Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
wp-customer-reviews	wp-customer-reviews	N/A	WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.6.6	3.6.7	June 30, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools	woocommerce-jetpack	65	Booster for WooCommerce <= 7.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-7.1.0	7.1.1	June 30, 2026
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools	woocommerce-jetpack	65	Booster for WooCommerce <= 7.1.0 - Authenticated (Subscriber+) Information Disclosure via Shortcode	LOW	*-7.1.0	7.1.1	June 30, 2026
woocommerce-ean-payment-gateway	woocommerce-ean-payment-gateway	N/A	WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update	LOW	[*, 6.1.0)	6.1.0	June 30, 2026
woocommerce-cvr-payment-gateway	woocommerce-cvr-payment-gateway	N/A	WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update	LOW	[*, 6.1.0)	6.1.0	June 30, 2026
wd-google-maps	wd-google-maps	N/A	10Web Map Builder for Google Maps <= 1.0.73 - Missing Authorization to Notice Dismissal	LOW	[*, 1.0.74)	1.0.74	June 30, 2026
powerpress	powerpress	N/A	PowerPress <= 11.0.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Media URL	LOW	[*, 11.0.12)	11.0.12	June 30, 2026
pagelayer	pagelayer	N/A	PageLayer <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 1.7.7)	1.7.7	June 30, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin)	feeds-for-youtube	68	Feeds for YouTube <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.1	2.1.2	June 30, 2026
essential-blocks-pro	essential-blocks-pro	93	Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products	LOW	*-1.1.0	1.1.1	June 30, 2026
essential-blocks-pro	essential-blocks-pro	93	Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries	LOW	*-1.1.0	1.1.1	June 30, 2026
essential-blocks	essential-blocks	93	Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products	LOW	*-4.2.0	4.2.1	June 30, 2026
essential-blocks	essential-blocks	93	Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries	LOW	*-4.2.0	4.2.1	June 30, 2026
awesome-weather	awesome-weather	89	Awesome Weather Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.0.2		June 30, 2026
zero-bs-crm	zero-bs-crm	N/A	Jetpack CRM <= 5.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-5.5.0	5.5.1	June 30, 2026
zero-bs-crm	zero-bs-crm	N/A	Jetpack CRM <= 5.5.0 - Authenticated (Client+) Stored Cross-Site Scripting	LOW	*-5.5.0	5.5.1	June 30, 2026
WPvivid — Backup, Migration & Staging	wpvivid-backuprestore	63	WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress'	LOW	[*, 0.9.91)	0.9.91	June 30, 2026
wpdiscuz	wpdiscuz	N/A	wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease	LOW	*-7.6.3	7.6.4	June 30, 2026
wpdiscuz	wpdiscuz	N/A	wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/Decrease	LOW	*-7.6.3	7.6.4	June 30, 2026
wp-user-control	wp-user-control	N/A	WP User Control <= 1.5.3 - Insecure Password Reset Mechanism	LOW	*-1.5.3		June 30, 2026
Iptanus File Upload	wp-file-upload	76	Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	[*, 4.23.3)	4.23.3	June 30, 2026
woocommerce-beta-tester	woocommerce-beta-tester	N/A	WooCommerce Beta Tester < 2.2.4 - Authenticated (Administrator+) SQL Injection	LOW	[*, 2.2.4)	2.2.4	June 30, 2026
testimonial-slider-shortcode	testimonial-slider-shortcode	N/A	Testimonial Slider Shortcode <= 1.1.8 - Authenticated (Contributor+) Cross-Site Scripting Vulnerability via Shortcode	LOW	[*, 1.1.9)	1.1.9	June 30, 2026
simplr-registration-form	simplr-registration-form	N/A	Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change	LOW	*-2.4.5		June 30, 2026
