Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

5292

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
advanced-video-player-with-analytics	advanced-video-player-with-analytics	95	Advanced Video Player with Analytics <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1		June 30, 2026
add-ribbon	add-ribbon	95	Add Ribbon Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.1		June 30, 2026
achilles-shortcodes	achilles-shortcodes	95	AchillesTheme-shortcodes <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.1		June 30, 2026
aa-audio-player	aa-audio-player	95	AA Audio Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
bdthemes-element-pack-lite	bdthemes-element-pack-lite	93	Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.10.2	5.10.3	June 30, 2026
adbuddy-adblocker-detection	adbuddy-adblocker-detection	95	adBuddy+ (AdBlocker Detection) by NetfunkDesign <= 1.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-1.1.3		June 30, 2026
Prime Slider Addons for Elementor	bdthemes-prime-slider-lite	88	Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget	LOW	*-3.15.18	3.15.19	June 30, 2026
all-contact-form-integration-for-elementor	all-contact-form-integration-for-elementor	93	EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization	LOW	*-2.9.9.9		June 30, 2026
basticom-framework	basticom-framework	93	Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload	LOW	*-1.5.0	1.5.1	June 30, 2026
cf7-styler	cf7-styler	91	CF7 WOW Styler <= 1.6.8 - Reflected Cross-Site Scripting	LOW	*-1.6.8	1.6.9	June 30, 2026
buooy-sticky-header	buooy-sticky-header	91	Buooy Sticky Header <= 0.5.2 - Reflected Cross-Site Scripting	LOW	*-0.5.2		June 30, 2026
bdthemes-element-pack-lite	bdthemes-element-pack-lite	93	Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	LOW	*-5.10.2	5.10.3	June 30, 2026
bdthemes-element-pack-lite	bdthemes-element-pack-lite	93	Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget	LOW	*-5.10.2	5.10.3	June 30, 2026
ajax-content-filter	ajax-content-filter	95	Ajax Content Filter <= 1.0 - Reflected Cross-Site Scripting	LOW	*-1.0		June 30, 2026
abbs-bing-search	abbs-bing-search	95	Bing Search API Integration <= 0.3.3 - Reflected Cross-Site Scripting	LOW	*-0.3.3		June 30, 2026
bbp-core	bbp-core	93	BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter	LOW	*-1.2.5	1.2.6	June 30, 2026
bricksable	bricksable	93	Bricksable for Bricks Builder <= 1.6.59 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.6.59	1.6.60	June 30, 2026
bookingpress-appointment-booking	bookingpress-appointment-booking	93	Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.1.16	1.1.17	June 30, 2026
black-widgets	black-widgets	91	Black Widgets For Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3.6	1.3.7	June 30, 2026
betterlinks	betterlinks	93	BetterLinks <= 2.1.7 - Authenticated (Administrator+) SQL Injection	LOW	*-2.1.7	2.1.8	June 30, 2026
beds24-online-booking	beds24-online-booking	93	Beds24 Online Booking <= 2.0.25 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.25	2.0.26	June 30, 2026
bdthemes-element-pack-lite	bdthemes-element-pack-lite	93	Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget	LOW	*-5.10.1	5.10.2	June 30, 2026
bdthemes-element-pack-lite	bdthemes-element-pack-lite	93	Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate	LOW	*-5.10.1	5.10.2	June 30, 2026
awesome-shortcodes-for-genesis	awesome-shortcodes-for-genesis	91	Awesome Shortcodes For Genesis 1.1.8 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	1.1.8		June 30, 2026
author-slug	author-slug	91	Custom Author URL <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-2.0.1		June 30, 2026
athemes-addons-for-elementor-lite	athemes-addons-for-elementor-lite	93	aThemes Addons for Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.7	1.0.8	June 30, 2026
appointmind	appointmind	97	Appointmind <= 4.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-4.0.0	4.1.0	June 30, 2026
apk-downloader	apk-downloader	95	APK Downloader <= 1.0.0 - Cross-Site Request Forgery to Stored Cross Site Scripting	LOW	*-1.0.0		June 30, 2026
amazon-associate-filter	amazon-associate-filter	95	Amazon Associate Filter <= 0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-0.4		June 30, 2026
advanced-pdf-generator	advanced-pdf-generator	95	Advanced PDF Generator <= 0.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-0.4.0		June 30, 2026
admin-sms-alert	admin-sms-alert	95	Admin SMS Alert<=1.1.0 - Cross-Site Request Forgery to Stored Cross Site Scripting	LOW	*-1.1.0		June 30, 2026
addressbook	addressbook	95	Addressbook <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.1.3		June 30, 2026
accordion-title-for-elementor	accordion-title-for-elementor	97	Accordion title for Elementor <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	*-1.2.1	1.2.2	June 30, 2026
