Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

8176

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
payu-india	payu-india	N/A	PayU CommercePro Plugin <= 3.8.7 - Authentication Bypass	LOW	*-3.8.7	3.8.8	June 30, 2026
payment-qr-woo	payment-qr-woo	N/A	Payment QR WooCommerce <= 1.1.6 - Missing Authorization	LOW	*-1.1.6		June 30, 2026
pay-with-contact-form-7	pay-with-contact-form-7	N/A	Pay with Contact Form 7 <= 1.0.4 - Cross-Site Request Forgery	LOW	*-1.0.4		June 30, 2026
password-policy-manager	password-policy-manager	N/A	Password Policy Manager <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover	LOW	*-2.0.4	2.0.5	June 30, 2026
ova-brw	ova-brw	N/A	BRW <= 1.8.6 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.8.6	1.8.7	June 30, 2026
ova-brw	ova-brw	N/A	BRW <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8.6	1.8.7	June 30, 2026
os-diagnosis-generator	os-diagnosis-generator	N/A	診断ジェネレータ作成プラグイン <= 1.4.16 - Missing Authorization	LOW	*-1.4.16		June 30, 2026
onoffice-for-wp-websites	onoffice-for-wp-websites	N/A	onOffice for WP-Websites <= 5.7 - Missing Authorization	LOW	*-5.7	6.10	June 30, 2026
online-accessibility	online-accessibility	N/A	Accessibility Suite <= 4.19 - Missing Authorization	LOW	*-4.19	4.20	June 30, 2026
oik	oik	N/A	oik <= 4.15.1 - Missing Authorization	LOW	*-4.15.1	4.15.2	June 30, 2026
no-spam-at-all	no-spam-at-all	N/A	No Spam At All <= 1.3 - Missing Authorization	LOW	*-1.3		June 30, 2026
next-event-calendar	next-event-calendar	N/A	Next Event Calendar <= 1.2 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.2		June 30, 2026
nexa-blocks	nexa-blocks	N/A	Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.0		June 30, 2026
nexa-blocks	nexa-blocks	N/A	Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Server-Side Request Forgery	LOW	*-1.1.0		June 30, 2026
newspack-newsletters	newspack-newsletters	N/A	Newspack Newsletters <= 3.13.0 - Open Redirect	LOW	*-3.13.0	3.14.0	June 30, 2026
melipayamak	melipayamak	91	Melipayamak <= 2.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.2.12		June 30, 2026
mediabay	mediabay	89	Mediabay - WordPress Media Library Folders <= 1.4 - Reflected Cross-Site Scripting	LOW	*-1.4		June 30, 2026
market-exporter	market-exporter	93	Market Exporter <= 2.0.22 - Cross-Site Request Forgery	LOW	*-2.0.22	2.0.23	June 30, 2026
libro-de-reclamaciones-y-quejas	libro-de-reclamaciones-y-quejas	91	Libro de Reclamaciones y Quejas <= 0.9 - Authenticated (Administrator+) SQL Injection	LOW	*-0.9	1.0	June 30, 2026
layouts-for-elementor	layouts-for-elementor	93	Layouts for Elementor <= 1.11 - Cross-Site Request Forgery	LOW	*-1.11	1.12	June 30, 2026
konami-easter-egg	konami-easter-egg	91	Konami Easter Egg <= v0.4 - Cross-Site Request Forgery	LOW	* - v0.4		June 30, 2026
ki-live-video-conferences	ki-live-video-conferences	89	KI Live Video Conferences <= 5.5.15 - Unauthenticated Information Disclosure	LOW	*-5.5.15		June 30, 2026
ki-live-video-conferences	ki-live-video-conferences	89	KI Live Video Conferences <= 5.5.15 - Missing Authorization	LOW	*-5.5.15		June 30, 2026
job-board-manager	job-board-manager	83	Job Board Manager <= 2.1.60 - Missing Authorization	LOW	*-2.1.60	2.1.61	June 30, 2026
interactive-uk-regional-map	interactive-uk-regional-map	91	Interactive UK Regional Map <= 2.0 - Cross-Site Request Forgery	LOW	*-2.0		June 30, 2026
interactive-map-of-florida	interactive-map-of-florida	91	Interactive Regional Map of Florida <= 1.0 - Missing Authorization	LOW	*-1.0		June 30, 2026
