Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
wp-food-manager	wp-food-manager	N/A	WP Food Manager <= 1.0.3 - Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.3	1.0.4	June 30, 2026
whatshelp-chat-button	whatshelp-chat-button	N/A	Chat Button <= 1.8.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.8.9.4	1.8.10	June 30, 2026
sliderspack-all-in-one-image-sliders	sliderspack-all-in-one-image-sliders	N/A	Slider a SlidersPack <= 2.0.2 - Missing Authorization via wp_spaios_save_attachment_data	LOW	*-2.0.2	2.3	June 30, 2026
shopping-pages	shopping-pages	N/A	WP Shopping Pages <= 1.14 - Cross-Site Request Forgery to Stored Cross-Site Scripting	LOW	*-1.14		June 30, 2026
shopconstruct	shopconstruct	N/A	ShopConstruct – Product Catalog, Shopping Cart and eCommerce solution for Store <= 1.1.2 - Reflected Cross-Site Scripting via multiple parameters	LOW	*-1.1.2		June 30, 2026
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings	seo-by-rank-math	85	Rank Math SEO <= 1.0.119 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	[*, 1.0.119.1)	1.0.119.1	June 30, 2026
Royal Addons for Elementor – Addons and Templates Kit for Elementor	royal-elementor-addons	N/A	Royal Elementor Addons <=1.3.70 - Unauthenticated MailChimp API Key Disclosure	LOW	*-1.3.70	1.3.71	June 30, 2026
quiz-master-next	quiz-master-next	N/A	Quiz And Survey Master <= 8.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Question Title	LOW	*-8.1.10	8.1.11	June 30, 2026
quiz-master-next	quiz-master-next	N/A	Quiz And Survey Master <= 8.1.10 - Excessive Quiz Attempts	LOW	*-8.1.10	8.1.11	June 30, 2026
qubely	qubely	N/A	Qubely – Advanced Gutenberg Blocks <= 1.8.5 - Insufficient Authorization	LOW	[*, 1.8.6)	1.8.6	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update	LOW	*-5.5.1	5.5.2	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.5.0 - Hardcoded Encryption Key	LOW	*-5.5.0	5.5.1	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation	LOW	*-5.5.2	5.5.3	June 30, 2026
profilegrid-user-profiles-groups-and-communities	profilegrid-user-profiles-groups-and-communities	N/A	ProfileGrid <= 5.5.1 - Missing Authorization to User Import	LOW	*-5.5.1	5.5.2	June 30, 2026
pdq-csv	pdq-csv	N/A	PDQ CSV <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.0.0	2.0.0	June 30, 2026
multiparcels-shipping-for-woocommerce	multiparcels-shipping-for-woocommerce	N/A	MultiParcels Shipping For WooCommerce <= 1.15.3 - Reflected Cross-Site Scripting	LOW	*-1.15.3	1.15.4	June 30, 2026
multiparcels-shipping-for-woocommerce	multiparcels-shipping-for-woocommerce	N/A	MultiParcels Shipping For WooCommerce <= 1.14.12 - Authenticated(Subscriber+) SQL Injection via id	LOW	*-1.14.12	1.14.15	June 30, 2026
multiparcels-shipping-for-woocommerce	multiparcels-shipping-for-woocommerce	N/A	MultiParcels Shipping For WooCommerce <= 1.14.13 - Missing Authorization via get_history	LOW	*-1.14.13	1.14.14	June 30, 2026
login-with-yourmembership	login-with-yourmembership	93	YourMembership Single Sign On <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-1.1.3	1.1.4	June 30, 2026
login-with-yourmembership	login-with-yourmembership	93	YourMembership Single Sign On <= 1.1.3 - Missing Authorization	LOW	*-1.1.3	1.1.4	June 30, 2026
kk-star-ratings	kk-star-ratings	93	kk Star Ratings <= 5.4.3 - IP Spoofing to Protection Mechanism Bypass	LOW	*-5.4.3	5.4.4	June 30, 2026
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager	insert-headers-and-footers	86	WPCode <= 2.0.13 - Unauthenticated Reflected Cross-Site Scripting via Tag Filter Links	LOW	*-2.0.13	2.0.13.1	June 30, 2026
indigitall-web-push-notifications	indigitall-web-push-notifications	93	IURNY by INDIGITALL – WhatsApp Chat, Web Push Notifications (FREE) <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	[*, 3.2.3)	3.2.3	June 30, 2026
