Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

98

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
octrace-support octrace-support
89
WordPress HelpDesk & Support Ticket System Plugin – Octrace Support <= 1.2.7 - Reflected Cross-Site Scripting LOW *-1.2.7 July 5, 2026
notificationx notificationx
93
NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.9.3 2.9.4 July 5, 2026
notibar notibar
93
Notibar <= 2.1.4 - Missing Authorization via ajax_install_plugin LOW *-2.1.4 2.1.5 July 5, 2026
nicejob nicejob
93
NiceJob <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.6.5 3.7.2 July 5, 2026
nias-course nias-course
91
Nias course <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.6 July 5, 2026
news-ticker-for-elementor news-ticker-for-elementor
91
News Ticker for Elementor <= 2.1.3 - Missing Authorization LOW *-2.1.3 July 5, 2026
new-user-approve new-user-approve
93
New User Approve <= 2.6.2 - Missing Authorization LOW *-2.6.2 2.6.4 July 5, 2026
minterpress minterpress
89
Minterpress <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-1.0.5 July 5, 2026
meeting-scheduler-by-vcita meeting-scheduler-by-vcita
93
Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5 - Cross-Site Request Forgery LOW *-4.5 4.5.2 July 5, 2026
media-downloader media-downloader
93
Media Downloader <= 0.4.7.4 - Reflected Cross-Site Scripting LOW *-0.4.7.4 0.4.7.5 July 5, 2026
mark-new-posts mark-new-posts
93
Mark New Posts <= 7.5.1 - Missing Authorization via save_options LOW *-7.5.1 7.6 July 5, 2026
mail-picker mail-picker
93
Mail Picker <= 1.0.14 - Unauthenticated PHP Object Injection LOW *-1.0.14 1.0.15 July 5, 2026
listapp-mobile-manager listapp-mobile-manager
91
ListApp Mobile Manager <= 1.7.7 - Missing Authorization to Privilege Escalation LOW *-1.7.7 July 5, 2026
library-bookshelves library-bookshelves
91
Library Bookshelves <= 5.8 - Reflected Cross-Site Scripting LOW *-5.8 5.9 July 5, 2026
ldd-directory-lite ldd-directory-lite
91
LDD Directory Lite <= 3.3 - Reflected Cross-Site Scripting LOW *-3.3 July 5, 2026
label-grid-tools label-grid-tools
93
LabelGrid Tools <= 1.3.58 - Reflected Cross-Site Scripting LOW *-1.3.58 1.3.59 July 5, 2026
kundgenerator kundgenerator
93
Kundgenerator <= 1.0.6 - Reflected Cross-Site Scripting LOW *-1.0.6 1.0.7 July 5, 2026
kh-easy-user-settings kh-easy-user-settings
91
KH Easy User Settings <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation LOW *-1.0.0 July 5, 2026
jt-express jt-express
93
J&T Express Malaysia <= 2.0.13 - Reflected Cross-Site Scripting via [placeholder] LOW *-2.0.13 2.0.15 July 5, 2026
invoice-payment-for-woocommerce invoice-payment-for-woocommerce
93
Invoice Payment for WooCommerce <= 1.7.2 - Reflected Cross-Site Scripting LOW *-1.7.2 2.0.0 July 5, 2026
integrate-firebase integrate-firebase
93
Integrate Firebase <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.9.3 0.10.0 July 5, 2026
insertify insertify
91
Insertify <= 1.1.4 - Cross-Site Request Forgery to Remote Code Execution LOW *-1.1.4 July 5, 2026
immotoolbox-connect immotoolbox-connect
93
ImmoToolBox Connect <= 1.3.3 - Reflected Cross-Site Scripting LOW *-1.3.3 1.4.0 July 5, 2026
icdsoft-reseller-store icdsoft-reseller-store
93
ICDSoft Reseller Store <= 2.4.5 - Reflected Cross-Site Scripting LOW *-2.4.5 2.5.0 July 5, 2026
i-plant-a-tree i-plant-a-tree
91
I Plant A Tree <= 1.7.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7.3 1.7.4 July 5, 2026
hurrakify hurrakify
93
Hurrakify <= 2.4 - Unauthenticated Server-Side Request Forgery LOW *-2.4 8.0.1 July 5, 2026
Hive Support | AI-Powered Help Desk, Live Chat and Chatbot hive-support
68
Hive Support – WordPress Help Desk <= 1.1.2 - Cross-Site Request Forgery LOW *-1.1.2 1.1.3 July 5, 2026
Hive Support | AI-Powered Help Desk, Live Chat and Chatbot hive-support
68
Hive Support – WordPress Help Desk <= 1.1.2 - Authenticated (Subscriber+) SQL Injection LOW *-1.1.2 1.1.3 July 5, 2026
hello-event-widgets-for-elementor hello-event-widgets-for-elementor
93
Hello Event Widgets For Elementor <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 1.1.0 July 5, 2026
hash-form hash-form
93
Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation LOW *-1.2.1 1.2.2 July 5, 2026
hack-info hack-info
93
Hack-Info <= 3.17 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.17 3.18 July 5, 2026
gutensee gutensee
93
Gutensee <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6 1.0.7 July 5, 2026
gs-portfolio gs-portfolio
93
WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.6.3 1.6.4 July 5, 2026
gs-books-showcase gs-books-showcase
93
WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.1 1.3.2 July 5, 2026
greenshift-animation-and-page-builder-blocks greenshift-animation-and-page-builder-blocks
