Known Plugin Vulnerabilities

Track known vulnerabilities from configured sources. Default view shows all open and closed vulnerabilities, ordered by most recently updated first.

Open Vulnerabilities

36282

Across tracked plugins

Affected Plugins

With open vulnerabilities

Critical / High

Require immediate attention

Vulnerability List

Export CSV

Vulnerability list with plugin score and patch status
Plugin	Slug	Score	Vulnerability	Severity	Affected Versions	Patched	Updated
addify-product-labels-and-stickers	addify-product-labels-and-stickers	95	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	*		June 30, 2026
addify-product-dynamic-pricing-and-discounts	addify-product-dynamic-pricing-and-discounts	95	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	*		June 30, 2026
addify-price-calculator-for-woocommerce	addify-price-calculator-for-woocommerce	95	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	*		June 30, 2026
addify-order-tracking-for-woocommerce	addify-order-tracking-for-woocommerce	97	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	[*, 1.0.2)	1.0.2	June 30, 2026
addify-order-approval-woocommerce	addify-order-approval-woocommerce	97	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	[*, 1.1.0)	1.1.0	June 30, 2026
addify-image-watermark-for-woocommerce	addify-image-watermark-for-woocommerce	97	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	[*, 1.0.1)	1.0.1	June 30, 2026
addify-gift-registry-for-woocommerce	addify-gift-registry-for-woocommerce	95	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	*		June 30, 2026
addify-free-gifts-woocommerce	addify-free-gifts-woocommerce	97	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	[*, 1.0.2)	1.0.2	June 30, 2026
addify-custom-registration-forms-builder	addify-custom-registration-forms-builder	97	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	[*, 1.0.2)	1.0.2	June 30, 2026
addify-custom-order-number	addify-custom-order-number	95	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	*		June 30, 2026
addify-custom-fields-for-woocommerce	addify-custom-fields-for-woocommerce	97	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	[*, 1.0.4)	1.0.4	June 30, 2026
addify-checkout-fields-manager	addify-checkout-fields-manager	97	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	[*, 1.0.2)	1.0.2	June 30, 2026
addify-abandoned-cart-recovery	addify-abandoned-cart-recovery	97	Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery	LOW	[*, 1.2.5)	1.2.5	June 30, 2026
yotuwp-easy-youtube-embed	yotuwp-easy-youtube-embed	N/A	Video Gallery <= 1.3.12 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.3.12	1.3.13	June 30, 2026
wp-sms	wp-sms	N/A	WP SMS <= 6.1.5 - Cross-Site Request Forgery	LOW	[*, 6.2.0)	6.2.0	June 30, 2026
wordpress-mobile-pack	wordpress-mobile-pack	N/A	WordPress Mobile Pack <= 3.4.1 - Cross-Site Request Forgery	LOW	*-3.4.1		June 30, 2026
social-share-boost	social-share-boost	N/A	Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-4.4	4.5	June 30, 2026
oauth-twitter-feed-for-developers	oauth-twitter-feed-for-developers	N/A	oAuth Twitter Feed for Developers <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.3.0		June 30, 2026
Ninja Forms – The Contact Form Builder That Grows With You	ninja-forms	69	Ninja Forms <= 3.6.25 - Denial of Service via Large Form Submissions	LOW	*-3.6.25	3.6.26	June 30, 2026
integrar-getnet-con-woo	integrar-getnet-con-woo	93	Getnet Argentina para Woocommerce 0.0.1 - 0.0.4 - Authorization Bypass via webhook	LOW	0.0.1-0.0.4	0.0.5	June 30, 2026
ht-mega-for-elementor	ht-mega-for-elementor	93	HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation	LOW	[*, 2.2.1)	2.2.1	June 30, 2026
gift-voucher	gift-voucher	93	Gift Cards (Gift Vouchers and Packages) <= 4.3.5 - Cross-Site Request Forgery in new_voucher_template.php	LOW	*-4.3.5	4.3.6	June 30, 2026
