Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36190

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
download-monitor	download-monitor	93	Download Monitor <= 5.1.8 - Authenticated (Contributor+) SQL Injection	LOW	*-5.1.8	5.1.9	June 29, 2026
conditional-menus	conditional-menus	93	Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update	LOW	*-1.2.6	1.2.7	June 29, 2026
Complianz \| GDPR/CCPA Cookie Consent	complianz-gdpr	93	Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter	LOW	*-7.4.4.2	7.4.5	June 29, 2026
blackhole-bad-bots	blackhole-bad-bots	93	Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header	LOW	*-3.8	3.8.1	June 29, 2026
Booking for Appointments and Events Calendar – Amelia	ameliabooking	97	Amelia <= 2.1.1 - Authenticated (Custom role+) SQL Injection	LOW	*-2.1.1	2.1.2	June 29, 2026
wp-graphql	wp-graphql	N/A	WPGraphQL <= 2.9.1 - Missing Authorization	LOW	*-2.9.1	2.10	June 29, 2026
shapepress-dsgvo	shapepress-dsgvo	N/A	WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users	LOW	*-3.1.38	3.1.39	June 29, 2026
jet-engine	jet-engine	93	JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter	LOW	*-3.8.6.1	3.8.6.2	June 29, 2026
woo-product-filter	woo-product-filter	N/A	Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE	LOW	*-3.1.2	3.1.3	June 29, 2026
sfwd-lms	sfwd-lms	N/A	LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter	LOW	*-5.0.3	5.0.3.1	June 29, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	user-registration	N/A	User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation	LOW	*-5.1.4	5.1.5	June 29, 2026
contest-gallery	contest-gallery	93	Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion	LOW	*-28.1.5	28.1.6	June 29, 2026
woo-custom-product-addons-pro	woo-custom-product-addons-pro	N/A	Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula	LOW	*-5.4.1	5.4.2	June 29, 2026
jupiterx-core	jupiterx-core	93	JupiterX Core <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import	LOW	*-4.14.1	4.14.2	June 29, 2026
wp-job-portal	wp-job-portal	N/A	WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter	LOW	*-2.4.8	2.4.9	June 29, 2026
quiz-master-next	quiz-master-next	N/A	Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter	LOW	*-10.3.5	11.0.0	June 29, 2026
learnpress	learnpress	93	LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion	LOW	*-4.3.2.8	4.3.3	June 29, 2026
smart-custom-fields	smart-custom-fields	N/A	Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search	LOW	*-5.0.6	5.0.7	June 29, 2026
yml-for-yandex-market	yml-for-yandex-market	N/A	YML for Yandex Market < 5.3.0 - Authenticated (Shop Manager+) Arbitrary File Deletion	LOW	[*, 5.3.0)	5.3.0	June 29, 2026
wptelegram-widget	wptelegram-widget	N/A	WP Telegram Widget and Join Link <= 2.2.13 - Reflected Cross-Site Scripting	LOW	*-2.2.13	2.2.14	June 29, 2026
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More	wpforms-lite	70	WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More <= 1.9.8.7 - Unauthenticated Sensitive Information Exposure	LOW	*-1.9.8.7	1.9.9.2	June 29, 2026
wpcargo	wpcargo	N/A	WPCargo Track & Trace <= 8.0.2 - Missing Authorization	LOW	*-8.0.2		June 29, 2026
wpbookit-pro	wpbookit-pro	N/A	WPBookit Pro <= 1.6.18 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-1.6.18		June 29, 2026
wpbookit-pro	wpbookit-pro	N/A	WPBookit Pro <= 1.6.18 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.6.18		June 29, 2026
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration	wp-user-frontend	N/A	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization	LOW	*-4.2.8	4.2.9	June 29, 2026
wp-tripadvisor-review-slider	wp-tripadvisor-review-slider	N/A	WP TripAdvisor Review Slider <= 14.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-14.1	14.2	June 29, 2026
WP REST Cache	wp-rest-cache	N/A	WP REST Cache <= 2026.1.0 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2026.1.0	2026.1.1	June 29, 2026
