Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
36189Across tracked plugins
Affected Plugins
93With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| wc-multivendor-marketplace | wc-multivendor-marketplace | N/A | WCFM Marketplace – Multivendor Marketplace for WooCommerce <= 3.7.2 - Authenticated (Store vendor+) SQL Injection | LOW | *-3.7.2 | 3.7.3 | June 29, 2026 | |
| userpro | userpro | N/A | UserPro - Community and User Profile WordPress Plugin < 5.1.11 - Cross-Site Request Forgery | LOW | [*, 5.1.11) | 5.1.11 | June 29, 2026 | |
| plisio-payment-gateway-for-woocommerce | plisio-payment-gateway-for-woocommerce | N/A | Accept Cryptocurrencies with Plisio <= 2.0.6 - Missing Authorization | LOW | *-2.0.6 | June 29, 2026 | ||
| mini-ajax-woo-cart | mini-ajax-woo-cart | N/A | Mini Ajax Cart for WooCommerce <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting | LOW | *-1.3.4 | 1.3.5 | June 29, 2026 | |
| fluent-boards | fluent-boards |
93
|
FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration <= 1.91.2 - Authenticated (Board Member+) Insecure Direct Object Reference | LOW | *-1.91.2 | 1.91.3 | June 29, 2026 | |
| clover-online-orders | clover-online-orders |
91
|
Smart Online Order for Clover <= 1.6.0 - Cross-Site Request Forgery | LOW | *-1.6.0 | June 29, 2026 | ||
| woo-product-pricing-tables | woo-product-pricing-tables | N/A | Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion | LOW | *-1.1.0 | 1.1.1 | June 29, 2026 | |
| metform-pro | metform-pro | N/A | MetForm Pro <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' | LOW | *-3.9.7 | 3.9.8 | June 29, 2026 | |
| visa-acceptance-solutions | visa-acceptance-solutions | N/A | Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email | LOW | *-2.1.0 | June 29, 2026 | ||
| otm-accessibly | otm-accessibly | N/A | Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API | LOW | *-3.0.3 | June 29, 2026 | ||
| coachific-shortcode | coachific-shortcode |
91
|
Coachific Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'userhash' Shortcode Attribute | LOW | *-1.0 | June 29, 2026 | ||
| wp-circliful | wp-circliful | N/A | WP Circliful <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute | LOW | *-1.2 | June 29, 2026 | ||
| wm-jqmath | wm-jqmath | N/A | WM JqMath <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute | LOW | *-1.3 | June 29, 2026 | ||
| open-brain | open-brain | N/A | OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery | LOW | *-0.5.0 | June 29, 2026 | ||
| petje-af | petje-af | N/A | Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action | LOW | *-2.1.8 | June 29, 2026 | ||
| katalogportal-pdf-sync | katalogportal-pdf-sync |
91
|
Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action | LOW | *-1.0.0 | June 29, 2026 | ||
| e-shot-form-builder | e-shot-form-builder |
89
|
e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX | LOW | *-1.0.2 | June 29, 2026 | ||
| wpgo-power-charts-lite | wpgo-power-charts-lite | N/A | Power Charts <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute | LOW | *-0.1.0 | June 29, 2026 | ||
| vi-include-post-by | vi-include-post-by | N/A | VI: Include Post By <= 0.4.200706 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_container' Shortcode Attribute | LOW | *-0.4.200706 | June 29, 2026 | ||
| one-click-login-as-user | one-click-login-as-user | N/A | Login as User <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation via 'oclaup_original_admin' Cookie | LOW | *-1.0.1 | June 29, 2026 | ||
| quick-interest-slider | quick-interest-slider | N/A | Quick Interest Slider <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting | LOW | *-3.1.5 | 3.1.6 | June 29, 2026 | |
| inquiry-form-to-posts-or-pages | inquiry-form-to-posts-or-pages |
89
|
Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter | LOW | *-1.0 | June 29, 2026 | ||
| advanced-custom-fields | advanced-custom-fields |
97
|
Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters | LOW | *-6.7.0 | 6.7.1 | June 29, 2026 | |
| fusion-builder | fusion-builder |
93
|
Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution | LOW | *-3.15.1 | 3.15.2 | June 29, 2026 | |
| fusion-builder | fusion-builder |