atarim-visual-collaboration	atarim-visual-collaboration	93	Atarim - Client Interface <= 3.9.1 - Missing Authorization via AJAX actions	LOW	[*, 3.9.2)	3.9.2	June 30, 2026
add-instagram	add-instagram	95	Image Social Feed Plugin <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.7.6		June 30, 2026
learnpress	learnpress	93	LearnPress <= 4.2.3 - Missing Authorization	LOW	[*, 4.2.3.1)	4.2.3.1	June 30, 2026
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider	fluent-smtp	85	FluentSMTP <= 2.2.4 - Unauthenticated Stored Cross-Site Scripting via Email Subject	LOW	*-2.2.4	2.2.5	June 30, 2026
wp-reroute-email	wp-reroute-email	N/A	WP Reroute Email <= 1.4.9 - Unauthenticated Stored Cross-Site Scripting via Email Subject	LOW	*-1.4.9	1.5.0	June 30, 2026
WP Mail Log	wp-mail-log	N/A	WP Mail Log <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email	LOW	*-1.1.1	1.1.2	June 30, 2026
wp-full-stripe-free	wp-full-stripe-free	N/A	WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-7.0.5	7.0.6	June 30, 2026
wp-dummy-content-generator	wp-dummy-content-generator	N/A	WP Dummy Content Generator <= 2.3.0 - Cross-Site Request Forgery	LOW	*-2.3.0	3.0.0	June 30, 2026
wp-dummy-content-generator	wp-dummy-content-generator	N/A	WP Dummy Content Generator <= 2.3.0 - Missing Authorization	LOW	*-2.3.0	3.0.0	June 30, 2026
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin	woolentor-addons	N/A	WooLentor <= 2.6.2 - Cross-Site Request Forgery via process_data	LOW	*-2.6.2	2.6.3	June 30, 2026
visibility-logic-elementor	visibility-logic-elementor	N/A	Visibility Logic for Elementor <= 2.3.4 - Missing Authorization via admin_post 'toggle_option'	LOW	[*, 2.3.5)	2.3.5	June 30, 2026
visibility-logic-elementor	visibility-logic-elementor	N/A	Visibility Logic for Elementor <= 2.3.4 - Cross-Site Request Forgery via toggle_option	LOW	*-2.3.4	2.3.5	June 30, 2026
smtp-mail	smtp-mail	N/A	SMTP Mail <= 1.3.46 - Unauthenticated Stored Cross-Site Scripting via Email Subject	LOW	*-1.3.46		June 30, 2026
secondary-title	secondary-title	N/A	Secondary Title <= 2.0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-2.0.9.1	2.1.0	June 30, 2026
rsvpmaker	rsvpmaker	N/A	RSVPMaker <= 10.5.4 - Authenticated (Administrator+) SQL Injection via 'resend'	LOW	[*, 10.5.5)	10.5.5	June 30, 2026
responsive-coming-soon-page	responsive-coming-soon-page	N/A	Coming Soon Page <= 1.5.9 - Authenticated (Administrator+) SQL Injection	LOW	*-1.5.9	1.6.0	June 30, 2026
product-category-tree	product-category-tree	N/A	Product Category Tree <= 2.5 - Missing Authorization	LOW	*-2.5		June 30, 2026
only-tweet-like-share-and-google-1	only-tweet-like-share-and-google-1	N/A	Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-2.0		June 30, 2026
media-library-helper	media-library-helper	93	Media Library Helper by Codexin <= 1.2.0 - Cross-Site Request Forgery via rate_the_plugin_action	LOW	*-1.2.0	1.3.0	June 30, 2026
livestream-notice	livestream-notice	93	Livestream Notice <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.2.0	1.3.0	June 30, 2026
classified-listing	classified-listing	93	Classified Listing <= 2.4.5 - Cross-Site Request Forgery via rtcl_ajax_thumbnail_delete	LOW	*-2.4.5	2.4.6	June 30, 2026
Booking Package	booking-package	85	Booking Package <= 1.5.98 - Authorization Bypass to Arbitrary Password Reset	LOW	[*, 1.5.99)	1.5.99	June 30, 2026
badgeos	badgeos	83	BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite	LOW	*-3.7.1.6		June 30, 2026
badgeos	badgeos	83	BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries	LOW	*-3.7.1.6		June 30, 2026
badgeos	badgeos	83	BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	LOW	*-3.7.1.6		June 30, 2026
badgeos	badgeos	83	BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion	LOW	*-3.7.1.6		June 30, 2026
