Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36189

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
user-admin-simplifier	user-admin-simplifier	N/A	User Admin Simplifier <= 3.0.0 - Cross-Site Request Forgery	LOW	*-3.0.0	3.0.1	June 28, 2026
ymc-smart-filter	ymc-smart-filter	N/A	YMC Filter <= 3.11.5 - Unauthenticated SQL Injection	LOW	*-3.11.5	3.11.6	June 28, 2026
wp-meta-data-filter-and-taxonomy-filter	wp-meta-data-filter-and-taxonomy-filter	N/A	MDTF – Meta Data and Taxonomies Filter <= 1.3.7 - Unauthenticated SQL Injection	LOW	*-1.3.7	1.3.8	June 28, 2026
wp-meta-data-filter-and-taxonomy-filter	wp-meta-data-filter-and-taxonomy-filter	N/A	MDTF – Meta Data and Taxonomies Filter <= 1.3.8 - Unauthenticated Local File Inclusion	LOW	*-1.3.8	1.3.9	June 28, 2026
wp-easy-pay	wp-easy-pay	N/A	WP Easy Pay – Payment and Donation form Builder for Square <= 4.5.0 - Cross-Site Request Forgery	LOW	*-4.5.0		June 28, 2026
woosquare	woosquare	N/A	WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce <= 4.7.3 - Unauthenticated Information Exposure	LOW	*-4.7.3	4.7.4	June 28, 2026
wc-vendors	wc-vendors	N/A	WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.8 - Authenticated (Subscriber+) SQL Injection	LOW	*-2.6.8	2.6.9	June 28, 2026
vitepos-lite	vitepos-lite	N/A	Vitepos – Point of Sale (POS) for WooCommerce <= 3.4.2 - Unauthenticated Information Exposure	LOW	*-3.4.2	3.4.3	June 28, 2026
trinity-backup	trinity-backup	N/A	Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 - Unauthenticated Information Exposure	LOW	*-2.0.9	2.0.10	June 28, 2026
syncee-global-dropshipping	syncee-global-dropshipping	N/A	Syncee Premium Dropshipping & Wholesale <= 1.0.27 - Missing Authorization	LOW	*-1.0.27	1.0.28	June 28, 2026
stylish-cost-calculator	stylish-cost-calculator	N/A	Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator <= 8.3.9 - Missing Authorization	LOW	*-8.3.9	8.3.10	June 28, 2026
Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini	royal-mcp	96	Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini <= 1.4.25 - Missing Authorization	LOW	*-1.4.25	1.4.26	June 28, 2026
premmerce-woocommerce-wishlist	premmerce-woocommerce-wishlist	N/A	Premmerce Wishlist for WooCommerce <= 1.1.11 - Unauthenticated SQL Injection	LOW	*-1.1.11	1.1.12	June 28, 2026
ocean-product-sharing	ocean-product-sharing	N/A	Ocean Product Sharing <= 2.2.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting	LOW	*-2.2.2	2.2.3	June 28, 2026
newsletters-lite	newsletters-lite	N/A	Newsletters <= 4.13 - Missing Authorization	LOW	*-4.13	4.14	June 28, 2026
media-library-assistant	media-library-assistant	N/A	Media Library Assistant <= 3.35 - Authenticated (Contributor+) SQL Injection	LOW	*-3.35	3.36	June 28, 2026
h5p	h5p	93	Interactive Content – H5P <= 1.17.6 - Reflected Cross-Site Scripting	LOW	*-1.17.6	1.17.7	June 28, 2026
fusion-builder	fusion-builder	93	Avada (Fusion) Builder <= 3.15.4 - Authenticated (Contributor+) Privilege Escalation	LOW	*-3.15.4	3.15.5	June 28, 2026
food-and-drink-menu	food-and-drink-menu	93	Five Star Restaurant Menu and Food Ordering <= 2.5.2 - Missing Authorization	LOW	*-2.5.2	2.5.3	June 28, 2026
enable-cors	enable-cors	N/A	Enable CORS <= 2.0.3 - Backdoor	LOW	*-2.0.3	2.0.4	June 28, 2026
bricksable	bricksable	93	Bricksable for Bricks Builder <= 1.6.83 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.6.83	1.6.84	June 28, 2026
all-in-one-intranet	all-in-one-intranet	N/A	Intranet & Private Site – All-In-One Intranet <= 1.8.1 - Missing Authorization	LOW	*-1.8.1	1.9.0	June 28, 2026
slideshow-gallery	slideshow-gallery	N/A	Slideshow Gallery LITE <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alwaysauto' Shortcode Attribute	LOW	*-1.8.5	1.8.6	June 28, 2026
fancy-testimonials	fancy-testimonials	N/A	Fancy Testimonials <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.0		June 28, 2026