atomchat	atomchat	91	AtomChat <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atomchat Shortcode	LOW	*-1.1.5	1.1.6	June 30, 2026
cafe-lite	cafe-lite	89	Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.1		June 30, 2026
business	business	91	Business <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.3		June 30, 2026
bpmnio	bpmnio	91	bpmn.io <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
bonway-static-block-editor	bonway-static-block-editor	91	Bonway Static Block Editor <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.0		June 30, 2026
bluetrait-event-viewer	bluetrait-event-viewer	91	BTEV <= Cross-Site Request Forgery to Plugin Settings Update	LOW	*-2.0.2		June 30, 2026
blrt-wp-embed	blrt-wp-embed	89	Blrt WP Embed <= 1.6.9 - Authenticated (Contributor+) SQL Injection	LOW	*-1.6.9		June 30, 2026
bigmart-elements	bigmart-elements	91	Bigmart Elements <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.3		June 30, 2026
ays-popup-box	ays-popup-box	93	Popup Box <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.7.7	4.7.8	June 30, 2026
awesomepress	awesomepress	91	AwesomePress <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
awesome-progess-bar	awesome-progess-bar	93	Awesome Progress Bar <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.13	1.1.0	June 30, 2026
audio-comparison-lite	audio-comparison-lite	93	Audio Comparison Lite <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4	3.5	June 30, 2026
apply-online	apply-online	97	ApplyOnline <= 2.6.2 - Unauthenticated Application Disclosure	LOW	*-2.6.2	2.6.3	June 30, 2026
amp-img-shortcode	amp-img-shortcode	95	AMP Img Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.1		June 30, 2026
amazing-neo-icon-font-for-elementor	amazing-neo-icon-font-for-elementor	95	amazing neo icon font for elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.1		June 30, 2026
amadiscount	amadiscount	95	AmaDiscount <= 1.0 - Authenticated (Contributor+) SQL Injection	LOW	*-1.0		June 30, 2026
alphabetical-list	alphabetical-list	95	Alphabetical List <= 1.0.3 - Cross-Site Request Forgery to Settings Update	LOW	*-1.0.3		June 30, 2026
advanced-control-manager	advanced-control-manager	95	Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.16.0		June 30, 2026
aajoda-testimonials	aajoda-testimonials	95	Aajoda Testimonials <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.2.2		June 30, 2026
5-stars-rating-funnel	5-stars-rating-funnel	95	5 Stars Rating Funnel <= 1.4.01 - Authenticated (Contributor+) SQL Injection	LOW	*-1.4.01		June 30, 2026
3d-presentation	3d-presentation	95	3D Presentation <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
ancient-world-linked-data-for-wordpress	ancient-world-linked-data-for-wordpress	95	Ancient World Linked Data <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.2.1		June 30, 2026
allpost-contactform	allpost-contactform	95	All Post Contact Form <= 1.8.0 - Unauthenticated Arbitrary File Upload	LOW	*-1.8.0		June 30, 2026
alley-elementor-widget	alley-elementor-widget	95	Alley Elementor Widget <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.7		June 30, 2026
advanced-cron-manager	advanced-cron-manager	97	Advanced Cron Manager – debug & control <= 2.5.6 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.5.6	2.5.7	June 30, 2026
administrator-z	administrator-z	95	Administrator Z <= 2024.10.14 - Authenticated (Subscriber+) SQL Injection	LOW	*-2024.10.14	2024.10.21	June 30, 2026
black-widgets	black-widgets	91	Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload	LOW	*-1.3.7	1.3.8	June 30, 2026
arconix-shortcodes	arconix-shortcodes	95	Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode	LOW	*-2.1.13	2.1.14	June 30, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget	LOW	*-2.8.4.2	2.8.4.3	June 30, 2026
affiliate-toolkit-starter	affiliate-toolkit-starter	95	affiliate-toolkit <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode	LOW	*-3.6.5	3.6.6	June 30, 2026
bulk-role-change	bulk-role-change	91	Bulk Change Role <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.1		June 30, 2026
ar-for-woocommerce	ar-for-woocommerce	97	AR For Woocommerce <= 6.2 - Unauthenticated Arbitrary File Upload	LOW	*-6.2	7.0	June 30, 2026
Message Bridge for Contact Form 7 and Telegram	cf7-telegram	99	Contact Form 7 + Telegram <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse	LOW	*-0.8.5	0.8.6	June 30, 2026
All-in-One WP Migration and Backup	all-in-one-wp-migration	94	All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection	LOW	*-7.86	7.87	June 30, 2026
cafe-lite	cafe-lite	89	Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates	LOW	*-2.2.1		June 30, 2026