food-and-drink-menu	food-and-drink-menu	93	Restaurant Menu and Food Ordering by Five Star Plugins <= 2.4.6 - Cross-Site Request Forgery via maybe_duplicate_item	LOW	[*, 2.4.7)	2.4.7	June 30, 2026
easyship-woocommerce-shipping-rates	easyship-woocommerce-shipping-rates	93	Easyship WooCommerce Shipping Rates <= 0.8.9 - Missing Authorization via multiple AJAX actions	LOW	*-0.8.9	0.9.1	June 30, 2026
contact-form-to-any-api	contact-form-to-any-api	91	Contact Form to Any API <= 1.1.2 - Authenticated (Administrator+) SQL Injection via 'form_id'	LOW	*-1.1.2	1.1.3	June 30, 2026
contact-form-generator	contact-form-generator	93	Contact Form Generator <= 2.5.5 - Reflected Cross-Site Scripting	LOW	*-2.5.5	2.6.0	June 30, 2026
bubble-menu	bubble-menu	93	Bubble Menu <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting	LOW	[*, 3.0.5)	3.0.5	June 30, 2026
wp-donate	wp-donate	N/A	WP Donate <= 1.4 - Unauthenticated SQL Injection in donate-display.php	LOW	*-1.4	1.5	June 30, 2026
cartflows-pro	cartflows-pro	93	CartFlows Pro <= 1.11.11 - Reflected Cross-Site Scripting	LOW	*-1.11.11	1.11.12	June 30, 2026
users-customers-import-export-for-wp-woocommerce	users-customers-import-export-for-wp-woocommerce	N/A	Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change	LOW	*-2.4.1	2.4.2	June 30, 2026
user-activity-log	user-activity-log	N/A	User Activity Log <= 1.6.2 - Unauthenticated SQL Injection via username	LOW	*-1.6.2	1.6.3	June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in import_wpforms	LOW	*-2.6.6	2.6.7	June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra <= 2.6.6 - Missing Authorization	LOW	*-2.6.6	2.6.7	June 30, 2026
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg	N/A	Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in template_importer	LOW	*-2.6.6	2.6.7	June 30, 2026
testimonial-widgets	testimonial-widgets	N/A	WP Testimonials <= 1.4.2 - Cross-Site Request Forgery to Widget Deletion	LOW	[*, 1.4.3)	1.4.3	June 30, 2026
armember-membership	armember-membership	95	ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.0.16	4.0.17	June 30, 2026
wpfunnels	wpfunnels	N/A	WPFunnels <= 2.7.16 - Reflected Cross-Site Scripting	LOW	*-2.7.16	2.7.17	June 30, 2026
http-headers	http-headers	87	HTTP Headers <= 1.18.11 - Server-Side Request Forgery	LOW	*-1.18.11	1.19.0	June 30, 2026
dovetail	dovetail	91	Dovetail <= 1.2.13 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.13		June 30, 2026
custom-field-for-wp-job-manager	custom-field-for-wp-job-manager	93	Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.1	1.2	June 30, 2026
cf7-salesforce	cf7-salesforce	93	Integration for Contact Form 7 and Salesforce <= 1.3.3 - Open Redirect	LOW	*-1.3.3	1.3.4	June 30, 2026
buymeacoffee	buymeacoffee	93	Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting	LOW	*-3.6	3.7	June 30, 2026
bookingpress-appointment-booking	bookingpress-appointment-booking	93	BookingPress <= 1.0.64 - Unauthenticated Sensitive Information Exposure	LOW	*-1.0.64	1.0.65	June 30, 2026
zippy	zippy	N/A	Zippy <= 1.6.2 - Missing Authorization via adminInit	LOW	*-1.6.2	1.6.3	June 30, 2026
wp-fb-autoconnect	wp-fb-autoconnect	N/A	WP-FB-AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page	LOW	*-4.6.1	4.6.2	June 30, 2026
woocommerce-product-stock-alert	woocommerce-product-stock-alert	N/A	WooCommerce Product Stock Alert <= 2.0.1 - Information Disclosure	LOW	*-2.0.1	2.0.2	June 30, 2026
woo-product-variation-swatches	woo-product-variation-swatches	N/A	Variation Swatches for WooCommerce <= 2.3.7 - Reflected Cross-Site Scripting	LOW	*-2.3.7	2.3.8	June 30, 2026