93
Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure LOW *-9.9.9.3 9.9.9.4 July 5, 2026
gou-wc-account-tabs gou-wc-account-tabs
93
Gou Manage My Account Menu <= 1.0.1.8 - Missing Authorization LOW *-1.0.1.8 1.0.1.9 July 5, 2026
git-sync git-sync
91
GitSync <= 1.1.0 - Cross-Site Request Forgery to Remote Code Execution LOW *-1.1.0 July 5, 2026
geoflickr geoflickr
93
GeoFlickr <= 1.3 - Reflected Cross-Site Scripting LOW *-1.3 1.4 July 5, 2026
geo-my-wp geo-my-wp
93
GEO my WordPress <= 4.5.0.4 - Missing Authorization via get_field_options_ajax LOW *-4.5.0.4 4.5.1 July 5, 2026
gdpr-cookie-consent gdpr-cookie-consent
93
Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Whitelist Script LOW *-3.6.5 3.6.6 July 5, 2026
gallery-for-ultimate-member gallery-for-ultimate-member
91
Video & Photo Gallery for Ultimate Member <= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.1.0 1.1.1 July 5, 2026
gallery-for-ultimate-member gallery-for-ultimate-member
91
Video & Photo Gallery for Ultimate Member <= 1.1.1 - Reflected Cross-Site Scripting LOW *-1.1.1 1.1.2 July 5, 2026
full-customer full-customer
93
FULL Customer <= 3.1.25 - Authenticated (Contributor+) Local File Inclusion LOW *-3.1.25 3.1.26 July 5, 2026
forumwp forumwp
93
ForumWP <= 2.1.0 - Unauthenticated PHP Object Injection LOW *-2.1.0 2.1.1 July 5, 2026
formfacade formfacade
91
FormFacade <= 1.3.6 - Reflected Cross-Site Scripting LOW *-1.3.6 1.3.7 July 5, 2026
feedpress-generator feedpress-generator
89
Feedpress Generator <= 1.2.1 - Reflected Cross-Site Scripting LOW *-1.2.1 July 5, 2026
faq-and-answers faq-and-answers
93
FAQ And Answers – Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 1.1.2 July 5, 2026
fancy-roller-scroller fancy-roller-scroller
93
Fancy Roller Scroller <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.0 1.4.1 July 5, 2026
falcon falcon
93
Falcon – WordPress Optimizations & Tweaks <= 2.8.3 - Missing Authorization LOW *-2.8.3 2.8.4 July 5, 2026
events-addon-for-elementor events-addon-for-elementor
93
Events Addon for Elementor <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.2 2.2.3 July 5, 2026
essential-real-estate essential-real-estate
87
Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure LOW *-5.1.6 5.1.7 July 5, 2026
elementinvader-addons-for-elementor elementinvader-addons-for-elementor
93
ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read LOW *-1.3.1 1.3.2 July 5, 2026
eduadmin-booking eduadmin-booking
93
EduAdmin Booking <= 5.2.0 - Authenticated (Contributor+) Local File Inclusion LOW *-5.2.0 5.3.0 July 5, 2026
eazydocs eazydocs
93
EazyDocs <= 2.8.0 - Authenticated (Contributor+) Local File Inclusion LOW *-2.8.0 2.8.1 July 5, 2026
devrix-dark-site devrix-dark-site
93
DX Dark Site <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.1 1.1.1 July 5, 2026
depay-payments-for-woocommerce depay-payments-for-woocommerce
93
Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure LOW *-2.12.17 2.12.18 July 5, 2026
currency-converter-widget-pro currency-converter-widget-pro
93
Currency Converter Widget ⚡ PRO <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.6 1.0.7 July 5, 2026
csv-to-html csv-to-html
93
CSV to html <= 3.08 - Reflected Cross-Site Scripting LOW *-3.08 3.15 July 5, 2026
cryptocurrency-price-widget cryptocurrency-price-widget
93
Cryptocurrency Price Widget <= 1.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.2.3 1.2.4 July 5, 2026
coschool coschool
87
CoSchool LMS <= 1.4- Missing Authorization to Privilege Escalation LOW *-1.4 July 5, 2026
connect-contact-form-7-to-constant-contact-v3 connect-contact-form-7-to-constant-contact-v3
93
Connect Contact Form 7 to Constant Contact <= 1.4 - Reflected Cross-Site Scripting LOW *-1.4 1.5 July 5, 2026
clevernode-related-content clevernode-related-content
93
CleverNode Related Content <= 1.1.5 - Reflected Cross-Site Scripting LOW *-1.1.5 1.1.6 July 5, 2026
check-pincode-for-woocommerce check-pincode-for-woocommerce
93
Check Pincode For Woocommerce <= 1.1 - Reflected Cross-Site Scripting LOW *-1.1 1.2 July 5, 2026
ce21-suite ce21-suite
86
CE21 Suite <= 2.2.0 - Unauthenticated Privilege Escalation LOW *-2.2.0 2.2.1 July 5, 2026
cardealerpress cardealerpress
93
CarDealerPress <= 6.6.2410.02 - Reflected Cross-Site Scripting LOW *-6.6.2410.02 6.7.2411.00 July 5, 2026
cardealer cardealer
93
Car Dealer <= 4.46 - Missing Authorization LOW *-4.46 4.48 July 5, 2026
bp-email-assign-templates bp-email-assign-templates
93
BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting LOW *-1.5 1.6 July 5, 2026
bold-page-builder bold-page-builder
86
Bold Page Builder <= 5.1.5 - Authenticated (Editor+) Path Traversal LOW *-5.1.5 5.1.6 July 5, 2026