cf7-to-zapier	cf7-to-zapier	N/A	CF7 to Webhook <= 5.0.0 - Unauthenticated Server-Side Request Forgery via CF7 Field Placeholder in Webhook URL Host	LOW	*-5.0.0	5.0.1	June 28, 2026
appointment-booking-calendar	appointment-booking-calendar	97	Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter	LOW	*-1.4.01	1.4.02	June 28, 2026
powerpress	powerpress	N/A	PowerPress Podcasting plugin by Blubrry <= 11.16.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'embed' Episode Meta Field	LOW	*-11.16.8	11.16.9	June 28, 2026
userswp	userswp	N/A	UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter	LOW	*-1.2.63	1.2.64	June 28, 2026
customize-my-account-for-woocommerce	customize-my-account-for-woocommerce	93	SysBasics Customize My Account for WooCommerce <= 4.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-4.3.6	4.3.7	June 28, 2026
customize-my-account-for-woocommerce	customize-my-account-for-woocommerce	93	SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter	LOW	*-4.3.6	4.3.7	June 28, 2026
tutor	tutor	N/A	Tutor LMS <= 3.9.11 - Authenticated (Administrator+) SQL Injection via 'data' Parameter	LOW	*-3.9.11	3.9.12	June 28, 2026
simple-membership	simple-membership	N/A	Simple Membership <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation via Forged Stripe 'charge.refunded' Webhook	LOW	*-4.7.5	4.7.6	June 28, 2026
services-section	services-section	N/A	Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute	LOW	*-1.4.4	1.4.5	June 28, 2026
pressprimer-quiz	pressprimer-quiz	N/A	PressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via 'quiz_id', 'item_id', and 'rule_id' Parameters	LOW	*-2.3.0	2.3.1	June 28, 2026
themeisle-companion	themeisle-companion	N/A	Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu-item-icon' Parameter	LOW	*-3.0.6	3.0.7	June 28, 2026
woo-order-export-lite	woo-order-export-lite	N/A	Advanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' Parameter	LOW	*-4.0.10	4.1.0	June 28, 2026
cf-images	cf-images	93	Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action	LOW	*-1.10.2	1.10.3	June 28, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	kadence-blocks	91	Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization	LOW	*-3.7.5	3.7.6	June 28, 2026
form-maker	form-maker	93	Form Maker by 10Web <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection via 'groupids' Parameter	LOW	*-1.15.43	1.15.44	June 28, 2026
form-maker	form-maker	93	Form Maker by 10Web <= 1.15.43 - Authenticated (Administrator+) SQL Injection via 'name' Parameter	LOW	*-1.15.43	1.15.44	June 28, 2026
eventkoi-lite	eventkoi-lite	N/A	Event Koi Lite <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via REST API Endpoints	LOW	*-1.3.13.1	1.3.14.0	June 28, 2026
Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance	accessibility-checker	89	Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter	LOW	*-1.42.1	1.43.0	June 28, 2026
e2pdf	e2pdf	93	E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter	LOW	*-1.32.26	1.32.31	June 28, 2026
dokan-lite	dokan-lite	93	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers	LOW	*-5.0.3	5.0.4	June 28, 2026
wpdatatables	wpdatatables	N/A	wpDataTables (Premium) <= 7.4 - Unauthenticated SQL Injection	LOW	*-7.4	7.4.1	June 28, 2026
wp-travel-blocks	wp-travel-blocks	N/A	WP Travel Gutenberg Blocks <= 3.9.4 - Unauthenticated SQL Injection	LOW	*-3.9.4	3.9.5	June 28, 2026
SlimStat Analytics	wp-slimstat	N/A	SlimStat Analytics <= 5.4.11 - Authenticated (Subscriber+) SQL Injection	LOW	*-5.4.11	5.4.12	June 28, 2026
wp-photo-album-plus	wp-photo-album-plus	N/A	WP Photo Album Plus <= 9.1.13.005 - Unauthenticated SQL Injection	LOW	*-9.1.13.005	9.2.01.001	June 28, 2026
widget-options	widget-options	N/A	Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets <= 4.2.3 - Authenticated (Contributor+) Remote Code Execution	LOW	*-4.2.3	4.2.4	June 28, 2026
