Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
SlimStat Analytics	wp-slimstat	N/A	Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-5.0.9	5.0.10	June 30, 2026
Ultra Addons for Contact Form 7	ultimate-addons-for-contact-form-7	70	Ultimate Addons for Contact Form 7 <= 3.1.0 - Reflected Cross-Site Scripting via 'page'	LOW	*-3.1.0	3.1.2	June 30, 2026
social-share-boost	social-share-boost	N/A	Social Share Boost <= 4.5 - Cross-Site Request Forgery via 'syntatical_settings_content'	LOW	*-4.5		June 30, 2026
sitekit	sitekit	N/A	Sitekit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe' shortcode	LOW	*-1.4	1.5	June 30, 2026
sitekit	sitekit	N/A	Sitekit <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe ' shortcode	LOW	*-1.3	1.4	June 30, 2026
search-analytics	search-analytics	N/A	WP Search Analytics <= 1.4.7 - Reflected Cross-Site Scripting via 'render_stats_page'	LOW	*-1.4.7	1.4.8	June 30, 2026
prevent-file-access	prevent-file-access	N/A	Prevent files / folders access <= 2.5.1 - Authenticated (Administrator+) Arbitrary File Upload in mo_media_restrict_page	LOW	*-2.5.1	2.5.2	June 30, 2026
popup-builder	popup-builder	N/A	Popup Builder <= 4.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-4.2.1	4.2.2	June 30, 2026
order-tracking	order-tracking	N/A	Order Tracking Pro <= 3.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.3.6	3.3.7	June 30, 2026
order-tracking	order-tracking	N/A	Order Tracking Pro <= 3.3.6 - Reflected Cross-Site Scripting	LOW	*-3.3.6	3.3.7	June 30, 2026
olive-one-click-demo-import	olive-one-click-demo-import	N/A	Olive One Click Demo Import <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload in olive_one_click_demo_import_save_file	LOW	*-1.1.2		June 30, 2026
mts-url-shortener	mts-url-shortener	N/A	URL Shortener by MyThemeShop <= 1.0.17 - Reflected Cross-Site Scripting via 'page'	LOW	*-1.0.17		June 30, 2026
makestories-helper	makestories-helper	91	MakeStories (for Google Web Stories) <= 3.0.2 - Cross-Site Request Forgery via 'ms_set_options'	LOW	*-3.0.2	3.0.3	June 30, 2026
maintenance-switch	maintenance-switch	91	Maintenance Switch <= 1.5.2 - Cross-Site Request Forgery via 'admin_action_request'	LOW	*-1.5.2		June 30, 2026
luckywp-scripts-control	luckywp-scripts-control	93	LuckyWP Scripts Control <= 1.2.1 - Cross-Site Request Forgery	LOW	*-1.2.1	1.2.2	June 30, 2026
locatoraid	locatoraid	91	Locatoraid Store Locator <= 3.9.23 - Reflected Cross-Site Scripting	LOW	*-3.9.23	3.9.24	June 30, 2026
import-xml-feed	import-xml-feed	93	Import XML and RSS Feeds <= 2.1.4 - Unauthenticated Remote Code Execution	LOW	*-2.1.4	2.1.5	June 30, 2026
import-xml-feed	import-xml-feed	93	Import XML and RSS Feeds <= 2.1.3 - Authenticated (Admin+) Arbitrary File Upload	LOW	*-2.1.3	2.1.4	June 30, 2026
guruwalk-affiliates	guruwalk-affiliates	91	GuruWalk Affiliates <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.0.0		June 30, 2026
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager	folders	86	Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload	LOW	*-2.9.2	2.9.3	June 30, 2026
easy-coming-soon	easy-coming-soon	91	Easy Coming Soon <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-2.3		June 30, 2026
dologin	dologin	93	DoLogin Security <= 3.6 - Unauthenticated Stored Cross-Site Scripting	LOW	*-3.6	3.7	June 30, 2026
Kadence Central – Site Management, Backups, Security, and Reporting	ithemes-sync	82	iThemes Sync <= 2.1.13 - Cross-Site Request Forgery and Missing Authorization via 'hide_authenticate_notice'	LOW	[*, 2.1.14)	2.1.14	June 30, 2026
Translate WordPress with GTranslate	gtranslate	90	GTranslate <= 3.0.3 - Authenticated (Administrator+) Cross-Site Scripting via Multiple Parameters	LOW	[*, 3.0.4)	3.0.4	June 30, 2026
