Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
profit-products-tables-for-woocommerce	profit-products-tables-for-woocommerce	N/A	Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.7	1.0.8	June 29, 2026
pitchprint	pitchprint	N/A	PitchPrint <= 11.1.2 - Unauthenticated Arbitrary File Deletion	LOW	*-11.1.2	11.2.0	June 29, 2026
name-directory	name-directory	N/A	Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name'	LOW	*-1.32.1	1.33.0	June 29, 2026
modular-connector	modular-connector	93	Modular Connector <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth	LOW	*-2.5.1	2.6.0	June 29, 2026
legacy-admin	legacy-admin	91	Legacy Admin <= 9.5 - Reflected Cross-Site Scripting	LOW	*-9.5		June 29, 2026
lead-form-builder	lead-form-builder	93	Responsive Contact Form Builder & Lead Generation Plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-2.0.1	2.0.2	June 29, 2026
job-postings	job-postings	91	Job Postings <= 2.8 - Missing Authorization	LOW	*-2.8	2.8.1	June 29, 2026
fusion-core	fusion-core	93	Avada Core < 5.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 5.15.0)	5.15.0	June 29, 2026
fusion-core	fusion-core	93	Avada Core < 5.15.0 - Missing Authorization	LOW	[*, 5.15.0)	5.15.0	June 29, 2026
fusion-builder	fusion-builder	93	Avada (Fusion) Builder < 3.15.0 - Missing Authorization	LOW	[*, 3.15.0)	3.15.0	June 29, 2026
fusion-builder	fusion-builder	93	Avada (Fusion) Builder < 3.15.0 - Missing Authorization	LOW	[*, 3.15.0)	3.15.0	June 29, 2026
EventPrime – Events Calendar, Bookings and Tickets	eventprime-event-calendar-management	74	EventPrime – Events Calendar, Bookings and Tickets <= 4.2.6.0 - Missing Authorization	LOW	*-4.2.6.0	4.2.7.0	June 29, 2026
darna-framework	darna-framework	91	Darna Framework <= 2.9 - Reflected Cross-Site Scripting	LOW	*-2.9		June 29, 2026
contest-gallery	contest-gallery	93	Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery	LOW	*-28.1.2.1	28.1.2.2	June 29, 2026
buy-now-pay-later-addi	buy-now-pay-later-addi	91	Addi – Cuotas que se adaptan a ti <= 2.0.4 - Missing Authorization	LOW	*-2.0.4		June 29, 2026
admin-menu-editor	admin-menu-editor	97	Admin Menu Editor <= 1.14.1 - Cross-Site Request Forgery	LOW	*-1.14.1	1.15	June 29, 2026
social-networks-auto-poster-facebook-twitter-g	social-networks-auto-poster-facebook-twitter-g	N/A	NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode	LOW	*-4.4.6	4.4.7	June 29, 2026
unlimited-elements-for-elementor	unlimited-elements-for-elementor	N/A	Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields	LOW	*-2.0.5	2.0.6	June 29, 2026
metform-pro	metform-pro	91	MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.9.6	3.9.7	June 29, 2026
tutor-pro	tutor-pro	N/A	Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login	LOW	*-3.9.5	3.9.6	June 29, 2026
The Events Calendar	the-events-calendar	N/A	The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import	LOW	*-6.15.17	6.15.17.1	June 29, 2026
booktics	booktics	93	Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints	LOW	*-1.0.16	1.0.17	June 29, 2026
booktics	booktics	93	Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation	LOW	*-1.0.16	1.0.17	June 29, 2026
handmade-framework	handmade-framework	89	Handmade Framework <= 3.9 - Reflected Cross-Site Scripting	LOW	*-3.9		June 29, 2026
themify-event-post	themify-event-post	N/A	Themify Event Post <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.4	1.3.5	June 29, 2026
podlove-podcasting-plugin-for-wordpress	podlove-podcasting-plugin-for-wordpress	N/A	Podlove Podcast Publisher <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.3.3	4.3.4	June 29, 2026