93
|
Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference | LOW | *-3.15.1 | 3.15.2 | June 29, 2026 | |
| token-of-trust | token-of-trust | N/A | Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter | LOW | *-3.32.3 | 3.32.4 | June 29, 2026 | |
| list-view-google-calendar | list-view-google-calendar |
93
|
List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description | LOW | *-7.4.3 | 7.4.4 | June 29, 2026 | |
| interactive-3d-flipbook-powered-physics-engine | interactive-3d-flipbook-powered-physics-engine |
93
|
3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure | LOW | *-1.16.17 | 1.16.18 | June 29, 2026 | |
| cartasi-x-pay | cartasi-x-pay |
93
|
Nexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification | LOW | *-8.3.0 | 8.3.2 | June 29, 2026 | |
| wp-event-solution | wp-event-solution | N/A | Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure | LOW | *-4.1.8 | 4.1.9 | June 29, 2026 | |
| woocommerce-germanized | woocommerce-germanized | N/A | Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution | LOW | *-3.20.5 | 3.20.6 | June 29, 2026 | |
| post-carousel | post-carousel | N/A | Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection | LOW | *-3.0.12 | 3.0.13 | June 29, 2026 | |
| wholesale-products-dynamic-pricing-management-woocommerce | wholesale-products-dynamic-pricing-management-woocommerce | N/A | WholeSale Products Dynamic Pricing Management WooCommerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings | LOW | *-1.2 | 1.3.0 | June 29, 2026 | |
| ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | woolentor-addons | N/A | ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute | LOW | *-3.3.5 | 3.3.6 | June 29, 2026 | |
| surbma-bookingcom-shortcode | surbma-bookingcom-shortcode | N/A | Surbma | Booking.com <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | LOW | *-2.1 | 2.1.1 | June 29, 2026 | |
| BackWPup – WordPress Backup & Restore Plugin | backwpup |
96
|
BackWPup <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter | LOW | *-5.6.6 | 5.6.7 | June 29, 2026 | |
| form-maker | form-maker |
93
|
Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box | LOW | *-1.15.40 | 1.15.41 | June 29, 2026 | |
| learnpress | learnpress |
93
|
LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion | LOW | *-4.3.2.8 | 4.3.3 | June 29, 2026 | |
| jet-engine | jet-engine |
93
|
JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter | LOW | *-3.8.6.1 | 3.8.6.2 | June 29, 2026 | |
| User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | user-registration | N/A | User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter | LOW | *-5.1.4 | 5.1.5 | June 29, 2026 | |
| wpdirectorykit | wpdirectorykit | N/A | WP Directory Kit <= 1.5.0 - Unauthenticated SQL Injection | LOW | *-1.5.0 | 1.5.1 | June 29, 2026 | |
| wp-photo-album-plus | wp-photo-album-plus | N/A | WP Photo Album Plus <= 9.1.08.001 - Unauthenticated SQL Injection | LOW | *-9.1.08.001 | 9.1.08.002 | June 29, 2026 | |
| worker | worker | N/A | ManageWP Worker <= 4.9.31 - Unauthenticated Stored Cross-Site Scripting | LOW | *-4.9.31 | 4.9.32 | June 29, 2026 | |
| woo-product-filter | woo-product-filter | N/A | Product Filter for WooCommerce by WBW <= 3.1.2 - Unauthenticated SQL Injection | LOW | *-3.1.2 | 3.1.3 | June 29, 2026 | |
| speakout | speakout | N/A | SpeakOut! Email Petitions <= 4.6.5 - Unauthenticated SQL Injection | LOW | *-4.6.5 | 4.6.5.1 | June 29, 2026 | |
| post-duplicator | post-duplicator | N/A | Post Duplicator <= 3.0.10 - Authenticated (Contributor+) PHP Object Injection | LOW | *-3.0.10 | 3.0.11 | June 29, 2026 | |
| meta-box | meta-box | N/A | Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion | LOW | *-5.11.1 | 5.11.2 | June 29, 2026 | |
| magic-export-import | magic-export-import |
93
|
Magic Export & Import <= 1.1.0 - Unauthenticated Information Exposure | LOW | *-1.1.0 | 1.2.0 | June 29, 2026 | |
| jupiterx-core | jupiterx-core |
93
|
Jupiter X Core <= 4.14.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | LOW | *-4.14.1 | 4.14.2 | June 29, 2026 | |
| GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | geodirectory |
66
|
