Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

24926

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
secure-copy-content-protection	secure-copy-content-protection	N/A	Secure Copy Content Protection and Content Locking <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header	LOW	*-4.9.8	4.9.9	June 29, 2026
customer-reviews-woocommerce	customer-reviews-woocommerce	93	Customer Reviews for WooCommerce <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter	LOW	*-5.97.0	5.98.0	June 29, 2026
post-type-archive-mapping	post-type-archive-mapping	N/A	Custom Query Blocks <= 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.5.0	5.6.0	June 29, 2026
login-with-salesforce	login-with-salesforce	91	Login with Salesforce <= 1.0.2 - Authentication Bypass	LOW	*-1.0.2		June 29, 2026
content-protector	content-protector	93	Passster <= 4.2.25 - Missing Authorization	LOW	*-4.2.25	4.2.26	June 29, 2026
LatePoint – Calendar Booking Plugin for Appointments and Events	latepoint	83	LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure	LOW	*-5.2.6	5.2.7	June 29, 2026
slider-responsive-slideshow	slider-responsive-slideshow	N/A	Slider Responsive Slideshow – Image slider, Gallery slideshow <= 1.5.4 - Authenticated (Contributor+) PHP Object Injection	LOW	*-1.5.4		June 29, 2026
persian-woocommerce-sms	persian-woocommerce-sms	N/A	Persian Woocommerce SMS <= 7.1.1 - Reflected Cross-Site Scripting	LOW	*-7.1.1		June 29, 2026
pdf-for-wpforms	pdf-for-wpforms	N/A	PDF for WPForms <= 6.3.0 - Missing Authorization	LOW	*-6.3.0	6.3.1	June 29, 2026
pdf-for-elementor-forms	pdf-for-elementor-forms	N/A	PDF for Elementor Forms + Drag And Drop Template Builder <= 6.3.1 - Missing Authorization	LOW	*-6.3.1	6.5.0	June 29, 2026
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	paid-member-subscriptions	N/A	Paid Member Subscriptions <= 2.16.8 - Authenticated (Subscriber+) Insecure Direct Object Reference	LOW	*-2.16.8	2.16.9	June 29, 2026
openpix-for-woocommerce	openpix-for-woocommerce	N/A	OpenPix <= 2.13.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update	LOW	*-2.13.3		June 29, 2026
new-user-approve	new-user-approve	N/A	New User Approve <= 3.2.0 - Missing Authorization	LOW	*-3.2.0	3.2.1	June 29, 2026
new-image-gallery	new-image-gallery	N/A	Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery <= 1.6.0 - Authenticated (Contributor+) PHP Object Injection	LOW	*-1.6.0	1.6.1	June 29, 2026
Mollie Payments for WooCommerce	mollie-payments-for-woocommerce	92	Mollie Payments for WooCommerce <= 8.1.1 - Reflected Cross-Site Scripting	LOW	*-8.1.1	8.1.2	June 29, 2026
modal-popup-box	modal-popup-box	N/A	Modal Popup Box <= 1.6.1 - Authenticated (Contributor+) PHP Object Injection	LOW	*-1.6.1	1.6.2	June 29, 2026
masvideos	masvideos	91	MAS Videos <= 1.3.2 - Missing Authorization	LOW	*-1.3.2	1.3.3	June 29, 2026
learnpress-import-export	learnpress-import-export	93	LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion	LOW	*-4.1.0	4.1.1	June 29, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	kadence-blocks	91	Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization	LOW	*-3.5.32	3.6.0	June 29, 2026
js-support-ticket	js-support-ticket	93	JS Help Desk <= 3.0.1 - Authenticated (Subscriber+) SQL Injection	LOW	*-3.0.1	3.0.2	June 29, 2026
jet-engine	jet-engine	93	JetEngine <= 3.8.0 - Reflected Cross-Site Scripting	LOW	*-3.8.0	3.8.1	June 29, 2026
imoney	imoney	91	iMoney <= 0.36 - Reflected Cross-Site Scripting	LOW	*-0.36		June 29, 2026