Variation Images Gallery for WooCommerce	woo-product-variation-gallery	N/A	Variation Images Gallery for WooCommerce <= 2.3.3 - Reflected Cross-Site Scripting via style	LOW	*-2.3.3	2.3.4	June 30, 2026
wc-zelle	wc-zelle	N/A	Checkout with Zelle on Woocommerce <= 3.1 - Missing Authorization	LOW	*-3.1	3.1.1	June 30, 2026
user-activity-log	user-activity-log	N/A	User Activity Log <= 1.6.2 - Authenticated (Administrator+) SQL Injection	LOW	*-1.6.2	1.6.3	June 30, 2026
replace-word	replace-word	N/A	Replace Word <= 2.1 - Cross-Site Request Forgery	LOW	*-2.1		June 30, 2026
radio-forge	radio-forge	N/A	Radio Forge Muses Player with Skins <= 2.5 - Reflected Cross-Site Scripting	LOW	*-2.5		June 30, 2026
mf-gig-calendar	mf-gig-calendar	86	MF Gig Calendar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via event_title and event_time	LOW	*-1.2	1.2.1	June 30, 2026
media-library-assistant	media-library-assistant	93	Media Library Assistant <= 3.07 - Reflected Cross-Site Scripting	LOW	*-3.0.7	3.0.8	June 30, 2026
mailarchiver	mailarchiver	93	MailArchiver <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject	LOW	*-2.10.1	2.11.0	June 30, 2026
kb-support	kb-support	91	KB Support <= 1.5.88 - Missing Authorization to Authenticated (Subscriber+) User Data Retrieval	LOW	[*, 1.5.89)	1.5.89	June 30, 2026
integrate-google-drive	integrate-google-drive	91	Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints	LOW	*-1.1.99	1.2.0	June 30, 2026
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	fluentform	78	FluentForm <= 4.3.25 - Authenticated (Administrator+) SQL Injection	LOW	*-4.3.25	5.0.0	June 30, 2026
falang	falang	93	Falang multilanguage <= 1.3.39 - Cross-Site Request Forgery via add_language	LOW	*-1.3.39	1.3.40	June 30, 2026
directorypress	directorypress	93	DirectoryPress <= 3.6.2 - Missing Authorization	LOW	*-3.6.2	3.6.3	June 30, 2026
cc-coming-soon	cc-coming-soon	91	Coming Soon Chop Chop <= 2.2.4 - Reflected Cross-Site Scripting	LOW	*-2.2.4		June 30, 2026
art-direction	art-direction	95	Art Direction <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-0.2.4		June 30, 2026
wpschoolpress	wpschoolpress	N/A	WPSchoolPress <= 2.2.3 - Missing Authorization	LOW	*-2.2.3	2.2.4	June 30, 2026
super-socializer	super-socializer	N/A	Super Socializer <= 7.13.53 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-7.13.53	7.13.54	June 30, 2026
shortcode-imdb	shortcode-imdb	N/A	Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery	LOW	*-6.0.8		June 30, 2026
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App	post-smtp	87	Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email	LOW	*-2.5.7	2.5.8	June 30, 2026
kb-support	kb-support	91	KB Support <= 1.5.88 - Missing Authorization to Sensitive Data Exposure	LOW	*-1.5.88	1.5.89	June 30, 2026
exit-intent-popups-by-optimonk	exit-intent-popups-by-optimonk	93	Exit Popups & Onsite Retargeting by OptiMonk <= 2.0.4 - Cross-Site Request Forgery	LOW	*-2.0.4	2.0.5	June 30, 2026
aws-cdn-by-wpadmin	aws-cdn-by-wpadmin	93	WPAdmin AWS CDN <= 2.0.13 - Cross-Site Request Forgery	LOW	*-2.0.13	3.0.0	June 30, 2026
All-In-One Security (AIOS) – Security and Firewall	all-in-one-wp-security-and-firewall	72	All In One WP Security 5.1.9 - Plaintext Storage of Credentials	LOW	5.1.9	5.2.0	June 30, 2026
yet-another-stars-rating	yet-another-stars-rating	N/A	Yet Another Stars Rating <= 3.3.8 - Missing Authorization to Vote Tampering	LOW	*-3.3.8	3.3.9	June 30, 2026
wpfunnels	wpfunnels	N/A	WPFunnels <= 2.7.15 - Insecure Direct Object Reference	LOW	[*, 2.7.16)	2.7.16	June 30, 2026
wp-default-feature-image	wp-default-feature-image	N/A	WP Default Feature Image <= 1.0.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.1.1		June 30, 2026
woocommerce-warranty	woocommerce-warranty	N/A	WooCommerce Warranty Requests <= 2.1.9 - Missing Authorization	LOW	*-2.1.9	2.2.0	June 30, 2026
