Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36406

Across tracked plugins

Affected Plugins

91

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
s2member s2member N/A s2Member (Pro) <= 241114 - Unauthenticated Remote Code Execution LOW *-241114 241216 July 5, 2026
revy revy N/A Revy <= 1.18 - Unauthenticated SQL Injection LOW *-1.18 July 5, 2026
revy revy N/A Revy <= 1.18 - Unauthenticated Arbitrary File Upload LOW *-1.18 July 5, 2026
postman-widget postman-widget N/A Paloma Widget <= 1.14 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.14 July 5, 2026
pie-register-premium pie-register-premium
93
Pie Register Premium < 3.8.3.3 - Unauthenticated Arbitrary File Upload LOW [*, 3.8.3.3) 3.8.3.3 July 5, 2026
pie-register-premium pie-register-premium
93
Pie Register Premium < 3.8.3.3 - Unauthenticated Cross-Site Scripting LOW [*, 3.8.3.3) 3.8.3.3 July 5, 2026
nex-forms-express-wp-form-builder nex-forms-express-wp-form-builder
93
NEX-Forms – Ultimate Form Builder <= 8.7.8 - Authenticated (Administrator+) SQL Injection LOW *-8.7.8 8.7.9 July 5, 2026
namaste-lms namaste-lms
91
Namaste! LMS <= 2.6.4.1 - Cross-Site Request Forgery LOW *-2.6.4.1 2.6.5 July 5, 2026
my-auctions-allegro-free-edition my-auctions-allegro-free-edition
89
My auctions allegro <= 3.6.17 - Reflected Cross-Site Scripting LOW *-3.6.17 3.6.18 July 5, 2026
magical-addons-for-elementor magical-addons-for-elementor
93
Magical Addons For Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.6 1.3.7 July 5, 2026
logs-de-connexion logs-de-connexion
89
Connexion Logs <= 3.0.2 - Authenticated (Admin+) SQL Injection LOW *-3.0.2 July 5, 2026
logs-de-connexion logs-de-connexion
89
Connexion Logs <= 3.0.2 - Cross-Site Request Forgery to Log Deletion LOW *-3.0.2 July 5, 2026
gs-pinterest-portfolio gs-pinterest-portfolio
93
WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.8.8 1.8.9 July 5, 2026
goodlayers-core goodlayers-core
93
Goodlayers Core <= 2.0.7 - Reflected Cross-Site Scripting via 'font-family' LOW *-2.0.7 2.0.8 July 5, 2026
futurio-extra futurio-extra
93
Futurio Extra <= 2.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_size tag LOW *-2.0.14 2.0.15 July 5, 2026
form-data-collector form-data-collector
93
Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting LOW *-2.2.3 2.2.4 July 5, 2026
FileBird – WordPress Media Library Folders & File Manager filebird
80
Filebird <= 6.3.2 - Missing Authorization LOW *-6.3.2 6.3.4 July 5, 2026
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution file-manager-advanced
66
Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-5.2.10 5.2.11 July 5, 2026
fat-services-booking fat-services-booking
86
FAT Services Booking <= 5.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting LOW *-5.6 July 5, 2026
fat-services-booking fat-services-booking
86
FAT Services Booking <= 5.6 - Unauthenticated SQL Injection LOW *-5.6 July 5, 2026
cs-element-bucket cs-element-bucket
91
Advanced Element Bucket Addons for Elementor <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
Maspik – Ultimate Spam Protection contact-forms-anti-spam
78
Maspik – Spam blacklist <= 2.2.7 - Cross-Site Request Forgery to Plugin Settings Change LOW *-2.2.7 2.2.8 July 5, 2026
cmsmasters-elementor-addon cmsmasters-elementor-addon
93
CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets LOW *-1.14.7 1.15.0 July 5, 2026
church-admin church-admin
93
Church Admin <= 5.0.8 - Missing Authorization LOW *-5.0.8 5.0.9 July 5, 2026
captivatesync-trade captivatesync-trade
93
Captivate Sync <= 2.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode LOW *-2.0.22 2.0.26 July 5, 2026
borderless borderless
93
Borderless <= 1.5.8 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.5.8 1.5.9 July 5, 2026
booking-system booking-system
91
Pinpoint Booking System <= 2.9.9.5.1 - Authenticated (Subscriber+) SQL Injection LOW *-2.9.9.5.1 2.9.9.5.2 July 5, 2026
bold-page-builder bold-page-builder
86
Bold Page Builder <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-5.2.1 5.2.2 July 5, 2026
bmlt-tabbed-map bmlt-tabbed-map
93
BMLT Tabbed Map <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.1.8 1.2.0 July 5, 2026
block-controller block-controller
91
Block Controller <= 1.4.3 - Reflected Cross-Site Scripting LOW *-1.4.3 July 5, 2026
beaver-builder-lite-version beaver-builder-lite-version
93
Beaver Builder <= 2.8.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.8.4.3 2.8.4.4 July 5, 2026
bdthemes-element-pack-lite bdthemes-element-pack-lite
93
Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget LOW *-5.10.5 5.10.6 July 5, 2026
bakkbone-florist-companion bakkbone-florist-companion
93
FloristPress <= 7.3.0 - Missing Authorization to Sensitive Data Exposure LOW *-7.3.0 7.4.0 July 5, 2026