interactive-map-of-africa	interactive-map-of-africa	91	Interactive Regional Map of Africa <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
image-hover-effects-block	image-hover-effects-block	91	Image Hover Effects Block <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.5		June 30, 2026
iframe-widget	iframe-widget	91	IFrame Widget <= 4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.1		June 30, 2026
hydra-booking	hydra-booking	93	Hydra Booking <= 1.1.10 - Authenticated (Contributor+) SQL Injection	LOW	*-1.1.10	1.1.11	June 30, 2026
ht-team-member	ht-team-member	93	HT Team Member <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.7	1.1.8	June 30, 2026
hr-management-lite	hr-management-lite	89	HR Management Lite <= 3.7 - Cross-Site Request Forgery	LOW	*-3.7	3.8	June 30, 2026
greenshift-animation-and-page-builder-blocks	greenshift-animation-and-page-builder-blocks	93	Greenshift <= 11.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-11.5.5	11.5.7	June 30, 2026
gpp-slideshow	gpp-slideshow	91	GPP Slideshow <= 1.3.5 - Missing Authorization	LOW	*-1.3.5		June 30, 2026
global-translator	global-translator	89	Global Translator <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.2		June 30, 2026
global-translator	global-translator	89	Global Translator <= 2.0.2 - Cross-Site Request Forgery	LOW	*-2.0.2		June 30, 2026
gf-salesforce-crmperks	gf-salesforce-crmperks	93	WP Gravity Forms Salesforce <= 1.4.7 - Open Redirect	LOW	*-1.4.7	1.4.8	June 30, 2026
gf-constant-contact	gf-constant-contact	93	WP Gravity Forms Constant Contact Plugin <= 1.1.0 - Open Redirect	LOW	*-1.1.0	1.1.1	June 30, 2026
gdpr-cookie-consent	gdpr-cookie-consent	93	WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 3.8.0 - Cross-Site Request Forgery	LOW	*-3.8.0	3.8.1	June 30, 2026
gdpr-compliant-recaptcha-for-all-forms	gdpr-compliant-recaptcha-for-all-forms	93	Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant <= 4.1.1 - Cross-Site Request Forgery	LOW	*-4.1.1	4.1.2	June 30, 2026
gamipress	gamipress	93	GamiPress <= 7.4.5 - Authenticated (Administrator+) SQL Injection	LOW	*-7.4.5	7.4.6	June 30, 2026
frontend-dashboard	frontend-dashboard	93	Frontend Dashboard <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.8	2.2.9	June 30, 2026
free-wp-mail-smtp	free-wp-mail-smtp	91	Free WP Mail SMTP <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
fraudlabs-pro-for-woocommerce	fraudlabs-pro-for-woocommerce	93	FraudLabs Pro for WooCommerce <= 2.22.11 - Missing Authorization	LOW	*-2.22.11	2.22.12	June 30, 2026
fastbook-responsive-appointment-booking-and-scheduling-system	fastbook-responsive-appointment-booking-and-scheduling-system	87	FastBook <= 1.1 - Cross-Site Request Forgery	LOW	*-1.1		June 30, 2026
everest-backup	everest-backup	91	Everest Backup <= 2.3.3 - Cross-Site Request Forgery	LOW	*-2.3.3	2.3.4	June 30, 2026
event-post	event-post	91	Event post <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.10.1	5.10.2	June 30, 2026
esign-genie-for-wp	esign-genie-for-wp	91	Foxit eSign for WordPress <= 2.0.3 - Authenticated (Admin+) Information Exposure	LOW	*-2.0.3		June 30, 2026
epicwin-subscribers	epicwin-subscribers	91	Epicwin Plugin <= 1.5 - Cross-Site Request Forgery to SQL Injection	LOW	*-1.5		June 30, 2026
elite-video-player	elite-video-player	89	Elite Video Player <= 10.0.5 - Cross-Site Request Forgery	LOW	*-10.0.5		June 30, 2026
