Plugin Score by Kitgenix

Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

88

With open vulnerabilities

Critical / High

0

Require immediate attention

Recently Updated

0

In the last 30 days

Vulnerability List

Export CSV
Vulnerability list with plugin score and patch status
PluginSlugScoreVulnerabilityCVE IDSeverityAffected VersionsPatchedUpdated
miniorange-saml-20-single-sign-on miniorange-saml-20-single-sign-on
93
 SAML SP Single Sign On <= 5.0.4 - Missing Authorization to notice dismissal LOW *-5.0.4 5.0.5 June 30, 2026
media-library-assistant media-library-assistant
93
 Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution LOW *-3.09 3.10 June 30, 2026
mailmunch mailmunch
93
 MailMunch – Grow your Email List <= 3.1.2 - Cross-Site Request Forgery LOW *-3.1.2 3.1.3 June 30, 2026
locations locations
91
 Locations <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-4.0 June 30, 2026
laposta-signup-embed laposta-signup-embed
93
 Laposta Signup Embed <= 1.1.0 - Missing Authorization LOW [*, 1.1.1) 1.1.1 June 30, 2026
laposta-signup-embed laposta-signup-embed
93
 Laposta Signup Embed <= 1.1.0 - Cross-Site Request Forgery LOW [*, 1.1.1) 1.1.1 June 30, 2026
laposta-signup-basic laposta-signup-basic
93
 Laposta Signup Basic <= 1.4.1 - Missing Authorization LOW *-1.4.1 1.4.2 June 30, 2026
laposta-signup-basic laposta-signup-basic
93
 Laposta Signup Basic <= 1.4.1 - Cross-Site Request Forgery LOW *-1.4.1 1.4.2 June 30, 2026
insert-estimated-reading-time insert-estimated-reading-time
91
 Insert Estimated Reading Time <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.2 June 30, 2026
ifolders ifolders
93
 iFolders <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.5.0 1.5.1 June 30, 2026
email-posts-to-subscribers email-posts-to-subscribers
87
 Email posts to subscribers <= 6.2 - Missing Authorization to Sensitive Information Exposure LOW *-6.2 June 30, 2026
email-posts-to-subscribers email-posts-to-subscribers
87
 Email posts to subscribers <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-6.2 June 30, 2026
easy-wp-cleaner easy-wp-cleaner
93
 Easy WP Cleaner <= 1.9 - Cross-Site Request Forgery LOW *-1.9 2.0 June 30, 2026
directorist directorist
93
 Directorist <= 7.7.1 - CSV Injection LOW *-7.7.1 7.7.2 June 30, 2026
cp-blocks cp-blocks
93
 CP Blocks <= 1.0.20 - Cross-Site Request Forgery to Settings Update LOW *-1.0.20 1.0.21 June 30, 2026
cookie-notice-consent cookie-notice-consent
93
 Cookie Notice & Consent 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.6.0 1.6.1 June 30, 2026
click-to-tweet click-to-tweet
87
 Click To Tweet <= 2.0.14 - Missing Authorization LOW *-2.0.14 June 30, 2026
click-to-tweet click-to-tweet
87
 Click To Tweet <= 2.0.14 - Reflected Cross-Site Scripting LOW *-2.0.14 June 30, 2026
Carousel Slider carousel-slider
95
 Carousel Slider <= 2.2.2 - Missing Authorization LOW *-2.2.2 2.2.3 June 30, 2026
bitpay-checkout-for-woocommerce bitpay-checkout-for-woocommerce
93
 BitPay Checkout for WooCommerce <= 4.1.0 - Missing Authorization LOW *-4.1.0 5.0.0 June 30, 2026
Backup Migration backup-backup
61
 Backup Migration <= 1.2.9 - Cross-Site Request Forgery LOW [*, 1.3.0) 1.3.0 June 30, 2026
back-to-the-top-button back-to-the-top-button
93
 Back To The Top Button <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.1.6 2.1.7 June 30, 2026
automatic-youtube-gallery automatic-youtube-gallery
93
 Automatic YouTube Gallery <= 2.3.3 - Missing Authorization via AJAX actions LOW *-2.3.3 2.3.5 June 30, 2026
astra-sites astra-sites
93
 Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-3.2.4 3.2.5 June 30, 2026
astra-sites astra-sites
93
 Starter Templates <= 3.2.5 - Incorrect Authorization LOW *-3.2.5 3.2.6 June 30, 2026
astra-pro-sites astra-pro-sites
93
 Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery LOW *-3.2.4 3.2.5 June 30, 2026
astra-pro-sites astra-pro-sites
93
 Starter Templates <= 3.2.5 - Incorrect Authorization LOW *-3.2.5 3.2.6 June 30, 2026
another-wordpress-classifieds-plugin another-wordpress-classifieds-plugin
97
 AWP Classifieds <= 4.3 - Cross-Site Request Forgery LOW *-4.3 4.3.1 June 30, 2026
amazon-auto-links amazon-auto-links
95
 Auto Amazon Links <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via style LOW *-5.3.1 5.3.2 June 30, 2026
acymailing acymailing
97
 AcyMailing SMTP Newsletter <= 8.6.2 - Reflected Cross-Site Scripting LOW *-8.6.2 8.6.3 June 30, 2026
wrc-pricing-tables wrc-pricing-tables N/A WRC Pricing Tables <= 2.3.7 - Missing Authorization LOW *-2.3.7 2.3.8 June 30, 2026
wp-dtree-30 wp-dtree-30 N/A WP-dTree <= 4.4.5 - Cross-Site Request Forgery LOW *-4.4.5 June 30, 2026
wp-admin-notification-center wp-admin-notification-center N/A Hide admin notices – Admin Notification Center <= 2.3.2 - Cross-Site Request Forgery LOW *-2.3.2 2.3.3 June 30, 2026