bakkbone-florist-companion bakkbone-florist-companion
93
FloristPress <= 7.3.0 - Missing Authorization to Arbitrary Content Deletion LOW *-7.3.0 7.4.0 July 5, 2026
awesome-shortcodes awesome-shortcodes
93
Awesome Shortcodes <= 1.7.2 - Reflected Cross-Site Scripting LOW *-1.7.2 1.7.3 July 5, 2026
arkhe-blocks arkhe-blocks
95
Arkhe Blocks <= 2.27.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attributes LOW *-2.27.0 2.27.1 July 5, 2026
arforms arforms
95
ARForms <= 6.4.1 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Read LOW *-6.4.1 July 5, 2026
arforms arforms
95
ARForms <= 6.4.1 - Missing Authorization to Plugin Settings Change LOW *-6.4.1 July 5, 2026
all-bootstrap-blocks all-bootstrap-blocks
97
All Bootstrap Blocks <= 1.3.19 - Authenticated (Contributor+) Local File Inclusion LOW *-1.3.19 1.3.20 July 5, 2026
aio-contact aio-contact
95
AIO Contact <= 2.8.1 - Missing Authorization LOW *-2.8.1 July 5, 2026
aio-contact aio-contact
95
AIO Contact <= 2.8.1 - Unauthenticated Stored Cross-Site Scripting LOW *-2.8.1 July 5, 2026
aco-product-labels-for-woocommerce aco-product-labels-for-woocommerce
97
Product Labels For Woocommerce <= 1.5.8 - Authenticated (Administrator+) SQL Injection LOW *-1.5.8 1.5.9 July 5, 2026
dp-intro-tours dp-intro-tours
93
Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting LOW *-6.5.2 6.5.3 July 5, 2026
sassy-social-share sassy-social-share N/A Social Sharing Plugin – Sassy Social Share <= 3.3.69 - Reflected Cross-Site Scripting via heateor_mastodon_share Parameter LOW *-3.3.69 3.3.70 July 5, 2026
watu watu N/A Watu Quiz <= 3.4.1.2 - Authenticated (Contributor+) SQL Injection LOW *-3.4.1.2 3.4.1.3 July 5, 2026
maxbuttons maxbuttons
93
WordPress Button Plugin MaxButtons <= 9.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Button Width LOW *-9.8.0 9.8.1 July 5, 2026
maxbuttons maxbuttons
93
WordPress Button Plugin MaxButtons <= 9.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Text Color LOW *-9.8.0 9.8.1 July 5, 2026
lenxel-core lenxel-core
89
Lenxel Core <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.5 July 5, 2026
lenxel-core lenxel-core
89
Lenxel Core <= 1.2.5 - Authenticated (Contributor+) Local File Inclusion LOW *-1.2.5 July 5, 2026
gtpayment-donation gtpayment-donation
91
GTPayment Donations <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 5, 2026
edoc-easy-tables edoc-easy-tables
89
eDoc Easy Tables <= 1.29 - Cross-Site Request Forgery to SQL Injection LOW *-1.29 July 5, 2026
Download Manager download-manager
63
Download Manager <= 3.3.02 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-3.3.02 3.3.03 July 5, 2026
cryout-serious-slider cryout-serious-slider
93
Serious Slider <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-1.2.6 1.2.7 July 5, 2026
znajdz-prace-z-pracapl znajdz-prace-z-pracapl N/A Znajdź Pracę z Praca.pl <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.2.3 July 5, 2026
yahoo-media-player yahoo-media-player N/A Yahoo! WebPlayer <= 2.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.0.6 July 5, 2026
wp-revisions-manager wp-revisions-manager N/A WP Revisions Manager <= 1.0.2 - Cross-Site Request Forgery LOW *-1.0.2 July 5, 2026
wp-mermaid wp-mermaid N/A WP Mermaid <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
wp-mathjax-plus wp-mathjax-plus N/A WP MathJax <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 5, 2026
wp-find-your-nearest wp-find-your-nearest N/A WP Find Your Nearest <= 0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.3.1 July 5, 2026
woocommerce-ultimate-gift-card woocommerce-ultimate-gift-card N/A WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates < 2.9.1 - Reflected Cross-Site Scripting LOW [*, 2.9.1) 2.9.1 July 5, 2026
video-player-for-wpbakery video-player-for-wpbakery N/A Video Player for WPBakery <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 1.0.2 July 5, 2026
vertical-carousel-slider vertical-carousel-slider N/A Vertical Carousel <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
uber-grid uber-grid N/A WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Editor+) Stored Cross-Site Scripting LOW *-1.1.7 July 5, 2026
third-party-cookie-eraser third-party-cookie-eraser N/A Third Party Cookie Eraser <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.2 July 5, 2026
spatialmatch-free-lifestyle-search spatialmatch-free-lifestyle-search N/A SpatialMatch IDX <= 3.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-3.0.9 July 5, 2026
sparkle-elementor-kit sparkle-elementor-kit N/A Sparkle Elementor Kit <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.0.9 July 5, 2026
softtemplates-for-elementor softtemplates-for-elementor N/A Softtemplates For Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.8 July 5, 2026