quiz-master-next	quiz-master-next	N/A	Quiz And Survey Master <= 8.1.15 - Cross-Site Request Forgery via 'display_results'	LOW	[*, 8.1.15)	8.1.16	June 30, 2026
photospace-responsive	photospace-responsive	N/A	Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1.1	2.2.0	June 30, 2026
login-with-phone-number	login-with-phone-number	93	Login with phone number <= 1.5.6 - Cross-Site Request Forgery to User Password Change	LOW	*-1.5.6	1.5.7	June 30, 2026
leyka	leyka	89	Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-3.30.7	3.30.7.1	June 30, 2026
dropbox-folder-share	dropbox-folder-share	89	Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion	LOW	*-1.9.7		June 30, 2026
dc-woocommerce-multi-vendor	dc-woocommerce-multi-vendor	93	MultiVendorX <= 4.0.25 - Improper Authorization on REST Routes via 'save_settings_permission'	LOW	[*, 4.0.26)	4.0.26	June 30, 2026
booking-calendar	booking-calendar	91	Booking calendar, Appointment Booking System <= 3.2.8 - Multiple Authenticated(Editor+) SQL Injection	LOW	[*, 3.2.9)	3.2.9	June 30, 2026
ban-users	ban-users	91	BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation	LOW	*-1.5.3		June 30, 2026
SlimStat Analytics	wp-slimstat	N/A	Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode	LOW	*-5.0.9	5.0.10	June 30, 2026
woocommerce-subscriptions	woocommerce-subscriptions	N/A	WooCommerce Subscription < 4.6.0 - Cross-Site Request Forgery	LOW	[*, 4.6.0)	4.6.0	June 30, 2026
woocommerce-checkout-field-editor	woocommerce-checkout-field-editor	N/A	Checkout Field Editor (Premium) < 1.7.5 - Cross-Site Request Forgery	LOW	[*, 1.7.5)	1.7.5	June 30, 2026
woocommerce-checkout-field-editor	woocommerce-checkout-field-editor	N/A	Checkout Field Editor <= 1.7.4 - Cross-Site Request Forgery to Checkout Fields Update	LOW	*-1.7.4	1.7.5	June 30, 2026
WooCommerce	woocommerce	80	WooCommerce <= 7.8.2 - Sensitive Information Exposure	LOW	*-7.8.2	7.9.0	June 30, 2026
WooCommerce	woocommerce	80	WooCommerce <= 7.0.0 - Authenticated(Shop Manager+) Sensitive Information Exposure	LOW	*-7.0.0	7.0.1	June 30, 2026
socialdriver	socialdriver	N/A	SocialDriver < 2024 - Prototype Pollution	LOW	[*, 2024)	2024	June 30, 2026
mappress-google-maps-for-wordpress	mappress-google-maps-for-wordpress	93	MapPress Maps for WordPress <= 2.88.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.88.4	2.88.5	June 30, 2026
jquery-vertical-accordion-menu	jquery-vertical-accordion-menu	91	JQuery Accordion Menu Widget <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.1.2		June 30, 2026
intergeo-maps	intergeo-maps	91	Google Maps Plugin by Intergeo <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-2.3.2		June 30, 2026
File Manager Pro – Filester	filester	78	File Manager Pro – Filester - <= 1.7.6 - Cross-Site Request Forgery to Arbitrary File Rename	LOW	*-1.7.6	1.8	June 30, 2026
expand-maker	expand-maker	89	Read More & Accordion <= 3.2.6.1 - Authenticated (Administrator+) PHP Object Injection	LOW	*-3.2.6.1	3.2.7	June 30, 2026
crayon-syntax-highlighter	crayon-syntax-highlighter	89	Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery	LOW	*-2.8.4		June 30, 2026
Booking Calendar	booking	71	Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting	LOW	*-9.7.3	9.7.3.1	June 30, 2026
activitytime	activitytime	97	WP Sessions Time Monitoring Full Automatic <= 1.0.8 - Unauthenticated SQL injection	LOW	*-1.0.8	1.0.9	June 30, 2026
zotpress	zotpress	N/A	Zotpress <= 7.3.4 - Reflected Cross-Site Scripting via 'PHP_SELF'	LOW	*-7.3.4	7.3.5	June 30, 2026
modula-best-grid-gallery	modula-best-grid-gallery	93	Modula <= 2.7.4 - Incomplete Authorization via 'save_image' and 'save_images'	LOW	[*, 2.7.5)	2.7.5	June 30, 2026