atarim-visual-collaboration	atarim-visual-collaboration	93	Atarim <= 4.3.2 - Missing Authorization	LOW	*-4.3.2	4.3.3	June 29, 2026
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More	wpforms-lite	70	Contact Form by WPForms <= 1.9.9.3 - Missing Authorization	LOW	*-1.9.9.3	1.9.9.4	June 29, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor Website Builder <= 3.35.5 - Missing Authorization	LOW	*-3.35.5	3.35.6	June 29, 2026
meta-box	meta-box	93	Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion	LOW	*-5.11.1	5.11.2	June 29, 2026
wp-rss-aggregator	wp-rss-aggregator	N/A	RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage	LOW	*-5.0.11	5.0.12	June 29, 2026
wp-app-bar	wp-app-bar	N/A	WP App Bar <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'app-bar-features' Parameter	LOW	*-1.5		June 29, 2026
seo-local-rank	seo-local-rank	N/A	True Ranker <= 2.2.9 - Cross-Site Request Forgery to Unauthorized True Ranker Disconnection	LOW	*-2.2.9		June 29, 2026
ltm-popup-form	ltm-popup-form	91	LotekMedia Popup Form <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings	LOW	*-1.0.6		June 29, 2026
carta-online	carta-online	91	Carta Online <= 2.13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings	LOW	*-2.13.0		June 29, 2026
wp-font-pairing-preview	wp-font-pairing-preview	N/A	Font Pairing Preview For Landing Pages <= 1.3 - Cross-Site Request Forgery to Settings Update	LOW	*-1.3		June 29, 2026
show-youtube-video	show-youtube-video	N/A	Show YouTube video <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	LOW	*-1.1		June 29, 2026
infomaniak-connect-openid	infomaniak-connect-openid	91	Infomaniak Connect for OpenID <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-1.0.2		June 29, 2026
purchase-button	purchase-button	N/A	Purchase Button For Affiliate Link <= 1.0.2 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.2		June 29, 2026
damedia-giglist	damedia-giglist	91	DA Media GigList <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute	LOW	*-1.9.0		June 29, 2026
consensus-embed	consensus-embed	91	Consensus Embed <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute	LOW	*-1.6		June 29, 2026
media-library-alt-text-editor	media-library-alt-text-editor	91	Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute	LOW	*-1.0.0		June 29, 2026
myqtip-easy-qtip2	myqtip-easy-qtip2	N/A	MyQtip – easy qTip2 <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.0.5		June 29, 2026
wueen	wueen	N/A	Wueen <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode	LOW	*-0.2.0		June 29, 2026
ppv-live-webcams	ppv-live-webcams	N/A	Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) Privilege Escalation	LOW	*-7.3.20	7.3.21	June 29, 2026
mobile-dj-manager	mobile-dj-manager	91	MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion	LOW	*-1.7.8.1	1.7.8.2	June 29, 2026
mailarchiver	mailarchiver	93	MailArchiver <= 4.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings	LOW	*-4.4.0	4.5.0	June 29, 2026
zip-code-based-content-protection	zip-code-based-content-protection	N/A	ZIP Code Based Content Protection <= 1.0.2 - Unauthenticated SQL Injection via 'zipcode' Parameter	LOW	*-1.0.2	1.0.3	June 29, 2026
community-events	community-events	93	Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field	LOW	*-1.5.8	1.5.9	June 29, 2026
jquery-archive-list-widget	jquery-archive-list-widget	93	JS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute	LOW	*-6.1.7	6.2.0	June 29, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion	LOW	*-5.9.8.1	5.9.8.2	June 29, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial	LOW	*-5.9.8.2	5.9.8.3	June 29, 2026
cm-custom-reports	cm-custom-reports	93	CM Custom Reports <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters	LOW	*-1.2.7	1.2.8	June 29, 2026