final-tiles-grid-gallery-lite	final-tiles-grid-gallery-lite	93	Image Photo Gallery Final Tiles Grid <= 3.6.11 - Authenticated (Author+) Insecure Direct Object Reference	LOW	*-3.6.11	3.6.12	June 29, 2026
fastdup	fastdup	93	FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download	LOW	*-2.7.1	2.7.2	June 29, 2026
embed-pdf-viewer	embed-pdf-viewer	93	Embed PDF Viewer <= 2.4.7 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-2.4.7	2.4.8	June 29, 2026
Easy Table of Contents	easy-table-of-contents	95	Easy Table of Contents <= 2.0.80 - Cross-Site Request Forgery	LOW	*-2.0.80	2.0.81	June 29, 2026
duplicate-post	duplicate-post	97	Duplicate Post <= 3.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.2.3	3.2.4	June 29, 2026
cnvrse	cnvrse	93	Cnvrse < 026.02.10.20 - Unauthenticated Insecure Direct Object Reference	LOW	[*, 026.02.10.20)	026.02.10.20	June 29, 2026
byconsole-woo-order-delivery-time	byconsole-woo-order-delivery-time	91	WooODT Lite <= 2.5.5 - Unauthenticated Payment Bypass	LOW	*-2.5.5	2.5.6	June 29, 2026
bravis-addons	bravis-addons	93	Bravis Addons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-1.3.0	1.3.1	June 29, 2026
blog-filter	blog-filter	93	Blog Filter <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.7.6	1.7.7	June 29, 2026
listsearch	listsearch	91	BuddyHolis ListSearch <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute	LOW	*-1.1		June 29, 2026
flask-micro	flask-micro	91	IDE Micro code-editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute	LOW	*-1.0.0		June 29, 2026
kirilkirkov-pdf-invoice-manager	kirilkirkov-pdf-invoice-manager	93	Invoct – PDF Invoices & Billing for WooCommerce <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure	LOW	*-1.6	1.7	June 29, 2026
mma-call-tracking	mma-call-tracking	N/A	MMA Call Tracking <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-2.3.15		June 29, 2026
slideshow-wp	slideshow-wp	N/A	Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute	LOW	*-1.1		June 29, 2026
ione360-configurator	ione360-configurator	89	iONE360 configurator <= 2.0.57 - Unauthenticated Stored Cross-Site Scripting via Contact Form Parameters	LOW	*-2.0.57		June 29, 2026
html-shortcodes	html-shortcodes	91	HTML Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.1		June 29, 2026
category-image	category-image	91	Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter	LOW	*-2.0		June 29, 2026
microtango	microtango	N/A	Microtango <= 0.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.9.29	0.9.30	June 29, 2026
orbisius-random-name-generator	orbisius-random-name-generator	N/A	Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute	LOW	*-1.0.2	1.0.3	June 29, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings	LOW	*-2.10.0.5	2.10.0.6	June 29, 2026
Gallery by FooGallery	foogallery	82	Gallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure	LOW	*-3.1.9	3.1.10	June 29, 2026
real3d-flipbook-lite	real3d-flipbook-lite	N/A	Real 3D FlipBook <= 4.19.1 - Missing Authorization	LOW	*-4.19.1	4.19.2	June 29, 2026
Quiz Maker by AYS	quiz-maker	66	Quiz Maker <= 6.7.1.2 - Cross-Site Request Forgery	LOW	*-6.7.1.2	6.7.1.3	June 29, 2026
miraculous-el	miraculous-el	N/A	Miraculous Elementor <= 2.0.7 - Authenticated (Subscriber+) Privilege Escalation	LOW	*-2.0.7	2.0.8	June 29, 2026
Custom Block Builder – Lazy Blocks	lazy-blocks	96	Custom Block Builder – Lazy Blocks <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution	LOW	*-4.2.0	4.2.1	June 29, 2026
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	kadence-blocks	91	Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication	LOW	*-3.5.32	3.6.0	June 29, 2026