wp-jobsearch	wp-jobsearch	N/A	JobSearch WP Job Board <= 3.2.0 - Reflected Cross-Site Scripting	LOW	*-3.2.0	3.2.2	June 29, 2026
wp-facebook-reviews	wp-facebook-reviews	N/A	WP Review Slider <= 13.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-13.9	14.0	June 29, 2026
wp-courses	wp-courses	N/A	WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.26 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-3.2.26	3.2.27	June 29, 2026
wp-configurator-pro	wp-configurator-pro	N/A	WP Configurator Pro <= 3.7.9 - Missing Authorization	LOW	*-3.7.9	3.8.0	June 29, 2026
wp_estimation_form	wp_estimation_form	N/A	WP Cost Estimation < 10.3.0 - Missing Authorization	LOW	[*, 10.3.0)	10.3.0	June 29, 2026
woocommerce-currency-switcher	woocommerce-currency-switcher	N/A	FOX <= 1.4.5 - Authenticated (Shop manager+) SQL Injection	LOW	*-1.4.5	1.4.6	June 29, 2026
woo-product-filter	woo-product-filter	N/A	Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQL Injection	LOW	[*, 3.1.3)	3.1.3	June 29, 2026
weforms	weforms	N/A	weForms – Easy Drag & Drop Contact Form Builder For WordPress <= 1.6.26 - Unauthenticated PHP Object Injection	LOW	*-1.6.26	1.6.27	June 29, 2026
vk-all-in-one-expansion-unit	vk-all-in-one-expansion-unit	N/A	VK All in One Expansion Unit <= 9.113.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-9.113.3	9.113.4	June 29, 2026
vikrestaurants	vikrestaurants	N/A	VikRestaurants Table Reservations and Take-Away <= 1.5.2 - Reflected Cross-Site Scripting	LOW	*-1.5.2	1.5.3	June 29, 2026
user-verification	user-verification	N/A	User Verification by PickPlugins <= 2.0.45 - Missing Authorization	LOW	*-2.0.45	2.0.46	June 29, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	user-registration	N/A	User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder <= 4.4.9 - Unauthenticated Remote Code Execution	LOW	*-4.4.9	5.1.3	June 29, 2026
tutor-pro	tutor-pro	N/A	Tutor LMS Pro <= 3.9.8 - Missing Authorization	LOW	*-3.9.8	3.9.9	June 29, 2026
tlp-team	tlp-team	N/A	Team – Team Members Showcase Plugin <= 5.0.11 - Missing Authorization	LOW	*-5.0.11	5.0.12	June 29, 2026
themesflat-addons-for-elementor	themesflat-addons-for-elementor	N/A	themesflat-addons-for-elementor <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.3.2	2.3.3	June 29, 2026
the-grid	the-grid	N/A	The Grid < 2.8.0 - Missing Authorization	LOW	[*, 2.8.0)	2.8.0	June 29, 2026
the-grid	the-grid	N/A	The Grid < 2.8.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	[*, 2.8.0)	2.8.0	June 29, 2026
suretriggers	suretriggers	N/A	OttoKit <= 1.1.20 - Authenticated (Administrator+) SQL Injection	LOW	*-1.1.20	1.1.21	June 29, 2026
support-ticket-system-for-woocommerce	support-ticket-system-for-woocommerce	N/A	Helpdesk Support Ticket System for WooCommerce <= 2.1.2 - Missing Authorization	LOW	*-2.1.2	2.1.3	June 29, 2026
simply-gallery-block	simply-gallery-block	N/A	Mixed Media Gallery Blocks <= 3.3.2 - Authenticated (Contributor+) Remote Code Execution	LOW	*-3.3.2	3.3.2.1	June 29, 2026
salon-booking-plugin-pro	salon-booking-plugin-pro	N/A	Salon Booking System Pro < 10.30.12 - Missing Authorization	LOW	[*, 10.30.12)	10.30.12	June 29, 2026
rsfirewall	rsfirewall	N/A	RSFirewall! <= 1.1.45 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.1.45	1.1.46	June 29, 2026
review-schema	review-schema	N/A	Review Schema – Review & Structure Data Schema Plugin <= 2.2.6 - Authenticated (Subscriber+) Information Exposure	LOW	*-2.2.6	2.2.7	June 29, 2026
Five Star Restaurant Reservations – WordPress Booking Plugin	restaurant-reservations	N/A	Five Star Restaurant Reservations – WordPress Booking Plugin <= 2.7.9 - Missing Authorization	LOW	*-2.7.9	2.7.10	June 29, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid – User Profiles, Groups and Communities <= 5.9.8.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-5.9.8.1	5.9.8.2	June 29, 2026
