Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

90

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
email-reminders email-reminders
93
Email Reminders <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter LOW *-2.0.4 2.0.5 July 5, 2026
property-hive-mortgage-calculator property-hive-mortgage-calculator N/A Property Hive Mortgage Calculator <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via price Parameter LOW *-1.0.6 1.0.7 July 5, 2026
foogallery-premium foogallery-premium
93
Best WordPress Gallery Plugin – FooGallery <= 2.4.16 - Authenticated (Contributor+) Directory Traversal LOW *-2.4.26 2.4.27 July 5, 2026
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More wpforms-lite
70
WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation LOW 1.8.4-1.9.2.1 1.9.2.2 July 5, 2026
wp-tithely wp-tithely N/A Tithe.ly Giving Button <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
turbosmtp turbosmtp N/A turboSMTP <= 4.6 - Reflected Cross-Site Scripting via 'page' LOW *-4.6 4.7 July 5, 2026
simple-restrict simple-restrict N/A Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-1.2.7 1.2.8 July 5, 2026
learnpress learnpress
93
LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API LOW *-4.2.7.3 4.2.7.4 July 5, 2026
wp-health wp-health N/A WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion LOW *-2.17.0 2.17.1 July 5, 2026
wp-mailster wp-mailster N/A WP Mailster <= 1.8.16.0 - Unauthenticated Sensitive Information Exposure LOW *-1.8.16.0 1.8.17.0 July 5, 2026
easy-code-snippets easy-code-snippets
89
Easy Code Snippets <= 1.0.2 - Reflected Cross-Site Scripting LOW *-1.0.2 July 5, 2026
multi-gallery multi-gallery
91
Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection LOW *-1.3 July 5, 2026
feedpress-generator feedpress-generator
89
Feedpress Generator – External RSS Frontend Customizer <= 1.2.1 - Reflected Cross-Site Scripting LOW *-1.2.1 July 5, 2026
wp-mini-program wp-mini-program N/A Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.5 July 5, 2026
beautiful-taxonomy-filters beautiful-taxonomy-filters
93
Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection LOW *-2.4.3 2.4.4 July 5, 2026
smoove-elementor smoove-elementor N/A Smoove connector for Elementor forms <= 4.1.0 - Reflected Cross-Site Scripting LOW *-4.1.0 4.2.0 July 5, 2026
twchat twchat N/A TWChat – Send or receive messages from users <= 4.0.4 - Reflected Cross-Site Scripting LOW *-4.0.4 July 5, 2026
simple-e-commerce-shopping-cart simple-e-commerce-shopping-cart N/A Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Reflected Cross-Site Scripting via monthly_sales_current_year Parameter LOW *-3.1.2 July 5, 2026
simple-e-commerce-shopping-cart simple-e-commerce-shopping-cart N/A Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access LOW *-3.1.2 July 5, 2026
FileOrganizer – WordPress File Manager fileorganizer
76
FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion LOW *-1.1.4 1.1.5 July 5, 2026
persian-woocommerce-sms persian-woocommerce-sms
91
افزونه پیامک ووکامرس Persian WooCommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting LOW *-7.0.5 7.0.6 July 5, 2026
Message Filter for Contact Form 7 cf7-message-filter
89
Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation LOW *-1.6.3 1.6.3.1 July 5, 2026
cf7-mollie cf7-mollie
89
Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting LOW *-5.0.0 July 5, 2026
comfino-payment-gateway comfino-payment-gateway
93
Comfino Payment Gateway <= 4.1.1 - Reflected Cross-Site Scripting LOW *-4.1.1 4.1.2 July 5, 2026
ultimate-shortcodes-creator ultimate-shortcodes-creator N/A Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via 'page' LOW *-2.2.0 July 5, 2026
ultimate-shortcodes-creator ultimate-shortcodes-creator N/A Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via _wpnonce LOW *-2.2.0 July 5, 2026
zooom zooom N/A Zooom <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 5, 2026
clicksend-lead-capture-form clicksend-lead-capture-form
91
SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion LOW *-1.1.0 July 5, 2026
wp-svg wp-svg N/A WP-SVG <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-0.9 July 5, 2026
wp-publications wp-publications N/A WP Publications <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
virtual-hdm-for-taxservice-am virtual-hdm-for-taxservice-am N/A TAX SERVICE Electronic HDM <= 1.1.2 - Unauthenticated SQL Injection LOW *-1.1.2 1.2.3 July 5, 2026
ultimate-shortcodes-creator ultimate-shortcodes-creator N/A Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting LOW *-2.2.0 July 5, 2026