visual-link-preview	visual-link-preview	N/A	Visual Link Preview <= 2.3.1 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-2.3.1	2.4.0	June 28, 2026
suredash	suredash	N/A	SureDash – Community, Courses & Member Dashboard <= 1.8.0 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.8.0	1.8.1	June 28, 2026
supportcandy	supportcandy	N/A	SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.6 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-3.4.6	3.4.7	June 28, 2026
salesmanago	salesmanago	N/A	SALESmanago & Leadoo <= 3.11.2 - Authenticated (Subscriber+) SQL Injection	LOW	*-3.11.2	3.11.3	June 28, 2026
Five Star Restaurant Reservations – WordPress Booking Plugin	restaurant-reservations	N/A	Five Star Restaurant Reservations – WordPress Booking Plugin <= 2.7.19 - Missing Authorization	LOW	*-2.7.19	2.7.20	June 28, 2026
quick-adsense-reloaded	quick-adsense-reloaded	N/A	Quads Ads Manager for Google AdSense <= 3.0.3 - Unauthenticated Information Exposure	LOW	*-3.0.3	3.0.4	June 28, 2026
optimole-wp	optimole-wp	N/A	Optimole – Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action	LOW	*-4.2.6	4.2.7	June 28, 2026
object-cache-4-everyone	object-cache-4-everyone	N/A	Object Cache 4 everyone <= 2.3.2 - Information Exposure	LOW	*-2.3.2	2.3.3	June 28, 2026
mstore-api	mstore-api	N/A	MStore API – Create Native Android & iOS Apps On The Cloud <= 4.18.4 - Missing Authorization	LOW	*-4.18.4	4.19.0	June 28, 2026
motors-car-dealership-classified-listings	motors-car-dealership-classified-listings	N/A	Motors – Car Dealership & Classified Listings Plugin <= 1.4.109 - Authenticated (Subscriber+) Local File Inclusion	LOW	*-1.4.109	1.4.110	June 28, 2026
motors-car-dealership-classified-listings	motors-car-dealership-classified-listings	N/A	Motors – Car Dealership & Classified Listings Plugin <= 1.4.109 - Unauthenticated SQL Injection	LOW	*-1.4.109	1.4.110	June 28, 2026
motors-car-dealership-classified-listings	motors-car-dealership-classified-listings	N/A	Motors – Car Dealership & Classified Listings Plugin <= 1.4.109 - Missing Authorization	LOW	*-1.4.109	1.4.110	June 28, 2026
listdom	listdom	93	Listdom: AI-powered Business Directory with Classifieds Ads Listings <= 5.4.0 - Unauthenticated SQL Injection	LOW	*-5.4.0	5.5.0	June 28, 2026
jet-booking	jet-booking	93	JetBooking <= 4.0.4.1 - Unauthenticated SQL Injection	LOW	*-4.0.4.1	4.0.4.2	June 28, 2026
gutenverse-companion	gutenverse-companion	N/A	Gutenverse Companion <= 2.5.0 - Missing Authorization	LOW	*-2.5.0	2.5.1	June 28, 2026
gift4u-gift-cards-all-in-one-for-woo	gift4u-gift-cards-all-in-one-for-woo	N/A	GIFT4U – Gift Cards All in One for Woo <= 1.0.10 - Unauthenticated SQL Injection	LOW	*-1.0.10	1.1.0	June 28, 2026
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory	geodirectory	66	GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.162 - Unauthenticated SQL Injection	LOW	*-2.8.162	2.8.163	June 28, 2026
firebox	firebox	93	FireBox Popups <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter	LOW	*-3.1.7	3.1.8	June 28, 2026
cartasi-x-pay	cartasi-x-pay	93	Nexi XPay <= 8.3.1 - Missing Authorization	LOW	*-8.3.1	8.3.2	June 28, 2026
cargo-shipping-location-for-woocommerce	cargo-shipping-location-for-woocommerce	N/A	Cargo Shipping Location for WooCommerce <= 5.6 - Unauthenticated SQL Injection	LOW	*-5.6	5.7	June 28, 2026
Advanced Ads – Ad Manager & AdSense	advanced-ads	80	Advanced Ads – Ad Manager & AdSense <= 2.0.21 - Authenticated (Contributor+) Remote Code Execution	LOW	*-2.0.21	2.0.22	June 28, 2026
contest-gallery	contest-gallery	93	Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter	LOW	*-30.0.2	30.0.3	June 28, 2026
mycred	mycred	N/A	myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute	LOW	*-3.1	3.1.1	June 28, 2026
permalink-manager	permalink-manager	N/A	Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title	LOW	*-2.5.3.3	2.5.3.4	June 28, 2026
WP Activity Log	wp-security-audit-log	N/A	WP Activity Log <= 5.6.3.1 - Unauthenticated PHP Object Injection	LOW	*-5.6.3.1	5.6.4	June 28, 2026