wiser-notify wiser-notify N/A WiserNotify Social Proof <= 2.5 - Missing Authorization LOW *-2.5 2.6 June 30, 2026
wedevs-project-manager wedevs-project-manager N/A WP Project Manager <= 2.6.0 - Authenticated (Subscriber+) SQL Injection LOW *-2.6.0 2.6.1 June 30, 2026
wc-support-system wc-support-system N/A Woocommerce Support System <= 1.2.2 - Missing Authorization LOW *-1.2.2 1.2.3 June 30, 2026
wc-support-system wc-support-system N/A Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby' LOW *-1.2.1 1.2.2 June 30, 2026
userfeedback-lite userfeedback-lite N/A User Feedback <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting LOW *-1.0.7 1.0.8 June 30, 2026
File Sharing & Download Manager – User Private Files user-private-files
96
 WordPress File Sharing Plugin <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting LOW *-2.0.3 2.0.4 June 30, 2026
use-memcached use-memcached N/A Use Memcached <= 1.0.5 - Cross-Site Request Forgery LOW *-1.0.5 June 30, 2026
tilda-publishing tilda-publishing N/A Tilda Publishing <= 0.3.23 - Missing Authorization LOW *-0.3.23 0.3.24 June 30, 2026
telsender telsender N/A TelSender <= 1.14.11 - Missing Authorization LOW *-1.14.11 1.14.12 June 30, 2026
stock-quotes-list stock-quotes-list N/A Stock Quotes List <= 2.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.9.11 2.9.12 June 30, 2026
sis-handball sis-handball N/A SIS Handball <= 1.0.45 - Cross-Site Request Forgery LOW *-1.0.45 June 30, 2026
realbig-media realbig-media N/A Realbig <= 1.0.6 - Cross-Site Request Forgery LOW *-1.0.6 1.0.7 June 30, 2026
mycryptocheckout mycryptocheckout N/A MyCryptoCheckout <= 2.125 - Cross-Site Request Forgery LOW *-2.125 2.126 June 30, 2026
live-news-lite live-news-lite
93
 Live News <= 1.06 - Cross-Site Request Forgery LOW *-1.06 1.07 June 30, 2026
leadster-marketing-conversacional leadster-marketing-conversacional
93
 Leadster <= 1.1.2 - Cross-Site Request Forgery LOW *-1.1.2 1.1.3 June 30, 2026
goods-catalog goods-catalog
91
 Goods Catalog <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting LOW *-2.4.1 June 30, 2026
export-import-menus export-import-menus
93
 Export Import Menus <= 1.8.0 - Authenticated (Subscriber+) Arbitrary File Upload LOW *-1.8.0 1.9.0 June 30, 2026
bulk-noindex-nofollow-toolkit-by-mad-fish bulk-noindex-nofollow-toolkit-by-mad-fish
93
 Bulk NoIndex & NoFollow Toolkit <= 1.5 - Missing Authorization LOW *-1.5 1.51 June 30, 2026
buddypress-media buddypress-media
93
 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization to Settings Update LOW [*, 4.6.15) 4.6.15 June 30, 2026
buddypress-media buddypress-media
93
 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization to Sensitive Information Exposure LOW [*, 4.6.15) 4.6.15 June 30, 2026
all-in-one-b2b-for-woocommerce all-in-one-b2b-for-woocommerce
95
 All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation LOW *-1.0.3 June 30, 2026
all-in-one-b2b-for-woocommerce all-in-one-b2b-for-woocommerce
95
 All in One B2B for WooCommerce <= 1.0.3 - Cross-Site Request Forgery LOW *-1.0.3 June 30, 2026
FileOrganizer – WordPress File Manager fileorganizer
76
 FileOrganizer <= 1.0.3 - Authenticated (Admin+) Arbitrary File Access LOW *-1.0.3 1.0.4 June 30, 2026
wpsynchro wpsynchro N/A WP Migration Plugin DB & Files – WP Synchro <= 1.9.1 - Cross-Site Request Forgery LOW *-1.9.1 1.10.0 June 30, 2026
wp-dtree-30 wp-dtree-30 N/A WP-dTree <= 4.4.5 - Reflected Cross-Site Scripting LOW *-4.4.5 June 30, 2026
wp-bannerize-pro wp-bannerize-pro N/A WP Bannerize Pro <= 1.6.9 - Reflected Cross-Site Scripting LOW *-1.6.9 1.7.0 June 30, 2026
surferseo surferseo N/A Surfer <= 1.3.2.357 - Missing Authorization LOW *-1.3.2.357 1.3.3.379 June 30, 2026
smarty-for-wordpress smarty-for-wordpress N/A Smarty for WordPress <= 3.1.35 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-3.1.35 June 30, 2026
sermone-online-sermons-management sermone-online-sermons-management N/A Sermon'e – Sermons Online <= 1.0.0 - Reflected Cross-Site Scripting LOW *-1.0.0 June 30, 2026
rsvpmaker rsvpmaker N/A RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection LOW *-10.6.6 10.6.7 June 30, 2026
responsive-gallery-grid responsive-gallery-grid N/A Responsive Gallery Grid <= 2.3.13 - Cross-Site Request Forgery LOW *-2.3.13 2.3.14 June 30, 2026
removehide-author-date-category-like-entry-meta removehide-author-date-category-like-entry-meta N/A Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Cross-Site Request Forgery LOW *-2.1 June 30, 2026
ovic-product-bundle ovic-product-bundle N/A Ovic Product Bundle <= 1.1.2 - Missing Authorization LOW *-1.1.2 June 30, 2026
multi-column-tag-map multi-column-tag-map N/A Multi-column Tag Map <= 17.0.26 - Cross-Site Request Forgery LOW *-17.0.26 17.0.27 June 30, 2026