elegant-visitor-counter	elegant-visitor-counter	91	Elegant Visitor Counter <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.1		June 30, 2026
elastic-email-subscribe-form	elastic-email-subscribe-form	91	Elastic Email Subscribe Form <= 1.2.2 - Missing Authorization	LOW	*-1.2.2		June 30, 2026
dorzki-notifications-to-slack	dorzki-notifications-to-slack	91	Slack Notifications by dorzki <= 2.0.7 - Missing Authorization	LOW	*-2.0.7		June 30, 2026
docspress	docspress	93	DocsPress <= 2.5.2 - Missing Authorization	LOW	*-2.5.2	2.5.3	June 30, 2026
dadata-ru	dadata-ru	91	«Подсказки» от DaData.ru <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.6		June 30, 2026
custom-post-order-category	custom-post-order-category	93	Custom Category/Post Type Post order <= 1.6.0 - Missing Authorization	LOW	*-1.6.0	2.0	June 30, 2026
custom-bulkquick-edit	custom-bulkquick-edit	91	Custom Bulk/Quick Edit <= 1.6.10 - Cross-Site Request Forgery	LOW	*-1.6.10		June 30, 2026
CubeWP Framework	cubewp-framework	74	CubeWP – All-in-One Dynamic Content Framework <= 1.1.24 - Cross-Site Request Forgery	LOW	*-1.1.24		June 30, 2026
cubepoints	cubepoints	91	CubePoints <= 3.2.1 - Cross-Site Request Forgery	LOW	*-3.2.1		June 30, 2026
crawlomatic-multipage-scraper-post-generator	crawlomatic-multipage-scraper-post-generator	93	Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Missing Authorization	LOW	*-2.6.8.2	2.6.9	June 30, 2026
crawlomatic-multipage-scraper-post-generator	crawlomatic-multipage-scraper-post-generator	93	Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Unauthenticated Information Exposure via Log Files	LOW	*-2.6.8.2	2.6.9	June 30, 2026
countdown-for-the-events-calendar	countdown-for-the-events-calendar	93	The Events Calendar Countdown Addon <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.9	1.4.10	June 30, 2026
contact-form-ready	contact-form-ready	91	Contact Form <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.12		June 30, 2026
complete-google-seo-scan	complete-google-seo-scan	91	Complete Google Seo Scan <= 3.5.1 - Authenticated (Administrator+) SQL Injection	LOW	*-3.5.1		June 30, 2026
codehaveli-bitly-url-shortener	codehaveli-bitly-url-shortener	93	Bitly URL Shortener <= 1.4.1 - Cross-Site Request Forgery	LOW	*-1.4.1	1.5.0	June 30, 2026
Chaport — Live Chat & Chatbots	chaport	95	WP Live Chat + Chatbots Plugin for WordPress – Chaport <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.5	1.1.7	June 30, 2026
Calculated Fields Form	calculated-fields-form	70	Calculated Fields Form <= 5.3.58 - Cross-Site Request Forgery	LOW	*-5.3.58	5.3.59	June 30, 2026
broadly	broadly	91	Broadly for WordPress <= 3.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.0.2		June 30, 2026
bp-profile-as-homepage	bp-profile-as-homepage	91	BP Profile as Homepage <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
bp-activity-plus-reloaded	bp-activity-plus-reloaded	89	Activity Plus Reloaded for BuddyPress <= 1.1.2 - Missing Authorization	LOW	*-1.1.2		June 30, 2026
booqable-rental-reservations	booqable-rental-reservations	91	Booqable Rental <= 2.4.25 - Cross-Site Request Forgery	LOW	*-2.4.25	2.4.26	June 30, 2026
booking-ultra-pro	booking-ultra-pro	91	Booking Ultra Pro <= 1.1.20 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.20	1.1.21	June 30, 2026
bm-builder	bm-builder	93	BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save	LOW	*-3.16.2.1	3.16.3	June 30, 2026