bakkbone-florist-companion bakkbone-florist-companion
93
FloristPress <= 7.2.0 - Reflected Cross-Site Scripting LOW *-7.2.0 7.3.0 July 5, 2026
axeptio-sdk-integration axeptio-sdk-integration
93
Axeptio <= 2.5.4 - Unauthenticated Local File Inclusion LOW *-2.5.4 2.5.5 July 5, 2026
awesome-support awesome-support
93
Awesome Support <= 6.3.1 - Missing Authorization LOW *-6.3.1 6.3.2 July 5, 2026
autowp-ai-content-writer-rewriter autowp-ai-content-writer-rewriter
91
AutoWP <= 2.0.8 - Cross-Site Request Forgery LOW *-2.0.8 2.0.9 July 5, 2026
authentication-via-otp-using-firebase authentication-via-otp-using-firebase
91
Firebase OTP Authentication <= 1.0.1 - Missing Authorization to Privilege Escalation LOW *-1.0.1 July 5, 2026
appsplate appsplate
95
Appsplate <= 2.1.3 - Unauthenticated SQL Injection LOW *-2.1.3 July 5, 2026
analytics-cat analytics-cat
97
Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting LOW *-1.1.2 1.1.3 July 5, 2026
amazon-product-price amazon-product-price
95
Amazon Product Price <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting LOW *-1.1 July 5, 2026
aicomments aicomments
97
AIcomments <= 1.4.1 - Cross-Site Request Forgery LOW *-1.4.1 1.4.2 July 5, 2026
ai-site-builder ai-site-builder
95
Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation LOW *-1.0.2 July 5, 2026
ai-seo-translator ai-seo-translator
97
AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot <= 1.6.2 - Cross-Site Request Forgery via update_integration_option LOW *-1.6.2 1.6.3 July 5, 2026
advanced-blog-post-block advanced-blog-post-block
95
Advanced Blog Post Block <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.4 July 5, 2026
advance-menu-manager advance-menu-manager
95
Advance Menu Manager <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Change LOW *-3.1.1 3.1.2 July 5, 2026
add-infos-to-the-events-calendar add-infos-to-the-events-calendar
97
Add infos to the events calendar <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.1 1.5.0 July 5, 2026
accept-stripe-payments-using-contact-form-7 accept-stripe-payments-using-contact-form-7
97
Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure LOW *-2.5 2.6 July 5, 2026
360deg-javascript-viewer 360deg-javascript-viewer
97
360 Javascript Viewer <= 1.7.29 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.7.29 1.7.30 July 5, 2026
woo-order-notes woo-order-notes N/A WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting LOW *-1.5.2 1.5.3 July 5, 2026
wp-pipes wp-pipes N/A WP Pipes <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter LOW *-1.4.1 1.4.2 July 5, 2026
wp-log-action wp-log-action N/A WP Log Action <= 0.51 - Reflected Cross-Site Scripting LOW *-0.51 0.52 July 5, 2026
waymark waymark N/A Waymark <= 1.4.1 - Reflected Cross-Site Scripting via 'content' LOW *-1.4.1 1.4.2 July 5, 2026
unusedcss unusedcss N/A RapidLoad – Optimize Web Vitals Automatically <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification and SQL Injection LOW *-2.4.2 2.4.3 July 5, 2026
so-widgets-bundle so-widgets-bundle N/A SiteOrigin Widgets Bundle <= 1.64.0 - Missing Authorization LOW *-1.64.0 1.64.1 July 5, 2026
restricted-content restricted-content N/A Restrict – membership, site, content and user access restrictions for WordPress <= 2.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-2.2.8 2.2.9 July 5, 2026
members members
93
Members <= 3.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-3.2.10 3.2.11 July 5, 2026
last-viewed-posts last-viewed-posts
93
Last Viewed Posts by WPBeginner <= 1.0.1 - Unauthenticated Sensitive Information Exposure LOW *-1.0.1 1.0.2 July 5, 2026
imagerecycle-pdf-image-compression imagerecycle-pdf-image-compression
93
ImageRecycle pdf & image compression <= 3.1.16 - Reflected Cross-Site Scripting LOW *-3.1.16 3.1.17 July 5, 2026
hunk-companion hunk-companion
93
Hunk Companion <= 1.8.5 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation LOW *-1.8.5 1.9.0 July 5, 2026
cm-answers cm-answers
93
CM Answers <= 3.2.6 - Missing Authorization LOW *-3.2.6 3.2.7 July 5, 2026
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
93
Barcode Scanner with Inventory & Order Manager <= 1.6.6 - Reflected Cross-Site Scripting LOW *-1.6.6 1.6.7 July 5, 2026
ichart ichart
93
iChart – Easy Charts and Graphs <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter LOW *-2.1.0 2.1.4 July 5, 2026
profit-products-tables-for-woocommerce profit-products-tables-for-woocommerce N/A Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth LOW *-1.0.6.5 1.0.6.6 July 5, 2026
quran-text-multilanguage quran-text-multilanguage N/A Quran multilanguage Text & Audio <= 2.3.21 - Reflected Cross-Site Scripting via sourate and lang Parameters LOW *-2.3.21 2.3.22 July 5, 2026
LOW