products-file-upload-for-woocommerce	products-file-upload-for-woocommerce	N/A	Product File Upload for WooCommerce <= 2.2.4 - Unauthenticated Arbitrary File Deletion	LOW	*-2.2.4	2.2.5	June 29, 2026
password-protect-page	password-protect-page	N/A	PPWP – Password Protect Pages <= 1.9.15 - Missing Authorization	LOW	*-1.9.15	1.9.16	June 29, 2026
OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)	oopspam-anti-spam	N/A	OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.62 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.2.62	1.2.63	June 29, 2026
Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization	nelio-ab-testing	81	Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization <= 8.2.7 - Authenticated (Editor+) Remote Code Execution	LOW	*-8.2.7	8.2.8	June 29, 2026
naturalife-extensions	naturalife-extensions	N/A	NaturaLife Extensions <= 2.1 - Unauthenticated Local File Inclusion	LOW	*-2.1	2.2	June 29, 2026
naturalife-extensions	naturalife-extensions	N/A	NaturaLife Extensions <= 2.1 - Reflected Cross-Site Scripting	LOW	*-2.1	2.2	June 29, 2026
lead-form-builder	lead-form-builder	93	Lead Form Builder & Contact Form <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.0.1	2.0.2	June 29, 2026
LatePoint – Calendar Booking Plugin for Appointments and Events	latepoint	83	LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-5.2.6	5.2.7	June 29, 2026
kivicare-clinic-management-system	kivicare-clinic-management-system	93	KiviCare – Clinic & Patient Management System (EHR) <= 3.6.16 - Reflected Cross-Site Scripting	LOW	*-3.6.16	4.0.0	June 29, 2026
kivicare-clinic-management-system	kivicare-clinic-management-system	93	KiviCare – Clinic & Patient Management System (EHR) <= 3.6.16 - Missing Authorization	LOW	*-3.6.16	4.0.0	June 29, 2026
js-support-ticket	js-support-ticket	93	JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.3 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-3.0.3	3.0.4	June 29, 2026
jetformbuilder	jetformbuilder	93	JetFormBuilder — Dynamic Blocks Form Builder <= 3.5.6.1 - Authenticated (Contributor+) Remote Code Execution	LOW	*-3.5.6.1	3.5.6.2	June 29, 2026
insert-php	insert-php	93	Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts <= 2.7.1 - Authenticated (Contributor+) Remote Code Execution	LOW	*-2.7.1	2.7.2	June 29, 2026
indeed-membership-pro	indeed-membership-pro	93	Indeed Membership Pro <= 13.7 - Missing Authorization	LOW	*-13.7	13.7.1	June 29, 2026
gyan-elements	gyan-elements	93	Gyan Elements <= 2.2.1 - Reflected Cross-Site Scripting	LOW	*-2.2.1	2.2.2	June 29, 2026
form-maker	form-maker	93	Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder < 1.15.38 - Unauthenticated SQL Injection	LOW	[*, 1.15.38)	1.15.38	June 29, 2026
file-uploader-for-woocommerce	file-uploader-for-woocommerce	91	File Uploader for WooCommerce <= 1.0.4 - Unauthenticated Path Traversal	LOW	*-1.0.4		June 29, 2026
elementinvader-addons-for-elementor	elementinvader-addons-for-elementor	93	ElementInvader Addons for Elementor <= 1.4.2 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.4.2	1.4.3	June 29, 2026
dsgvo-leaflet-map	dsgvo-leaflet-map	93	DSGVO snippet for Leaflet Map and its Extensions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute	LOW	*-3.1	3.4	June 29, 2026
directorypress	directorypress	93	DirectoryPress <= 3.6.26 - Unauthenticated Information Exposure	LOW	*-3.6.26	3.6.27	June 29, 2026
contest-gallery	contest-gallery	93	Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.2.2 - Missing Authorization	LOW	*-28.1.2.2	28.1.3	June 29, 2026
contact-manager	contact-manager	91	Contact Manager <= 9.1 - Reflected Cross-Site Scripting	LOW	*-9.1	9.1.1	June 29, 2026
contact-form-to-email	contact-form-to-email	93	Contact Form Email <= 1.3.63 - Missing Authorization	LOW	*-1.3.63	1.3.64	June 29, 2026
