Known Plugin Vulnerabilities
Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.
Open Vulnerabilities
11439Across tracked plugins
Affected Plugins
57With open vulnerabilities
Critical / High
0Require immediate attention
Recently Updated
0In the last 30 days
Vulnerability List
Export CSV| Plugin | Slug | Score | Vulnerability | CVE ID | Severity | Affected Versions | Patched | Updated |
|---|---|---|---|---|---|---|---|---|
| asset-manager | asset-manager |
95
|
Asset Manager <= 0.3 - Arbitrary File Upload | LOW | *-0.3 | July 5, 2026 | ||
| Events Manager – Calendar, Bookings, Tickets, and more! | events-manager |
78
|
Events Manager < 5.1.7 - Cross-Site Scripting | LOW | [*, 5.1.7) | 5.1.7 | July 5, 2026 | |
| forum-server | forum-server |
89
|
WP Forum Server <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting | LOW | *-1.7.3 | 1.7.4 | July 5, 2026 | |
| forum-server | forum-server |
89
|
WP Forum Server < 1.7.5 - Cross-Site Scripting | LOW | [*, 1.7.5) | 1.7.5 | July 5, 2026 | |
| forum-server | forum-server |
89
|
WP Forum Server < 1.7.4 - SQL Injection | LOW | [*, 1.7.4) | 1.7.4 | July 5, 2026 | |
| flash-album-gallery | flash-album-gallery |
91
|
Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 1.72 - Reflected Cross-Site Scripting | LOW | *-1.72 | 1.73 | July 5, 2026 | |
| ezpz-one-click-backup | ezpz-one-click-backup |
89
|
EZPZ One Click Backup <= 12.03.10 - Cross-Site Scripting | LOW | *-12.03.10 | July 5, 2026 | ||
| dynamic-widgets | dynamic-widgets |
93
|
Dynamic Widgets <= 1.5.1 - Cross Site Scripting | LOW | *-1.5.1 | 1.5.2 | July 5, 2026 | |
| custom-contact-forms | custom-contact-forms |
93
|
Custom Contact Forms Plugin <= 5.1.0.2 - Reflected Cross-Site Scripting | LOW | [*, 5.1.0.3) | 5.1.0.3 | July 5, 2026 | |
| catablog | catablog |
89
|
CataBlog < 1.6.3 - Reflected Cross-Site Scripting | LOW | [*, 1.6.3) | 1.6.3 | July 5, 2026 | |
| BulletProof Security | bulletproof-security |
68
|
BulletProof Security < .47.1 - Reflected Cross-Site Scripting | LOW | [*, .47.1) | .47.1 | July 5, 2026 | |
| Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | better-wp-security |
92
|
iThemes Security < 3.2.5 - Cross-Site Scripting | LOW | [*, 3.2.5) | 3.2.5 | July 5, 2026 | |
| Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | better-wp-security |
92
|
Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting | LOW | *-3.2.4 | 3.2.5 | July 5, 2026 | |
| bad-behavior | bad-behavior |
93
|
Bad Behavior < 2.0.47 & 2.2.0 - 2.2.4 - Cross-Site Scripting | LOW | [*, 2.0.47), [2.2.0, 2.2.5) | 2.0.47 | July 5, 2026 | |
| 2-click-socialmedia-buttons | 2-click-socialmedia-buttons |
97
|
2 Click Social Media Buttons <= 0.33 - Multiple Cross-Site Scripting | LOW | *-0.33 | 0.34 | July 5, 2026 | |
| 2-click-socialmedia-buttons | 2-click-socialmedia-buttons |
97
|
2 Click Social Media Buttons < 0.34 - Cross-Site Scripting | LOW | [*, 0.34) | 0.34 | July 5, 2026 | |
| all-in-one-event-calendar | all-in-one-event-calendar |
97
|
Timely All-in-One Events Calendar < 1.6 - Cross-Site Scripting | LOW | [*, 1.6) | 1.6 | July 5, 2026 | |
| another-wordpress-classifieds-plugin | another-wordpress-classifieds-plugin |
97
|
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload | LOW | [*, 2.0) | 2.0 | July 5, 2026 | |
| deans-fckeditor-with-pwwangs-code-plugin-for-wordpress | deans-fckeditor-with-pwwangs-code-plugin-for-wordpress |
91
|
Dean's FCKEditor <= 1.0.0 - Arbitrary File Upload | LOW | *-1.0.0 | July 5, 2026 | ||
| buddypress | buddypress |
93
|
BuddyPress - 1.5-1.5.4 - SQL Injection | LOW | 1.5-1.5.4 | 1.5.5 | July 5, 2026 | |
