Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36406Across tracked plugins
Affected Plugins
95With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| kivicare-clinic-management-system | kivicare-clinic-management-system |
93
|
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injection | LOW | *-3.6.4 | 3.6.5 | July 5, 2026 | |
| event-tickets-with-ticket-scanner | event-tickets-with-ticket-scanner |
93
|
Event Tickets with Ticket Scanner <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | LOW | *-2.4.3 | 2.4.4 | July 5, 2026 | |
| elite-notification | elite-notification |
93
|
Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce <= 1.5 - Missing Authorization | LOW | 1.5 | 2.0.0 | July 5, 2026 | |
| element-ready-lite | element-ready-lite |
93
|
ElementsReady Addons for Elementor <= 6.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-6.4.7 | 6.4.8 | July 5, 2026 | |
| eewee-admincustom | eewee-admincustom |
89
|
eewee admin custom <= 1.8.2.4 - Cross-Site Request Forgery to Privilege Escalation | LOW | *-1.8.2.4 | July 5, 2026 | ||
| easy-blocks-pro | easy-blocks-pro |
91
|
Easy Blocks pro <= 1.0.21 - Missing Authorization | LOW | *-1.0.21 | July 5, 2026 | ||
| designer | designer |
91
|
Designer <= 1.4.1 - Authenticated (Contributor+) Local File Inclusion | LOW | *-1.4.1 | 1.5.0 | July 5, 2026 | |
| Depicter — Popup & Slider Builder | depicter |
95
|
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting | LOW | *-3.2.1 | 3.2.2 | July 5, 2026 | |
| delucks-seo | delucks-seo |
89
|
DELUCKS SEO <= 2.5.8 - Authenticated (Subscriber+) Arbitrary File Read | LOW | *-2.5.8 | July 5, 2026 | ||
| country-blocker | country-blocker |
89
|
Country Blocker <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-3.2 | July 5, 2026 | ||
| clickbank-storefront | clickbank-storefront |
91
|
Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-1.7 | July 5, 2026 | ||
| Message Filter for Contact Form 7 | cf7-message-filter |
89
|
Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization | LOW | *-1.6.3 | 1.6.3.1 | July 5, 2026 | |
| Broken Link Checker | broken-link-checker |
68
|
Broken Link Checker <= 2.4.1 - Authenticated (Admin+) Server-Side Request Forgery | LOW | *-2.4.1 | 2.4.2 | July 5, 2026 | |
| booking-system | booking-system |
91
|
Pinpoint Booking System – #1 WordPress Booking Plugin <= 2.9.9.5.7 - Missing Authorization | LOW | *-2.9.9.5.7 | 2.9.9.5.8 | July 5, 2026 | |
| board-document-manager-from-chuhpl | board-document-manager-from-chuhpl |
91
|
Board Document Manager from CHUHPL <= 1.9.1 - Reflected Cross-Site Scripting | LOW | *-1.9.1 | July 5, 2026 | ||
| armember-membership | armember-membership |
95
|
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | LOW | *-4.0.51 | 4.0.52 | July 5, 2026 | |
| arforms-form-builder | arforms-form-builder |
95
|
ARForms Form Builder <= 1.7.1 - HTML Injection | LOW | *-1.7.1 | 1.7.2 | July 5, 2026 | |
| advanced-control-manager | advanced-control-manager |
95
|
Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 - Reflected Cross-Site Scripting | LOW | *-2.16.0 | July 5, 2026 | ||
| abcbiz-addons | abcbiz-addons |
95
|
ABCBiz Addons for Elementor <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.0.2 | July 5, 2026 | ||
| contact-form-with-a-meeting-scheduler-by-vcita | contact-form-with-a-meeting-scheduler-by-vcita |
93
|
Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode | LOW | *-4.10.4 | 4.10.5 | July 5, 2026 | |
| wip-woocarousel-lite | wip-woocarousel-lite | N/A | WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.1.6 | 1.1.7 | July 5, 2026 | |
| related-post | related-post | N/A | Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure | LOW | *-2.0.58 | 2.0.59 | July 5, 2026 | |
| stars-testimonials-with-slider-and-masonry-grid | stars-testimonials-with-slider-and-masonry-grid | N/A | Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion | LOW | *-3.3.3 | 3.3.4 | July 5, 2026 | |
| gutentor | gutentor |
91
|