smart-marketing-for-wp smart-marketing-for-wp N/A Smart Marketing SMS and Newsletters Forms <= 5.0.4 - Missing Authorization LOW *-5.0.4 5.0.5 July 5, 2026
skyboot-portfolio-gallery skyboot-portfolio-gallery N/A Elementor Image Gallery Plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.5 1.0.6 July 5, 2026
simpleschema-free simpleschema-free N/A SimpleSchema <= 1.7.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.7.6.9 July 5, 2026
simple-popup-plugin simple-popup-plugin N/A Simple Popup <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.6 July 5, 2026
simple-header-and-footer simple-header-and-footer N/A Simple Header and Footer <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.0.0 July 5, 2026
rccp-free rccp-free N/A RingCentral Communications <= 1.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.6.1 July 5, 2026
random-banner random-banner N/A Random Banner <= 4.2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.2.11 July 5, 2026
posti-shipping posti-shipping N/A Posti Shipping <= 3.10.2 - Full Path Disclosure LOW *-3.10.2 3.10.3 July 5, 2026
post-carousel-slider-for-elementor post-carousel-slider-for-elementor
91
Post Carousel Slider for Elementor <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.5.0 1.6.0 July 5, 2026
pixobe-cartography pixobe-cartography
89
Pixobe Cartography <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.1 July 5, 2026
photo-video-store photo-video-store
89
Photo Video Store <= 21.07 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-21.07 July 5, 2026
paypal-responder paypal-responder
91
PayPal Responder <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2 July 5, 2026
out-of-stock-badge out-of-stock-badge
91
Out Of Stock Badge <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-site Scripting LOW *-1.3.1 July 5, 2026
ni-woocommerce-cost-of-goods ni-woocommerce-cost-of-goods
93
Ni WooCommerce Cost Of Goods <= 3.2.8 - Authenticated (Administrator+) SQL Injection LOW *-3.2.8 3.2.9 July 5, 2026
multilevel-referral-plugin-for-woocommerce multilevel-referral-plugin-for-woocommerce
93
Multilevel Referral Affiliate Plugin for WooCommerce <= 2.27 - Reflected Cross-Site Scripting LOW *-2.27 2.28 July 5, 2026
mins-to-read mins-to-read
91
Mins To Read <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.2 July 5, 2026
mail-picker mail-picker
93
Mail Picker <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.15 1.0.16 July 5, 2026
load-more-posts load-more-posts
91
Load More Posts <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.4.0 July 5, 2026
fd-elementor-button-plus fd-elementor-button-plus
91
Elementor Button Plus <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.6 July 5, 2026
fastbook-responsive-appointment-booking-and-scheduling-system fastbook-responsive-appointment-booking-and-scheduling-system
87
FastBook – Responsive Appointment Booking and Scheduling System <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1 July 5, 2026
essential-breadcrumbs essential-breadcrumbs
89
Essential Breadcrumbs <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.1 July 5, 2026
donate-me donate-me
93
Donate Me <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.2.5 1.3.0 July 5, 2026
devnex-addons-for-elementor devnex-addons-for-elementor
89
Devnex Addons For Elementor <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.0.9 July 5, 2026
dancepress-trwa dancepress-trwa
91
DancePress (TRWA) <= 3.1.11 - Cross-Site Request Forgery LOW *-3.1.11 July 5, 2026
cultbooking-booking-engine cultbooking-booking-engine
91
CultBooking Hotel Booking Engine <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-2.1 July 5, 2026
cpt-to-map-store cpt-to-map-store
91
Custom Post Type to Map Store <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting LOW *-1.1.0 July 5, 2026
cowidgets-elementor-addons cowidgets-elementor-addons
87
Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.2.0 July 5, 2026
countdown-timer-for-elementor countdown-timer-for-elementor
91
Countdown Timer for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.3.6 1.3.7 July 5, 2026
cosmosfarm-share-buttons cosmosfarm-share-buttons
91
소셜 공유 버튼 By 코스모스팜 <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-1.9 July 5, 2026
content-audit-exporter content-audit-exporter
91
Content Audit Exporter <= 1.1 - Unauthenticated Sensitive Information Exposure LOW *-1.1 July 5, 2026
chatter chatter
89
Chatter <= 1.0.1 - Missing Authorization LOW *-1.0.1 July 5, 2026
capitalize-my-title capitalize-my-title
91
Capitalize My Title <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-0.5.3 July 5, 2026
build-app-online build-app-online
85
Build App Online <= 1.0.22 - Cross-Site Request Forgery LOW *-1.0.22 July 5, 2026
LOW

