Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

95

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
kivicare-clinic-management-system kivicare-clinic-management-system
93
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injection LOW *-3.6.4 3.6.5 July 5, 2026
event-tickets-with-ticket-scanner event-tickets-with-ticket-scanner
93
Event Tickets with Ticket Scanner <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-2.4.3 2.4.4 July 5, 2026
elite-notification elite-notification
93
Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce <= 1.5 - Missing Authorization LOW 1.5 2.0.0 July 5, 2026
element-ready-lite element-ready-lite
93
ElementsReady Addons for Elementor <= 6.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-6.4.7 6.4.8 July 5, 2026
eewee-admincustom eewee-admincustom
89
eewee admin custom <= 1.8.2.4 - Cross-Site Request Forgery to Privilege Escalation LOW *-1.8.2.4 July 5, 2026
easy-blocks-pro easy-blocks-pro
91
Easy Blocks pro <= 1.0.21 - Missing Authorization LOW *-1.0.21 July 5, 2026
designer designer
91
Designer <= 1.4.1 - Authenticated (Contributor+) Local File Inclusion LOW *-1.4.1 1.5.0 July 5, 2026
Depicter — Popup & Slider Builder depicter
95
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting LOW *-3.2.1 3.2.2 July 5, 2026
delucks-seo delucks-seo
89
DELUCKS SEO <= 2.5.8 - Authenticated (Subscriber+) Arbitrary File Read LOW *-2.5.8 July 5, 2026
country-blocker country-blocker
89
Country Blocker <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.2 July 5, 2026
clickbank-storefront clickbank-storefront
91
Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.7 July 5, 2026
Message Filter for Contact Form 7 cf7-message-filter
89
Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization LOW *-1.6.3 1.6.3.1 July 5, 2026
Broken Link Checker broken-link-checker
68
Broken Link Checker <= 2.4.1 - Authenticated (Admin+) Server-Side Request Forgery LOW *-2.4.1 2.4.2 July 5, 2026
booking-system booking-system
91
Pinpoint Booking System – #1 WordPress Booking Plugin <= 2.9.9.5.7 - Missing Authorization LOW *-2.9.9.5.7 2.9.9.5.8 July 5, 2026
board-document-manager-from-chuhpl board-document-manager-from-chuhpl
91
Board Document Manager from CHUHPL <= 1.9.1 - Reflected Cross-Site Scripting LOW *-1.9.1 July 5, 2026
armember-membership armember-membership
95
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution LOW *-4.0.51 4.0.52 July 5, 2026
arforms-form-builder arforms-form-builder
95
ARForms Form Builder <= 1.7.1 - HTML Injection LOW *-1.7.1 1.7.2 July 5, 2026
advanced-control-manager advanced-control-manager
95
Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 - Reflected Cross-Site Scripting LOW *-2.16.0 July 5, 2026
abcbiz-addons abcbiz-addons
95
ABCBiz Addons for Elementor <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.2 July 5, 2026
contact-form-with-a-meeting-scheduler-by-vcita contact-form-with-a-meeting-scheduler-by-vcita
93
Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode LOW *-4.10.4 4.10.5 July 5, 2026
wip-woocarousel-lite wip-woocarousel-lite N/A WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.6 1.1.7 July 5, 2026
related-post related-post N/A Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure LOW *-2.0.58 2.0.59 July 5, 2026
stars-testimonials-with-slider-and-masonry-grid stars-testimonials-with-slider-and-masonry-grid N/A Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion LOW *-3.3.3 3.3.4 July 5, 2026
gutentor gutentor
91
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget LOW *-3.3.9 3.4.0 July 5, 2026
Jetpack – WP Security, Backup, Speed, & Growth jetpack
69
Jetpack 13.0 - 14.0 - Reflected DOM-based Cross-Site Scripting LOW 13.0-14.0 14.1 July 5, 2026
eelv-redirection eelv-redirection
93
Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect LOW *-1.5 1.5.1 July 5, 2026
anywhere-elementor anywhere-elementor
97
AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure LOW *-1.2.11 1.2.12 July 5, 2026
accounting-for-woocommerce accounting-for-woocommerce
97
Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting LOW *-1.6.6 1.6.7 July 5, 2026
email-address-obfuscation email-address-obfuscation
93
Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter LOW *-1.0.1 1.1.0 July 5, 2026
listdom listdom
93
Listdom – Business Directory and Classified Ads Listings WordPress Plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter LOW *-3.7.0 3.7.1 July 5, 2026
wpbits-addons-for-elementor wpbits-addons-for-elementor N/A WPBITS Addons For Elementor Page Builder <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload LOW *-1.5.2 1.6 July 5, 2026