wp-user-avatar	wp-user-avatar	N/A	ProfilePress <= 4.13.1 - Limited Privilege Escalation via 'acceptable_defined_roles'	LOW	[*, 4.13.2)	4.13.2	June 30, 2026
wp-user-avatar	wp-user-avatar	N/A	ProfilePress <= 4.13.1 Cross-Site Request Forgery via 'admin_notice'	LOW	[*, 4.13.2)	4.13.2	June 30, 2026
educare	educare	93	Educare <= 1.4.6 - Missing Authorization to Sensitive Information Exposure	LOW	[*, 1.4.7)	1.4.7	June 30, 2026
wp-crowdfunding	wp-crowdfunding	N/A	WP Crowdfunding <= 2.1.5 - Cross-Site Request Forgery	LOW	*-2.1.5	2.1.6	June 30, 2026
simple-download-counter	simple-download-counter	N/A	Simple Download Counter <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	1.6	1.6.1	June 30, 2026
ldap-ad-staff-employee-directory-search	ldap-ad-staff-employee-directory-search	93	Staff / Employee Business Directory for Active Directory <= 1.2.1 - Insufficient Escaping of Stored LDAP Values	LOW	*-1.2.2	1.2.3	June 30, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	fluentform	78	Contact Form for Plugin by Fluent Forms <= 5.0.8 - Insecure Direct Object Reference	LOW	[*, 5.0.9)	5.0.9	June 30, 2026
EWWW Image Optimizer	ewww-image-optimizer	69	EWWW Image Optimizer <= 7.2.0 - Sensitive Information Exposure	LOW	[*, 7.2.1)	7.2.1	June 30, 2026
my-account-page-editor	my-account-page-editor	N/A	My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-1.3.1	1.3.2	June 30, 2026
form-maker	form-maker	93	Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload	LOW	[*, 1.15.20)	1.15.20	June 30, 2026
EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more	embedpress	69	EmbedPress <= 3.8.3 - Cross-Site Request Forgery	LOW	[*, 3.8.4)	3.8.4	June 30, 2026
easy-form	easy-form	93	Easy Form by AYS <= 1.3.8 - Cross-Site Request Forgery	LOW	[*, 1.3.9)	1.3.9	June 30, 2026
user-submitted-posts	user-submitted-posts	N/A	User Submitted Posts <= 20230901 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-20230901	20230902	June 30, 2026
duplicate-post-page-menu-custom-post-type	duplicate-post-page-menu-custom-post-type	93	Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization to Post Duplication	LOW	*-2.3.1	2.4.0	June 30, 2026
Defender Security – Malware Scanner, Login Security & Firewall	defender-security	71	Defender Security <= 4.0.2 - Hide Login Page Feature Protection Bypass	LOW	*-4.0.2	4.1.0	June 30, 2026
buddypress-media	buddypress-media	93	rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization via export_settings	LOW	*-4.6.14	4.6.15	June 30, 2026
wpdirectorykit	wpdirectorykit	N/A	WP Directory Kit <= 1.2.6 - Missing Authorization	LOW	*-1.2.6	1.2.7	June 30, 2026
wp-ical-availability	wp-ical-availability	N/A	WP iCal Availability <= 1.0.3 - Cross-Site Request Forgery	LOW	*-1.0.3		June 30, 2026
wp-gallery-metabox	wp-gallery-metabox	N/A	WP Gallery Metabox <= 1.0.0 - Cross-Site Request Forgery	LOW	*-1.0.0		June 30, 2026
wp-custom-post-template	wp-custom-post-template	N/A	WP Custom Post Template <= 1.0 - Cross-Site Request Forgery	LOW	*-1.0		June 30, 2026
wp-crowdfunding	wp-crowdfunding	N/A	WP Crowdfunding <= 2.1.4 - Missing Authorization via settings_reset	LOW	*-2.1.4	2.1.5	June 30, 2026
wp-central	wp-central	N/A	wpCentral <= 1.5.7 - Cross-Site Request Forgery	LOW	*-1.5.7		June 30, 2026
wp-analytify	wp-analytify	N/A	Analytify Dashboard <= 5.1.0 - Missing Authorization to Opt-In	LOW	[*, 5.1.1)	5.1.1	June 30, 2026
wp-accessibility-helper	wp-accessibility-helper	N/A	WP Accessibility Helper (WAH) <= 0.6.2.4 - Missing Authorization via AJAX action	LOW	*-0.6.2.4	0.6.2.5	June 30, 2026