| cms-tree-page-view | cms-tree-page-view |
93
|
CMS Tree Page View < 0.8.9 - Cross-Site Scripting | LOW | [*, 0.8.9) | 0.8.9 | July 5, 2026 | |
| 404like | 404like |
97
|
404like <= 1.0 - SQL Injection | LOW | *-1.0 | 1.0.2 | July 5, 2026 | |
| allwebmenus-wordpress-menu-plugin | allwebmenus-wordpress-menu-plugin |
97
|
AllWebMenus WordPress Menu Plugin <= 1.1.8 - Arbitrary File Upload | LOW | *-1.1.8 | 1.1.9 | July 5, 2026 | |
| allwebmenus-wordpress-menu-plugin | allwebmenus-wordpress-menu-plugin |
97
|
AllWebMenus WordPress Menu Plugin < 1.1.9 - Arbitrary File Upload | LOW | [*, 1.1.9) | 1.1.9 | July 5, 2026 | |
| count-per-day | count-per-day |
93
|
Count per Day <= 3.1 - Arbitrary File Download | LOW | *-3.1 | 3.1.1 | July 5, 2026 | |
| age-verification | age-verification |
97
|
Age Verification <= 0.4 - Open Redirect | LOW | *-0.4 | 0.5 | July 5, 2026 | |
| blaze-slide-show-for-wordpress | blaze-slide-show-for-wordpress |
91
|
Blaze Slideshow <= 2.4 - Arbitrary File Upload | LOW | *-2.4 | 2.6 | July 5, 2026 | |
| connections | connections |
91
|
Connections Business Directory < 0.7.1.6 - Authorization Bypass | LOW | *-0.7.1.5 | 0.7.1.6 | July 5, 2026 | |
| absolute-privacy | absolute-privacy |
95
|
Absolute Privacy <= 2.0.5 - Authentication Bypass | LOW | *-2.0.5 | 2.0.6 | July 5, 2026 | |
| disqus-comment-system | disqus-comment-system |
93
|
Disqus Comment System < 2.68 - Reflected Cross-Site Scripting | LOW | [*, 2.68) | 2.68 | July 5, 2026 | |
| flash-album-gallery | flash-album-gallery |
91
|
Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 1.57 - Cross-Site Scripting | LOW | [*, 1.57) | 1.57 | July 5, 2026 | |
| 1-jquery-photo-gallery-slideshow-flash | 1-jquery-photo-gallery-slideshow-flash |
95
|
ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 <= 1.11 - Reflected Cross-Site Scripting | LOW | *-1.11 | July 5, 2026 | ||
| featurific-for-wordpress | featurific-for-wordpress |
91
|
Featurific For WordPress <= 1.6.2 - Cross-Site Scripting | LOW | *-1.6.2 | July 5, 2026 | ||
| clickdesk-live-support-chat-plugin | clickdesk-live-support-chat-plugin |
91
|
Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 2.0 - Cross-Site Scripting | LOW | *-2.0 | 3.0 | July 5, 2026 | |
| alert-before-your-post | alert-before-your-post |
95
|
Alert Before Your Post <= 0.1.1 - Cross-Site Scripting | LOW | *-0.1.1 | July 5, 2026 | ||
| flexible-custom-post-type | flexible-custom-post-type |
93
|
Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting | LOW | [*, 0.1.7) | 0.1.7 | July 5, 2026 | |
| AdRotate Banner Manager | adrotate |
74
|
AdRotate – Ad manager & AdSense Ads < 3.6.8 - SQL Injection | LOW | [*, 3.6.8) | 3.6.8 | July 5, 2026 | |
| allwebmenus-wordpress-menu-plugin | allwebmenus-wordpress-menu-plugin |
97
|
AllWebMenus WordPress Menu Plugin <= 1.1.3 - Remote File Inclusion | LOW | *-1.1.3 | 1.1.4 | July 5, 2026 | |
| eventify | eventify |
91
|
Eventify - Simple Events <= 1.7.f - SQL Injection via eventid | LOW | * - 1.7.f | 1.7.g | July 5, 2026 | |
| category-list-portfolio-page | category-list-portfolio-page |
91
|
TimThumb <= 1.33 - Remote File Download | LOW | * | July 5, 2026 | ||
| eshop | eshop |
89
|
eShop < 6.2.9 - Reflected Cross-Site Scripting | LOW | [*, 6.2.9) | 6.2.9 | July 5, 2026 | |
| addthis | addthis |
97
|
WordPress Share Buttons Plugin – AddThis < 2.2.0 - Code Injection | LOW | [*, 2.2.0) | 2.2.0 | July 5, 2026 | |
| BackWPup – WordPress Backup & Restore Plugin | backwpup |
96
|
BackWPup <= 1.7.1 - Remote File Inclusion | LOW | *-1.7.1 | 1.7.2 | July 5, 2026 | |