woocommerce-shipping-multiple-addresses	woocommerce-shipping-multiple-addresses	N/A	WooCommerce Ship to Multiple Addresses <= 3.8.5 - Missing Authorization	LOW	*-3.8.5	3.8.6	June 30, 2026
woocommerce-shipping-multiple-addresses	woocommerce-shipping-multiple-addresses	N/A	WooCommerce Ship to Multiple Addresses <= 3.8.5 - Reflected Cross-Site Scripting	LOW	*-3.8.5	3.8.6	June 30, 2026
woocommerce-product-stock-alert	woocommerce-product-stock-alert	N/A	WooCommerce Product Stock Alert <= 2.0.1 - Missing Authorization via API	LOW	[*, 2.0.2)	2.0.2	June 30, 2026
woocommerce-pre-orders	woocommerce-pre-orders	N/A	WooCommerce Pre-Orders <= 2.0.2 - Cross-Site Request Forgery to Order Cancellation	LOW	*-2.0.2	2.0.3	June 30, 2026
woocommerce-pre-orders	woocommerce-pre-orders	N/A	WooCommerce Pre-Orders <= 2.0.2 - Cross-Site Request Forgery	LOW	*-2.0.2	2.0.3	June 30, 2026
woocommerce-gateway-gocardless	woocommerce-gateway-gocardless	N/A	WooCommerce GoCardless Gateway <= 2.5.6 - Unauthenticated Insecure Direct Object Reference	LOW	*-2.5.6	2.5.7	June 30, 2026
wds-multisite-aggregate	wds-multisite-aggregate	N/A	WDS Multisite Aggregate <= 1.0.0 - Reflected Cross-Site Scripting	LOW	*-1.0.0	1.0.1	June 30, 2026
view-all-posts-pages	view-all-posts-pages	N/A	View All Post's Pages <= 0.9.0 - Reflected Cross-Site Scripting	LOW	*-0.9.0	0.9.1	June 30, 2026
twittee-text-tweet	twittee-text-tweet	N/A	Twittee Text Tweet <= 1.0.8 - Reflected Cross-Site Scripting	LOW	*-1.0.8		June 30, 2026
terms-descriptions	terms-descriptions	N/A	Terms Descriptions <= 3.4.4 - Reflected Cross-Site Scripting via term_search	LOW	*-3.4.4	3.4.5	June 30, 2026
stax-buddy-builder	stax-buddy-builder	N/A	BuddyBuilder - BuddyPress Builder for Elementor <= 1.7.3 - Cross-Site Request Forgery	LOW	[*, 1.7.4)	1.7.4	June 30, 2026
spoontalk-social-media-icons-widget	spoontalk-social-media-icons-widget	N/A	Social Media Icons Widget <= 1.6 - Cross-Site Request Forgery	LOW	*-1.6		June 30, 2026
shorten-url	shorten-url	N/A	Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting	LOW	1.6.4	1.6.5	June 30, 2026
premium-addons-pro	premium-addons-pro	N/A	Premium Addons PRO <= 2.9.0 - Missing Authorization	LOW	*-2.9.0	2.9.1	June 30, 2026
premium-addons-pro	premium-addons-pro	N/A	Premium Addons PRO <= 2.9.0 - Sensitive Information Exposure	LOW	*-2.9.0	2.9.1	June 30, 2026
mail-control	mail-control	93	Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject	LOW	*-0.3.1	0.3.2	June 30, 2026
jetformbuilder	jetformbuilder	93	JetFormBuilder <= 3.0.8 - Authenticated (Author+) Privilege Escalation	LOW	*-3.0.8	3.0.9	June 30, 2026
ip2location-country-blocker	ip2location-country-blocker	93	Download IP2Location Country Blocker <= 2.29.1 - Bypass via IP Spoofing	LOW	*-2.29.1	2.29.2	June 30, 2026
http-headers	http-headers	87	HTTP Headers <= 1.18.11 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.18.11	1.19.0	June 30, 2026
grid-kit-premium	grid-kit-premium	93	Grid Kit Premium < 2.2.0 - Reflected Cross-Site Scripting	LOW	[*, 2.2.0)	2.2.0	June 30, 2026
Forminator Forms – Contact Form, Payment Form & Custom Form Builder	forminator	92	Forminator <= 1.24.1 - Reflected Cross-Site Scripting	LOW	*-1.24.1	1.24.4	June 30, 2026
buymeacoffee	buymeacoffee	93	Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery	LOW	*-3.7	3.8	June 30, 2026
buymeacoffee	buymeacoffee	93	Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Missing Authorization	LOW	*-3.7	3.8	June 30, 2026
authors-list	authors-list	91	Authors List <= 2.0.2 - Reflected Cross-Site Scripting via al_id	LOW	[*, 2.0.3)	2.0.3	June 30, 2026
armember-membership	armember-membership	95	ARMember <= 4.0.5 - Cross-Site Request Forgery	LOW	*-4.0.5	4.0.6	June 30, 2026