stock-ticker	stock-ticker	N/A	Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template	LOW	*-3.26.1	3.26.2	June 29, 2026
easy-php-settings	easy-php-settings	93	Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting	LOW	*-1.0.4	1.0.5	June 29, 2026
hammas-calendar	hammas-calendar	93	Hammas Calendar <= 1.5.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'apix' Shortcode Attribute	LOW	*-1.5.11	1.5.12	June 29, 2026
wp-front-end-profile	wp-front-end-profile	N/A	WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection	LOW	*-1.3.8	1.3.9	June 29, 2026
greenshift-animation-and-page-builder-blocks	greenshift-animation-and-page-builder-blocks	93	Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'	LOW	*-12.8.3	12.8.4	June 29, 2026
winston-ai-wp	winston-ai-wp	N/A	Winston AI <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion	LOW	*-0.0.3	0.0.4	June 29, 2026
youtube-embed-plus	youtube-embed-plus	N/A	Youtube Embed Plus <= 14.2.4 - Missing Authorization	LOW	*-14.2.4	14.2.5	June 29, 2026
themegrill-demo-importer	themegrill-demo-importer	N/A	ThemeGrill Demo Importer <= 2.0.0.6 - Missing Authorization	LOW	*-2.0.0.6	2.0.0.7	June 29, 2026
greenshift-animation-and-page-builder-blocks	greenshift-animation-and-page-builder-blocks	93	Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup	LOW	*-12.8.3	12.8.4	June 29, 2026
greenshift-animation-and-page-builder-blocks	greenshift-animation-and-page-builder-blocks	93	Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-12.8.5	12.8.6	June 29, 2026
Drag and Drop Multiple File Upload for Contact Form 7	drag-and-drop-multiple-file-upload-contact-form-7	93	Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload	LOW	*-1.3.9.5	1.3.9.6	June 29, 2026
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets	wp-all-import	66	WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'	LOW	*-4.0.0	4.0.1	June 29, 2026
woo-product-feed-pro	woo-product-feed-pro	N/A	Product Feed PRO for WooCommerce <= 13.5.2 - Cross-Site Request Forgery	LOW	*-13.5.2	13.5.2.1	June 29, 2026
webtoffee-product-feed	webtoffee-product-feed	N/A	WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More <= 2.3.3 - Authenticated (Shop manager+) PHP Object Injection	LOW	*-2.3.3	2.3.4	June 29, 2026
subscription	subscription	N/A	Subscription for WooCommerce – WordPress Recurring Payments Plugin <= 1.8.10 - Authenticated (Customer+) Insecure Direct Object Reference	LOW	*-1.8.10	1.8.11	June 29, 2026
my-auctions-allegro-free-edition	my-auctions-allegro-free-edition	N/A	My auctions allegro <= 3.6.34 - Reflected Cross-Site Scripting	LOW	*-3.6.34		June 29, 2026
my-album-gallery	my-album-gallery	N/A	My Album Gallery <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Deletion	LOW	*-1.0.4		June 29, 2026
mail-mint	mail-mint	93	Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more < 1.19.5 - Unauthenticated Information Disclosure	LOW	[*, 1.19.5)	1.19.5	June 29, 2026
lisfinity-core	lisfinity-core	91	Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.5.0 - Unauthenticated SQL Injection	LOW	*-1.5.0		June 29, 2026
bus-ticket-booking-with-seat-reservation	bus-ticket-booking-with-seat-reservation	91	Bus Ticket Booking with Seat Reservation <= 5.6.2 - Unauthenticated PHP Object Injection	LOW	*-5.6.2		June 29, 2026
page-or-post-clone	page-or-post-clone	N/A	Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter	LOW	*-6.3	6.4	June 29, 2026
media-library-assistant	media-library-assistant	93	Media Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification	LOW	*-3.33	3.34	June 29, 2026