armember-membership	armember-membership	95	ARMember <= 4.0.5 - Cross-Site Request Forgery	LOW	*-4.0.5	4.0.6	June 30, 2026
wp-rss-images	wp-rss-images	N/A	WP RSS Images <= 1.1 - Cross-Site Request Forgery	LOW	*-1.1		June 30, 2026
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance	wp-optimize	76	WP-Optimize <= 3.2.12 & SrbTransLatin <= 2.4 - Stored/Reflected Cross-Site Scripting via Third Party Library	LOW	[*, 3.2.13)	3.2.13	June 30, 2026
wp-content-copy-protector	wp-content-copy-protector	N/A	WP Content Copy Protection & No Right Click <= 3.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-3.5.5	3.5.6	June 30, 2026
wp-cirrus	wp-cirrus	N/A	WP-Cirrus <= 0.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-0.6.11		June 30, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	user-registration	N/A	User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload	LOW	*-3.0.2	3.0.2.1	June 30, 2026
sublanguage	sublanguage	N/A	Sublanguage <= 2.9 - Missing Authorization	LOW	*-2.9	2.10	June 30, 2026
srbtranslatin	srbtranslatin	N/A	WP-Optimize <= 3.2.12 & SrbTransLatin <= 2.4 - Stored/Reflected Cross-Site Scripting via Third Party Library	LOW	*-2.4	2.4.1	June 30, 2026
simple-site-verify	simple-site-verify	N/A	Simple Site Verify <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.7	1.0.8	June 30, 2026
reservation-studio-widget	reservation-studio-widget	N/A	Reservation.Studio widget <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	*-1.0.11	1.0.12	June 30, 2026
mobile-call-now-map-buttons	mobile-call-now-map-buttons	93	Mobile Call Now & Map Buttons < 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 1.6.2)	1.6.2	June 30, 2026
menubar	menubar	93	Menubar <= 5.8.2 - Cross-Site Request Forgery in wpm-admin.php	LOW	*-5.8.2	5.9	June 30, 2026
learnpress	learnpress	93	LearnPress <= 4.2.3 - Missing Authorization	LOW	*-4.2.3	4.2.3.1	June 30, 2026
learnpress	learnpress	93	LearnPress <= 4.2.3 - Missing Authorization to Information Exposure	LOW	*-4.2.3	4.2.3.1	June 30, 2026
kingkong-board	kingkong-board	91	Kingkong Board <= 2.1.0.2 - Missing Authorization	LOW	*-2.1.0.2		June 30, 2026
image-regenerate-select-crop	image-regenerate-select-crop	93	Image Regenerate & Select Crop <= 7.1.0 - Missing Authorization	LOW	*-7.1.0	7.2.0	June 30, 2026
Header Footer Code Manager	header-footer-code-manager	87	Header Footer Code Manager <= 1.1.34 - Cross-Site Request Forgery via process_bulk_action	LOW	[*, 1.1.35)	1.1.35	June 30, 2026
giveasap	giveasap	91	Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions	LOW	*-2.46.0	2.46.1	June 30, 2026
cryptocurrency-price-ticker-widget	cryptocurrency-price-ticker-widget	93	Cryptocurrency Widgets – Price Ticker & Coins List <= 2.6.2 - Missing Authorization	LOW	*-2.6.2	2.6.3	June 30, 2026
baidu-tongji-generator	baidu-tongji-generator	89	Baidu Tongji generator <= 1.0.2 - Cross-Site Request Forgery	LOW	*-1.0.2		June 30, 2026
animated-number-counters	animated-number-counters	97	Animated Number Counters <= 1.6 - Authenticated (Editor+) Stored Cross-Site Scripting	LOW	*-1.6	1.7	June 30, 2026
wpforo	wpforo	N/A	wpForo Forum <= 2.1.8 - Reflected Cross-Site Scripting via 'wpforo_debug'	LOW	*-2.1.8	2.1.9	June 30, 2026
All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements	mystickyelements	85	All-in-one Floating Contact Form <= 2.1.1 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-2.1.1	2.1.2	June 30, 2026
learning-management-system	learning-management-system	93	Masteriyo - LMS for WordPress <= 1.6.7 - Sensitive Information Exposure	LOW	[*, 1.6.8)	1.6.8	June 30, 2026
auto-location-for-wp-job-manager	auto-location-for-wp-job-manager	93	Auto Location for WP Job Manager via Google <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting	LOW	*-1.0	1.1	June 30, 2026
wp-fb-autoconnect	wp-fb-autoconnect	N/A	WP Social AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page	LOW	[*, 4.6.2)	4.6.2	June 30, 2026