LOW

wp-food-manager

Score: N/A WP Food Manager <= 1.0.3 - Authenticated(Administrator+) Stored Cross-Site Scripting Affected: *-1.0.3 Patched: 1.0.4 Updated: June 30, 2026

LOW

whatshelp-chat-button

Score: N/A Chat Button <= 1.8.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-1.8.9.4 Patched: 1.8.10 Updated: June 30, 2026

LOW

sliderspack-all-in-one-image-sliders

Score: N/A Slider a SlidersPack <= 2.0.2 - Missing Authorization via wp_spaios_save_attachment_data Affected: *-2.0.2 Patched: 2.3 Updated: June 30, 2026

LOW

shopping-pages

Score: N/A WP Shopping Pages <= 1.14 - Cross-Site Request Forgery to Stored Cross-Site Scripting Affected: *-1.14 Patched: Updated: June 30, 2026

LOW

Score: N/A ShopConstruct – Product Catalog, Shopping Cart and eCommerce solution for Store <= 1.1.2 - Reflected Cross-Site Scripting via multiple parameters Affected: *-1.1.2 Patched: Updated: June 30, 2026

LOW

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

Score: 85/100 Rank Math SEO <= 1.0.119 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: [*, 1.0.119.1) Patched: 1.0.119.1 Updated: June 30, 2026

LOW

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Score: N/A Royal Elementor Addons <=1.3.70 - Unauthenticated MailChimp API Key Disclosure Affected: *-1.3.70 Patched: 1.3.71 Updated: June 30, 2026

LOW

quiz-master-next

Score: N/A Quiz And Survey Master <= 8.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Question Title Affected: *-8.1.10 Patched: 8.1.11 Updated: June 30, 2026

LOW

quiz-master-next

Score: N/A Quiz And Survey Master <= 8.1.10 - Excessive Quiz Attempts Affected: *-8.1.10 Patched: 8.1.11 Updated: June 30, 2026

LOW

qubely

Score: N/A Qubely – Advanced Gutenberg Blocks <= 1.8.5 - Insufficient Authorization Affected: [*, 1.8.6) Patched: 1.8.6 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update Affected: *-5.5.1 Patched: 5.5.2 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.5.0 - Hardcoded Encryption Key Affected: *-5.5.0 Patched: 5.5.1 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation Affected: *-5.5.2 Patched: 5.5.3 Updated: June 30, 2026

LOW

profilegrid-user-profiles-groups-and-communities

Score: N/A ProfileGrid <= 5.5.1 - Missing Authorization to User Import Affected: *-5.5.1 Patched: 5.5.2 Updated: June 30, 2026

LOW

pdq-csv

Score: N/A PDQ CSV <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-1.0.0 Patched: 2.0.0 Updated: June 30, 2026

LOW

multiparcels-shipping-for-woocommerce

Score: N/A MultiParcels Shipping For WooCommerce <= 1.15.3 - Reflected Cross-Site Scripting Affected: *-1.15.3 Patched: 1.15.4 Updated: June 30, 2026

LOW

multiparcels-shipping-for-woocommerce

Score: N/A MultiParcels Shipping For WooCommerce <= 1.14.12 - Authenticated(Subscriber+) SQL Injection via id Affected: *-1.14.12 Patched: 1.14.15 Updated: June 30, 2026

LOW

multiparcels-shipping-for-woocommerce

Score: N/A MultiParcels Shipping For WooCommerce <= 1.14.13 - Missing Authorization via get_history Affected: *-1.14.13 Patched: 1.14.14 Updated: June 30, 2026

LOW

login-with-yourmembership

Score: 93/100 YourMembership Single Sign On <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

login-with-yourmembership

Score: 93/100 YourMembership Single Sign On <= 1.1.3 - Missing Authorization Affected: *-1.1.3 Patched: 1.1.4 Updated: June 30, 2026

LOW

kk-star-ratings

Score: 93/100 kk Star Ratings <= 5.4.3 - IP Spoofing to Protection Mechanism Bypass Affected: *-5.4.3 Patched: 5.4.4 Updated: June 30, 2026

LOW

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

insert-headers-and-footers

Score: 86/100 WPCode <= 2.0.13 - Unauthenticated Reflected Cross-Site Scripting via Tag Filter Links Affected: *-2.0.13 Patched: 2.0.13.1 Updated: June 30, 2026

LOW

indigitall-web-push-notifications

Score: 93/100 IURNY by INDIGITALL – WhatsApp Chat, Web Push Notifications (FREE) <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 3.2.3) Patched: 3.2.3 Updated: June 30, 2026

LOW

food-and-drink-menu

Score: 93/100 Restaurant Menu and Food Ordering by Five Star Plugins <= 2.4.6 - Cross-Site Request Forgery via maybe_duplicate_item Affected: [*, 2.4.7) Patched: 2.4.7 Updated: June 30, 2026

LOW

easyship-woocommerce-shipping-rates

Score: 93/100 Easyship WooCommerce Shipping Rates <= 0.8.9 - Missing Authorization via multiple AJAX actions Affected: *-0.8.9 Patched: 0.9.1 Updated: June 30, 2026

LOW

contact-form-to-any-api

Score: 91/100 Contact Form to Any API <= 1.1.2 - Authenticated (Administrator+) SQL Injection via 'form_id' Affected: *-1.1.2 Patched: 1.1.3 Updated: June 30, 2026