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.152 - Unauthenticated SQL Injection | LOW | *-2.8.152 | 2.8.154 | June 29, 2026 | |
| easy-appointments | easy-appointments |
93
|
Easy Appointments <= 3.12.21 - Missing Authorization | LOW | *-3.12.21 | 3.12.22 | June 29, 2026 | |
| Booking Activities | booking-activities |
74
|
Booking Activities <= 1.16.48.1 - Missing Authorization | LOW | *-1.16.48.1 | 1.17.0 | June 29, 2026 | |
| Frontend File Manager Plugin | nmedia-user-file-uploader |
86
|
Frontend File Manager <= 23.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Download Access | LOW | *-23.6 | June 29, 2026 | ||
| wpforo | wpforo | N/A | wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter | LOW | *-3.0.2 | 3.0.3 | June 29, 2026 | |
| lifterlms | lifterlms |
93
|
LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter | LOW | *-9.2.1 | 9.2.2 | June 29, 2026 | |
| userswp | userswp | N/A | UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter | LOW | *-1.2.58 | 1.2.59 | June 29, 2026 | |
| bp-groupblog | bp-groupblog |
93
|
BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR | LOW | *-1.9.3 | 1.9.4 | June 29, 2026 | |
| blockart-blocks | blockart-blocks |
93
|
BlockArt Blocks <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute | LOW | *-2.2.15 | 2.3.0 | June 29, 2026 | |
| tutor | tutor | N/A | Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification | LOW | *-3.9.7 | 3.9.8 | June 29, 2026 | |
| optimole-wp | optimole-wp | N/A | Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter | LOW | *-4.2.2 | 4.2.3 | June 29, 2026 | |
| greenshift-animation-and-page-builder-blocks | greenshift-animation-and-page-builder-blocks |
93
|
Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute | LOW | *-12.8.9 | 12.9.0 | June 29, 2026 | |
| tutor | tutor | N/A | Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment | LOW | *-3.9.7 | 3.9.8 | June 29, 2026 | |
| optimole-wp | optimole-wp | N/A | Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL | LOW | *-4.2.3 | 4.2.4 | June 29, 2026 | |
| gravitysmtp | gravitysmtp |
93
|
Gravity SMTP <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall | LOW | *-2.1.4 | 2.1.5 | June 29, 2026 | |
| addfunc-head-footer-code | addfunc-head-footer-code |
97
|
AddFunc Head & Footer Code <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields | LOW | *-2.3 | 2.4 | June 29, 2026 | |
| Aruba HiSpeed Cache | aruba-hispeed-cache |
94
|
Aruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset | LOW | *-3.0.4 | 3.0.5 | June 29, 2026 | |
| userswp | userswp | N/A | UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter | LOW | *-1.2.58 | 1.2.59 | June 29, 2026 | |
| tutor | tutor | N/A | Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter | LOW | *-3.9.7 | 3.9.8 | June 29, 2026 | |
| webling | webling | N/A | Webling <= 3.9.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'title' Parameter | LOW | *-3.9.0 | 3.9.1 | June 29, 2026 | |
| customer-reviews-woocommerce | customer-reviews-woocommerce |
93
|
Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter | LOW | *-5.103.0 | 5.104.0 | June 29, 2026 | |
| royal-backup-reset | royal-backup-reset | N/A | Royal WordPress Backup & Restore Plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter | LOW | *-1.0.16 | 1.0.17 | June 29, 2026 | |
| Download Manager | download-manager |
63
|
Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal | LOW | *-3.3.51 | 3.3.52 | June 29, 2026 | |
| perfmatters | perfmatters | N/A | Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter | LOW | *-2.5.9 | 2.6.0 | June 29, 2026 | |
| WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance | wp-optimize |
76
|
WP-Optimize <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation | LOW | *-4.5.0 | 4.5.1 | June 29, 2026 | |
| wp-trending-post-slider-and-widget | wp-trending-post-slider-and-widget | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 1.8.6 | 1.8.6.1 | June 29, 2026 | |
| wp-testimonial-with-widget | wp-testimonial-with-widget | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 3.5.6 | 3.5.6.1 | June 29, 2026 | |
| wp-team-showcase-and-slider | wp-team-showcase-and-slider | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 2.8.6 | 2.8.6.1 | June 29, 2026 | |