commerce-coinbase-for-woocommerce	commerce-coinbase-for-woocommerce	91	Coinbase Commerce – Crypto Gateway for WooCommerce <= 1.6.6 - Missing Authorization	LOW	*-1.6.6		June 29, 2026
booking-and-rental-manager-for-woocommerce	booking-and-rental-manager-for-woocommerce	93	Booking and Rental Manager for Bike \| Car \| Resort \| Appointment \| Dress \| Equipment <= 2.6.0 - Missing Authorization	LOW	*-2.6.0	2.6.1	June 29, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder <= 2.10.1.2 - Authenticated (Contributor+) SQL Injection	LOW	*-2.10.1.2	2.10.1.5	June 29, 2026
bdthemes-element-pack-lite	bdthemes-element-pack-lite	93	Element Pack Elementor Addons <= 8.4.2 - Authenticated (Editor+) SQL Injection	LOW	*-8.4.2	8.5.0	June 29, 2026
addons-for-elementor-builder	addons-for-elementor-builder	97	Vertex Addons for Elementor <= 1.6.4 - Missing Authorization	LOW	*-1.6.4	1.7.0	June 29, 2026
addon-jobsearch-chat	addon-jobsearch-chat	97	Addon Jobsearch Chat <= 3.0 - Unauthenticated SQL Injection	LOW	*-3.0	3.1	June 29, 2026
addon-jobsearch-chat	addon-jobsearch-chat	97	Addon Jobsearch Chat <= 3.0 - Reflected Cross-Site Scripting	LOW	*-3.0	3.1	June 29, 2026
King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	king-addons	76	King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure	LOW	*-51.1.49	51.1.51	June 29, 2026
sina-extension-for-elementor	sina-extension-for-elementor	N/A	Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget`	LOW	*-3.7.0	3.7.1	June 29, 2026
reviewx	reviewx	N/A	ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure	LOW	*-2.2.12	2.3.0	June 29, 2026
reviewx	reviewx	N/A	ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Limited Remote Code Execution	LOW	*-2.2.12	2.3.0	June 29, 2026
reviewx	reviewx	N/A	ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export	LOW	*-2.2.12	2.3.0	June 29, 2026
reviewx	reviewx	N/A	ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation	LOW	*-2.2.10	2.2.12	June 29, 2026
WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters	wp-google-map-plugin	74	WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter	LOW	*-4.9.1	4.9.2	June 29, 2026
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms	simple-tags	70	TaxoPress <= 3.44.0 - Authenticated (Editor+) SQL Injection	LOW	*-3.44.0	3.45.0	June 29, 2026
Simple History – Track, Log, and Audit WordPress Changes	simple-history	77	Simple History <= 5.24.0 - Unauthenticated Information Exposure	LOW	*-5.24.0	5.24.1	June 29, 2026
post-expirator	post-expirator	N/A	Post Expirator <= 4.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.9.4	4.10.0	June 29, 2026
bus-ticket-booking-with-seat-reservation	bus-ticket-booking-with-seat-reservation	91	Bus Ticket Booking with Seat Reservation < 5.6.5 - Unauthenticated Information Exposure	LOW	[*, 5.6.5)	5.6.5	June 29, 2026
12-step-meeting-list	12-step-meeting-list	97	12 Step Meeting List <= 3.19.9 - Missing Authorization	LOW	*-3.19.9	3.19.10	June 29, 2026
12-step-meeting-list	12-step-meeting-list	97	12 Step Meeting List <= 3.19.9 - Unauthenticated Information Exposure	LOW	*-3.19.9	3.19.10	June 29, 2026
Yoast SEO – Advanced SEO with real-time guidance and built-in AI	wordpress-seo	89	Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute	LOW	*-27.1.1	27.2	June 29, 2026
WP Extended – The Ultimate WordPress Toolkit	wpextended	N/A	The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module	LOW	*-3.2.4	3.2.5	June 29, 2026
import-users-from-csv-with-meta	import-users-from-csv-with-meta	93	Import and export users and customers <= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields	LOW	*-1.29.7	2.0	June 29, 2026
tour-booking-manager	tour-booking-manager	N/A	WpTravelly <= 2.1.7 - Missing Authorization	LOW	*-2.1.7	2.1.8	June 29, 2026
jetformbuilder	jetformbuilder	93	JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field	LOW	*-3.5.6.2	3.5.6.3	June 29, 2026