image-regenerate-select-crop	image-regenerate-select-crop	93	Image Regenerate & Select Crop <= 7.1.0 - Missing Authorization on multiple AJAX actions	LOW	[*, 7.2.0)	7.2.0	June 30, 2026
image-regenerate-select-crop	image-regenerate-select-crop	93	Image Regenerate & Select Crop <= 7.1.0 - Cross-Site Request Forgery on multiple AJAX actions	LOW	[*, 7.2.0)	7.2.0	June 30, 2026
wpcodefactory-helper	wpcodefactory-helper	N/A	WPFactory Helper <= 1.5.2 - Reflected Cross-Site Scripting via item_slug	LOW	[*, 1.5.3)	1.5.3	June 30, 2026
webwinkelkeur	webwinkelkeur	N/A	WebwinkelKeur <= 3.24 - Cross-Site Request Forgery	LOW	[*, 3.25)	3.25	June 30, 2026
trustprofile	trustprofile	N/A	TrustProfile <= 3.24 - Cross-Site Request Forgery	LOW	[*, 3.25)	3.25	June 30, 2026
sp-client-document-manager	sp-client-document-manager	87	SP Project & Document Manager <= 4.67 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	LOW	*-4.67	4.68	June 30, 2026
sp-client-document-manager	sp-client-document-manager	87	SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection	LOW	*-4.67	4.68	June 30, 2026
request-a-quote	request-a-quote	N/A	Request a Quote <= 2.3.10 - Cross-Site Request Forgery	LOW	[*, 2.3.11)	2.3.11	June 30, 2026
my-content-management	my-content-management	N/A	My Content Management <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	LOW	[*, 1.7.7)	1.7.7	June 30, 2026
knowledge-center	knowledge-center	93	Knowledge Center <= 2.7 - Authenticated (Admin+) Cross-Site Scripting	LOW	[*, 2.8)	2.8	June 30, 2026
enhanced-text-widget	enhanced-text-widget	93	Enhanced Text Widget <= 1.5.8 - Missing Authorization	LOW	*-1.5.8	1.5.9	June 30, 2026
web3-authentication	web3-authentication	N/A	Web3 – Crypto wallet Login & NFT token gating <= 2.6.0 - Authentication Bypass	LOW	*-2.6.0	2.7.0	June 30, 2026
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	user-registration	N/A	User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection	LOW	*-3.0.1	3.0.2	June 30, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	ultimate-member	N/A	Ultimate Member <= 2.6.6 - Privilege Escalation via Arbitrary User Meta Updates	LOW	*-2.6.6	2.6.7	June 30, 2026
sp-client-document-manager	sp-client-document-manager	87	SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change	LOW	*-4.67	4.68	June 30, 2026
zippy	zippy	N/A	Zippy <= 1.6.5 - Authenticated(Author+) PHP Object Injection via unzipPosts	LOW	*-1.6.5	1.6.6	June 30, 2026
wp-post-author	wp-post-author	N/A	WP Post Author <= 3.2.3 - Privilege Escalation	LOW	*-3.2.3	3.3.0	June 30, 2026
wp-poll	wp-poll	N/A	LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addon	LOW	*-3.3.68	3.3.69	June 30, 2026
wp-graphql	wp-graphql	N/A	WPGraphQL <= 1.14.5 - Authenticated (Editor+) Server-Side Request Forgery	LOW	*-1.14.5	1.14.6	June 30, 2026
wcp-openweather	wcp-openweather	N/A	WCP OpenWeather <= 2.5.0 - Reflected Cross-Site Scripting via 'tab'	LOW	*-2.5.0		June 30, 2026
slider-slideshow	slider-slideshow	N/A	Layer Slider <= 1.1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	LOW	*-1.1.9.7		June 30, 2026
side-cart-woocommerce	side-cart-woocommerce	N/A	Side Cart Woocommerce (Ajax) <= 2.2 Authenticated(Administrator+) Stored Cross-Site Scripting	LOW	*-2.2	2.3	June 30, 2026
shorten-url	shorten-url	N/A	Short URL <= 1.6.4 - Authenticated (Subscriber+) SQL Injection	LOW	*-1.6.4	1.6.5	June 30, 2026
shorten-url	shorten-url	N/A	Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting	LOW	1.6.4	1.6.5	June 30, 2026
post-to-csv	post-to-csv	N/A	Post to CSV by BestWebSoft <= 1.4.0 - Authenticated (Author+) CSV Injection	LOW	*-1.4.0	1.4.1	June 30, 2026
miniorange-login-openid	miniorange-login-openid	91	WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass	LOW	*-7.6.4	7.6.5	June 30, 2026