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager	folders	86	Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload	LOW	[*, 2.9.3)	2.9.3	June 30, 2026
woo-category-slider-grid	woo-category-slider-grid	N/A	Category Slider for WooCommerce <= 1.4.15 - Missing Authorization via notice dismissal functionality	LOW	*-1.4.15	1.4.16	June 30, 2026
secure-admin-ip	secure-admin-ip	N/A	Secure Admin IP <= 2.0 - Missing Authorization via 'saveSettings'	LOW	*-2.0		June 30, 2026
premmerce-user-roles	premmerce-user-roles	N/A	Premmerce User Roles <= 1.0.12 - Missing Authorization via role management functions	LOW	*-1.0.12	1.0.13	June 30, 2026
fv-wordpress-flowplayer	fv-wordpress-flowplayer	93	FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update	LOW	*-7.5.37.7212	7.5.39.7212	June 30, 2026
wp-vk	wp-vk	N/A	WP VK-付费内容插件 <= 1.3.3 - Cross-Site Request Forgery via AJAX actions	LOW	[*, 1.3.4)	1.3.4	June 30, 2026
leyka	leyka	89	Leyka <= 3.30.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 3.30.3)	3.30.3	June 30, 2026
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor	elementskit-lite	95	Elements kit Elementor addons <= 2.9.1 - Missing Authorization	LOW	*-2.9.1	2.9.2	June 30, 2026
SlimStat Analytics	wp-slimstat	N/A	Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	LOW	*-5.0.8	5.0.9	June 30, 2026
SlimStat Analytics	wp-slimstat	N/A	Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview	LOW	*-5.0.5.1	5.0.6	June 30, 2026
vertical-marquee-plugin	vertical-marquee-plugin	N/A	Vertical Marquee Plugin <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-7.1		June 30, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor	royal-elementor-addons	N/A	Royal Elementor Addons <= 1.3.75 - Cross-Site Request Forgery	LOW	*-1.3.75	1.3.76	June 30, 2026
reviewx	reviewx	N/A	ReviewX <= 1.6.17 - Missing Authorization in rx_coupon_from_submit	LOW	*-1.6.17	1.6.18	June 30, 2026
push-notification-for-post-and-buddypress	push-notification-for-post-and-buddypress	N/A	Push Notification for Post and BuddyPress <= 1.63 - Missing Authorization to Unauthenticated Admin Notice Dismissal	LOW	[*, 1.64)	1.64	June 30, 2026
post-and-page-builder	post-and-page-builder	N/A	Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor	LOW	*-1.24.1	1.24.2	June 30, 2026
page-builder-add	page-builder-add	N/A	Landing Page Builder <= 1.5.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5.1.2	1.5.1.3	June 30, 2026
master-addons	master-addons	93	Master Addons for Elementor <= 2.0.5.3 - Missing Authorization	LOW	*-2.0.5.3	2.0.5.4.1	June 30, 2026
jupiterx-core	jupiterx-core	93	JupiterX Core <= 3.3.5 - Unauthenticated Arbitrary File Upload	LOW	*-3.3.5	3.3.8	June 30, 2026
jupiterx-core	jupiterx-core	93	JupiterX Core <= 3.3.8 - Unauthenticated Privilege Escalation	LOW	*-3.3.8	3.4.3	June 30, 2026
jquery-collapse-o-matic	jquery-collapse-o-matic	89	Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.8.5.5		June 30, 2026
WP Ghost (Hide My WP Ghost) – Security & Firewall	hide-my-wp	79	Hide My WP Ghost <= 5.0.25 - CAPTCHA Bypass in brute_math_authenticate	LOW	*-5.0.25	5.0.26	June 30, 2026
ftp-access	ftp-access	91	FTP Access <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
woo-min-max-quantity-step-control-single	woo-min-max-quantity-step-control-single	N/A	Min Max Control <= 4.5 - Reflected Cross-Site Scripting	LOW	*-4.5	4.6	June 30, 2026
void-elementor-post-grid-addon-for-elementor-page-builder	void-elementor-post-grid-addon-for-elementor-page-builder	N/A	Void Elementor Post Grid Addon for Elementor Page builder <= 2.1.10 - Missing Authorization to Review Notice Dismissal	LOW	[*, 2.2)	2.2	June 30, 2026
url-shortify	url-shortify	N/A	URL Shortify <= 1.7.5 - Unauthenticated Stored Cross-Site Scripting via Referrer Header	LOW	*-1.7.5	1.7.6	June 30, 2026