order-status-for-woocommerce order-status-for-woocommerce
93
Additional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting LOW *-1.6.0 1.6.1 July 5, 2026
searchiq searchiq N/A SearchIQ – The Search Solution <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.6 4.7 July 5, 2026
nps-computy nps-computy
93
NPS computy <= 2.8.0 - Reflected Cross-Site Scripting LOW *-2.8.0 2.8.1 July 5, 2026
sg-helper sg-helper N/A SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload LOW 1.0 July 5, 2026
responsive-youtube-videos responsive-youtube-videos N/A Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.1 July 5, 2026
authors-list authors-list
91
Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax LOW *-2.0.4 2.0.5 July 5, 2026
Pulsating Chat Button amin-chat-button
96
Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.1 1.4.2 July 5, 2026
ele-blog ele-blog
87
Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission LOW *-1.8 July 5, 2026
posti-shipping posti-shipping N/A Posti Shipping <= 3.10.3 - Reflected Cross-Site Scripting LOW *-3.10.3 3.10.4 July 5, 2026
funnelforms-free funnelforms-free
87
Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection LOW *-3.7.5.1 July 5, 2026
mightyforms mightyforms
93
Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.9 1.3.10 July 5, 2026
wp-job-manager-companies wp-job-manager-companies N/A WP Job Manager – Company Profiles <= 1.7 - Reflected Cross-Site Scripting LOW *-1.7 1.8 July 5, 2026
wp-ecards-invites wp-ecards-invites N/A WP eCards <= 1.3.904 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.904 1.3.905 July 5, 2026
Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel wp-carousel-free N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-2.6.8 2.6.9 July 5, 2026
woo-smart-quick-view woo-smart-quick-view N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-4.1.1 4.1.2 July 5, 2026
visual-portfolio visual-portfolio N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-3.3.9 3.3.10 July 5, 2026
ti-woocommerce-wishlist ti-woocommerce-wishlist N/A TI WooCommerce Wishlist <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access LOW *-2.9.1 2.9.2 July 5, 2026
the-plus-addons-for-block-editor the-plus-addons-for-block-editor N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-4.3.1 4.3.2 July 5, 2026
responsive-lightbox responsive-lightbox N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-2.4.8 2.4.9 July 5, 2026
pie-register-social-site pie-register-social-site
93
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider LOW *-1.7.9 1.8 July 5, 2026
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery nextgen-gallery
66
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-3.59.4 3.59.5 July 5, 2026
lastudio-element-kit lastudio-element-kit
93
LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure LOW *-1.4.4 1.4.5 July 5, 2026
getwid getwid
93
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-2.0.11 2.0.12 July 5, 2026
fv-wordpress-flowplayer fv-wordpress-flowplayer
93
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-7.5.47.7212 7.5.48.7212 July 5, 2026
form-maker form-maker
93
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-1.15.27 1.15.28 July 5, 2026
flower-delivery-by-florist-one flower-delivery-by-florist-one
93
Flower Delivery by Florist One <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.9 3.9.1 July 5, 2026
fancybox-for-wordpress fancybox-for-wordpress
93
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-3.3.4 3.3.5 July 5, 2026
exhibit-to-wp-gallery exhibit-to-wp-gallery
91
Exhibit to WP Gallery <= 0.0.2 - Reflected Cross-Site Scripting LOW *-0.0.2 July 5, 2026
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More envira-gallery-lite
94
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-1.8.15 1.8.16 July 5, 2026
easy-fancybox easy-fancybox
93
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-2.3.3 2.3.4 July 5, 2026
easy-facebook-likebox-premium easy-facebook-likebox-premium
91
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-6.6.2 July 5, 2026
dp-intro-tours dp-intro-tours
93
Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting LOW *-6.5.2 6.5.3 July 5, 2026
dollie dollie
93
Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure LOW *-6.2.0 6.2.1 July 5, 2026
colibri-page-builder colibri-page-builder
93
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-1.0.286 1.0.288 July 5, 2026
classic-addons-wpbakery-page-builder-addons classic-addons-wpbakery-page-builder-addons
93
Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion LOW *-3.0 3.1 July 5, 2026