bstone-demo-importer	bstone-demo-importer	91	Bstone Demo Importer <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation	LOW	*-1.0.1		June 30, 2026
automatic-translation	automatic-translation	91	Automatic Translation <= 1.0.4 - Unauthenticated Arbitrary File Upload	LOW	*-1.0.4		June 30, 2026
ar-for-wordpress	ar-for-wordpress	95	AR For WordPress <= 6.6 - Unauthenticated Arbitrary File Upload	LOW	*-6.6	7.0	June 30, 2026
ajar-productions-in5-embed	ajar-productions-in5-embed	95	Ajar in5 Embed <= 3.1.3 - Unauthenticated Arbitrary File Upload	LOW	*-3.1.3	3.1.4	June 30, 2026
advanced-online-ordering-and-delivery-platform	advanced-online-ordering-and-delivery-platform	95	Advanced Online Ordering and Delivery Platform <= 2.0.0 - Unauthenticated Local File Inclusion	LOW	*-2.0.0		June 30, 2026
acnoo-flutter-api	acnoo-flutter-api	95	Acnoo Flutter API <= 1.0.5 - Authentication Bypass via Account Takeover	LOW	*-1.0.5		June 30, 2026
bamazoo-button-generator	bamazoo-button-generator	91	Bamazoo – Button Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dgs Shortcode	LOW	*-1.0		June 30, 2026
buddypress	buddypress	93	BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal	LOW	*-14.1.0	14.2.1	June 30, 2026
church-admin	church-admin	93	Church Admin < 5.0.0 - Reflected Cross-Site Scripting	LOW	[*, 5.0.0)	5.0.0	June 30, 2026
cf7-conditional-fields	cf7-conditional-fields	93	Conditional Fields for Contact Form 7 <= 2.4.15 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-2.4.15	2.5	June 30, 2026
Buttonizer – Live Chat, AI Chatbot, Call, Chat, Contact Button	button-contact-vr	95	Button contact VR <= 4.7.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.7.9.1	4.7.10	June 30, 2026
Breeze Cache	breeze	79	Breeze <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.1.14	2.1.15	June 30, 2026
Breeze Cache	breeze	79	Breeze <= 2.1.14 - Missing Authorization	LOW	*-2.1.14	2.1.15	June 30, 2026
bold-page-builder	bold-page-builder	86	Bold Page Builder <= 5.1.3 - Missing Authorization	LOW	*-5.1.3	5.1.4	June 30, 2026
beek-widget-extention	beek-widget-extention	91	Beek Widget Extention <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-0.9.5		June 30, 2026
beaver-builder-lite-version	beaver-builder-lite-version	93	Beaver Builder <= 2.8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.8.3.7	2.8.3.9	June 30, 2026
astra-widgets	astra-widgets	93	Astra Widgets <= 1.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.14	1.2.15	June 30, 2026
app-builder	app-builder	95	App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP	LOW	*-5.3.7	5.3.8	June 30, 2026
app-ads-txt	app-ads-txt	97	Ads.txt & App-ads.txt Manager for WordPress <= 1.1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.7.1	1.1.8	June 30, 2026
amilia-store	amilia-store	95	Amilia Store <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.9.8		June 30, 2026
advanced-sermons	advanced-sermons	97	Advanced Sermons <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-3.4	3.5	June 30, 2026
adirectory	adirectory	97	aDirectory <= 1.3 - Unauthenticated Arbitrary File Upload	LOW	*-1.3	1.3.1	June 30, 2026
accelerated-mobile-pages	accelerated-mobile-pages	97	AMP for WP – Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery to Privilege Escalation	LOW	*-1.0.99.1	1.0.99.2	June 30, 2026
cf7-repeatable-fields	cf7-repeatable-fields	93	Contact Form 7 - Repeatable Fields <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via field_group Shortcode	LOW	*-2.0.1	2.0.2	June 30, 2026
adminify	adminify	97	WP Adminify – Best WordPress Custom Dashboard Plugin <= 4.0.1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload	LOW	*-4.0.1.6	4.0.1.7	June 30, 2026
additional-product-fields-for-woocommerce	additional-product-fields-for-woocommerce	97	Extra Product Options Builder for WooCommerce <= 1.2.133 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.2.133	1.2.134	June 30, 2026
3d-flipbook-dflip-lite	3d-flipbook-dflip-lite	97	PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting	LOW	*-2.3.32	2.3.42	June 30, 2026
anchor-episodes-index	anchor-episodes-index	97	Anchor Episodes Index (Spotify for Podcasters) <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor_episodes Shortcode	LOW	*-2.1.10	2.1.11	June 30, 2026
All-in-One WP Migration and Backup	all-in-one-wp-migration	94	All-in-One WP Migration and Backup <= 7.86 - Unauthenticated Information Disclosure via Error Logs	LOW	*-7.86	7.87	June 30, 2026
chatplusjp	chatplusjp	91	chatplusjp <= 1.02 - Reflected Cross-Site Scripting	LOW	*-1.02		June 30, 2026
campus-explorer-widget	campus-explorer-widget	91	Campus Explorer Widget <= 1.4 - Reflected Cross-Site Scripting	LOW	*-1.4		June 30, 2026
bp-member-type-manager	bp-member-type-manager	91	BP Member Type Manager <= 1.01 - Reflected Cross-Site Scripting	LOW	*-1.01		June 30, 2026

