Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36283

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
wp-trending-post-slider-and-widget	wp-trending-post-slider-and-widget	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-1.6	1.6.1	June 30, 2026
wp-testimonial-with-widget	wp-testimonial-with-widget	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-3.3	3.3.1	June 30, 2026
wp-team-showcase-and-slider	wp-team-showcase-and-slider	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-2.6	2.6.1	June 30, 2026
wp-slick-slider-and-image-carousel	wp-slick-slider-and-image-carousel	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-3.5	3.6	June 30, 2026
wp-responsive-recent-post-slider	wp-responsive-recent-post-slider	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-3.4	3.5	June 30, 2026
wp-postratings	wp-postratings	N/A	WP-PostRatings <= 1.91 - IP Spoofing	LOW	*-1.91	1.91.1	June 30, 2026
wp-logo-showcase-responsive-slider-slider	wp-logo-showcase-responsive-slider-slider	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-3.6	3.7	June 30, 2026
wp-featured-content-and-slider	wp-featured-content-and-slider	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-1.6	1.7	June 30, 2026
wp-blog-and-widgets	wp-blog-and-widgets	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-2.5	2.6	June 30, 2026
woo-pdf-invoice-builder	woo-pdf-invoice-builder	N/A	WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation	LOW	*-1.2.90	1.2.91	June 30, 2026
woo-ecommerce-tracking-for-google-and-facebook	woo-ecommerce-tracking-for-google-and-facebook	N/A	WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking <= 3.7.1 - Cross-Site Request Forgery	LOW	*-3.7.1	3.7.2	June 30, 2026
woo-conditional-discount-rules-for-checkout	woo-conditional-discount-rules-for-checkout	N/A	WooCommerce Dynamic Pricing and Discount Rules <= 2.4.0 - Cross-Site Request Forgery	LOW	*-2.4.0	2.4.1	June 30, 2026
timeline-and-history-slider	timeline-and-history-slider	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-2.1	2.1.1	June 30, 2026
ticker-ultimate	ticker-ultimate	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-1.5.5	1.5.6	June 30, 2026
sp-news-and-widget	sp-news-and-widget	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-4.8	4.9	June 30, 2026
sp-faq	sp-faq	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-3.8	3.9	June 30, 2026
smart-seo-tool	smart-seo-tool	N/A	Smart SEO Tool-WordPress SEO优化插件 <= 4.0.1 - Cross-Site Request Forgery via 'wp_ajax_wb_smart_seo_tool'	LOW	[*, 4.0.2)	4.0.2	June 30, 2026
schedule-posts-calendar	schedule-posts-calendar	N/A	Schedule Posts Calendar <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings	LOW	*-5.2	5.3	June 30, 2026
schedule-posts-calendar	schedule-posts-calendar	N/A	Schedule Posts Calendar <= 5.2 - Cross-Site Request Forgery	LOW	*-5.2	5.3	June 30, 2026
post-grid-and-filter-ultimate	post-grid-and-filter-ultimate	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-1.5.2	1.5.3	June 30, 2026
portfolio-and-projects	portfolio-and-projects	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-1.3.7	1.3.8	June 30, 2026
popup-anything-on-click	popup-anything-on-click	N/A	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-2.7	2.8	June 30, 2026
Plausible Analytics	plausible-analytics	N/A	Plausible Analytics <= 1.3.3 - Reflected Cross-Site Scripting via page-url	LOW	*-1.3.3	1.3.4	June 30, 2026
meta-slider-and-carousel-with-lightbox	meta-slider-and-carousel-with-lightbox	93	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-1.8.2	1.8.3	June 30, 2026
html5-videogallery-plus-player	html5-videogallery-plus-player	93	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-2.6.5	2.6.6	June 30, 2026