jw-player-7-for-wp	jw-player-7-for-wp	91	JW Player for WordPress <= 2.3.7 - Missing Authorization	LOW	*-2.3.7		June 29, 2026
Download Manager	download-manager	63	Download Manager <= 3.3.53 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-3.3.53	3.3.54	June 29, 2026
download-attachments	download-attachments	91	Download Attachments <= 1.4.0 - Unauthenticated Insecure Direct Object Reference	LOW	*-1.4.0		June 29, 2026
name-directory	name-directory	N/A	Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form	LOW	*-1.32.0	1.32.1	June 29, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action	LOW	*-3.14.0	3.14.1	June 29, 2026
popup-builder-block	popup-builder-block	N/A	PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion	LOW	*-2.2.0	2.2.1	June 29, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	fluentform	78	Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module	LOW	*-6.1.14	6.1.15	June 29, 2026
simple-retail-menus	simple-retail-menus	N/A	Simple Retail Menus <= 4.2.1 - Unauthenticated Local File Inclusion	LOW	*-4.2.1		June 29, 2026
Simple File List	simple-file-list	90	Simple File List <= 6.1.15 - Authenticated (Subscriber+) Arbitrary File Download	LOW	*-6.1.15	6.1.16	June 29, 2026
rvcfdi-para-woocommerce	rvcfdi-para-woocommerce	N/A	RVCFDI para Woocommerce <= 8.1.8 - Reflected Cross-Site Scripting	LOW	*-8.1.8		June 29, 2026
primer-mydata	primer-mydata	N/A	Primer MyData for Woocommerce <= 4.2.8 - Unauthenticated Path Traversal	LOW	*-4.2.8	4.2.9	June 29, 2026
nex-forms-express-wp-form-builder	nex-forms-express-wp-form-builder	N/A	NEX-Forms <= 9.1.7 - Reflected Cross-Site Scripting	LOW	*-9.1.7	9.1.8	June 29, 2026
easy-form	easy-form	93	Easy Form <= 2.7.9 - Missing Authorization	LOW	*-2.7.9	2.8.0	June 29, 2026
cliengo	cliengo	93	Cliengo – Chatbot <= 3.0.4 - Missing Authorization	LOW	*-3.0.4	3.0.5	June 29, 2026
booking-and-rental-manager-for-woocommerce	booking-and-rental-manager-for-woocommerce	93	Booking and Rental Manager <= 2.5.9 - Authenticated (Contributor+) PHP Object Injection	LOW	*-2.5.9	2.6.0	June 29, 2026
atarim-visual-collaboration	atarim-visual-collaboration	93	Atarim <= 4.2.1 - Missing Authorization	LOW	*-4.2.1	4.2.2	June 29, 2026
fluentformpro	fluentformpro	93	Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'	LOW	*-6.1.12	6.1.13	June 29, 2026
secure-copy-content-protection	secure-copy-content-protection	N/A	Secure Copy Content Protection and Content Locking <= 5.0.0 - Missing Authorization	LOW	*-5.0.0	5.0.1	June 29, 2026
photo-gallery	photo-gallery	N/A	Photo Gallery by 10Web <= 1.8.37 - Cross-Site Request Forgery	LOW	*-1.8.37	1.8.38	June 29, 2026
ays-chatgpt-assistant	ays-chatgpt-assistant	93	AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.4 - Missing Authorization	LOW	*-2.7.4	2.7.5	June 29, 2026
advanced-related-posts	advanced-related-posts	97	Advanced Related Posts <= 1.9.1 - Missing Authorization	LOW	*-1.9.1	1.9.2	June 29, 2026
jay-login-register	jay-login-register	93	JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile	LOW	*-2.6.03	2.6.04	June 29, 2026
jay-login-register	jay-login-register	93	JAY Login & Register <= 2.6.03 - Unauthenticated Privilege Escalation via jay_login_register_ajax_create_final_user	LOW	*-2.6.03	2.6.04	June 29, 2026
sigmize	sigmize	N/A	Sigmize <= 0.0.9 - Cross-Site Request Forgery	LOW	*-0.0.9	0.0.10	June 29, 2026
ipospays-gateways-wc	ipospays-gateways-wc	93	iPOSpays Gateways WC <= 1.3.7 - Unauthenticated Missing Authorization to Settings Update via REST API Endpoint	LOW	*-1.3.7	1.3.8	June 29, 2026