basepress basepress
93
Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update LOW *-2.16.3.3 2.16.3.4 July 5, 2026
b-testimonial b-testimonial
93
B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.2 1.2.3 July 5, 2026
allaccessible allaccessible
97
Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update LOW *-1.3.4 1.3.5 July 5, 2026
accordion-slider accordion-slider
97
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library LOW *-1.9.12 1.9.13 July 5, 2026
campaign-monitor-wp campaign-monitor-wp
93
Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting LOW *-2.5.7 2.5.8 July 5, 2026
aweber-wp aweber-wp
93
AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting LOW *-2.5.7 2.5.8 July 5, 2026
wp-mailster wp-mailster N/A WP Mailster <= 1.8.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.17.0 1.8.18.0 July 5, 2026
charity-addon-for-elementor charity-addon-for-elementor
91
Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure LOW *-1.3.3 July 5, 2026
ideapush ideapush
93
IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion LOW *-8.71 8.72 July 5, 2026
bp-profile-shortcodes-extra bp-profile-shortcodes-extra
89
BP Profile Shortcodes Extra <= 2.6.0 - Authenticated (Contributor+) SQL Injection via tab Parameter LOW *-2.6.0 July 5, 2026
jalbum-bridge jalbum-bridge
93
jAlbum Bridge <= 2.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via ar Parameter LOW *-2.0.16 2.0.17 July 5, 2026
quick-license-manager quick-license-manager N/A Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting LOW *-2.4.17 2.4.18 July 5, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg N/A Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget LOW *-2.16.2 2.16.3 July 5, 2026
zionbuilder zionbuilder N/A WordPress Page Builder – Zion Builder <= 3.6.16 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-3.6.16 3.6.17 July 5, 2026
z-downloads z-downloads N/A Z-Downloads <= 1.11.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.11.7 1.11.8 July 5, 2026
wpcasa wpcasa N/A WPCasa <= 1.2.13 - Insecure Direct Object Reference LOW *-1.2.13 1.3.0 July 5, 2026
wp-travel wp-travel N/A WP Travel <= 9.6.0 - Missing Authorization LOW *-9.6.0 9.7.0 July 5, 2026
wp-registration wp-registration N/A Simple User Registration <= 5.5 - Missing Authorization to User Deletion LOW *-5.5 6.0 July 5, 2026
wp-mailster wp-mailster N/A WP Mailster <= 1.8.16.0 - Missing Authorization LOW *-1.8.16.0 1.8.17.0 July 5, 2026
wp-mailster wp-mailster N/A WP Mailster <= 1.8.16.0 - Missing Authorization LOW *-1.8.16.0 1.8.17.0 July 5, 2026
wp-mailster wp-mailster N/A WP Mailster <= 1.8.16.0 - Authenticated (Contributor+) SQL Injection via orderby LOW *-1.8.16.0 1.8.17.0 July 5, 2026
wp-mailster wp-mailster N/A WP Mailster <= 1.8.16.0 - Unauthenticated Information Exposure LOW *-1.8.16.0 1.8.17.0 July 5, 2026
wp-geonames wp-geonames N/A WP GeoNames <= 1.8 - Reflected Cross-Site Scripting LOW *-1.8 1.9 July 5, 2026
wp-auctions wp-auctions N/A WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-3.7 July 5, 2026
wp-auctions wp-auctions N/A WordPress Auction Plugin <= 3.7 - Unauthenticated SQL Injection LOW *-3.7 July 5, 2026
wp-analytify wp-analytify N/A Analytify <= 5.4.3 - Missing Authorization LOW *-5.4.3 5.5.0 July 5, 2026
wedevs-project-manager wedevs-project-manager N/A WP Project Manager <= 2.6.31 - Authenticated (Project Manager+) SQL Injection LOW *-2.6.31 3.0.0 July 5, 2026
wdesignkit wdesignkit N/A WDesignkit <= 1.0.40 - Authenticated (Administrator+) Arbitrary File Upload LOW *-1.0.40 1.1.0 July 5, 2026
ultimate-post ultimate-post N/A PostX <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.1.15 4.1.16 July 5, 2026
tutor-lms-elementor-addons tutor-lms-elementor-addons N/A Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization LOW *-2.1.5 2.1.6 July 5, 2026
themesflat-addons-for-elementor themesflat-addons-for-elementor N/A Themesflat Addons For Elementor <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.2 2.2.3 July 5, 2026
the-plus-addons-for-elementor-page-builder the-plus-addons-for-elementor-page-builder N/A The Plus Addons for Elementor Page Builder Lite <= 5.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.6.14 6.0.1 July 5, 2026
sprout-invoices sprout-invoices N/A Client Invoicing by Sprout Invoices <= 20.8.0 - Insecure Direct Object Reference LOW *-20.8.0 20.8.1 July 5, 2026
scratch-win-giveaways-for-website-facebook scratch-win-giveaways-for-website-facebook N/A Scratch & Win – Giveaways and Contests <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.6.9 2.7.0 July 5, 2026
LOW

