Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
update-theme-and-plugins-from-zip-file	update-theme-and-plugins-from-zip-file	N/A	Update Theme and Plugins from Zip File <= 2.0.0 - Cross-Site Request Forgery	LOW	*-2.0.0		June 30, 2026
slider-images	slider-images	N/A	Slider Carousel – Responsive Image Slider <= 1.5.0 - Missing Authorization	LOW	*-1.5.0	1.5.1	June 30, 2026
simple-wp-sitemap	simple-wp-sitemap	N/A	Simple Wp Sitemap <= 1.2.1 - Cross-Site Request Forgery	LOW	*-1.2.1		June 30, 2026
saphali-woocommerce-lite	saphali-woocommerce-lite	N/A	Saphali Woocommerce Lite <= 1.8.13 - Cross-Site Request Forgery via 'woocommerce_saphali_page_s_l'	LOW	*-1.8.13	1.9.0	June 30, 2026
rvg-optimize-database	rvg-optimize-database	N/A	Optimize Database after Deleting Revisions <= 5.1.1 - Cross-Site Request Forgery via 'odb_start_manually'	LOW	*-5.1.1	5.2	June 30, 2026
rvg-optimize-database	rvg-optimize-database	N/A	Optimize Database after Deleting Revisions <= 5.0.110 - Cross-Site Request Forgery via 'odb_csv_download'	LOW	*-5.0.110	5.1	June 30, 2026
navz-photo-gallery	navz-photo-gallery	N/A	ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update	LOW	*-1.9	2.0	June 30, 2026
molongui-authorship	molongui-authorship	93	Molongui <= 4.6.19 - Reflected Cross-Site Scripting	LOW	*-4.6.19	4.6.20	June 30, 2026
meks-video-importer	meks-video-importer	93	Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	LOW	*-1.0.10	1.0.11	June 30, 2026
meks-time-ago	meks-time-ago	93	Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	LOW	*-1.1.6	1.1.7	June 30, 2026
meks-themeforest-smart-widget	meks-themeforest-smart-widget	93	Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	LOW	*-1.4	1.5	June 30, 2026
meks-smart-social-widget	meks-smart-social-widget	93	Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	LOW	*-1.6	1.6.1	June 30, 2026
meks-smart-author-widget	meks-smart-author-widget	93	Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	LOW	*-1.1.3	1.1.4	June 30, 2026
meks-simple-flickr-widget	meks-simple-flickr-widget	93	Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	LOW	*-1.2	1.3	June 30, 2026
meks-easy-maps	meks-easy-maps	91	Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	LOW	*-2.1.3	2.1.4	June 30, 2026
meks-easy-instagram-widget	meks-easy-instagram-widget	93	Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	LOW	*-1.2.7	1.2.8	June 30, 2026
meks-easy-ads-widget	meks-easy-ads-widget	93	Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	LOW	*-2.0.7	2.0.8	June 30, 2026
meks-audio-player	meks-audio-player	93	Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	LOW	*-1.2	1.3	June 30, 2026
instawp-connect	instawp-connect	93	InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver	LOW	*-0.0.9.18	0.0.9.19	June 30, 2026
http-auth	http-auth	93	HTTP Auth <= 0.3.2 - Cross-Site Request Forgery	LOW	*-0.3.2	1.0.0	June 30, 2026
church-admin	church-admin	93	Church Admin <= 3.7.56 - Server-Side Request Forgery via church_admin_import_csv	LOW	*-3.7.56	3.8.0	June 30, 2026
blog2social	blog2social	93	Blog2Social: Social Media Auto Post & Scheduler <= 7.2.0 - Reflected Cross-Site Scripting	LOW	[*, 7.2.1)	7.2.1	June 30, 2026
banner-management-for-woocommerce	banner-management-for-woocommerce	91	Woocommerce Category Banner Management <= 2.4.1 - Cross-Site Request Forgery	LOW	*-2.4.1	2.4.3	June 30, 2026
agp-font-awesome-collection	agp-font-awesome-collection	95	AGP Font Awesome Collection <= 3.2.4 - Reflected Cross-Site Scripting	LOW	*-3.2.4		June 30, 2026
wp-quick-post-duplicator	wp-quick-post-duplicator	N/A	WP Quick Post Duplicator <= 2.0 - Missing Authorization	LOW	*-2.0	2.1	June 30, 2026