blockstrap-page-builder-blocks	blockstrap-page-builder-blocks	93	BlockStrap Page Builder - Bootstrap Blocks <= 0.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.1.36	0.1.37	June 30, 2026
bg-orthodox-calendar	bg-orthodox-calendar	91	Bg Orthodox Calendar <= 0.13.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-0.13.10		June 30, 2026
bellows-accordion-menu	bellows-accordion-menu	93	Bellows Accordion Menu <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.4.3	1.4.4	June 30, 2026
bbp-api	bbp-api	91	bbPress API <= 1.0.14 - Missing Authorization	LOW	*-1.0.14		June 30, 2026
bang-tinh-lai-suat	bang-tinh-lai-suat	91	Bang tinh vay <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.1		June 30, 2026
bacon-ipsum	bacon-ipsum	91	Bacon Ipsum <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.4		June 30, 2026
backwp	backwp	89	Backwp <= 2.0.2 - Cross-Site Request Forgery	LOW	*-2.0.2		June 30, 2026
atelier-create-cv	atelier-create-cv	91	Atelier Create CV <= 1.1.5 - Cross-Site Request Forgery to Settings Update	LOW	*-1.1.5		June 30, 2026
appbanners	appbanners	95	AppBanners <= 1.5.14 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5.14		June 30, 2026
ajax-filter-posts	ajax-filter-posts	95	Post Grid Master <= 3.4.14 - Missing Authorization	LOW	*-3.4.14		June 30, 2026
ai-mortgage-calculator	ai-mortgage-calculator	95	AI Mortgage Calculator <= 1.0.1 - Authenticated (Contributor+) Local File Inclusion	LOW	*-1.0.1		June 30, 2026
agile-store-locator	agile-store-locator	97	Store Locator WordPress <= 1.5.2 - Authenticated (Admin+) Arbitrary File Upload	LOW	*-1.5.2	1.5.3	June 30, 2026
agile-store-locator	agile-store-locator	97	Store Locator WordPress <= 1.5.1 - Authenticated (Administrator+) SQL Injection	LOW	*-1.5.1	1.5.2	June 30, 2026
advanced-post-list	advanced-post-list	95	Advanced Post List <= 0.5.6.2 - Cross-Site Request Forgery	LOW	*-0.5.6.2		June 30, 2026
admin-note	admin-note	95	Admin Notes <= 1.1 - Cross-Site Request Forgery	LOW	*-1.1		June 30, 2026
acf-yandex-maps-field	acf-yandex-maps-field	95	ACF: Yandex Maps Field <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1		June 30, 2026
abbie-expander	abbie-expander	95	Abbie Expander <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.1		June 30, 2026
6storage-rentals	6storage-rentals	92	6Storage Rentals <= 2.19.6 - Missing Authorization	LOW	*-2.19.6		June 30, 2026
404-page	404-page	97	404 Page by SeedProd <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.1	1.0.2	June 30, 2026
hypercomments	hypercomments	89	HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update	LOW	*-1.2.2		June 30, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder	forminator	92	Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters	LOW	*-1.44.1	1.44.2	June 30, 2026
wp-time-capsule	wp-time-capsule	N/A	Backup and Staging by WP Time Capsule <= 1.22.23 - Reflected Cross-Site Scripting	LOW	*-1.22.23	1.22.24	June 30, 2026
wishlist	wishlist	N/A	Wishlist <= 2.1.0 - Reflected Cross-Site Scripting	LOW	*-2.1.0		June 30, 2026
spice-blocks	spice-blocks	N/A	Spice Blocks <= 2.0.7.4 - Unauthenticated Arbitrary File Download	LOW	*-2.0.7.4	2.0.7.5	June 30, 2026
smart-wishlist-for-more-convert	smart-wishlist-for-more-convert	N/A	MC Woocommerce Wishlist <= 1.9.1 - Reflected Cross-Site Scripting	LOW	*-1.9.1	1.9.2	June 30, 2026
iwjob	iwjob	89	InWave Jobs <= 3.5.8 - Missing Authorization	LOW	*-3.5.8		June 30, 2026
icegram-rainmaker	icegram-rainmaker	93	Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Missing Authorization	LOW	*-1.3.18	1.3.19	June 30, 2026