sticky-social-media-icons	sticky-social-media-icons	N/A	Sticky Social Media Icons <= 2.0 - Missing Authorization via ajax_request_handle	LOW	*-2.0		June 30, 2026
simple-urls	simple-urls	N/A	Simple URLs <= 117 - Missing Authorization via AJAX actions	LOW	*-117	118	June 30, 2026
simple-urls	simple-urls	N/A	Simple URLs <= 117 - Reflected Cross-Site Scripting via 'post_id'	LOW	*-117	118	June 30, 2026
simple-urls	simple-urls	N/A	Simple URLs <= 118 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-118	119	June 30, 2026
save-as-pdf-by-pdfcrowd	save-as-pdf-by-pdfcrowd	N/A	Save as PDF plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings	LOW	*-2.16.0	2.16.1	June 30, 2026
save-as-image-by-pdfcrowd	save-as-image-by-pdfcrowd	N/A	Save as Image plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	LOW	*-2.16.0	2.16.1	June 30, 2026
posts-like-dislike	posts-like-dislike	N/A	Posts Like Dislike <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset	LOW	*-1.1.1	1.1.2	June 30, 2026
mwp-herd-effect	mwp-herd-effect	N/A	Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 5.2.3)	5.2.3	June 30, 2026
mwp-herd-effect	mwp-herd-effect	N/A	Herd Effects <= 5.2.3 - Cross-Site Request Forgery to Effect Deletion	LOW	*-5.2.3	5.2.4	June 30, 2026
masterstudy-lms-learning-management-system	masterstudy-lms-learning-management-system	93	MasterStudy LMS <= 3.0.17 - Privilege Escalation	LOW	*-3.0.17	3.0.18	June 30, 2026
lock-user-account	lock-user-account	91	Lock User Account <= 1.0.3 - Cross-Site Request Forgery to Account Lock/Unlock	LOW	*-1.0.3	1.0.4	June 30, 2026
gappointments	gappointments	89	gAppointments - Appointment booking addon for Gravity Forms <= 1.9.7 - Reflected Cross-Site Scripting	LOW	*-1.9.7	1.10.0	June 30, 2026
dx-auto-save-images	dx-auto-save-images	91	DX-auto-save-images <= 1.4.0 - Cross-Site Request Forgery	LOW	*-1.4.0		June 30, 2026
dologin	dologin	93	DoLogin Security <= 3.6 - IP Address Spoofing	LOW	[*, 3.7)	3.7	June 30, 2026
cookies-by-jm	cookies-by-jm	91	Cookies by JM <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0		June 30, 2026
cartpauj-register-captcha	cartpauj-register-captcha	93	Cartpauj Register Captcha <= 1.0.02 - CAPTCHA Bypass	LOW	*-1.0.02	2.0.0	June 30, 2026
adminify	adminify	97	WP Adminify <= 3.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.1.5	3.1.6	June 30, 2026
wpvr	wpvr	N/A	WP VR <= 8.3.4 - Reflected Cross-Site Scripting	LOW	*-8.3.4	8.3.5	June 30, 2026
woo-pdf-invoice-builder	woo-pdf-invoice-builder	N/A	WooCommerce PDF Invoice Builder <= 1.2.89 - Missing Authorization to Sensitive Information Exposure	LOW	*-1.2.91	1.2.92	June 30, 2026
woo-pdf-invoice-builder	woo-pdf-invoice-builder	N/A	WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting	LOW	*-1.2.90	1.2.91	June 30, 2026
smart-donations	smart-donations	N/A	Donations Made Easy – Smart Donations <= 4.0.12 - Unauthenticated Stored Cross-Site Scripting	LOW	*-4.0.12		June 30, 2026
event-tickets-with-ticket-scanner	event-tickets-with-ticket-scanner	93	Event Tickets with Ticket Scanner <= 1.5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	[*, 1.5.5)	1.5.5	June 30, 2026
Cookies and Content Security Policy	cookies-and-content-security-policy	89	Cookies and Content Security Policy <= 2.15 - Sensitive Information Exposure	LOW	*-2.15	2.16	June 30, 2026
ays-popup-box	ays-popup-box	93	Popup Box <= 3.7.0 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	[*, 3.7.1)	3.7.1	June 30, 2026
td-composer	td-composer	N/A	tagDiv Composer <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-4.1	4.2	June 30, 2026
td-composer	td-composer	N/A	tagDiv Composer <= 4.1 - Unauthenticated Stored Cross-Site Scripting	LOW	*-4.1	4.2	June 30, 2026