wordpress-social-login	wordpress-social-login	N/A	WordPress Social Login <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.0.4		June 30, 2026
woo-pensopay	woo-pensopay	N/A	WooCommerce PensoPay <= 6.3.1 - Reflected Cross-Site Scripting via 'pensopay_action'	LOW	*-6.3.1	6.3.2	June 30, 2026
very-simple-contact-form	very-simple-contact-form	N/A	VS Contact Form <= 13.9 - Missing Authorization	LOW	*-13.9	14.0	June 30, 2026
user-submitted-posts	user-submitted-posts	N/A	User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-20230811	20230901	June 30, 2026
uniconsent-cmp	uniconsent-cmp	N/A	UniConsent Cookie Consent CMP for GDPR / CCPA <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.4.3	1.4.4	June 30, 2026
travelmap-blog	travelmap-blog	N/A	Travel Map <= 1.0.1 - Unauthenticated Cross-Site Scripting	LOW	*-1.0.1	1.0.2	June 30, 2026
swifty-bar	swifty-bar	N/A	Swifty Bar, sticky bar by WPGens <= 1.2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.10	1.2.11	June 30, 2026
super-socializer	super-socializer	N/A	Super Socializer <= 7.13.54 - Missing Authorization	LOW	*-7.13.54	7.13.55	June 30, 2026
super-socializer	super-socializer	N/A	Super Socializer <= 7.13.54 - Cross-Site Request Forgery	LOW	*-7.13.54	7.13.55	June 30, 2026
sunshine-photo-cart	sunshine-photo-cart	N/A	Sunshine Photo Cart <= 2.9.25 - Insecure Direct Object Reference to Order Manipulation	LOW	*-2.9.25	3.0	June 30, 2026
stagtools	stagtools	N/A	Stagtools <= 2.3.7 - Reflected Cross-Site Scripting	LOW	*-2.3.7	2.3.8	June 30, 2026
sliderpro	sliderpro	N/A	Slider Pro <= 4.8.6 - Missing Authorization via AJAX actions	LOW	*-4.8.6	4.8.7	June 30, 2026
simple-membership	simple-membership	N/A	Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting	LOW	*-4.3.5	4.3.6	June 30, 2026
sendpress	sendpress	N/A	SendPress Newsletters <= 1.23.11.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.23.11.6		June 30, 2026
sendpress	sendpress	N/A	SendPress Newsletters <= 1.23.11.6 - Cross-Site Request Forgery	LOW	*-1.23.11.6		June 30, 2026
rsvpmaker	rsvpmaker	N/A	RSVPMaker <= 10.6.6 - Unauthenticated PHP Object Injection	LOW	*-10.6.6	10.6.7	June 30, 2026
restricted-content	restricted-content	N/A	Restrict <= 2.2.4 - Reflected Cross-Site Scripting	LOW	*-2.2.4	2.2.5	June 30, 2026
rescue-shortcodes	rescue-shortcodes	N/A	Rescue Shortcodes <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.5	2.6	June 30, 2026
regpack	regpack	N/A	Regpack <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.1		June 30, 2026
publish-post-email-notification	publish-post-email-notification	N/A	wordpress publish post email notification <= 1.0.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.2.2	1.0.2.3	June 30, 2026
poll-maker	poll-maker	N/A	Poll Maker <= 4.7.0 - Reflected Cross-Site Scripting	LOW	*-4.7.0	4.7.1	June 30, 2026
poeditor	poeditor	N/A	POEditor <= 0.9.4 - Cross-Site Request Forgery	LOW	*-0.9.4	0.9.5	June 30, 2026
pepro-cf7-database	pepro-cf7-database	N/A	PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission	LOW	*-1.7.0	1.8.0	June 30, 2026
outbound-link-manager	outbound-link-manager	N/A	Outbound Link Manager <= 1.2 - Cross-Site Request Forgery	LOW	*-1.2		June 30, 2026
order-delivery-date	order-delivery-date	N/A	Order Delivery Date for WP e-Commerce <= 1.2 - Cross-Site Request Forgery	LOW	*-1.2		June 30, 2026
order-delivery-date	order-delivery-date	N/A	Order Delivery Date for WP e-Commerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2		June 30, 2026
notice-bar	notice-bar	N/A	Notice Bar <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.1.0	3.1.1	June 30, 2026