wp-jobsearch	wp-jobsearch	N/A	JobSearch WP Job Board <= 3.2.9 - Unauthenticated SQL Injection	LOW	*-3.2.9	3.3.0	June 28, 2026
wp-emember	wp-emember	N/A	Wp EMember < v10.9.4 - Unauthenticated SQL Injection	LOW	[*, v10.9.4)	v10.9.4	June 28, 2026
sms-alert	sms-alert	N/A	SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery <= 3.9.3 - Missing Authorization	LOW	*-3.9.3	3.9.4	June 28, 2026
registration-form-for-woocommerce	registration-form-for-woocommerce	N/A	Registration Form for WooCommerce <= 1.0.9 - Unauthenticated Privilege Escalation	LOW	*-1.0.9	1.1.0	June 28, 2026
melhor-envio-cotacao	melhor-envio-cotacao	N/A	Melhor Envio <= 2.16.3 - Missing Authorization	LOW	*-2.16.3	2.16.4	June 28, 2026
jetformbuilder	jetformbuilder	93	JetFormBuilder — Dynamic Blocks Form Builder <= 3.6.0.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.6.0.1	3.6.1	June 28, 2026
jetformbuilder	jetformbuilder	93	JetFormBuilder — Dynamic Blocks Form Builder <= 3.6.1 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-3.6.1	3.6.1.1	June 28, 2026
jet-engine	jet-engine	93	JetEngine <= 3.8.10 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.8.10	3.8.10.1	June 28, 2026
jet-engine	jet-engine	93	JetEngine <= 3.8.10 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.8.10	3.8.10.1	June 28, 2026
jet-engine	jet-engine	93	JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection via Listing Grid Load More AJAX Endpoint	LOW	*-3.8.10.1	3.8.10.2	June 28, 2026
fusion-builder	fusion-builder	93	Avada (Fusion) Builder <= 3.15.4 - Authenticated (Contributor+) Arbitrary File Deletion	LOW	*-3.15.4	3.15.5	June 28, 2026
falang	falang	93	Falang multilanguage for WordPress <= 1.4.2 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.4.2	1.4.3	June 28, 2026
counter-box	counter-box	93	Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import	LOW	*-2.0.13	2.0.14	June 28, 2026
cornerstone	cornerstone	91	Cornerstone < 7.8.8 - Authenticated (Subscriber+) SQL Injection	LOW	[*, 7.8.8)	7.8.8	June 28, 2026
clean-login	clean-login	93	Clean Login <= 1.15 - Unauthenticated Insecure Direct Object Reference	LOW	*-1.15	1.16	June 28, 2026
ays-popup-box	ays-popup-box	93	Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 6.2.9 - Reflected Cross-Site Scripting	LOW	*-6.2.9	6.3.0	June 28, 2026
WooCommerce Stripe Payment Gateway	woocommerce-gateway-stripe	N/A	WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' Parameter	LOW	*-10.7.0	10.8.0	June 28, 2026
LatePoint – Calendar Booking Plugin for Appointments and Events	latepoint	83	LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password Reset	LOW	*-5.5.1	5.5.2	June 28, 2026
wp-review-slider-pro	wp-review-slider-pro	N/A	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter	LOW	*-12.6.8	12.7.0	June 28, 2026
File Sharing & Download Manager – User Private Files	user-private-files	96	File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter	LOW	*-2.1.6	2.1.7	June 28, 2026
wp-review-slider-pro	wp-review-slider-pro	N/A	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter	LOW	*-12.6.8	12.7.0	June 28, 2026
rometheme-for-elementor	rometheme-for-elementor	N/A	RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter	LOW	*-2.0.7	2.0.8	June 28, 2026
King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	king-addons	76	King Addons for Elementor <= 51.1.62 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'form_page_id' Parameter	LOW	*-51.1.62	51.1.63	June 28, 2026
wp-review-slider-pro	wp-review-slider-pro	N/A	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' Parameter	LOW	*-12.6.8	12.7.0	June 28, 2026
static-block	static-block	N/A	Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute	LOW	*-2.2		June 28, 2026
abandoned-contact-form-7	abandoned-contact-form-7	95	Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter	LOW	*-2.2		June 28, 2026