tabs	tabs	N/A	Tabs & Accordion <= 1.3.10 - Authenticated (Contributor+) Content Injection	LOW	*-1.3.10		June 30, 2026
simple-staff-list	simple-staff-list	N/A	Simple Staff List <= 2.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-2.2.3	2.2.4	June 30, 2026
simple-org-chart	simple-org-chart	N/A	Simple Org Chart <= 2.3.4 - Cross-Site Request Forgery	LOW	*-2.3.4	2.3.5	June 30, 2026
simple-org-chart	simple-org-chart	N/A	Simple Org Chart <= 2.3.4 - Missing Authorization	LOW	*-2.3.4	2.3.5	June 30, 2026
serial-codes-generator-and-validator	serial-codes-generator-and-validator	N/A	Serial Codes Generator and Validator with WooCommerce Support <= 2.4.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	[*, 2.4.15)	2.4.15	June 30, 2026
rsvpmaker	rsvpmaker	N/A	RSVPMaker <= 10.6.5 - Unauthenticated Stored Cross-Site Scripting via 'email'	LOW	*-10.6.5	10.6.6	June 30, 2026
rsvpmaker	rsvpmaker	N/A	RSVPMarker <= 10.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings	LOW	*-10.6.5	10.6.7	June 30, 2026
pmpro-ccbill	pmpro-ccbill	N/A	Paid Memberships Pro CCBill Gateway <= 0.3 - Insufficient Authorization	LOW	*-0.3	0.4	June 30, 2026
payment-gateway-stripe-and-woocommerce-integration	payment-gateway-stripe-and-woocommerce-integration	N/A	Stripe Payment Plugin for WooCommerce <= 3.7.9 - Missing Authorization to Arbitrary Order Status Modification	LOW	3.7.9	3.8.0	June 30, 2026
newsletter	newsletter	N/A	Newsletter <= 7.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-7.8.9	7.9.0	June 30, 2026
kanban	kanban	86	Kanban Boards <= 2.5.21 - Authenticated (Administrator+) Remote Code Execution	LOW	*-2.5.21		June 30, 2026
js-support-ticket	js-support-ticket	93	JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Administrator+) Arbitrary File Upload	LOW	*-2.7.7	2.7.8	June 30, 2026
gd-security-headers	gd-security-headers	93	GD Security Headers <= 1.6.1 - Reflected Cross-Site Scripting	LOW	*-1.6.1	1.7	June 30, 2026
gallery-portfolio	gallery-portfolio	91	Gallery Portfolio <= 1.4.6 - Missing Authorization via Multiple AJAX actions	LOW	[*, 1.4.7)	1.4.7	June 30, 2026
estatik-mortgage-calculator	estatik-mortgage-calculator	86	Mortgage Calculator Estatik <= 2.0.11 - Reflected Cross-Site Scripting	LOW	*-2.0.11		June 30, 2026
doofinder-for-woocommerce	doofinder-for-woocommerce	93	Doofinder for WooCommerce <= 1.5.49 - Unauthenticated Open Redirect	LOW	*-1.5.49	2.0.0	June 30, 2026
cost-calculator-builder	cost-calculator-builder	93	Cost Calculator Builder <= 3.1.42 - Improper Authorization	LOW	[*, 3.1.43)	3.1.43	June 30, 2026
cluevo-lms	cluevo-lms	93	CLUEVO LMS, E-Learning Platform <= 1.10.0 - Cross-Site Request Forgery	LOW	*-1.10.0	1.11.0	June 30, 2026
cleverwise-daily-quotes	cleverwise-daily-quotes	91	Cleverwise Daily Quotes <= 3.2 - Reflected Cross-Site Scripting	LOW	*-3.2		June 30, 2026
charitable	charitable	93	Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation	LOW	*-1.7.0.12	1.7.0.13	June 30, 2026
cf7-field-validation	cf7-field-validation	91	Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQL Injection via 'post'	LOW	*-1.1.3		June 30, 2026
bigbluebutton	bigbluebutton	89	BigBlueButton <= 3.0.0-beta.4 - Authenticated (Author+) Stored Cross-Site Scripting	LOW	* - 3.0.0-beta.4		June 30, 2026
animated-typing-effect	animated-typing-effect	97	Typing Effect <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	LOW	*-1.3.6	1.3.7	June 30, 2026
youtube-showcase	youtube-showcase	N/A	Video Gallery & Management <= 3.3.5 - Cross-Site Request Forgery	LOW	*-3.3.5	3.3.6	June 30, 2026
wpdatatables	wpdatatables	N/A	wpDataTables - Tables & Table Charts <= 2.1.65 - Authenticated(Administrator+) PHP Object Injection	LOW	[*, 2.1.66)	2.1.66	June 30, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-5.0.9 Patched: 5.0.10 Updated: June 30, 2026