octrace-support

octrace-support

Score: 89/100 WordPress HelpDesk & Support Ticket System Plugin – Octrace Support <= 1.2.7 - Reflected Cross-Site Scripting Affected: *-1.2.7 Patched: Updated: July 5, 2026
LOW

notificationx

notificationx

Score: 93/100 NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.9.3 Patched: 2.9.4 Updated: July 5, 2026
LOW

notibar

notibar

Score: 93/100 Notibar <= 2.1.4 - Missing Authorization via ajax_install_plugin Affected: *-2.1.4 Patched: 2.1.5 Updated: July 5, 2026
LOW

nicejob

nicejob

Score: 93/100 NiceJob <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.5 Patched: 3.7.2 Updated: July 5, 2026
LOW

nias-course

nias-course

Score: 91/100 Nias course <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.6 Patched: Updated: July 5, 2026
LOW

news-ticker-for-elementor

news-ticker-for-elementor

Score: 91/100 News Ticker for Elementor <= 2.1.3 - Missing Authorization Affected: *-2.1.3 Patched: Updated: July 5, 2026
LOW

new-user-approve

new-user-approve

Score: 93/100 New User Approve <= 2.6.2 - Missing Authorization Affected: *-2.6.2 Patched: 2.6.4 Updated: July 5, 2026
LOW

minterpress

minterpress

Score: 89/100 Minterpress <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.0.5 Patched: Updated: July 5, 2026
LOW

meeting-scheduler-by-vcita

meeting-scheduler-by-vcita

Score: 93/100 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5 - Cross-Site Request Forgery Affected: *-4.5 Patched: 4.5.2 Updated: July 5, 2026
LOW