LOW

download-monitor

Score: 93/100 Download Monitor <= 5.1.8 - Authenticated (Contributor+) SQL Injection Affected: *-5.1.8 Patched: 5.1.9 Updated: June 29, 2026

LOW

conditional-menus

Score: 93/100 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update Affected: *-1.2.6 Patched: 1.2.7 Updated: June 29, 2026

LOW

Complianz | GDPR/CCPA Cookie Consent

complianz-gdpr

Score: 93/100 Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter Affected: *-7.4.4.2 Patched: 7.4.5 Updated: June 29, 2026

LOW

blackhole-bad-bots

Score: 93/100 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header Affected: *-3.8 Patched: 3.8.1 Updated: June 29, 2026

LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Amelia <= 2.1.1 - Authenticated (Custom role+) SQL Injection Affected: *-2.1.1 Patched: 2.1.2 Updated: June 29, 2026

LOW

wp-graphql

Score: N/A WPGraphQL <= 2.9.1 - Missing Authorization Affected: *-2.9.1 Patched: 2.10 Updated: June 29, 2026

LOW

shapepress-dsgvo

Score: N/A WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users Affected: *-3.1.38 Patched: 3.1.39 Updated: June 29, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter Affected: *-3.8.6.1 Patched: 3.8.6.2 Updated: June 29, 2026

LOW

woo-product-filter

Score: N/A Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE Affected: *-3.1.2 Patched: 3.1.3 Updated: June 29, 2026

LOW

sfwd-lms

Score: N/A LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter Affected: *-5.0.3 Patched: 5.0.3.1 Updated: June 29, 2026

LOW

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Score: N/A User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation Affected: *-5.1.4 Patched: 5.1.5 Updated: June 29, 2026

LOW

Score: 93/100 Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion Affected: *-28.1.5 Patched: 28.1.6 Updated: June 29, 2026

LOW

woo-custom-product-addons-pro

Score: N/A Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula Affected: *-5.4.1 Patched: 5.4.2 Updated: June 29, 2026

LOW

jupiterx-core

Score: 93/100 JupiterX Core <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import Affected: *-4.14.1 Patched: 4.14.2 Updated: June 29, 2026

LOW

wp-job-portal

Score: N/A WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter Affected: *-2.4.8 Patched: 2.4.9 Updated: June 29, 2026

LOW

quiz-master-next

Score: N/A Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter Affected: *-10.3.5 Patched: 11.0.0 Updated: June 29, 2026

LOW

learnpress

Score: 93/100 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion Affected: *-4.3.2.8 Patched: 4.3.3 Updated: June 29, 2026

LOW

smart-custom-fields

Score: N/A Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search Affected: *-5.0.6 Patched: 5.0.7 Updated: June 29, 2026

LOW

yml-for-yandex-market

Score: N/A YML for Yandex Market < 5.3.0 - Authenticated (Shop Manager+) Arbitrary File Deletion Affected: [*, 5.3.0) Patched: 5.3.0 Updated: June 29, 2026

LOW

wptelegram-widget

Score: N/A WP Telegram Widget and Join Link <= 2.2.13 - Reflected Cross-Site Scripting Affected: *-2.2.13 Patched: 2.2.14 Updated: June 29, 2026

LOW

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

Score: 70/100 WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More <= 1.9.8.7 - Unauthenticated Sensitive Information Exposure Affected: *-1.9.8.7 Patched: 1.9.9.2 Updated: June 29, 2026

LOW

wpcargo

Score: N/A WPCargo Track & Trace <= 8.0.2 - Missing Authorization Affected: *-8.0.2 Patched: Updated: June 29, 2026

LOW

wpbookit-pro

Score: N/A WPBookit Pro <= 1.6.18 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.6.18 Patched: Updated: June 29, 2026

LOW

wpbookit-pro

Score: N/A WPBookit Pro <= 1.6.18 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.6.18 Patched: Updated: June 29, 2026

LOW

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration

wp-user-frontend

Score: N/A User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization Affected: *-4.2.8 Patched: 4.2.9 Updated: June 29, 2026

LOW

wp-tripadvisor-review-slider

Score: N/A WP TripAdvisor Review Slider <= 14.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-14.1 Patched: 14.2 Updated: June 29, 2026

LOW

WP REST Cache

wp-rest-cache

Score: N/A WP REST Cache <= 2026.1.0 - Unauthenticated Stored Cross-Site Scripting Affected: *-2026.1.0 Patched: 2026.1.1 Updated: June 29, 2026

LOW

wp-jobsearch

Score: N/A JobSearch WP Job Board <= 3.2.0 - Reflected Cross-Site Scripting Affected: *-3.2.0 Patched: 3.2.2 Updated: June 29, 2026

LOW

wp-facebook-reviews

Score: N/A WP Review Slider <= 13.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-13.9 Patched: 14.0 Updated: June 29, 2026

LOW

wp-courses

Score: N/A WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.26 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.2.26 Patched: 3.2.27 Updated: June 29, 2026

LOW

wp-configurator-pro

Score: N/A WP Configurator Pro <= 3.7.9 - Missing Authorization Affected: *-3.7.9 Patched: 3.8.0 Updated: June 29, 2026