LOW

wp-customer-reviews

Score: N/A WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.6.6 Patched: 3.6.7 Updated: June 30, 2026

LOW

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

Score: 65/100 Booster for WooCommerce <= 7.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-7.1.0 Patched: 7.1.1 Updated: June 30, 2026

LOW

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

Score: 65/100 Booster for WooCommerce <= 7.1.0 - Authenticated (Subscriber+) Information Disclosure via Shortcode Affected: *-7.1.0 Patched: 7.1.1 Updated: June 30, 2026

LOW

woocommerce-ean-payment-gateway

Score: N/A WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update Affected: [*, 6.1.0) Patched: 6.1.0 Updated: June 30, 2026

LOW

woocommerce-cvr-payment-gateway

Score: N/A WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update Affected: [*, 6.1.0) Patched: 6.1.0 Updated: June 30, 2026

LOW

wd-google-maps

Score: N/A 10Web Map Builder for Google Maps <= 1.0.73 - Missing Authorization to Notice Dismissal Affected: [*, 1.0.74) Patched: 1.0.74 Updated: June 30, 2026

LOW

powerpress

Score: N/A PowerPress <= 11.0.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Media URL Affected: [*, 11.0.12) Patched: 11.0.12 Updated: June 30, 2026

LOW

pagelayer

Score: N/A PageLayer <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 1.7.7) Patched: 1.7.7 Updated: June 30, 2026

LOW

Feeds for YouTube (YouTube video, channel, and gallery plugin)

feeds-for-youtube

Score: 68/100 Feeds for YouTube <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.1 Patched: 2.1.2 Updated: June 30, 2026

LOW

essential-blocks-pro

Score: 93/100 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

essential-blocks-pro

Score: 93/100 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries Affected: *-1.1.0 Patched: 1.1.1 Updated: June 30, 2026

LOW

essential-blocks

Score: 93/100 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products Affected: *-4.2.0 Patched: 4.2.1 Updated: June 30, 2026

LOW

essential-blocks

Score: 93/100 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries Affected: *-4.2.0 Patched: 4.2.1 Updated: June 30, 2026

LOW

awesome-weather

Score: 89/100 Awesome Weather Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.0.2 Patched: Updated: June 30, 2026

LOW

zero-bs-crm

Score: N/A Jetpack CRM <= 5.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-5.5.0 Patched: 5.5.1 Updated: June 30, 2026

LOW

zero-bs-crm

Score: N/A Jetpack CRM <= 5.5.0 - Authenticated (Client+) Stored Cross-Site Scripting Affected: *-5.5.0 Patched: 5.5.1 Updated: June 30, 2026

LOW

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Score: 63/100 WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress' Affected: [*, 0.9.91) Patched: 0.9.91 Updated: June 30, 2026

LOW

wpdiscuz

Score: N/A wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease Affected: *-7.6.3 Patched: 7.6.4 Updated: June 30, 2026

LOW

wpdiscuz

Score: N/A wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/Decrease Affected: *-7.6.3 Patched: 7.6.4 Updated: June 30, 2026

LOW

wp-user-control

Score: N/A WP User Control <= 1.5.3 - Insecure Password Reset Mechanism Affected: *-1.5.3 Patched: Updated: June 30, 2026

LOW

Iptanus File Upload

wp-file-upload

Score: 76/100 Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: [*, 4.23.3) Patched: 4.23.3 Updated: June 30, 2026

LOW

woocommerce-beta-tester

Score: N/A WooCommerce Beta Tester < 2.2.4 - Authenticated (Administrator+) SQL Injection Affected: [*, 2.2.4) Patched: 2.2.4 Updated: June 30, 2026

LOW

testimonial-slider-shortcode

Score: N/A Testimonial Slider Shortcode <= 1.1.8 - Authenticated (Contributor+) Cross-Site Scripting Vulnerability via Shortcode Affected: [*, 1.1.9) Patched: 1.1.9 Updated: June 30, 2026

LOW

simplr-registration-form

Score: N/A Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change Affected: *-2.4.5 Patched: Updated: June 30, 2026

LOW

quiz-master-next

Score: N/A Quiz And Survey Master <= 8.1.15 - Cross-Site Request Forgery via 'display_results' Affected: [*, 8.1.15) Patched: 8.1.16 Updated: June 30, 2026

LOW

photospace-responsive

Score: N/A Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.1 Patched: 2.2.0 Updated: June 30, 2026

LOW

login-with-phone-number

Score: 93/100 Login with phone number <= 1.5.6 - Cross-Site Request Forgery to User Password Change Affected: *-1.5.6 Patched: 1.5.7 Updated: June 30, 2026

LOW

leyka

Score: 89/100 Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-3.30.7 Patched: 3.30.7.1 Updated: June 30, 2026

LOW

dropbox-folder-share

Score: 89/100 Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion Affected: *-1.9.7 Patched: Updated: June 30, 2026