kivicare-clinic-management-system

kivicare-clinic-management-system

Score: 93/100 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injection Affected: *-3.6.4 Patched: 3.6.5 Updated: July 5, 2026
LOW

event-tickets-with-ticket-scanner

event-tickets-with-ticket-scanner

Score: 93/100 Event Tickets with Ticket Scanner <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-2.4.3 Patched: 2.4.4 Updated: July 5, 2026
LOW

elite-notification

elite-notification

Score: 93/100 Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce <= 1.5 - Missing Authorization Affected: 1.5 Patched: 2.0.0 Updated: July 5, 2026
LOW

element-ready-lite

element-ready-lite

Score: 93/100 ElementsReady Addons for Elementor <= 6.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-6.4.7 Patched: 6.4.8 Updated: July 5, 2026
LOW

eewee-admincustom

eewee-admincustom

Score: 89/100 eewee admin custom <= 1.8.2.4 - Cross-Site Request Forgery to Privilege Escalation Affected: *-1.8.2.4 Patched: Updated: July 5, 2026
LOW

easy-blocks-pro

easy-blocks-pro

Score: 91/100 Easy Blocks pro <= 1.0.21 - Missing Authorization Affected: *-1.0.21 Patched: Updated: July 5, 2026
LOW

designer

designer

Score: 91/100 Designer <= 1.4.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.4.1 Patched: 1.5.0 Updated: July 5, 2026
LOW

Depicter — Popup & Slider Builder

depicter

Score: 95/100 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.2.1 Patched: 3.2.2 Updated: July 5, 2026
LOW

delucks-seo

delucks-seo

Score: 89/100 DELUCKS SEO <= 2.5.8 - Authenticated (Subscriber+) Arbitrary File Read Affected: *-2.5.8 Patched: Updated: July 5, 2026
LOW

country-blocker

country-blocker

Score: 89/100 Country Blocker <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.2 Patched: Updated: July 5, 2026
LOW

clickbank-storefront

clickbank-storefront

Score: 91/100 Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.7 Patched: Updated: July 5, 2026
LOW