fitness-calculators	fitness-calculators	93	Fitness calculators plugin <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings	LOW	*-2.0.8	2.0.9	June 30, 2026
featured-post-creative	featured-post-creative	93	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-1.4	1.5	June 30, 2026
custom-admin-login-styler-wpzest	custom-admin-login-styler-wpzest	91	Custom Admin Login Page \| WPZest <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.0		June 30, 2026
ct-commerce	ct-commerce	91	CT Commerce <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings	LOW	*-2.0.1		June 30, 2026
countdown-timer-ultimate	countdown-timer-ultimate	93	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-2.4	2.4.1	June 30, 2026
comments-like-dislike	comments-like-dislike	93	Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset	LOW	*-1.2.0	1.2.1	June 30, 2026
carrrot	carrrot	91	Carrot <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1.0		June 30, 2026
blog-designer-for-post-and-widget	blog-designer-for-post-and-widget	93	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-2.5.1	2.5.2	June 30, 2026
album-and-image-gallery-plus-lightbox	album-and-image-gallery-plus-lightbox	97	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-1.7	1.7.1	June 30, 2026
accordion-slider	accordion-slider	97	Accordion Slider <= 1.9.6 - Missing Authorization to Notice Dismissal	LOW	*-1.9.6	1.9.7	June 30, 2026
accordion-and-accordion-slider	accordion-and-accordion-slider	97	Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	LOW	*-1.2.4	1.2.5	June 30, 2026
wp-remote-users-sync	wp-remote-users-sync	N/A	WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery	LOW	*-1.2.12	1.2.13	June 30, 2026
wp-remote-users-sync	wp-remote-users-sync	N/A	WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View	LOW	*-1.2.11	1.2.12	June 30, 2026
woocommerce-putler-connector	woocommerce-putler-connector	N/A	Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'putler_connector_sync_complete'	LOW	*-2.12.0	2.13.0	June 30, 2026
woocommerce-putler-connector	woocommerce-putler-connector	N/A	Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'send_resync_request'	LOW	*-2.12.0	2.13.0	June 30, 2026
Robo Gallery – Photo & Image Slider	robo-gallery	N/A	Robo Gallery <= 3.2.15 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	*-3.2.15	3.2.16	June 30, 2026
wp-line-notify	wp-line-notify	N/A	LINE Notify <= 1.4.4 - Reflected Cross-Site Scripting via 'uid'	LOW	*-1.4.4	1.4.5	June 30, 2026
woocommerce-products-quick-view	woocommerce-products-quick-view	N/A	Products Quick View for WooCommerce <= 2.2.0 - Missing Authorization	LOW	[*, 2.3.0)	2.3.0	June 30, 2026
woo-orders-tracking	woo-orders-tracking	N/A	Orders Tracking for WooCommerce <= 1.2.5 - Authenticated (Administrator+) Directory Traversal via 'file_url'	LOW	*-1.2.5	1.2.6	June 30, 2026
weblibrarian	weblibrarian	N/A	WebLibrarian <= 3.5.8.1 - Reflected Cross-Site Scripting via multiple parameters	LOW	*-3.5.8.1	3.5.8.2	June 30, 2026
user-submitted-posts	user-submitted-posts	N/A	User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'	LOW	*-20230809	20230811	June 30, 2026
user-activity-log	user-activity-log	N/A	User Activity Log <= 1.6.6 - IP Address Spoofing	LOW	*-1.6.6	1.6.7	June 30, 2026
media-from-ftp	media-from-ftp	93	Media from FTP <= 11.16 - Authenticated (Author+) Improper Privilege Management	LOW	*-11.16	11.17	June 30, 2026
make-paths-relative	make-paths-relative	93	Make Paths Relative <= 1.3.0 - Cross-Site Request Forgery via 'admin/class-make-paths-relative-admin.php'	LOW	*-1.3.0	2.0.0	June 30, 2026
iwp-client	iwp-client	93	InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure	LOW	*-1.11.1	1.12.1	June 30, 2026
Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution	file-manager-advanced	66	Advanced File Manager <= 5.1 - Authenticated (Administrator+) Arbitrary File and Folder Access	LOW	*-5.1	5.1.1	June 30, 2026
bdvs-password-reset	bdvs-password-reset	93	Password Reset with Code for WordPress REST API <= 0.0.15 - Weak Password Recovery Mechanism	LOW	*-0.0.15	0.0.16	June 30, 2026
123-chat-videochat	123-chat-videochat	95	123.chat <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	*-1.3.0	1.3.1	June 30, 2026
jupiterx-core	jupiterx-core	93	JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization	LOW	3.0.0-3.3.0	3.3.5	June 30, 2026
jupiterx-core	jupiterx-core	93	JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization	LOW	3.0.0-3.3.0	3.3.5	June 30, 2026
wpdm-premium-packages	wpdm-premium-packages	N/A	Premium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege Escalation	LOW	*-5.7.4	5.7.5	June 30, 2026
wp-pipes	wp-pipes	N/A	WP Pipes <= 1.4.0 - Cross-Site Request Forgery to Settings Update	LOW	[*, 1.4.1)	1.4.1	June 30, 2026
wp-like-button	wp-like-button	N/A	WP Like Button <= 1.6.11 - Cross-Site Request Forgery via 'saveData'	LOW	*-1.6.11	1.7.0	June 30, 2026
wp-html-mail	wp-html-mail	N/A	WP HTML Mail <= 3.4.0 - Cross-Site Request Forgery via 'send_test'	LOW	*-3.4.0	3.4.1	June 30, 2026
wp-404-auto-redirect-to-similar-post	wp-404-auto-redirect-to-similar-post	N/A	WP 404 Auto Redirect to Similar Post <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.3	1.0.4	June 30, 2026
woo-product-attachment	woo-product-attachment	N/A	WooCommerce Product Attachment <= 2.1.8 - Cross-Site Request Forgery	LOW	*-2.1.8	2.2.0	June 30, 2026
woo-pdf-invoice-builder	woo-pdf-invoice-builder	N/A	WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated (Subscriber+) SQL Injection via Export	LOW	*-1.2.89	1.2.90	June 30, 2026
woo-pdf-invoice-builder	woo-pdf-invoice-builder	N/A	WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save	LOW	*-1.2.90	1.2.91	June 30, 2026
stock-ticker	stock-ticker	N/A	Stock Ticker <= 3.23.3 - Reflected Cross-Site Scripting in ajax_stockticker_load	LOW	*-3.23.3	3.23.4	June 30, 2026
smart-donations	smart-donations	N/A	Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Administrator+) SQL Injection	LOW	*-4.0.12		June 30, 2026
sendpress	sendpress	N/A	SendPress Newsletters <= 1.23.11.6 - Missing Authorization	LOW	*-1.23.11.6		June 30, 2026
sb-child-list	sb-child-list	N/A	SB Child List <= 4.5 - Cross-Site Request Forgery via 'sb_cl_update_settings'	LOW	*-4.5		June 30, 2026
rate-my-post	rate-my-post	N/A	Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference	LOW	[*, 3.4.2)	3.4.2	June 30, 2026
printful-shipping-for-woocommerce	printful-shipping-for-woocommerce	N/A	Printful Integration for WooCommerce <= 2.2.2 - Cross-Site Request Forgery	LOW	*-2.2.2	2.2.3	June 30, 2026
post-grid	post-grid	N/A	Post Grid <= 2.2.50 - Missing Authorization to Sensitive Information Exposure via REST API	LOW	*-2.2.50	2.2.51	June 30, 2026
portfolio-and-projects	portfolio-and-projects	N/A	Portfolio and Projects <= 1.3.7 - Cross-Site Request Forgery via 'wpos_anylc_admin_init_process'	LOW	*-1.3.7	1.3.8	June 30, 2026
popup-by-supsystic	popup-by-supsystic	N/A	Popup by Supsystic <= 1.10.19 - Cross-Site Request Forgery	LOW	*-1.10.19	1.10.20	June 30, 2026
pixtypes	pixtypes	N/A	PixTypes <= 1.4.15 - Reflected Cross-Site Scripting	LOW	*-1.4.15	1.4.16	June 30, 2026
mailchimp-forms-by-mailmunch	mailchimp-forms-by-mailmunch	93	MailChimp Forms by MailMunch <= 3.1.4 - Missing Authorization via multiple AJAX actions	LOW	*-3.1.4	3.1.5	June 30, 2026
kangu	kangu	93	Kangu para WooCommerce <= 2.2.10 - Reflected Cross-Site Scripting	LOW	*-2.2.9	2.2.10	June 30, 2026