LOW

dc-woocommerce-multi-vendor

Score: 93/100 MultiVendorX <= 4.0.25 - Improper Authorization on REST Routes via 'save_settings_permission' Affected: [*, 4.0.26) Patched: 4.0.26 Updated: June 30, 2026

LOW

booking-calendar

Score: 91/100 Booking calendar, Appointment Booking System <= 3.2.8 - Multiple Authenticated(Editor+) SQL Injection Affected: [*, 3.2.9) Patched: 3.2.9 Updated: June 30, 2026

LOW

ban-users

Score: 91/100 BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation Affected: *-1.5.3 Patched: Updated: June 30, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode Affected: *-5.0.9 Patched: 5.0.10 Updated: June 30, 2026

LOW

woocommerce-subscriptions

Score: N/A WooCommerce Subscription < 4.6.0 - Cross-Site Request Forgery Affected: [*, 4.6.0) Patched: 4.6.0 Updated: June 30, 2026

LOW

woocommerce-checkout-field-editor

Score: N/A Checkout Field Editor (Premium) < 1.7.5 - Cross-Site Request Forgery Affected: [*, 1.7.5) Patched: 1.7.5 Updated: June 30, 2026

LOW

woocommerce-checkout-field-editor

Score: N/A Checkout Field Editor <= 1.7.4 - Cross-Site Request Forgery to Checkout Fields Update Affected: *-1.7.4 Patched: 1.7.5 Updated: June 30, 2026

LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce <= 7.8.2 - Sensitive Information Exposure Affected: *-7.8.2 Patched: 7.9.0 Updated: June 30, 2026

LOW

WooCommerce

woocommerce

Score: 80/100 WooCommerce <= 7.0.0 - Authenticated(Shop Manager+) Sensitive Information Exposure Affected: *-7.0.0 Patched: 7.0.1 Updated: June 30, 2026

LOW

socialdriver

Score: N/A SocialDriver < 2024 - Prototype Pollution Affected: [*, 2024) Patched: 2024 Updated: June 30, 2026

LOW

mappress-google-maps-for-wordpress

Score: 93/100 MapPress Maps for WordPress <= 2.88.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.88.4 Patched: 2.88.5 Updated: June 30, 2026

LOW

jquery-vertical-accordion-menu

Score: 91/100 JQuery Accordion Menu Widget <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.1.2 Patched: Updated: June 30, 2026

LOW

intergeo-maps

Score: 91/100 Google Maps Plugin by Intergeo <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-2.3.2 Patched: Updated: June 30, 2026

LOW

File Manager Pro – Filester

filester

Score: 78/100 File Manager Pro – Filester - <= 1.7.6 - Cross-Site Request Forgery to Arbitrary File Rename Affected: *-1.7.6 Patched: 1.8 Updated: June 30, 2026

LOW

expand-maker

Score: 89/100 Read More & Accordion <= 3.2.6.1 - Authenticated (Administrator+) PHP Object Injection Affected: *-3.2.6.1 Patched: 3.2.7 Updated: June 30, 2026

LOW

crayon-syntax-highlighter

Score: 89/100 Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery Affected: *-2.8.4 Patched: Updated: June 30, 2026

LOW

Booking Calendar

booking

Score: 71/100 Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting Affected: *-9.7.3 Patched: 9.7.3.1 Updated: June 30, 2026

LOW

activitytime

Score: 97/100 WP Sessions Time Monitoring Full Automatic <= 1.0.8 - Unauthenticated SQL injection Affected: *-1.0.8 Patched: 1.0.9 Updated: June 30, 2026

LOW

zotpress

Score: N/A Zotpress <= 7.3.4 - Reflected Cross-Site Scripting via 'PHP_SELF' Affected: *-7.3.4 Patched: 7.3.5 Updated: June 30, 2026

LOW

modula-best-grid-gallery

Score: 93/100 Modula <= 2.7.4 - Incomplete Authorization via 'save_image' and 'save_images' Affected: [*, 2.7.5) Patched: 2.7.5 Updated: June 30, 2026

LOW

wp-user-avatar

Score: N/A ProfilePress <= 4.13.1 - Limited Privilege Escalation via 'acceptable_defined_roles' Affected: [*, 4.13.2) Patched: 4.13.2 Updated: June 30, 2026

LOW

wp-user-avatar

Score: N/A ProfilePress <= 4.13.1 Cross-Site Request Forgery via 'admin_notice' Affected: [*, 4.13.2) Patched: 4.13.2 Updated: June 30, 2026