apocalypse-meow	apocalypse-meow	97	Apocalypse Meow <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter	LOW	*-22.1.0	23.0.0	June 29, 2026
ooohboi-steroids-for-elementor	ooohboi-steroids-for-elementor	N/A	OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls	LOW	*-2.1.24	2.1.25	June 29, 2026
fluentformpro	fluentformpro	93	Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion	LOW	*-6.1.17	6.1.18	June 29, 2026
fluentformpro	fluentformpro	93	Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission	LOW	*-6.1.17	6.1.18	June 29, 2026
WP Booking System – Booking Calendar	wp-booking-system	N/A	WP Booking System – Booking Calendar <= 2.0.19.12 - Unauthenticated Information Exposure	LOW	*-2.0.19.12	2.0.19.13	June 29, 2026
secudeal-payments-for-ecommerce	secudeal-payments-for-ecommerce	N/A	Secudeal Payments for Ecommerce <= 1.1 - Unauthenticated PHP Object Injection	LOW	*-1.1		June 29, 2026
Membership Plugin – Kadence Memberships	restrict-content	N/A	Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level'	LOW	*-3.2.20	3.2.21	June 29, 2026
optin	optin	N/A	WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation	LOW	*-1.4.24	1.4.25	June 29, 2026
ioncube-tester-plus	ioncube-tester-plus	93	ionCube Tester Plus <= 1.3 - Unauthenticated Arbitrary File Download	LOW	*-1.3	1.4	June 29, 2026
easy-post-submission	easy-post-submission	93	Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress <= 2.4.0 - Missing Authorization	LOW	*-2.4.0	2.5.0	June 29, 2026
e2pdf	e2pdf	93	e2pdf <= 1.28.15 - Missing Authorization	LOW	*-1.28.15	1.32.00	June 29, 2026
Database for Contact Form 7, WPforms, Elementor forms	contact-form-entries	84	Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'	LOW	*-1.4.7	1.4.8	June 29, 2026
Booking for Appointments and Events Calendar – Amelia	ameliabooking	97	Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Authenticated (Employee+) Privilege Escalation	LOW	*-1.2.38	2.0	June 29, 2026
my-calendar	my-calendar	N/A	My Calendar – Accessible Event Manager <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	LOW	*-3.7.3	3.7.4	June 29, 2026
Seraphinite Accelerator	seraphinite-accelerator	82	Seraphinite Accelerator <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor	LOW	*-2.28.14	2.28.15	June 29, 2026
Seraphinite Accelerator	seraphinite-accelerator	82	Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing	LOW	*-2.28.14	2.28.15	June 29, 2026
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder	gutena-forms	91	Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema()	LOW	*-1.6.0	1.6.1	June 29, 2026
js-support-ticket	js-support-ticket	93	JS Help Desk – AI-Powered Support & Ticketing System 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie	LOW	*-2.8.2	2.8.3	June 29, 2026
All-in-One Video Gallery	all-in-one-video-gallery	70	All-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter	LOW	*-4.7.1	4.7.5	June 29, 2026
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More	envira-gallery-lite	94	Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API	LOW	*-1.12.3	1.12.4	June 29, 2026
wp-members	wp-members	N/A	WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute	LOW	*-3.5.5.1	3.5.6	June 29, 2026
enable-media-replace	enable-media-replace	93	Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace	LOW	*-4.1.7	4.1.8	June 29, 2026
morkva-ua-shipping	morkva-ua-shipping	93	Morkva UA Shipping <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field	LOW	*-1.7.9	1.7.10	June 29, 2026
taskbuilder	taskbuilder	N/A	Taskbuilder <= 5.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field	LOW	*-5.0.3	5.0.4	June 29, 2026
wpbookit	wpbookit	N/A	WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters	LOW	*-1.0.8	1.0.9	June 29, 2026