login-and-logout-redirect login-and-logout-redirect
91
 Login and Logout Redirect <= 2.0.2 - Open Redirect LOW *-2.0.2 June 30, 2026
holler-box holler-box
93
 HollerBox <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.3.2 2.3.3 June 30, 2026
font-awesome-4-menus font-awesome-4-menus
89
 Font Awesome 4 Menus <= 4.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-4.7.0 June 30, 2026
easy-newsletter-signups easy-newsletter-signups
89
 Easy Newsletter Signups <= 1.0.4 - Missing Authorization LOW *-1.0.4 June 30, 2026
better-elementor-addons better-elementor-addons
93
 Better Elementor Addons <= 1.3.8 - Missing Authorization LOW *-1.3.8 1.3.9 June 30, 2026
authldap authldap
93
 authLdap <= 2.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-2.6.1 2.6.2 June 30, 2026
authldap authldap
93
 authLdap <= 2.5.8 - Cross-Site Request Forgery LOW *-2.5.8 2.5.9 June 30, 2026
aryo-activity-log aryo-activity-log
97
 Activity Log <= 2.8.7 - IP Address Spoofing LOW *-2.8.7 2.8.8 June 30, 2026
give give
93
 Give - Donation Plugin <= 2.33.0 - Authenticated(Give Manager+) Privilege Escalation LOW [*, 2.33.1) 2.33.1 June 30, 2026
wp-job-portal wp-job-portal N/A WP Job Portal <= 2.0.5 - Unauthenticated SQL Injection LOW *-2.0.5 2.0.6 June 30, 2026
simple-301-redirects simple-301-redirects N/A Simple 301 Redirects <= 2.0.7 - Cross-Site Request Forgery via 'clicked' LOW [*, 2.0.8) 2.0.8 June 30, 2026
metform metform
93
 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode LOW *-3.3.1 3.3.2 June 30, 2026
all-in-one-wp-migration-onedrive-extension all-in-one-wp-migration-onedrive-extension
97
 Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update LOW *-1.66 1.67 June 30, 2026
all-in-one-wp-migration-gdrive-extension all-in-one-wp-migration-gdrive-extension
97
 Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update LOW *-2.79 2.80 June 30, 2026
all-in-one-wp-migration-dropbox-extension all-in-one-wp-migration-dropbox-extension
97
 Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update LOW *-3.75 3.76 June 30, 2026
all-in-one-wp-migration-box-extension all-in-one-wp-migration-box-extension
97
 Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update LOW *-1.53 1.54 June 30, 2026
ultimate-social-media-icons ultimate-social-media-icons N/A Social Media & Share Icons <= 2.8.3 - Reflected Cross-Site Scripting LOW *-2.8.3 2.8.4 June 30, 2026
surecart surecart N/A SureCart <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings LOW *-2.5.0 2.5.1 June 30, 2026
snap-pixel snap-pixel N/A Snap Pixel <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting LOW *-1.5.7 1.5.8 June 30, 2026
Site Reviews site-reviews N/A Site Reviews <= 6.10.2 - Missing Authorization LOW [*, 6.10.3) 6.10.3 June 30, 2026
pricing-deals-for-woocommerce pricing-deals-for-woocommerce N/A Pricing Deals for WooCommerce <= 2.0.3.2 - Missing Authorization via vtprd_ajax_clone_rule LOW *-2.0.3.2 June 30, 2026
powerpress powerpress N/A PowerPress <= 11.0.6 - Authenticated (Contributor+) Server-Side Request Forgery via wp_ajax_powerpress_media_info LOW *-11.0.6 11.0.7 June 30, 2026
localize-remote-images localize-remote-images
91
 Localize Remote Images <= 1.0.9 - Cross-Site Request Forgery via admin menu LOW *-1.0.9 June 30, 2026
happy-elementor-addons-pro happy-elementor-addons-pro
93
 Happy Elementor Addons Pro <= 2.8.0 - Reflected Cross-Site Scripting LOW *-2.8.0 2.8.1 June 30, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder forminator
92
 Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload LOW *-1.24.6 1.25.0 June 30, 2026
Email Encoder – Protect Email Addresses and Phone Numbers email-encoder-bundle
91
 Email Encoder <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode LOW *-2.1.8 2.1.9 June 30, 2026
ditty-news-ticker ditty-news-ticker
93
 Ditty <= 3.1.24 - Reflected Cross-Site Scripting LOW [*, 3.1.25) 3.1.25 June 30, 2026
bridge-core bridge-core
93
 Bridge Core <= 3.0.9 - Reflected Cross-Site Scripting LOW *-3.0.9 3.1.0 June 30, 2026
ays-popup-box ays-popup-box
93
 Popup Box <= 3.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting LOW [*, 3.7.2) 3.7.2 June 30, 2026
affiliate-wp affiliate-wp
97
 AffiliateWP <= 2.14.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation LOW 2.14.0 2.14.1 June 30, 2026
wp-users-media wp-users-media N/A WP Users Media <= 4.2.3 - Cross-Site Request Forgery in wpusme_save_settings LOW *-4.2.3 June 30, 2026
wp-users-media wp-users-media N/A WP Users Media <= 4.2.3 - Missing Authorization via wpusme_save_settings LOW *-4.2.3 June 30, 2026
wp-super-minify wp-super-minify N/A WP Super Minify <= 1.5.1 - Cross-Site Request Forgery via 'wpsmy_admin_options' LOW *-1.5.1 1.6 June 30, 2026
LOW