video-conferencing-with-zoom-api	video-conferencing-with-zoom-api	N/A	Video Conferencing with Zoom <= 4.2.1 - Sensitive Information Exposure	LOW	*-4.2.1	4.2.2	June 30, 2026
The Events Calendar	the-events-calendar	N/A	The Events Calendar <= 6.1.2.2 - Missing Authorization	LOW	*-6.1.2.2	6.1.3	June 30, 2026
td-composer	td-composer	N/A	tagDiv Composer < 4.4 - Cross-Site Request Forgery to Cross-Site Scripting	LOW	[*, 4.4)	4.4	June 30, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms <= 3.6.25 - Reflected Cross-Site Scripting via 'data'	LOW	*-3.6.25	3.6.26	June 30, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms <= 3.6.25 - Missing Authorization to Contributor+ Form Submission Export	LOW	*-3.6.25	3.6.26	June 30, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms <= 3.6.25 - Missing Authorization to Form Submission Export	LOW	*-3.6.25	3.6.26	June 30, 2026
multiparcels-shipping-for-woocommerce	multiparcels-shipping-for-woocommerce	N/A	MultiParcels Shipping For WooCommerce <= 1.15.5 - Unauthenticated Stored Cross-Site Scripting	LOW	*-1.15.5	1.15.6	June 30, 2026
mobile-address-bar-changer	mobile-address-bar-changer	91	Mobile Address Bar Changer <= 3.0 - Cross-Site Request Forgery to Settings Update	LOW	*-3.0		June 30, 2026
wpml-string-translation	wpml-string-translation	N/A	WPML String Translation <= 3.2.5 - Authenticated (Administrator+) SQL Injection via 'context'	LOW	*-3.2.5	3.2.6	June 30, 2026
wp-qrcode-me-v-card	wp-qrcode-me-v-card	N/A	QR code MeCard/vCard generator <= 1.6.0 - Missing Authorization via wqm_make_url_permanent	LOW	*-1.6.0	1.6.1	June 30, 2026
wp-email	wp-email	N/A	WP-EMail <= 2.69.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	[*, 2.69.1)	2.69.1	June 30, 2026
wp-database-admin	wp-database-admin	N/A	WordPress Database Administrator <= 1.0.3 - Authenticated (Administrator+) SQL Injection	LOW	*-1.0.3		June 30, 2026
wedevs-project-manager	wedevs-project-manager	N/A	WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation	LOW	*-2.6.4	2.6.5	June 30, 2026
user-activity-log	user-activity-log	N/A	User Activity Log <= 1.6.4 - Unauthenticated SQL Injection	LOW	*-1.6.4	1.6.5	June 30, 2026
Ultra Addons for Contact Form 7	ultimate-addons-for-contact-form-7	70	Ultimate Addons for Contact Form 7 <= 3.1.28 - Reflected Cross-Site Scripting	LOW	[*, 3.1.29)	3.1.29	June 30, 2026
Ultra Addons for Contact Form 7	ultimate-addons-for-contact-form-7	70	Ultimate Addons for Contact Form 7 <= 3.1.28 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	[*, 3.1.29)	3.1.29	June 30, 2026
taboola	taboola	N/A	Taboola <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update	LOW	*-2.0.1	20.2	June 30, 2026
smart-donations	smart-donations	N/A	Donations Made Easy – Smart Donations <= 4.0.12 - Missing Authorization	LOW	*-4.0.12		June 30, 2026
simple-googlebot-visit	simple-googlebot-visit	N/A	Simple Googlebot Visit <= 1.2.4 - Missing Authorization to Settings Update	LOW	*-1.2.4	1.2.5	June 30, 2026
simple-author-box	simple-author-box	N/A	Simple Author Box <= 2.51 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary User Sensitive Information Exposure	LOW	*-2.51	2.52	June 30, 2026
remove-duplicate-posts	remove-duplicate-posts	N/A	Remove Duplicate Posts <= 1.3.5 - Missing Authorization to Post Deletion	LOW	*-1.3.5	1.3.6	June 30, 2026
quasar-form	quasar-form	N/A	Quasar form <= 6.1 - Authenticated (Subscriber+) SQL Injection via 'id'	LOW	*-6.1		June 30, 2026
post-to-google-my-business	post-to-google-my-business	N/A	Post to Google My Business <= 3.1.14 - Cross-Site Request Forgery to Dismiss Notification	LOW	[*, 3.1.15)	3.1.15	June 30, 2026
perelink	perelink	N/A	Perelink Pro <= 2.1.4 - Cross-Site Request Forgery to Settings Update	LOW	*-2.1.4		June 30, 2026