imagerecycle-pdf-image-compression	imagerecycle-pdf-image-compression	93	ImageRecycle pdf & image compression <= 3.1.11 - Reflected Cross-Site Scripting	LOW	*-3.1.11	3.1.12	June 30, 2026
imagerecycle-pdf-image-compression	imagerecycle-pdf-image-compression	93	ImageRecycle pdf & image compression <= 3.1.10 - Reflected Cross-Site Scripting	LOW	[*, 3.1.11)	3.1.11	June 30, 2026
high-compress	high-compress	93	Highcompress Image Compressor <= 5.0.0 - Missing Authorization via multiple AJAX actions	LOW	*-5.0.0	6.0.0	June 30, 2026
futurio-extra	futurio-extra	93	Futurio Extra <= 1.9.0 - Cross-Site Request Forgery	LOW	*-1.9.0	1.9.1	June 30, 2026
futurio-extra	futurio-extra	93	Futurio Extra <= 1.8.2 - Cross-Site Request Forgery via 'futurio_extra_reset_mod'	LOW	*-1.8.2	1.8.3	June 30, 2026
flowpaper-lite-pdf-flipbook	flowpaper-lite-pdf-flipbook	93	flowpaper <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.9.9	2.0.0	June 30, 2026
easy-cookie-law	easy-cookie-law	91	Easy Cookie Law <= 3.1 - Cross-Site Request Forgery via 'ecl_options'	LOW	*-3.1		June 30, 2026
avartan-slider-lite	avartan-slider-lite	91	Avartan Slider Lite <= 1.5.3 - Reflected Cross-Site Scripting via 'asview-nouce'	LOW	*-1.5.3		June 30, 2026
armember	armember	97	ARMember Premium <= 5.9.2 - Missing Authorization	LOW	*-5.9.2	5.9.3	June 30, 2026
accordion-and-accordion-slider	accordion-and-accordion-slider	97	Accordion and Accordion Slider <= 1.2.4 - Missing Authorization via 'wp_aas_get_attachment_edit_form' and 'wp_aas_save_attachment_data'	LOW	*-1.2.4	1.2.5	June 30, 2026
yith-woocommerce-waiting-list	yith-woocommerce-waiting-list	N/A	YITH WooCommerce Waiting List <= 2.6.0 - Cross-Site Request forgery via 'save_mail_status'	LOW	*-2.6.0	2.6.1	June 30, 2026
wp-categories-widget	wp-categories-widget	N/A	WP Categories Widget <= 2.2 - Reflected Cross-Site Scripting	LOW	*-2.2	2.3	June 30, 2026
woocommerce-one-page-checkout	woocommerce-one-page-checkout	N/A	WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout`	LOW	*-2.3.0	2.4.0	June 30, 2026
stock-ticker	stock-ticker	N/A	Stock Ticker <= 3.23.2 - Reflected Cross-Site Scripting in ajax_stockticker_symbol_search_test	LOW	*-3.23.2	3.23.3	June 30, 2026
post-timeline	post-timeline	N/A	Post Timeline <= 2.2.5 - Reflected Cross-Site Scripting	LOW	*-2.2.5	2.2.6	June 30, 2026
meeting-scheduler-by-vcita	meeting-scheduler-by-vcita	93	Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-4.3.2	4.3.3	June 30, 2026
justified-gallery	justified-gallery	93	Justified Gallery <= 1.7.3 - Missing Authorization via 'dismiss_how_to_use_notice' and 'dismiss_notice'	LOW	*-1.7.3	1.8.0	June 30, 2026
fusion-builder	fusion-builder	93	Fusion Builder <= 3.11.1 - Cross-Site Request Forgery	LOW	*-3.11.1	3.11.2	June 30, 2026
fusion-builder	fusion-builder	93	Fusion Builder <= 3.11.1 - Missing Authorization	LOW	*-3.11.1	3.11.2	June 30, 2026
fusion-builder	fusion-builder	93	Fusion Builder <= 3.11.1 - Authenticated (Subscriber+) SQL Injection	LOW	*-3.11.1	3.11.2	June 30, 2026
fusion-builder	fusion-builder	93	Fusion Builder <= 3.11.1 - Reflected Cross-Site Scripting via User Register Element	LOW	*-3.11.1	3.11.2	June 30, 2026
easyappointments	easyappointments	93	Easy!Appointments <= 1.4.0 - Authenticated(Subscriber+) Arbitrary File Deletion via 'disconnect'	LOW	*-1.4.0	1.4.1	June 30, 2026
demon-image-annotation	demon-image-annotation	93	Demon image annotation <= 5.3 - Authenticated (Administrator+) SQL Injection	LOW	*-5.3	5.4	June 30, 2026
atarim-visual-collaboration	atarim-visual-collaboration	93	Atarim <= 3.9.3 - Reflected Cross-Site Scripting	LOW	*-3.9.3	3.9.4	June 30, 2026
agile-store-locator	agile-store-locator	97	Store Locator WordPress <= 1.4.12 - Reflected Cross-Site Scripting via 'asl-nounce'	LOW	*-1.4.12	1.4.13	June 30, 2026