Message Filter for Contact Form 7

cf7-message-filter

Score: 89/100 Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization Affected: *-1.6.3 Patched: 1.6.3.1 Updated: July 5, 2026
LOW

Broken Link Checker

broken-link-checker

Score: 68/100 Broken Link Checker <= 2.4.1 - Authenticated (Admin+) Server-Side Request Forgery Affected: *-2.4.1 Patched: 2.4.2 Updated: July 5, 2026
LOW

booking-system

booking-system

Score: 91/100 Pinpoint Booking System – #1 WordPress Booking Plugin <= 2.9.9.5.7 - Missing Authorization Affected: *-2.9.9.5.7 Patched: 2.9.9.5.8 Updated: July 5, 2026
LOW

board-document-manager-from-chuhpl

board-document-manager-from-chuhpl

Score: 91/100 Board Document Manager from CHUHPL <= 1.9.1 - Reflected Cross-Site Scripting Affected: *-1.9.1 Patched: Updated: July 5, 2026
LOW

armember-membership

armember-membership

Score: 95/100 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Affected: *-4.0.51 Patched: 4.0.52 Updated: July 5, 2026
LOW

arforms-form-builder

arforms-form-builder

Score: 95/100 ARForms Form Builder <= 1.7.1 - HTML Injection Affected: *-1.7.1 Patched: 1.7.2 Updated: July 5, 2026
LOW

advanced-control-manager

advanced-control-manager

Score: 95/100 Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 - Reflected Cross-Site Scripting Affected: *-2.16.0 Patched: Updated: July 5, 2026
LOW

abcbiz-addons

abcbiz-addons

Score: 95/100 ABCBiz Addons for Elementor <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: July 5, 2026
LOW

contact-form-with-a-meeting-scheduler-by-vcita

contact-form-with-a-meeting-scheduler-by-vcita

Score: 93/100 Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode Affected: *-4.10.4 Patched: 4.10.5 Updated: July 5, 2026
LOW

wip-woocarousel-lite

wip-woocarousel-lite

Score: N/A WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.6 Patched: 1.1.7 Updated: July 5, 2026
LOW

related-post

related-post

Score: N/A Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure Affected: *-2.0.58 Patched: 2.0.59 Updated: July 5, 2026
LOW

stars-testimonials-with-slider-and-masonry-grid

stars-testimonials-with-slider-and-masonry-grid

Score: N/A Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion Affected: *-3.3.3 Patched: 3.3.4 Updated: July 5, 2026
LOW

gutentor

gutentor

Score: 91/100 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Affected: *-3.3.9 Patched: 3.4.0 Updated: July 5, 2026
LOW

eelv-redirection

eelv-redirection

Score: 93/100 Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect Affected: *-1.5 Patched: 1.5.1 Updated: July 5, 2026
LOW

anywhere-elementor

anywhere-elementor

Score: 97/100 AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure Affected: *-1.2.11 Patched: 1.2.12 Updated: July 5, 2026
LOW

accounting-for-woocommerce

accounting-for-woocommerce

Score: 97/100 Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting Affected: *-1.6.6 Patched: 1.6.7 Updated: July 5, 2026
LOW

email-address-obfuscation

email-address-obfuscation

Score: 93/100 Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter Affected: *-1.0.1 Patched: 1.1.0 Updated: July 5, 2026
LOW

listdom

listdom

Score: 93/100 Listdom – Business Directory and Classified Ads Listings WordPress Plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter Affected: *-3.7.0 Patched: 3.7.1 Updated: July 5, 2026
LOW

wpbits-addons-for-elementor

wpbits-addons-for-elementor

Score: N/A WPBITS Addons For Elementor Page Builder <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.5.2 Patched: 1.6 Updated: July 5, 2026
LOW