media-downloader

media-downloader

Score: 93/100 Media Downloader <= 0.4.7.4 - Reflected Cross-Site Scripting Affected: *-0.4.7.4 Patched: 0.4.7.5 Updated: July 5, 2026
LOW

mark-new-posts

mark-new-posts

Score: 93/100 Mark New Posts <= 7.5.1 - Missing Authorization via save_options Affected: *-7.5.1 Patched: 7.6 Updated: July 5, 2026
LOW

mail-picker

mail-picker

Score: 93/100 Mail Picker <= 1.0.14 - Unauthenticated PHP Object Injection Affected: *-1.0.14 Patched: 1.0.15 Updated: July 5, 2026
LOW

listapp-mobile-manager

listapp-mobile-manager

Score: 91/100 ListApp Mobile Manager <= 1.7.7 - Missing Authorization to Privilege Escalation Affected: *-1.7.7 Patched: Updated: July 5, 2026
LOW

library-bookshelves

library-bookshelves

Score: 91/100 Library Bookshelves <= 5.8 - Reflected Cross-Site Scripting Affected: *-5.8 Patched: 5.9 Updated: July 5, 2026
LOW

ldd-directory-lite

ldd-directory-lite

Score: 91/100 LDD Directory Lite <= 3.3 - Reflected Cross-Site Scripting Affected: *-3.3 Patched: Updated: July 5, 2026
LOW

label-grid-tools

label-grid-tools

Score: 93/100 LabelGrid Tools <= 1.3.58 - Reflected Cross-Site Scripting Affected: *-1.3.58 Patched: 1.3.59 Updated: July 5, 2026
LOW

kundgenerator

kundgenerator

Score: 93/100 Kundgenerator <= 1.0.6 - Reflected Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: July 5, 2026
LOW

kh-easy-user-settings

kh-easy-user-settings

Score: 91/100 KH Easy User Settings <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

jt-express

jt-express

Score: 93/100 J&T Express Malaysia <= 2.0.13 - Reflected Cross-Site Scripting via [placeholder] Affected: *-2.0.13 Patched: 2.0.15 Updated: July 5, 2026
LOW

invoice-payment-for-woocommerce

invoice-payment-for-woocommerce

Score: 93/100 Invoice Payment for WooCommerce <= 1.7.2 - Reflected Cross-Site Scripting Affected: *-1.7.2 Patched: 2.0.0 Updated: July 5, 2026
LOW

integrate-firebase

integrate-firebase

Score: 93/100 Integrate Firebase <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.9.3 Patched: 0.10.0 Updated: July 5, 2026
LOW

insertify

insertify

Score: 91/100 Insertify <= 1.1.4 - Cross-Site Request Forgery to Remote Code Execution Affected: *-1.1.4 Patched: Updated: July 5, 2026
LOW

immotoolbox-connect

immotoolbox-connect

Score: 93/100 ImmoToolBox Connect <= 1.3.3 - Reflected Cross-Site Scripting Affected: *-1.3.3 Patched: 1.4.0 Updated: July 5, 2026
LOW

icdsoft-reseller-store

icdsoft-reseller-store

Score: 93/100 ICDSoft Reseller Store <= 2.4.5 - Reflected Cross-Site Scripting Affected: *-2.4.5 Patched: 2.5.0 Updated: July 5, 2026
LOW

i-plant-a-tree

i-plant-a-tree

Score: 91/100 I Plant A Tree <= 1.7.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7.3 Patched: 1.7.4 Updated: July 5, 2026
LOW

hurrakify

hurrakify

Score: 93/100 Hurrakify <= 2.4 - Unauthenticated Server-Side Request Forgery Affected: *-2.4 Patched: 8.0.1 Updated: July 5, 2026
LOW

hello-event-widgets-for-elementor

hello-event-widgets-for-elementor

Score: 93/100 Hello Event Widgets For Elementor <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: 1.1.0 Updated: July 5, 2026
LOW

hash-form

hash-form

Score: 93/100 Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation Affected: *-1.2.1 Patched: 1.2.2 Updated: July 5, 2026
LOW

hack-info

hack-info

Score: 93/100 Hack-Info <= 3.17 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.17 Patched: 3.18 Updated: July 5, 2026
LOW

gutensee

gutensee

Score: 93/100 Gutensee <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: July 5, 2026
LOW

gs-portfolio

gs-portfolio

Score: 93/100 WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.6.3 Patched: 1.6.4 Updated: July 5, 2026
LOW