LOW

wp-trending-post-slider-and-widget

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-1.6 Patched: 1.6.1 Updated: June 30, 2026

LOW

wp-testimonial-with-widget

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-3.3 Patched: 3.3.1 Updated: June 30, 2026

LOW

wp-team-showcase-and-slider

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-2.6 Patched: 2.6.1 Updated: June 30, 2026

LOW

wp-slick-slider-and-image-carousel

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-3.5 Patched: 3.6 Updated: June 30, 2026

LOW

wp-responsive-recent-post-slider

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-3.4 Patched: 3.5 Updated: June 30, 2026

LOW

wp-postratings

Score: N/A WP-PostRatings <= 1.91 - IP Spoofing Affected: *-1.91 Patched: 1.91.1 Updated: June 30, 2026

LOW

wp-logo-showcase-responsive-slider-slider

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-3.6 Patched: 3.7 Updated: June 30, 2026

LOW

wp-featured-content-and-slider

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-1.6 Patched: 1.7 Updated: June 30, 2026

LOW

wp-blog-and-widgets

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-2.5 Patched: 2.6 Updated: June 30, 2026

LOW

woo-pdf-invoice-builder

Score: N/A WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation Affected: *-1.2.90 Patched: 1.2.91 Updated: June 30, 2026

LOW

woo-ecommerce-tracking-for-google-and-facebook

Score: N/A WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking <= 3.7.1 - Cross-Site Request Forgery Affected: *-3.7.1 Patched: 3.7.2 Updated: June 30, 2026

LOW

woo-conditional-discount-rules-for-checkout

Score: N/A WooCommerce Dynamic Pricing and Discount Rules <= 2.4.0 - Cross-Site Request Forgery Affected: *-2.4.0 Patched: 2.4.1 Updated: June 30, 2026

LOW

timeline-and-history-slider

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-2.1 Patched: 2.1.1 Updated: June 30, 2026

LOW

ticker-ultimate

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-1.5.5 Patched: 1.5.6 Updated: June 30, 2026

LOW

sp-news-and-widget

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-4.8 Patched: 4.9 Updated: June 30, 2026

LOW

sp-faq

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-3.8 Patched: 3.9 Updated: June 30, 2026

LOW

smart-seo-tool

Score: N/A Smart SEO Tool-WordPress SEO优化插件 <= 4.0.1 - Cross-Site Request Forgery via 'wp_ajax_wb_smart_seo_tool' Affected: [*, 4.0.2) Patched: 4.0.2 Updated: June 30, 2026

LOW

schedule-posts-calendar

Score: N/A Schedule Posts Calendar <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings Affected: *-5.2 Patched: 5.3 Updated: June 30, 2026

LOW

schedule-posts-calendar

Score: N/A Schedule Posts Calendar <= 5.2 - Cross-Site Request Forgery Affected: *-5.2 Patched: 5.3 Updated: June 30, 2026

LOW

post-grid-and-filter-ultimate

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-1.5.2 Patched: 1.5.3 Updated: June 30, 2026

LOW

portfolio-and-projects

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-1.3.7 Patched: 1.3.8 Updated: June 30, 2026

LOW

popup-anything-on-click

Score: N/A Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-2.7 Patched: 2.8 Updated: June 30, 2026

LOW

Plausible Analytics

plausible-analytics

Score: N/A Plausible Analytics <= 1.3.3 - Reflected Cross-Site Scripting via page-url Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026

LOW

meta-slider-and-carousel-with-lightbox

Score: 93/100 Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-1.8.2 Patched: 1.8.3 Updated: June 30, 2026

LOW

html5-videogallery-plus-player

Score: 93/100 Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-2.6.5 Patched: 2.6.6 Updated: June 30, 2026

LOW

fitness-calculators

Score: 93/100 Fitness calculators plugin <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings Affected: *-2.0.8 Patched: 2.0.9 Updated: June 30, 2026

LOW

featured-post-creative

Score: 93/100 Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026

LOW

custom-admin-login-styler-wpzest

Score: 91/100 Custom Admin Login Page | WPZest <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: Updated: June 30, 2026

LOW

ct-commerce

Score: 91/100 CT Commerce <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings Affected: *-2.0.1 Patched: Updated: June 30, 2026

LOW

countdown-timer-ultimate

Score: 93/100 Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-2.4 Patched: 2.4.1 Updated: June 30, 2026

LOW

comments-like-dislike

Score: 93/100 Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset Affected: *-1.2.0 Patched: 1.2.1 Updated: June 30, 2026

LOW

carrrot

Score: 91/100 Carrot <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1.0 Patched: Updated: June 30, 2026

LOW

blog-designer-for-post-and-widget

Score: 93/100 Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-2.5.1 Patched: 2.5.2 Updated: June 30, 2026

LOW

album-and-image-gallery-plus-lightbox

Score: 97/100 Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-1.7 Patched: 1.7.1 Updated: June 30, 2026