| BackWPup – WordPress Backup & Restore Plugin | backwpup |
96
|
BackWPup – WordPress Backup Plugin < 1.4.1 - Directory Traversal | LOW | [*, 1.4.1) | 1.4.1 | July 5, 2026 | |
| forum-server | forum-server |
89
|
WP Forum Server <= 1.6.5 - SQL Injection | LOW | *-1.6.5 | 1.6.6 | July 5, 2026 | |
| cdnvote | cdnvote |
93
|
CDN Vote < 0.4.2 - SQL Injection | LOW | [*, 0.4.2) | 0.4.2 | July 5, 2026 | |
| embedded-video-with-link | embedded-video-with-link |
91
|
Embedded Video <= 4.1 - Cross-Site Scripting | LOW | *-4.1 | July 5, 2026 | ||
| cforms2 | cforms2 |
93
|
CformsII <= 14.10.1 - CAPTCHA Bypass | LOW | *-14.10.1 | 14.11 | July 5, 2026 | |
| event-registration | event-registration |
93
|
Event Registration < 6.00.03 - SQL Injection | LOW | [*, 6.00.03) | 6.00.03 | July 5, 2026 | |
| feedlist | feedlist |
93
|
FeedList <= 2.61.03 - Reflected Cross-Site Scripting | LOW | *-2.61.03 | 2.70.00 | July 5, 2026 | |
| cforms2 | cforms2 |
93
|
CformsII <=11.5 - Cross-Site Scripting | LOW | *-11.5 | 11.6.1 | July 5, 2026 | |
| cpl | cpl |
91
|
Copperleaf Photolog <= 0.16- SQL injection | LOW | *-0.16 | July 5, 2026 | ||
| dm-albums | dm-albums |
91
|
DM Albums <= 1.9.2 - Remote File Inclusion | LOW | *-1.9.2 | 1.9.3 | July 5, 2026 | |
| firestats | firestats |
93
|
FireStats <1.6.2 - SQL Injection | LOW | [*, 1.6.2) | 1.6.2 | July 5, 2026 | |
| firestats | firestats |
93
|
FireStats < 1.6.2 - Remote File Inclusion | LOW | [*, 1.6.2) | 1.6.2 | July 5, 2026 | |
| fmoblog | fmoblog |
91
|
fMoblog <= 2.1 - SQL Injection | LOW | *-2.1 | July 5, 2026 | ||
| downloads-manager | downloads-manager |
91
|
Downloads Manager <= 0.2 - Arbitrary File Upload | LOW | *-0.2 | July 5, 2026 | ||
| download-monitor | download-monitor |
93
|
Download Monitor <= 2.0.6 - Unauthenticated SQL Injection | LOW | *-2.0.6 | 2.0.9 | July 5, 2026 | |
| dmsguestbook | dmsguestbook |
91
|
DMSGuestbook < 1.9.0 - Cross-Site Scripting | LOW | [*, 1.9.0) | 1.9.0 | July 5, 2026 | |
| dmsguestbook | dmsguestbook |
91
|
DMSGuestbook <= 1.8.0 - Directory Traversal | LOW | *-1.8.0 | 1.8.1 | July 5, 2026 | |
| dmsguestbook | dmsguestbook |
91
|
DMSGuestbook < 1.9.0 - Cross-Site Scripting | LOW | [*, 1.9.0) | 1.9.0 | July 5, 2026 | |
| dmsguestbook | dmsguestbook |
91
|
DMSGuestbook <= 1.7.0 - SQL Injection | LOW | * | July 5, 2026 | ||
| fgallery | fgallery |
93
|
fGallery 2.4.1 - SQL injection | LOW | *-2.4.1 | 2.4.2 | July 5, 2026 | |
| adserve | adserve |
97
|
AdServe < 0.3 - SQL Injection | LOW | *-0.2 | 0.3 | July 5, 2026 | |
| cryptographp | cryptographp |
91
|
Cryptographp <= 1.2 - Cross-Site Scripting | LOW | *-1.2 | July 5, 2026 | ||
| captcha-offrepo | captcha-offrepo |
93
|
Captcha! <= 2.5d - Cross-Site Scripting | LOW | * - 2.5d | 2.6 | July 5, 2026 | |
| backupwordpress | backupwordpress |
93
|
BackUpWordPress <= 0.4.2b - Remote File Inclusion | LOW | [*, 0.4.3) | 0.4.3 | July 5, 2026 | |
| feedburner-feedsmith | feedburner-feedsmith |
93
|
FeedBurner FeedSmith <= 2.2 - Cross-Site Request Forgery | LOW | *-2.2 | 2.3 | July 5, 2026 | |
| feedstats-de | feedstats-de |
93
|
FeedStats < 2.4 - Cross-Site Scripting | LOW | [*, 2.4) | 2.4 | July 5, 2026 | |
| adsense-deluxe | adsense-deluxe |
95
|
AdSense-Deluxe <= 0.8 - Cross-Site Request Forgery | LOW | *-0.8 | July 5, 2026 | ||
| Akismet Anti-spam: Spam Protection | akismet |
92
|
Akismet Spam Protection < 2.0.2 - Cross-Site Scripting | LOW | *-2.0.1 | 2.0.2 | July 5, 2026 |
asset-manager
asset-manager
Events Manager – Calendar, Bookings, Tickets, and more!