fox-lms	fox-lms	93	Fox LMS <= 1.0.6.3 - Authenticated (Contributor+) SQL Injection	LOW	*-1.0.6.3	1.0.6.4	June 29, 2026
endless-posts-navigation	endless-posts-navigation	93	Endless Posts Navigation <= 2.2.9 - Missing Authorization	LOW	*-2.2.9	2.3.0	June 29, 2026
premmerce	premmerce	N/A	Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint	LOW	*-1.3.20	1.3.21	June 29, 2026
simple-bible-verse-via-shortcode	simple-bible-verse-via-shortcode	N/A	Simple Bible Verse via Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.1		June 29, 2026
advanced-country-blocker	advanced-country-blocker	97	Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key	LOW	*-2.3.1	2.3.2	June 29, 2026
omigo	omigo	N/A	OMIGO <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.3		June 29, 2026
mp-ukagaka	mp-ukagaka	N/A	MP-Ukagaka <= 1.5.2 - Reflected Cross-Site Scripting	LOW	*-1.5.2		June 29, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-5.4.8		June 29, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid	LOW	*-5.5.3		June 29, 2026
bold-page-builder	bold-page-builder	86	Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode	LOW	*-5.5.1		June 29, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode	LOW	*-5.5.7		June 29, 2026
publishpress-authors	publishpress-authors	N/A	PublishPress Authors <= 4.10.1 - Missing Authorization	LOW	*-4.10.1	4.11.0	June 29, 2026
mycred	mycred	N/A	myCred <= 2.9.7.3 - Missing Authorization	LOW	*-2.9.7.3	2.9.7.4	June 29, 2026
library-viewer	library-viewer	93	Library Viewer < 3.2.0 - Reflected Cross-Site Scripting	LOW	[*, 3.2.0)	3.2.0	June 29, 2026
Advanced Coupons for WooCommerce Coupons & Store Credit	advanced-coupons-for-woocommerce-free	80	Advanced Coupons for WooCommerce Coupons <= 4.7.1 - Missing Authorization	LOW	*-4.7.1	4.7.1.1	June 29, 2026
local-sync	local-sync	93	WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action	LOW	*-1.1.8	1.1.9	June 29, 2026
events-listing-widget	events-listing-widget	93	Events Listing Widget <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field	LOW	*-1.3.4	1.3.5	June 29, 2026
code-snippets	code-snippets	93	Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions	LOW	*-3.9.4	3.9.5	June 29, 2026
employee-staff-directory	employee-staff-directory	93	Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute	LOW	*-1.2.1	1.2.2	June 29, 2026
docus	docus	93	Docus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.6	1.0.7	June 29, 2026
orange-confort-plus	orange-confort-plus	N/A	Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-0.7	0.7.1	June 29, 2026
miniorange-login-with-eve-online-google-facebook	miniorange-login-with-eve-online-google-facebook	N/A	OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization	LOW	*-6.26.14	6.26.15	June 29, 2026
greenshift-animation-and-page-builder-blocks	greenshift-animation-and-page-builder-blocks	93	GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css	LOW	*-12.6	12.6.1	June 29, 2026
quiz-master-next	quiz-master-next	N/A	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker <= 10.3.4 - Missing Authorization	LOW	*-10.3.4	10.3.5	June 29, 2026
prdctfltr	prdctfltr	N/A	Product Filter for WooCommerce <= 9.1.2 - Authenticated (Shop Manager+) Privilege Escalation	LOW	*-9.1.2	9.1.3	June 29, 2026
okay-toolkit	okay-toolkit	N/A	Okay Toolkit <= 2.3 - Reflected Cross-Site Scripting	LOW	*-2.3		June 29, 2026
lottiefiles	lottiefiles	93	LottieFiles <= 3.0.0 - Missing Authorization	LOW	*-3.0.0	3.1.0	June 29, 2026