LOW

payu-india

Score: N/A PayU CommercePro Plugin <= 3.8.7 - Authentication Bypass Affected: *-3.8.7 Patched: 3.8.8 Updated: June 30, 2026

LOW

payment-qr-woo

Score: N/A Payment QR WooCommerce <= 1.1.6 - Missing Authorization Affected: *-1.1.6 Patched: Updated: June 30, 2026

LOW

pay-with-contact-form-7

Score: N/A Pay with Contact Form 7 <= 1.0.4 - Cross-Site Request Forgery Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

password-policy-manager

Score: N/A Password Policy Manager <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover Affected: *-2.0.4 Patched: 2.0.5 Updated: June 30, 2026

LOW

ova-brw

Score: N/A BRW <= 1.8.6 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.8.6 Patched: 1.8.7 Updated: June 30, 2026

LOW

ova-brw

Score: N/A BRW <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.6 Patched: 1.8.7 Updated: June 30, 2026

LOW

os-diagnosis-generator

Score: N/A 診断ジェネレータ作成プラグイン <= 1.4.16 - Missing Authorization Affected: *-1.4.16 Patched: Updated: June 30, 2026

LOW

onoffice-for-wp-websites

Score: N/A onOffice for WP-Websites <= 5.7 - Missing Authorization Affected: *-5.7 Patched: 6.10 Updated: June 30, 2026

LOW

online-accessibility

Score: N/A Accessibility Suite <= 4.19 - Missing Authorization Affected: *-4.19 Patched: 4.20 Updated: June 30, 2026

LOW

oik

Score: N/A oik <= 4.15.1 - Missing Authorization Affected: *-4.15.1 Patched: 4.15.2 Updated: June 30, 2026

LOW

no-spam-at-all

Score: N/A No Spam At All <= 1.3 - Missing Authorization Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

next-event-calendar

Score: N/A Next Event Calendar <= 1.2 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

nexa-blocks

Score: N/A Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

nexa-blocks

Score: N/A Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

newspack-newsletters

Score: N/A Newspack Newsletters <= 3.13.0 - Open Redirect Affected: *-3.13.0 Patched: 3.14.0 Updated: June 30, 2026

LOW

melipayamak

Score: 91/100 Melipayamak <= 2.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.2.12 Patched: Updated: June 30, 2026

LOW

mediabay

Score: 89/100 Mediabay - WordPress Media Library Folders <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

market-exporter

Score: 93/100 Market Exporter <= 2.0.22 - Cross-Site Request Forgery Affected: *-2.0.22 Patched: 2.0.23 Updated: June 30, 2026

LOW

libro-de-reclamaciones-y-quejas

Score: 91/100 Libro de Reclamaciones y Quejas <= 0.9 - Authenticated (Administrator+) SQL Injection Affected: *-0.9 Patched: 1.0 Updated: June 30, 2026

LOW

layouts-for-elementor

Score: 93/100 Layouts for Elementor <= 1.11 - Cross-Site Request Forgery Affected: *-1.11 Patched: 1.12 Updated: June 30, 2026

LOW

konami-easter-egg

Score: 91/100 Konami Easter Egg <= v0.4 - Cross-Site Request Forgery Affected: * - v0.4 Patched: Updated: June 30, 2026

LOW

ki-live-video-conferences

Score: 89/100 KI Live Video Conferences <= 5.5.15 - Unauthenticated Information Disclosure Affected: *-5.5.15 Patched: Updated: June 30, 2026

LOW

ki-live-video-conferences

Score: 89/100 KI Live Video Conferences <= 5.5.15 - Missing Authorization Affected: *-5.5.15 Patched: Updated: June 30, 2026

LOW

job-board-manager

Score: 83/100 Job Board Manager <= 2.1.60 - Missing Authorization Affected: *-2.1.60 Patched: 2.1.61 Updated: June 30, 2026

LOW

interactive-uk-regional-map

Score: 91/100 Interactive UK Regional Map <= 2.0 - Cross-Site Request Forgery Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

interactive-map-of-florida

Score: 91/100 Interactive Regional Map of Florida <= 1.0 - Missing Authorization Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

interactive-map-of-africa

Score: 91/100 Interactive Regional Map of Africa <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

image-hover-effects-block

Score: 91/100 Image Hover Effects Block <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.5 Patched: Updated: June 30, 2026