miniorange-saml-20-single-sign-on

miniorange-saml-20-single-sign-on

Score: 93/100 SAML SP Single Sign On <= 5.0.4 - Missing Authorization to notice dismissal Affected: *-5.0.4 Patched: 5.0.5 Updated: June 30, 2026
LOW

media-library-assistant

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution Affected: *-3.09 Patched: 3.10 Updated: June 30, 2026
LOW

mailmunch

mailmunch

Score: 93/100 MailMunch – Grow your Email List <= 3.1.2 - Cross-Site Request Forgery Affected: *-3.1.2 Patched: 3.1.3 Updated: June 30, 2026
LOW

locations

locations

Score: 91/100 Locations <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.0 Patched: Updated: June 30, 2026
LOW

laposta-signup-embed

laposta-signup-embed

Score: 93/100 Laposta Signup Embed <= 1.1.0 - Missing Authorization Affected: [*, 1.1.1) Patched: 1.1.1 Updated: June 30, 2026
LOW

laposta-signup-embed

laposta-signup-embed

Score: 93/100 Laposta Signup Embed <= 1.1.0 - Cross-Site Request Forgery Affected: [*, 1.1.1) Patched: 1.1.1 Updated: June 30, 2026
LOW

laposta-signup-basic

laposta-signup-basic

Score: 93/100 Laposta Signup Basic <= 1.4.1 - Missing Authorization Affected: *-1.4.1 Patched: 1.4.2 Updated: June 30, 2026
LOW

laposta-signup-basic

laposta-signup-basic

Score: 93/100 Laposta Signup Basic <= 1.4.1 - Cross-Site Request Forgery Affected: *-1.4.1 Patched: 1.4.2 Updated: June 30, 2026
LOW