s2member

s2member

Score: N/A s2Member (Pro) <= 241114 - Unauthenticated Remote Code Execution Affected: *-241114 Patched: 241216 Updated: July 5, 2026
LOW

revy

revy

Score: N/A Revy <= 1.18 - Unauthenticated SQL Injection Affected: *-1.18 Patched: Updated: July 5, 2026
LOW

revy

revy

Score: N/A Revy <= 1.18 - Unauthenticated Arbitrary File Upload Affected: *-1.18 Patched: Updated: July 5, 2026
LOW

postman-widget

postman-widget

Score: N/A Paloma Widget <= 1.14 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.14 Patched: Updated: July 5, 2026
LOW

pie-register-premium

pie-register-premium

Score: 93/100 Pie Register Premium < 3.8.3.3 - Unauthenticated Arbitrary File Upload Affected: [*, 3.8.3.3) Patched: 3.8.3.3 Updated: July 5, 2026
LOW

pie-register-premium

pie-register-premium

Score: 93/100 Pie Register Premium < 3.8.3.3 - Unauthenticated Cross-Site Scripting Affected: [*, 3.8.3.3) Patched: 3.8.3.3 Updated: July 5, 2026
LOW

nex-forms-express-wp-form-builder

nex-forms-express-wp-form-builder

Score: 93/100 NEX-Forms – Ultimate Form Builder <= 8.7.8 - Authenticated (Administrator+) SQL Injection Affected: *-8.7.8 Patched: 8.7.9 Updated: July 5, 2026
LOW

namaste-lms

namaste-lms

Score: 91/100 Namaste! LMS <= 2.6.4.1 - Cross-Site Request Forgery Affected: *-2.6.4.1 Patched: 2.6.5 Updated: July 5, 2026
LOW