LOW

profit-products-tables-for-woocommerce

Score: N/A Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: June 29, 2026

LOW

pitchprint

Score: N/A PitchPrint <= 11.1.2 - Unauthenticated Arbitrary File Deletion Affected: *-11.1.2 Patched: 11.2.0 Updated: June 29, 2026

LOW

name-directory

Score: N/A Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' Affected: *-1.32.1 Patched: 1.33.0 Updated: June 29, 2026

LOW

modular-connector

Score: 93/100 Modular Connector <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth Affected: *-2.5.1 Patched: 2.6.0 Updated: June 29, 2026

LOW

legacy-admin

Score: 91/100 Legacy Admin <= 9.5 - Reflected Cross-Site Scripting Affected: *-9.5 Patched: Updated: June 29, 2026

LOW

lead-form-builder

Score: 93/100 Responsive Contact Form Builder & Lead Generation Plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-2.0.1 Patched: 2.0.2 Updated: June 29, 2026

LOW

job-postings

Score: 91/100 Job Postings <= 2.8 - Missing Authorization Affected: *-2.8 Patched: 2.8.1 Updated: June 29, 2026

LOW

fusion-core

Score: 93/100 Avada Core < 5.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 5.15.0) Patched: 5.15.0 Updated: June 29, 2026

LOW

fusion-core

Score: 93/100 Avada Core < 5.15.0 - Missing Authorization Affected: [*, 5.15.0) Patched: 5.15.0 Updated: June 29, 2026

LOW

fusion-builder

Score: 93/100 Avada (Fusion) Builder < 3.15.0 - Missing Authorization Affected: [*, 3.15.0) Patched: 3.15.0 Updated: June 29, 2026

LOW

fusion-builder

Score: 93/100 Avada (Fusion) Builder < 3.15.0 - Missing Authorization Affected: [*, 3.15.0) Patched: 3.15.0 Updated: June 29, 2026

LOW

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Score: 74/100 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.6.0 - Missing Authorization Affected: *-4.2.6.0 Patched: 4.2.7.0 Updated: June 29, 2026

LOW

darna-framework

Score: 91/100 Darna Framework <= 2.9 - Reflected Cross-Site Scripting Affected: *-2.9 Patched: Updated: June 29, 2026

LOW

contest-gallery

Score: 93/100 Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery Affected: *-28.1.2.1 Patched: 28.1.2.2 Updated: June 29, 2026

LOW

buy-now-pay-later-addi

Score: 91/100 Addi – Cuotas que se adaptan a ti <= 2.0.4 - Missing Authorization Affected: *-2.0.4 Patched: Updated: June 29, 2026

LOW

admin-menu-editor

Score: 97/100 Admin Menu Editor <= 1.14.1 - Cross-Site Request Forgery Affected: *-1.14.1 Patched: 1.15 Updated: June 29, 2026

LOW

social-networks-auto-poster-facebook-twitter-g

Score: N/A NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode Affected: *-4.4.6 Patched: 4.4.7 Updated: June 29, 2026

LOW

unlimited-elements-for-elementor

Score: N/A Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields Affected: *-2.0.5 Patched: 2.0.6 Updated: June 29, 2026

LOW

metform-pro

Score: 91/100 MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.9.6 Patched: 3.9.7 Updated: June 29, 2026

LOW

tutor-pro

Score: N/A Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login Affected: *-3.9.5 Patched: 3.9.6 Updated: June 29, 2026

LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import Affected: *-6.15.17 Patched: 6.15.17.1 Updated: June 29, 2026

LOW

booktics

Score: 93/100 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints Affected: *-1.0.16 Patched: 1.0.17 Updated: June 29, 2026

LOW

booktics

Score: 93/100 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation Affected: *-1.0.16 Patched: 1.0.17 Updated: June 29, 2026

LOW

handmade-framework

Score: 89/100 Handmade Framework <= 3.9 - Reflected Cross-Site Scripting Affected: *-3.9 Patched: Updated: June 29, 2026

LOW

themify-event-post

Score: N/A Themify Event Post <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.4 Patched: 1.3.5 Updated: June 29, 2026

LOW

podlove-podcasting-plugin-for-wordpress

Score: N/A Podlove Podcast Publisher <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.3.3 Patched: 4.3.4 Updated: June 29, 2026

LOW

atarim-visual-collaboration

Score: 93/100 Atarim <= 4.3.2 - Missing Authorization Affected: *-4.3.2 Patched: 4.3.3 Updated: June 29, 2026