LOW

secure-copy-content-protection

Score: N/A Secure Copy Content Protection and Content Locking <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header Affected: *-4.9.8 Patched: 4.9.9 Updated: June 29, 2026

LOW

customer-reviews-woocommerce

Score: 93/100 Customer Reviews for WooCommerce <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter Affected: *-5.97.0 Patched: 5.98.0 Updated: June 29, 2026

LOW

post-type-archive-mapping

Score: N/A Custom Query Blocks <= 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.5.0 Patched: 5.6.0 Updated: June 29, 2026

LOW

login-with-salesforce

Score: 91/100 Login with Salesforce <= 1.0.2 - Authentication Bypass Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

content-protector

Score: 93/100 Passster <= 4.2.25 - Missing Authorization Affected: *-4.2.25 Patched: 4.2.26 Updated: June 29, 2026

LOW

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

Score: 83/100 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure Affected: *-5.2.6 Patched: 5.2.7 Updated: June 29, 2026

LOW

slider-responsive-slideshow

Score: N/A Slider Responsive Slideshow – Image slider, Gallery slideshow <= 1.5.4 - Authenticated (Contributor+) PHP Object Injection Affected: *-1.5.4 Patched: Updated: June 29, 2026

LOW

persian-woocommerce-sms

Score: N/A Persian Woocommerce SMS <= 7.1.1 - Reflected Cross-Site Scripting Affected: *-7.1.1 Patched: Updated: June 29, 2026

LOW

pdf-for-wpforms

Score: N/A PDF for WPForms <= 6.3.0 - Missing Authorization Affected: *-6.3.0 Patched: 6.3.1 Updated: June 29, 2026

LOW

pdf-for-elementor-forms

Score: N/A PDF for Elementor Forms + Drag And Drop Template Builder <= 6.3.1 - Missing Authorization Affected: *-6.3.1 Patched: 6.5.0 Updated: June 29, 2026

LOW

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

paid-member-subscriptions

Score: N/A Paid Member Subscriptions <= 2.16.8 - Authenticated (Subscriber+) Insecure Direct Object Reference Affected: *-2.16.8 Patched: 2.16.9 Updated: June 29, 2026

LOW

openpix-for-woocommerce

Score: N/A OpenPix <= 2.13.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update Affected: *-2.13.3 Patched: Updated: June 29, 2026

LOW

new-user-approve

Score: N/A New User Approve <= 3.2.0 - Missing Authorization Affected: *-3.2.0 Patched: 3.2.1 Updated: June 29, 2026

LOW

Score: N/A Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery <= 1.6.0 - Authenticated (Contributor+) PHP Object Injection Affected: *-1.6.0 Patched: 1.6.1 Updated: June 29, 2026

LOW

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

Score: 92/100 Mollie Payments for WooCommerce <= 8.1.1 - Reflected Cross-Site Scripting Affected: *-8.1.1 Patched: 8.1.2 Updated: June 29, 2026

LOW

modal-popup-box

Score: N/A Modal Popup Box <= 1.6.1 - Authenticated (Contributor+) PHP Object Injection Affected: *-1.6.1 Patched: 1.6.2 Updated: June 29, 2026

LOW

masvideos

Score: 91/100 MAS Videos <= 1.3.2 - Missing Authorization Affected: *-1.3.2 Patched: 1.3.3 Updated: June 29, 2026

LOW

learnpress-import-export

Score: 93/100 LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion Affected: *-4.1.0 Patched: 4.1.1 Updated: June 29, 2026

LOW

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

Score: 91/100 Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization Affected: *-3.5.32 Patched: 3.6.0 Updated: June 29, 2026

LOW

js-support-ticket

Score: 93/100 JS Help Desk <= 3.0.1 - Authenticated (Subscriber+) SQL Injection Affected: *-3.0.1 Patched: 3.0.2 Updated: June 29, 2026

LOW

jet-engine

Score: 93/100 JetEngine <= 3.8.0 - Reflected Cross-Site Scripting Affected: *-3.8.0 Patched: 3.8.1 Updated: June 29, 2026

LOW

imoney

Score: 91/100 iMoney <= 0.36 - Reflected Cross-Site Scripting Affected: *-0.36 Patched: Updated: June 29, 2026

LOW

final-tiles-grid-gallery-lite

Score: 93/100 Image Photo Gallery Final Tiles Grid <= 3.6.11 - Authenticated (Author+) Insecure Direct Object Reference Affected: *-3.6.11 Patched: 3.6.12 Updated: June 29, 2026

LOW

fastdup

Score: 93/100 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download Affected: *-2.7.1 Patched: 2.7.2 Updated: June 29, 2026

LOW

embed-pdf-viewer

Score: 93/100 Embed PDF Viewer <= 2.4.7 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-2.4.7 Patched: 2.4.8 Updated: June 29, 2026

LOW

Easy Table of Contents

easy-table-of-contents

Score: 95/100 Easy Table of Contents <= 2.0.80 - Cross-Site Request Forgery Affected: *-2.0.80 Patched: 2.0.81 Updated: June 29, 2026