LOW

educare

Score: 93/100 Educare <= 1.4.6 - Missing Authorization to Sensitive Information Exposure Affected: [*, 1.4.7) Patched: 1.4.7 Updated: June 30, 2026

LOW

wp-crowdfunding

Score: N/A WP Crowdfunding <= 2.1.5 - Cross-Site Request Forgery Affected: *-2.1.5 Patched: 2.1.6 Updated: June 30, 2026

LOW

simple-download-counter

Score: N/A Simple Download Counter <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: 1.6 Patched: 1.6.1 Updated: June 30, 2026

LOW

ldap-ad-staff-employee-directory-search

Score: 93/100 Staff / Employee Business Directory for Active Directory <= 1.2.1 - Insufficient Escaping of Stored LDAP Values Affected: *-1.2.2 Patched: 1.2.3 Updated: June 30, 2026

LOW

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Score: 78/100 Contact Form for Plugin by Fluent Forms <= 5.0.8 - Insecure Direct Object Reference Affected: [*, 5.0.9) Patched: 5.0.9 Updated: June 30, 2026

LOW

EWWW Image Optimizer

ewww-image-optimizer

Score: 69/100 EWWW Image Optimizer <= 7.2.0 - Sensitive Information Exposure Affected: [*, 7.2.1) Patched: 7.2.1 Updated: June 30, 2026

LOW

my-account-page-editor

Score: N/A My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.3.1 Patched: 1.3.2 Updated: June 30, 2026

LOW

form-maker

Score: 93/100 Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload Affected: [*, 1.15.20) Patched: 1.15.20 Updated: June 30, 2026

LOW

EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more

embedpress

Score: 69/100 EmbedPress <= 3.8.3 - Cross-Site Request Forgery Affected: [*, 3.8.4) Patched: 3.8.4 Updated: June 30, 2026

LOW

easy-form

Score: 93/100 Easy Form by AYS <= 1.3.8 - Cross-Site Request Forgery Affected: [*, 1.3.9) Patched: 1.3.9 Updated: June 30, 2026

LOW

user-submitted-posts

Score: N/A User Submitted Posts <= 20230901 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-20230901 Patched: 20230902 Updated: June 30, 2026

LOW

duplicate-post-page-menu-custom-post-type

Score: 93/100 Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization to Post Duplication Affected: *-2.3.1 Patched: 2.4.0 Updated: June 30, 2026

LOW

Defender Security – Malware Scanner, Login Security & Firewall

defender-security

Score: 71/100 Defender Security <= 4.0.2 - Hide Login Page Feature Protection Bypass Affected: *-4.0.2 Patched: 4.1.0 Updated: June 30, 2026

LOW

buddypress-media

Score: 93/100 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization via export_settings Affected: *-4.6.14 Patched: 4.6.15 Updated: June 30, 2026

LOW

wpdirectorykit

Score: N/A WP Directory Kit <= 1.2.6 - Missing Authorization Affected: *-1.2.6 Patched: 1.2.7 Updated: June 30, 2026

LOW

wp-ical-availability

Score: N/A WP iCal Availability <= 1.0.3 - Cross-Site Request Forgery Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

wp-gallery-metabox

Score: N/A WP Gallery Metabox <= 1.0.0 - Cross-Site Request Forgery Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

wp-custom-post-template

Score: N/A WP Custom Post Template <= 1.0 - Cross-Site Request Forgery Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

wp-crowdfunding

Score: N/A WP Crowdfunding <= 2.1.4 - Missing Authorization via settings_reset Affected: *-2.1.4 Patched: 2.1.5 Updated: June 30, 2026

LOW

wp-central

Score: N/A wpCentral <= 1.5.7 - Cross-Site Request Forgery Affected: *-1.5.7 Patched: Updated: June 30, 2026

LOW

wp-analytify

Score: N/A Analytify Dashboard <= 5.1.0 - Missing Authorization to Opt-In Affected: [*, 5.1.1) Patched: 5.1.1 Updated: June 30, 2026

LOW

wp-accessibility-helper

Score: N/A WP Accessibility Helper (WAH) <= 0.6.2.4 - Missing Authorization via AJAX action Affected: *-0.6.2.4 Patched: 0.6.2.5 Updated: June 30, 2026

LOW

wordpress-social-login

Score: N/A WordPress Social Login <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.0.4 Patched: Updated: June 30, 2026