simple-notification simple-notification N/A Simple Notification <= 1.3 - Missing Authorization LOW *-1.3 July 5, 2026
poll-maker poll-maker
93
Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication LOW *-5.5.4 5.5.5 July 5, 2026
pie-forms-for-wp pie-forms-for-wp
91
Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting LOW *-1.4.19 1.5 July 5, 2026
pgall-for-woocommerce pgall-for-woocommerce
93
워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Function LOW *-5.2.2 5.2.3 July 5, 2026
mshop-naver-talktalk mshop-naver-talktalk
91
코드엠샵 소셜톡 <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.0 1.2.1 July 5, 2026
library-management-system library-management-system
93
Library Management System <= 3.1 - Authenticated (Admin+) SQL Injection LOW *-3.1 3.2 July 5, 2026
import-export-for-woocommerce import-export-for-woocommerce
87
Import Export For WooCommerce <= 1.6.1 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.6.1 July 5, 2026
if-menu if-menu
93
If Menu <= 0.19.1 - Missing Authorization to License Key Update LOW *-0.19.1 0.19.2 July 5, 2026
give give
93
GiveWP – Donation Plugin and Fundraising Platform <= 3.18.0 - Reflected Cross-Site Scripting LOW *-3.18.0 3.19.0 July 5, 2026
float-block float-block
91
Float Block <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.7 July 5, 2026
faqs faqs
89
FAQs <= 1.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
eyewear-prescription-form eyewear-prescription-form
89
Eyewear prescription form <= 4.0.18 - Missing Authorization to Unauthenticated Arbitrary Options Update LOW *-4.0.18 4.0.19 July 5, 2026
echoza echoza
91
Echoza <= 0.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-0.1.1 July 5, 2026
easy-replace easy-replace
91
Easy Replace <= 1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.3 July 5, 2026
dn-shipping-by-weight dn-shipping-by-weight
93
DN Shipping by Weight for WooCommerce <= 1.1.1 - Cross-Site Request Forgery to Plugin Settings Update LOW *-1.1.1 1.2 July 5, 2026
clients clients
89
Clients <= 1.1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-1.1.4 July 5, 2026
cardgate cardgate
93
CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting LOW *-3.2.1 3.2.2 July 5, 2026
blaze-online-eparcel-for-woocommerce blaze-online-eparcel-for-woocommerce
91
Blaze Online eParcel for WooCommerce <= 1.3.3 - Reflected Cross-Site Scripting LOW *-1.3.3 July 5, 2026
verowa-connect verowa-connect N/A Verowa Connect <= 3.0.1 - Unauthenticated SQL Injection LOW *-3.0.1 3.0.2 July 5, 2026
pojo-forms pojo-forms
93
Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode LOW *-1.4.7 1.4.8 July 5, 2026
twentytwenty twentytwenty N/A TwentyTwenty <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 5, 2026
Message Filter for Contact Form 7 cf7-message-filter
89
Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions LOW *-1.6.3 1.6.3.1 July 5, 2026
forumwp forumwp
93
ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting LOW *-2.1.2 2.1.3 July 5, 2026
folder-gallery folder-gallery
91
Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.4 July 5, 2026
friends friends
93
Friends <= 3.2.1 - Missing Authorization LOW *-3.2.1 3.2.2 July 5, 2026
forumwp forumwp
93
ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter LOW *-2.1.2 2.1.3 July 5, 2026
gold-addons-for-elementor gold-addons-for-elementor
91
Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation LOW *-1.3.2 July 5, 2026
cookielay cookielay
91
Cookielay <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode LOW *-1.2.0 July 5, 2026
splash-connector splash-connector N/A Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting LOW *-2.0.7 2.0.8 July 5, 2026
wp-media-optimizer-webp wp-media-optimizer-webp N/A WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters LOW *-1.4.0 July 5, 2026
smart-popup-blaster smart-popup-blaster N/A Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.3 July 5, 2026
cluevo-lms cluevo-lms
93
CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion LOW *-1.13.2 1.13.3 July 5, 2026
ultimate-coming-soon ultimate-coming-soon N/A Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Unauthenticated Template Activation LOW *-1.0.9 1.1.0 July 5, 2026
ultimate-coming-soon ultimate-coming-soon N/A Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update LOW *-1.0.9 1.1.0 July 5, 2026
sv100-companion sv100-companion N/A SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update LOW *-2.0.02 July 5, 2026
ai-quiz ai-quiz
95
AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update LOW *-1.1 July 5, 2026