my-auctions-allegro-free-edition

my-auctions-allegro-free-edition

Score: 89/100 My auctions allegro <= 3.6.17 - Reflected Cross-Site Scripting Affected: *-3.6.17 Patched: 3.6.18 Updated: July 5, 2026
LOW

magical-addons-for-elementor

magical-addons-for-elementor

Score: 93/100 Magical Addons For Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: 1.3.7 Updated: July 5, 2026
LOW

logs-de-connexion

logs-de-connexion

Score: 89/100 Connexion Logs <= 3.0.2 - Authenticated (Admin+) SQL Injection Affected: *-3.0.2 Patched: Updated: July 5, 2026
LOW

logs-de-connexion

logs-de-connexion

Score: 89/100 Connexion Logs <= 3.0.2 - Cross-Site Request Forgery to Log Deletion Affected: *-3.0.2 Patched: Updated: July 5, 2026
LOW

gs-pinterest-portfolio

gs-pinterest-portfolio

Score: 93/100 WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.8 Patched: 1.8.9 Updated: July 5, 2026
LOW

goodlayers-core

goodlayers-core

Score: 93/100 Goodlayers Core <= 2.0.7 - Reflected Cross-Site Scripting via 'font-family' Affected: *-2.0.7 Patched: 2.0.8 Updated: July 5, 2026
LOW

futurio-extra

futurio-extra

Score: 93/100 Futurio Extra <= 2.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_size tag Affected: *-2.0.14 Patched: 2.0.15 Updated: July 5, 2026
LOW

form-data-collector

form-data-collector

Score: 93/100 Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting Affected: *-2.2.3 Patched: 2.2.4 Updated: July 5, 2026
LOW

fat-services-booking

fat-services-booking

Score: 86/100 FAT Services Booking <= 5.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-5.6 Patched: Updated: July 5, 2026
LOW

fat-services-booking

fat-services-booking

Score: 86/100 FAT Services Booking <= 5.6 - Unauthenticated SQL Injection Affected: *-5.6 Patched: Updated: July 5, 2026
LOW

cs-element-bucket

cs-element-bucket

Score: 91/100 Advanced Element Bucket Addons for Elementor <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

Maspik – Ultimate Spam Protection

contact-forms-anti-spam

Score: 78/100 Maspik – Spam blacklist <= 2.2.7 - Cross-Site Request Forgery to Plugin Settings Change Affected: *-2.2.7 Patched: 2.2.8 Updated: July 5, 2026
LOW

cmsmasters-elementor-addon

cmsmasters-elementor-addon

Score: 93/100 CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Affected: *-1.14.7 Patched: 1.15.0 Updated: July 5, 2026
LOW

church-admin

church-admin

Score: 93/100 Church Admin <= 5.0.8 - Missing Authorization Affected: *-5.0.8 Patched: 5.0.9 Updated: July 5, 2026
LOW

captivatesync-trade

captivatesync-trade

Score: 93/100 Captivate Sync <= 2.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-2.0.22 Patched: 2.0.26 Updated: July 5, 2026
LOW

borderless

borderless

Score: 93/100 Borderless <= 1.5.8 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.5.8 Patched: 1.5.9 Updated: July 5, 2026
LOW

booking-system

booking-system

Score: 91/100 Pinpoint Booking System <= 2.9.9.5.1 - Authenticated (Subscriber+) SQL Injection Affected: *-2.9.9.5.1 Patched: 2.9.9.5.2 Updated: July 5, 2026
LOW

bold-page-builder

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.2.1 Patched: 5.2.2 Updated: July 5, 2026
LOW

bmlt-tabbed-map

bmlt-tabbed-map

Score: 93/100 BMLT Tabbed Map <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.8 Patched: 1.2.0 Updated: July 5, 2026
LOW

block-controller

block-controller

Score: 91/100 Block Controller <= 1.4.3 - Reflected Cross-Site Scripting Affected: *-1.4.3 Patched: Updated: July 5, 2026
LOW

beaver-builder-lite-version

beaver-builder-lite-version

Score: 93/100 Beaver Builder <= 2.8.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.4.3 Patched: 2.8.4.4 Updated: July 5, 2026
LOW