patron-button-and-widgets-by-codebard	patron-button-and-widgets-by-codebard	N/A	CodeBard's Patron Button and Widgets for Patreon <= 2.1.8 - Reflected Cross-Site Scripting via 'site_account'	LOW	*-2.1.8	2.1.9	June 30, 2026
lws-affiliation	lws-affiliation	91	LWS Affiliation <= 2.2.6 - Unauthenticated Remote/Local File Inclusion	LOW	*-2.2.6	2.3	June 30, 2026
local-development	local-development	93	Local Development <=2.8.2 - Cross-Site Request Forgery to Settings Update	LOW	*-2.8.2	2.8.3	June 30, 2026
instant-css	instant-css	93	Instant CSS <= 1.1.4 - Missing Authorization via AJAX Actions	LOW	*-1.1.4	1.1.5	June 30, 2026
google-map-shortcode	google-map-shortcode	87	Google Map Shortcode <= 3.1.2 - Cross-Site Request Forgery to Plugin Setting Update	LOW	*-3.1.2		June 30, 2026
custom-field-template	custom-field-template	93	Custom Field Template <= 2.5.9 - Reflected Cross-Site Scripting	LOW	*-2.5.9	2.6.0	June 30, 2026
custom-field-for-wp-job-manager	custom-field-for-wp-job-manager	93	Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1	1.2	June 30, 2026
clone-menu	clone-menu	91	WP Clone Menu <= 1.0.1 - Missing Authorization to Menu Clone	LOW	*-1.0.1		June 30, 2026
booster-for-elementor	booster-for-elementor	91	Booster Elementor Addons <= 1.4.9 - Missing Authorization	LOW	*-1.4.9		June 30, 2026
bit-form	bit-form	93	Contact Form Builder by Bit Form <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-2.1.0	2.2.0	June 30, 2026
wp-schema-pro	wp-schema-pro	N/A	Schema Pro <= 2.7.7 - Cross-Site Request Forgery	LOW	*-2.7.7	2.7.8	June 30, 2026
EasyTest – Simplify A/B Testing	convertpro	83	Convert Pro <= 1.7.5 - Missing Authorization	LOW	*-1.7.5	1.7.6	June 30, 2026
wrc-pricing-tables	wrc-pricing-tables	N/A	WRC Pricing Tables <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.3.4	2.3.5	June 30, 2026
wpstream	wpstream	N/A	WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.5.4 - Cross-Site Request Forgery via wpstream_update_local_event_settings	LOW	*-4.5.4	4.5.5	June 30, 2026
wplr-sync	wplr-sync	N/A	Photo Engine <= 6.2.5 - Authenticated (Author+) Insecure Direct Object Reference in ajax_generate_auth_token	LOW	*-6.2.5	6.2.6	June 30, 2026
wp-woocommerce-quickbooks	wp-woocommerce-quickbooks	N/A	Integration for WooCommerce and QuickBooks <= 1.2.3 - Open Redirect via setup_plugin	LOW	*-1.2.3	1.2.4	June 30, 2026
wp-media-library-categories	wp-media-library-categories	N/A	Media Library Categories <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0.0	2.0.1	June 30, 2026
wp-flybox	wp-flybox	N/A	WP-FlyBox <= 6.46 - Cross-Site Request Forgery	LOW	*-6.46		June 30, 2026
wordpress-language	wordpress-language	N/A	Language <= 1.2.1 - Missing Authorization	LOW	*-1.2.1		June 30, 2026
woo-zoho	woo-zoho	N/A	Integration for WooCommerce and Zoho CRM <= 1.3.6 - Open Redirect via setup_plugin	LOW	[*, 1.3.7)	1.3.7	June 30, 2026
tx-onepager	tx-onepager	N/A	Onepage Builder – Easiest Landing Page Builder For WordPress <= 2.4.1 - Authenticated (Administrator+) SQL Injection	LOW	*-2.4.1		June 30, 2026
ts-webfonts-for-sakura	ts-webfonts-for-sakura	N/A	TS Webfonts for SAKURA <= 3.1.2 - Cross-Site Request Forgery	LOW	*-3.1.2	3.1.3	June 30, 2026
ts-webfonts-for-sakura	ts-webfonts-for-sakura	N/A	TS Webfonts for SAKURA <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	*-3.1.0	3.1.1	June 30, 2026
thesography	thesography	N/A	Exifography <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.3.1		June 30, 2026
subscribe-to-category	subscribe-to-category	N/A	Subscribe to Category <= 2.7.4 - Unauthenticated SQL Injection	LOW	*-2.7.4		June 30, 2026
postaffiliatepro	postaffiliatepro	N/A	Post Affiliate Pro <= 1.24.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.24.9	1.25.0	June 30, 2026