LOW

iframe-widget

Score: 91/100 IFrame Widget <= 4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.1 Patched: Updated: June 30, 2026

LOW

hydra-booking

Score: 93/100 Hydra Booking <= 1.1.10 - Authenticated (Contributor+) SQL Injection Affected: *-1.1.10 Patched: 1.1.11 Updated: June 30, 2026

LOW

ht-team-member

Score: 93/100 HT Team Member <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.7 Patched: 1.1.8 Updated: June 30, 2026

LOW

hr-management-lite

Score: 89/100 HR Management Lite <= 3.7 - Cross-Site Request Forgery Affected: *-3.7 Patched: 3.8 Updated: June 30, 2026

LOW

greenshift-animation-and-page-builder-blocks

Score: 93/100 Greenshift <= 11.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-11.5.5 Patched: 11.5.7 Updated: June 30, 2026

LOW

gpp-slideshow

Score: 91/100 GPP Slideshow <= 1.3.5 - Missing Authorization Affected: *-1.3.5 Patched: Updated: June 30, 2026

LOW

global-translator

Score: 89/100 Global Translator <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

global-translator

Score: 89/100 Global Translator <= 2.0.2 - Cross-Site Request Forgery Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

gf-salesforce-crmperks

Score: 93/100 WP Gravity Forms Salesforce <= 1.4.7 - Open Redirect Affected: *-1.4.7 Patched: 1.4.8 Updated: June 30, 2026

LOW

gf-constant-contact

Score: 93/100 WP Gravity Forms Constant Contact Plugin <= 1.1.0 - Open Redirect Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

gdpr-cookie-consent

Score: 93/100 WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 3.8.0 - Cross-Site Request Forgery Affected: *-3.8.0 Patched: 3.8.1 Updated: June 30, 2026

LOW

gdpr-compliant-recaptcha-for-all-forms

Score: 93/100 Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant <= 4.1.1 - Cross-Site Request Forgery Affected: *-4.1.1 Patched: 4.1.2 Updated: June 30, 2026

LOW

gamipress

Score: 93/100 GamiPress <= 7.4.5 - Authenticated (Administrator+) SQL Injection Affected: *-7.4.5 Patched: 7.4.6 Updated: June 30, 2026

LOW

frontend-dashboard

Score: 93/100 Frontend Dashboard <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.8 Patched: 2.2.9 Updated: June 30, 2026

LOW

free-wp-mail-smtp

Score: 91/100 Free WP Mail SMTP <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

fraudlabs-pro-for-woocommerce

Score: 93/100 FraudLabs Pro for WooCommerce <= 2.22.11 - Missing Authorization Affected: *-2.22.11 Patched: 2.22.12 Updated: June 30, 2026

LOW

fastbook-responsive-appointment-booking-and-scheduling-system

Score: 87/100 FastBook <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

everest-backup

Score: 91/100 Everest Backup <= 2.3.3 - Cross-Site Request Forgery Affected: *-2.3.3 Patched: 2.3.4 Updated: June 30, 2026

LOW

event-post

Score: 91/100 Event post <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.10.1 Patched: 5.10.2 Updated: June 30, 2026

LOW

esign-genie-for-wp

Score: 91/100 Foxit eSign for WordPress <= 2.0.3 - Authenticated (Admin+) Information Exposure Affected: *-2.0.3 Patched: Updated: June 30, 2026

LOW

epicwin-subscribers

Score: 91/100 Epicwin Plugin <= 1.5 - Cross-Site Request Forgery to SQL Injection Affected: *-1.5 Patched: Updated: June 30, 2026

LOW

elite-video-player

Score: 89/100 Elite Video Player <= 10.0.5 - Cross-Site Request Forgery Affected: *-10.0.5 Patched: Updated: June 30, 2026

LOW

elegant-visitor-counter

Score: 91/100 Elegant Visitor Counter <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1 Patched: Updated: June 30, 2026