LOW

wp_estimation_form

Score: N/A WP Cost Estimation < 10.3.0 - Missing Authorization Affected: [*, 10.3.0) Patched: 10.3.0 Updated: June 29, 2026

LOW

woocommerce-currency-switcher

Score: N/A FOX <= 1.4.5 - Authenticated (Shop manager+) SQL Injection Affected: *-1.4.5 Patched: 1.4.6 Updated: June 29, 2026

LOW

woo-product-filter

Score: N/A Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQL Injection Affected: [*, 3.1.3) Patched: 3.1.3 Updated: June 29, 2026

LOW

weforms

Score: N/A weForms – Easy Drag & Drop Contact Form Builder For WordPress <= 1.6.26 - Unauthenticated PHP Object Injection Affected: *-1.6.26 Patched: 1.6.27 Updated: June 29, 2026

LOW

vk-all-in-one-expansion-unit

Score: N/A VK All in One Expansion Unit <= 9.113.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-9.113.3 Patched: 9.113.4 Updated: June 29, 2026

LOW

vikrestaurants

Score: N/A VikRestaurants Table Reservations and Take-Away <= 1.5.2 - Reflected Cross-Site Scripting Affected: *-1.5.2 Patched: 1.5.3 Updated: June 29, 2026

LOW

user-verification

Score: N/A User Verification by PickPlugins <= 2.0.45 - Missing Authorization Affected: *-2.0.45 Patched: 2.0.46 Updated: June 29, 2026

LOW

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Score: N/A User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder <= 4.4.9 - Unauthenticated Remote Code Execution Affected: *-4.4.9 Patched: 5.1.3 Updated: June 29, 2026

LOW

tutor-pro

Score: N/A Tutor LMS Pro <= 3.9.8 - Missing Authorization Affected: *-3.9.8 Patched: 3.9.9 Updated: June 29, 2026

LOW

tlp-team

Score: N/A Team – Team Members Showcase Plugin <= 5.0.11 - Missing Authorization Affected: *-5.0.11 Patched: 5.0.12 Updated: June 29, 2026

LOW

themesflat-addons-for-elementor

Score: N/A themesflat-addons-for-elementor <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.3.2 Patched: 2.3.3 Updated: June 29, 2026

LOW

the-grid

Score: N/A The Grid < 2.8.0 - Missing Authorization Affected: [*, 2.8.0) Patched: 2.8.0 Updated: June 29, 2026

LOW

the-grid

Score: N/A The Grid < 2.8.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: [*, 2.8.0) Patched: 2.8.0 Updated: June 29, 2026

LOW

suretriggers

Score: N/A OttoKit <= 1.1.20 - Authenticated (Administrator+) SQL Injection Affected: *-1.1.20 Patched: 1.1.21 Updated: June 29, 2026

LOW

support-ticket-system-for-woocommerce

Score: N/A Helpdesk Support Ticket System for WooCommerce <= 2.1.2 - Missing Authorization Affected: *-2.1.2 Patched: 2.1.3 Updated: June 29, 2026

LOW

simply-gallery-block

Score: N/A Mixed Media Gallery Blocks <= 3.3.2 - Authenticated (Contributor+) Remote Code Execution Affected: *-3.3.2 Patched: 3.3.2.1 Updated: June 29, 2026

LOW

salon-booking-plugin-pro

Score: N/A Salon Booking System Pro < 10.30.12 - Missing Authorization Affected: [*, 10.30.12) Patched: 10.30.12 Updated: June 29, 2026

LOW

rsfirewall

Score: N/A RSFirewall! <= 1.1.45 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.1.45 Patched: 1.1.46 Updated: June 29, 2026

LOW

review-schema

Score: N/A Review Schema – Review & Structure Data Schema Plugin <= 2.2.6 - Authenticated (Subscriber+) Information Exposure Affected: *-2.2.6 Patched: 2.2.7 Updated: June 29, 2026

LOW

Five Star Restaurant Reservations – WordPress Booking Plugin

restaurant-reservations

Score: N/A Five Star Restaurant Reservations – WordPress Booking Plugin <= 2.7.9 - Missing Authorization Affected: *-2.7.9 Patched: 2.7.10 Updated: June 29, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid – User Profiles, Groups and Communities <= 5.9.8.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-5.9.8.1 Patched: 5.9.8.2 Updated: June 29, 2026

LOW

products-file-upload-for-woocommerce

Score: N/A Product File Upload for WooCommerce <= 2.2.4 - Unauthenticated Arbitrary File Deletion Affected: *-2.2.4 Patched: 2.2.5 Updated: June 29, 2026