post-connector	post-connector	N/A	Post Connector <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.9	1.0.10	June 30, 2026
oxygen	oxygen	N/A	Oxygen < 4.4 - Cross-Site Request Forgery	LOW	[*, 4.4)	4.4	June 30, 2026
jupiterx-core	jupiterx-core	93	Jupiter X Core <= 4.6.6 - Unauthenticated Arbitrary File Download	LOW	*-4.6.6	4.6.9	June 30, 2026
gestion-pymes	gestion-pymes	91	Gestion-Pymes <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.5.6		June 30, 2026
Elastic Email Sender	elastic-email-sender	94	Elastic Email Sender <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.6	1.2.7	June 30, 2026
easync-booking	easync-booking	93	eaSYNC <= 1.3.11 - Reflected Cross-Site Scripting	LOW	*-1.3.11	1.3.12	June 30, 2026
disabler	disabler	93	Disabler <= 3.0.3 - Cross-Site Request Forgery	LOW	*-3.0.3	4.0.0	June 30, 2026
client-portal-suitedash-login	client-portal-suitedash-login	93	Client Portal : SuiteDash Direct Login <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.7.3	1.7.5	June 30, 2026
borderless	borderless	93	Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.4.8	1.4.9	June 30, 2026
booking-system	booking-system	91	Pinpoint Booking System <= 2.9.9.3.4 - Content Spoofing	LOW	*-2.9.9.3.4	2.9.9.3.5	June 30, 2026
audio-player-with-playlist-ultimate	audio-player-with-playlist-ultimate	93	Audio Player with Playlist Ultimate <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.2.2	1.3	June 30, 2026
wpshopgermany-it-recht-kanzlei	wpshopgermany-it-recht-kanzlei	N/A	wpShopGermany IT-RECHT KANZLEI <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.7	1.8	June 30, 2026
wpbrutalai	wpbrutalai	N/A	WP Brutal AI < 2.06 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 2.06)	2.06	June 30, 2026
wp-emoji-one	wp-emoji-one	N/A	WP Emoji One <= 0.6.0 - Cross-Site Request Forgery	LOW	*-0.6.0		June 30, 2026
wp-copyprotect	wp-copyprotect	N/A	WP-CopyProtect [Protect your blog posts] <= 3.1.0 - Cross-Site Request Forgery via CopyProtect_options_page	LOW	*-3.1.0		June 30, 2026
smarty-for-wordpress	smarty-for-wordpress	N/A	Smarty for WordPress <= 3.1.35 - Cross-Site Request Forgery via displaySmartyManagementPage	LOW	*-3.1.35		June 30, 2026
post-list-with-featured-image	post-list-with-featured-image	N/A	Post List With Featured Image <= 1.2 - Reflected Cross-Site Scripting	LOW	*-1.2		June 30, 2026
gtmetrix-for-wordpress	gtmetrix-for-wordpress	93	GTmetrix for WordPress <= 0.4.7 - Cross-Site Request Forgery	LOW	*-0.4.7	0.4.8	June 30, 2026
Essential Addons for Elementor – Popular Elementor Templates & Widgets	essential-addons-for-elementor-lite	85	Essential Addons For Elementor <=5.8.1 - Unauthenticated MailChimp API Key Disclosure	LOW	*-5.8.1	5.8.2	June 30, 2026
Elementor Website Builder – more than just a page builder	elementor	79	Elementor <= 3.5.4 - DOM-Based iFrame Injection	LOW	*-3.5.4	3.5.5	June 30, 2026
art-decoration-shortcode	art-decoration-shortcode	95	Art Decoration Shortcode <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-1.5.6		June 30, 2026
arscode-ninja-popups	arscode-ninja-popups	95	Ninja Popups <= 4.7.7 - Open Redirect	LOW	*-4.7.7	4.7.8	June 30, 2026
3-word-address-validation-field	3-word-address-validation-field	97	what3words Address Field <= 4.0.0 - Authenticated (Administrator+) Sensitive Information Exposure in class-w3w-autosuggest-public.php	LOW	*-4.0.0	4.0.1	June 30, 2026
yet-another-related-posts-plugin	yet-another-related-posts-plugin	N/A	YARPP – Yet Another Related Posts Plugin <= 5.30.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-5.30.3	5.30.4	June 30, 2026
wpbulky-wp-bulk-edit-post-types	wpbulky-wp-bulk-edit-post-types	N/A	WPBulky <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.0.9	1.0.10	June 30, 2026