LOW

duplicate-post

Score: 97/100 Duplicate Post <= 3.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.2.3 Patched: 3.2.4 Updated: June 29, 2026

LOW

cnvrse

Score: 93/100 Cnvrse < 026.02.10.20 - Unauthenticated Insecure Direct Object Reference Affected: [*, 026.02.10.20) Patched: 026.02.10.20 Updated: June 29, 2026

LOW

byconsole-woo-order-delivery-time

Score: 91/100 WooODT Lite <= 2.5.5 - Unauthenticated Payment Bypass Affected: *-2.5.5 Patched: 2.5.6 Updated: June 29, 2026

LOW

bravis-addons

Score: 93/100 Bravis Addons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.3.0 Patched: 1.3.1 Updated: June 29, 2026

LOW

blog-filter

Score: 93/100 Blog Filter <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.7.6 Patched: 1.7.7 Updated: June 29, 2026

LOW

listsearch

Score: 91/100 BuddyHolis ListSearch <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

flask-micro

Score: 91/100 IDE Micro code-editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

kirilkirkov-pdf-invoice-manager

Score: 93/100 Invoct – PDF Invoices & Billing for WooCommerce <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure Affected: *-1.6 Patched: 1.7 Updated: June 29, 2026

LOW

mma-call-tracking

Score: N/A MMA Call Tracking <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-2.3.15 Patched: Updated: June 29, 2026

LOW

slideshow-wp

Score: N/A Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

ione360-configurator

Score: 89/100 iONE360 configurator <= 2.0.57 - Unauthenticated Stored Cross-Site Scripting via Contact Form Parameters Affected: *-2.0.57 Patched: Updated: June 29, 2026

LOW

html-shortcodes

Score: 91/100 HTML Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

category-image

Score: 91/100 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter Affected: *-2.0 Patched: Updated: June 29, 2026

LOW

microtango

Score: N/A Microtango <= 0.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.9.29 Patched: 0.9.30 Updated: June 29, 2026

LOW

orbisius-random-name-generator

Score: N/A Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute Affected: *-1.0.2 Patched: 1.0.3 Updated: June 29, 2026

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings Affected: *-2.10.0.5 Patched: 2.10.0.6 Updated: June 29, 2026

LOW

Gallery by FooGallery

foogallery

Score: 82/100 Gallery by FooGallery <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure Affected: *-3.1.9 Patched: 3.1.10 Updated: June 29, 2026

LOW

real3d-flipbook-lite

Score: N/A Real 3D FlipBook <= 4.19.1 - Missing Authorization Affected: *-4.19.1 Patched: 4.19.2 Updated: June 29, 2026

LOW

Quiz Maker by AYS

quiz-maker

Score: 66/100 Quiz Maker <= 6.7.1.2 - Cross-Site Request Forgery Affected: *-6.7.1.2 Patched: 6.7.1.3 Updated: June 29, 2026

LOW

miraculous-el

Score: N/A Miraculous Elementor <= 2.0.7 - Authenticated (Subscriber+) Privilege Escalation Affected: *-2.0.7 Patched: 2.0.8 Updated: June 29, 2026

LOW

Custom Block Builder – Lazy Blocks

lazy-blocks

Score: 96/100 Custom Block Builder – Lazy Blocks <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution Affected: *-4.2.0 Patched: 4.2.1 Updated: June 29, 2026

LOW

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

Score: 91/100 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication Affected: *-3.5.32 Patched: 3.6.0 Updated: June 29, 2026

LOW

jw-player-7-for-wp

Score: 91/100 JW Player for WordPress <= 2.3.7 - Missing Authorization Affected: *-2.3.7 Patched: Updated: June 29, 2026

LOW

Download Manager

download-manager

Score: 63/100 Download Manager <= 3.3.53 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-3.3.53 Patched: 3.3.54 Updated: June 29, 2026

LOW

download-attachments

Score: 91/100 Download Attachments <= 1.4.0 - Unauthenticated Insecure Direct Object Reference Affected: *-1.4.0 Patched: Updated: June 29, 2026

LOW

name-directory

Score: N/A Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form Affected: *-1.32.0 Patched: 1.32.1 Updated: June 29, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action Affected: *-3.14.0 Patched: 3.14.1 Updated: June 29, 2026