LOW

advanced-video-player-with-analytics

Score: 95/100 Advanced Video Player with Analytics <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1 Patched: Updated: June 30, 2026

LOW

add-ribbon

Score: 95/100 Add Ribbon Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

achilles-shortcodes

Score: 95/100 AchillesTheme-shortcodes <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.1 Patched: Updated: June 30, 2026

LOW

aa-audio-player

Score: 95/100 AA Audio Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

Score: 93/100 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.10.2 Patched: 5.10.3 Updated: June 30, 2026

LOW

adbuddy-adblocker-detection

Score: 95/100 adBuddy+ (AdBlocker Detection) by NetfunkDesign <= 1.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

Prime Slider Addons for Elementor

bdthemes-prime-slider-lite

Score: 88/100 Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget Affected: *-3.15.18 Patched: 3.15.19 Updated: June 30, 2026

LOW

all-contact-form-integration-for-elementor

Score: 93/100 EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization Affected: *-2.9.9.9 Patched: Updated: June 30, 2026

LOW

basticom-framework

Score: 93/100 Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.5.0 Patched: 1.5.1 Updated: June 30, 2026

LOW

cf7-styler

Score: 91/100 CF7 WOW Styler <= 1.6.8 - Reflected Cross-Site Scripting Affected: *-1.6.8 Patched: 1.6.9 Updated: June 30, 2026

LOW

buooy-sticky-header

Score: 91/100 Buooy Sticky Header <= 0.5.2 - Reflected Cross-Site Scripting Affected: *-0.5.2 Patched: Updated: June 30, 2026

LOW

bdthemes-element-pack-lite

Score: 93/100 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting Affected: *-5.10.2 Patched: 5.10.3 Updated: June 30, 2026

LOW

bdthemes-element-pack-lite

Score: 93/100 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget Affected: *-5.10.2 Patched: 5.10.3 Updated: June 30, 2026

LOW

ajax-content-filter

Score: 95/100 Ajax Content Filter <= 1.0 - Reflected Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

abbs-bing-search

Score: 95/100 Bing Search API Integration <= 0.3.3 - Reflected Cross-Site Scripting Affected: *-0.3.3 Patched: Updated: June 30, 2026

LOW

bbp-core

Score: 93/100 BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026

LOW

bricksable

Score: 93/100 Bricksable for Bricks Builder <= 1.6.59 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.59 Patched: 1.6.60 Updated: June 30, 2026

LOW

bookingpress-appointment-booking

Score: 93/100 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection Affected: *-1.1.16 Patched: 1.1.17 Updated: June 30, 2026

LOW

black-widgets

Score: 91/100 Black Widgets For Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3.6 Patched: 1.3.7 Updated: June 30, 2026