LOW

contact-form-generator

Score: 93/100 Contact Form Generator <= 2.5.5 - Reflected Cross-Site Scripting Affected: *-2.5.5 Patched: 2.6.0 Updated: June 30, 2026

LOW

bubble-menu

Score: 93/100 Bubble Menu <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting Affected: [*, 3.0.5) Patched: 3.0.5 Updated: June 30, 2026

LOW

wp-donate

Score: N/A WP Donate <= 1.4 - Unauthenticated SQL Injection in donate-display.php Affected: *-1.4 Patched: 1.5 Updated: June 30, 2026

LOW

cartflows-pro

Score: 93/100 CartFlows Pro <= 1.11.11 - Reflected Cross-Site Scripting Affected: *-1.11.11 Patched: 1.11.12 Updated: June 30, 2026

LOW

users-customers-import-export-for-wp-woocommerce

Score: N/A Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change Affected: *-2.4.1 Patched: 2.4.2 Updated: June 30, 2026

LOW

user-activity-log

Score: N/A User Activity Log <= 1.6.2 - Unauthenticated SQL Injection via username Affected: *-1.6.2 Patched: 1.6.3 Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in import_wpforms Affected: *-2.6.6 Patched: 2.6.7 Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra <= 2.6.6 - Missing Authorization Affected: *-2.6.6 Patched: 2.6.7 Updated: June 30, 2026

LOW

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Score: N/A Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in template_importer Affected: *-2.6.6 Patched: 2.6.7 Updated: June 30, 2026

LOW

testimonial-widgets

Score: N/A WP Testimonials <= 1.4.2 - Cross-Site Request Forgery to Widget Deletion Affected: [*, 1.4.3) Patched: 1.4.3 Updated: June 30, 2026

LOW

armember-membership

Score: 95/100 ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.0.16 Patched: 4.0.17 Updated: June 30, 2026

LOW

wpfunnels

Score: N/A WPFunnels <= 2.7.16 - Reflected Cross-Site Scripting Affected: *-2.7.16 Patched: 2.7.17 Updated: June 30, 2026

LOW

http-headers

Score: 87/100 HTTP Headers <= 1.18.11 - Server-Side Request Forgery Affected: *-1.18.11 Patched: 1.19.0 Updated: June 30, 2026

LOW

dovetail

Score: 91/100 Dovetail <= 1.2.13 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.13 Patched: Updated: June 30, 2026

LOW

custom-field-for-wp-job-manager

Score: 93/100 Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.1 Patched: 1.2 Updated: June 30, 2026

LOW

cf7-salesforce

Score: 93/100 Integration for Contact Form 7 and Salesforce <= 1.3.3 - Open Redirect Affected: *-1.3.3 Patched: 1.3.4 Updated: June 30, 2026

LOW

buymeacoffee

Score: 93/100 Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting Affected: *-3.6 Patched: 3.7 Updated: June 30, 2026

LOW

bookingpress-appointment-booking

Score: 93/100 BookingPress <= 1.0.64 - Unauthenticated Sensitive Information Exposure Affected: *-1.0.64 Patched: 1.0.65 Updated: June 30, 2026

LOW

zippy

Score: N/A Zippy <= 1.6.2 - Missing Authorization via adminInit Affected: *-1.6.2 Patched: 1.6.3 Updated: June 30, 2026

LOW

wp-fb-autoconnect

Score: N/A WP-FB-AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page Affected: *-4.6.1 Patched: 4.6.2 Updated: June 30, 2026

LOW

woocommerce-product-stock-alert

Score: N/A WooCommerce Product Stock Alert <= 2.0.1 - Information Disclosure Affected: *-2.0.1 Patched: 2.0.2 Updated: June 30, 2026

LOW

woo-product-variation-swatches

Score: N/A Variation Swatches for WooCommerce <= 2.3.7 - Reflected Cross-Site Scripting Affected: *-2.3.7 Patched: 2.3.8 Updated: June 30, 2026

LOW

Variation Images Gallery for WooCommerce

woo-product-variation-gallery

Score: N/A Variation Images Gallery for WooCommerce <= 2.3.3 - Reflected Cross-Site Scripting via style Affected: *-2.3.3 Patched: 2.3.4 Updated: June 30, 2026

LOW

wc-zelle

Score: N/A Checkout with Zelle on Woocommerce <= 3.1 - Missing Authorization Affected: *-3.1 Patched: 3.1.1 Updated: June 30, 2026

LOW

user-activity-log

Score: N/A User Activity Log <= 1.6.2 - Authenticated (Administrator+) SQL Injection Affected: *-1.6.2 Patched: 1.6.3 Updated: June 30, 2026

LOW

replace-word

Score: N/A Replace Word <= 2.1 - Cross-Site Request Forgery Affected: *-2.1 Patched: Updated: June 30, 2026