| wp-slick-slider-and-image-carousel | wp-slick-slider-and-image-carousel | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 3.7.8.1 | 3.7.8.2 | June 29, 2026 | |
| wp-responsive-recent-post-slider | wp-responsive-recent-post-slider | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 3.7.1 | 3.7.1.1 | June 29, 2026 | |
| wp-logo-showcase-responsive-slider-slider | wp-logo-showcase-responsive-slider-slider | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 3.8.7 | 3.8.7.1 | June 29, 2026 | |
| wp-featured-content-and-slider | wp-featured-content-and-slider | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 1.7.6 | 1.7.6.1 | June 29, 2026 | |
| wp-blog-and-widgets | wp-blog-and-widgets | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 2.6.6 | 2.6.6.1 | June 29, 2026 | |
| User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | user-registration | N/A | User Registration <= 5.1.5 - Reflected Cross-Site Scripting | LOW | *-5.1.5 | 5.1.6 | June 29, 2026 | |
| timeline-and-history-slider | timeline-and-history-slider | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 2.4.5 | 2.4.5.1 | June 29, 2026 | |
| ticker-ultimate | ticker-ultimate | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 1.7.6 | 1.7.6.1 | June 29, 2026 | |
| sp-news-and-widget | sp-news-and-widget | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 5.0.6 | 5.0.6.1 | June 29, 2026 | |
| sp-faq | sp-faq | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 3.9.5 | 3.9.5.1 | June 29, 2026 | |
| post-grid-and-filter-ultimate | post-grid-and-filter-ultimate | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 1.7.4 | 1.7.4.1 | June 29, 2026 | |
| portfolio-and-projects | portfolio-and-projects | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 1.5.6 | 1.5.6.1 | June 29, 2026 | |
| popup-anything-on-click | popup-anything-on-click | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 2.9.1 | 2.9.1.1 | June 29, 2026 | |
| meta-slider-and-carousel-with-lightbox | meta-slider-and-carousel-with-lightbox | N/A | Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 2.0.8 | 2.0.8.1 | June 29, 2026 | |
| majestic-support | majestic-support |
93
|
Majestic Support <= 1.1.2 - Missing Authorization | LOW | *-1.1.2 | 1.1.3 | June 29, 2026 | |
| html5-videogallery-plus-player | html5-videogallery-plus-player |
93
|
Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 2.8.7 | 2.8.7.1 | June 29, 2026 | |
| featured-post-creative | featured-post-creative |
93
|
Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 1.5.7 | 1.5.7.1 | June 29, 2026 | |
| countdown-timer-ultimate | countdown-timer-ultimate |
93
|
Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 2.6.9 | 2.6.9.1 | June 29, 2026 | |
| blog-designer-for-post-and-widget | blog-designer-for-post-and-widget |
93
|
Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 2.7.7 | 2.7.7.1 | June 29, 2026 | |
| album-and-image-gallery-plus-lightbox | album-and-image-gallery-plus-lightbox |
97
|
Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 2.1.8 | 2.1.8.1 | June 29, 2026 | |
| accordion-and-accordion-slider | accordion-and-accordion-slider |
97
|
Essentialplugin Plugins (Various Versions) - Injected Backdoor | LOW | 1.4.6 | 1.4.6.1 | June 29, 2026 | |
| userswp | userswp | N/A | UsersWP <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution | LOW | *-1.2.60 | 1.2.61 | June 29, 2026 | |
| quick-playground | quick-playground | N/A | Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload | LOW | *-1.3.1 | 1.3.2 | June 29, 2026 |
LOW
wc-multivendor-marketplace
wc-multivendor-marketplace
LOW
userpro
userpro
LOW
plisio-payment-gateway-for-woocommerce
plisio-payment-gateway-for-woocommerce
LOW
mini-ajax-woo-cart
mini-ajax-woo-cart
LOW
fluent-boards
fluent-boards
LOW
clover-online-orders
clover-online-orders
LOW
woo-product-pricing-tables
woo-product-pricing-tables
LOW
metform-pro
metform-pro
LOW
visa-acceptance-solutions
visa-acceptance-solutions
LOW
otm-accessibly
otm-accessibly
LOW
coachific-shortcode
coachific-shortcode
LOW
wp-circliful
wp-circliful
LOW
wm-jqmath
wm-jqmath
LOW
open-brain
open-brain