LOW

betterlinks

Score: 93/100 BetterLinks <= 2.1.7 - Authenticated (Administrator+) SQL Injection Affected: *-2.1.7 Patched: 2.1.8 Updated: June 30, 2026

LOW

beds24-online-booking

Score: 93/100 Beds24 Online Booking <= 2.0.25 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.25 Patched: 2.0.26 Updated: June 30, 2026

LOW

bdthemes-element-pack-lite

Score: 93/100 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget Affected: *-5.10.1 Patched: 5.10.2 Updated: June 30, 2026

LOW

bdthemes-element-pack-lite

Score: 93/100 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate Affected: *-5.10.1 Patched: 5.10.2 Updated: June 30, 2026

LOW

awesome-shortcodes-for-genesis

Score: 91/100 Awesome Shortcodes For Genesis 1.1.8 - Cross-Site Request Forgery to Cross-Site Scripting Affected: 1.1.8 Patched: Updated: June 30, 2026

LOW

author-slug

Score: 91/100 Custom Author URL <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: June 30, 2026

LOW

athemes-addons-for-elementor-lite

Score: 93/100 aThemes Addons for Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

appointmind

Score: 97/100 Appointmind <= 4.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-4.0.0 Patched: 4.1.0 Updated: June 30, 2026

LOW

apk-downloader

Score: 95/100 APK Downloader <= 1.0.0 - Cross-Site Request Forgery to Stored Cross Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

amazon-associate-filter

Score: 95/100 Amazon Associate Filter <= 0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.4 Patched: Updated: June 30, 2026

LOW

advanced-pdf-generator

Score: 95/100 Advanced PDF Generator <= 0.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-0.4.0 Patched: Updated: June 30, 2026

LOW

admin-sms-alert

Score: 95/100 Admin SMS Alert<=1.1.0 - Cross-Site Request Forgery to Stored Cross Site Scripting Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

addressbook

Score: 95/100 Addressbook <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

accordion-title-for-elementor

Score: 97/100 Accordion title for Elementor <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

atomchat

Score: 91/100 AtomChat <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atomchat Shortcode Affected: *-1.1.5 Patched: 1.1.6 Updated: June 30, 2026

LOW

cafe-lite

Score: 89/100 Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.1 Patched: Updated: June 30, 2026

LOW

business

Score: 91/100 Business <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.3 Patched: Updated: June 30, 2026

LOW

bpmnio

Score: 91/100 bpmn.io <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

bonway-static-block-editor

Score: 91/100 Bonway Static Block Editor <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

bluetrait-event-viewer

Score: 91/100 BTEV <= Cross-Site Request Forgery to Plugin Settings Update Affected: *-2.0.2 Patched: Updated: June 30, 2026

LOW

blrt-wp-embed

Score: 89/100 Blrt WP Embed <= 1.6.9 - Authenticated (Contributor+) SQL Injection Affected: *-1.6.9 Patched: Updated: June 30, 2026

LOW

bigmart-elements

Score: 91/100 Bigmart Elements <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

ays-popup-box

Score: 93/100 Popup Box <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.7.7 Patched: 4.7.8 Updated: June 30, 2026

LOW

awesomepress

Score: 91/100 AwesomePress <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

awesome-progess-bar

Score: 93/100 Awesome Progress Bar <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.13 Patched: 1.1.0 Updated: June 30, 2026

LOW

audio-comparison-lite

Score: 93/100 Audio Comparison Lite <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4 Patched: 3.5 Updated: June 30, 2026

LOW

apply-online

Score: 97/100 ApplyOnline <= 2.6.2 - Unauthenticated Application Disclosure Affected: *-2.6.2 Patched: 2.6.3 Updated: June 30, 2026

LOW

amp-img-shortcode

Score: 95/100 AMP Img Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

amazing-neo-icon-font-for-elementor

Score: 95/100 amazing neo icon font for elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.1 Patched: Updated: June 30, 2026

LOW

amadiscount

Score: 95/100 AmaDiscount <= 1.0 - Authenticated (Contributor+) SQL Injection Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

alphabetical-list

Score: 95/100 Alphabetical List <= 1.0.3 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

advanced-control-manager

Score: 95/100 Advanced Control Manager for WordPress by ItalyStrap <= 2.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.16.0 Patched: Updated: June 30, 2026