wp-private-content-plus wp-private-content-plus N/A WP Private Content Plus <= 3.6.1 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure LOW *-3.6.1 3.6.2 July 5, 2026
wp-system wp-system N/A WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.1 July 5, 2026
mycred mycred
93
myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode LOW *-2.7.5.2 2.7.6 July 5, 2026
wp-hide-security-enhancer wp-hide-security-enhancer N/A WP Hide & Security Enhancer <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion LOW *-2.5.1 2.5.2 July 5, 2026
threewp-broadcast threewp-broadcast N/A Broadcast <= 51.01 - Reflected Cross-Site Scripting LOW *-51.01 51.02 July 5, 2026
gallery-videos gallery-videos
93
YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection LOW *-2.4.2 2.4.3 July 5, 2026
gallery-videos gallery-videos
93
Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.4.1 2.4.2 July 5, 2026
xpro-elementor-addons xpro-elementor-addons N/A 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.4.6.5 1.4.6.6 July 5, 2026
xl-tab xl-tab N/A XLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post Disclosure LOW *-1.4 1.5 July 5, 2026
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More wpforms-lite
70
WPForms <= 1.9.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-1.9.2.2 1.9.2.3 July 5, 2026
wp-limit-failed-login-attempts wp-limit-failed-login-attempts N/A Limit Login Attempts <= 5.5 - Unauthenticated SQL Injeciton LOW *-5.5 5.6 July 5, 2026
wot-elementor-widgets wot-elementor-widgets N/A Wot Elementor Widgets <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 5, 2026
woo-pdf-invoice-builder woo-pdf-invoice-builder N/A PDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site Scripting LOW *-1.2.136 1.2.137 July 5, 2026
unlock-addons-for-elementor unlock-addons-for-elementor N/A Unlock Addons for Elementor <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.0 July 5, 2026
swift-performance-lite swift-performance-lite N/A Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify' LOW *-2.3.7.1 2.3.7.2 July 5, 2026
shiptimize-for-woocommerce shiptimize-for-woocommerce N/A Shiptimize for WooCommerce <= 3.1.86 - Reflected Cross-Site Scripting LOW *-3.1.86 July 5, 2026
rrdevs-for-elementor rrdevs-for-elementor N/A RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.0 July 5, 2026
prodigy-commerce prodigy-commerce N/A Prodigy Commerce <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.0.8 3.0.9 July 5, 2026
prodigy-commerce prodigy-commerce N/A Prodigy Commerce <= 3.1.2 - Missing Authorization LOW *-3.1.2 3.1.3 July 5, 2026
powerpack-lite-for-elementor powerpack-lite-for-elementor N/A PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post Disclosure LOW *-2.8.1 2.8.2 July 5, 2026
otp-login otp-login
93
Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP LOW *-1.4.2 1.5 July 5, 2026
onlyoffice onlyoffice
93
ONLYOFFICE Docs <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.0 2.2.0 July 5, 2026
ni-woocommerce-product-editor ni-woocommerce-product-editor
91
Ni WooCommerce Bulk Product Editor <= 1.4.5 - Reflected Cross-Site Scripting LOW *-1.4.5 July 5, 2026
ni-woocommerce-order-export ni-woocommerce-order-export
89
Ni WooCommerce Order Export <= 3.1.6 - Reflected Cross-Site Scripting LOW *-3.1.6 July 5, 2026
ni-crm-lead ni-crm-lead
89
Ni CRM Lead <= 1.3.0 - Authenticated (Subscriber+) SQL Injection LOW *-1.3.0 July 5, 2026
nextcart-woocommerce-migration nextcart-woocommerce-migration
93
Next-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site Scripting LOW *-3.9.2 3.9.4 July 5, 2026
news-kit-elementor-addons news-kit-elementor-addons
89
News Kit Elementor Addons <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.6 July 5, 2026
min-and-max-quantity-for-woocommerce min-and-max-quantity-for-woocommerce
93
Minimum and Maximum Quantity for WooCommerce <= 2.0.0 - Missing Authorization LOW *-2.0.0 2.1.0 July 5, 2026
meeting-scheduler-by-vcita meeting-scheduler-by-vcita
93
Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-4.5.1 4.5.2 July 5, 2026
login-sidebar-widget login-sidebar-widget
91
Login Widget With Shortcode <= 6.1.2 - Open Redirect LOW *-6.1.2 July 5, 2026
kivicare-clinic-management-system kivicare-clinic-management-system
93
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Doctor/Receptionist+) SQL Injection LOW *-3.6.4 3.6.5 July 5, 2026
kivicare-clinic-management-system kivicare-clinic-management-system
93
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection LOW *-3.6.4 3.6.5 July 5, 2026
LOW