events-manager
forum-server
forum-server
forum-server
forum-server
forum-server
forum-server
flash-album-gallery
flash-album-gallery
ezpz-one-click-backup
ezpz-one-click-backup
dynamic-widgets
dynamic-widgets
custom-contact-forms
custom-contact-forms
catablog
catablog
BulletProof Security
bulletproof-security
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection
better-wp-security
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection
better-wp-security
bad-behavior
bad-behavior
2-click-socialmedia-buttons
2-click-socialmedia-buttons
2-click-socialmedia-buttons
2-click-socialmedia-buttons
all-in-one-event-calendar
all-in-one-event-calendar
another-wordpress-classifieds-plugin
another-wordpress-classifieds-plugin
deans-fckeditor-with-pwwangs-code-plugin-for-wordpress
deans-fckeditor-with-pwwangs-code-plugin-for-wordpress
buddypress
buddypress
cms-tree-page-view
cms-tree-page-view
404like
404like
allwebmenus-wordpress-menu-plugin
allwebmenus-wordpress-menu-plugin
allwebmenus-wordpress-menu-plugin
allwebmenus-wordpress-menu-plugin
count-per-day
count-per-day
age-verification
age-verification
blaze-slide-show-for-wordpress
blaze-slide-show-for-wordpress
connections
connections
absolute-privacy
absolute-privacy
disqus-comment-system
disqus-comment-system
flash-album-gallery
flash-album-gallery
1-jquery-photo-gallery-slideshow-flash
1-jquery-photo-gallery-slideshow-flash
featurific-for-wordpress
featurific-for-wordpress
clickdesk-live-support-chat-plugin
clickdesk-live-support-chat-plugin
alert-before-your-post
alert-before-your-post
flexible-custom-post-type
flexible-custom-post-type
AdRotate Banner Manager
adrotate
allwebmenus-wordpress-menu-plugin
allwebmenus-wordpress-menu-plugin
eventify
eventify
category-list-portfolio-page
category-list-portfolio-page
eshop
eshop
addthis
addthis
BackWPup – WordPress Backup & Restore Plugin
backwpup
BackWPup – WordPress Backup & Restore Plugin
backwpup
forum-server
forum-server
cdnvote
cdnvote
embedded-video-with-link
embedded-video-with-link
cforms2
cforms2
event-registration
event-registration
feedlist
feedlist
cforms2
cforms2
cpl
cpl
dm-albums
dm-albums
firestats
firestats
firestats
firestats
fmoblog
fmoblog
downloads-manager
downloads-manager
download-monitor
download-monitor
dmsguestbook
dmsguestbook
dmsguestbook
dmsguestbook
dmsguestbook
dmsguestbook
dmsguestbook
dmsguestbook
fgallery
fgallery
adserve
adserve
cryptographp
cryptographp
captcha-offrepo
captcha-offrepo
backupwordpress
backupwordpress
feedburner-feedsmith
feedburner-feedsmith
feedstats-de
feedstats-de
adsense-deluxe
adsense-deluxe
Akismet Anti-spam: Spam Protection
akismet
Showing 11401 to 11471 of 11439 results
Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.
Data updated daily from trusted sources. Last updated: July 5, 2026 at 20:45 UTC.