LOW

woo-pensopay

Score: N/A WooCommerce PensoPay <= 6.3.1 - Reflected Cross-Site Scripting via 'pensopay_action' Affected: *-6.3.1 Patched: 6.3.2 Updated: June 30, 2026

LOW

very-simple-contact-form

Score: N/A VS Contact Form <= 13.9 - Missing Authorization Affected: *-13.9 Patched: 14.0 Updated: June 30, 2026

LOW

Score: N/A User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-20230811 Patched: 20230901 Updated: June 30, 2026

LOW

uniconsent-cmp

Score: N/A UniConsent Cookie Consent CMP for GDPR / CCPA <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.3 Patched: 1.4.4 Updated: June 30, 2026

LOW

travelmap-blog

Score: N/A Travel Map <= 1.0.1 - Unauthenticated Cross-Site Scripting Affected: *-1.0.1 Patched: 1.0.2 Updated: June 30, 2026

LOW

swifty-bar

Score: N/A Swifty Bar, sticky bar by WPGens <= 1.2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.10 Patched: 1.2.11 Updated: June 30, 2026

LOW

super-socializer

Score: N/A Super Socializer <= 7.13.54 - Missing Authorization Affected: *-7.13.54 Patched: 7.13.55 Updated: June 30, 2026

LOW

super-socializer

Score: N/A Super Socializer <= 7.13.54 - Cross-Site Request Forgery Affected: *-7.13.54 Patched: 7.13.55 Updated: June 30, 2026

LOW

sunshine-photo-cart

Score: N/A Sunshine Photo Cart <= 2.9.25 - Insecure Direct Object Reference to Order Manipulation Affected: *-2.9.25 Patched: 3.0 Updated: June 30, 2026

LOW

stagtools

Score: N/A Stagtools <= 2.3.7 - Reflected Cross-Site Scripting Affected: *-2.3.7 Patched: 2.3.8 Updated: June 30, 2026

LOW

sliderpro

Score: N/A Slider Pro <= 4.8.6 - Missing Authorization via AJAX actions Affected: *-4.8.6 Patched: 4.8.7 Updated: June 30, 2026

LOW

simple-membership

Score: N/A Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting Affected: *-4.3.5 Patched: 4.3.6 Updated: June 30, 2026

LOW

sendpress

Score: N/A SendPress Newsletters <= 1.23.11.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.23.11.6 Patched: Updated: June 30, 2026

LOW

sendpress

Score: N/A SendPress Newsletters <= 1.23.11.6 - Cross-Site Request Forgery Affected: *-1.23.11.6 Patched: Updated: June 30, 2026

LOW

rsvpmaker

Score: N/A RSVPMaker <= 10.6.6 - Unauthenticated PHP Object Injection Affected: *-10.6.6 Patched: 10.6.7 Updated: June 30, 2026

LOW

restricted-content

Score: N/A Restrict <= 2.2.4 - Reflected Cross-Site Scripting Affected: *-2.2.4 Patched: 2.2.5 Updated: June 30, 2026

LOW

rescue-shortcodes

Score: N/A Rescue Shortcodes <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.5 Patched: 2.6 Updated: June 30, 2026

LOW

regpack

Score: N/A Regpack <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

publish-post-email-notification

Score: N/A wordpress publish post email notification <= 1.0.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.2.2 Patched: 1.0.2.3 Updated: June 30, 2026

LOW

poll-maker

Score: N/A Poll Maker <= 4.7.0 - Reflected Cross-Site Scripting Affected: *-4.7.0 Patched: 4.7.1 Updated: June 30, 2026

LOW

poeditor

Score: N/A POEditor <= 0.9.4 - Cross-Site Request Forgery Affected: *-0.9.4 Patched: 0.9.5 Updated: June 30, 2026

LOW

pepro-cf7-database

Score: N/A PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission Affected: *-1.7.0 Patched: 1.8.0 Updated: June 30, 2026

LOW

outbound-link-manager

Score: N/A Outbound Link Manager <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

order-delivery-date

Score: N/A Order Delivery Date for WP e-Commerce <= 1.2 - Cross-Site Request Forgery Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

order-delivery-date

Score: N/A Order Delivery Date for WP e-Commerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

notice-bar

Score: N/A Notice Bar <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.1.0 Patched: 3.1.1 Updated: June 30, 2026

Showing 23801 to 23900 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 12:33 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List