email-reminders

email-reminders

Score: 93/100 Email Reminders <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Affected: *-2.0.4 Patched: 2.0.5 Updated: July 5, 2026
LOW

property-hive-mortgage-calculator

property-hive-mortgage-calculator

Score: N/A Property Hive Mortgage Calculator <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via price Parameter Affected: *-1.0.6 Patched: 1.0.7 Updated: July 5, 2026
LOW

foogallery-premium

foogallery-premium

Score: 93/100 Best WordPress Gallery Plugin – FooGallery <= 2.4.16 - Authenticated (Contributor+) Directory Traversal Affected: *-2.4.26 Patched: 2.4.27 Updated: July 5, 2026
LOW

wp-tithely

wp-tithely

Score: N/A Tithe.ly Giving Button <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

turbosmtp

turbosmtp

Score: N/A turboSMTP <= 4.6 - Reflected Cross-Site Scripting via 'page' Affected: *-4.6 Patched: 4.7 Updated: July 5, 2026
LOW

simple-restrict

simple-restrict

Score: N/A Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-1.2.7 Patched: 1.2.8 Updated: July 5, 2026
LOW

learnpress

learnpress

Score: 93/100 LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API Affected: *-4.2.7.3 Patched: 4.2.7.4 Updated: July 5, 2026
LOW

wp-health

wp-health

Score: N/A WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion Affected: *-2.17.0 Patched: 2.17.1 Updated: July 5, 2026
LOW

wp-mailster

wp-mailster

Score: N/A WP Mailster <= 1.8.16.0 - Unauthenticated Sensitive Information Exposure Affected: *-1.8.16.0 Patched: 1.8.17.0 Updated: July 5, 2026
LOW