LOW

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

Score: 70/100 Ultimate Addons for Contact Form 7 <= 3.1.0 - Reflected Cross-Site Scripting via 'page' Affected: *-3.1.0 Patched: 3.1.2 Updated: June 30, 2026

LOW

social-share-boost

Score: N/A Social Share Boost <= 4.5 - Cross-Site Request Forgery via 'syntatical_settings_content' Affected: *-4.5 Patched: Updated: June 30, 2026

LOW

sitekit

Score: N/A Sitekit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe' shortcode Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026

LOW

sitekit

Score: N/A Sitekit <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe ' shortcode Affected: *-1.3 Patched: 1.4 Updated: June 30, 2026

LOW

search-analytics

Score: N/A WP Search Analytics <= 1.4.7 - Reflected Cross-Site Scripting via 'render_stats_page' Affected: *-1.4.7 Patched: 1.4.8 Updated: June 30, 2026

LOW

prevent-file-access

Score: N/A Prevent files / folders access <= 2.5.1 - Authenticated (Administrator+) Arbitrary File Upload in mo_media_restrict_page Affected: *-2.5.1 Patched: 2.5.2 Updated: June 30, 2026

LOW

popup-builder

Score: N/A Popup Builder <= 4.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.2.1 Patched: 4.2.2 Updated: June 30, 2026

LOW

order-tracking

Score: N/A Order Tracking Pro <= 3.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.3.6 Patched: 3.3.7 Updated: June 30, 2026

LOW

order-tracking

Score: N/A Order Tracking Pro <= 3.3.6 - Reflected Cross-Site Scripting Affected: *-3.3.6 Patched: 3.3.7 Updated: June 30, 2026

LOW

olive-one-click-demo-import

Score: N/A Olive One Click Demo Import <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload in olive_one_click_demo_import_save_file Affected: *-1.1.2 Patched: Updated: June 30, 2026

LOW

mts-url-shortener

Score: N/A URL Shortener by MyThemeShop <= 1.0.17 - Reflected Cross-Site Scripting via 'page' Affected: *-1.0.17 Patched: Updated: June 30, 2026

LOW

makestories-helper

Score: 91/100 MakeStories (for Google Web Stories) <= 3.0.2 - Cross-Site Request Forgery via 'ms_set_options' Affected: *-3.0.2 Patched: 3.0.3 Updated: June 30, 2026

LOW

maintenance-switch

Score: 91/100 Maintenance Switch <= 1.5.2 - Cross-Site Request Forgery via 'admin_action_request' Affected: *-1.5.2 Patched: Updated: June 30, 2026

LOW

luckywp-scripts-control

Score: 93/100 LuckyWP Scripts Control <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: 1.2.2 Updated: June 30, 2026

LOW

locatoraid

Score: 91/100 Locatoraid Store Locator <= 3.9.23 - Reflected Cross-Site Scripting Affected: *-3.9.23 Patched: 3.9.24 Updated: June 30, 2026

LOW

import-xml-feed

Score: 93/100 Import XML and RSS Feeds <= 2.1.4 - Unauthenticated Remote Code Execution Affected: *-2.1.4 Patched: 2.1.5 Updated: June 30, 2026

LOW

import-xml-feed

Score: 93/100 Import XML and RSS Feeds <= 2.1.3 - Authenticated (Admin+) Arbitrary File Upload Affected: *-2.1.3 Patched: 2.1.4 Updated: June 30, 2026

LOW

guruwalk-affiliates

Score: 91/100 GuruWalk Affiliates <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-1.0.0 Patched: Updated: June 30, 2026

LOW

Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager

folders

Score: 86/100 Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload Affected: *-2.9.2 Patched: 2.9.3 Updated: June 30, 2026

LOW

easy-coming-soon

Score: 91/100 Easy Coming Soon <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-2.3 Patched: Updated: June 30, 2026

LOW

dologin

Score: 93/100 DoLogin Security <= 3.6 - Unauthenticated Stored Cross-Site Scripting Affected: *-3.6 Patched: 3.7 Updated: June 30, 2026

LOW

Kadence Central – Site Management, Backups, Security, and Reporting

ithemes-sync

Score: 82/100 iThemes Sync <= 2.1.13 - Cross-Site Request Forgery and Missing Authorization via 'hide_authenticate_notice' Affected: [*, 2.1.14) Patched: 2.1.14 Updated: June 30, 2026

LOW

Translate WordPress with GTranslate

gtranslate

Score: 90/100 GTranslate <= 3.0.3 - Authenticated (Administrator+) Cross-Site Scripting via Multiple Parameters Affected: [*, 3.0.4) Patched: 3.0.4 Updated: June 30, 2026

LOW

Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager

folders

Score: 86/100 Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload Affected: [*, 2.9.3) Patched: 2.9.3 Updated: June 30, 2026

LOW

woo-category-slider-grid

Score: N/A Category Slider for WooCommerce <= 1.4.15 - Missing Authorization via notice dismissal functionality Affected: *-1.4.15 Patched: 1.4.16 Updated: June 30, 2026

LOW

secure-admin-ip

Score: N/A Secure Admin IP <= 2.0 - Missing Authorization via 'saveSettings' Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

premmerce-user-roles

Score: N/A Premmerce User Roles <= 1.0.12 - Missing Authorization via role management functions Affected: *-1.0.12 Patched: 1.0.13 Updated: June 30, 2026