LOW

update-theme-and-plugins-from-zip-file

Score: N/A Update Theme and Plugins from Zip File <= 2.0.0 - Cross-Site Request Forgery Affected: *-2.0.0 Patched: Updated: June 30, 2026

LOW

slider-images

Score: N/A Slider Carousel – Responsive Image Slider <= 1.5.0 - Missing Authorization Affected: *-1.5.0 Patched: 1.5.1 Updated: June 30, 2026

LOW

simple-wp-sitemap

Score: N/A Simple Wp Sitemap <= 1.2.1 - Cross-Site Request Forgery Affected: *-1.2.1 Patched: Updated: June 30, 2026

LOW

saphali-woocommerce-lite

Score: N/A Saphali Woocommerce Lite <= 1.8.13 - Cross-Site Request Forgery via 'woocommerce_saphali_page_s_l' Affected: *-1.8.13 Patched: 1.9.0 Updated: June 30, 2026

LOW

rvg-optimize-database

Score: N/A Optimize Database after Deleting Revisions <= 5.1.1 - Cross-Site Request Forgery via 'odb_start_manually' Affected: *-5.1.1 Patched: 5.2 Updated: June 30, 2026

LOW

rvg-optimize-database

Score: N/A Optimize Database after Deleting Revisions <= 5.0.110 - Cross-Site Request Forgery via 'odb_csv_download' Affected: *-5.0.110 Patched: 5.1 Updated: June 30, 2026

LOW

navz-photo-gallery

Score: N/A ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update Affected: *-1.9 Patched: 2.0 Updated: June 30, 2026

LOW

molongui-authorship

Score: 93/100 Molongui <= 4.6.19 - Reflected Cross-Site Scripting Affected: *-4.6.19 Patched: 4.6.20 Updated: June 30, 2026

LOW

meks-video-importer

Score: 93/100 Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification Affected: *-1.0.10 Patched: 1.0.11 Updated: June 30, 2026

LOW

meks-time-ago

Score: 93/100 Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification Affected: *-1.1.6 Patched: 1.1.7 Updated: June 30, 2026

LOW

meks-themeforest-smart-widget

Score: 93/100 Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026

LOW

meks-smart-social-widget

Score: 93/100 Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification Affected: *-1.6 Patched: 1.6.1 Updated: June 30, 2026

LOW

meks-smart-author-widget

Score: 93/100 Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

meks-simple-flickr-widget

Score: 93/100 Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification Affected: *-1.2 Patched: 1.3 Updated: June 30, 2026

LOW

meks-easy-maps

Score: 91/100 Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification Affected: *-2.1.3 Patched: 2.1.4 Updated: June 30, 2026

LOW

meks-easy-instagram-widget

Score: 93/100 Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification Affected: *-1.2.7 Patched: 1.2.8 Updated: June 30, 2026

LOW

meks-easy-ads-widget

Score: 93/100 Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification Affected: *-2.0.7 Patched: 2.0.8 Updated: June 30, 2026

LOW

meks-audio-player

Score: 93/100 Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification Affected: *-1.2 Patched: 1.3 Updated: June 30, 2026

LOW

Score: 93/100 InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver Affected: *-0.0.9.18 Patched: 0.0.9.19 Updated: June 30, 2026

LOW

http-auth

Score: 93/100 HTTP Auth <= 0.3.2 - Cross-Site Request Forgery Affected: *-0.3.2 Patched: 1.0.0 Updated: June 30, 2026

LOW

church-admin

Score: 93/100 Church Admin <= 3.7.56 - Server-Side Request Forgery via church_admin_import_csv Affected: *-3.7.56 Patched: 3.8.0 Updated: June 30, 2026

LOW

blog2social

Score: 93/100 Blog2Social: Social Media Auto Post & Scheduler <= 7.2.0 - Reflected Cross-Site Scripting Affected: [*, 7.2.1) Patched: 7.2.1 Updated: June 30, 2026

LOW

banner-management-for-woocommerce

Score: 91/100 Woocommerce Category Banner Management <= 2.4.1 - Cross-Site Request Forgery Affected: *-2.4.1 Patched: 2.4.3 Updated: June 30, 2026

LOW

agp-font-awesome-collection

Score: 95/100 AGP Font Awesome Collection <= 3.2.4 - Reflected Cross-Site Scripting Affected: *-3.2.4 Patched: Updated: June 30, 2026

LOW

wp-quick-post-duplicator

Score: N/A WP Quick Post Duplicator <= 2.0 - Missing Authorization Affected: *-2.0 Patched: 2.1 Updated: June 30, 2026

LOW

video-conferencing-with-zoom-api

Score: N/A Video Conferencing with Zoom <= 4.2.1 - Sensitive Information Exposure Affected: *-4.2.1 Patched: 4.2.2 Updated: June 30, 2026

LOW

The Events Calendar

the-events-calendar

Score: N/A The Events Calendar <= 6.1.2.2 - Missing Authorization Affected: *-6.1.2.2 Patched: 6.1.3 Updated: June 30, 2026