easy-code-snippets

easy-code-snippets

Score: 89/100 Easy Code Snippets <= 1.0.2 - Reflected Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

multi-gallery

multi-gallery

Score: 91/100 Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

feedpress-generator

feedpress-generator

Score: 89/100 Feedpress Generator – External RSS Frontend Customizer <= 1.2.1 - Reflected Cross-Site Scripting Affected: *-1.2.1 Patched: Updated: July 5, 2026
LOW

wp-mini-program

wp-mini-program

Score: N/A Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.5 Patched: Updated: July 5, 2026
LOW

beautiful-taxonomy-filters

beautiful-taxonomy-filters

Score: 93/100 Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection Affected: *-2.4.3 Patched: 2.4.4 Updated: July 5, 2026
LOW

smoove-elementor

smoove-elementor

Score: N/A Smoove connector for Elementor forms <= 4.1.0 - Reflected Cross-Site Scripting Affected: *-4.1.0 Patched: 4.2.0 Updated: July 5, 2026
LOW

twchat

twchat

Score: N/A TWChat – Send or receive messages from users <= 4.0.4 - Reflected Cross-Site Scripting Affected: *-4.0.4 Patched: Updated: July 5, 2026
LOW

simple-e-commerce-shopping-cart

simple-e-commerce-shopping-cart

Score: N/A Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Reflected Cross-Site Scripting via monthly_sales_current_year Parameter Affected: *-3.1.2 Patched: Updated: July 5, 2026
LOW

simple-e-commerce-shopping-cart

simple-e-commerce-shopping-cart

Score: N/A Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access Affected: *-3.1.2 Patched: Updated: July 5, 2026
LOW

FileOrganizer – WordPress File Manager

fileorganizer

Score: 76/100 FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion Affected: *-1.1.4 Patched: 1.1.5 Updated: July 5, 2026
LOW

persian-woocommerce-sms

persian-woocommerce-sms

Score: 91/100 افزونه پیامک ووکامرس Persian WooCommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting Affected: *-7.0.5 Patched: 7.0.6 Updated: July 5, 2026
LOW

Message Filter for Contact Form 7

cf7-message-filter

Score: 89/100 Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation Affected: *-1.6.3 Patched: 1.6.3.1 Updated: July 5, 2026
LOW

cf7-mollie

cf7-mollie

Score: 89/100 Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting Affected: *-5.0.0 Patched: Updated: July 5, 2026
LOW

comfino-payment-gateway

comfino-payment-gateway

Score: 93/100 Comfino Payment Gateway <= 4.1.1 - Reflected Cross-Site Scripting Affected: *-4.1.1 Patched: 4.1.2 Updated: July 5, 2026
LOW

ultimate-shortcodes-creator

ultimate-shortcodes-creator

Score: N/A Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via 'page' Affected: *-2.2.0 Patched: Updated: July 5, 2026
LOW

ultimate-shortcodes-creator

ultimate-shortcodes-creator

Score: N/A Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via _wpnonce Affected: *-2.2.0 Patched: Updated: July 5, 2026
LOW

zooom

zooom

Score: N/A Zooom <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

clicksend-lead-capture-form

clicksend-lead-capture-form

Score: 91/100 SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

wp-svg

wp-svg

Score: N/A WP-SVG <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.9 Patched: Updated: July 5, 2026
LOW

wp-publications

wp-publications

Score: N/A WP Publications <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

virtual-hdm-for-taxservice-am

virtual-hdm-for-taxservice-am

Score: N/A TAX SERVICE Electronic HDM <= 1.1.2 - Unauthenticated SQL Injection Affected: *-1.1.2 Patched: 1.2.3 Updated: July 5, 2026
LOW

ultimate-shortcodes-creator

ultimate-shortcodes-creator

Score: N/A Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting Affected: *-2.2.0 Patched: Updated: July 5, 2026
LOW

simple-notification

simple-notification

Score: N/A Simple Notification <= 1.3 - Missing Authorization Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