LOW

addify-product-labels-and-stickers

Score: 95/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: * Patched: Updated: June 30, 2026

LOW

addify-product-dynamic-pricing-and-discounts

Score: 95/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: * Patched: Updated: June 30, 2026

LOW

addify-price-calculator-for-woocommerce

Score: 95/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: * Patched: Updated: June 30, 2026

LOW

addify-order-tracking-for-woocommerce

Score: 97/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 30, 2026

LOW

addify-order-approval-woocommerce

Score: 97/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: [*, 1.1.0) Patched: 1.1.0 Updated: June 30, 2026

LOW

addify-image-watermark-for-woocommerce

Score: 97/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: [*, 1.0.1) Patched: 1.0.1 Updated: June 30, 2026

LOW

addify-gift-registry-for-woocommerce

Score: 95/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: * Patched: Updated: June 30, 2026

LOW

addify-free-gifts-woocommerce

Score: 97/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 30, 2026

LOW

addify-custom-registration-forms-builder

Score: 97/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 30, 2026

LOW

addify-custom-order-number

Score: 95/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: * Patched: Updated: June 30, 2026

LOW

addify-custom-fields-for-woocommerce

Score: 97/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: [*, 1.0.4) Patched: 1.0.4 Updated: June 30, 2026

LOW

addify-checkout-fields-manager

Score: 97/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: [*, 1.0.2) Patched: 1.0.2 Updated: June 30, 2026

LOW

addify-abandoned-cart-recovery

Score: 97/100 Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery Affected: [*, 1.2.5) Patched: 1.2.5 Updated: June 30, 2026

LOW

yotuwp-easy-youtube-embed

Score: N/A Video Gallery <= 1.3.12 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.3.12 Patched: 1.3.13 Updated: June 30, 2026

LOW

wp-sms

Score: N/A WP SMS <= 6.1.5 - Cross-Site Request Forgery Affected: [*, 6.2.0) Patched: 6.2.0 Updated: June 30, 2026

LOW

wordpress-mobile-pack

Score: N/A WordPress Mobile Pack <= 3.4.1 - Cross-Site Request Forgery Affected: *-3.4.1 Patched: Updated: June 30, 2026

LOW

social-share-boost

Score: N/A Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-4.4 Patched: 4.5 Updated: June 30, 2026

LOW

oauth-twitter-feed-for-developers

Score: N/A oAuth Twitter Feed for Developers <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.3.0 Patched: Updated: June 30, 2026

LOW

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

Score: 69/100 Ninja Forms <= 3.6.25 - Denial of Service via Large Form Submissions Affected: *-3.6.25 Patched: 3.6.26 Updated: June 30, 2026

LOW

integrar-getnet-con-woo

Score: 93/100 Getnet Argentina para Woocommerce 0.0.1 - 0.0.4 - Authorization Bypass via webhook Affected: 0.0.1-0.0.4 Patched: 0.0.5 Updated: June 30, 2026

LOW

ht-mega-for-elementor

Score: 93/100 HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation Affected: [*, 2.2.1) Patched: 2.2.1 Updated: June 30, 2026

LOW

gift-voucher

Score: 93/100 Gift Cards (Gift Vouchers and Packages) <= 4.3.5 - Cross-Site Request Forgery in new_voucher_template.php Affected: *-4.3.5 Patched: 4.3.6 Updated: June 30, 2026

LOW

atarim-visual-collaboration

Score: 93/100 Atarim - Client Interface <= 3.9.1 - Missing Authorization via AJAX actions Affected: [*, 3.9.2) Patched: 3.9.2 Updated: June 30, 2026

LOW

add-instagram

Score: 95/100 Image Social Feed Plugin <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.7.6 Patched: Updated: June 30, 2026

LOW

learnpress

Score: 93/100 LearnPress <= 4.2.3 - Missing Authorization Affected: [*, 4.2.3.1) Patched: 4.2.3.1 Updated: June 30, 2026

LOW

FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider

fluent-smtp

Score: 85/100 FluentSMTP <= 2.2.4 - Unauthenticated Stored Cross-Site Scripting via Email Subject Affected: *-2.2.4 Patched: 2.2.5 Updated: June 30, 2026

LOW

wp-reroute-email

Score: N/A WP Reroute Email <= 1.4.9 - Unauthenticated Stored Cross-Site Scripting via Email Subject Affected: *-1.4.9 Patched: 1.5.0 Updated: June 30, 2026

LOW

WP Mail Log

wp-mail-log

Score: N/A WP Mail Log <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email Affected: *-1.1.1 Patched: 1.1.2 Updated: June 30, 2026

LOW

wp-full-stripe-free

Score: N/A WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-7.0.5 Patched: 7.0.6 Updated: June 30, 2026

LOW

wp-dummy-content-generator

Score: N/A WP Dummy Content Generator <= 2.3.0 - Cross-Site Request Forgery Affected: *-2.3.0 Patched: 3.0.0 Updated: June 30, 2026

LOW

wp-dummy-content-generator

Score: N/A WP Dummy Content Generator <= 2.3.0 - Missing Authorization Affected: *-2.3.0 Patched: 3.0.0 Updated: June 30, 2026

LOW

ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin

woolentor-addons

Score: N/A WooLentor <= 2.6.2 - Cross-Site Request Forgery via process_data Affected: *-2.6.2 Patched: 2.6.3 Updated: June 30, 2026