LOW

aajoda-testimonials

Score: 95/100 Aajoda Testimonials <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.2.2 Patched: Updated: June 30, 2026

LOW

5-stars-rating-funnel

Score: 95/100 5 Stars Rating Funnel <= 1.4.01 - Authenticated (Contributor+) SQL Injection Affected: *-1.4.01 Patched: Updated: June 30, 2026

LOW

3d-presentation

Score: 95/100 3D Presentation <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

ancient-world-linked-data-for-wordpress

Score: 95/100 Ancient World Linked Data <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2.1 Patched: Updated: June 30, 2026

LOW

allpost-contactform

Score: 95/100 All Post Contact Form <= 1.8.0 - Unauthenticated Arbitrary File Upload Affected: *-1.8.0 Patched: Updated: June 30, 2026

LOW

alley-elementor-widget

Score: 95/100 Alley Elementor Widget <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: Updated: June 30, 2026

LOW

advanced-cron-manager

Score: 97/100 Advanced Cron Manager – debug & control <= 2.5.6 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.5.6 Patched: 2.5.7 Updated: June 30, 2026

LOW

administrator-z

Score: 95/100 Administrator Z <= 2024.10.14 - Authenticated (Subscriber+) SQL Injection Affected: *-2024.10.14 Patched: 2024.10.21 Updated: June 30, 2026

LOW

black-widgets

Score: 91/100 Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-1.3.7 Patched: 1.3.8 Updated: June 30, 2026

LOW

arconix-shortcodes

Score: 95/100 Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode Affected: *-2.1.13 Patched: 2.1.14 Updated: June 30, 2026

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder – WordPress Page Builder <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget Affected: *-2.8.4.2 Patched: 2.8.4.3 Updated: June 30, 2026

LOW

affiliate-toolkit-starter

Score: 95/100 affiliate-toolkit <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode Affected: *-3.6.5 Patched: 3.6.6 Updated: June 30, 2026

LOW

bulk-role-change

Score: 91/100 Bulk Change Role <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

ar-for-woocommerce

Score: 97/100 AR For Woocommerce <= 6.2 - Unauthenticated Arbitrary File Upload Affected: *-6.2 Patched: 7.0 Updated: June 30, 2026

LOW

Message Bridge for Contact Form 7 and Telegram

cf7-telegram

Score: 99/100 Contact Form 7 + Telegram <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse Affected: *-0.8.5 Patched: 0.8.6 Updated: June 30, 2026

LOW

All-in-One WP Migration and Backup

all-in-one-wp-migration

Score: 94/100 All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection Affected: *-7.86 Patched: 7.87 Updated: June 30, 2026

LOW

cafe-lite

Score: 89/100 Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates Affected: *-2.2.1 Patched: Updated: June 30, 2026

LOW

bstone-demo-importer

Score: 91/100 Bstone Demo Importer <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

automatic-translation

Score: 91/100 Automatic Translation <= 1.0.4 - Unauthenticated Arbitrary File Upload Affected: *-1.0.4 Patched: Updated: June 30, 2026

LOW

ar-for-wordpress

Score: 95/100 AR For WordPress <= 6.6 - Unauthenticated Arbitrary File Upload Affected: *-6.6 Patched: 7.0 Updated: June 30, 2026

LOW

ajar-productions-in5-embed

Score: 95/100 Ajar in5 Embed <= 3.1.3 - Unauthenticated Arbitrary File Upload Affected: *-3.1.3 Patched: 3.1.4 Updated: June 30, 2026

LOW

advanced-online-ordering-and-delivery-platform

Score: 95/100 Advanced Online Ordering and Delivery Platform <= 2.0.0 - Unauthenticated Local File Inclusion Affected: *-2.0.0 Patched: Updated: June 30, 2026

LOW

acnoo-flutter-api

Score: 95/100 Acnoo Flutter API <= 1.0.5 - Authentication Bypass via Account Takeover Affected: *-1.0.5 Patched: Updated: June 30, 2026

LOW

bamazoo-button-generator

Score: 91/100 Bamazoo – Button Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dgs Shortcode Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

buddypress

Score: 93/100 BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal Affected: *-14.1.0 Patched: 14.2.1 Updated: June 30, 2026

LOW

church-admin

Score: 93/100 Church Admin < 5.0.0 - Reflected Cross-Site Scripting Affected: [*, 5.0.0) Patched: 5.0.0 Updated: June 30, 2026