LOW

radio-forge

Score: N/A Radio Forge Muses Player with Skins <= 2.5 - Reflected Cross-Site Scripting Affected: *-2.5 Patched: Updated: June 30, 2026

LOW

mf-gig-calendar

Score: 86/100 MF Gig Calendar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via event_title and event_time Affected: *-1.2 Patched: 1.2.1 Updated: June 30, 2026

LOW

media-library-assistant

Score: 93/100 Media Library Assistant <= 3.07 - Reflected Cross-Site Scripting Affected: *-3.0.7 Patched: 3.0.8 Updated: June 30, 2026

LOW

mailarchiver

Score: 93/100 MailArchiver <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject Affected: *-2.10.1 Patched: 2.11.0 Updated: June 30, 2026

LOW

kb-support

Score: 91/100 KB Support <= 1.5.88 - Missing Authorization to Authenticated (Subscriber+) User Data Retrieval Affected: [*, 1.5.89) Patched: 1.5.89 Updated: June 30, 2026

LOW

integrate-google-drive

Score: 91/100 Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints Affected: *-1.1.99 Patched: 1.2.0 Updated: June 30, 2026

LOW

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Score: 78/100 FluentForm <= 4.3.25 - Authenticated (Administrator+) SQL Injection Affected: *-4.3.25 Patched: 5.0.0 Updated: June 30, 2026

LOW

falang

Score: 93/100 Falang multilanguage <= 1.3.39 - Cross-Site Request Forgery via add_language Affected: *-1.3.39 Patched: 1.3.40 Updated: June 30, 2026

LOW

directorypress

Score: 93/100 DirectoryPress <= 3.6.2 - Missing Authorization Affected: *-3.6.2 Patched: 3.6.3 Updated: June 30, 2026

LOW

cc-coming-soon

Score: 91/100 Coming Soon Chop Chop <= 2.2.4 - Reflected Cross-Site Scripting Affected: *-2.2.4 Patched: Updated: June 30, 2026

LOW

art-direction

Score: 95/100 Art Direction <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-0.2.4 Patched: Updated: June 30, 2026

LOW

wpschoolpress

Score: N/A WPSchoolPress <= 2.2.3 - Missing Authorization Affected: *-2.2.3 Patched: 2.2.4 Updated: June 30, 2026

LOW

super-socializer

Score: N/A Super Socializer <= 7.13.53 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-7.13.53 Patched: 7.13.54 Updated: June 30, 2026

LOW

shortcode-imdb

Score: N/A Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery Affected: *-6.0.8 Patched: Updated: June 30, 2026

LOW

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Score: 87/100 Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email Affected: *-2.5.7 Patched: 2.5.8 Updated: June 30, 2026

LOW

kb-support

Score: 91/100 KB Support <= 1.5.88 - Missing Authorization to Sensitive Data Exposure Affected: *-1.5.88 Patched: 1.5.89 Updated: June 30, 2026

LOW

exit-intent-popups-by-optimonk

Score: 93/100 Exit Popups & Onsite Retargeting by OptiMonk <= 2.0.4 - Cross-Site Request Forgery Affected: *-2.0.4 Patched: 2.0.5 Updated: June 30, 2026

LOW

aws-cdn-by-wpadmin

Score: 93/100 WPAdmin AWS CDN <= 2.0.13 - Cross-Site Request Forgery Affected: *-2.0.13 Patched: 3.0.0 Updated: June 30, 2026

LOW

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Score: 72/100 All In One WP Security 5.1.9 - Plaintext Storage of Credentials Affected: 5.1.9 Patched: 5.2.0 Updated: June 30, 2026

LOW

yet-another-stars-rating

Score: N/A Yet Another Stars Rating <= 3.3.8 - Missing Authorization to Vote Tampering Affected: *-3.3.8 Patched: 3.3.9 Updated: June 30, 2026

LOW

wpfunnels

Score: N/A WPFunnels <= 2.7.15 - Insecure Direct Object Reference Affected: [*, 2.7.16) Patched: 2.7.16 Updated: June 30, 2026

LOW

wp-default-feature-image

Score: N/A WP Default Feature Image <= 1.0.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.1.1 Patched: Updated: June 30, 2026

LOW

woocommerce-warranty

Score: N/A WooCommerce Warranty Requests <= 2.1.9 - Missing Authorization Affected: *-2.1.9 Patched: 2.2.0 Updated: June 30, 2026

LOW

woocommerce-shipping-multiple-addresses

Score: N/A WooCommerce Ship to Multiple Addresses <= 3.8.5 - Missing Authorization Affected: *-3.8.5 Patched: 3.8.6 Updated: June 30, 2026

LOW

woocommerce-shipping-multiple-addresses

Score: N/A WooCommerce Ship to Multiple Addresses <= 3.8.5 - Reflected Cross-Site Scripting Affected: *-3.8.5 Patched: 3.8.6 Updated: June 30, 2026