gs-books-showcase

gs-books-showcase

Score: 93/100 WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: 1.3.2 Updated: July 5, 2026
LOW

greenshift-animation-and-page-builder-blocks

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure Affected: *-9.9.9.3 Patched: 9.9.9.4 Updated: July 5, 2026
LOW

gou-wc-account-tabs

gou-wc-account-tabs

Score: 93/100 Gou Manage My Account Menu <= 1.0.1.8 - Missing Authorization Affected: *-1.0.1.8 Patched: 1.0.1.9 Updated: July 5, 2026
LOW

git-sync

git-sync

Score: 91/100 GitSync <= 1.1.0 - Cross-Site Request Forgery to Remote Code Execution Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

geoflickr

geoflickr

Score: 93/100 GeoFlickr <= 1.3 - Reflected Cross-Site Scripting Affected: *-1.3 Patched: 1.4 Updated: July 5, 2026
LOW

geo-my-wp

geo-my-wp

Score: 93/100 GEO my WordPress <= 4.5.0.4 - Missing Authorization via get_field_options_ajax Affected: *-4.5.0.4 Patched: 4.5.1 Updated: July 5, 2026
LOW

gdpr-cookie-consent

gdpr-cookie-consent

Score: 93/100 Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Whitelist Script Affected: *-3.6.5 Patched: 3.6.6 Updated: July 5, 2026
LOW

gallery-for-ultimate-member

gallery-for-ultimate-member

Score: 91/100 Video & Photo Gallery for Ultimate Member <= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.1.0 Patched: 1.1.1 Updated: July 5, 2026
LOW

gallery-for-ultimate-member

gallery-for-ultimate-member

Score: 91/100 Video & Photo Gallery for Ultimate Member <= 1.1.1 - Reflected Cross-Site Scripting Affected: *-1.1.1 Patched: 1.1.2 Updated: July 5, 2026
LOW

full-customer

full-customer

Score: 93/100 FULL Customer <= 3.1.25 - Authenticated (Contributor+) Local File Inclusion Affected: *-3.1.25 Patched: 3.1.26 Updated: July 5, 2026
LOW

forumwp

forumwp

Score: 93/100 ForumWP <= 2.1.0 - Unauthenticated PHP Object Injection Affected: *-2.1.0 Patched: 2.1.1 Updated: July 5, 2026
LOW

formfacade

formfacade

Score: 91/100 FormFacade <= 1.3.6 - Reflected Cross-Site Scripting Affected: *-1.3.6 Patched: 1.3.7 Updated: July 5, 2026
LOW

feedpress-generator

feedpress-generator

Score: 89/100 Feedpress Generator <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 5, 2026
LOW

faq-and-answers

faq-and-answers

Score: 93/100 FAQ And Answers – Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: 1.1.2 Updated: July 5, 2026
LOW

fancy-roller-scroller

fancy-roller-scroller

Score: 93/100 Fancy Roller Scroller <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.0 Patched: 1.4.1 Updated: July 5, 2026
LOW

falcon

falcon

Score: 93/100 Falcon – WordPress Optimizations & Tweaks <= 2.8.3 - Missing Authorization Affected: *-2.8.3 Patched: 2.8.4 Updated: July 5, 2026
LOW

events-addon-for-elementor

events-addon-for-elementor

Score: 93/100 Events Addon for Elementor <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.2 Patched: 2.2.3 Updated: July 5, 2026
LOW

essential-real-estate

essential-real-estate

Score: 87/100 Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure Affected: *-5.1.6 Patched: 5.1.7 Updated: July 5, 2026
LOW

elementinvader-addons-for-elementor

elementinvader-addons-for-elementor

Score: 93/100 ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read Affected: *-1.3.1 Patched: 1.3.2 Updated: July 5, 2026
LOW

eduadmin-booking

eduadmin-booking

Score: 93/100 EduAdmin Booking <= 5.2.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-5.2.0 Patched: 5.3.0 Updated: July 5, 2026
LOW

eazydocs

eazydocs

Score: 93/100 EazyDocs <= 2.8.0 - Authenticated (Contributor+) Local File Inclusion Affected: *-2.8.0 Patched: 2.8.1 Updated: July 5, 2026
LOW

devrix-dark-site

devrix-dark-site

Score: 93/100 DX Dark Site <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.1.1 Updated: July 5, 2026
LOW

depay-payments-for-woocommerce

depay-payments-for-woocommerce

Score: 93/100 Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure Affected: *-2.12.17 Patched: 2.12.18 Updated: July 5, 2026
LOW