order-status-for-woocommerce

order-status-for-woocommerce

Score: 93/100 Additional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting Affected: *-1.6.0 Patched: 1.6.1 Updated: July 5, 2026
LOW

searchiq

searchiq

Score: N/A SearchIQ – The Search Solution <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.6 Patched: 4.7 Updated: July 5, 2026
LOW

nps-computy

nps-computy

Score: 93/100 NPS computy <= 2.8.0 - Reflected Cross-Site Scripting Affected: *-2.8.0 Patched: 2.8.1 Updated: July 5, 2026
LOW

sg-helper

sg-helper

Score: N/A SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload Affected: 1.0 Patched: Updated: July 5, 2026
LOW

responsive-youtube-videos

responsive-youtube-videos

Score: N/A Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 5, 2026
LOW

authors-list

authors-list

Score: 91/100 Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax Affected: *-2.0.4 Patched: 2.0.5 Updated: July 5, 2026
LOW

Pulsating Chat Button

amin-chat-button

Score: 96/100 Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.1 Patched: 1.4.2 Updated: July 5, 2026
LOW

ele-blog

ele-blog

Score: 87/100 Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission Affected: *-1.8 Patched: Updated: July 5, 2026
LOW

posti-shipping

posti-shipping

Score: N/A Posti Shipping <= 3.10.3 - Reflected Cross-Site Scripting Affected: *-3.10.3 Patched: 3.10.4 Updated: July 5, 2026
LOW

funnelforms-free

funnelforms-free

Score: 87/100 Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection Affected: *-3.7.5.1 Patched: Updated: July 5, 2026
LOW

mightyforms

mightyforms

Score: 93/100 Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.9 Patched: 1.3.10 Updated: July 5, 2026
LOW

wp-job-manager-companies

wp-job-manager-companies

Score: N/A WP Job Manager – Company Profiles <= 1.7 - Reflected Cross-Site Scripting Affected: *-1.7 Patched: 1.8 Updated: July 5, 2026
LOW

wp-ecards-invites

wp-ecards-invites

Score: N/A WP eCards <= 1.3.904 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.904 Patched: 1.3.905 Updated: July 5, 2026
LOW

woo-smart-quick-view

woo-smart-quick-view

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-4.1.1 Patched: 4.1.2 Updated: July 5, 2026
LOW

visual-portfolio

visual-portfolio

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-3.3.9 Patched: 3.3.10 Updated: July 5, 2026
LOW

ti-woocommerce-wishlist

ti-woocommerce-wishlist

Score: N/A TI WooCommerce Wishlist <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access Affected: *-2.9.1 Patched: 2.9.2 Updated: July 5, 2026
LOW

the-plus-addons-for-block-editor

the-plus-addons-for-block-editor

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-4.3.1 Patched: 4.3.2 Updated: July 5, 2026
LOW

responsive-lightbox

responsive-lightbox

Score: N/A Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-2.4.8 Patched: 2.4.9 Updated: July 5, 2026
LOW

pie-register-social-site

pie-register-social-site

Score: 93/100 Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider Affected: *-1.7.9 Patched: 1.8 Updated: July 5, 2026
LOW

lastudio-element-kit

lastudio-element-kit

Score: 93/100 LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure Affected: *-1.4.4 Patched: 1.4.5 Updated: July 5, 2026
LOW

getwid

getwid

Score: 93/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-2.0.11 Patched: 2.0.12 Updated: July 5, 2026
LOW

fv-wordpress-flowplayer

fv-wordpress-flowplayer

Score: 93/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-7.5.47.7212 Patched: 7.5.48.7212 Updated: July 5, 2026
LOW

form-maker

form-maker

Score: 93/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-1.15.27 Patched: 1.15.28 Updated: July 5, 2026
LOW

flower-delivery-by-florist-one

flower-delivery-by-florist-one

Score: 93/100 Flower Delivery by Florist One <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.9 Patched: 3.9.1 Updated: July 5, 2026
LOW