LOW

visibility-logic-elementor

Score: N/A Visibility Logic for Elementor <= 2.3.4 - Missing Authorization via admin_post 'toggle_option' Affected: [*, 2.3.5) Patched: 2.3.5 Updated: June 30, 2026

LOW

visibility-logic-elementor

Score: N/A Visibility Logic for Elementor <= 2.3.4 - Cross-Site Request Forgery via toggle_option Affected: *-2.3.4 Patched: 2.3.5 Updated: June 30, 2026

LOW

smtp-mail

Score: N/A SMTP Mail <= 1.3.46 - Unauthenticated Stored Cross-Site Scripting via Email Subject Affected: *-1.3.46 Patched: Updated: June 30, 2026

LOW

secondary-title

Score: N/A Secondary Title <= 2.0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-2.0.9.1 Patched: 2.1.0 Updated: June 30, 2026

LOW

rsvpmaker

Score: N/A RSVPMaker <= 10.5.4 - Authenticated (Administrator+) SQL Injection via 'resend' Affected: [*, 10.5.5) Patched: 10.5.5 Updated: June 30, 2026

LOW

responsive-coming-soon-page

Score: N/A Coming Soon Page <= 1.5.9 - Authenticated (Administrator+) SQL Injection Affected: *-1.5.9 Patched: 1.6.0 Updated: June 30, 2026

LOW

product-category-tree

Score: N/A Product Category Tree <= 2.5 - Missing Authorization Affected: *-2.5 Patched: Updated: June 30, 2026

LOW

only-tweet-like-share-and-google-1

Score: N/A Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-2.0 Patched: Updated: June 30, 2026

LOW

media-library-helper

Score: 93/100 Media Library Helper by Codexin <= 1.2.0 - Cross-Site Request Forgery via rate_the_plugin_action Affected: *-1.2.0 Patched: 1.3.0 Updated: June 30, 2026

LOW

livestream-notice

Score: 93/100 Livestream Notice <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.2.0 Patched: 1.3.0 Updated: June 30, 2026

LOW

classified-listing

Score: 93/100 Classified Listing <= 2.4.5 - Cross-Site Request Forgery via rtcl_ajax_thumbnail_delete Affected: *-2.4.5 Patched: 2.4.6 Updated: June 30, 2026

LOW

Booking Package

booking-package

Score: 85/100 Booking Package <= 1.5.98 - Authorization Bypass to Arbitrary Password Reset Affected: [*, 1.5.99) Patched: 1.5.99 Updated: June 30, 2026

LOW

badgeos

Score: 83/100 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite Affected: *-3.7.1.6 Patched: Updated: June 30, 2026

LOW

badgeos

Score: 83/100 BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries Affected: *-3.7.1.6 Patched: Updated: June 30, 2026

LOW

badgeos

Score: 83/100 BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected: *-3.7.1.6 Patched: Updated: June 30, 2026

LOW

badgeos

Score: 83/100 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion Affected: *-3.7.1.6 Patched: Updated: June 30, 2026

LOW

armember-membership

Score: 95/100 ARMember <= 4.0.5 - Cross-Site Request Forgery Affected: *-4.0.5 Patched: 4.0.6 Updated: June 30, 2026

LOW

wp-rss-images

Score: N/A WP RSS Images <= 1.1 - Cross-Site Request Forgery Affected: *-1.1 Patched: Updated: June 30, 2026

LOW

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

wp-optimize

Score: 76/100 WP-Optimize <= 3.2.12 & SrbTransLatin <= 2.4 - Stored/Reflected Cross-Site Scripting via Third Party Library Affected: [*, 3.2.13) Patched: 3.2.13 Updated: June 30, 2026

LOW

wp-content-copy-protector

Score: N/A WP Content Copy Protection & No Right Click <= 3.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-3.5.5 Patched: 3.5.6 Updated: June 30, 2026

LOW

wp-cirrus

Score: N/A WP-Cirrus <= 0.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-0.6.11 Patched: Updated: June 30, 2026

LOW

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Score: N/A User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload Affected: *-3.0.2 Patched: 3.0.2.1 Updated: June 30, 2026

LOW

sublanguage

Score: N/A Sublanguage <= 2.9 - Missing Authorization Affected: *-2.9 Patched: 2.10 Updated: June 30, 2026

LOW

srbtranslatin

Score: N/A WP-Optimize <= 3.2.12 & SrbTransLatin <= 2.4 - Stored/Reflected Cross-Site Scripting via Third Party Library Affected: *-2.4 Patched: 2.4.1 Updated: June 30, 2026