LOW

Score: 93/100 FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update Affected: *-7.5.37.7212 Patched: 7.5.39.7212 Updated: June 30, 2026

LOW

wp-vk

Score: N/A WP VK-付费内容插件 <= 1.3.3 - Cross-Site Request Forgery via AJAX actions Affected: [*, 1.3.4) Patched: 1.3.4 Updated: June 30, 2026

LOW

leyka

Score: 89/100 Leyka <= 3.30.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 3.30.3) Patched: 3.30.3 Updated: June 30, 2026

LOW

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Score: 95/100 Elements kit Elementor addons <= 2.9.1 - Missing Authorization Affected: *-2.9.1 Patched: 2.9.2 Updated: June 30, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings Affected: *-5.0.8 Patched: 5.0.9 Updated: June 30, 2026

LOW

SlimStat Analytics

wp-slimstat

Score: N/A Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview Affected: *-5.0.5.1 Patched: 5.0.6 Updated: June 30, 2026

LOW

vertical-marquee-plugin

Score: N/A Vertical Marquee Plugin <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-7.1 Patched: Updated: June 30, 2026

LOW

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Score: N/A Royal Elementor Addons <= 1.3.75 - Cross-Site Request Forgery Affected: *-1.3.75 Patched: 1.3.76 Updated: June 30, 2026

LOW

reviewx

Score: N/A ReviewX <= 1.6.17 - Missing Authorization in rx_coupon_from_submit Affected: *-1.6.17 Patched: 1.6.18 Updated: June 30, 2026

LOW

push-notification-for-post-and-buddypress

Score: N/A Push Notification for Post and BuddyPress <= 1.63 - Missing Authorization to Unauthenticated Admin Notice Dismissal Affected: [*, 1.64) Patched: 1.64 Updated: June 30, 2026

LOW

post-and-page-builder

Score: N/A Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor Affected: *-1.24.1 Patched: 1.24.2 Updated: June 30, 2026

LOW

page-builder-add

Score: N/A Landing Page Builder <= 1.5.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.1.2 Patched: 1.5.1.3 Updated: June 30, 2026

LOW

master-addons

Score: 93/100 Master Addons for Elementor <= 2.0.5.3 - Missing Authorization Affected: *-2.0.5.3 Patched: 2.0.5.4.1 Updated: June 30, 2026

LOW

jupiterx-core

Score: 93/100 JupiterX Core <= 3.3.5 - Unauthenticated Arbitrary File Upload Affected: *-3.3.5 Patched: 3.3.8 Updated: June 30, 2026

LOW

jupiterx-core

Score: 93/100 JupiterX Core <= 3.3.8 - Unauthenticated Privilege Escalation Affected: *-3.3.8 Patched: 3.4.3 Updated: June 30, 2026

LOW

jquery-collapse-o-matic

Score: 89/100 Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.8.5.5 Patched: Updated: June 30, 2026

LOW

WP Ghost (Hide My WP Ghost) – Security & Firewall

hide-my-wp

Score: 79/100 Hide My WP Ghost <= 5.0.25 - CAPTCHA Bypass in brute_math_authenticate Affected: *-5.0.25 Patched: 5.0.26 Updated: June 30, 2026

LOW

ftp-access

Score: 91/100 FTP Access <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

woo-min-max-quantity-step-control-single

Score: N/A Min Max Control <= 4.5 - Reflected Cross-Site Scripting Affected: *-4.5 Patched: 4.6 Updated: June 30, 2026

LOW

void-elementor-post-grid-addon-for-elementor-page-builder

Score: N/A Void Elementor Post Grid Addon for Elementor Page builder <= 2.1.10 - Missing Authorization to Review Notice Dismissal Affected: [*, 2.2) Patched: 2.2 Updated: June 30, 2026

LOW

url-shortify

Score: N/A URL Shortify <= 1.7.5 - Unauthenticated Stored Cross-Site Scripting via Referrer Header Affected: *-1.7.5 Patched: 1.7.6 Updated: June 30, 2026

LOW

sticky-social-media-icons

Score: N/A Sticky Social Media Icons <= 2.0 - Missing Authorization via ajax_request_handle Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

simple-urls

Score: N/A Simple URLs <= 117 - Missing Authorization via AJAX actions Affected: *-117 Patched: 118 Updated: June 30, 2026

LOW

simple-urls

Score: N/A Simple URLs <= 117 - Reflected Cross-Site Scripting via 'post_id' Affected: *-117 Patched: 118 Updated: June 30, 2026

LOW

simple-urls

Score: N/A Simple URLs <= 118 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-118 Patched: 119 Updated: June 30, 2026