bdthemes-element-pack-lite

bdthemes-element-pack-lite

Score: 93/100 Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget Affected: *-5.10.5 Patched: 5.10.6 Updated: July 5, 2026
LOW

bakkbone-florist-companion

bakkbone-florist-companion

Score: 93/100 FloristPress <= 7.3.0 - Missing Authorization to Sensitive Data Exposure Affected: *-7.3.0 Patched: 7.4.0 Updated: July 5, 2026
LOW

bakkbone-florist-companion

bakkbone-florist-companion

Score: 93/100 FloristPress <= 7.3.0 - Missing Authorization to Arbitrary Content Deletion Affected: *-7.3.0 Patched: 7.4.0 Updated: July 5, 2026
LOW

awesome-shortcodes

awesome-shortcodes

Score: 93/100 Awesome Shortcodes <= 1.7.2 - Reflected Cross-Site Scripting Affected: *-1.7.2 Patched: 1.7.3 Updated: July 5, 2026
LOW

arkhe-blocks

arkhe-blocks

Score: 95/100 Arkhe Blocks <= 2.27.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attributes Affected: *-2.27.0 Patched: 2.27.1 Updated: July 5, 2026
LOW

arforms

arforms

Score: 95/100 ARForms <= 6.4.1 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Read Affected: *-6.4.1 Patched: Updated: July 5, 2026
LOW

arforms

arforms

Score: 95/100 ARForms <= 6.4.1 - Missing Authorization to Plugin Settings Change Affected: *-6.4.1 Patched: Updated: July 5, 2026
LOW

all-bootstrap-blocks

all-bootstrap-blocks

Score: 97/100 All Bootstrap Blocks <= 1.3.19 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.3.19 Patched: 1.3.20 Updated: July 5, 2026
LOW

aio-contact

aio-contact

Score: 95/100 AIO Contact <= 2.8.1 - Missing Authorization Affected: *-2.8.1 Patched: Updated: July 5, 2026
LOW

aio-contact

aio-contact

Score: 95/100 AIO Contact <= 2.8.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.8.1 Patched: Updated: July 5, 2026
LOW

aco-product-labels-for-woocommerce

aco-product-labels-for-woocommerce

Score: 97/100 Product Labels For Woocommerce <= 1.5.8 - Authenticated (Administrator+) SQL Injection Affected: *-1.5.8 Patched: 1.5.9 Updated: July 5, 2026
LOW

dp-intro-tours

dp-intro-tours

Score: 93/100 Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting Affected: *-6.5.2 Patched: 6.5.3 Updated: July 5, 2026
LOW

sassy-social-share

sassy-social-share

Score: N/A Social Sharing Plugin – Sassy Social Share <= 3.3.69 - Reflected Cross-Site Scripting via heateor_mastodon_share Parameter Affected: *-3.3.69 Patched: 3.3.70 Updated: July 5, 2026
LOW

watu

watu

Score: N/A Watu Quiz <= 3.4.1.2 - Authenticated (Contributor+) SQL Injection Affected: *-3.4.1.2 Patched: 3.4.1.3 Updated: July 5, 2026
LOW

maxbuttons

maxbuttons

Score: 93/100 WordPress Button Plugin MaxButtons <= 9.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Button Width Affected: *-9.8.0 Patched: 9.8.1 Updated: July 5, 2026
LOW

maxbuttons

maxbuttons

Score: 93/100 WordPress Button Plugin MaxButtons <= 9.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Text Color Affected: *-9.8.0 Patched: 9.8.1 Updated: July 5, 2026
LOW

lenxel-core

lenxel-core

Score: 89/100 Lenxel Core <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.5 Patched: Updated: July 5, 2026
LOW

lenxel-core

lenxel-core

Score: 89/100 Lenxel Core <= 1.2.5 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.2.5 Patched: Updated: July 5, 2026
LOW

gtpayment-donation

gtpayment-donation

Score: 91/100 GTPayment Donations <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

edoc-easy-tables

edoc-easy-tables

Score: 89/100 eDoc Easy Tables <= 1.29 - Cross-Site Request Forgery to SQL Injection Affected: *-1.29 Patched: Updated: July 5, 2026
LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.02 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.3.02 Patched: 3.3.03 Updated: July 5, 2026
LOW