LOW

popup-builder-block

Score: N/A PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion Affected: *-2.2.0 Patched: 2.2.1 Updated: June 29, 2026

LOW

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Score: 78/100 Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module Affected: *-6.1.14 Patched: 6.1.15 Updated: June 29, 2026

LOW

simple-retail-menus

Score: N/A Simple Retail Menus <= 4.2.1 - Unauthenticated Local File Inclusion Affected: *-4.2.1 Patched: Updated: June 29, 2026

LOW

Simple File List

simple-file-list

Score: 90/100 Simple File List <= 6.1.15 - Authenticated (Subscriber+) Arbitrary File Download Affected: *-6.1.15 Patched: 6.1.16 Updated: June 29, 2026

LOW

rvcfdi-para-woocommerce

Score: N/A RVCFDI para Woocommerce <= 8.1.8 - Reflected Cross-Site Scripting Affected: *-8.1.8 Patched: Updated: June 29, 2026

LOW

primer-mydata

Score: N/A Primer MyData for Woocommerce <= 4.2.8 - Unauthenticated Path Traversal Affected: *-4.2.8 Patched: 4.2.9 Updated: June 29, 2026

LOW

nex-forms-express-wp-form-builder

Score: N/A NEX-Forms <= 9.1.7 - Reflected Cross-Site Scripting Affected: *-9.1.7 Patched: 9.1.8 Updated: June 29, 2026

LOW

easy-form

Score: 93/100 Easy Form <= 2.7.9 - Missing Authorization Affected: *-2.7.9 Patched: 2.8.0 Updated: June 29, 2026

LOW

cliengo

Score: 93/100 Cliengo – Chatbot <= 3.0.4 - Missing Authorization Affected: *-3.0.4 Patched: 3.0.5 Updated: June 29, 2026

LOW

booking-and-rental-manager-for-woocommerce

Score: 93/100 Booking and Rental Manager <= 2.5.9 - Authenticated (Contributor+) PHP Object Injection Affected: *-2.5.9 Patched: 2.6.0 Updated: June 29, 2026

LOW

atarim-visual-collaboration

Score: 93/100 Atarim <= 4.2.1 - Missing Authorization Affected: *-4.2.1 Patched: 4.2.2 Updated: June 29, 2026

LOW

fluentformpro

Score: 93/100 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' Affected: *-6.1.12 Patched: 6.1.13 Updated: June 29, 2026

LOW

secure-copy-content-protection

Score: N/A Secure Copy Content Protection and Content Locking <= 5.0.0 - Missing Authorization Affected: *-5.0.0 Patched: 5.0.1 Updated: June 29, 2026

LOW

photo-gallery

Score: N/A Photo Gallery by 10Web <= 1.8.37 - Cross-Site Request Forgery Affected: *-1.8.37 Patched: 1.8.38 Updated: June 29, 2026

LOW

ays-chatgpt-assistant

Score: 93/100 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.4 - Missing Authorization Affected: *-2.7.4 Patched: 2.7.5 Updated: June 29, 2026

LOW

advanced-related-posts

Score: 97/100 Advanced Related Posts <= 1.9.1 - Missing Authorization Affected: *-1.9.1 Patched: 1.9.2 Updated: June 29, 2026

LOW

jay-login-register

Score: 93/100 JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile Affected: *-2.6.03 Patched: 2.6.04 Updated: June 29, 2026

LOW

jay-login-register

Score: 93/100 JAY Login & Register <= 2.6.03 - Unauthenticated Privilege Escalation via jay_login_register_ajax_create_final_user Affected: *-2.6.03 Patched: 2.6.04 Updated: June 29, 2026

LOW

sigmize

Score: N/A Sigmize <= 0.0.9 - Cross-Site Request Forgery Affected: *-0.0.9 Patched: 0.0.10 Updated: June 29, 2026

LOW

ipospays-gateways-wc

Score: 93/100 iPOSpays Gateways WC <= 1.3.7 - Unauthenticated Missing Authorization to Settings Update via REST API Endpoint Affected: *-1.3.7 Patched: 1.3.8 Updated: June 29, 2026

LOW

fox-lms

Score: 93/100 Fox LMS <= 1.0.6.3 - Authenticated (Contributor+) SQL Injection Affected: *-1.0.6.3 Patched: 1.0.6.4 Updated: June 29, 2026