fancybox-for-wordpress

fancybox-for-wordpress

Score: 93/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-3.3.4 Patched: 3.3.5 Updated: July 5, 2026
LOW

exhibit-to-wp-gallery

exhibit-to-wp-gallery

Score: 91/100 Exhibit to WP Gallery <= 0.0.2 - Reflected Cross-Site Scripting Affected: *-0.0.2 Patched: Updated: July 5, 2026
LOW

easy-fancybox

easy-fancybox

Score: 93/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-2.3.3 Patched: 2.3.4 Updated: July 5, 2026
LOW

easy-facebook-likebox-premium

easy-facebook-likebox-premium

Score: 91/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-6.6.2 Patched: Updated: July 5, 2026
LOW

dp-intro-tours

dp-intro-tours

Score: 93/100 Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting Affected: *-6.5.2 Patched: 6.5.3 Updated: July 5, 2026
LOW

dollie

dollie

Score: 93/100 Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure Affected: *-6.2.0 Patched: 6.2.1 Updated: July 5, 2026
LOW

colibri-page-builder

colibri-page-builder

Score: 93/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-1.0.286 Patched: 1.0.288 Updated: July 5, 2026
LOW

classic-addons-wpbakery-page-builder-addons

classic-addons-wpbakery-page-builder-addons

Score: 93/100 Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion Affected: *-3.0 Patched: 3.1 Updated: July 5, 2026
LOW

basepress

basepress

Score: 93/100 Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update Affected: *-2.16.3.3 Patched: 2.16.3.4 Updated: July 5, 2026
LOW

b-testimonial

b-testimonial

Score: 93/100 B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: 1.2.3 Updated: July 5, 2026
LOW

allaccessible

allaccessible

Score: 97/100 Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update Affected: *-1.3.4 Patched: 1.3.5 Updated: July 5, 2026
LOW

accordion-slider

accordion-slider

Score: 97/100 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Affected: *-1.9.12 Patched: 1.9.13 Updated: July 5, 2026
LOW

campaign-monitor-wp

campaign-monitor-wp

Score: 93/100 Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting Affected: *-2.5.7 Patched: 2.5.8 Updated: July 5, 2026
LOW

aweber-wp

aweber-wp

Score: 93/100 AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting Affected: *-2.5.7 Patched: 2.5.8 Updated: July 5, 2026
LOW

wp-mailster

wp-mailster

Score: N/A WP Mailster <= 1.8.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.17.0 Patched: 1.8.18.0 Updated: July 5, 2026
LOW

charity-addon-for-elementor

charity-addon-for-elementor

Score: 91/100 Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure Affected: *-1.3.3 Patched: Updated: July 5, 2026
LOW

ideapush

ideapush

Score: 93/100 IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion Affected: *-8.71 Patched: 8.72 Updated: July 5, 2026
LOW

bp-profile-shortcodes-extra

bp-profile-shortcodes-extra

Score: 89/100 BP Profile Shortcodes Extra <= 2.6.0 - Authenticated (Contributor+) SQL Injection via tab Parameter Affected: *-2.6.0 Patched: Updated: July 5, 2026
LOW

jalbum-bridge

jalbum-bridge

Score: 93/100 jAlbum Bridge <= 2.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via ar Parameter Affected: *-2.0.16 Patched: 2.0.17 Updated: July 5, 2026
LOW

quick-license-manager

quick-license-manager

Score: N/A Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting Affected: *-2.4.17 Patched: 2.4.18 Updated: July 5, 2026
LOW

zionbuilder

zionbuilder

Score: N/A WordPress Page Builder – Zion Builder <= 3.6.16 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.6.16 Patched: 3.6.17 Updated: July 5, 2026
LOW

z-downloads

z-downloads

Score: N/A Z-Downloads <= 1.11.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.11.7 Patched: 1.11.8 Updated: July 5, 2026
LOW