currency-converter-widget-pro

currency-converter-widget-pro

Score: 93/100 Currency Converter Widget ⚡ PRO <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: 1.0.7 Updated: July 5, 2026
LOW

csv-to-html

csv-to-html

Score: 93/100 CSV to html <= 3.08 - Reflected Cross-Site Scripting Affected: *-3.08 Patched: 3.15 Updated: July 5, 2026
LOW

cryptocurrency-price-widget

cryptocurrency-price-widget

Score: 93/100 Cryptocurrency Price Widget <= 1.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.2.3 Patched: 1.2.4 Updated: July 5, 2026
LOW

coschool

coschool

Score: 87/100 CoSchool LMS <= 1.4- Missing Authorization to Privilege Escalation Affected: *-1.4 Patched: Updated: July 5, 2026
LOW

connect-contact-form-7-to-constant-contact-v3

connect-contact-form-7-to-constant-contact-v3

Score: 93/100 Connect Contact Form 7 to Constant Contact <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: 1.5 Updated: July 5, 2026
LOW

clevernode-related-content

clevernode-related-content

Score: 93/100 CleverNode Related Content <= 1.1.5 - Reflected Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.6 Updated: July 5, 2026
LOW

check-pincode-for-woocommerce

check-pincode-for-woocommerce

Score: 93/100 Check Pincode For Woocommerce <= 1.1 - Reflected Cross-Site Scripting Affected: *-1.1 Patched: 1.2 Updated: July 5, 2026
LOW

ce21-suite

ce21-suite

Score: 86/100 CE21 Suite <= 2.2.0 - Unauthenticated Privilege Escalation Affected: *-2.2.0 Patched: 2.2.1 Updated: July 5, 2026
LOW

cardealerpress

cardealerpress

Score: 93/100 CarDealerPress <= 6.6.2410.02 - Reflected Cross-Site Scripting Affected: *-6.6.2410.02 Patched: 6.7.2411.00 Updated: July 5, 2026
LOW

cardealer

cardealer

Score: 93/100 Car Dealer <= 4.46 - Missing Authorization Affected: *-4.46 Patched: 4.48 Updated: July 5, 2026
LOW

bp-email-assign-templates

bp-email-assign-templates

Score: 93/100 BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting Affected: *-1.5 Patched: 1.6 Updated: July 5, 2026
LOW

bold-page-builder

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.1.5 - Authenticated (Editor+) Path Traversal Affected: *-5.1.5 Patched: 5.1.6 Updated: July 5, 2026
LOW

bakkbone-florist-companion

bakkbone-florist-companion

Score: 93/100 FloristPress <= 7.2.0 - Reflected Cross-Site Scripting Affected: *-7.2.0 Patched: 7.3.0 Updated: July 5, 2026
LOW

axeptio-sdk-integration

axeptio-sdk-integration

Score: 93/100 Axeptio <= 2.5.4 - Unauthenticated Local File Inclusion Affected: *-2.5.4 Patched: 2.5.5 Updated: July 5, 2026
LOW

awesome-support

awesome-support

Score: 93/100 Awesome Support <= 6.3.1 - Missing Authorization Affected: *-6.3.1 Patched: 6.3.2 Updated: July 5, 2026
LOW

autowp-ai-content-writer-rewriter

autowp-ai-content-writer-rewriter

Score: 91/100 AutoWP <= 2.0.8 - Cross-Site Request Forgery Affected: *-2.0.8 Patched: 2.0.9 Updated: July 5, 2026
LOW

authentication-via-otp-using-firebase

authentication-via-otp-using-firebase

Score: 91/100 Firebase OTP Authentication <= 1.0.1 - Missing Authorization to Privilege Escalation Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

appsplate

appsplate

Score: 95/100 Appsplate <= 2.1.3 - Unauthenticated SQL Injection Affected: *-2.1.3 Patched: Updated: July 5, 2026
LOW

analytics-cat

analytics-cat

Score: 97/100 Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting Affected: *-1.1.2 Patched: 1.1.3 Updated: July 5, 2026
LOW

amazon-product-price

amazon-product-price

Score: 95/100 Amazon Product Price <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

aicomments

aicomments

Score: 97/100 AIcomments <= 1.4.1 - Cross-Site Request Forgery Affected: *-1.4.1 Patched: 1.4.2 Updated: July 5, 2026
LOW