LOW

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

Score: 70/100 Contact Form by WPForms <= 1.9.9.3 - Missing Authorization Affected: *-1.9.9.3 Patched: 1.9.9.4 Updated: June 29, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor Website Builder <= 3.35.5 - Missing Authorization Affected: *-3.35.5 Patched: 3.35.6 Updated: June 29, 2026

LOW

meta-box

Score: 93/100 Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion Affected: *-5.11.1 Patched: 5.11.2 Updated: June 29, 2026

LOW

wp-rss-aggregator

Score: N/A RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage Affected: *-5.0.11 Patched: 5.0.12 Updated: June 29, 2026

LOW

wp-app-bar

Score: N/A WP App Bar <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'app-bar-features' Parameter Affected: *-1.5 Patched: Updated: June 29, 2026

LOW

seo-local-rank

Score: N/A True Ranker <= 2.2.9 - Cross-Site Request Forgery to Unauthorized True Ranker Disconnection Affected: *-2.2.9 Patched: Updated: June 29, 2026

LOW

ltm-popup-form

Score: 91/100 LotekMedia Popup Form <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings Affected: *-1.0.6 Patched: Updated: June 29, 2026

LOW

carta-online

Score: 91/100 Carta Online <= 2.13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings Affected: *-2.13.0 Patched: Updated: June 29, 2026

LOW

wp-font-pairing-preview

Score: N/A Font Pairing Preview For Landing Pages <= 1.3 - Cross-Site Request Forgery to Settings Update Affected: *-1.3 Patched: Updated: June 29, 2026

LOW

show-youtube-video

Score: N/A Show YouTube video <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

infomaniak-connect-openid

Score: 91/100 Infomaniak Connect for OpenID <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

purchase-button

Score: N/A Purchase Button For Affiliate Link <= 1.0.2 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.2 Patched: Updated: June 29, 2026

LOW

damedia-giglist

Score: 91/100 DA Media GigList <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute Affected: *-1.9.0 Patched: Updated: June 29, 2026

LOW

consensus-embed

Score: 91/100 Consensus Embed <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute Affected: *-1.6 Patched: Updated: June 29, 2026

LOW

media-library-alt-text-editor

Score: 91/100 Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute Affected: *-1.0.0 Patched: Updated: June 29, 2026

LOW

myqtip-easy-qtip2

Score: N/A MyQtip – easy qTip2 <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.0.5 Patched: Updated: June 29, 2026

LOW

wueen

Score: N/A Wueen <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode Affected: *-0.2.0 Patched: Updated: June 29, 2026

LOW

ppv-live-webcams

Score: N/A Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) Privilege Escalation Affected: *-7.3.20 Patched: 7.3.21 Updated: June 29, 2026

LOW

mobile-dj-manager

Score: 91/100 MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion Affected: *-1.7.8.1 Patched: 1.7.8.2 Updated: June 29, 2026

LOW

mailarchiver

Score: 93/100 MailArchiver <= 4.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Affected: *-4.4.0 Patched: 4.5.0 Updated: June 29, 2026

LOW

zip-code-based-content-protection

Score: N/A ZIP Code Based Content Protection <= 1.0.2 - Unauthenticated SQL Injection via 'zipcode' Parameter Affected: *-1.0.2 Patched: 1.0.3 Updated: June 29, 2026

LOW

community-events

Score: 93/100 Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field Affected: *-1.5.8 Patched: 1.5.9 Updated: June 29, 2026

LOW

jquery-archive-list-widget

Score: 93/100 JS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute Affected: *-6.1.7 Patched: 6.2.0 Updated: June 29, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion Affected: *-5.9.8.1 Patched: 5.9.8.2 Updated: June 29, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial Affected: *-5.9.8.2 Patched: 5.9.8.3 Updated: June 29, 2026

LOW

cm-custom-reports

Score: 93/100 CM Custom Reports <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters Affected: *-1.2.7 Patched: 1.2.8 Updated: June 29, 2026

LOW

stock-ticker

Score: N/A Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template Affected: *-3.26.1 Patched: 3.26.2 Updated: June 29, 2026