LOW

user-admin-simplifier

Score: N/A User Admin Simplifier <= 3.0.0 - Cross-Site Request Forgery Affected: *-3.0.0 Patched: 3.0.1 Updated: June 28, 2026

LOW

ymc-smart-filter

Score: N/A YMC Filter <= 3.11.5 - Unauthenticated SQL Injection Affected: *-3.11.5 Patched: 3.11.6 Updated: June 28, 2026

LOW

wp-meta-data-filter-and-taxonomy-filter

Score: N/A MDTF – Meta Data and Taxonomies Filter <= 1.3.7 - Unauthenticated SQL Injection Affected: *-1.3.7 Patched: 1.3.8 Updated: June 28, 2026

LOW

wp-meta-data-filter-and-taxonomy-filter

Score: N/A MDTF – Meta Data and Taxonomies Filter <= 1.3.8 - Unauthenticated Local File Inclusion Affected: *-1.3.8 Patched: 1.3.9 Updated: June 28, 2026

LOW

wp-easy-pay

Score: N/A WP Easy Pay – Payment and Donation form Builder for Square <= 4.5.0 - Cross-Site Request Forgery Affected: *-4.5.0 Patched: Updated: June 28, 2026

LOW

woosquare

Score: N/A WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce <= 4.7.3 - Unauthenticated Information Exposure Affected: *-4.7.3 Patched: 4.7.4 Updated: June 28, 2026

LOW

wc-vendors

Score: N/A WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.8 - Authenticated (Subscriber+) SQL Injection Affected: *-2.6.8 Patched: 2.6.9 Updated: June 28, 2026

LOW

vitepos-lite

Score: N/A Vitepos – Point of Sale (POS) for WooCommerce <= 3.4.2 - Unauthenticated Information Exposure Affected: *-3.4.2 Patched: 3.4.3 Updated: June 28, 2026

LOW

trinity-backup

Score: N/A Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 - Unauthenticated Information Exposure Affected: *-2.0.9 Patched: 2.0.10 Updated: June 28, 2026

LOW

syncee-global-dropshipping

Score: N/A Syncee Premium Dropshipping & Wholesale <= 1.0.27 - Missing Authorization Affected: *-1.0.27 Patched: 1.0.28 Updated: June 28, 2026

LOW

stylish-cost-calculator

Score: N/A Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator <= 8.3.9 - Missing Authorization Affected: *-8.3.9 Patched: 8.3.10 Updated: June 28, 2026

LOW

Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini

royal-mcp

Score: 96/100 Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini <= 1.4.25 - Missing Authorization Affected: *-1.4.25 Patched: 1.4.26 Updated: June 28, 2026

LOW

premmerce-woocommerce-wishlist

Score: N/A Premmerce Wishlist for WooCommerce <= 1.1.11 - Unauthenticated SQL Injection Affected: *-1.1.11 Patched: 1.1.12 Updated: June 28, 2026

LOW

ocean-product-sharing

Score: N/A Ocean Product Sharing <= 2.2.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting Affected: *-2.2.2 Patched: 2.2.3 Updated: June 28, 2026

LOW

newsletters-lite

Score: N/A Newsletters <= 4.13 - Missing Authorization Affected: *-4.13 Patched: 4.14 Updated: June 28, 2026

LOW

media-library-assistant

Score: N/A Media Library Assistant <= 3.35 - Authenticated (Contributor+) SQL Injection Affected: *-3.35 Patched: 3.36 Updated: June 28, 2026

LOW

h5p

Score: 93/100 Interactive Content – H5P <= 1.17.6 - Reflected Cross-Site Scripting Affected: *-1.17.6 Patched: 1.17.7 Updated: June 28, 2026

LOW

fusion-builder

Score: 93/100 Avada (Fusion) Builder <= 3.15.4 - Authenticated (Contributor+) Privilege Escalation Affected: *-3.15.4 Patched: 3.15.5 Updated: June 28, 2026

LOW

food-and-drink-menu

Score: 93/100 Five Star Restaurant Menu and Food Ordering <= 2.5.2 - Missing Authorization Affected: *-2.5.2 Patched: 2.5.3 Updated: June 28, 2026

LOW

enable-cors

Score: N/A Enable CORS <= 2.0.3 - Backdoor Affected: *-2.0.3 Patched: 2.0.4 Updated: June 28, 2026

LOW

bricksable

Score: 93/100 Bricksable for Bricks Builder <= 1.6.83 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.6.83 Patched: 1.6.84 Updated: June 28, 2026

LOW

all-in-one-intranet

Score: N/A Intranet & Private Site – All-In-One Intranet <= 1.8.1 - Missing Authorization Affected: *-1.8.1 Patched: 1.9.0 Updated: June 28, 2026

LOW

slideshow-gallery

Score: N/A Slideshow Gallery LITE <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alwaysauto' Shortcode Attribute Affected: *-1.8.5 Patched: 1.8.6 Updated: June 28, 2026

LOW

fancy-testimonials

Score: N/A Fancy Testimonials <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 28, 2026

LOW

cf7-to-zapier

Score: N/A CF7 to Webhook <= 5.0.0 - Unauthenticated Server-Side Request Forgery via CF7 Field Placeholder in Webhook URL Host Affected: *-5.0.0 Patched: 5.0.1 Updated: June 28, 2026

LOW

appointment-booking-calendar

Score: 97/100 Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter Affected: *-1.4.01 Patched: 1.4.02 Updated: June 28, 2026

