaily for WP <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.5 Patched: 3.1.6 Updated: July 5, 2026
LOW

simple-presenter

simple-presenter

Score: N/A Simple Presenter <= 1.5.1 - Reflected Cross-Site Scripting Affected: *-1.5.1 Patched: 1.5.2 Updated: July 5, 2026
LOW

simple-payment

simple-payment

Score: N/A Simple Payment <= 2.3.7 - Reflected Cross-Site Scripting Affected: *-2.3.7 Patched: 2.3.8 Updated: July 5, 2026
LOW

shortcode-variables

shortcode-variables

Score: N/A Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion Affected: *-4.1.6 Patched: 4.1.7 Updated: July 5, 2026
LOW

seraphinite-discount-for-woocommerce

seraphinite-discount-for-woocommerce

Score: N/A Seraphinite Bulk Discounts for WooCommerce <= 2.4.6 - Reflected Cross-Site Scripting Affected: *-2.4.6 Patched: 2.4.7 Updated: July 5, 2026
LOW

seo-help

seo-help

Score: N/A AI Content Writer, RSS Feed to Post, Autoblogging SEO Help <= 6.1.3 - Reflected Cross-Site Scripting Affected: *-6.1.3 Patched: 6.1.4 Updated: July 5, 2026
LOW

seedprod-coming-soon-pro-5

seedprod-coming-soon-pro-5

Score: N/A SeedProd Pro <= 6.18.13 - Authenticated (Editor+) Remote Code Execution Affected: *-6.18.13 Patched: 6.18.14 Updated: July 5, 2026
LOW

seedprod-coming-soon-pro-5

seedprod-coming-soon-pro-5

Score: N/A SeedProd Pro <= 6.18.12 - Authenticated (Administrator+) SQL Injection Affected: *-6.18.12 Patched: 6.18.13 Updated: July 5, 2026
LOW

seedprod-coming-soon-pro-5

seedprod-coming-soon-pro-5

Score: N/A SeedProd Pro <= 6.18.12 - Authenticated (Editor+) SQL Injection Affected: *-6.18.12 Patched: 6.18.13 Updated: July 5, 2026
LOW

role-includer

role-includer

Score: N/A Role Includer <= 1.6 - Reflected Cross-Site Scripting via user_id Parameter Affected: *-1.6 Patched: Updated: July 5, 2026
LOW

revi-io-customer-and-product-reviews

revi-io-customer-and-product-reviews

Score: N/A Revi.io <= 5.7.3 - Reflected Cross-Site Scripting Affected: *-5.7.3 Patched: 5.8.0 Updated: July 5, 2026
LOW

restaurant-cafe-addon-for-elementor

restaurant-cafe-addon-for-elementor

Score: N/A Restaurant & Cafe Addon for Elementor <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.8 Patched: 1.5.9 Updated: July 5, 2026
LOW

radius-blocks

radius-blocks

Score: N/A Radius Blocks – WordPress Gutenberg Blocks <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.2 Patched: 2.2.0 Updated: July 5, 2026
LOW

quran-phrases-about-most-people-shortcodes

quran-phrases-about-most-people-shortcodes

Score: N/A Quran Phrases About Most People Shortcodes <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: July 5, 2026
LOW

quietly-insights

quietly-insights

Score: N/A Quietly Insights <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.2.2 Patched: Updated: July 5, 2026
LOW

projectopia-core

projectopia-core

Score: N/A Projectopia <= 5.1.7 - Missing Authorization to Privilege Escalation via pto_reset_password() Affected: *-5.1.7 Patched: 5.1.8 Updated: July 5, 2026
LOW

primary-addon-for-elementor

primary-addon-for-elementor

Score: N/A Primary Addon for Elementor <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.0 Patched: 1.6.2 Updated: July 5, 2026
LOW

postbox-email-logs

postbox-email-logs

Score: N/A PostBox <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Log Export Affected: *-1.0.4 Patched: 1.0.5 Updated: July 5, 2026
LOW

poll-builder

poll-builder

Score: 91/100 Poll Builder <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.5 Patched: Updated: July 5, 2026
LOW

planaday-api

planaday-api

Score: 93/100 Planaday API <= 11.4 - Reflected Cross-Site Scripting Affected: *-11.4 Patched: 11.5 Updated: July 5, 2026
LOW

persian-woocommerce-sms

persian-woocommerce-sms

Score: 91/100 Persian Woocommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting Affected: *-7.0.5 Patched: 7.0.6 Updated: July 5, 2026
LOW

perfect-font-awesome-integration

perfect-font-awesome-integration

Score: 93/100 Perfect Font Awesome Integration <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3 Patched: 2.3.1 Updated: July 5, 2026
LOW

orbisius-child-theme-creator

orbisius-child-theme-creator

Score: 93/100 Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete Affected: *-1.5.5 Patched: 1.5.6 Updated: July 5, 2026
LOW

onlyoffice-docspace

onlyoffice-docspace

Score: 93/100 ONLYOFFICE DocSpace <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1.1 Patched: 2.1.2 Updated: July 5, 2026

Showing 14501 to 14600 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 15:57 UTC.