LOW

password-protect-page

Score: N/A PPWP – Password Protect Pages <= 1.9.15 - Missing Authorization Affected: *-1.9.15 Patched: 1.9.16 Updated: June 29, 2026

LOW

OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)

oopspam-anti-spam

Score: N/A OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.62 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.2.62 Patched: 1.2.63 Updated: June 29, 2026

LOW

Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization

nelio-ab-testing

Score: 81/100 Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization <= 8.2.7 - Authenticated (Editor+) Remote Code Execution Affected: *-8.2.7 Patched: 8.2.8 Updated: June 29, 2026

LOW

naturalife-extensions

Score: N/A NaturaLife Extensions <= 2.1 - Unauthenticated Local File Inclusion Affected: *-2.1 Patched: 2.2 Updated: June 29, 2026

LOW

naturalife-extensions

Score: N/A NaturaLife Extensions <= 2.1 - Reflected Cross-Site Scripting Affected: *-2.1 Patched: 2.2 Updated: June 29, 2026

LOW

lead-form-builder

Score: 93/100 Lead Form Builder & Contact Form <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026

LOW

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Score: 83/100 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-5.2.6 Patched: 5.2.7 Updated: June 29, 2026

LOW

kivicare-clinic-management-system

Score: 93/100 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.16 - Reflected Cross-Site Scripting Affected: *-3.6.16 Patched: 4.0.0 Updated: June 29, 2026

LOW

kivicare-clinic-management-system

Score: 93/100 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.16 - Missing Authorization Affected: *-3.6.16 Patched: 4.0.0 Updated: June 29, 2026

LOW

js-support-ticket

Score: 93/100 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.3 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-3.0.3 Patched: 3.0.4 Updated: June 29, 2026

LOW

jetformbuilder

Score: 93/100 JetFormBuilder — Dynamic Blocks Form Builder <= 3.5.6.1 - Authenticated (Contributor+) Remote Code Execution Affected: *-3.5.6.1 Patched: 3.5.6.2 Updated: June 29, 2026

LOW

insert-php

Score: 93/100 Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts <= 2.7.1 - Authenticated (Contributor+) Remote Code Execution Affected: *-2.7.1 Patched: 2.7.2 Updated: June 29, 2026

LOW

indeed-membership-pro

Score: 93/100 Indeed Membership Pro <= 13.7 - Missing Authorization Affected: *-13.7 Patched: 13.7.1 Updated: June 29, 2026

LOW

gyan-elements

Score: 93/100 Gyan Elements <= 2.2.1 - Reflected Cross-Site Scripting Affected: *-2.2.1 Patched: 2.2.2 Updated: June 29, 2026

LOW

form-maker

Score: 93/100 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder < 1.15.38 - Unauthenticated SQL Injection Affected: [*, 1.15.38) Patched: 1.15.38 Updated: June 29, 2026

LOW

file-uploader-for-woocommerce

Score: 91/100 File Uploader for WooCommerce <= 1.0.4 - Unauthenticated Path Traversal Affected: *-1.0.4 Patched: Updated: June 29, 2026

LOW

elementinvader-addons-for-elementor

Score: 93/100 ElementInvader Addons for Elementor <= 1.4.2 - Authenticated (Subscriber+) SQL Injection Affected: *-1.4.2 Patched: 1.4.3 Updated: June 29, 2026

LOW

dsgvo-leaflet-map

Score: 93/100 DSGVO snippet for Leaflet Map and its Extensions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute Affected: *-3.1 Patched: 3.4 Updated: June 29, 2026

LOW

directorypress

Score: 93/100 DirectoryPress <= 3.6.26 - Unauthenticated Information Exposure Affected: *-3.6.26 Patched: 3.6.27 Updated: June 29, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.2.2 - Missing Authorization Affected: *-28.1.2.2 Patched: 28.1.3 Updated: June 29, 2026

LOW

contact-manager

Score: 91/100 Contact Manager <= 9.1 - Reflected Cross-Site Scripting Affected: *-9.1 Patched: 9.1.1 Updated: June 29, 2026

LOW

contact-form-to-email

Score: 93/100 Contact Form Email <= 1.3.63 - Missing Authorization Affected: *-1.3.63 Patched: 1.3.64 Updated: June 29, 2026

LOW

commerce-coinbase-for-woocommerce

Score: 91/100 Coinbase Commerce – Crypto Gateway for WooCommerce <= 1.6.6 - Missing Authorization Affected: *-1.6.6 Patched: Updated: June 29, 2026