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | LOW | *-3.3.9 | 3.4.0 | July 5, 2026 | |
| Jetpack – WP Security, Backup, Speed, & Growth | jetpack |
69
|
Jetpack 13.0 - 14.0 - Reflected DOM-based Cross-Site Scripting | LOW | 13.0-14.0 | 14.1 | July 5, 2026 | |
| eelv-redirection | eelv-redirection |
93
|
Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect | LOW | *-1.5 | 1.5.1 | July 5, 2026 | |
| anywhere-elementor | anywhere-elementor |
97
|
AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure | LOW | *-1.2.11 | 1.2.12 | July 5, 2026 | |
| accounting-for-woocommerce | accounting-for-woocommerce |
97
|
Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting | LOW | *-1.6.6 | 1.6.7 | July 5, 2026 | |
| email-address-obfuscation | email-address-obfuscation |
93
|
Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter | LOW | *-1.0.1 | 1.1.0 | July 5, 2026 | |
| listdom | listdom |
93
|
Listdom – Business Directory and Classified Ads Listings WordPress Plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter | LOW | *-3.7.0 | 3.7.1 | July 5, 2026 | |
| wpbits-addons-for-elementor | wpbits-addons-for-elementor | N/A | WPBITS Addons For Elementor Page Builder <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | LOW | *-1.5.2 | 1.6 | July 5, 2026 | |
| order-status-for-woocommerce | order-status-for-woocommerce |
93
|
Additional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting | LOW | *-1.6.0 | 1.6.1 | July 5, 2026 | |
| searchiq | searchiq | N/A | SearchIQ – The Search Solution <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.6 | 4.7 | July 5, 2026 | |
| nps-computy | nps-computy |
93
|
NPS computy <= 2.8.0 - Reflected Cross-Site Scripting | LOW | *-2.8.0 | 2.8.1 | July 5, 2026 | |
| sg-helper | sg-helper | N/A | SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload | LOW | 1.0 | July 5, 2026 | ||
| responsive-youtube-videos | responsive-youtube-videos | N/A | Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.1 | July 5, 2026 | ||
| authors-list | authors-list |
91
|
Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax | LOW | *-2.0.4 | 2.0.5 | July 5, 2026 | |
| Pulsating Chat Button | amin-chat-button |
96
|
Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting | LOW | *-1.4.1 | 1.4.2 | July 5, 2026 | |
| ele-blog | ele-blog |
87
|
Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission | LOW | *-1.8 | July 5, 2026 | ||
| posti-shipping | posti-shipping | N/A | Posti Shipping <= 3.10.3 - Reflected Cross-Site Scripting | LOW | *-3.10.3 | 3.10.4 | July 5, 2026 | |
| funnelforms-free | funnelforms-free |
87
|
Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection | LOW | *-3.7.5.1 | July 5, 2026 | ||
| mightyforms | mightyforms |
93
|
Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.3.9 | 1.3.10 | July 5, 2026 | |
| wp-job-manager-companies | wp-job-manager-companies | N/A | WP Job Manager – Company Profiles <= 1.7 - Reflected Cross-Site Scripting | LOW | *-1.7 | 1.8 | July 5, 2026 | |
| wp-ecards-invites | wp-ecards-invites | N/A | WP eCards <= 1.3.904 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.3.904 | 1.3.905 | July 5, 2026 | |
| Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | wp-carousel-free | N/A | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-2.6.8 | 2.6.9 | July 5, 2026 | |
| woo-smart-quick-view | woo-smart-quick-view | N/A | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-4.1.1 | 4.1.2 | July 5, 2026 | |
| visual-portfolio | visual-portfolio | N/A | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-3.3.9 | 3.3.10 | July 5, 2026 | |
| ti-woocommerce-wishlist | ti-woocommerce-wishlist | N/A | TI WooCommerce Wishlist <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access | LOW | *-2.9.1 | 2.9.2 | July 5, 2026 | |
| the-plus-addons-for-block-editor | the-plus-addons-for-block-editor | N/A | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-4.3.1 | 4.3.2 | July 5, 2026 | |