cryout-serious-slider

cryout-serious-slider

Score: 93/100 Serious Slider <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.2.6 Patched: 1.2.7 Updated: July 5, 2026
LOW

znajdz-prace-z-pracapl

znajdz-prace-z-pracapl

Score: N/A Znajdź Pracę z Praca.pl <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.3 Patched: Updated: July 5, 2026
LOW

yahoo-media-player

yahoo-media-player

Score: N/A Yahoo! WebPlayer <= 2.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.6 Patched: Updated: July 5, 2026
LOW

wp-revisions-manager

wp-revisions-manager

Score: N/A WP Revisions Manager <= 1.0.2 - Cross-Site Request Forgery Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

wp-mermaid

wp-mermaid

Score: N/A WP Mermaid <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

wp-mathjax-plus

wp-mathjax-plus

Score: N/A WP MathJax <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

wp-find-your-nearest

wp-find-your-nearest

Score: N/A WP Find Your Nearest <= 0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.3.1 Patched: Updated: July 5, 2026
LOW

woocommerce-ultimate-gift-card

woocommerce-ultimate-gift-card

Score: N/A WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates < 2.9.1 - Reflected Cross-Site Scripting Affected: [*, 2.9.1) Patched: 2.9.1 Updated: July 5, 2026
LOW

video-player-for-wpbakery

video-player-for-wpbakery

Score: N/A Video Player for WPBakery <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: July 5, 2026
LOW

vertical-carousel-slider

vertical-carousel-slider

Score: N/A Vertical Carousel <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

uber-grid

uber-grid

Score: N/A WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.1.7 Patched: Updated: July 5, 2026
LOW

third-party-cookie-eraser

third-party-cookie-eraser

Score: N/A Third Party Cookie Eraser <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.2 Patched: Updated: July 5, 2026
LOW

spatialmatch-free-lifestyle-search

spatialmatch-free-lifestyle-search

Score: N/A SpatialMatch IDX <= 3.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-3.0.9 Patched: Updated: July 5, 2026
LOW

sparkle-elementor-kit

sparkle-elementor-kit

Score: N/A Sparkle Elementor Kit <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.9 Patched: Updated: July 5, 2026
LOW

softtemplates-for-elementor

softtemplates-for-elementor

Score: N/A Softtemplates For Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.8 Patched: Updated: July 5, 2026
LOW

smart-marketing-for-wp

smart-marketing-for-wp

Score: N/A Smart Marketing SMS and Newsletters Forms <= 5.0.4 - Missing Authorization Affected: *-5.0.4 Patched: 5.0.5 Updated: July 5, 2026
LOW

skyboot-portfolio-gallery

skyboot-portfolio-gallery

Score: N/A Elementor Image Gallery Plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.5 Patched: 1.0.6 Updated: July 5, 2026
LOW

simpleschema-free

simpleschema-free

Score: N/A SimpleSchema <= 1.7.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.6.9 Patched: Updated: July 5, 2026
LOW

simple-popup-plugin

simple-popup-plugin

Score: N/A Simple Popup <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.6 Patched: Updated: July 5, 2026
LOW

simple-header-and-footer

simple-header-and-footer

Score: N/A Simple Header and Footer <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: July 5, 2026
LOW

rccp-free

rccp-free

Score: N/A RingCentral Communications <= 1.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.6.1 Patched: Updated: July 5, 2026
LOW

random-banner

random-banner

Score: N/A Random Banner <= 4.2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.2.11 Patched: Updated: July 5, 2026
LOW

posti-shipping

posti-shipping

Score: N/A Posti Shipping <= 3.10.2 - Full Path Disclosure Affected: *-3.10.2 Patched: 3.10.3 Updated: July 5, 2026
LOW

post-carousel-slider-for-elementor

post-carousel-slider-for-elementor

Score: 91/100 Post Carousel Slider for Elementor <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.5.0 Patched: 1.6.0 Updated: July 5, 2026
LOW

pixobe-cartography

pixobe-cartography

Score: 89/100 Pixobe Cartography <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