LOW

accordion-slider

Score: 97/100 Accordion Slider <= 1.9.6 - Missing Authorization to Notice Dismissal Affected: *-1.9.6 Patched: 1.9.7 Updated: June 30, 2026

LOW

accordion-and-accordion-slider

Score: 97/100 Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

wp-remote-users-sync

Score: N/A WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery Affected: *-1.2.12 Patched: 1.2.13 Updated: June 30, 2026

LOW

wp-remote-users-sync

Score: N/A WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View Affected: *-1.2.11 Patched: 1.2.12 Updated: June 30, 2026

LOW

woocommerce-putler-connector

Score: N/A Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'putler_connector_sync_complete' Affected: *-2.12.0 Patched: 2.13.0 Updated: June 30, 2026

LOW

woocommerce-putler-connector

Score: N/A Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'send_resync_request' Affected: *-2.12.0 Patched: 2.13.0 Updated: June 30, 2026

LOW

Robo Gallery – Photo & Image Slider

robo-gallery

Score: N/A Robo Gallery <= 3.2.15 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: *-3.2.15 Patched: 3.2.16 Updated: June 30, 2026

LOW

wp-line-notify

Score: N/A LINE Notify <= 1.4.4 - Reflected Cross-Site Scripting via 'uid' Affected: *-1.4.4 Patched: 1.4.5 Updated: June 30, 2026

LOW

woocommerce-products-quick-view

Score: N/A Products Quick View for WooCommerce <= 2.2.0 - Missing Authorization Affected: [*, 2.3.0) Patched: 2.3.0 Updated: June 30, 2026

LOW

woo-orders-tracking

Score: N/A Orders Tracking for WooCommerce <= 1.2.5 - Authenticated (Administrator+) Directory Traversal via 'file_url' Affected: *-1.2.5 Patched: 1.2.6 Updated: June 30, 2026

LOW

weblibrarian

Score: N/A WebLibrarian <= 3.5.8.1 - Reflected Cross-Site Scripting via multiple parameters Affected: *-3.5.8.1 Patched: 3.5.8.2 Updated: June 30, 2026

LOW

user-submitted-posts

Score: N/A User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content' Affected: *-20230809 Patched: 20230811 Updated: June 30, 2026

LOW

user-activity-log

Score: N/A User Activity Log <= 1.6.6 - IP Address Spoofing Affected: *-1.6.6 Patched: 1.6.7 Updated: June 30, 2026

LOW

media-from-ftp

Score: 93/100 Media from FTP <= 11.16 - Authenticated (Author+) Improper Privilege Management Affected: *-11.16 Patched: 11.17 Updated: June 30, 2026

LOW

make-paths-relative

Score: 93/100 Make Paths Relative <= 1.3.0 - Cross-Site Request Forgery via 'admin/class-make-paths-relative-admin.php' Affected: *-1.3.0 Patched: 2.0.0 Updated: June 30, 2026

LOW

iwp-client

Score: 93/100 InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure Affected: *-1.11.1 Patched: 1.12.1 Updated: June 30, 2026

LOW

Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution

file-manager-advanced

Score: 66/100 Advanced File Manager <= 5.1 - Authenticated (Administrator+) Arbitrary File and Folder Access Affected: *-5.1 Patched: 5.1.1 Updated: June 30, 2026

LOW

bdvs-password-reset

Score: 93/100 Password Reset with Code for WordPress REST API <= 0.0.15 - Weak Password Recovery Mechanism Affected: *-0.0.15 Patched: 0.0.16 Updated: June 30, 2026

LOW

123-chat-videochat

Score: 95/100 123.chat <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: *-1.3.0 Patched: 1.3.1 Updated: June 30, 2026

LOW

jupiterx-core

Score: 93/100 JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization Affected: 3.0.0-3.3.0 Patched: 3.3.5 Updated: June 30, 2026

LOW

jupiterx-core

Score: 93/100 JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization Affected: 3.0.0-3.3.0 Patched: 3.3.5 Updated: June 30, 2026

LOW

Score: N/A Premium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege Escalation Affected: *-5.7.4 Patched: 5.7.5 Updated: June 30, 2026

LOW

wp-pipes

Score: N/A WP Pipes <= 1.4.0 - Cross-Site Request Forgery to Settings Update Affected: [*, 1.4.1) Patched: 1.4.1 Updated: June 30, 2026

LOW

wp-like-button

Score: N/A WP Like Button <= 1.6.11 - Cross-Site Request Forgery via 'saveData' Affected: *-1.6.11 Patched: 1.7.0 Updated: June 30, 2026