LOW

cf7-conditional-fields

Score: 93/100 Conditional Fields for Contact Form 7 <= 2.4.15 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-2.4.15 Patched: 2.5 Updated: June 30, 2026

LOW

Buttonizer – Live Chat, AI Chatbot, Call, Chat, Contact Button

button-contact-vr

Score: 95/100 Button contact VR <= 4.7.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.7.9.1 Patched: 4.7.10 Updated: June 30, 2026

LOW

Breeze Cache

breeze

Score: 79/100 Breeze <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.14 Patched: 2.1.15 Updated: June 30, 2026

LOW

Breeze Cache

breeze

Score: 79/100 Breeze <= 2.1.14 - Missing Authorization Affected: *-2.1.14 Patched: 2.1.15 Updated: June 30, 2026

LOW

bold-page-builder

Score: 86/100 Bold Page Builder <= 5.1.3 - Missing Authorization Affected: *-5.1.3 Patched: 5.1.4 Updated: June 30, 2026

LOW

beek-widget-extention

Score: 91/100 Beek Widget Extention <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-0.9.5 Patched: Updated: June 30, 2026

LOW

beaver-builder-lite-version

Score: 93/100 Beaver Builder <= 2.8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.8.3.7 Patched: 2.8.3.9 Updated: June 30, 2026

LOW

astra-widgets

Score: 93/100 Astra Widgets <= 1.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.14 Patched: 1.2.15 Updated: June 30, 2026

LOW

app-builder

Score: 95/100 App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP Affected: *-5.3.7 Patched: 5.3.8 Updated: June 30, 2026

LOW

app-ads-txt

Score: 97/100 Ads.txt & App-ads.txt Manager for WordPress <= 1.1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.7.1 Patched: 1.1.8 Updated: June 30, 2026

LOW

amilia-store

Score: 95/100 Amilia Store <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.8 Patched: Updated: June 30, 2026

LOW

advanced-sermons

Score: 97/100 Advanced Sermons <= 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-3.4 Patched: 3.5 Updated: June 30, 2026

LOW

adirectory

Score: 97/100 aDirectory <= 1.3 - Unauthenticated Arbitrary File Upload Affected: *-1.3 Patched: 1.3.1 Updated: June 30, 2026

LOW

accelerated-mobile-pages

Score: 97/100 AMP for WP – Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery to Privilege Escalation Affected: *-1.0.99.1 Patched: 1.0.99.2 Updated: June 30, 2026

LOW

cf7-repeatable-fields

Score: 93/100 Contact Form 7 - Repeatable Fields <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via field_group Shortcode Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

adminify

Score: 97/100 WP Adminify – Best WordPress Custom Dashboard Plugin <= 4.0.1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Affected: *-4.0.1.6 Patched: 4.0.1.7 Updated: June 30, 2026

LOW

additional-product-fields-for-woocommerce

Score: 97/100 Extra Product Options Builder for WooCommerce <= 1.2.133 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.2.133 Patched: 1.2.134 Updated: June 30, 2026

LOW

3d-flipbook-dflip-lite

Score: 97/100 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting Affected: *-2.3.32 Patched: 2.3.42 Updated: June 30, 2026

LOW

anchor-episodes-index

Score: 97/100 Anchor Episodes Index (Spotify for Podcasters) <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor_episodes Shortcode Affected: *-2.1.10 Patched: 2.1.11 Updated: June 30, 2026

LOW

All-in-One WP Migration and Backup

all-in-one-wp-migration

Score: 94/100 All-in-One WP Migration and Backup <= 7.86 - Unauthenticated Information Disclosure via Error Logs Affected: *-7.86 Patched: 7.87 Updated: June 30, 2026

LOW

chatplusjp

Score: 91/100 chatplusjp <= 1.02 - Reflected Cross-Site Scripting Affected: *-1.02 Patched: Updated: June 30, 2026

LOW

campus-explorer-widget

Score: 91/100 Campus Explorer Widget <= 1.4 - Reflected Cross-Site Scripting Affected: *-1.4 Patched: Updated: June 30, 2026

LOW

bp-member-type-manager

Score: 91/100 BP Member Type Manager <= 1.01 - Reflected Cross-Site Scripting Affected: *-1.01 Patched: Updated: June 30, 2026

Showing 2301 to 2400 of 5292 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 00:45 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List