poll-maker

poll-maker

Score: 93/100 Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication Affected: *-5.5.4 Patched: 5.5.5 Updated: July 5, 2026
LOW

pie-forms-for-wp

pie-forms-for-wp

Score: 91/100 Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting Affected: *-1.4.19 Patched: 1.5 Updated: July 5, 2026
LOW

pgall-for-woocommerce

pgall-for-woocommerce

Score: 93/100 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Function Affected: *-5.2.2 Patched: 5.2.3 Updated: July 5, 2026
LOW

mshop-naver-talktalk

mshop-naver-talktalk

Score: 91/100 코드엠샵 소셜톡 <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.2.1 Updated: July 5, 2026
LOW

library-management-system

library-management-system

Score: 93/100 Library Management System <= 3.1 - Authenticated (Admin+) SQL Injection Affected: *-3.1 Patched: 3.2 Updated: July 5, 2026
LOW

import-export-for-woocommerce

import-export-for-woocommerce

Score: 87/100 Import Export For WooCommerce <= 1.6.1 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.6.1 Patched: Updated: July 5, 2026
LOW

if-menu

if-menu

Score: 93/100 If Menu <= 0.19.1 - Missing Authorization to License Key Update Affected: *-0.19.1 Patched: 0.19.2 Updated: July 5, 2026
LOW

give

give

Score: 93/100 GiveWP – Donation Plugin and Fundraising Platform <= 3.18.0 - Reflected Cross-Site Scripting Affected: *-3.18.0 Patched: 3.19.0 Updated: July 5, 2026
LOW

float-block

float-block

Score: 91/100 Float Block <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 5, 2026
LOW

faqs

faqs

Score: 89/100 FAQs <= 1.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

eyewear-prescription-form

eyewear-prescription-form

Score: 89/100 Eyewear prescription form <= 4.0.18 - Missing Authorization to Unauthenticated Arbitrary Options Update Affected: *-4.0.18 Patched: 4.0.19 Updated: July 5, 2026
LOW

echoza

echoza

Score: 91/100 Echoza <= 0.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-0.1.1 Patched: Updated: July 5, 2026
LOW

easy-replace

easy-replace

Score: 91/100 Easy Replace <= 1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: July 5, 2026
LOW

dn-shipping-by-weight

dn-shipping-by-weight

Score: 93/100 DN Shipping by Weight for WooCommerce <= 1.1.1 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-1.1.1 Patched: 1.2 Updated: July 5, 2026
LOW

clients

clients

Score: 89/100 Clients <= 1.1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.1.4 Patched: Updated: July 5, 2026
LOW

cardgate

cardgate

Score: 93/100 CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2 Updated: July 5, 2026
LOW

blaze-online-eparcel-for-woocommerce

blaze-online-eparcel-for-woocommerce

Score: 91/100 Blaze Online eParcel for WooCommerce <= 1.3.3 - Reflected Cross-Site Scripting Affected: *-1.3.3 Patched: Updated: July 5, 2026
LOW

verowa-connect

verowa-connect

Score: N/A Verowa Connect <= 3.0.1 - Unauthenticated SQL Injection Affected: *-3.0.1 Patched: 3.0.2 Updated: July 5, 2026
LOW

pojo-forms

pojo-forms

Score: 93/100 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode Affected: *-1.4.7 Patched: 1.4.8 Updated: July 5, 2026
LOW

twentytwenty

twentytwenty

Score: N/A TwentyTwenty <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

Message Filter for Contact Form 7

cf7-message-filter

Score: 89/100 Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions Affected: *-1.6.3 Patched: 1.6.3.1 Updated: July 5, 2026
LOW

forumwp

forumwp

Score: 93/100 ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting Affected: *-2.1.2 Patched: 2.1.3 Updated: July 5, 2026
LOW

folder-gallery

folder-gallery

Score: 91/100 Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.4 Patched: Updated: July 5, 2026
LOW