| responsive-lightbox | responsive-lightbox | N/A | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-2.4.8 | 2.4.9 | July 5, 2026 | |
| pie-register-social-site | pie-register-social-site |
93
|
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider | LOW | *-1.7.9 | 1.8 | July 5, 2026 | |
| Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | nextgen-gallery |
66
|
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-3.59.4 | 3.59.5 | July 5, 2026 | |
| lastudio-element-kit | lastudio-element-kit |
93
|
LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure | LOW | *-1.4.4 | 1.4.5 | July 5, 2026 | |
| getwid | getwid |
93
|
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-2.0.11 | 2.0.12 | July 5, 2026 | |
| fv-wordpress-flowplayer | fv-wordpress-flowplayer |
93
|
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-7.5.47.7212 | 7.5.48.7212 | July 5, 2026 | |
| form-maker | form-maker |
93
|
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-1.15.27 | 1.15.28 | July 5, 2026 | |
| flower-delivery-by-florist-one | flower-delivery-by-florist-one |
93
|
Flower Delivery by Florist One <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.9 | 3.9.1 | July 5, 2026 | |
| fancybox-for-wordpress | fancybox-for-wordpress |
93
|
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-3.3.4 | 3.3.5 | July 5, 2026 | |
| exhibit-to-wp-gallery | exhibit-to-wp-gallery |
91
|
Exhibit to WP Gallery <= 0.0.2 - Reflected Cross-Site Scripting | LOW | *-0.0.2 | July 5, 2026 | ||
| Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | envira-gallery-lite |
94
|
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-1.8.15 | 1.8.16 | July 5, 2026 | |
| easy-fancybox | easy-fancybox |
93
|
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-2.3.3 | 2.3.4 | July 5, 2026 | |
| easy-facebook-likebox-premium | easy-facebook-likebox-premium |
91
|
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-6.6.2 | July 5, 2026 | ||
| dp-intro-tours | dp-intro-tours |
93
|
Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting | LOW | *-6.5.2 | 6.5.3 | July 5, 2026 | |
| dollie | dollie |
93
|
Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure | LOW | *-6.2.0 | 6.2.1 | July 5, 2026 | |
| colibri-page-builder | colibri-page-builder |
93
|
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-1.0.286 | 1.0.288 | July 5, 2026 | |
| classic-addons-wpbakery-page-builder-addons | classic-addons-wpbakery-page-builder-addons |
93
|
Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion | LOW | *-3.0 | 3.1 | July 5, 2026 | |
| basepress | basepress |
93
|
Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update | LOW | *-2.16.3.3 | 2.16.3.4 | July 5, 2026 | |
| b-testimonial | b-testimonial |
93
|
B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.2.2 | 1.2.3 | July 5, 2026 | |
| allaccessible | allaccessible |
97
|
Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update | LOW | *-1.3.4 | 1.3.5 | July 5, 2026 | |
| accordion-slider | accordion-slider |
97
|
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | LOW | *-1.9.12 | 1.9.13 | July 5, 2026 | |
| campaign-monitor-wp | campaign-monitor-wp |
93
|
Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting | LOW | *-2.5.7 | 2.5.8 | July 5, 2026 | |
| aweber-wp | aweber-wp |
93
|
AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting | LOW | *-2.5.7 | 2.5.8 | July 5, 2026 | |
| wp-mailster | wp-mailster | N/A | WP Mailster <= 1.8.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-1.8.17.0 | 1.8.18.0 | July 5, 2026 | |
| charity-addon-for-elementor | charity-addon-for-elementor |
91
|
Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure | LOW | *-1.3.3 | July 5, 2026 | ||
| ideapush | ideapush |
93
|
IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion | LOW | *-8.71 | 8.72 | July 5, 2026 | |
| bp-profile-shortcodes-extra | bp-profile-shortcodes-extra |
89
|
BP Profile Shortcodes Extra <= 2.6.0 - Authenticated (Contributor+) SQL Injection via tab Parameter | LOW | *-2.6.0 | July 5, 2026 | ||
| jalbum-bridge | jalbum-bridge |