LOW

Score: N/A PowerPress Podcasting plugin by Blubrry <= 11.16.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'embed' Episode Meta Field Affected: *-11.16.8 Patched: 11.16.9 Updated: June 28, 2026

LOW

userswp

Score: N/A UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter Affected: *-1.2.63 Patched: 1.2.64 Updated: June 28, 2026

LOW

customize-my-account-for-woocommerce

Score: 93/100 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-4.3.6 Patched: 4.3.7 Updated: June 28, 2026

LOW

customize-my-account-for-woocommerce

Score: 93/100 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter Affected: *-4.3.6 Patched: 4.3.7 Updated: June 28, 2026

LOW

tutor

Score: N/A Tutor LMS <= 3.9.11 - Authenticated (Administrator+) SQL Injection via 'data' Parameter Affected: *-3.9.11 Patched: 3.9.12 Updated: June 28, 2026

LOW

simple-membership

Score: N/A Simple Membership <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation via Forged Stripe 'charge.refunded' Webhook Affected: *-4.7.5 Patched: 4.7.6 Updated: June 28, 2026

LOW

services-section

Score: N/A Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute Affected: *-1.4.4 Patched: 1.4.5 Updated: June 28, 2026

LOW

pressprimer-quiz

Score: N/A PressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via 'quiz_id', 'item_id', and 'rule_id' Parameters Affected: *-2.3.0 Patched: 2.3.1 Updated: June 28, 2026

LOW

themeisle-companion

Score: N/A Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu-item-icon' Parameter Affected: *-3.0.6 Patched: 3.0.7 Updated: June 28, 2026

LOW

woo-order-export-lite

Score: N/A Advanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' Parameter Affected: *-4.0.10 Patched: 4.1.0 Updated: June 28, 2026

LOW

cf-images

Score: 93/100 Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action Affected: *-1.10.2 Patched: 1.10.3 Updated: June 28, 2026

LOW

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

Score: 91/100 Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization Affected: *-3.7.5 Patched: 3.7.6 Updated: June 28, 2026

LOW

form-maker

Score: 93/100 Form Maker by 10Web <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection via 'groupids' Parameter Affected: *-1.15.43 Patched: 1.15.44 Updated: June 28, 2026

LOW

form-maker

Score: 93/100 Form Maker by 10Web <= 1.15.43 - Authenticated (Administrator+) SQL Injection via 'name' Parameter Affected: *-1.15.43 Patched: 1.15.44 Updated: June 28, 2026

LOW

eventkoi-lite

Score: N/A Event Koi Lite <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via REST API Endpoints Affected: *-1.3.13.1 Patched: 1.3.14.0 Updated: June 28, 2026

LOW

Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance

accessibility-checker

Score: 89/100 Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter Affected: *-1.42.1 Patched: 1.43.0 Updated: June 28, 2026

LOW

e2pdf

Score: 93/100 E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter Affected: *-1.32.26 Patched: 1.32.31 Updated: June 28, 2026

LOW

dokan-lite

Score: 93/100 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers Affected: *-5.0.3 Patched: 5.0.4 Updated: June 28, 2026

LOW

wpdatatables

Score: N/A wpDataTables (Premium) <= 7.4 - Unauthenticated SQL Injection Affected: *-7.4 Patched: 7.4.1 Updated: June 28, 2026

LOW

wp-travel-blocks

Score: N/A WP Travel Gutenberg Blocks <= 3.9.4 - Unauthenticated SQL Injection Affected: *-3.9.4 Patched: 3.9.5 Updated: June 28, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A SlimStat Analytics <= 5.4.11 - Authenticated (Subscriber+) SQL Injection Affected: *-5.4.11 Patched: 5.4.12 Updated: June 28, 2026

LOW

wp-photo-album-plus

Score: N/A WP Photo Album Plus <= 9.1.13.005 - Unauthenticated SQL Injection Affected: *-9.1.13.005 Patched: 9.2.01.001 Updated: June 28, 2026

LOW

widget-options

Score: N/A Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets <= 4.2.3 - Authenticated (Contributor+) Remote Code Execution Affected: *-4.2.3 Patched: 4.2.4 Updated: June 28, 2026

LOW

visual-link-preview

Score: N/A Visual Link Preview <= 2.3.1 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-2.3.1 Patched: 2.4.0 Updated: June 28, 2026

LOW

suredash

Score: N/A SureDash – Community, Courses & Member Dashboard <= 1.8.0 - Authenticated (Subscriber+) SQL Injection Affected: *-1.8.0 Patched: 1.8.1 Updated: June 28, 2026

LOW

supportcandy

Score: N/A SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.6 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-3.4.6 Patched: 3.4.7 Updated: June 28, 2026