LOW

save-as-pdf-by-pdfcrowd

Score: N/A Save as PDF plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings Affected: *-2.16.0 Patched: 2.16.1 Updated: June 30, 2026

LOW

save-as-image-by-pdfcrowd

Score: N/A Save as Image plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings Affected: *-2.16.0 Patched: 2.16.1 Updated: June 30, 2026

LOW

posts-like-dislike

Score: N/A Posts Like Dislike <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset Affected: *-1.1.1 Patched: 1.1.2 Updated: June 30, 2026

LOW

mwp-herd-effect

Score: N/A Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 5.2.3) Patched: 5.2.3 Updated: June 30, 2026

LOW

mwp-herd-effect

Score: N/A Herd Effects <= 5.2.3 - Cross-Site Request Forgery to Effect Deletion Affected: *-5.2.3 Patched: 5.2.4 Updated: June 30, 2026

LOW

masterstudy-lms-learning-management-system

Score: 93/100 MasterStudy LMS <= 3.0.17 - Privilege Escalation Affected: *-3.0.17 Patched: 3.0.18 Updated: June 30, 2026

LOW

lock-user-account

Score: 91/100 Lock User Account <= 1.0.3 - Cross-Site Request Forgery to Account Lock/Unlock Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

gappointments

Score: 89/100 gAppointments - Appointment booking addon for Gravity Forms <= 1.9.7 - Reflected Cross-Site Scripting Affected: *-1.9.7 Patched: 1.10.0 Updated: June 30, 2026

LOW

dx-auto-save-images

Score: 91/100 DX-auto-save-images <= 1.4.0 - Cross-Site Request Forgery Affected: *-1.4.0 Patched: Updated: June 30, 2026

LOW

dologin

Score: 93/100 DoLogin Security <= 3.6 - IP Address Spoofing Affected: [*, 3.7) Patched: 3.7 Updated: June 30, 2026

LOW

cookies-by-jm

Score: 91/100 Cookies by JM <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0 Patched: Updated: June 30, 2026

LOW

cartpauj-register-captcha

Score: 93/100 Cartpauj Register Captcha <= 1.0.02 - CAPTCHA Bypass Affected: *-1.0.02 Patched: 2.0.0 Updated: June 30, 2026

LOW

adminify

Score: 97/100 WP Adminify <= 3.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.1.5 Patched: 3.1.6 Updated: June 30, 2026

LOW

wpvr

Score: N/A WP VR <= 8.3.4 - Reflected Cross-Site Scripting Affected: *-8.3.4 Patched: 8.3.5 Updated: June 30, 2026

LOW

woo-pdf-invoice-builder

Score: N/A WooCommerce PDF Invoice Builder <= 1.2.89 - Missing Authorization to Sensitive Information Exposure Affected: *-1.2.91 Patched: 1.2.92 Updated: June 30, 2026

LOW

woo-pdf-invoice-builder

Score: N/A WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting Affected: *-1.2.90 Patched: 1.2.91 Updated: June 30, 2026

LOW

smart-donations

Score: N/A Donations Made Easy – Smart Donations <= 4.0.12 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.0.12 Patched: Updated: June 30, 2026

LOW

event-tickets-with-ticket-scanner

Score: 93/100 Event Tickets with Ticket Scanner <= 1.5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: [*, 1.5.5) Patched: 1.5.5 Updated: June 30, 2026

LOW

Cookies and Content Security Policy

cookies-and-content-security-policy

Score: 89/100 Cookies and Content Security Policy <= 2.15 - Sensitive Information Exposure Affected: *-2.15 Patched: 2.16 Updated: June 30, 2026

LOW

ays-popup-box

Score: 93/100 Popup Box <= 3.7.0 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: [*, 3.7.1) Patched: 3.7.1 Updated: June 30, 2026

LOW

td-composer

Score: N/A tagDiv Composer <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-4.1 Patched: 4.2 Updated: June 30, 2026

LOW

td-composer

Score: N/A tagDiv Composer <= 4.1 - Unauthenticated Stored Cross-Site Scripting Affected: *-4.1 Patched: 4.2 Updated: June 30, 2026

LOW

tabs

Score: N/A Tabs & Accordion <= 1.3.10 - Authenticated (Contributor+) Content Injection Affected: *-1.3.10 Patched: Updated: June 30, 2026

LOW

simple-staff-list

Score: N/A Simple Staff List <= 2.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-2.2.3 Patched: 2.2.4 Updated: June 30, 2026

LOW

simple-org-chart

Score: N/A Simple Org Chart <= 2.3.4 - Cross-Site Request Forgery Affected: *-2.3.4 Patched: 2.3.5 Updated: June 30, 2026