LOW

easy-php-settings

Score: 93/100 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting Affected: *-1.0.4 Patched: 1.0.5 Updated: June 29, 2026

LOW

hammas-calendar

Score: 93/100 Hammas Calendar <= 1.5.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'apix' Shortcode Attribute Affected: *-1.5.11 Patched: 1.5.12 Updated: June 29, 2026

LOW

wp-front-end-profile

Score: N/A WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection Affected: *-1.3.8 Patched: 1.3.9 Updated: June 29, 2026

LOW

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' Affected: *-12.8.3 Patched: 12.8.4 Updated: June 29, 2026

LOW

winston-ai-wp

Score: N/A Winston AI <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion Affected: *-0.0.3 Patched: 0.0.4 Updated: June 29, 2026

LOW

youtube-embed-plus

Score: N/A Youtube Embed Plus <= 14.2.4 - Missing Authorization Affected: *-14.2.4 Patched: 14.2.5 Updated: June 29, 2026

LOW

themegrill-demo-importer

Score: N/A ThemeGrill Demo Importer <= 2.0.0.6 - Missing Authorization Affected: *-2.0.0.6 Patched: 2.0.0.7 Updated: June 29, 2026

LOW

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift – animation and page builder blocks <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup Affected: *-12.8.3 Patched: 12.8.4 Updated: June 29, 2026

LOW

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-12.8.5 Patched: 12.8.6 Updated: June 29, 2026

LOW

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

Score: 93/100 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload Affected: *-1.3.9.5 Patched: 1.3.9.6 Updated: June 29, 2026

LOW

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

wp-all-import

Score: 66/100 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' Affected: *-4.0.0 Patched: 4.0.1 Updated: June 29, 2026

LOW

woo-product-feed-pro

Score: N/A Product Feed PRO for WooCommerce <= 13.5.2 - Cross-Site Request Forgery Affected: *-13.5.2 Patched: 13.5.2.1 Updated: June 29, 2026

LOW

webtoffee-product-feed

Score: N/A WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More <= 2.3.3 - Authenticated (Shop manager+) PHP Object Injection Affected: *-2.3.3 Patched: 2.3.4 Updated: June 29, 2026

LOW

subscription

Score: N/A Subscription for WooCommerce – WordPress Recurring Payments Plugin <= 1.8.10 - Authenticated (Customer+) Insecure Direct Object Reference Affected: *-1.8.10 Patched: 1.8.11 Updated: June 29, 2026

LOW

my-auctions-allegro-free-edition

Score: N/A My auctions allegro <= 3.6.34 - Reflected Cross-Site Scripting Affected: *-3.6.34 Patched: Updated: June 29, 2026

LOW

my-album-gallery

Score: N/A My Album Gallery <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Deletion Affected: *-1.0.4 Patched: Updated: June 29, 2026

LOW

mail-mint

Score: 93/100 Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more < 1.19.5 - Unauthenticated Information Disclosure Affected: [*, 1.19.5) Patched: 1.19.5 Updated: June 29, 2026

LOW

lisfinity-core

Score: 91/100 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.5.0 - Unauthenticated SQL Injection Affected: *-1.5.0 Patched: Updated: June 29, 2026

LOW

bus-ticket-booking-with-seat-reservation

Score: 91/100 Bus Ticket Booking with Seat Reservation <= 5.6.2 - Unauthenticated PHP Object Injection Affected: *-5.6.2 Patched: Updated: June 29, 2026

LOW

page-or-post-clone

Score: N/A Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter Affected: *-6.3 Patched: 6.4 Updated: June 29, 2026

LOW

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification Affected: *-3.33 Patched: 3.34 Updated: June 29, 2026

LOW

apocalypse-meow

Score: 97/100 Apocalypse Meow <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter Affected: *-22.1.0 Patched: 23.0.0 Updated: June 29, 2026

LOW

ooohboi-steroids-for-elementor

Score: N/A OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls Affected: *-2.1.24 Patched: 2.1.25 Updated: June 29, 2026

LOW

fluentformpro

Score: 93/100 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion Affected: *-6.1.17 Patched: 6.1.18 Updated: June 29, 2026