LOW

salesmanago

Score: N/A SALESmanago & Leadoo <= 3.11.2 - Authenticated (Subscriber+) SQL Injection Affected: *-3.11.2 Patched: 3.11.3 Updated: June 28, 2026

LOW

Five Star Restaurant Reservations – WordPress Booking Plugin

restaurant-reservations

Score: N/A Five Star Restaurant Reservations – WordPress Booking Plugin <= 2.7.19 - Missing Authorization Affected: *-2.7.19 Patched: 2.7.20 Updated: June 28, 2026

LOW

quick-adsense-reloaded

Score: N/A Quads Ads Manager for Google AdSense <= 3.0.3 - Unauthenticated Information Exposure Affected: *-3.0.3 Patched: 3.0.4 Updated: June 28, 2026

LOW

optimole-wp

Score: N/A Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action Affected: *-4.2.6 Patched: 4.2.7 Updated: June 28, 2026

LOW

object-cache-4-everyone

Score: N/A Object Cache 4 everyone <= 2.3.2 - Information Exposure Affected: *-2.3.2 Patched: 2.3.3 Updated: June 28, 2026

LOW

mstore-api

Score: N/A MStore API – Create Native Android & iOS Apps On The Cloud <= 4.18.4 - Missing Authorization Affected: *-4.18.4 Patched: 4.19.0 Updated: June 28, 2026

LOW

motors-car-dealership-classified-listings

Score: N/A Motors – Car Dealership & Classified Listings Plugin <= 1.4.109 - Authenticated (Subscriber+) Local File Inclusion Affected: *-1.4.109 Patched: 1.4.110 Updated: June 28, 2026

LOW

motors-car-dealership-classified-listings

Score: N/A Motors – Car Dealership & Classified Listings Plugin <= 1.4.109 - Unauthenticated SQL Injection Affected: *-1.4.109 Patched: 1.4.110 Updated: June 28, 2026

LOW

motors-car-dealership-classified-listings

Score: N/A Motors – Car Dealership & Classified Listings Plugin <= 1.4.109 - Missing Authorization Affected: *-1.4.109 Patched: 1.4.110 Updated: June 28, 2026

LOW

listdom

Score: 93/100 Listdom: AI-powered Business Directory with Classifieds Ads Listings <= 5.4.0 - Unauthenticated SQL Injection Affected: *-5.4.0 Patched: 5.5.0 Updated: June 28, 2026

LOW

jet-booking

Score: 93/100 JetBooking <= 4.0.4.1 - Unauthenticated SQL Injection Affected: *-4.0.4.1 Patched: 4.0.4.2 Updated: June 28, 2026

LOW

gutenverse-companion

Score: N/A Gutenverse Companion <= 2.5.0 - Missing Authorization Affected: *-2.5.0 Patched: 2.5.1 Updated: June 28, 2026

LOW

gift4u-gift-cards-all-in-one-for-woo

Score: N/A GIFT4U – Gift Cards All in One for Woo <= 1.0.10 - Unauthenticated SQL Injection Affected: *-1.0.10 Patched: 1.1.0 Updated: June 28, 2026

LOW

GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

geodirectory

Score: 66/100 GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.162 - Unauthenticated SQL Injection Affected: *-2.8.162 Patched: 2.8.163 Updated: June 28, 2026

LOW

firebox

Score: 93/100 FireBox Popups <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter Affected: *-3.1.7 Patched: 3.1.8 Updated: June 28, 2026

LOW

cartasi-x-pay

Score: 93/100 Nexi XPay <= 8.3.1 - Missing Authorization Affected: *-8.3.1 Patched: 8.3.2 Updated: June 28, 2026

LOW

cargo-shipping-location-for-woocommerce

Score: N/A Cargo Shipping Location for WooCommerce <= 5.6 - Unauthenticated SQL Injection Affected: *-5.6 Patched: 5.7 Updated: June 28, 2026

LOW

Advanced Ads – Ad Manager & AdSense

advanced-ads

Score: 80/100 Advanced Ads – Ad Manager & AdSense <= 2.0.21 - Authenticated (Contributor+) Remote Code Execution Affected: *-2.0.21 Patched: 2.0.22 Updated: June 28, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter Affected: *-30.0.2 Patched: 30.0.3 Updated: June 28, 2026

LOW

mycred

Score: N/A myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute Affected: *-3.1 Patched: 3.1.1 Updated: June 28, 2026

LOW

permalink-manager

Score: N/A Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title Affected: *-2.5.3.3 Patched: 2.5.3.4 Updated: June 28, 2026

LOW

WP Activity Log

wp-security-audit-log

Score: N/A WP Activity Log <= 5.6.3.1 - Unauthenticated PHP Object Injection Affected: *-5.6.3.1 Patched: 5.6.4 Updated: June 28, 2026