insert-estimated-reading-time

insert-estimated-reading-time

Score: 91/100 Insert Estimated Reading Time <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026
LOW

ifolders

ifolders

Score: 93/100 iFolders <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.0 Patched: 1.5.1 Updated: June 30, 2026
LOW

email-posts-to-subscribers

email-posts-to-subscribers

Score: 87/100 Email posts to subscribers <= 6.2 - Missing Authorization to Sensitive Information Exposure Affected: *-6.2 Patched: Updated: June 30, 2026
LOW

email-posts-to-subscribers

email-posts-to-subscribers

Score: 87/100 Email posts to subscribers <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-6.2 Patched: Updated: June 30, 2026
LOW

easy-wp-cleaner

easy-wp-cleaner

Score: 93/100 Easy WP Cleaner <= 1.9 - Cross-Site Request Forgery Affected: *-1.9 Patched: 2.0 Updated: June 30, 2026
LOW

directorist

directorist

Score: 93/100 Directorist <= 7.7.1 - CSV Injection Affected: *-7.7.1 Patched: 7.7.2 Updated: June 30, 2026
LOW

cp-blocks

cp-blocks

Score: 93/100 CP Blocks <= 1.0.20 - Cross-Site Request Forgery to Settings Update Affected: *-1.0.20 Patched: 1.0.21 Updated: June 30, 2026
LOW

cookie-notice-consent

cookie-notice-consent

Score: 93/100 Cookie Notice & Consent 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.6.0 Patched: 1.6.1 Updated: June 30, 2026
LOW

click-to-tweet

click-to-tweet

Score: 87/100 Click To Tweet <= 2.0.14 - Missing Authorization Affected: *-2.0.14 Patched: Updated: June 30, 2026
LOW

click-to-tweet

click-to-tweet

Score: 87/100 Click To Tweet <= 2.0.14 - Reflected Cross-Site Scripting Affected: *-2.0.14 Patched: Updated: June 30, 2026
LOW

Carousel Slider

carousel-slider

Score: 95/100 Carousel Slider <= 2.2.2 - Missing Authorization Affected: *-2.2.2 Patched: 2.2.3 Updated: June 30, 2026
LOW

bitpay-checkout-for-woocommerce

bitpay-checkout-for-woocommerce

Score: 93/100 BitPay Checkout for WooCommerce <= 4.1.0 - Missing Authorization Affected: *-4.1.0 Patched: 5.0.0 Updated: June 30, 2026
LOW

Backup Migration

backup-backup

Score: 61/100 Backup Migration <= 1.2.9 - Cross-Site Request Forgery Affected: [*, 1.3.0) Patched: 1.3.0 Updated: June 30, 2026
LOW

back-to-the-top-button

back-to-the-top-button

Score: 93/100 Back To The Top Button <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.1.6 Patched: 2.1.7 Updated: June 30, 2026
LOW

automatic-youtube-gallery

automatic-youtube-gallery

Score: 93/100 Automatic YouTube Gallery <= 2.3.3 - Missing Authorization via AJAX actions Affected: *-2.3.3 Patched: 2.3.5 Updated: June 30, 2026
LOW

astra-sites

astra-sites

Score: 93/100 Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-3.2.4 Patched: 3.2.5 Updated: June 30, 2026
LOW

astra-sites

astra-sites

Score: 93/100 Starter Templates <= 3.2.5 - Incorrect Authorization Affected: *-3.2.5 Patched: 3.2.6 Updated: June 30, 2026
LOW

astra-pro-sites

astra-pro-sites

Score: 93/100 Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery Affected: *-3.2.4 Patched: 3.2.5 Updated: June 30, 2026
LOW

astra-pro-sites

astra-pro-sites

Score: 93/100 Starter Templates <= 3.2.5 - Incorrect Authorization Affected: *-3.2.5 Patched: 3.2.6 Updated: June 30, 2026
LOW

another-wordpress-classifieds-plugin

another-wordpress-classifieds-plugin

Score: 97/100 AWP Classifieds <= 4.3 - Cross-Site Request Forgery Affected: *-4.3 Patched: 4.3.1 Updated: June 30, 2026
LOW

amazon-auto-links

amazon-auto-links

Score: 95/100 Auto Amazon Links <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via style Affected: *-5.3.1 Patched: 5.3.2 Updated: June 30, 2026
LOW

acymailing

acymailing

Score: 97/100 AcyMailing SMTP Newsletter <= 8.6.2 - Reflected Cross-Site Scripting Affected: *-8.6.2 Patched: 8.6.3 Updated: June 30, 2026
LOW