friends

friends

Score: 93/100 Friends <= 3.2.1 - Missing Authorization Affected: *-3.2.1 Patched: 3.2.2 Updated: July 5, 2026
LOW

forumwp

forumwp

Score: 93/100 ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter Affected: *-2.1.2 Patched: 2.1.3 Updated: July 5, 2026
LOW

gold-addons-for-elementor

gold-addons-for-elementor

Score: 91/100 Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation Affected: *-1.3.2 Patched: Updated: July 5, 2026
LOW

cookielay

cookielay

Score: 91/100 Cookielay <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode Affected: *-1.2.0 Patched: Updated: July 5, 2026
LOW

splash-connector

splash-connector

Score: N/A Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting Affected: *-2.0.7 Patched: 2.0.8 Updated: July 5, 2026
LOW

wp-media-optimizer-webp

wp-media-optimizer-webp

Score: N/A WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters Affected: *-1.4.0 Patched: Updated: July 5, 2026
LOW

smart-popup-blaster

smart-popup-blaster

Score: N/A Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: Updated: July 5, 2026
LOW

cluevo-lms

cluevo-lms

Score: 93/100 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion Affected: *-1.13.2 Patched: 1.13.3 Updated: July 5, 2026
LOW

ultimate-coming-soon

ultimate-coming-soon

Score: N/A Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Unauthenticated Template Activation Affected: *-1.0.9 Patched: 1.1.0 Updated: July 5, 2026
LOW

ultimate-coming-soon

ultimate-coming-soon

Score: N/A Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update Affected: *-1.0.9 Patched: 1.1.0 Updated: July 5, 2026
LOW

sv100-companion

sv100-companion

Score: N/A SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update Affected: *-2.0.02 Patched: Updated: July 5, 2026
LOW

ai-quiz

ai-quiz

Score: 95/100 AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

wp-private-content-plus

wp-private-content-plus

Score: N/A WP Private Content Plus <= 3.6.1 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure Affected: *-3.6.1 Patched: 3.6.2 Updated: July 5, 2026
LOW

wp-system

wp-system

Score: N/A WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

mycred

mycred

Score: 93/100 myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode Affected: *-2.7.5.2 Patched: 2.7.6 Updated: July 5, 2026
LOW

wp-hide-security-enhancer

wp-hide-security-enhancer

Score: N/A WP Hide & Security Enhancer <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion Affected: *-2.5.1 Patched: 2.5.2 Updated: July 5, 2026
LOW

threewp-broadcast

threewp-broadcast

Score: N/A Broadcast <= 51.01 - Reflected Cross-Site Scripting Affected: *-51.01 Patched: 51.02 Updated: July 5, 2026
LOW

gallery-videos

gallery-videos

Score: 93/100 YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection Affected: *-2.4.2 Patched: 2.4.3 Updated: July 5, 2026
LOW

gallery-videos

gallery-videos

Score: 93/100 Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.4.1 Patched: 2.4.2 Updated: July 5, 2026
LOW

xpro-elementor-addons

xpro-elementor-addons

Score: N/A 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.6.5 Patched: 1.4.6.6 Updated: July 5, 2026
LOW

xl-tab

xl-tab

Score: N/A XLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post Disclosure Affected: *-1.4 Patched: 1.5 Updated: July 5, 2026
LOW

wp-limit-failed-login-attempts

wp-limit-failed-login-attempts

Score: N/A Limit Login Attempts <= 5.5 - Unauthenticated SQL Injeciton Affected: *-5.5 Patched: 5.6 Updated: July 5, 2026
LOW

wot-elementor-widgets

wot-elementor-widgets

Score: N/A Wot Elementor Widgets <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

woo-pdf-invoice-builder

woo-pdf-invoice-builder

Score: N/A PDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site Scripting Affected: *-1.2.136 Patched: 1.2.137 Updated: July 5, 2026
LOW