LOW

simple-org-chart

Score: N/A Simple Org Chart <= 2.3.4 - Missing Authorization Affected: *-2.3.4 Patched: 2.3.5 Updated: June 30, 2026

LOW

serial-codes-generator-and-validator

Score: N/A Serial Codes Generator and Validator with WooCommerce Support <= 2.4.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: [*, 2.4.15) Patched: 2.4.15 Updated: June 30, 2026

LOW

rsvpmaker

Score: N/A RSVPMaker <= 10.6.5 - Unauthenticated Stored Cross-Site Scripting via 'email' Affected: *-10.6.5 Patched: 10.6.6 Updated: June 30, 2026

LOW

rsvpmaker

Score: N/A RSVPMarker <= 10.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings Affected: *-10.6.5 Patched: 10.6.7 Updated: June 30, 2026

LOW

pmpro-ccbill

Score: N/A Paid Memberships Pro CCBill Gateway <= 0.3 - Insufficient Authorization Affected: *-0.3 Patched: 0.4 Updated: June 30, 2026

LOW

payment-gateway-stripe-and-woocommerce-integration

Score: N/A Stripe Payment Plugin for WooCommerce <= 3.7.9 - Missing Authorization to Arbitrary Order Status Modification Affected: 3.7.9 Patched: 3.8.0 Updated: June 30, 2026

LOW

newsletter

Score: N/A Newsletter <= 7.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-7.8.9 Patched: 7.9.0 Updated: June 30, 2026

LOW

kanban

Score: 86/100 Kanban Boards <= 2.5.21 - Authenticated (Administrator+) Remote Code Execution Affected: *-2.5.21 Patched: Updated: June 30, 2026

LOW

js-support-ticket

Score: 93/100 JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Administrator+) Arbitrary File Upload Affected: *-2.7.7 Patched: 2.7.8 Updated: June 30, 2026

LOW

gd-security-headers

Score: 93/100 GD Security Headers <= 1.6.1 - Reflected Cross-Site Scripting Affected: *-1.6.1 Patched: 1.7 Updated: June 30, 2026

LOW

gallery-portfolio

Score: 91/100 Gallery Portfolio <= 1.4.6 - Missing Authorization via Multiple AJAX actions Affected: [*, 1.4.7) Patched: 1.4.7 Updated: June 30, 2026

LOW

estatik-mortgage-calculator

Score: 86/100 Mortgage Calculator Estatik <= 2.0.11 - Reflected Cross-Site Scripting Affected: *-2.0.11 Patched: Updated: June 30, 2026

LOW

doofinder-for-woocommerce

Score: 93/100 Doofinder for WooCommerce <= 1.5.49 - Unauthenticated Open Redirect Affected: *-1.5.49 Patched: 2.0.0 Updated: June 30, 2026

LOW

cost-calculator-builder

Score: 93/100 Cost Calculator Builder <= 3.1.42 - Improper Authorization Affected: [*, 3.1.43) Patched: 3.1.43 Updated: June 30, 2026

LOW

cluevo-lms

Score: 93/100 CLUEVO LMS, E-Learning Platform <= 1.10.0 - Cross-Site Request Forgery Affected: *-1.10.0 Patched: 1.11.0 Updated: June 30, 2026

LOW

cleverwise-daily-quotes

Score: 91/100 Cleverwise Daily Quotes <= 3.2 - Reflected Cross-Site Scripting Affected: *-3.2 Patched: Updated: June 30, 2026

LOW

charitable

Score: 93/100 Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation Affected: *-1.7.0.12 Patched: 1.7.0.13 Updated: June 30, 2026

LOW

cf7-field-validation

Score: 91/100 Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQL Injection via 'post' Affected: *-1.1.3 Patched: Updated: June 30, 2026

LOW

bigbluebutton

Score: 89/100 BigBlueButton <= 3.0.0-beta.4 - Authenticated (Author+) Stored Cross-Site Scripting Affected: * - 3.0.0-beta.4 Patched: Updated: June 30, 2026

LOW

animated-typing-effect

Score: 97/100 Typing Effect <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Affected: *-1.3.6 Patched: 1.3.7 Updated: June 30, 2026

LOW

youtube-showcase

Score: N/A Video Gallery & Management <= 3.3.5 - Cross-Site Request Forgery Affected: *-3.3.5 Patched: 3.3.6 Updated: June 30, 2026

LOW

wpdatatables

Score: N/A wpDataTables - Tables & Table Charts <= 2.1.65 - Authenticated(Administrator+) PHP Object Injection Affected: [*, 2.1.66) Patched: 2.1.66 Updated: June 30, 2026

Showing 24001 to 24100 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 09:42 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List