LOW

wp-html-mail

Score: N/A WP HTML Mail <= 3.4.0 - Cross-Site Request Forgery via 'send_test' Affected: *-3.4.0 Patched: 3.4.1 Updated: June 30, 2026

LOW

wp-404-auto-redirect-to-similar-post

Score: N/A WP 404 Auto Redirect to Similar Post <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

woo-product-attachment

Score: N/A WooCommerce Product Attachment <= 2.1.8 - Cross-Site Request Forgery Affected: *-2.1.8 Patched: 2.2.0 Updated: June 30, 2026

LOW

woo-pdf-invoice-builder

Score: N/A WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated (Subscriber+) SQL Injection via Export Affected: *-1.2.89 Patched: 1.2.90 Updated: June 30, 2026

LOW

woo-pdf-invoice-builder

Score: N/A WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save Affected: *-1.2.90 Patched: 1.2.91 Updated: June 30, 2026

LOW

stock-ticker

Score: N/A Stock Ticker <= 3.23.3 - Reflected Cross-Site Scripting in ajax_stockticker_load Affected: *-3.23.3 Patched: 3.23.4 Updated: June 30, 2026

LOW

smart-donations

Score: N/A Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Administrator+) SQL Injection Affected: *-4.0.12 Patched: Updated: June 30, 2026

LOW

sendpress

Score: N/A SendPress Newsletters <= 1.23.11.6 - Missing Authorization Affected: *-1.23.11.6 Patched: Updated: June 30, 2026

LOW

sb-child-list

Score: N/A SB Child List <= 4.5 - Cross-Site Request Forgery via 'sb_cl_update_settings' Affected: *-4.5 Patched: Updated: June 30, 2026

LOW

rate-my-post

Score: N/A Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference Affected: [*, 3.4.2) Patched: 3.4.2 Updated: June 30, 2026

LOW

printful-shipping-for-woocommerce

Score: N/A Printful Integration for WooCommerce <= 2.2.2 - Cross-Site Request Forgery Affected: *-2.2.2 Patched: 2.2.3 Updated: June 30, 2026

LOW

post-grid

Score: N/A Post Grid <= 2.2.50 - Missing Authorization to Sensitive Information Exposure via REST API Affected: *-2.2.50 Patched: 2.2.51 Updated: June 30, 2026

LOW

portfolio-and-projects

Score: N/A Portfolio and Projects <= 1.3.7 - Cross-Site Request Forgery via 'wpos_anylc_admin_init_process' Affected: *-1.3.7 Patched: 1.3.8 Updated: June 30, 2026

LOW

popup-by-supsystic

Score: N/A Popup by Supsystic <= 1.10.19 - Cross-Site Request Forgery Affected: *-1.10.19 Patched: 1.10.20 Updated: June 30, 2026

LOW

pixtypes

Score: N/A PixTypes <= 1.4.15 - Reflected Cross-Site Scripting Affected: *-1.4.15 Patched: 1.4.16 Updated: June 30, 2026

LOW

mailchimp-forms-by-mailmunch

Score: 93/100 MailChimp Forms by MailMunch <= 3.1.4 - Missing Authorization via multiple AJAX actions Affected: *-3.1.4 Patched: 3.1.5 Updated: June 30, 2026

LOW

kangu

Score: 93/100 Kangu para WooCommerce <= 2.2.10 - Reflected Cross-Site Scripting Affected: *-2.2.9 Patched: 2.2.10 Updated: June 30, 2026

LOW

imagerecycle-pdf-image-compression

Score: 93/100 ImageRecycle pdf & image compression <= 3.1.11 - Reflected Cross-Site Scripting Affected: *-3.1.11 Patched: 3.1.12 Updated: June 30, 2026

LOW

imagerecycle-pdf-image-compression

Score: 93/100 ImageRecycle pdf & image compression <= 3.1.10 - Reflected Cross-Site Scripting Affected: [*, 3.1.11) Patched: 3.1.11 Updated: June 30, 2026

LOW

high-compress

Score: 93/100 Highcompress Image Compressor <= 5.0.0 - Missing Authorization via multiple AJAX actions Affected: *-5.0.0 Patched: 6.0.0 Updated: June 30, 2026

LOW

futurio-extra

Score: 93/100 Futurio Extra <= 1.9.0 - Cross-Site Request Forgery Affected: *-1.9.0 Patched: 1.9.1 Updated: June 30, 2026