LOW

simple-site-verify

Score: N/A Simple Site Verify <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.7 Patched: 1.0.8 Updated: June 30, 2026

LOW

reservation-studio-widget

Score: N/A Reservation.Studio widget <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: *-1.0.11 Patched: 1.0.12 Updated: June 30, 2026

LOW

mobile-call-now-map-buttons

Score: 93/100 Mobile Call Now & Map Buttons < 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 1.6.2) Patched: 1.6.2 Updated: June 30, 2026

LOW

menubar

Score: 93/100 Menubar <= 5.8.2 - Cross-Site Request Forgery in wpm-admin.php Affected: *-5.8.2 Patched: 5.9 Updated: June 30, 2026

LOW

learnpress

Score: 93/100 LearnPress <= 4.2.3 - Missing Authorization Affected: *-4.2.3 Patched: 4.2.3.1 Updated: June 30, 2026

LOW

learnpress

Score: 93/100 LearnPress <= 4.2.3 - Missing Authorization to Information Exposure Affected: *-4.2.3 Patched: 4.2.3.1 Updated: June 30, 2026

LOW

kingkong-board

Score: 91/100 Kingkong Board <= 2.1.0.2 - Missing Authorization Affected: *-2.1.0.2 Patched: Updated: June 30, 2026

LOW

image-regenerate-select-crop

Score: 93/100 Image Regenerate & Select Crop <= 7.1.0 - Missing Authorization Affected: *-7.1.0 Patched: 7.2.0 Updated: June 30, 2026

LOW

Header Footer Code Manager

header-footer-code-manager

Score: 87/100 Header Footer Code Manager <= 1.1.34 - Cross-Site Request Forgery via process_bulk_action Affected: [*, 1.1.35) Patched: 1.1.35 Updated: June 30, 2026

LOW

giveasap

Score: 91/100 Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions Affected: *-2.46.0 Patched: 2.46.1 Updated: June 30, 2026

LOW

cryptocurrency-price-ticker-widget

Score: 93/100 Cryptocurrency Widgets – Price Ticker & Coins List <= 2.6.2 - Missing Authorization Affected: *-2.6.2 Patched: 2.6.3 Updated: June 30, 2026

LOW

baidu-tongji-generator

Score: 89/100 Baidu Tongji generator <= 1.0.2 - Cross-Site Request Forgery Affected: *-1.0.2 Patched: Updated: June 30, 2026

LOW

animated-number-counters

Score: 97/100 Animated Number Counters <= 1.6 - Authenticated (Editor+) Stored Cross-Site Scripting Affected: *-1.6 Patched: 1.7 Updated: June 30, 2026

LOW

wpforo

Score: N/A wpForo Forum <= 2.1.8 - Reflected Cross-Site Scripting via 'wpforo_debug' Affected: *-2.1.8 Patched: 2.1.9 Updated: June 30, 2026

LOW

All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements

mystickyelements

Score: 85/100 All-in-one Floating Contact Form <= 2.1.1 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-2.1.1 Patched: 2.1.2 Updated: June 30, 2026

LOW

learning-management-system

Score: 93/100 Masteriyo - LMS for WordPress <= 1.6.7 - Sensitive Information Exposure Affected: [*, 1.6.8) Patched: 1.6.8 Updated: June 30, 2026

LOW

auto-location-for-wp-job-manager

Score: 93/100 Auto Location for WP Job Manager via Google <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting Affected: *-1.0 Patched: 1.1 Updated: June 30, 2026

LOW

wp-fb-autoconnect

Score: N/A WP Social AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page Affected: [*, 4.6.2) Patched: 4.6.2 Updated: June 30, 2026

LOW

image-regenerate-select-crop

Score: 93/100 Image Regenerate & Select Crop <= 7.1.0 - Missing Authorization on multiple AJAX actions Affected: [*, 7.2.0) Patched: 7.2.0 Updated: June 30, 2026

LOW

image-regenerate-select-crop

Score: 93/100 Image Regenerate & Select Crop <= 7.1.0 - Cross-Site Request Forgery on multiple AJAX actions Affected: [*, 7.2.0) Patched: 7.2.0 Updated: June 30, 2026

LOW

wpcodefactory-helper

Score: N/A WPFactory Helper <= 1.5.2 - Reflected Cross-Site Scripting via item_slug Affected: [*, 1.5.3) Patched: 1.5.3 Updated: June 30, 2026

LOW

webwinkelkeur

Score: N/A WebwinkelKeur <= 3.24 - Cross-Site Request Forgery Affected: [*, 3.25) Patched: 3.25 Updated: June 30, 2026