LOW

elastic-email-subscribe-form

Score: 91/100 Elastic Email Subscribe Form <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

dorzki-notifications-to-slack

Score: 91/100 Slack Notifications by dorzki <= 2.0.7 - Missing Authorization Affected: *-2.0.7 Patched: Updated: June 30, 2026

LOW

docspress

Score: 93/100 DocsPress <= 2.5.2 - Missing Authorization Affected: *-2.5.2 Patched: 2.5.3 Updated: June 30, 2026

LOW

dadata-ru

Score: 91/100 «Подсказки» от DaData.ru <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.6 Patched: Updated: June 30, 2026

LOW

custom-post-order-category

Score: 93/100 Custom Category/Post Type Post order <= 1.6.0 - Missing Authorization Affected: *-1.6.0 Patched: 2.0 Updated: June 30, 2026

LOW

custom-bulkquick-edit

Score: 91/100 Custom Bulk/Quick Edit <= 1.6.10 - Cross-Site Request Forgery Affected: *-1.6.10 Patched: Updated: June 30, 2026

LOW

CubeWP Framework

cubewp-framework

Score: 74/100 CubeWP – All-in-One Dynamic Content Framework <= 1.1.24 - Cross-Site Request Forgery Affected: *-1.1.24 Patched: Updated: June 30, 2026

LOW

cubepoints

Score: 91/100 CubePoints <= 3.2.1 - Cross-Site Request Forgery Affected: *-3.2.1 Patched: Updated: June 30, 2026

LOW

crawlomatic-multipage-scraper-post-generator

Score: 93/100 Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Missing Authorization Affected: *-2.6.8.2 Patched: 2.6.9 Updated: June 30, 2026

LOW

crawlomatic-multipage-scraper-post-generator

Score: 93/100 Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Unauthenticated Information Exposure via Log Files Affected: *-2.6.8.2 Patched: 2.6.9 Updated: June 30, 2026

LOW

countdown-for-the-events-calendar

Score: 93/100 The Events Calendar Countdown Addon <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.9 Patched: 1.4.10 Updated: June 30, 2026

LOW

contact-form-ready

Score: 91/100 Contact Form <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.12 Patched: Updated: June 30, 2026

LOW

complete-google-seo-scan

Score: 91/100 Complete Google Seo Scan <= 3.5.1 - Authenticated (Administrator+) SQL Injection Affected: *-3.5.1 Patched: Updated: June 30, 2026

LOW

codehaveli-bitly-url-shortener

Score: 93/100 Bitly URL Shortener <= 1.4.1 - Cross-Site Request Forgery Affected: *-1.4.1 Patched: 1.5.0 Updated: June 30, 2026

LOW

Chaport — Live Chat & Chatbots

chaport

Score: 95/100 WP Live Chat + Chatbots Plugin for WordPress – Chaport <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.5 Patched: 1.1.7 Updated: June 30, 2026

LOW

Calculated Fields Form

calculated-fields-form

Score: 70/100 Calculated Fields Form <= 5.3.58 - Cross-Site Request Forgery Affected: *-5.3.58 Patched: 5.3.59 Updated: June 30, 2026

LOW

broadly

Score: 91/100 Broadly for WordPress <= 3.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.0.2 Patched: Updated: June 30, 2026

LOW

bp-profile-as-homepage

Score: 91/100 BP Profile as Homepage <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

bp-activity-plus-reloaded

Score: 89/100 Activity Plus Reloaded for BuddyPress <= 1.1.2 - Missing Authorization Affected: *-1.1.2 Patched: Updated: June 30, 2026

LOW

booqable-rental-reservations

Score: 91/100 Booqable Rental <= 2.4.25 - Cross-Site Request Forgery Affected: *-2.4.25 Patched: 2.4.26 Updated: June 30, 2026

LOW

booking-ultra-pro

Score: 91/100 Booking Ultra Pro <= 1.1.20 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.20 Patched: 1.1.21 Updated: June 30, 2026

LOW

Score: 93/100 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save Affected: *-3.16.2.1 Patched: 3.16.3 Updated: June 30, 2026

LOW

blockstrap-page-builder-blocks

Score: 93/100 BlockStrap Page Builder - Bootstrap Blocks <= 0.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1.36 Patched: 0.1.37 Updated: June 30, 2026