wrc-pricing-tables

wrc-pricing-tables

Score: N/A WRC Pricing Tables <= 2.3.7 - Missing Authorization Affected: *-2.3.7 Patched: 2.3.8 Updated: June 30, 2026
LOW

wp-dtree-30

wp-dtree-30

Score: N/A WP-dTree <= 4.4.5 - Cross-Site Request Forgery Affected: *-4.4.5 Patched: Updated: June 30, 2026
LOW

wp-admin-notification-center

wp-admin-notification-center

Score: N/A Hide admin notices – Admin Notification Center <= 2.3.2 - Cross-Site Request Forgery Affected: *-2.3.2 Patched: 2.3.3 Updated: June 30, 2026
LOW

wiser-notify

wiser-notify

Score: N/A WiserNotify Social Proof <= 2.5 - Missing Authorization Affected: *-2.5 Patched: 2.6 Updated: June 30, 2026
LOW

wedevs-project-manager

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.0 - Authenticated (Subscriber+) SQL Injection Affected: *-2.6.0 Patched: 2.6.1 Updated: June 30, 2026
LOW

wc-support-system

wc-support-system

Score: N/A Woocommerce Support System <= 1.2.2 - Missing Authorization Affected: *-1.2.2 Patched: 1.2.3 Updated: June 30, 2026
LOW

wc-support-system

wc-support-system

Score: N/A Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026
LOW

userfeedback-lite

userfeedback-lite

Score: N/A User Feedback <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026
LOW

use-memcached

use-memcached

Score: N/A Use Memcached <= 1.0.5 - Cross-Site Request Forgery Affected: *-1.0.5 Patched: Updated: June 30, 2026
LOW

tilda-publishing

tilda-publishing

Score: N/A Tilda Publishing <= 0.3.23 - Missing Authorization Affected: *-0.3.23 Patched: 0.3.24 Updated: June 30, 2026
LOW

telsender

telsender

Score: N/A TelSender <= 1.14.11 - Missing Authorization Affected: *-1.14.11 Patched: 1.14.12 Updated: June 30, 2026
LOW

stock-quotes-list

stock-quotes-list

Score: N/A Stock Quotes List <= 2.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.9.11 Patched: 2.9.12 Updated: June 30, 2026
LOW

sis-handball

sis-handball

Score: N/A SIS Handball <= 1.0.45 - Cross-Site Request Forgery Affected: *-1.0.45 Patched: Updated: June 30, 2026
LOW

realbig-media

realbig-media

Score: N/A Realbig <= 1.0.6 - Cross-Site Request Forgery Affected: *-1.0.6 Patched: 1.0.7 Updated: June 30, 2026
LOW

mycryptocheckout

mycryptocheckout

Score: N/A MyCryptoCheckout <= 2.125 - Cross-Site Request Forgery Affected: *-2.125 Patched: 2.126 Updated: June 30, 2026
LOW

live-news-lite

live-news-lite

Score: 93/100 Live News <= 1.06 - Cross-Site Request Forgery Affected: *-1.06 Patched: 1.07 Updated: June 30, 2026
LOW

leadster-marketing-conversacional

leadster-marketing-conversacional

Score: 93/100 Leadster <= 1.1.2 - Cross-Site Request Forgery Affected: *-1.1.2 Patched: 1.1.3 Updated: June 30, 2026
LOW

goods-catalog

goods-catalog

Score: 91/100 Goods Catalog <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.4.1 Patched: Updated: June 30, 2026
LOW

export-import-menus

export-import-menus

Score: 93/100 Export Import Menus <= 1.8.0 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-1.8.0 Patched: 1.9.0 Updated: June 30, 2026
LOW

bulk-noindex-nofollow-toolkit-by-mad-fish

bulk-noindex-nofollow-toolkit-by-mad-fish

Score: 93/100 Bulk NoIndex & NoFollow Toolkit <= 1.5 - Missing Authorization Affected: *-1.5 Patched: 1.51 Updated: June 30, 2026
LOW

buddypress-media

buddypress-media

Score: 93/100 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization to Settings Update Affected: [*, 4.6.15) Patched: 4.6.15 Updated: June 30, 2026
LOW

buddypress-media

buddypress-media

Score: 93/100 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization to Sensitive Information Exposure Affected: [*, 4.6.15) Patched: 4.6.15 Updated: June 30, 2026
LOW

all-in-one-b2b-for-woocommerce

all-in-one-b2b-for-woocommerce

Score: 95/100 All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation Affected: *-1.0.3 Patched: Updated: June 30, 2026
LOW

all-in-one-b2b-for-woocommerce

all-in-one-b2b-for-woocommerce

Score: 95/100 All in One B2B for WooCommerce <= 1.0.3 - Cross-Site Request Forgery Affected: *-1.0.3 Patched: Updated: June 30, 2026
LOW