unlock-addons-for-elementor

unlock-addons-for-elementor

Score: N/A Unlock Addons for Elementor <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: Updated: July 5, 2026
LOW

swift-performance-lite

swift-performance-lite

Score: N/A Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify' Affected: *-2.3.7.1 Patched: 2.3.7.2 Updated: July 5, 2026
LOW

shiptimize-for-woocommerce

shiptimize-for-woocommerce

Score: N/A Shiptimize for WooCommerce <= 3.1.86 - Reflected Cross-Site Scripting Affected: *-3.1.86 Patched: Updated: July 5, 2026
LOW

rrdevs-for-elementor

rrdevs-for-elementor

Score: N/A RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

prodigy-commerce

prodigy-commerce

Score: N/A Prodigy Commerce <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.0.8 Patched: 3.0.9 Updated: July 5, 2026
LOW

prodigy-commerce

prodigy-commerce

Score: N/A Prodigy Commerce <= 3.1.2 - Missing Authorization Affected: *-3.1.2 Patched: 3.1.3 Updated: July 5, 2026
LOW

powerpack-lite-for-elementor

powerpack-lite-for-elementor

Score: N/A PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post Disclosure Affected: *-2.8.1 Patched: 2.8.2 Updated: July 5, 2026
LOW

otp-login

otp-login

Score: 93/100 Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP Affected: *-1.4.2 Patched: 1.5 Updated: July 5, 2026
LOW

onlyoffice

onlyoffice

Score: 93/100 ONLYOFFICE Docs <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.2.0 Updated: July 5, 2026
LOW

ni-woocommerce-product-editor

ni-woocommerce-product-editor

Score: 91/100 Ni WooCommerce Bulk Product Editor <= 1.4.5 - Reflected Cross-Site Scripting Affected: *-1.4.5 Patched: Updated: July 5, 2026
LOW

ni-woocommerce-order-export

ni-woocommerce-order-export

Score: 89/100 Ni WooCommerce Order Export <= 3.1.6 - Reflected Cross-Site Scripting Affected: *-3.1.6 Patched: Updated: July 5, 2026
LOW

ni-crm-lead

ni-crm-lead

Score: 89/100 Ni CRM Lead <= 1.3.0 - Authenticated (Subscriber+) SQL Injection Affected: *-1.3.0 Patched: Updated: July 5, 2026
LOW

nextcart-woocommerce-migration

nextcart-woocommerce-migration

Score: 93/100 Next-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site Scripting Affected: *-3.9.2 Patched: 3.9.4 Updated: July 5, 2026
LOW

news-kit-elementor-addons

news-kit-elementor-addons

Score: 89/100 News Kit Elementor Addons <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: Updated: July 5, 2026
LOW

min-and-max-quantity-for-woocommerce

min-and-max-quantity-for-woocommerce

Score: 93/100 Minimum and Maximum Quantity for WooCommerce <= 2.0.0 - Missing Authorization Affected: *-2.0.0 Patched: 2.1.0 Updated: July 5, 2026
LOW

meeting-scheduler-by-vcita

meeting-scheduler-by-vcita

Score: 93/100 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-4.5.1 Patched: 4.5.2 Updated: July 5, 2026
LOW

login-sidebar-widget

login-sidebar-widget

Score: 91/100 Login Widget With Shortcode <= 6.1.2 - Open Redirect Affected: *-6.1.2 Patched: Updated: July 5, 2026
LOW

kivicare-clinic-management-system

kivicare-clinic-management-system

Score: 93/100 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Doctor/Receptionist+) SQL Injection Affected: *-3.6.4 Patched: 3.6.5 Updated: July 5, 2026
LOW

kivicare-clinic-management-system

kivicare-clinic-management-system

Score: 93/100 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection Affected: *-3.6.4 Patched: 3.6.5 Updated: July 5, 2026

Showing 14701 to 14800 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 17:47 UTC.