LOW

td-composer

Score: N/A tagDiv Composer < 4.4 - Cross-Site Request Forgery to Cross-Site Scripting Affected: [*, 4.4) Patched: 4.4 Updated: June 30, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms <= 3.6.25 - Reflected Cross-Site Scripting via 'data' Affected: *-3.6.25 Patched: 3.6.26 Updated: June 30, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms <= 3.6.25 - Missing Authorization to Contributor+ Form Submission Export Affected: *-3.6.25 Patched: 3.6.26 Updated: June 30, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms <= 3.6.25 - Missing Authorization to Form Submission Export Affected: *-3.6.25 Patched: 3.6.26 Updated: June 30, 2026

LOW

multiparcels-shipping-for-woocommerce

Score: N/A MultiParcels Shipping For WooCommerce <= 1.15.5 - Unauthenticated Stored Cross-Site Scripting Affected: *-1.15.5 Patched: 1.15.6 Updated: June 30, 2026

LOW

mobile-address-bar-changer

Score: 91/100 Mobile Address Bar Changer <= 3.0 - Cross-Site Request Forgery to Settings Update Affected: *-3.0 Patched: Updated: June 30, 2026

LOW

wpml-string-translation

Score: N/A WPML String Translation <= 3.2.5 - Authenticated (Administrator+) SQL Injection via 'context' Affected: *-3.2.5 Patched: 3.2.6 Updated: June 30, 2026

LOW

wp-qrcode-me-v-card

Score: N/A QR code MeCard/vCard generator <= 1.6.0 - Missing Authorization via wqm_make_url_permanent Affected: *-1.6.0 Patched: 1.6.1 Updated: June 30, 2026

LOW

wp-email

Score: N/A WP-EMail <= 2.69.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 2.69.1) Patched: 2.69.1 Updated: June 30, 2026

LOW

wp-database-admin

Score: N/A WordPress Database Administrator <= 1.0.3 - Authenticated (Administrator+) SQL Injection Affected: *-1.0.3 Patched: Updated: June 30, 2026

LOW

wedevs-project-manager

Score: N/A WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation Affected: *-2.6.4 Patched: 2.6.5 Updated: June 30, 2026

LOW

user-activity-log

Score: N/A User Activity Log <= 1.6.4 - Unauthenticated SQL Injection Affected: *-1.6.4 Patched: 1.6.5 Updated: June 30, 2026

LOW

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

Score: 70/100 Ultimate Addons for Contact Form 7 <= 3.1.28 - Reflected Cross-Site Scripting Affected: [*, 3.1.29) Patched: 3.1.29 Updated: June 30, 2026

LOW

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

Score: 70/100 Ultimate Addons for Contact Form 7 <= 3.1.28 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 3.1.29) Patched: 3.1.29 Updated: June 30, 2026

LOW

taboola

Score: N/A Taboola <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update Affected: *-2.0.1 Patched: 20.2 Updated: June 30, 2026

LOW

smart-donations

Score: N/A Donations Made Easy – Smart Donations <= 4.0.12 - Missing Authorization Affected: *-4.0.12 Patched: Updated: June 30, 2026

LOW

simple-googlebot-visit

Score: N/A Simple Googlebot Visit <= 1.2.4 - Missing Authorization to Settings Update Affected: *-1.2.4 Patched: 1.2.5 Updated: June 30, 2026

LOW

simple-author-box

Score: N/A Simple Author Box <= 2.51 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary User Sensitive Information Exposure Affected: *-2.51 Patched: 2.52 Updated: June 30, 2026

LOW

remove-duplicate-posts

Score: N/A Remove Duplicate Posts <= 1.3.5 - Missing Authorization to Post Deletion Affected: *-1.3.5 Patched: 1.3.6 Updated: June 30, 2026

LOW

quasar-form

Score: N/A Quasar form <= 6.1 - Authenticated (Subscriber+) SQL Injection via 'id' Affected: *-6.1 Patched: Updated: June 30, 2026

LOW

post-to-google-my-business

Score: N/A Post to Google My Business <= 3.1.14 - Cross-Site Request Forgery to Dismiss Notification Affected: [*, 3.1.15) Patched: 3.1.15 Updated: June 30, 2026

LOW

perelink

Score: N/A Perelink Pro <= 2.1.4 - Cross-Site Request Forgery to Settings Update Affected: *-2.1.4 Patched: Updated: June 30, 2026

LOW

patron-button-and-widgets-by-codebard

Score: N/A CodeBard's Patron Button and Widgets for Patreon <= 2.1.8 - Reflected Cross-Site Scripting via 'site_account' Affected: *-2.1.8 Patched: 2.1.9 Updated: June 30, 2026

LOW

lws-affiliation

Score: 91/100 LWS Affiliation <= 2.2.6 - Unauthenticated Remote/Local File Inclusion Affected: *-2.2.6 Patched: 2.3 Updated: June 30, 2026

LOW

local-development

Score: 93/100 Local Development <=2.8.2 - Cross-Site Request Forgery to Settings Update Affected: *-2.8.2 Patched: 2.8.3 Updated: June 30, 2026