photo-video-store

photo-video-store

Score: 89/100 Photo Video Store <= 21.07 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-21.07 Patched: Updated: July 5, 2026
LOW

paypal-responder

paypal-responder

Score: 91/100 PayPal Responder <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: July 5, 2026
LOW

out-of-stock-badge

out-of-stock-badge

Score: 91/100 Out Of Stock Badge <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-site Scripting Affected: *-1.3.1 Patched: Updated: July 5, 2026
LOW

ni-woocommerce-cost-of-goods

ni-woocommerce-cost-of-goods

Score: 93/100 Ni WooCommerce Cost Of Goods <= 3.2.8 - Authenticated (Administrator+) SQL Injection Affected: *-3.2.8 Patched: 3.2.9 Updated: July 5, 2026
LOW

multilevel-referral-plugin-for-woocommerce

multilevel-referral-plugin-for-woocommerce

Score: 93/100 Multilevel Referral Affiliate Plugin for WooCommerce <= 2.27 - Reflected Cross-Site Scripting Affected: *-2.27 Patched: 2.28 Updated: July 5, 2026
LOW

mins-to-read

mins-to-read

Score: 91/100 Mins To Read <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.2 Patched: Updated: July 5, 2026
LOW

mail-picker

mail-picker

Score: 93/100 Mail Picker <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.15 Patched: 1.0.16 Updated: July 5, 2026
LOW

load-more-posts

load-more-posts

Score: 91/100 Load More Posts <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.4.0 Patched: Updated: July 5, 2026
LOW

fd-elementor-button-plus

fd-elementor-button-plus

Score: 91/100 Elementor Button Plus <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: Updated: July 5, 2026
LOW

fastbook-responsive-appointment-booking-and-scheduling-system

fastbook-responsive-appointment-booking-and-scheduling-system

Score: 87/100 FastBook – Responsive Appointment Booking and Scheduling System <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

essential-breadcrumbs

essential-breadcrumbs

Score: 89/100 Essential Breadcrumbs <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.1 Patched: Updated: July 5, 2026
LOW

donate-me

donate-me

Score: 93/100 Donate Me <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.2.5 Patched: 1.3.0 Updated: July 5, 2026
LOW

devnex-addons-for-elementor

devnex-addons-for-elementor

Score: 89/100 Devnex Addons For Elementor <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: Updated: July 5, 2026
LOW

dancepress-trwa

dancepress-trwa

Score: 91/100 DancePress (TRWA) <= 3.1.11 - Cross-Site Request Forgery Affected: *-3.1.11 Patched: Updated: July 5, 2026
LOW

cultbooking-booking-engine

cultbooking-booking-engine

Score: 91/100 CultBooking Hotel Booking Engine <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.1 Patched: Updated: July 5, 2026
LOW

cpt-to-map-store

cpt-to-map-store

Score: 91/100 Custom Post Type to Map Store <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: July 5, 2026
LOW

cowidgets-elementor-addons

cowidgets-elementor-addons

Score: 87/100 Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: July 5, 2026
LOW

countdown-timer-for-elementor

countdown-timer-for-elementor

Score: 91/100 Countdown Timer for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: 1.3.7 Updated: July 5, 2026
LOW

cosmosfarm-share-buttons

cosmosfarm-share-buttons

Score: 91/100 소셜 공유 버튼 By 코스모스팜 <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.9 Patched: Updated: July 5, 2026
LOW

content-audit-exporter

content-audit-exporter

Score: 91/100 Content Audit Exporter <= 1.1 - Unauthenticated Sensitive Information Exposure Affected: *-1.1 Patched: Updated: July 5, 2026
LOW

chatter

chatter

Score: 89/100 Chatter <= 1.0.1 - Missing Authorization Affected: *-1.0.1 Patched: Updated: July 5, 2026
LOW

capitalize-my-title

capitalize-my-title

Score: 91/100 Capitalize My Title <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.5.3 Patched: Updated: July 5, 2026
LOW

build-app-online

build-app-online

Score: 85/100 Build App Online <= 1.0.22 - Cross-Site Request Forgery Affected: *-1.0.22 Patched: Updated: July 5, 2026

Showing 14901 to 15000 of 36406 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: July 5, 2026 at 19:47 UTC.