93
|
jAlbum Bridge <= 2.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via ar Parameter | LOW | *-2.0.16 | 2.0.17 | July 5, 2026 | |
| quick-license-manager | quick-license-manager | N/A | Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting | LOW | *-2.4.17 | 2.4.18 | July 5, 2026 | |
| Spectra Gutenberg Blocks – Website Builder for the Block Editor | ultimate-addons-for-gutenberg | N/A | Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget | LOW | *-2.16.2 | 2.16.3 | July 5, 2026 | |
| zionbuilder | zionbuilder | N/A | WordPress Page Builder – Zion Builder <= 3.6.16 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-3.6.16 | 3.6.17 | July 5, 2026 | |
| z-downloads | z-downloads | N/A | Z-Downloads <= 1.11.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | LOW | *-1.11.7 | 1.11.8 | July 5, 2026 | |
| wpcasa | wpcasa | N/A | WPCasa <= 1.2.13 - Insecure Direct Object Reference | LOW | *-1.2.13 | 1.3.0 | July 5, 2026 | |
| wp-travel | wp-travel | N/A | WP Travel <= 9.6.0 - Missing Authorization | LOW | *-9.6.0 | 9.7.0 | July 5, 2026 | |
| wp-registration | wp-registration | N/A | Simple User Registration <= 5.5 - Missing Authorization to User Deletion | LOW | *-5.5 | 6.0 | July 5, 2026 | |
| wp-mailster | wp-mailster | N/A | WP Mailster <= 1.8.16.0 - Missing Authorization | LOW | *-1.8.16.0 | 1.8.17.0 | July 5, 2026 | |
| wp-mailster | wp-mailster | N/A | WP Mailster <= 1.8.16.0 - Missing Authorization | LOW | *-1.8.16.0 | 1.8.17.0 | July 5, 2026 | |
| wp-mailster | wp-mailster | N/A | WP Mailster <= 1.8.16.0 - Authenticated (Contributor+) SQL Injection via orderby | LOW | *-1.8.16.0 | 1.8.17.0 | July 5, 2026 | |
| wp-mailster | wp-mailster | N/A | WP Mailster <= 1.8.16.0 - Unauthenticated Information Exposure | LOW | *-1.8.16.0 | 1.8.17.0 | July 5, 2026 | |
| wp-geonames | wp-geonames | N/A | WP GeoNames <= 1.8 - Reflected Cross-Site Scripting | LOW | *-1.8 | 1.9 | July 5, 2026 | |
| wp-auctions | wp-auctions | N/A | WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) Stored Cross-Site Scripting | LOW | *-3.7 | July 5, 2026 | ||
| wp-auctions | wp-auctions | N/A | WordPress Auction Plugin <= 3.7 - Unauthenticated SQL Injection | LOW | *-3.7 | July 5, 2026 | ||
| wp-analytify | wp-analytify | N/A | Analytify <= 5.4.3 - Missing Authorization | LOW | *-5.4.3 | 5.5.0 | July 5, 2026 | |
| wedevs-project-manager | wedevs-project-manager | N/A | WP Project Manager <= 2.6.31 - Authenticated (Project Manager+) SQL Injection | LOW | *-2.6.31 | 3.0.0 | July 5, 2026 | |
| wdesignkit | wdesignkit | N/A | WDesignkit <= 1.0.40 - Authenticated (Administrator+) Arbitrary File Upload | LOW | *-1.0.40 | 1.1.0 | July 5, 2026 | |
| ultimate-post | ultimate-post | N/A | PostX <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-4.1.15 | 4.1.16 | July 5, 2026 | |
| tutor-lms-elementor-addons | tutor-lms-elementor-addons | N/A | Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization | LOW | *-2.1.5 | 2.1.6 | July 5, 2026 | |
| themesflat-addons-for-elementor | themesflat-addons-for-elementor | N/A | Themesflat Addons For Elementor <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.2.2 | 2.2.3 | July 5, 2026 | |
| the-plus-addons-for-elementor-page-builder | the-plus-addons-for-elementor-page-builder | N/A | The Plus Addons for Elementor Page Builder Lite <= 5.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-5.6.14 | 6.0.1 | July 5, 2026 | |
| sprout-invoices | sprout-invoices | N/A | Client Invoicing by Sprout Invoices <= 20.8.0 - Insecure Direct Object Reference | LOW | *-20.8.0 | 20.8.1 | July 5, 2026 | |
| scratch-win-giveaways-for-website-facebook | scratch-win-giveaways-for-website-facebook | N/A | Scratch & Win – Giveaways and Contests <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | LOW | *-2.6.9 | 2.7.0 | July 5, 2026 |
kivicare-clinic-management-system
kivicare-clinic-management-system
event-tickets-with-ticket-scanner
event-tickets-with-ticket-scanner
elite-notification
elite-notification