LOW

instant-css

Score: 93/100 Instant CSS <= 1.1.4 - Missing Authorization via AJAX Actions Affected: *-1.1.4 Patched: 1.1.5 Updated: June 30, 2026

LOW

google-map-shortcode

Score: 87/100 Google Map Shortcode <= 3.1.2 - Cross-Site Request Forgery to Plugin Setting Update Affected: *-3.1.2 Patched: Updated: June 30, 2026

LOW

custom-field-template

Score: 93/100 Custom Field Template <= 2.5.9 - Reflected Cross-Site Scripting Affected: *-2.5.9 Patched: 2.6.0 Updated: June 30, 2026

LOW

custom-field-for-wp-job-manager

Score: 93/100 Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1 Patched: 1.2 Updated: June 30, 2026

LOW

clone-menu

Score: 91/100 WP Clone Menu <= 1.0.1 - Missing Authorization to Menu Clone Affected: *-1.0.1 Patched: Updated: June 30, 2026

LOW

booster-for-elementor

Score: 91/100 Booster Elementor Addons <= 1.4.9 - Missing Authorization Affected: *-1.4.9 Patched: Updated: June 30, 2026

LOW

bit-form

Score: 93/100 Contact Form Builder by Bit Form <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-2.1.0 Patched: 2.2.0 Updated: June 30, 2026

LOW

wp-schema-pro

Score: N/A Schema Pro <= 2.7.7 - Cross-Site Request Forgery Affected: *-2.7.7 Patched: 2.7.8 Updated: June 30, 2026

LOW

EasyTest – Simplify A/B Testing

convertpro

Score: 83/100 Convert Pro <= 1.7.5 - Missing Authorization Affected: *-1.7.5 Patched: 1.7.6 Updated: June 30, 2026

LOW

wrc-pricing-tables

Score: N/A WRC Pricing Tables <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.4 Patched: 2.3.5 Updated: June 30, 2026

LOW

wpstream

Score: N/A WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.5.4 - Cross-Site Request Forgery via wpstream_update_local_event_settings Affected: *-4.5.4 Patched: 4.5.5 Updated: June 30, 2026

LOW

wplr-sync

Score: N/A Photo Engine <= 6.2.5 - Authenticated (Author+) Insecure Direct Object Reference in ajax_generate_auth_token Affected: *-6.2.5 Patched: 6.2.6 Updated: June 30, 2026

LOW

wp-woocommerce-quickbooks

Score: N/A Integration for WooCommerce and QuickBooks <= 1.2.3 - Open Redirect via setup_plugin Affected: *-1.2.3 Patched: 1.2.4 Updated: June 30, 2026

LOW

wp-media-library-categories

Score: N/A Media Library Categories <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0.0 Patched: 2.0.1 Updated: June 30, 2026

LOW

wp-flybox

Score: N/A WP-FlyBox <= 6.46 - Cross-Site Request Forgery Affected: *-6.46 Patched: Updated: June 30, 2026

LOW

wordpress-language

Score: N/A Language <= 1.2.1 - Missing Authorization Affected: *-1.2.1 Patched: Updated: June 30, 2026

LOW

woo-zoho

Score: N/A Integration for WooCommerce and Zoho CRM <= 1.3.6 - Open Redirect via setup_plugin Affected: [*, 1.3.7) Patched: 1.3.7 Updated: June 30, 2026

LOW

tx-onepager

Score: N/A Onepage Builder – Easiest Landing Page Builder For WordPress <= 2.4.1 - Authenticated (Administrator+) SQL Injection Affected: *-2.4.1 Patched: Updated: June 30, 2026

LOW

ts-webfonts-for-sakura

Score: N/A TS Webfonts for SAKURA <= 3.1.2 - Cross-Site Request Forgery Affected: *-3.1.2 Patched: 3.1.3 Updated: June 30, 2026

LOW

ts-webfonts-for-sakura

Score: N/A TS Webfonts for SAKURA <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: *-3.1.0 Patched: 3.1.1 Updated: June 30, 2026

LOW

thesography

Score: N/A Exifography <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.1 Patched: Updated: June 30, 2026

LOW

subscribe-to-category

Score: N/A Subscribe to Category <= 2.7.4 - Unauthenticated SQL Injection Affected: *-2.7.4 Patched: Updated: June 30, 2026

LOW

postaffiliatepro

Score: N/A Post Affiliate Pro <= 1.24.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.24.9 Patched: 1.25.0 Updated: June 30, 2026

LOW

post-connector

Score: N/A Post Connector <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.0.10 Updated: June 30, 2026