LOW

woocommerce-product-stock-alert

Score: N/A WooCommerce Product Stock Alert <= 2.0.1 - Missing Authorization via API Affected: [*, 2.0.2) Patched: 2.0.2 Updated: June 30, 2026

LOW

woocommerce-pre-orders

Score: N/A WooCommerce Pre-Orders <= 2.0.2 - Cross-Site Request Forgery to Order Cancellation Affected: *-2.0.2 Patched: 2.0.3 Updated: June 30, 2026

LOW

woocommerce-pre-orders

Score: N/A WooCommerce Pre-Orders <= 2.0.2 - Cross-Site Request Forgery Affected: *-2.0.2 Patched: 2.0.3 Updated: June 30, 2026

LOW

woocommerce-gateway-gocardless

Score: N/A WooCommerce GoCardless Gateway <= 2.5.6 - Unauthenticated Insecure Direct Object Reference Affected: *-2.5.6 Patched: 2.5.7 Updated: June 30, 2026

LOW

wds-multisite-aggregate

Score: N/A WDS Multisite Aggregate <= 1.0.0 - Reflected Cross-Site Scripting Affected: *-1.0.0 Patched: 1.0.1 Updated: June 30, 2026

LOW

view-all-posts-pages

Score: N/A View All Post's Pages <= 0.9.0 - Reflected Cross-Site Scripting Affected: *-0.9.0 Patched: 0.9.1 Updated: June 30, 2026

LOW

twittee-text-tweet

Score: N/A Twittee Text Tweet <= 1.0.8 - Reflected Cross-Site Scripting Affected: *-1.0.8 Patched: Updated: June 30, 2026

LOW

terms-descriptions

Score: N/A Terms Descriptions <= 3.4.4 - Reflected Cross-Site Scripting via term_search Affected: *-3.4.4 Patched: 3.4.5 Updated: June 30, 2026

LOW

stax-buddy-builder

Score: N/A BuddyBuilder - BuddyPress Builder for Elementor <= 1.7.3 - Cross-Site Request Forgery Affected: [*, 1.7.4) Patched: 1.7.4 Updated: June 30, 2026

LOW

spoontalk-social-media-icons-widget

Score: N/A Social Media Icons Widget <= 1.6 - Cross-Site Request Forgery Affected: *-1.6 Patched: Updated: June 30, 2026

LOW

shorten-url

Score: N/A Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting Affected: 1.6.4 Patched: 1.6.5 Updated: June 30, 2026

LOW

premium-addons-pro

Score: N/A Premium Addons PRO <= 2.9.0 - Missing Authorization Affected: *-2.9.0 Patched: 2.9.1 Updated: June 30, 2026

LOW

premium-addons-pro

Score: N/A Premium Addons PRO <= 2.9.0 - Sensitive Information Exposure Affected: *-2.9.0 Patched: 2.9.1 Updated: June 30, 2026

LOW

mail-control

Score: 93/100 Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject Affected: *-0.3.1 Patched: 0.3.2 Updated: June 30, 2026

LOW

jetformbuilder

Score: 93/100 JetFormBuilder <= 3.0.8 - Authenticated (Author+) Privilege Escalation Affected: *-3.0.8 Patched: 3.0.9 Updated: June 30, 2026

LOW

ip2location-country-blocker

Score: 93/100 Download IP2Location Country Blocker <= 2.29.1 - Bypass via IP Spoofing Affected: *-2.29.1 Patched: 2.29.2 Updated: June 30, 2026

LOW

http-headers

Score: 87/100 HTTP Headers <= 1.18.11 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.18.11 Patched: 1.19.0 Updated: June 30, 2026

LOW

grid-kit-premium

Score: 93/100 Grid Kit Premium < 2.2.0 - Reflected Cross-Site Scripting Affected: [*, 2.2.0) Patched: 2.2.0 Updated: June 30, 2026

LOW

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

Score: 92/100 Forminator <= 1.24.1 - Reflected Cross-Site Scripting Affected: *-1.24.1 Patched: 1.24.4 Updated: June 30, 2026

LOW

buymeacoffee

Score: 93/100 Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery Affected: *-3.7 Patched: 3.8 Updated: June 30, 2026

LOW

buymeacoffee

Score: 93/100 Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Missing Authorization Affected: *-3.7 Patched: 3.8 Updated: June 30, 2026

LOW

authors-list

Score: 91/100 Authors List <= 2.0.2 - Reflected Cross-Site Scripting via al_id Affected: [*, 2.0.3) Patched: 2.0.3 Updated: June 30, 2026

LOW

armember-membership

Score: 95/100 ARMember <= 4.0.5 - Cross-Site Request Forgery Affected: *-4.0.5 Patched: 4.0.6 Updated: June 30, 2026

Showing 24401 to 24500 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 03:55 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List