LOW
petje-af
petje-af
LOW
katalogportal-pdf-sync
katalogportal-pdf-sync
LOW
e-shot-form-builder
e-shot-form-builder
LOW
wpgo-power-charts-lite
wpgo-power-charts-lite
LOW
vi-include-post-by
vi-include-post-by
LOW
one-click-login-as-user
one-click-login-as-user
LOW
quick-interest-slider
quick-interest-slider
LOW
inquiry-form-to-posts-or-pages
inquiry-form-to-posts-or-pages
LOW
advanced-custom-fields
advanced-custom-fields
LOW
fusion-builder
fusion-builder
LOW
fusion-builder
fusion-builder
LOW
token-of-trust
token-of-trust
LOW
list-view-google-calendar
list-view-google-calendar
LOW
interactive-3d-flipbook-powered-physics-engine
interactive-3d-flipbook-powered-physics-engine
LOW
cartasi-x-pay
cartasi-x-pay
LOW
wp-event-solution
wp-event-solution
LOW
woocommerce-germanized
woocommerce-germanized
LOW
post-carousel
post-carousel
LOW
wholesale-products-dynamic-pricing-management-woocommerce
wholesale-products-dynamic-pricing-management-woocommerce
LOW
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin
woolentor-addons
LOW
surbma-bookingcom-shortcode
surbma-bookingcom-shortcode
LOW
BackWPup – WordPress Backup & Restore Plugin
backwpup
LOW
form-maker
form-maker
LOW
learnpress
learnpress
LOW
jet-engine
jet-engine
LOW
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
user-registration
LOW
wpdirectorykit
wpdirectorykit
LOW
wp-photo-album-plus
wp-photo-album-plus
LOW
worker
worker
LOW
woo-product-filter
woo-product-filter
LOW
speakout
speakout
LOW
post-duplicator
post-duplicator
LOW
meta-box
meta-box
LOW
magic-export-import
magic-export-import
LOW
jupiterx-core
jupiterx-core
LOW
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
geodirectory
LOW
easy-appointments
easy-appointments
LOW
Booking Activities
booking-activities
LOW
Frontend File Manager Plugin
nmedia-user-file-uploader
LOW
wpforo
wpforo
LOW
lifterlms
lifterlms
LOW
userswp
userswp
LOW
bp-groupblog
bp-groupblog
LOW
blockart-blocks
blockart-blocks
LOW
tutor
tutor
LOW
optimole-wp
optimole-wp
LOW
greenshift-animation-and-page-builder-blocks
greenshift-animation-and-page-builder-blocks
LOW
tutor
tutor
LOW
optimole-wp
optimole-wp
LOW
gravitysmtp
gravitysmtp
LOW
addfunc-head-footer-code
addfunc-head-footer-code
LOW
Aruba HiSpeed Cache
aruba-hispeed-cache
LOW
userswp
userswp
LOW
tutor
tutor
LOW
webling
webling
LOW
customer-reviews-woocommerce
customer-reviews-woocommerce
LOW
royal-backup-reset
royal-backup-reset
LOW
Download Manager
download-manager
LOW
perfmatters
perfmatters
LOW
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance
wp-optimize
LOW
wp-trending-post-slider-and-widget
wp-trending-post-slider-and-widget
LOW
wp-testimonial-with-widget
wp-testimonial-with-widget
LOW
wp-team-showcase-and-slider
wp-team-showcase-and-slider
LOW
wp-slick-slider-and-image-carousel
wp-slick-slider-and-image-carousel
LOW
wp-responsive-recent-post-slider
wp-responsive-recent-post-slider
LOW
wp-logo-showcase-responsive-slider-slider
wp-logo-showcase-responsive-slider-slider
LOW
wp-featured-content-and-slider
wp-featured-content-and-slider
LOW
wp-blog-and-widgets
wp-blog-and-widgets
LOW
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
user-registration
LOW
timeline-and-history-slider
timeline-and-history-slider
LOW
ticker-ultimate
ticker-ultimate
LOW
sp-news-and-widget
sp-news-and-widget
LOW
sp-faq
sp-faq
LOW
post-grid-and-filter-ultimate
post-grid-and-filter-ultimate
LOW
portfolio-and-projects
portfolio-and-projects
LOW
popup-anything-on-click
popup-anything-on-click
LOW
meta-slider-and-carousel-with-lightbox
meta-slider-and-carousel-with-lightbox
LOW
majestic-support
majestic-support
LOW
html5-videogallery-plus-player
html5-videogallery-plus-player
LOW
featured-post-creative
featured-post-creative
LOW
countdown-timer-ultimate
countdown-timer-ultimate
LOW
blog-designer-for-post-and-widget
blog-designer-for-post-and-widget
LOW
album-and-image-gallery-plus-lightbox
album-and-image-gallery-plus-lightbox
LOW
accordion-and-accordion-slider
accordion-and-accordion-slider
LOW
userswp
userswp
LOW
quick-playground
quick-playground
Showing 1401 to 1500 of 36189 results
Important: Review Required
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: June 29, 2026 at 12:00 UTC.