LOW

oxygen

Score: N/A Oxygen < 4.4 - Cross-Site Request Forgery Affected: [*, 4.4) Patched: 4.4 Updated: June 30, 2026

LOW

jupiterx-core

Score: 93/100 Jupiter X Core <= 4.6.6 - Unauthenticated Arbitrary File Download Affected: *-4.6.6 Patched: 4.6.9 Updated: June 30, 2026

LOW

gestion-pymes

Score: 91/100 Gestion-Pymes <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.5.6 Patched: Updated: June 30, 2026

LOW

Elastic Email Sender

elastic-email-sender

Score: 94/100 Elastic Email Sender <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.6 Patched: 1.2.7 Updated: June 30, 2026

LOW

easync-booking

Score: 93/100 eaSYNC <= 1.3.11 - Reflected Cross-Site Scripting Affected: *-1.3.11 Patched: 1.3.12 Updated: June 30, 2026

LOW

disabler

Score: 93/100 Disabler <= 3.0.3 - Cross-Site Request Forgery Affected: *-3.0.3 Patched: 4.0.0 Updated: June 30, 2026

LOW

client-portal-suitedash-login

Score: 93/100 Client Portal : SuiteDash Direct Login <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.3 Patched: 1.7.5 Updated: June 30, 2026

LOW

borderless

Score: 93/100 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.4.8 Patched: 1.4.9 Updated: June 30, 2026

LOW

booking-system

Score: 91/100 Pinpoint Booking System <= 2.9.9.3.4 - Content Spoofing Affected: *-2.9.9.3.4 Patched: 2.9.9.3.5 Updated: June 30, 2026

LOW

audio-player-with-playlist-ultimate

Score: 93/100 Audio Player with Playlist Ultimate <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.2.2 Patched: 1.3 Updated: June 30, 2026

LOW

wpshopgermany-it-recht-kanzlei

Score: N/A wpShopGermany IT-RECHT KANZLEI <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7 Patched: 1.8 Updated: June 30, 2026

LOW

wpbrutalai

Score: N/A WP Brutal AI < 2.06 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 2.06) Patched: 2.06 Updated: June 30, 2026

LOW

wp-emoji-one

Score: N/A WP Emoji One <= 0.6.0 - Cross-Site Request Forgery Affected: *-0.6.0 Patched: Updated: June 30, 2026

LOW

wp-copyprotect

Score: N/A WP-CopyProtect [Protect your blog posts] <= 3.1.0 - Cross-Site Request Forgery via CopyProtect_options_page Affected: *-3.1.0 Patched: Updated: June 30, 2026

LOW

smarty-for-wordpress

Score: N/A Smarty for WordPress <= 3.1.35 - Cross-Site Request Forgery via displaySmartyManagementPage Affected: *-3.1.35 Patched: Updated: June 30, 2026

LOW

post-list-with-featured-image

Score: N/A Post List With Featured Image <= 1.2 - Reflected Cross-Site Scripting Affected: *-1.2 Patched: Updated: June 30, 2026

LOW

gtmetrix-for-wordpress

Score: 93/100 GTmetrix for WordPress <= 0.4.7 - Cross-Site Request Forgery Affected: *-0.4.7 Patched: 0.4.8 Updated: June 30, 2026

LOW

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Score: 85/100 Essential Addons For Elementor <=5.8.1 - Unauthenticated MailChimp API Key Disclosure Affected: *-5.8.1 Patched: 5.8.2 Updated: June 30, 2026

LOW

Elementor Website Builder – more than just a page builder

elementor

Score: 79/100 Elementor <= 3.5.4 - DOM-Based iFrame Injection Affected: *-3.5.4 Patched: 3.5.5 Updated: June 30, 2026

LOW

art-decoration-shortcode

Score: 95/100 Art Decoration Shortcode <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-1.5.6 Patched: Updated: June 30, 2026

LOW

arscode-ninja-popups

Score: 95/100 Ninja Popups <= 4.7.7 - Open Redirect Affected: *-4.7.7 Patched: 4.7.8 Updated: June 30, 2026

LOW

3-word-address-validation-field

Score: 97/100 what3words Address Field <= 4.0.0 - Authenticated (Administrator+) Sensitive Information Exposure in class-w3w-autosuggest-public.php Affected: *-4.0.0 Patched: 4.0.1 Updated: June 30, 2026

LOW

yet-another-related-posts-plugin

Score: N/A YARPP – Yet Another Related Posts Plugin <= 5.30.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-5.30.3 Patched: 5.30.4 Updated: June 30, 2026

LOW

wpbulky-wp-bulk-edit-post-types

Score: N/A WPBulky <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.0.9 Patched: 1.0.10 Updated: June 30, 2026

Showing 24301 to 24400 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 05:19 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List