LOW

trustprofile

Score: N/A TrustProfile <= 3.24 - Cross-Site Request Forgery Affected: [*, 3.25) Patched: 3.25 Updated: June 30, 2026

LOW

sp-client-document-manager

Score: 87/100 SP Project & Document Manager <= 4.67 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Affected: *-4.67 Patched: 4.68 Updated: June 30, 2026

LOW

sp-client-document-manager

Score: 87/100 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection Affected: *-4.67 Patched: 4.68 Updated: June 30, 2026

LOW

request-a-quote

Score: N/A Request a Quote <= 2.3.10 - Cross-Site Request Forgery Affected: [*, 2.3.11) Patched: 2.3.11 Updated: June 30, 2026

LOW

my-content-management

Score: N/A My Content Management <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting Affected: [*, 1.7.7) Patched: 1.7.7 Updated: June 30, 2026

LOW

knowledge-center

Score: 93/100 Knowledge Center <= 2.7 - Authenticated (Admin+) Cross-Site Scripting Affected: [*, 2.8) Patched: 2.8 Updated: June 30, 2026

LOW

enhanced-text-widget

Score: 93/100 Enhanced Text Widget <= 1.5.8 - Missing Authorization Affected: *-1.5.8 Patched: 1.5.9 Updated: June 30, 2026

LOW

web3-authentication

Score: N/A Web3 – Crypto wallet Login & NFT token gating <= 2.6.0 - Authentication Bypass Affected: *-2.6.0 Patched: 2.7.0 Updated: June 30, 2026

LOW

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Score: N/A User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection Affected: *-3.0.1 Patched: 3.0.2 Updated: June 30, 2026

LOW

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Score: N/A Ultimate Member <= 2.6.6 - Privilege Escalation via Arbitrary User Meta Updates Affected: *-2.6.6 Patched: 2.6.7 Updated: June 30, 2026

LOW

Score: 87/100 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change Affected: *-4.67 Patched: 4.68 Updated: June 30, 2026

LOW

zippy

Score: N/A Zippy <= 1.6.5 - Authenticated(Author+) PHP Object Injection via unzipPosts Affected: *-1.6.5 Patched: 1.6.6 Updated: June 30, 2026

LOW

wp-post-author

Score: N/A WP Post Author <= 3.2.3 - Privilege Escalation Affected: *-3.2.3 Patched: 3.3.0 Updated: June 30, 2026

LOW

wp-poll

Score: N/A LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addon Affected: *-3.3.68 Patched: 3.3.69 Updated: June 30, 2026

LOW

wp-graphql

Score: N/A WPGraphQL <= 1.14.5 - Authenticated (Editor+) Server-Side Request Forgery Affected: *-1.14.5 Patched: 1.14.6 Updated: June 30, 2026

LOW

wcp-openweather

Score: N/A WCP OpenWeather <= 2.5.0 - Reflected Cross-Site Scripting via 'tab' Affected: *-2.5.0 Patched: Updated: June 30, 2026

LOW

slider-slideshow

Score: N/A Layer Slider <= 1.1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Affected: *-1.1.9.7 Patched: Updated: June 30, 2026

LOW

side-cart-woocommerce

Score: N/A Side Cart Woocommerce (Ajax) <= 2.2 Authenticated(Administrator+) Stored Cross-Site Scripting Affected: *-2.2 Patched: 2.3 Updated: June 30, 2026

LOW

shorten-url

Score: N/A Short URL <= 1.6.4 - Authenticated (Subscriber+) SQL Injection Affected: *-1.6.4 Patched: 1.6.5 Updated: June 30, 2026

LOW

shorten-url

Score: N/A Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting Affected: 1.6.4 Patched: 1.6.5 Updated: June 30, 2026

LOW

post-to-csv

Score: N/A Post to CSV by BestWebSoft <= 1.4.0 - Authenticated (Author+) CSV Injection Affected: *-1.4.0 Patched: 1.4.1 Updated: June 30, 2026

LOW

miniorange-login-openid

Score: 91/100 WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass Affected: *-7.6.4 Patched: 7.6.5 Updated: June 30, 2026

Showing 24501 to 24600 of 36282 results

Download: CSV JSON

Important: Review Required

Vulnerability data is aggregated from automated feeds and public sources. Results may include false positives or outdated information. Always verify details and apply updates in a staging environment before deploying to production.

Data updated daily from trusted sources. Last updated: June 30, 2026 at 02:22 UTC.

Known Plugin Vulnerabilities

Open Vulnerabilities

Affected Plugins

Critical / High

Recently Updated

Vulnerability List