LOW

booking-and-rental-manager-for-woocommerce

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder <= 2.10.1.2 - Authenticated (Contributor+) SQL Injection Affected: *-2.10.1.2 Patched: 2.10.1.5 Updated: June 29, 2026

LOW

bdthemes-element-pack-lite

Score: 93/100 Element Pack Elementor Addons <= 8.4.2 - Authenticated (Editor+) SQL Injection Affected: *-8.4.2 Patched: 8.5.0 Updated: June 29, 2026

LOW

addons-for-elementor-builder

Score: 97/100 Vertex Addons for Elementor <= 1.6.4 - Missing Authorization Affected: *-1.6.4 Patched: 1.7.0 Updated: June 29, 2026

LOW

addon-jobsearch-chat

Score: 97/100 Addon Jobsearch Chat <= 3.0 - Unauthenticated SQL Injection Affected: *-3.0 Patched: 3.1 Updated: June 29, 2026

LOW

addon-jobsearch-chat

Score: 97/100 Addon Jobsearch Chat <= 3.0 - Reflected Cross-Site Scripting Affected: *-3.0 Patched: 3.1 Updated: June 29, 2026

LOW

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Score: 76/100 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure Affected: *-51.1.49 Patched: 51.1.51 Updated: June 29, 2026

LOW

sina-extension-for-elementor

Score: N/A Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget` Affected: *-3.7.0 Patched: 3.7.1 Updated: June 29, 2026

LOW

reviewx

Score: N/A ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure Affected: *-2.2.12 Patched: 2.3.0 Updated: June 29, 2026

LOW

reviewx

Score: N/A ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Limited Remote Code Execution Affected: *-2.2.12 Patched: 2.3.0 Updated: June 29, 2026

LOW

reviewx

Score: N/A ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export Affected: *-2.2.12 Patched: 2.3.0 Updated: June 29, 2026

LOW

reviewx

Score: N/A ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation Affected: *-2.2.10 Patched: 2.2.12 Updated: June 29, 2026

LOW

WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters

wp-google-map-plugin

Score: 74/100 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter Affected: *-4.9.1 Patched: 4.9.2 Updated: June 29, 2026

LOW

Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms

simple-tags

Score: 70/100 TaxoPress <= 3.44.0 - Authenticated (Editor+) SQL Injection Affected: *-3.44.0 Patched: 3.45.0 Updated: June 29, 2026

LOW

Simple History – Track, Log, and Audit WordPress Changes

simple-history

Score: 77/100 Simple History <= 5.24.0 - Unauthenticated Information Exposure Affected: *-5.24.0 Patched: 5.24.1 Updated: June 29, 2026

LOW

post-expirator

Score: N/A Post Expirator <= 4.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.9.4 Patched: 4.10.0 Updated: June 29, 2026

LOW

bus-ticket-booking-with-seat-reservation

Score: 91/100 Bus Ticket Booking with Seat Reservation < 5.6.5 - Unauthenticated Information Exposure Affected: [*, 5.6.5) Patched: 5.6.5 Updated: June 29, 2026

LOW

12-step-meeting-list

Score: 97/100 12 Step Meeting List <= 3.19.9 - Missing Authorization Affected: *-3.19.9 Patched: 3.19.10 Updated: June 29, 2026

LOW

12-step-meeting-list

Score: 97/100 12 Step Meeting List <= 3.19.9 - Unauthenticated Information Exposure Affected: *-3.19.9 Patched: 3.19.10 Updated: June 29, 2026

LOW

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

Score: 89/100 Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute Affected: *-27.1.1 Patched: 27.2 Updated: June 29, 2026

LOW

WP Extended – The Ultimate WordPress Toolkit

wpextended

Score: N/A The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module Affected: *-3.2.4 Patched: 3.2.5 Updated: June 29, 2026

LOW

import-users-from-csv-with-meta

Score: 93/100 Import and export users and customers <= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields Affected: *-1.29.7 Patched: 2.0 Updated: June 29, 2026

LOW

tour-booking-manager

Score: N/A WpTravelly <= 2.1.7 - Missing Authorization Affected: *-2.1.7 Patched: 2.1.8 Updated: June 29, 2026

LOW

jetformbuilder

Score: 93/100 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field Affected: *-3.5.6.2 Patched: 3.5.6.3 Updated: June 29, 2026

Showing 1701 to 1800 of 36190 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 16:12 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List