LOW

futurio-extra

Score: 93/100 Futurio Extra <= 1.8.2 - Cross-Site Request Forgery via 'futurio_extra_reset_mod' Affected: *-1.8.2 Patched: 1.8.3 Updated: June 30, 2026

LOW

flowpaper-lite-pdf-flipbook

Score: 93/100 flowpaper <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.9.9 Patched: 2.0.0 Updated: June 30, 2026

LOW

easy-cookie-law

Score: 91/100 Easy Cookie Law <= 3.1 - Cross-Site Request Forgery via 'ecl_options' Affected: *-3.1 Patched: Updated: June 30, 2026

LOW

avartan-slider-lite

Score: 91/100 Avartan Slider Lite <= 1.5.3 - Reflected Cross-Site Scripting via 'asview-nouce' Affected: *-1.5.3 Patched: Updated: June 30, 2026

LOW

armember

Score: 97/100 ARMember Premium <= 5.9.2 - Missing Authorization Affected: *-5.9.2 Patched: 5.9.3 Updated: June 30, 2026

LOW

accordion-and-accordion-slider

Score: 97/100 Accordion and Accordion Slider <= 1.2.4 - Missing Authorization via 'wp_aas_get_attachment_edit_form' and 'wp_aas_save_attachment_data' Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

yith-woocommerce-waiting-list

Score: N/A YITH WooCommerce Waiting List <= 2.6.0 - Cross-Site Request forgery via 'save_mail_status' Affected: *-2.6.0 Patched: 2.6.1 Updated: June 30, 2026

LOW

wp-categories-widget

Score: N/A WP Categories Widget <= 2.2 - Reflected Cross-Site Scripting Affected: *-2.2 Patched: 2.3 Updated: June 30, 2026

LOW

woocommerce-one-page-checkout

Score: N/A WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout` Affected: *-2.3.0 Patched: 2.4.0 Updated: June 30, 2026

LOW

stock-ticker

Score: N/A Stock Ticker <= 3.23.2 - Reflected Cross-Site Scripting in ajax_stockticker_symbol_search_test Affected: *-3.23.2 Patched: 3.23.3 Updated: June 30, 2026

LOW

post-timeline

Score: N/A Post Timeline <= 2.2.5 - Reflected Cross-Site Scripting Affected: *-2.2.5 Patched: 2.2.6 Updated: June 30, 2026

LOW

meeting-scheduler-by-vcita

Score: 93/100 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-4.3.2 Patched: 4.3.3 Updated: June 30, 2026

LOW

justified-gallery

Score: 93/100 Justified Gallery <= 1.7.3 - Missing Authorization via 'dismiss_how_to_use_notice' and 'dismiss_notice' Affected: *-1.7.3 Patched: 1.8.0 Updated: June 30, 2026

LOW

fusion-builder

Score: 93/100 Fusion Builder <= 3.11.1 - Cross-Site Request Forgery Affected: *-3.11.1 Patched: 3.11.2 Updated: June 30, 2026

LOW

fusion-builder

Score: 93/100 Fusion Builder <= 3.11.1 - Missing Authorization Affected: *-3.11.1 Patched: 3.11.2 Updated: June 30, 2026

LOW

fusion-builder

Score: 93/100 Fusion Builder <= 3.11.1 - Authenticated (Subscriber+) SQL Injection Affected: *-3.11.1 Patched: 3.11.2 Updated: June 30, 2026

LOW

fusion-builder

Score: 93/100 Fusion Builder <= 3.11.1 - Reflected Cross-Site Scripting via User Register Element Affected: *-3.11.1 Patched: 3.11.2 Updated: June 30, 2026

LOW

easyappointments

Score: 93/100 Easy!Appointments <= 1.4.0 - Authenticated(Subscriber+) Arbitrary File Deletion via 'disconnect' Affected: *-1.4.0 Patched: 1.4.1 Updated: June 30, 2026

LOW

demon-image-annotation

Score: 93/100 Demon image annotation <= 5.3 - Authenticated (Administrator+) SQL Injection Affected: *-5.3 Patched: 5.4 Updated: June 30, 2026

LOW

atarim-visual-collaboration

Score: 93/100 Atarim <= 3.9.3 - Reflected Cross-Site Scripting Affected: *-3.9.3 Patched: 3.9.4 Updated: June 30, 2026

LOW

agile-store-locator

Score: 97/100 Store Locator WordPress <= 1.4.12 - Reflected Cross-Site Scripting via 'asl-nounce' Affected: *-1.4.12 Patched: 1.4.13 Updated: June 30, 2026

Showing 24101 to 24200 of 36283 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 08:13 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List