LOW

wp-jobsearch

Score: N/A JobSearch WP Job Board <= 3.2.9 - Unauthenticated SQL Injection Affected: *-3.2.9 Patched: 3.3.0 Updated: June 28, 2026

LOW

wp-emember

Score: N/A Wp EMember < v10.9.4 - Unauthenticated SQL Injection Affected: [*, v10.9.4) Patched: v10.9.4 Updated: June 28, 2026

LOW

sms-alert

Score: N/A SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery <= 3.9.3 - Missing Authorization Affected: *-3.9.3 Patched: 3.9.4 Updated: June 28, 2026

LOW

registration-form-for-woocommerce

Score: N/A Registration Form for WooCommerce <= 1.0.9 - Unauthenticated Privilege Escalation Affected: *-1.0.9 Patched: 1.1.0 Updated: June 28, 2026

LOW

melhor-envio-cotacao

Score: N/A Melhor Envio <= 2.16.3 - Missing Authorization Affected: *-2.16.3 Patched: 2.16.4 Updated: June 28, 2026

LOW

jetformbuilder

Score: 93/100 JetFormBuilder — Dynamic Blocks Form Builder <= 3.6.0.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.6.0.1 Patched: 3.6.1 Updated: June 28, 2026

LOW

jetformbuilder

Score: 93/100 JetFormBuilder — Dynamic Blocks Form Builder <= 3.6.1 - Authenticated (Subscriber+) Privilege Escalation Affected: *-3.6.1 Patched: 3.6.1.1 Updated: June 28, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.8.10 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.8.10 Patched: 3.8.10.1 Updated: June 28, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.8.10 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.8.10 Patched: 3.8.10.1 Updated: June 28, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection via Listing Grid Load More AJAX Endpoint Affected: *-3.8.10.1 Patched: 3.8.10.2 Updated: June 28, 2026

LOW

fusion-builder

Score: 93/100 Avada (Fusion) Builder <= 3.15.4 - Authenticated (Contributor+) Arbitrary File Deletion Affected: *-3.15.4 Patched: 3.15.5 Updated: June 28, 2026

LOW

falang

Score: 93/100 Falang multilanguage for WordPress <= 1.4.2 - Authenticated (Subscriber+) Privilege Escalation Affected: *-1.4.2 Patched: 1.4.3 Updated: June 28, 2026

LOW

counter-box

Score: 93/100 Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import Affected: *-2.0.13 Patched: 2.0.14 Updated: June 28, 2026

LOW

cornerstone

Score: 91/100 Cornerstone < 7.8.8 - Authenticated (Subscriber+) SQL Injection Affected: [*, 7.8.8) Patched: 7.8.8 Updated: June 28, 2026

LOW

clean-login

Score: 93/100 Clean Login <= 1.15 - Unauthenticated Insecure Direct Object Reference Affected: *-1.15 Patched: 1.16 Updated: June 28, 2026

LOW

ays-popup-box

Score: 93/100 Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 6.2.9 - Reflected Cross-Site Scripting Affected: *-6.2.9 Patched: 6.3.0 Updated: June 28, 2026

LOW

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

Score: N/A WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' Parameter Affected: *-10.7.0 Patched: 10.8.0 Updated: June 28, 2026

LOW

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Score: 83/100 LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password Reset Affected: *-5.5.1 Patched: 5.5.2 Updated: June 28, 2026

LOW

wp-review-slider-pro

Score: N/A WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter Affected: *-12.6.8 Patched: 12.7.0 Updated: June 28, 2026

LOW

File Sharing & Download Manager – User Private Files

user-private-files

Score: 96/100 File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter Affected: *-2.1.6 Patched: 2.1.7 Updated: June 28, 2026

LOW

wp-review-slider-pro

Score: N/A WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter Affected: *-12.6.8 Patched: 12.7.0 Updated: June 28, 2026

LOW

rometheme-for-elementor

Score: N/A RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter Affected: *-2.0.7 Patched: 2.0.8 Updated: June 28, 2026

LOW

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Score: 76/100 King Addons for Elementor <= 51.1.62 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'form_page_id' Parameter Affected: *-51.1.62 Patched: 51.1.63 Updated: June 28, 2026

LOW

wp-review-slider-pro

Score: N/A WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' Parameter Affected: *-12.6.8 Patched: 12.7.0 Updated: June 28, 2026

LOW

static-block

Score: N/A Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute Affected: *-2.2 Patched: Updated: June 28, 2026

LOW

abandoned-contact-form-7

Score: 95/100 Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter Affected: *-2.2 Patched: Updated: June 28, 2026

Showing 101 to 200 of 36189 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 28, 2026 at 16:47 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List