LOW

endless-posts-navigation

Score: 93/100 Endless Posts Navigation <= 2.2.9 - Missing Authorization Affected: *-2.2.9 Patched: 2.3.0 Updated: June 29, 2026

LOW

premmerce

Score: N/A Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint Affected: *-1.3.20 Patched: 1.3.21 Updated: June 29, 2026

LOW

simple-bible-verse-via-shortcode

Score: N/A Simple Bible Verse via Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

advanced-country-blocker

Score: 97/100 Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key Affected: *-2.3.1 Patched: 2.3.2 Updated: June 29, 2026

LOW

omigo

Score: N/A OMIGO <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.3 Patched: Updated: June 29, 2026

LOW

mp-ukagaka

Score: N/A MP-Ukagaka <= 1.5.2 - Reflected Cross-Site Scripting Affected: *-1.5.2 Patched: Updated: June 29, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-5.4.8 Patched: Updated: June 29, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid Affected: *-5.5.3 Patched: Updated: June 29, 2026

LOW

bold-page-builder

Score: 86/100 Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode Affected: *-5.5.1 Patched: Updated: June 29, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode Affected: *-5.5.7 Patched: Updated: June 29, 2026

LOW

publishpress-authors

Score: N/A PublishPress Authors <= 4.10.1 - Missing Authorization Affected: *-4.10.1 Patched: 4.11.0 Updated: June 29, 2026

LOW

mycred

Score: N/A myCred <= 2.9.7.3 - Missing Authorization Affected: *-2.9.7.3 Patched: 2.9.7.4 Updated: June 29, 2026

LOW

library-viewer

Score: 93/100 Library Viewer < 3.2.0 - Reflected Cross-Site Scripting Affected: [*, 3.2.0) Patched: 3.2.0 Updated: June 29, 2026

LOW

Advanced Coupons for WooCommerce Coupons & Store Credit

advanced-coupons-for-woocommerce-free

Score: 80/100 Advanced Coupons for WooCommerce Coupons <= 4.7.1 - Missing Authorization Affected: *-4.7.1 Patched: 4.7.1.1 Updated: June 29, 2026

LOW

local-sync

Score: 93/100 WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action Affected: *-1.1.8 Patched: 1.1.9 Updated: June 29, 2026

LOW

events-listing-widget

Score: 93/100 Events Listing Widget <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field Affected: *-1.3.4 Patched: 1.3.5 Updated: June 29, 2026

LOW

code-snippets

Score: 93/100 Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions Affected: *-3.9.4 Patched: 3.9.5 Updated: June 29, 2026

LOW

employee-staff-directory

Score: 93/100 Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute Affected: *-1.2.1 Patched: 1.2.2 Updated: June 29, 2026

LOW

docus

Score: 93/100 Docus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.6 Patched: 1.0.7 Updated: June 29, 2026

LOW

orange-confort-plus

Score: N/A Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-0.7 Patched: 0.7.1 Updated: June 29, 2026

LOW

miniorange-login-with-eve-online-google-facebook

Score: N/A OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization Affected: *-6.26.14 Patched: 6.26.15 Updated: June 29, 2026

LOW

greenshift-animation-and-page-builder-blocks

Score: 93/100 GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css Affected: *-12.6 Patched: 12.6.1 Updated: June 29, 2026

LOW

quiz-master-next

Score: N/A Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker <= 10.3.4 - Missing Authorization Affected: *-10.3.4 Patched: 10.3.5 Updated: June 29, 2026

LOW

prdctfltr

Score: N/A Product Filter for WooCommerce <= 9.1.2 - Authenticated (Shop Manager+) Privilege Escalation Affected: *-9.1.2 Patched: 9.1.3 Updated: June 29, 2026

LOW

okay-toolkit

Score: N/A Okay Toolkit <= 2.3 - Reflected Cross-Site Scripting Affected: *-2.3 Patched: Updated: June 29, 2026

LOW

lottiefiles

Score: 93/100 LottieFiles <= 3.0.0 - Missing Authorization Affected: *-3.0.0 Patched: 3.1.0 Updated: June 29, 2026

Showing 1901 to 2000 of 24926 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 18:46 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List