LOW

bg-orthodox-calendar

Score: 91/100 Bg Orthodox Calendar <= 0.13.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.13.10 Patched: Updated: June 30, 2026

LOW

bellows-accordion-menu

Score: 93/100 Bellows Accordion Menu <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

bbp-api

Score: 91/100 bbPress API <= 1.0.14 - Missing Authorization Affected: *-1.0.14 Patched: Updated: June 30, 2026

LOW

bang-tinh-lai-suat

Score: 91/100 Bang tinh vay <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

bacon-ipsum

Score: 91/100 Bacon Ipsum <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4 Patched: Updated: June 30, 2026

LOW

backwp

Score: 89/100 Backwp <= 2.0.2 - Cross-Site Request Forgery Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

atelier-create-cv

Score: 91/100 Atelier Create CV <= 1.1.5 - Cross-Site Request Forgery to Settings Update Affected: *-1.1.5 Patched: Updated: June 30, 2026

LOW

appbanners

Score: 95/100 AppBanners <= 1.5.14 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.14 Patched: Updated: June 30, 2026

LOW

ajax-filter-posts

Score: 95/100 Post Grid Master <= 3.4.14 - Missing Authorization Affected: *-3.4.14 Patched: Updated: June 30, 2026

LOW

ai-mortgage-calculator

Score: 95/100 AI Mortgage Calculator <= 1.0.1 - Authenticated (Contributor+) Local File Inclusion Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

agile-store-locator

Score: 97/100 Store Locator WordPress <= 1.5.2 - Authenticated (Admin+) Arbitrary File Upload Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

agile-store-locator

Score: 97/100 Store Locator WordPress <= 1.5.1 - Authenticated (Administrator+) SQL Injection Affected: *-1.5.1 Patched: 1.5.2 Updated: June 30, 2026

LOW

advanced-post-list

Score: 95/100 Advanced Post List <= 0.5.6.2 - Cross-Site Request Forgery Affected: *-0.5.6.2 Patched: Updated: June 30, 2026

LOW

admin-note

Score: 95/100 Admin Notes <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

acf-yandex-maps-field

Score: 95/100 ACF: Yandex Maps Field <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

abbie-expander

Score: 95/100 Abbie Expander <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

6storage-rentals

Score: 92/100 6Storage Rentals <= 2.19.6 - Missing Authorization Affected: *-2.19.6 Patched: Updated: June 30, 2026

LOW

404-page

Score: 97/100 404 Page by SeedProd <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: June 30, 2026

LOW

hypercomments

Score: 89/100 HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update Affected: *-1.2.2 Patched: Updated: June 30, 2026

LOW

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

Score: 92/100 Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters Affected: *-1.44.1 Patched: 1.44.2 Updated: June 30, 2026

LOW

wp-time-capsule

Score: N/A Backup and Staging by WP Time Capsule <= 1.22.23 - Reflected Cross-Site Scripting Affected: *-1.22.23 Patched: 1.22.24 Updated: June 30, 2026

LOW

wishlist

Score: N/A Wishlist <= 2.1.0 - Reflected Cross-Site Scripting Affected: *-2.1.0 Patched: Updated: June 30, 2026

LOW

spice-blocks

Score: N/A Spice Blocks <= 2.0.7.4 - Unauthenticated Arbitrary File Download Affected: *-2.0.7.4 Patched: 2.0.7.5 Updated: June 30, 2026

LOW

smart-wishlist-for-more-convert

Score: N/A MC Woocommerce Wishlist <= 1.9.1 - Reflected Cross-Site Scripting Affected: *-1.9.1 Patched: 1.9.2 Updated: June 30, 2026

LOW

iwjob

Score: 89/100 InWave Jobs <= 3.5.8 - Missing Authorization Affected: *-3.5.8 Patched: Updated: June 30, 2026

LOW

icegram-rainmaker

Score: 93/100 Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Missing Authorization Affected: *-1.3.18 Patched: 1.3.19 Updated: June 30, 2026

Showing 8101 to 8200 of 8176 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 13:47 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List