FileOrganizer – WordPress File Manager

fileorganizer

Score: 76/100 FileOrganizer <= 1.0.3 - Authenticated (Admin+) Arbitrary File Access Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026
LOW

wpsynchro

wpsynchro

Score: N/A WP Migration Plugin DB & Files – WP Synchro <= 1.9.1 - Cross-Site Request Forgery Affected: *-1.9.1 Patched: 1.10.0 Updated: June 30, 2026
LOW

wp-dtree-30

wp-dtree-30

Score: N/A WP-dTree <= 4.4.5 - Reflected Cross-Site Scripting Affected: *-4.4.5 Patched: Updated: June 30, 2026
LOW

wp-bannerize-pro

wp-bannerize-pro

Score: N/A WP Bannerize Pro <= 1.6.9 - Reflected Cross-Site Scripting Affected: *-1.6.9 Patched: 1.7.0 Updated: June 30, 2026
LOW

surferseo

surferseo

Score: N/A Surfer <= 1.3.2.357 - Missing Authorization Affected: *-1.3.2.357 Patched: 1.3.3.379 Updated: June 30, 2026
LOW

smarty-for-wordpress

smarty-for-wordpress

Score: N/A Smarty for WordPress <= 3.1.35 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.1.35 Patched: Updated: June 30, 2026
LOW

sermone-online-sermons-management

sermone-online-sermons-management

Score: N/A Sermon'e – Sermons Online <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: Updated: June 30, 2026
LOW

rsvpmaker

rsvpmaker

Score: N/A RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection Affected: *-10.6.6 Patched: 10.6.7 Updated: June 30, 2026
LOW

responsive-gallery-grid

responsive-gallery-grid

Score: N/A Responsive Gallery Grid <= 2.3.13 - Cross-Site Request Forgery Affected: *-2.3.13 Patched: 2.3.14 Updated: June 30, 2026
LOW

removehide-author-date-category-like-entry-meta

removehide-author-date-category-like-entry-meta

Score: N/A Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: Updated: June 30, 2026
LOW

ovic-product-bundle

ovic-product-bundle

Score: N/A Ovic Product Bundle <= 1.1.2 - Missing Authorization Affected: *-1.1.2 Patched: Updated: June 30, 2026
LOW

multi-column-tag-map

multi-column-tag-map

Score: N/A Multi-column Tag Map <= 17.0.26 - Cross-Site Request Forgery Affected: *-17.0.26 Patched: 17.0.27 Updated: June 30, 2026
LOW

login-and-logout-redirect

login-and-logout-redirect

Score: 91/100 Login and Logout Redirect <= 2.0.2 - Open Redirect Affected: *-2.0.2 Patched: Updated: June 30, 2026
LOW

holler-box

holler-box

Score: 93/100 HollerBox <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.2 Patched: 2.3.3 Updated: June 30, 2026
LOW

font-awesome-4-menus

font-awesome-4-menus

Score: 89/100 Font Awesome 4 Menus <= 4.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-4.7.0 Patched: Updated: June 30, 2026
LOW

easy-newsletter-signups

easy-newsletter-signups

Score: 89/100 Easy Newsletter Signups <= 1.0.4 - Missing Authorization Affected: *-1.0.4 Patched: Updated: June 30, 2026
LOW

better-elementor-addons

better-elementor-addons

Score: 93/100 Better Elementor Addons <= 1.3.8 - Missing Authorization Affected: *-1.3.8 Patched: 1.3.9 Updated: June 30, 2026
LOW

authldap

authldap

Score: 93/100 authLdap <= 2.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.6.1 Patched: 2.6.2 Updated: June 30, 2026
LOW

authldap

authldap

Score: 93/100 authLdap <= 2.5.8 - Cross-Site Request Forgery Affected: *-2.5.8 Patched: 2.5.9 Updated: June 30, 2026
LOW

aryo-activity-log

aryo-activity-log

Score: 97/100 Activity Log <= 2.8.7 - IP Address Spoofing Affected: *-2.8.7 Patched: 2.8.8 Updated: June 30, 2026
LOW

give

give

Score: 93/100 Give - Donation Plugin <= 2.33.0 - Authenticated(Give Manager+) Privilege Escalation Affected: [*, 2.33.1) Patched: 2.33.1 Updated: June 30, 2026
LOW

wp-job-portal

wp-job-portal

Score: N/A WP Job Portal <= 2.0.5 - Unauthenticated SQL Injection Affected: *-2.0.5 Patched: 2.0.6 Updated: June 30, 2026
LOW