LOW

fluentformpro

Score: 93/100 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission Affected: *-6.1.17 Patched: 6.1.18 Updated: June 29, 2026

LOW

WP Booking System – Booking Calendar

wp-booking-system

Score: N/A WP Booking System – Booking Calendar <= 2.0.19.12 - Unauthenticated Information Exposure Affected: *-2.0.19.12 Patched: 2.0.19.13 Updated: June 29, 2026

LOW

secudeal-payments-for-ecommerce

Score: N/A Secudeal Payments for Ecommerce <= 1.1 - Unauthenticated PHP Object Injection Affected: *-1.1 Patched: Updated: June 29, 2026

LOW

Membership Plugin – Kadence Memberships

restrict-content

Score: N/A Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' Affected: *-3.2.20 Patched: 3.2.21 Updated: June 29, 2026

LOW

optin

Score: N/A WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation Affected: *-1.4.24 Patched: 1.4.25 Updated: June 29, 2026

LOW

ioncube-tester-plus

Score: 93/100 ionCube Tester Plus <= 1.3 - Unauthenticated Arbitrary File Download Affected: *-1.3 Patched: 1.4 Updated: June 29, 2026

LOW

easy-post-submission

Score: 93/100 Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress <= 2.4.0 - Missing Authorization Affected: *-2.4.0 Patched: 2.5.0 Updated: June 29, 2026

LOW

e2pdf

Score: 93/100 e2pdf <= 1.28.15 - Missing Authorization Affected: *-1.28.15 Patched: 1.32.00 Updated: June 29, 2026

LOW

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

Score: 84/100 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' Affected: *-1.4.7 Patched: 1.4.8 Updated: June 29, 2026

LOW

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Score: 97/100 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Authenticated (Employee+) Privilege Escalation Affected: *-1.2.38 Patched: 2.0 Updated: June 29, 2026

LOW

my-calendar

Score: N/A My Calendar – Accessible Event Manager <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes Affected: *-3.7.3 Patched: 3.7.4 Updated: June 29, 2026

LOW

Seraphinite Accelerator

seraphinite-accelerator

Score: 82/100 Seraphinite Accelerator <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor Affected: *-2.28.14 Patched: 2.28.15 Updated: June 29, 2026

LOW

Seraphinite Accelerator

seraphinite-accelerator

Score: 82/100 Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing Affected: *-2.28.14 Patched: 2.28.15 Updated: June 29, 2026

LOW

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder

gutena-forms

Score: 91/100 Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema() Affected: *-1.6.0 Patched: 1.6.1 Updated: June 29, 2026

LOW

js-support-ticket

Score: 93/100 JS Help Desk – AI-Powered Support & Ticketing System 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie Affected: *-2.8.2 Patched: 2.8.3 Updated: June 29, 2026

LOW

All-in-One Video Gallery

all-in-one-video-gallery

Score: 70/100 All-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter Affected: *-4.7.1 Patched: 4.7.5 Updated: June 29, 2026

LOW

Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

envira-gallery-lite

Score: 94/100 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API Affected: *-1.12.3 Patched: 1.12.4 Updated: June 29, 2026

LOW

wp-members

Score: N/A WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute Affected: *-3.5.5.1 Patched: 3.5.6 Updated: June 29, 2026

LOW

enable-media-replace

Score: 93/100 Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace Affected: *-4.1.7 Patched: 4.1.8 Updated: June 29, 2026

LOW

morkva-ua-shipping

Score: 93/100 Morkva UA Shipping <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field Affected: *-1.7.9 Patched: 1.7.10 Updated: June 29, 2026

LOW

taskbuilder

Score: N/A Taskbuilder <= 5.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field Affected: *-5.0.3 Patched: 5.0.4 Updated: June 29, 2026

LOW

wpbookit

Score: N/A WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters Affected: *-1.0.8 Patched: 1.0.9 Updated: June 29, 2026

Showing 2201 to 2300 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 29, 2026 at 23:33 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List