element-ready-lite
element-ready-lite
eewee-admincustom
eewee-admincustom
easy-blocks-pro
easy-blocks-pro
designer
designer
Depicter — Popup & Slider Builder
depicter
delucks-seo
delucks-seo
country-blocker
country-blocker
clickbank-storefront
clickbank-storefront
Message Filter for Contact Form 7
cf7-message-filter
Broken Link Checker
broken-link-checker
booking-system
booking-system
board-document-manager-from-chuhpl
board-document-manager-from-chuhpl
armember-membership
armember-membership
arforms-form-builder
arforms-form-builder
advanced-control-manager
advanced-control-manager
abcbiz-addons
abcbiz-addons
contact-form-with-a-meeting-scheduler-by-vcita
contact-form-with-a-meeting-scheduler-by-vcita
wip-woocarousel-lite
wip-woocarousel-lite
related-post
related-post
stars-testimonials-with-slider-and-masonry-grid
stars-testimonials-with-slider-and-masonry-grid
gutentor
gutentor
Jetpack – WP Security, Backup, Speed, & Growth
jetpack
eelv-redirection
eelv-redirection
anywhere-elementor
anywhere-elementor
accounting-for-woocommerce
accounting-for-woocommerce
email-address-obfuscation
email-address-obfuscation
listdom
listdom
wpbits-addons-for-elementor
wpbits-addons-for-elementor
order-status-for-woocommerce
order-status-for-woocommerce
searchiq
searchiq
nps-computy
nps-computy
sg-helper
sg-helper
responsive-youtube-videos
responsive-youtube-videos
authors-list
authors-list
Pulsating Chat Button
amin-chat-button
ele-blog
ele-blog
posti-shipping
posti-shipping
funnelforms-free
funnelforms-free
mightyforms
mightyforms
wp-job-manager-companies
wp-job-manager-companies
wp-ecards-invites
wp-ecards-invites
Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel
wp-carousel-free
woo-smart-quick-view
woo-smart-quick-view
visual-portfolio
visual-portfolio
ti-woocommerce-wishlist
ti-woocommerce-wishlist
the-plus-addons-for-block-editor
the-plus-addons-for-block-editor
responsive-lightbox
responsive-lightbox
pie-register-social-site
pie-register-social-site
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
nextgen-gallery
lastudio-element-kit
lastudio-element-kit
getwid
getwid
fv-wordpress-flowplayer
fv-wordpress-flowplayer
form-maker
form-maker
flower-delivery-by-florist-one
flower-delivery-by-florist-one
fancybox-for-wordpress
fancybox-for-wordpress
exhibit-to-wp-gallery
exhibit-to-wp-gallery
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More
envira-gallery-lite
easy-fancybox
easy-fancybox
easy-facebook-likebox-premium
easy-facebook-likebox-premium
dp-intro-tours
dp-intro-tours
dollie
dollie
colibri-page-builder
colibri-page-builder
classic-addons-wpbakery-page-builder-addons
classic-addons-wpbakery-page-builder-addons
basepress
basepress
b-testimonial
b-testimonial
allaccessible
allaccessible
accordion-slider
accordion-slider
campaign-monitor-wp
campaign-monitor-wp
aweber-wp
aweber-wp
wp-mailster
wp-mailster
charity-addon-for-elementor
charity-addon-for-elementor
ideapush
ideapush
bp-profile-shortcodes-extra
bp-profile-shortcodes-extra
jalbum-bridge
jalbum-bridge
quick-license-manager
quick-license-manager
Spectra Gutenberg Blocks – Website Builder for the Block Editor
ultimate-addons-for-gutenberg
zionbuilder
zionbuilder
z-downloads
z-downloads
wpcasa
wpcasa
wp-travel
wp-travel
wp-registration
wp-registration
wp-mailster
wp-mailster
wp-mailster
wp-mailster
wp-mailster
wp-mailster
wp-mailster
wp-mailster
wp-geonames
wp-geonames
wp-auctions
wp-auctions
wp-auctions
wp-auctions
wp-analytify
wp-analytify
wedevs-project-manager
wedevs-project-manager
wdesignkit
wdesignkit
ultimate-post
ultimate-post
tutor-lms-elementor-addons
tutor-lms-elementor-addons
themesflat-addons-for-elementor
themesflat-addons-for-elementor
the-plus-addons-for-elementor-page-builder
the-plus-addons-for-elementor-page-builder
sprout-invoices
sprout-invoices
scratch-win-giveaways-for-website-facebook
scratch-win-giveaways-for-website-facebook
Showing 14801 to 14900 of 36406 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 5, 2026 at 18:43 UTC.