ai-site-builder

ai-site-builder

Score: 95/100 Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

ai-seo-translator

ai-seo-translator

Score: 97/100 AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot <= 1.6.2 - Cross-Site Request Forgery via update_integration_option Affected: *-1.6.2 Patched: 1.6.3 Updated: July 5, 2026
LOW

advanced-blog-post-block

advanced-blog-post-block

Score: 95/100 Advanced Blog Post Block <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.4 Patched: Updated: July 5, 2026
LOW

advance-menu-manager

advance-menu-manager

Score: 95/100 Advance Menu Manager <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Change Affected: *-3.1.1 Patched: 3.1.2 Updated: July 5, 2026
LOW

add-infos-to-the-events-calendar

add-infos-to-the-events-calendar

Score: 97/100 Add infos to the events calendar <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.1 Patched: 1.5.0 Updated: July 5, 2026
LOW

accept-stripe-payments-using-contact-form-7

accept-stripe-payments-using-contact-form-7

Score: 97/100 Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure Affected: *-2.5 Patched: 2.6 Updated: July 5, 2026
LOW

360deg-javascript-viewer

360deg-javascript-viewer

Score: 97/100 360 Javascript Viewer <= 1.7.29 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.29 Patched: 1.7.30 Updated: July 5, 2026
LOW

woo-order-notes

woo-order-notes

Score: N/A WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting Affected: *-1.5.2 Patched: 1.5.3 Updated: July 5, 2026
LOW

wp-pipes

wp-pipes

Score: N/A WP Pipes <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter Affected: *-1.4.1 Patched: 1.4.2 Updated: July 5, 2026
LOW

wp-log-action

wp-log-action

Score: N/A WP Log Action <= 0.51 - Reflected Cross-Site Scripting Affected: *-0.51 Patched: 0.52 Updated: July 5, 2026
LOW

waymark

waymark

Score: N/A Waymark <= 1.4.1 - Reflected Cross-Site Scripting via 'content' Affected: *-1.4.1 Patched: 1.4.2 Updated: July 5, 2026
LOW

unusedcss

unusedcss

Score: N/A RapidLoad – Optimize Web Vitals Automatically <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification and SQL Injection Affected: *-2.4.2 Patched: 2.4.3 Updated: July 5, 2026
LOW

so-widgets-bundle

so-widgets-bundle

Score: N/A SiteOrigin Widgets Bundle <= 1.64.0 - Missing Authorization Affected: *-1.64.0 Patched: 1.64.1 Updated: July 5, 2026
LOW

restricted-content

restricted-content

Score: N/A Restrict – membership, site, content and user access restrictions for WordPress <= 2.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-2.2.8 Patched: 2.2.9 Updated: July 5, 2026
LOW

members

members

Score: 93/100 Members <= 3.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-3.2.10 Patched: 3.2.11 Updated: July 5, 2026
LOW

last-viewed-posts

last-viewed-posts

Score: 93/100 Last Viewed Posts by WPBeginner <= 1.0.1 - Unauthenticated Sensitive Information Exposure Affected: *-1.0.1 Patched: 1.0.2 Updated: July 5, 2026
LOW

imagerecycle-pdf-image-compression

imagerecycle-pdf-image-compression

Score: 93/100 ImageRecycle pdf & image compression <= 3.1.16 - Reflected Cross-Site Scripting Affected: *-3.1.16 Patched: 3.1.17 Updated: July 5, 2026
LOW

hunk-companion

hunk-companion

Score: 93/100 Hunk Companion <= 1.8.5 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation Affected: *-1.8.5 Patched: 1.9.0 Updated: July 5, 2026
LOW

cm-answers

cm-answers

Score: 93/100 CM Answers <= 3.2.6 - Missing Authorization Affected: *-3.2.6 Patched: 3.2.7 Updated: July 5, 2026
LOW

ichart

ichart

Score: 93/100 iChart – Easy Charts and Graphs <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter Affected: *-2.1.0 Patched: 2.1.4 Updated: July 5, 2026
LOW

profit-products-tables-for-woocommerce

profit-products-tables-for-woocommerce

Score: N/A Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth Affected: *-1.0.6.5 Patched: 1.0.6.6 Updated: July 5, 2026
LOW

quran-text-multilanguage

quran-text-multilanguage

Score: N/A Quran multilanguage Text & Audio <= 2.3.21 - Reflected Cross-Site Scripting via sourate and lang Parameters Affected: *-2.3.21 Patched: 2.3.22 Updated: July 5, 2026

Showing 14601 to 14700 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 16:51 UTC.