wpcasa

wpcasa

Score: N/A WPCasa <= 1.2.13 - Insecure Direct Object Reference Affected: *-1.2.13 Patched: 1.3.0 Updated: July 5, 2026
LOW

wp-travel

wp-travel

Score: N/A WP Travel <= 9.6.0 - Missing Authorization Affected: *-9.6.0 Patched: 9.7.0 Updated: July 5, 2026
LOW

wp-registration

wp-registration

Score: N/A Simple User Registration <= 5.5 - Missing Authorization to User Deletion Affected: *-5.5 Patched: 6.0 Updated: July 5, 2026
LOW

wp-mailster

wp-mailster

Score: N/A WP Mailster <= 1.8.16.0 - Missing Authorization Affected: *-1.8.16.0 Patched: 1.8.17.0 Updated: July 5, 2026
LOW

wp-mailster

wp-mailster

Score: N/A WP Mailster <= 1.8.16.0 - Missing Authorization Affected: *-1.8.16.0 Patched: 1.8.17.0 Updated: July 5, 2026
LOW

wp-mailster

wp-mailster

Score: N/A WP Mailster <= 1.8.16.0 - Authenticated (Contributor+) SQL Injection via orderby Affected: *-1.8.16.0 Patched: 1.8.17.0 Updated: July 5, 2026
LOW

wp-mailster

wp-mailster

Score: N/A WP Mailster <= 1.8.16.0 - Unauthenticated Information Exposure Affected: *-1.8.16.0 Patched: 1.8.17.0 Updated: July 5, 2026
LOW

wp-geonames

wp-geonames

Score: N/A WP GeoNames <= 1.8 - Reflected Cross-Site Scripting Affected: *-1.8 Patched: 1.9 Updated: July 5, 2026
LOW

wp-auctions

wp-auctions

Score: N/A WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-3.7 Patched: Updated: July 5, 2026
LOW

wp-auctions

wp-auctions

Score: N/A WordPress Auction Plugin <= 3.7 - Unauthenticated SQL Injection Affected: *-3.7 Patched: Updated: July 5, 2026
LOW

wp-analytify

wp-analytify

Score: N/A Analytify <= 5.4.3 - Missing Authorization Affected: *-5.4.3 Patched: 5.5.0 Updated: July 5, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.31 - Authenticated (Project Manager+) SQL Injection Affected: *-2.6.31 Patched: 3.0.0 Updated: July 5, 2026
LOW

wdesignkit

wdesignkit

Score: N/A WDesignkit <= 1.0.40 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-1.0.40 Patched: 1.1.0 Updated: July 5, 2026
LOW

ultimate-post

ultimate-post

Score: N/A PostX <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.1.15 Patched: 4.1.16 Updated: July 5, 2026
LOW

tutor-lms-elementor-addons

tutor-lms-elementor-addons

Score: N/A Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization Affected: *-2.1.5 Patched: 2.1.6 Updated: July 5, 2026
LOW

themesflat-addons-for-elementor

themesflat-addons-for-elementor

Score: N/A Themesflat Addons For Elementor <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.2 Patched: 2.2.3 Updated: July 5, 2026
LOW

the-plus-addons-for-elementor-page-builder

the-plus-addons-for-elementor-page-builder

Score: N/A The Plus Addons for Elementor Page Builder Lite <= 5.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.6.14 Patched: 6.0.1 Updated: July 5, 2026
LOW

sprout-invoices

sprout-invoices

Score: N/A Client Invoicing by Sprout Invoices <= 20.8.0 - Insecure Direct Object Reference Affected: *-20.8.0 Patched: 20.8.1 Updated: July 5, 2026
LOW

scratch-win-giveaways-for-website-facebook

scratch-win-giveaways-for-website-facebook

Score: N/A Scratch & Win – Giveaways and Contests <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.6.9 Patched: 2.7.0 Updated: July 5, 2026

Showing 14801 to 14900 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 18:43 UTC.