simple-301-redirects

simple-301-redirects

Score: N/A Simple 301 Redirects <= 2.0.7 - Cross-Site Request Forgery via 'clicked' Affected: [*, 2.0.8) Patched: 2.0.8 Updated: June 30, 2026
LOW

metform

metform

Score: 93/100 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode Affected: *-3.3.1 Patched: 3.3.2 Updated: June 30, 2026
LOW

all-in-one-wp-migration-onedrive-extension

all-in-one-wp-migration-onedrive-extension

Score: 97/100 Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update Affected: *-1.66 Patched: 1.67 Updated: June 30, 2026
LOW

all-in-one-wp-migration-gdrive-extension

all-in-one-wp-migration-gdrive-extension

Score: 97/100 Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update Affected: *-2.79 Patched: 2.80 Updated: June 30, 2026
LOW

all-in-one-wp-migration-dropbox-extension

all-in-one-wp-migration-dropbox-extension

Score: 97/100 Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update Affected: *-3.75 Patched: 3.76 Updated: June 30, 2026
LOW

all-in-one-wp-migration-box-extension

all-in-one-wp-migration-box-extension

Score: 97/100 Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update Affected: *-1.53 Patched: 1.54 Updated: June 30, 2026
LOW

ultimate-social-media-icons

ultimate-social-media-icons

Score: N/A Social Media & Share Icons <= 2.8.3 - Reflected Cross-Site Scripting Affected: *-2.8.3 Patched: 2.8.4 Updated: June 30, 2026
LOW

surecart

surecart

Score: N/A SureCart <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-2.5.0 Patched: 2.5.1 Updated: June 30, 2026
LOW

snap-pixel

snap-pixel

Score: N/A Snap Pixel <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.7 Patched: 1.5.8 Updated: June 30, 2026
LOW

Site Reviews

site-reviews

Score: N/A Site Reviews <= 6.10.2 - Missing Authorization Affected: [*, 6.10.3) Patched: 6.10.3 Updated: June 30, 2026
LOW

pricing-deals-for-woocommerce

pricing-deals-for-woocommerce

Score: N/A Pricing Deals for WooCommerce <= 2.0.3.2 - Missing Authorization via vtprd_ajax_clone_rule Affected: *-2.0.3.2 Patched: Updated: June 30, 2026
LOW

powerpress

powerpress

Score: N/A PowerPress <= 11.0.6 - Authenticated (Contributor+) Server-Side Request Forgery via wp_ajax_powerpress_media_info Affected: *-11.0.6 Patched: 11.0.7 Updated: June 30, 2026
LOW

localize-remote-images

localize-remote-images

Score: 91/100 Localize Remote Images <= 1.0.9 - Cross-Site Request Forgery via admin menu Affected: *-1.0.9 Patched: Updated: June 30, 2026
LOW

happy-elementor-addons-pro

happy-elementor-addons-pro

Score: 93/100 Happy Elementor Addons Pro <= 2.8.0 - Reflected Cross-Site Scripting Affected: *-2.8.0 Patched: 2.8.1 Updated: June 30, 2026
LOW

ditty-news-ticker

ditty-news-ticker

Score: 93/100 Ditty <= 3.1.24 - Reflected Cross-Site Scripting Affected: [*, 3.1.25) Patched: 3.1.25 Updated: June 30, 2026
LOW

bridge-core

bridge-core

Score: 93/100 Bridge Core <= 3.0.9 - Reflected Cross-Site Scripting Affected: *-3.0.9 Patched: 3.1.0 Updated: June 30, 2026
LOW

ays-popup-box

ays-popup-box

Score: 93/100 Popup Box <= 3.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: [*, 3.7.2) Patched: 3.7.2 Updated: June 30, 2026
LOW

affiliate-wp

affiliate-wp

Score: 97/100 AffiliateWP <= 2.14.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation Affected: 2.14.0 Patched: 2.14.1 Updated: June 30, 2026
LOW

wp-users-media

wp-users-media

Score: N/A WP Users Media <= 4.2.3 - Cross-Site Request Forgery in wpusme_save_settings Affected: *-4.2.3 Patched: Updated: June 30, 2026
LOW

wp-users-media

wp-users-media

Score: N/A WP Users Media <= 4.2.3 - Missing Authorization via wpusme_save_settings Affected: *-4.2.3 Patched: Updated: June 30, 2026
LOW

wp-super-minify

wp-super-minify

Score: N/A WP Super Minify <= 1.5.1 - Cross-Site Request Forgery via 'wpsmy_admin_options' Affected: *-1.5.1 Patched: 1.6 Updated: June 30, 2026

Showing 23901 to 24000 of 36283 results

Download: CSV JSON
Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 11:05 UTC.